openstack-ansible-ops/multi-node-aio/playbooks/pxe/configs/eni/eni-post-network-script.sh.j2

#!/usr/bin/env bash

wget --no-proxy http://{{ tftp_server }}/networking/$(cat /etc/hostname)-bridges.cfg -O /etc/network/interfaces.d/vm-bridges.cfg
wget --no-proxy http://{{ tftp_server }}/networking/basic-debian-interface.cfg -O /etc/network/interfaces

# Trusty VMs seem to have their interfaces file overwritten after we write to
# it, so we make it immutable to ensure no further changes take place
# NOTE: We remove the immutable attr in deploy-vms.yml once the instance is up
#       and accessible.
[[ "$(lsb_release -sc)" == "trusty" ]] && chattr +i /etc/network/interfaces

cat > /etc/network/if-up.d/post-up-rules <<EOF
#!/usr/bin/env bash

function iptables_filter_rule_add {
if ! iptables -w -t $1 -C $2;then
  /sbin/iptables -w -t $1 -I $2
fi
}

# To ensure ssh checksum is correct
iptables_filter_rule_add "mangle" "POSTROUTING -p tcp --dport 22 -j CHECKSUM --checksum-fill"

# To provide internet connectivity to instances
iptables_filter_rule_add "nat" "POSTROUTING -o \$(ip route get 1 | awk '{print $5}') -j MASQUERADE"

# Make sure instances can talk to the metadata server
iptables_filter_rule_add "mangle" "POSTROUTING -p tcp --sport 80 -j CHECKSUM --checksum-fill"
EOF
chmod + /etc/network/if-up.d/post-up-rules