From 53f37da19815592799d63eb7880088bb197430b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20Nasiadka?= <mnasiadka@gmail.com>
Date: Wed, 28 Jul 2021 12:50:06 +0200
Subject: [PATCH] seed: Disable SNAT configuration by default

Introduce seed_enable_snat and change default to false.

Change-Id: I0fde948a306ef9b8cf9525f1e93650d36d5f14f6
---
 ansible/group_vars/all/seed                                | 3 +++
 ansible/ip-routing.yml                                     | 1 +
 ansible/snat.yml                                           | 1 +
 etc/kayobe/seed.yml                                        | 3 +++
 releasenotes/notes/seed-disable-snat-4d1e7899456f7561.yaml | 5 +++++
 5 files changed, 13 insertions(+)
 create mode 100644 releasenotes/notes/seed-disable-snat-4d1e7899456f7561.yaml

diff --git a/ansible/group_vars/all/seed b/ansible/group_vars/all/seed
index decdd2a5..3bea8156 100644
--- a/ansible/group_vars/all/seed
+++ b/ansible/group_vars/all/seed
@@ -23,6 +23,9 @@ seed_default_network_interfaces: >
 # List of extra networks to which seed nodes are attached.
 seed_extra_network_interfaces: []
 
+# Whether to enable SNAT on seed nodes. Default is false.
+seed_enable_snat: false
+
 ###############################################################################
 # Seed node software RAID configuration.
 
diff --git a/ansible/ip-routing.yml b/ansible/ip-routing.yml
index e3627d37..f9d3bbd7 100644
--- a/ansible/ip-routing.yml
+++ b/ansible/ip-routing.yml
@@ -7,3 +7,4 @@
     - ip-routing
   roles:
     - role: ip-routing
+      when: seed_enable_snat | bool
diff --git a/ansible/snat.yml b/ansible/snat.yml
index 311f3c04..feab9e04 100644
--- a/ansible/snat.yml
+++ b/ansible/snat.yml
@@ -11,3 +11,4 @@
         source_ip: "{{ ansible_facts.default_ipv4.address }}"
   roles:
     - role: snat
+      when: seed_enable_snat | bool
diff --git a/etc/kayobe/seed.yml b/etc/kayobe/seed.yml
index 35f2aada..7246fbd0 100644
--- a/etc/kayobe/seed.yml
+++ b/etc/kayobe/seed.yml
@@ -18,6 +18,9 @@
 # List of extra networks to which seed nodes are attached.
 #seed_extra_network_interfaces:
 
+# Whether to enable SNAT on seed nodes. Default is false.
+#seed_enable_snat:
+
 ###############################################################################
 # Seed node software RAID configuration.
 
diff --git a/releasenotes/notes/seed-disable-snat-4d1e7899456f7561.yaml b/releasenotes/notes/seed-disable-snat-4d1e7899456f7561.yaml
new file mode 100644
index 00000000..263aa118
--- /dev/null
+++ b/releasenotes/notes/seed-disable-snat-4d1e7899456f7561.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Adds a new variable ``seed_enable_snat`` that allows users to enable SNAT
+    service on the seed. The default value is ``false``.
-- 
GitLab