fix logic and run setup to reload facts, fix iptables command
diff --git a/roles/simulate-fabric/defaults/main.yml b/roles/simulate-fabric/defaults/main.yml
index b038889..b41396d 100644
--- a/roles/simulate-fabric/defaults/main.yml
+++ b/roles/simulate-fabric/defaults/main.yml
@@ -17,6 +17,7 @@
- veth0
- veth1
+# see note in playbook, won't apply until ansible gets module support
simfabric_iptables:
- table: nat
chain: POSTROUTING
diff --git a/roles/simulate-fabric/files/simulate-fabric-playbook.yml b/roles/simulate-fabric/files/simulate-fabric-playbook.yml
index be1b9c8..821d6b6 100644
--- a/roles/simulate-fabric/files/simulate-fabric-playbook.yml
+++ b/roles/simulate-fabric/files/simulate-fabric-playbook.yml
@@ -21,6 +21,7 @@
command: brctl addbr "{{ item.name }}"
with_items: "{{ simfabric_bridges }}"
+ # note, not idempotent if failed between prior step and this step
- name: Set IP addresses to bridges
when: "ansible_{{ item.0.name }} is not defined"
command: "ip addr add {{ item.1 }} dev {{ item.0.name }}"
@@ -28,8 +29,11 @@
- "{{ simfabric_bridges }}"
- addresses
+ - name: Run setup again to obtain bridge info
+ setup:
+
- name: Start bridges
- when: "(ansible_{{ item.name }} is not defined) and (not ansible_{{ item.name }}.active)"
+ when: "not ansible_{{ item.name }}.active"
command: "ip link set dev {{ item.name }} up"
with_items: "{{ simfabric_bridges }}"
@@ -38,21 +42,34 @@
command: "ip link add address {{ item.mac }} type {{ item.name }}"
with_items: "{{ simfabric_links }}"
+ - name: Run setup again to obtain link info
+ setup:
+
- name: Start interfaces
- when: "(ansible_{{ item }}.defined is not defined) and (not ansible_{{ item }}.active)"
+ when: "not ansible_{{ item }}.active"
command: "ip link set dev {{ item }} up"
with_items: "{{ simfabric_interfaces }}"
- name: Add interfaces to bridges
- when: "ansible_{{ item.0.name }}.interfaces is not defined"
+ when: "not item.1 in ansible_{{ item.0.name }}.interfaces"
command: "brctl addif {{ item.0.name }} {{ item.1 }}"
with_subelements:
- "{{ simfabric_bridges }}"
- interfaces
- - name: Configure iptables
- iptables: "table={{ item.table }} chain={{ item.chain }} source={{ item.source }} destination={{ item.dest }} jump={{ item.jump }}"
- with_items: "{{ simfabric_iptables }}"
+ - name: Check for iptables rule
+ command: "iptables -t nat -C POSTROUTING -s 10.168.0.0/16 \! -d 10.168.0.0/16 -j MASQUERADE"
+ register: iptables_check
+
+ - name: Create iptables rule
+ when: "iptables_check.rc != 0"
+ command: "iptables -t nat -C POSTROUTING -s 10.168.0.0/16 \! -d 10.168.0.0/16 -j MASQUERADE"
+
+# the below will likely work when this pull makes it into ansible:
+# https://github.com/ansible/ansible-modules-extras/pull/1685
+# - name: Configure iptables
+# iptables: "table={{ item.table }} chain={{ item.chain }} source={{ item.source }} destination={{ item.dest }} jump={{ item.jump }}"
+# with_items: "{{ simfabric_iptables }}"
- name: Set kernel sysctl values
sysctl: