CORD-912
OpenCloud support
Change-Id: I170597cacd76c84c795a7bf4c8e77e068ebcd72a
diff --git a/roles/head-mgmtbr/defaults/main.yml b/roles/head-mgmtbr/defaults/main.yml
new file mode 100644
index 0000000..3b9cbc1
--- /dev/null
+++ b/roles/head-mgmtbr/defaults/main.yml
@@ -0,0 +1,8 @@
+---
+# head-mgmtbr/defaults/main.yml
+
+# public internet facing NAT interface
+mgmtbr_nat_interface: eth0
+
+# management interface bridged to mgmtbr
+mgmtbr_ext_interface: eth1
diff --git a/roles/head-mgmtbr/tasks/main.yml b/roles/head-mgmtbr/tasks/main.yml
new file mode 100644
index 0000000..27cf505
--- /dev/null
+++ b/roles/head-mgmtbr/tasks/main.yml
@@ -0,0 +1,31 @@
+---
+# head-mgmtbr/tasks/main.yml
+
+- name: Create mgmtbr bridge configuration
+ template:
+ src: "mgmtbr.cfg.j2"
+ dest: /etc/network/interfaces.d/mgmtbr.cfg
+ owner: root
+ group: root
+ mode: 0644
+ register: mgmtbr_config
+
+- name: Bring up mgmtbr if reconfigured
+ when: mgmtbr_config.changed and ansible_mgmtbr is not defined
+ command: ifup mgmtbr
+ tags:
+ - skip_ansible_lint # needs to be run here or the next steps will fail
+
+- name: Configure NAT for mgmtbr
+ iptables:
+ table: nat
+ chain: POSTROUTING
+ out_interface: "{{ mgmtbr_nat_interface }}"
+ jump: MASQUERADE
+
+- name: Configure forwarding for mgmtbr
+ iptables:
+ chain: FORWARD
+ in_interface: mgmtbr
+ jump: ACCEPT
+
diff --git a/roles/head-mgmtbr/templates/mgmtbr.cfg.j2 b/roles/head-mgmtbr/templates/mgmtbr.cfg.j2
new file mode 100644
index 0000000..8e9e3b3
--- /dev/null
+++ b/roles/head-mgmtbr/templates/mgmtbr.cfg.j2
@@ -0,0 +1,11 @@
+auto mgmtbr
+iface mgmtbr inet static
+ address {{ nsd_zones[0].ipv4_first_octets }}.1
+ network {{ nsd_zones[0].ipv4_first_octets }}.0
+ netmask 255.255.255.0
+ broadcast {{ nsd_zones[0].ipv4_first_octets }}.255
+ gateway {{ nsd_zones[0].ipv4_first_octets }}.1
+ bridge_ports {{ mgmtbr_ext_interface }}
+ dns-search {{ site_suffix }}
+ dns-nameservers {{ dns_servers | join(" ") }}
+