| |
| # Copyright 2017-present Open Networking Foundation |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| |
| --- |
| # head-mgmtbr/tasks/main.yml |
| |
| - name: Create mgmtbr bridge configuration |
| template: |
| src: "mgmtbr.cfg.j2" |
| dest: /etc/network/interfaces.d/mgmtbr.cfg |
| owner: root |
| group: root |
| mode: 0644 |
| register: mgmtbr_config |
| |
| - name: Bring up mgmtbr if reconfigured |
| when: mgmtbr_config.changed and ansible_mgmtbr is not defined |
| command: ifup mgmtbr |
| tags: |
| - skip_ansible_lint # needs to be run here or the next steps will fail |
| |
| - name: Default to accept forwarded traffic |
| iptables: |
| chain: FORWARD |
| policy: ACCEPT |
| |
| - name: Configure NAT for mgmtbr |
| iptables: |
| table: nat |
| chain: POSTROUTING |
| out_interface: "{{ mgmtbr_nat_interface }}" |
| jump: MASQUERADE |
| |
| - name: Configure forwarding for mgmtbr |
| iptables: |
| chain: FORWARD |
| in_interface: mgmtbr |
| jump: ACCEPT |
| |