blob: c3d17c2aade77c2d9e7ada3aaf6b32ab4c633725 [file] [log] [blame]
---
# Copyright 2017-present Open Networking Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# interface-config/tasks/main.yml
- name: Install bridging/bonding utilities
apt:
name: "{{ item }}"
update_cache: yes
cache_valid_time: 3600
with_items:
- bridge-utils
- ifenslave
- iptables-persistent
- name: Create management network interfaces
template:
src: management.cfg.j2
dest: "/etc/network/interfaces.d/management.cfg"
owner: root
group: root
mode: 0644
register: management_net_config
- name: Bring up management network interfaces, if reconfigured
when: management_net_config.changed
command: "ifup {{ item }}"
with_flattened:
- "{{ management_net_bridge }}"
- mgmtbond
- "{{ management_net_interfaces }}"
- vethmgmt0
tags:
- skip_ansible_lint # needs to be run before next steps
# NAT/forward management network traffic out the head node
- name: Default to accept forwarded traffic
when: "'head' in group_names and management_net_config.changed"
iptables:
chain: FORWARD
policy: ACCEPT
notify:
- iptables-save
tags:
- skip_ansible_lint # need to save config in following steps
- name: Configure forwarding for management bridge
when: "'head' in group_names and management_net_config.changed"
iptables:
chain: FORWARD
in_interface: mgmtbridge
jump: ACCEPT
notify:
- iptables-save
tags:
- skip_ansible_lint # need to save config in following steps
- name: Configure NAT for management network
when: "'head' in group_names and management_net_config.changed"
iptables:
table: nat
chain: POSTROUTING
out_interface: "{{ headnode_nat_interface }}"
jump: MASQUERADE
notify:
- iptables-save
tags:
- skip_ansible_lint # need to save config in following steps
# Create fabric bridge and veth pair
- name: Create fabric network interfaces on compute nodes
template:
src: fabric.cfg.j2
dest: "/etc/network/interfaces.d/fabric.cfg"
owner: root
group: root
mode: 0644
register: fabric_net_config
- name: Bring up fabricbridge on head node
when: "'head' in group_names and fabric_net_config.changed"
command: "ifup fabricbridge"
tags:
- skip_ansible_lint # needs to be run before next steps
- name: Bring up fabricbridge:0 on head node if using VSG addresspool
when: "'head' in group_names and fabric_net_config.changed and use_addresspool_vsg"
command: "ifup fabricbridge:0"
tags:
- skip_ansible_lint # no interface manip module in ansible
- name: Bring up fabricbridge:1 on head node if using PUBLIC addresspool
when: "'head' in group_names and fabric_net_config.changed and use_addresspool_vsg"
command: "ifup fabricbridge:1"
tags:
- skip_ansible_lint # no interface manip module in ansible
- name: Bring up common fabric interfaces, if reconfigured
when: fabric_net_config.changed
command: "ifup {{ item }}"
with_flattened:
- fabricbond
- "{{ fabric_net_interfaces }}"
tags:
- skip_ansible_lint # needs to be run before next steps