roles/interface-config/tasks/main.yml

---
# Copyright 2017-present Open Networking Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# interface-config/tasks/main.yml

- name: Install bridging/bonding utilities
  apt:
    name: "{{ item }}"
    update_cache: yes
    cache_valid_time: 3600
  with_items:
    - bridge-utils
    - ifenslave
    - iptables-persistent

- name: Create management network interfaces
  template:
    src: management.cfg.j2
    dest: "/etc/network/interfaces.d/management.cfg"
    owner: root
    group: root
    mode: 0644
  register: management_net_config

- name: Bring up management network interfaces, if reconfigured
  when: management_net_config.changed
  command: "ifup {{ item }}"
  with_flattened:
   - mgmtbridge
   - mgmtbond
   - "{{ management_net_interfaces }}"
   - vethmgmt0
  tags:
    - skip_ansible_lint # needs to be run before next steps

# NAT/forward management network traffic out the head node
- name: Default to accept forwarded traffic
  when: "'head' in group_names and management_net_config.changed"
  iptables:
    chain: FORWARD
    policy: ACCEPT
  notify:
    - iptables-save
  tags:
    - skip_ansible_lint # need to save config in following steps

- name: Configure forwarding for management bridge
  when: "'head' in group_names and management_net_config.changed"
  iptables:
    chain: FORWARD
    in_interface: mgmtbridge
    jump: ACCEPT
  notify:
    - iptables-save
  tags:
    - skip_ansible_lint # need to save config in following steps

- name: Configure NAT for management network
  when: "'head' in group_names and management_net_config.changed"
  iptables:
    table: nat
    chain: POSTROUTING
    out_interface: "{{ headnode_nat_interface }}"
    jump: MASQUERADE
  notify:
    - iptables-save
  tags:
    - skip_ansible_lint # need to save config in following steps

# Create fabric bridge and veth pair
- name: Create fabric network interfaces on compute nodes
  template:
    src: fabric.cfg.j2
    dest: "/etc/network/interfaces.d/fabric.cfg"
    owner: root
    group: root
    mode: 0644
  register: fabric_net_config

- name: Bring up fabricbridge on head node
  when: "'head' in group_names and fabric_net_config.changed"
  command: "ifup fabricbridge"
  tags:
    - skip_ansible_lint # needs to be run before next steps

- name: Bring up fabricbridge:0 on head node if using VSG addresspool
  when: "'head' in group_names and fabric_net_config.changed and use_addresspool_vsg"
  command: "ifup fabricbridge:0"
  tags:
    - skip_ansible_lint # no interface manip module in ansible

- name: Bring up fabricbridge:1 on head node if using PUBLIC addresspool
  when: "'head' in group_names and fabric_net_config.changed and use_addresspool_vsg"
  command: "ifup fabricbridge:1"
  tags:
    - skip_ansible_lint # no interface manip module in ansible

- name: Bring up common fabric interfaces, if reconfigured
  when: fabric_net_config.changed
  command: "ifup {{ item }}"
  with_flattened:
    - fabricbond
    - "{{ fabric_net_interfaces }}"
  tags:
    - skip_ansible_lint # needs to be run before next steps