roles/head-mgmtbr/tasks/main.yml

# Copyright 2017-present Open Networking Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.


---
# head-mgmtbr/tasks/main.yml

- name: Create mgmtbr bridge configuration
  template:
    src: "mgmtbr.cfg.j2"
    dest: /etc/network/interfaces.d/mgmtbr.cfg
    owner: root
    group: root
    mode: 0644
  register: mgmtbr_config

- name: Bring up mgmtbr if reconfigured
  when: mgmtbr_config.changed and ansible_mgmtbr is not defined
  command: ifup mgmtbr
  tags:
    - skip_ansible_lint # needs to be run here or the next steps will fail

- name: Default to accept forwarded traffic
  iptables:
    chain: FORWARD
    policy: ACCEPT

- name: Configure NAT for mgmtbr
  iptables:
    table: nat
    chain: POSTROUTING
    out_interface: "{{ mgmtbr_nat_interface }}"
    jump: MASQUERADE

- name: Configure forwarding for mgmtbr
  iptables:
    chain: FORWARD
    in_interface: mgmtbr
    jump: ACCEPT