Playbook to change firewall driver

Bouncing neutron server Change-Id: I7477998a71027dcdea5aa79c819f65c433f32754
2016-04-14 14:35:50 -04:00 · 2016-04-14 14:35:50 -04:00 · 134a923613
commit 134a923613
parent d4a5ab4b4f
3 changed files with 72 additions and 0 deletions
--- a/ansible/browbeat/adjustment-firewall_driver.yml
+++ b/ansible/browbeat/adjustment-firewall_driver.yml
@ -0,0 +1,19 @@
+- hosts: controller
+  remote_user: heat-admin
+  gather_facts: false
+  vars:
+    ansible_become: true
+    driver: neutron.agent.linux.openvswitch_firewall:OVSFirewallDriver
+  roles:
+  - neutron-firewall
+
+- hosts: compute
+  remote_user: heat-admin
+  gather_facts: false
+  vars:
+    ansible_become: true
+    driver: neutron.agent.linux.openvswitch_firewall:OVSFirewallDriver
+  roles:
+  -  neutron-firewall
+
+
--- a/ansible/browbeat/roles/neutron-firewall/handlers/main.yml
+++ b/ansible/browbeat/roles/neutron-firewall/handlers/main.yml
@ -0,0 +1,35 @@
+---
+#
+# Neutron handlers for browbeat adjustment
+#
+
+- name: unmanage neutron services
+  command: pcs resource unmanage {{ item }}
+  with_items:
+    - neutron-openvswitch-agent
+    - neutron-server
+    - neutron-l3-agent
+  ignore_errors: true
+
+- name: restart neutron services
+  service: name={{ item }} state=restarted
+  with_items:
+    - neutron-openvswitch-agent
+    - neutron-server
+    - neutron-l3-agent
+
+- name: manage neutron services
+  command: pcs resource manage {{ item }}
+  with_items:
+    - neutron-openvswitch-agent
+    - neutron-server
+    - neutron-l3-agent
+  ignore_errors: true
+
+- name: cleanup neutron services
+  command: pcs resource cleanup {{ item }}
+  with_items:
+    - neutron-openvswitch-agent
+    - neutron-server
+    - neutron-l3-agent
+  ignore_errors: true
--- a/ansible/browbeat/roles/neutron-firewall/tasks/main.yml
+++ b/ansible/browbeat/roles/neutron-firewall/tasks/main.yml
@ -0,0 +1,18 @@
+- name: Configure the firewall driver
+  ini_file:
+    dest: "{{ item.file }}"
+    mode: 0640
+    section: "{{ item.section }}"
+    option: "{{ item.option }}"
+    value: "{{ item.value }}"
+    backup: yes
+  with_items:
+    - { file: /etc/neutron/plugins/ml2/ml2_conf.ini, section: securitygroup, option: firewall_driver, value: "{{ driver }}" }
+    - { file: /etc/neutron/plugins/ml2/openvswitch_agent.ini, section: securitygroup, option: firewall_driver, value: "{{ driver }}" }
+  notify:
+    - unmanage neutron services
+    - restart neutron services
+    - manage neutron services
+    - cleanup neutron services
+
+