Multi-node: Set up firewalls

This adds nodes in a multi-node job to each other's firewalls so that
they can communicate with each other without restrictions.

Change-Id: Ic9eda6b951c5ecf5997fe9da3338980f2a8121b0

playbooks/multinode/pre.yaml

@@ -12,3 +12,7 @@
     - name: Set up multi-node hosts file
       include_role:
         name: multi-node-hosts-file
+
+    - name: Set up multi-node firewall
+      include_role:
+        name: multi-node-firewall

roles/multi-node-firewall/README.rst

@@ -0,0 +1,2 @@
+Configures the inventory private and public addresses in a multi-node job in
+iptables in order to allow traffic to and from each node without restrictions.

roles/multi-node-firewall/tasks/main.yaml

@@ -0,0 +1,42 @@
+- name: Set up the host ip addresses
+  set_fact:
+    ipv4_addresses: >
+      {% set hosts = [] -%}
+      {% for host, vars in hostvars.items() -%}
+      {% set _ = hosts.append(vars['nodepool']['private_ipv4']) -%}
+      {% set _ = hosts.append(vars['nodepool']['public_ipv4']) -%}
+      {% endfor -%}
+      {{- hosts | sort | unique -}}
+    ipv6_addresses: >
+      {% set hosts = [] -%}
+      {% for host, vars in hostvars.items() -%}
+      {% if vars['nodepool']['public_ipv6'] -%}
+        {% set _ = hosts.append(vars['nodepool']['public_ipv6']) -%}
+      {% endif -%}
+      {% endfor -%}
+      {{- hosts | sort | unique -}}
+
+- name: Set up ipv4 iptables rules
+  become: yes
+  iptables:
+    state: present
+    action: insert
+    chain: INPUT
+    ip_version: ipv4
+    source: "{{ item }}"
+    jump: ACCEPT
+  with_items: "{{ ipv4_addresses }}"
+
+- name: Set up ipv6 iptables rules
+  become: yes
+  iptables:
+    state: present
+    action: insert
+    chain: INPUT
+    ip_version: ipv6
+    source: "{{ item }}"
+    jump: ACCEPT
+  with_items: "{{ ipv6_addresses }}"
+  when:
+    - ipv6_addresses is defined
+    - ipv6_addresses