zuul-jobs/roles/multi-node-bridge/tasks/common.yaml
David Moreau-Simard efd90dd2f9
Authorize the multi-node-bridge network in iptables if there's one
This allows packets to flow freely between things that bind IPs on the
network bridge.

Change-Id: Iaacdca31b27b7033ec08499bcea7061b9d3ec279
2017-10-31 14:25:56 -04:00

55 lines
1.4 KiB
YAML

- name: Include OS-specific variables
include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_distribution }}.yaml"
- "{{ ansible_os_family }}.yaml"
- "default.yaml"
# RHEL and CentOS requires repositories provided by RDO in order to install
# openvswitch, set them up.
- name: Set-up RDO repositories
become: yes
package:
name: "{{ rdo_repository }}"
state: installed
when:
- rdo_repository is defined
- ansible_os_family == "RedHat"
- ansible_distribution != "Fedora"
register: rdo_repos
- name: Install openvswitch
become: yes
package:
name: "{{ ovs_package }}"
state: installed
- name: Ensure openvswitch is started
become: yes
service:
name: "{{ ovs_service }}"
state: started
enabled: yes
# If we've installed RDO repositories for openvswitch earlier, remove them
- name: Ensure RDO repositories are removed
become: yes
package:
name: "rdo-release"
state: absent
when: rdo_repos | changed
- name: Authorize the multi-node-bridge network
become: yes
iptables:
state: present
action: insert
chain: INPUT
ip_version: ipv4
source: "{{ bridge_address_prefix }}.0/{{ bridge_address_subnet }}"
destination: "{{ bridge_address_prefix }}.0/{{ bridge_address_subnet }}"
jump: ACCEPT
when:
- bridge_configure_address | bool
- bridge_authorize_internal_traffic | bool