summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorRussell Teague <rteague@redhat.com>2017-12-13 10:10:23 -0500
committerGitHub <noreply@github.com>2017-12-13 10:10:23 -0500
commit0aa01db01608dc01550336d55f33f248ef81ead6 (patch)
treee525f37381a3e6ddfd14e49545d2781579240e31 /roles
parent1328147663f57872554cb7f1b10a0d823844229a (diff)
parent17ba2eafc5b7f132ad4b0a2e63d57bb647436c68 (diff)
downloadopenshift-0aa01db01608dc01550336d55f33f248ef81ead6.tar.gz
openshift-0aa01db01608dc01550336d55f33f248ef81ead6.tar.bz2
openshift-0aa01db01608dc01550336d55f33f248ef81ead6.tar.xz
openshift-0aa01db01608dc01550336d55f33f248ef81ead6.zip
Merge pull request #6315 from riffraff169/contiv-multimaster
Multimaster openshift+contiv fixes
Diffstat (limited to 'roles')
-rw-r--r--roles/contiv/meta/main.yml2
-rw-r--r--roles/contiv/tasks/default_network.yml13
-rw-r--r--roles/contiv/tasks/netmaster_iptables.yml8
-rw-r--r--roles/contiv_facts/tasks/rpm.yml9
4 files changed, 29 insertions, 3 deletions
diff --git a/roles/contiv/meta/main.yml b/roles/contiv/meta/main.yml
index a2c2f98a7..52b9d09dd 100644
--- a/roles/contiv/meta/main.yml
+++ b/roles/contiv/meta/main.yml
@@ -21,7 +21,7 @@ dependencies:
etcd_client_port: 22379
etcd_conf_dir: /etc/contiv-etcd/
etcd_data_dir: /var/lib/contiv-etcd/
- etcd_ca_host: "{{ inventory_hostname }}"
+ etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"
etcd_cert_config_dir: /etc/contiv-etcd/
etcd_url_scheme: http
etcd_peer_url_scheme: http
diff --git a/roles/contiv/tasks/default_network.yml b/roles/contiv/tasks/default_network.yml
index f679443e0..8a928ea54 100644
--- a/roles/contiv/tasks/default_network.yml
+++ b/roles/contiv/tasks/default_network.yml
@@ -8,51 +8,64 @@
- name: Contiv | Set globals
command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" global set --fabric-mode {{ contiv_fabric_mode }} --vlan-range {{ contiv_vlan_range }} --fwd-mode {{ netplugin_fwd_mode }} --private-subnet {{ contiv_private_ext_subnet }}'
+ run_once: true
- name: Contiv | Set arp mode to flood if ACI
command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" global set --arp-mode flood'
when: contiv_fabric_mode == "aci"
+ run_once: true
- name: Contiv | Check if default-net exists
command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" net ls'
register: net_result
+ run_once: true
- name: Contiv | Create default-net
command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" net create --subnet={{ contiv_default_subnet }} -e {{ contiv_encap_mode }} -p {{ contiv_default_network_tag }} --gateway {{ contiv_default_gw }} default-net'
when: net_result.stdout.find("default-net") == -1
+ run_once: true
- name: Contiv | Create host access infra network for VxLan routing case
command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" net create --subnet={{ contiv_h1_subnet_default }} --gateway={{ contiv_h1_gw_default }} --nw-type="infra" contivh1'
when: (contiv_encap_mode == "vxlan") and (netplugin_fwd_mode == "routing")
+ run_once: true
#- name: Contiv | Create an allow-all policy for the default-group
# command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" policy create ose-allow-all-policy'
# when: contiv_fabric_mode == "aci"
+# run_once: true
- name: Contiv | Set up aci external contract to consume default external contract
command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" external-contracts create -c -a {{ apic_default_external_contract }} oseExtToConsume'
when: (contiv_fabric_mode == "aci") and (apic_configure_default_policy == true)
+ run_once: true
- name: Contiv | Set up aci external contract to provide default external contract
command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" external-contracts create -p -a {{ apic_default_external_contract }} oseExtToProvide'
when: (contiv_fabric_mode == "aci") and (apic_configure_default_policy == true)
+ run_once: true
- name: Contiv | Create aci default-group
command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" group create default-net default-group'
when: contiv_fabric_mode == "aci"
+ run_once: true
- name: Contiv | Add external contracts to the default-group
command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" group create -e oseExtToConsume -e oseExtToProvide default-net default-group'
when: (contiv_fabric_mode == "aci") and (apic_configure_default_policy == true)
+ run_once: true
#- name: Contiv | Add policy rule 1 for allow-all policy
# command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" policy rule-add -d in --action allow ose-allow-all-policy 1'
# when: contiv_fabric_mode == "aci"
+# run_once: true
#- name: Contiv | Add policy rule 2 for allow-all policy
# command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" policy rule-add -d out --action allow ose-allow-all-policy 2'
# when: contiv_fabric_mode == "aci"
+# run_once: true
- name: Contiv | Create default aci app profile
command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" app-profile create -g default-group {{ apic_default_app_profile }}'
when: contiv_fabric_mode == "aci"
+ run_once: true
diff --git a/roles/contiv/tasks/netmaster_iptables.yml b/roles/contiv/tasks/netmaster_iptables.yml
index 07bb16ea7..c98e7b6a5 100644
--- a/roles/contiv/tasks/netmaster_iptables.yml
+++ b/roles/contiv/tasks/netmaster_iptables.yml
@@ -13,9 +13,15 @@
- name: Netmaster IPtables | Open Netmaster with iptables
command: /sbin/iptables -I INPUT 1 -p tcp --dport {{ item }} -j ACCEPT -m comment --comment "contiv"
with_items:
- - "{{ netmaster_port }}"
- "{{ contiv_rpc_port1 }}"
- "{{ contiv_rpc_port2 }}"
- "{{ contiv_rpc_port3 }}"
when: iptablesrules.stdout.find("contiv") == -1
notify: Save iptables rules
+
+- name: Netmaster IPtables | Open netmaster main port
+ command: /sbin/iptables -I INPUT 1 -p tcp -s {{ item }} --dport {{ netmaster_port }} -j ACCEPT -m comment --comment "contiv"
+ with_items:
+ - "{{ groups.oo_nodes_to_config|difference(hostvars[inventory_hostname]['ansible_' + netmaster_interface].ipv4.address)|list }}"
+ when: iptablesrules.stdout.find("contiv") == -1
+ notify: Save iptables rules
diff --git a/roles/contiv_facts/tasks/rpm.yml b/roles/contiv_facts/tasks/rpm.yml
index 07401a6dd..d12436f96 100644
--- a/roles/contiv_facts/tasks/rpm.yml
+++ b/roles/contiv_facts/tasks/rpm.yml
@@ -6,10 +6,17 @@
failed_when: false
check_mode: no
+- name: RPM | Determine if firewalld enabled
+ command: "systemctl status firewalld.service"
+ register: ss
+ changed_when: false
+ failed_when: false
+ check_mode: no
+
- name: Set the has_firewalld fact
set_fact:
has_firewalld: true
- when: s.rc == 0
+ when: s.rc == 0 and ss.rc == 0
- name: Determine if iptables-services installed
command: "rpm -q iptables-services"