diff options
author | Russell Teague <rteague@redhat.com> | 2017-12-13 10:10:23 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-12-13 10:10:23 -0500 |
commit | 0aa01db01608dc01550336d55f33f248ef81ead6 (patch) | |
tree | e525f37381a3e6ddfd14e49545d2781579240e31 /roles | |
parent | 1328147663f57872554cb7f1b10a0d823844229a (diff) | |
parent | 17ba2eafc5b7f132ad4b0a2e63d57bb647436c68 (diff) | |
download | openshift-0aa01db01608dc01550336d55f33f248ef81ead6.tar.gz openshift-0aa01db01608dc01550336d55f33f248ef81ead6.tar.bz2 openshift-0aa01db01608dc01550336d55f33f248ef81ead6.tar.xz openshift-0aa01db01608dc01550336d55f33f248ef81ead6.zip |
Merge pull request #6315 from riffraff169/contiv-multimaster
Multimaster openshift+contiv fixes
Diffstat (limited to 'roles')
-rw-r--r-- | roles/contiv/meta/main.yml | 2 | ||||
-rw-r--r-- | roles/contiv/tasks/default_network.yml | 13 | ||||
-rw-r--r-- | roles/contiv/tasks/netmaster_iptables.yml | 8 | ||||
-rw-r--r-- | roles/contiv_facts/tasks/rpm.yml | 9 |
4 files changed, 29 insertions, 3 deletions
diff --git a/roles/contiv/meta/main.yml b/roles/contiv/meta/main.yml index a2c2f98a7..52b9d09dd 100644 --- a/roles/contiv/meta/main.yml +++ b/roles/contiv/meta/main.yml @@ -21,7 +21,7 @@ dependencies: etcd_client_port: 22379 etcd_conf_dir: /etc/contiv-etcd/ etcd_data_dir: /var/lib/contiv-etcd/ - etcd_ca_host: "{{ inventory_hostname }}" + etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" etcd_cert_config_dir: /etc/contiv-etcd/ etcd_url_scheme: http etcd_peer_url_scheme: http diff --git a/roles/contiv/tasks/default_network.yml b/roles/contiv/tasks/default_network.yml index f679443e0..8a928ea54 100644 --- a/roles/contiv/tasks/default_network.yml +++ b/roles/contiv/tasks/default_network.yml @@ -8,51 +8,64 @@ - name: Contiv | Set globals command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" global set --fabric-mode {{ contiv_fabric_mode }} --vlan-range {{ contiv_vlan_range }} --fwd-mode {{ netplugin_fwd_mode }} --private-subnet {{ contiv_private_ext_subnet }}' + run_once: true - name: Contiv | Set arp mode to flood if ACI command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" global set --arp-mode flood' when: contiv_fabric_mode == "aci" + run_once: true - name: Contiv | Check if default-net exists command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" net ls' register: net_result + run_once: true - name: Contiv | Create default-net command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" net create --subnet={{ contiv_default_subnet }} -e {{ contiv_encap_mode }} -p {{ contiv_default_network_tag }} --gateway {{ contiv_default_gw }} default-net' when: net_result.stdout.find("default-net") == -1 + run_once: true - name: Contiv | Create host access infra network for VxLan routing case command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" net create --subnet={{ contiv_h1_subnet_default }} --gateway={{ contiv_h1_gw_default }} --nw-type="infra" contivh1' when: (contiv_encap_mode == "vxlan") and (netplugin_fwd_mode == "routing") + run_once: true #- name: Contiv | Create an allow-all policy for the default-group # command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" policy create ose-allow-all-policy' # when: contiv_fabric_mode == "aci" +# run_once: true - name: Contiv | Set up aci external contract to consume default external contract command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" external-contracts create -c -a {{ apic_default_external_contract }} oseExtToConsume' when: (contiv_fabric_mode == "aci") and (apic_configure_default_policy == true) + run_once: true - name: Contiv | Set up aci external contract to provide default external contract command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" external-contracts create -p -a {{ apic_default_external_contract }} oseExtToProvide' when: (contiv_fabric_mode == "aci") and (apic_configure_default_policy == true) + run_once: true - name: Contiv | Create aci default-group command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" group create default-net default-group' when: contiv_fabric_mode == "aci" + run_once: true - name: Contiv | Add external contracts to the default-group command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" group create -e oseExtToConsume -e oseExtToProvide default-net default-group' when: (contiv_fabric_mode == "aci") and (apic_configure_default_policy == true) + run_once: true #- name: Contiv | Add policy rule 1 for allow-all policy # command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" policy rule-add -d in --action allow ose-allow-all-policy 1' # when: contiv_fabric_mode == "aci" +# run_once: true #- name: Contiv | Add policy rule 2 for allow-all policy # command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" policy rule-add -d out --action allow ose-allow-all-policy 2' # when: contiv_fabric_mode == "aci" +# run_once: true - name: Contiv | Create default aci app profile command: 'netctl --netmaster "http://{{ inventory_hostname }}:{{ netmaster_port }}" app-profile create -g default-group {{ apic_default_app_profile }}' when: contiv_fabric_mode == "aci" + run_once: true diff --git a/roles/contiv/tasks/netmaster_iptables.yml b/roles/contiv/tasks/netmaster_iptables.yml index 07bb16ea7..c98e7b6a5 100644 --- a/roles/contiv/tasks/netmaster_iptables.yml +++ b/roles/contiv/tasks/netmaster_iptables.yml @@ -13,9 +13,15 @@ - name: Netmaster IPtables | Open Netmaster with iptables command: /sbin/iptables -I INPUT 1 -p tcp --dport {{ item }} -j ACCEPT -m comment --comment "contiv" with_items: - - "{{ netmaster_port }}" - "{{ contiv_rpc_port1 }}" - "{{ contiv_rpc_port2 }}" - "{{ contiv_rpc_port3 }}" when: iptablesrules.stdout.find("contiv") == -1 notify: Save iptables rules + +- name: Netmaster IPtables | Open netmaster main port + command: /sbin/iptables -I INPUT 1 -p tcp -s {{ item }} --dport {{ netmaster_port }} -j ACCEPT -m comment --comment "contiv" + with_items: + - "{{ groups.oo_nodes_to_config|difference(hostvars[inventory_hostname]['ansible_' + netmaster_interface].ipv4.address)|list }}" + when: iptablesrules.stdout.find("contiv") == -1 + notify: Save iptables rules diff --git a/roles/contiv_facts/tasks/rpm.yml b/roles/contiv_facts/tasks/rpm.yml index 07401a6dd..d12436f96 100644 --- a/roles/contiv_facts/tasks/rpm.yml +++ b/roles/contiv_facts/tasks/rpm.yml @@ -6,10 +6,17 @@ failed_when: false check_mode: no +- name: RPM | Determine if firewalld enabled + command: "systemctl status firewalld.service" + register: ss + changed_when: false + failed_when: false + check_mode: no + - name: Set the has_firewalld fact set_fact: has_firewalld: true - when: s.rc == 0 + when: s.rc == 0 and ss.rc == 0 - name: Determine if iptables-services installed command: "rpm -q iptables-services" |