-
Notifications
You must be signed in to change notification settings - Fork 16
/
external.yml
93 lines (82 loc) · 3.5 KB
/
external.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# Playbook to setup external networking and overcloud endpoint access on the undercloud
- hosts: undercloud
gather_facts: yes
vars:
external_interface: "{{ hostvars['localhost']['external_interface'] }}"
tasks:
- name: set ext_interface for baremetal
block:
- name: get ext_interface
shell: |
for i in /sys/class/net/*
do
udevcontent=`udevadm info -p $i --query property`
if [[ $udevcontent =~ {{ external_interface }} ]]
then
ext_interface=`echo $i | cut -d '/' -f 5`
break
fi
done
echo $ext_interface
register: ext_interface
- name: set ext_iface
set_fact:
ext_iface: "{{ ext_interface.stdout }}"
when: virtual_uc != true and composable_roles == false
- name: set ext_iface
set_fact:
ext_iface: "{{ hostvars['localhost']['external_interfaces'][0] }}"
when: composable_roles and lab_name in ['scale', 'alias']
- name: fail when both public_external_interface and external_network_vlan_id defined
fail:
msg: Both public_external_interface and external_network_vlan_id defined
when: public_external_interface is defined and external_network_vlan_id is defined
- name: set ext_iface
set_fact:
ext_iface: "{{ vm_external_interface }}"
when: virtual_uc == true
# "Reverse path" filter prevents packets from coming in or going out on
# an unexpected interface to help prevent routing loops (check with lab team).
# The default route on undercloud was out the primary foreman interface,
# so when undercloud gets packets coming in on the 4th NIC, it sends the traffic back
# out the foreman interface. Turning off this configuration enables to use
# public_external_interface i.e 4th interface
- name: disable rp_filter
shell: |
for f in $(find /proc/sys/net/ipv4 -name rp_filter) ; do echo 0 > $f ; done
become: true
ignore_errors: true
when: public_external_interface is defined
- name: create vlan interface on external interface
vars:
vlan_interface: "{{ ext_iface }}.{{ external_network_vlan_id }}"
shell: |
ip link add link {{ ext_iface }} name {{ vlan_interface }} type vlan id {{ external_network_vlan_id }}
ip link set dev {{ ext_iface }} up
ip link set dev {{ vlan_interface }} up
ip a a {{ external_gateway }} dev {{ vlan_interface }}
become: true
ignore_errors: true
when: external_network_vlan_id is defined
- name: add ip on when external interface is real public interface
shell: |
ip a a {{ external_gateway }} dev {{ ext_iface }}
become: true
ignore_errors: true
when: external_network_vlan_id is not defined
- name: flush iptables
shell: sudo iptables --flush
become: yes
ignore_errors: yes
- name: get default route
shell: |
ip r | grep default | cut -d ' ' -f5
register: default_route
become: true
when: external_network_vlan_id is defined
- name: masquerade on public interface
shell: |
iptables -t nat -A POSTROUTING -o {{ default_route.stdout }} -j MASQUERADE
become: true
become_user: root
when: external_network_vlan_id is defined