2018-02-25 12:02:00 +01:00
|
|
|
---
|
2017-10-01 23:21:38 +08:00
|
|
|
- hosts: all
|
2019-10-06 08:02:42 +01:00
|
|
|
any_errors_fatal: true
|
2017-10-01 23:21:38 +08:00
|
|
|
vars:
|
|
|
|
logs_dir: "/tmp/logs"
|
2019-10-15 12:16:14 +01:00
|
|
|
roles:
|
|
|
|
- bindep
|
|
|
|
- multi-node-firewall
|
2020-02-17 18:40:15 +01:00
|
|
|
- role: multi-node-vxlan-overlay
|
|
|
|
vars:
|
|
|
|
vxlan_interface_name: "{{ api_interface_name }}"
|
2020-02-18 20:46:57 +01:00
|
|
|
vxlan_vni: 10000
|
2020-02-17 18:40:15 +01:00
|
|
|
- role: multi-node-managed-addressing
|
|
|
|
vars:
|
|
|
|
managed_interface_name: "{{ api_interface_name }}"
|
|
|
|
managed_network_prefix: "{{ api_network_prefix }}"
|
|
|
|
managed_network_prefix_length: "{{ api_network_prefix_length }}"
|
|
|
|
managed_network_address_family: "{{ address_family }}"
|
2020-02-23 17:14:47 +01:00
|
|
|
# NOTE(yoctozepto): no addressing for neutron_external_interface in here
|
|
|
|
# because it is enslaved by a bridge
|
2020-02-18 20:46:57 +01:00
|
|
|
- role: multi-node-vxlan-overlay
|
|
|
|
vars:
|
|
|
|
vxlan_interface_name: "{{ neutron_external_interface_name }}"
|
|
|
|
vxlan_vni: 10001
|
2017-10-01 23:21:38 +08:00
|
|
|
tasks:
|
2020-02-07 13:10:55 +01:00
|
|
|
# NOTE(yoctozepto): we use gawk to add time to each logged line
|
|
|
|
# outside of Ansible (e.g. for init-runonce)
|
2020-04-27 11:21:51 +02:00
|
|
|
- name: Install gawk and Python modules
|
2020-02-07 13:10:55 +01:00
|
|
|
package:
|
2020-04-27 11:21:51 +02:00
|
|
|
name:
|
|
|
|
- gawk
|
|
|
|
- python3-pip
|
|
|
|
- python3-setuptools
|
|
|
|
- python3-wheel
|
2020-02-07 13:10:55 +01:00
|
|
|
become: true
|
|
|
|
|
2017-10-01 23:21:38 +08:00
|
|
|
- name: Ensure /tmp/logs/ dir
|
|
|
|
file:
|
|
|
|
path: "{{ logs_dir }}"
|
|
|
|
state: "directory"
|
|
|
|
|
|
|
|
- name: Ensure node directories
|
|
|
|
file:
|
|
|
|
path: "{{ logs_dir }}/{{ item }}"
|
|
|
|
state: "directory"
|
|
|
|
mode: 0777
|
|
|
|
with_items:
|
|
|
|
- "docker_logs"
|
|
|
|
- "kolla_configs"
|
|
|
|
- "system_logs"
|
|
|
|
- "kolla"
|
|
|
|
- "ansible"
|
2017-10-20 13:50:21 +08:00
|
|
|
|
2020-02-23 18:29:16 +01:00
|
|
|
# NOTE(yoctozepto): let's observe forwarding behavior
|
|
|
|
- name: iptables - LOG FORWARD
|
|
|
|
become: true
|
|
|
|
iptables:
|
|
|
|
state: present
|
|
|
|
action: append
|
|
|
|
chain: FORWARD
|
|
|
|
jump: LOG
|
|
|
|
log_prefix: 'iptables FORWARD: '
|
|
|
|
|
|
|
|
# NOTE(yoctozepto): This is to undo Docker's default policy of DROP which
|
|
|
|
# breaks l3 forwarding and also linuxbridge deploys due to bridge-nf-call-iptables.
|
|
|
|
# FIXME(yoctozepto): really handle this for users - somehow my local multinode
|
|
|
|
# deploy fixed it for itself by setting it to ACCEPT on network nodes without
|
|
|
|
# my intervention but so far we have no idea what did that. It certainly does
|
|
|
|
# not happen in CI where all nodes are aio.
|
|
|
|
- name: iptables - ACCEPT FORWARD
|
|
|
|
become: True
|
|
|
|
iptables:
|
|
|
|
state: present
|
|
|
|
action: append
|
|
|
|
chain: FORWARD
|
|
|
|
jump: ACCEPT
|
|
|
|
|
2017-10-20 13:50:21 +08:00
|
|
|
- name: set new hostname based on ansible inventory file
|
|
|
|
hostname:
|
|
|
|
name: "{{ inventory_hostname }}"
|
|
|
|
become: true
|