--- - hosts: all any_errors_fatal: true vars: logs_dir: "/tmp/logs" roles: - bindep - multi-node-firewall - role: multi-node-vxlan-overlay vars: vxlan_interface_name: "{{ api_interface_name }}" vxlan_vni: 10000 - role: multi-node-managed-addressing vars: managed_interface_name: "{{ api_interface_name }}" managed_network_prefix: "{{ api_network_prefix }}" managed_network_prefix_length: "{{ api_network_prefix_length }}" managed_network_address_family: "{{ address_family }}" # NOTE(yoctozepto): no addressing for neutron_external_interface in here # because it is enslaved by a bridge - role: multi-node-vxlan-overlay vars: vxlan_interface_name: "{{ neutron_external_interface_name }}" vxlan_vni: 10001 tasks: # NOTE(yoctozepto): we use gawk to add time to each logged line # outside of Ansible (e.g. for init-runonce) - name: Install gawk package: name: gawk become: true - name: Ensure /tmp/logs/ dir file: path: "{{ logs_dir }}" state: "directory" - name: Ensure node directories file: path: "{{ logs_dir }}/{{ item }}" state: "directory" mode: 0777 with_items: - "docker_logs" - "kolla_configs" - "system_logs" - "kolla" - "ansible" # NOTE(yoctozepto): let's observe forwarding behavior - name: iptables - LOG FORWARD become: true iptables: state: present action: append chain: FORWARD jump: LOG log_prefix: 'iptables FORWARD: ' # NOTE(yoctozepto): This is to undo Docker's default policy of DROP which # breaks l3 forwarding and also linuxbridge deploys due to bridge-nf-call-iptables. # FIXME(yoctozepto): really handle this for users - somehow my local multinode # deploy fixed it for itself by setting it to ACCEPT on network nodes without # my intervention but so far we have no idea what did that. It certainly does # not happen in CI where all nodes are aio. - name: iptables - ACCEPT FORWARD become: True iptables: state: present action: append chain: FORWARD jump: ACCEPT - name: set new hostname based on ansible inventory file hostname: name: "{{ inventory_hostname }}" become: true