Radosław Piliszek b356762b94 CI: Refactor VXLAN overlay setup
This makes it cleaner, allows reuse and outsourcing to zuul jobs
and enables us to create multiple of these overlay networks for
testing of more advanced scenarios.

Change-Id: Id557c81f68a7f34556854e7d6efc6eddfd2e7216
2020-02-20 12:24:05 +01:00

73 lines
2.9 KiB
YAML

---
# Not all variables have sensible defaults, let's ensure these are set.
- name: Ensure mandatory variables are defined
assert:
that:
- managed_interface_name is defined
- managed_network_prefix is defined
- managed_network_prefix_length is defined
- managed_network_address_family is defined
- name: Set managed interface facts
set_fact:
managed_interface_address: "{{ managed_network_prefix }}{{ groups['all'].index(inventory_hostname) + 1 }}"
- name: Add IPv4 address for managed network
become: true
vars:
managed_network_cidr: "{{ managed_interface_address }}/{{ managed_network_prefix_length }}"
# NOTE(yoctozepto): we have to compute and explicitly set the broadcast address,
# otherwise bifrost fails its pre-bootstrap sanity checks due to missing
# broadcast address as ansible picks up scope ('global') as the interface's
# broadcast address which fails checks logic
managed_network_broadcast_address: "{{ managed_network_cidr | ipaddr('broadcast') }}"
command: ip address add {{ managed_network_cidr }} broadcast {{ managed_network_broadcast_address }} dev {{ managed_interface_name }}
when: managed_network_address_family == 'ipv4'
# NOTE(yoctozepto): IPv6 has no broadcast address, let's not create confusion by setting it
- name: Add IPv6 address for managed network
become: true
command: ip address add {{ managed_interface_address }}/{{ managed_network_prefix_length }} dev {{ managed_interface_name }}
when: managed_network_address_family == 'ipv6'
- name: Accept traffic on the managed network (IN)
become: true
iptables:
state: present
action: insert
chain: INPUT
ip_version: "{{ managed_network_address_family }}"
in_interface: "{{ managed_interface_name }}"
jump: ACCEPT
# NOTE(yoctozepto): the default policy is ACCEPT but it is nicer to get statistics
- name: Accept traffic on the managed network (OUT)
become: true
iptables:
state: present
action: insert
chain: OUTPUT
ip_version: "{{ managed_network_address_family }}"
out_interface: "{{ managed_interface_name }}"
jump: ACCEPT
# NOTE(yoctozepto): IPv6 DAD may delay proper address assignment
# this task will wait until DAD is done and addresses are no longer tentative
# we assign addresses uniquely so DAD can only move it to preferred
# hence we only check whether it's no longer tentative
- name: Ensure IPv6 addresses on the managed interface are no longer tentative
become: true
command: ip -o address show tentative dev {{ managed_interface_name }}
register: tentative_addresses
until: tentative_addresses.stdout == ''
retries: 30
delay: 2
when:
- managed_network_address_family == 'ipv6'
- name: Ping across the managed network
vars:
ping_command: "{{ 'ping' if managed_network_address_family == 'ipv4' else 'ping6' }}"
command: "{{ ping_command }} -c1 {{ hostvars[item].managed_interface_address }}"
with_inventory_hostnames: all