diff options
Diffstat (limited to 'roles/ands_network')
-rw-r--r-- | roles/ands_network/defaults/main.yml | 2 | ||||
-rw-r--r-- | roles/ands_network/files/galera.xml | 10 | ||||
-rw-r--r-- | roles/ands_network/files/netpipe.xml | 6 | ||||
-rw-r--r-- | roles/ands_network/tasks/add_names.yml | 28 | ||||
-rw-r--r-- | roles/ands_network/tasks/common.yml | 1 | ||||
-rw-r--r-- | roles/ands_network/tasks/firewall.yml | 32 | ||||
-rw-r--r-- | roles/ands_network/tasks/firewall_service.yml | 13 | ||||
-rw-r--r-- | roles/ands_network/tasks/nm_configure.yml | 15 | ||||
-rw-r--r-- | roles/ands_network/tasks/nm_configure_connection.yml | 31 |
9 files changed, 129 insertions, 9 deletions
diff --git a/roles/ands_network/defaults/main.yml b/roles/ands_network/defaults/main.yml index 139e8b3..0170370 100644 --- a/roles/ands_network/defaults/main.yml +++ b/roles/ands_network/defaults/main.yml @@ -1 +1,3 @@ configure_network: "{{ ands_configure_network | default(false) }}" +firewall_template_path: "{{ ands_paths.provision }}/firewall/{{ ansible_hostname }}" +firewall_services: [ 'galera', 'netpipe' ]
\ No newline at end of file diff --git a/roles/ands_network/files/galera.xml b/roles/ands_network/files/galera.xml new file mode 100644 index 0000000..15f908b --- /dev/null +++ b/roles/ands_network/files/galera.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>MySQL/Galera</short> + <description>MySQL/Galera Database Server</description> + <port protocol="tcp" port="3306"/> + <port protocol="tcp" port="4567"/> + <port protocol="udp" port="4567"/> + <port protocol="tcp" port="4568"/> + <port protocol="tcp" port="4444"/> +</service> diff --git a/roles/ands_network/files/netpipe.xml b/roles/ands_network/files/netpipe.xml new file mode 100644 index 0000000..0e7f355 --- /dev/null +++ b/roles/ands_network/files/netpipe.xml @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>NetPIPE</short> + <description>NetPIPE network benchmark</description> + <port protocol="tcp" port="5002"/> +</service> diff --git a/roles/ands_network/tasks/add_names.yml b/roles/ands_network/tasks/add_names.yml new file mode 100644 index 0000000..3edde38 --- /dev/null +++ b/roles/ands_network/tasks/add_names.yml @@ -0,0 +1,28 @@ +# Currently EXCLUDED +# Kind of post-install. We can include this in maitain later. + +# We should not do it before Gluster peers are probed, otherwise everything will fail. +# Some peers will have names and others IPs. +- name: Configure all storage hostnames in /etc/hosts + lineinfile: dest="/etc/hosts" line="{{ ip }} {{ fqdn }} {{ hostname }}" regexp="{{ fqdn }}" state="present" + when: + - hostvars[item]['ands_facts_configured'] is defined + vars: + ip: "{{ hostvars[item]['ands_storage_ip'] }}" + hostname: "{{ hostvars[item]['ands_hostname_storage'] }}" + fqdn: "{{ hostvars[item]['ands_hostname_storage'] ~ ands_inner_dot_domain }}" + with_inventory_hostnames: + - nodes + - new_nodes + +- name: Configure all public hostnames in /etc/hosts + lineinfile: dest="/etc/hosts" line="{{ ip }} {{ fqdn }} {{ hostname }}" regexp="{{ fqdn }}" state="present" + when: + - hostvars[item]['ands_facts_configured'] is defined + vars: + ip: "{{ hostvars[item]['ands_openshift_public_ip'] }}" + hostname: "{{ hostvars[item]['ands_hostname_public'] }}" + fqdn: "{{ hostvars[item]['ands_hostname_public'] ~ ands_inner_dot_domain }}" + with_inventory_hostnames: + - nodes + - new_nodes diff --git a/roles/ands_network/tasks/common.yml b/roles/ands_network/tasks/common.yml index f2fda00..940cde7 100644 --- a/roles/ands_network/tasks/common.yml +++ b/roles/ands_network/tasks/common.yml @@ -7,7 +7,6 @@ # - nodes # - new_nodes - # This will not work properly unless 'ands_facts' are executed on all nodes.... This is checked by evaluating if 'ands_openshift_fqdn' is defined - name: Configure all cluster hostnames in /etc/hosts lineinfile: dest="/etc/hosts" line="{{ ip }} {{ fqdn }} {{ hostname }}" regexp="{{ fqdn }}" state="present" diff --git a/roles/ands_network/tasks/firewall.yml b/roles/ands_network/tasks/firewall.yml new file mode 100644 index 0000000..d5ba5f3 --- /dev/null +++ b/roles/ands_network/tasks/firewall.yml @@ -0,0 +1,32 @@ +- name: Ensure firewall template directory exists + file: path="{{ firewall_template_path }}" state="directory" mode=0644 owner=root group=root + +#Just in case we already added but not reloaded yet +#- name: Reload firewalld rules +# shell: firewall-cmd --reload + +- name: Get list of existing firewalld services + shell: "firewall-cmd --get-services | tr ' ' '\n'" + changed_when: false + register: services + +- name: Configure missing firewalld services + include_tasks: firewall_service.yml + with_items: "{{ firewall_services }}" + vars: + servicelist: "{{ services.stdout_lines }}" + loop_control: + loop_var: service + +- name: Reload firewalld rules + shell: firewall-cmd --reload + +- name: Enable MySQL and Galera services if ands_hostnet_db is enabled + firewalld: service="{{ item }}" state="enabled" permanent="true" immediate="true" + when: ands_hostnet_db | default(false) + with_items: + - mysql + - galera + +- name: Reload firewalld rules + shell: firewall-cmd --reload diff --git a/roles/ands_network/tasks/firewall_service.yml b/roles/ands_network/tasks/firewall_service.yml new file mode 100644 index 0000000..98bc866 --- /dev/null +++ b/roles/ands_network/tasks/firewall_service.yml @@ -0,0 +1,13 @@ +- name: "Copy firewalld service '{{ service }}'" + copy: src="{{ service }}.xml" dest="{{ firewall_template_path }}/{{ service }}.xml" owner=root group=root mode="0644" + register: result + +- name: "Delete old version of firewalld service '{{ service }}'" + command: "firewall-offline-cmd --remove-service={{ service }}" + when: + - service in servicelist + - result | changed + +- name: "Create firewalld service '{{ service }}'" + command: "firewall-offline-cmd --new-service-from-file='{{ firewall_template_path }}/{{ service }}.xml' --name={{ service }}" + when: (service not in servicelist) or (result | changed) diff --git a/roles/ands_network/tasks/nm_configure.yml b/roles/ands_network/tasks/nm_configure.yml index 4482705..57e40ca 100644 --- a/roles/ands_network/tasks/nm_configure.yml +++ b/roles/ands_network/tasks/nm_configure.yml @@ -1,4 +1,3 @@ - - name: install needed network manager libs yum: name='{{ item }}' state=installed with_items: @@ -21,6 +20,16 @@ cidr: "{{ ands_storage_cidr }}" force: true +- name: configure bridged openshift nework + include_tasks: nm_configure_connection.yml + vars: + bridge: "{{ ands_bridge }}" + name: "openshift" + iface: "{{ ands_inner_interface }}" + cidr: "{{ ands_openshift_cidr }}" + force: true + when: ands_enable_cnr | default(false) + - name: configure openshift nework include_tasks: nm_configure_connection.yml vars: @@ -28,6 +37,8 @@ iface: "{{ ands_inner_interface }}" cidr: "{{ ands_openshift_cidr }}" force: true + when: not (ands_enable_cnr | default(false)) + - name: configure public nework include_tasks: nm_configure_connection.yml @@ -37,3 +48,5 @@ cidr: "{{ ands_openshift_public_cidr }}" alias: true +- name: Configure firewall + include_tasks: firewall.yml diff --git a/roles/ands_network/tasks/nm_configure_connection.yml b/roles/ands_network/tasks/nm_configure_connection.yml index 18fc91e..9354fbf 100644 --- a/roles/ands_network/tasks/nm_configure_connection.yml +++ b/roles/ands_network/tasks/nm_configure_connection.yml @@ -1,15 +1,16 @@ -- name: "detect nm connection corresponding to interface '{{ iface }}'" +- name: "detect nm connection corresponding to interface '{{ bridge | default(iface) }}'" shell: "nmcli d show {{ iface | quote }} | grep CONNECTION | cut -d ':' -f 2- | sed -E -e 's/^[[:space:]]+//' | grep '^[[:alpha:]]'" register: conres failed_when: false changed_when: false -- name: "check if the requested ip '{{ cidr }}' is present on the interface '{{ iface }}'" +- name: "check if the requested ip '{{ cidr }}' is present on the interface '{{ biface }}'" set_fact: ip_present: "{{ cidr | ipaddr('address') in ips }}" vars: - eth: "{{ hostvars[inventory_hostname]['ansible_' + iface] | default({}) }}" + biface: "{{ bridge | default(iface) }}" + eth: "{{ hostvars[inventory_hostname]['ansible_' + biface] | default({}) }}" ipv4: "{{ eth['ipv4'] | default({}) }}" q: "{{ eth | json_query('ipv4_secondaries[*].address') }}" sec: "{{ ((q == ands_none) or (q == '')) | ternary([], q) }}" @@ -27,9 +28,24 @@ - not (alias | default(false)) - not ip_present -- name: "configure storage network interface '{{ iface }}' to '{{ cidr }}'" +- name: "create bridge '{{ bridge }}' with cidr '{{ cidr }}'" + command: "nmcli connection add type bridge ifname {{ bridge | quote }} con-name {{ name }} ip4 {{ cidr }}" + when: + - bridge is defined + - (conres.rc != 0) or (not (delres | skipped)) + - (conres.rc != 0) or (not (alias | default(false))) + +- name: "connect bridge '{{ bridge }}' to interface '{{ iface }}'" + command: "nmcli connection add type bridge-slave ifname {{ iface | quote }} master {{ bridge | quote }}" + when: + - bridge is defined + - (conres.rc != 0) or (not (delres | skipped)) + - (conres.rc != 0) or (not (alias | default(false))) + +- name: "configure network interface '{{ iface }}' to '{{ cidr }}'" command: "nmcli connection add type infiniband ifname {{ iface | quote }} con-name {{ name }} ip4 {{ cidr }}" when: + - bridge is not defined - (conres.rc != 0) or (not (delres | skipped)) - (conres.rc != 0) or (not (alias | default(false))) @@ -41,10 +57,11 @@ - conres.rc == 0 - not ip_present - -- name: "add ip alias '{{ cidr }}' to network interface '{{ iface }}'" - command: "nmcli connection up {{ conres.stdout | quote }}" +- name: "start connection {{ cname }}" + command: "nmcli connection up {{ cname | quote }}" register: alres + vars: + cname: "{{ (conres.stdout == '') | ternary(name, conres.stdout) }}" when: - not(alres | skipped) - alres | succeeded |