summaryrefslogtreecommitdiffstats
path: root/roles/ands_network
diff options
context:
space:
mode:
Diffstat (limited to 'roles/ands_network')
-rw-r--r--roles/ands_network/defaults/main.yml2
-rw-r--r--roles/ands_network/files/galera.xml10
-rw-r--r--roles/ands_network/files/netpipe.xml6
-rw-r--r--roles/ands_network/tasks/add_names.yml28
-rw-r--r--roles/ands_network/tasks/common.yml1
-rw-r--r--roles/ands_network/tasks/firewall.yml32
-rw-r--r--roles/ands_network/tasks/firewall_service.yml13
-rw-r--r--roles/ands_network/tasks/nm_configure.yml15
-rw-r--r--roles/ands_network/tasks/nm_configure_connection.yml31
9 files changed, 129 insertions, 9 deletions
diff --git a/roles/ands_network/defaults/main.yml b/roles/ands_network/defaults/main.yml
index 139e8b3..0170370 100644
--- a/roles/ands_network/defaults/main.yml
+++ b/roles/ands_network/defaults/main.yml
@@ -1 +1,3 @@
configure_network: "{{ ands_configure_network | default(false) }}"
+firewall_template_path: "{{ ands_paths.provision }}/firewall/{{ ansible_hostname }}"
+firewall_services: [ 'galera', 'netpipe' ] \ No newline at end of file
diff --git a/roles/ands_network/files/galera.xml b/roles/ands_network/files/galera.xml
new file mode 100644
index 0000000..15f908b
--- /dev/null
+++ b/roles/ands_network/files/galera.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+ <short>MySQL/Galera</short>
+ <description>MySQL/Galera Database Server</description>
+ <port protocol="tcp" port="3306"/>
+ <port protocol="tcp" port="4567"/>
+ <port protocol="udp" port="4567"/>
+ <port protocol="tcp" port="4568"/>
+ <port protocol="tcp" port="4444"/>
+</service>
diff --git a/roles/ands_network/files/netpipe.xml b/roles/ands_network/files/netpipe.xml
new file mode 100644
index 0000000..0e7f355
--- /dev/null
+++ b/roles/ands_network/files/netpipe.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+ <short>NetPIPE</short>
+ <description>NetPIPE network benchmark</description>
+ <port protocol="tcp" port="5002"/>
+</service>
diff --git a/roles/ands_network/tasks/add_names.yml b/roles/ands_network/tasks/add_names.yml
new file mode 100644
index 0000000..3edde38
--- /dev/null
+++ b/roles/ands_network/tasks/add_names.yml
@@ -0,0 +1,28 @@
+# Currently EXCLUDED
+# Kind of post-install. We can include this in maitain later.
+
+# We should not do it before Gluster peers are probed, otherwise everything will fail.
+# Some peers will have names and others IPs.
+- name: Configure all storage hostnames in /etc/hosts
+ lineinfile: dest="/etc/hosts" line="{{ ip }} {{ fqdn }} {{ hostname }}" regexp="{{ fqdn }}" state="present"
+ when:
+ - hostvars[item]['ands_facts_configured'] is defined
+ vars:
+ ip: "{{ hostvars[item]['ands_storage_ip'] }}"
+ hostname: "{{ hostvars[item]['ands_hostname_storage'] }}"
+ fqdn: "{{ hostvars[item]['ands_hostname_storage'] ~ ands_inner_dot_domain }}"
+ with_inventory_hostnames:
+ - nodes
+ - new_nodes
+
+- name: Configure all public hostnames in /etc/hosts
+ lineinfile: dest="/etc/hosts" line="{{ ip }} {{ fqdn }} {{ hostname }}" regexp="{{ fqdn }}" state="present"
+ when:
+ - hostvars[item]['ands_facts_configured'] is defined
+ vars:
+ ip: "{{ hostvars[item]['ands_openshift_public_ip'] }}"
+ hostname: "{{ hostvars[item]['ands_hostname_public'] }}"
+ fqdn: "{{ hostvars[item]['ands_hostname_public'] ~ ands_inner_dot_domain }}"
+ with_inventory_hostnames:
+ - nodes
+ - new_nodes
diff --git a/roles/ands_network/tasks/common.yml b/roles/ands_network/tasks/common.yml
index f2fda00..940cde7 100644
--- a/roles/ands_network/tasks/common.yml
+++ b/roles/ands_network/tasks/common.yml
@@ -7,7 +7,6 @@
# - nodes
# - new_nodes
-
# This will not work properly unless 'ands_facts' are executed on all nodes.... This is checked by evaluating if 'ands_openshift_fqdn' is defined
- name: Configure all cluster hostnames in /etc/hosts
lineinfile: dest="/etc/hosts" line="{{ ip }} {{ fqdn }} {{ hostname }}" regexp="{{ fqdn }}" state="present"
diff --git a/roles/ands_network/tasks/firewall.yml b/roles/ands_network/tasks/firewall.yml
new file mode 100644
index 0000000..d5ba5f3
--- /dev/null
+++ b/roles/ands_network/tasks/firewall.yml
@@ -0,0 +1,32 @@
+- name: Ensure firewall template directory exists
+ file: path="{{ firewall_template_path }}" state="directory" mode=0644 owner=root group=root
+
+#Just in case we already added but not reloaded yet
+#- name: Reload firewalld rules
+# shell: firewall-cmd --reload
+
+- name: Get list of existing firewalld services
+ shell: "firewall-cmd --get-services | tr ' ' '\n'"
+ changed_when: false
+ register: services
+
+- name: Configure missing firewalld services
+ include_tasks: firewall_service.yml
+ with_items: "{{ firewall_services }}"
+ vars:
+ servicelist: "{{ services.stdout_lines }}"
+ loop_control:
+ loop_var: service
+
+- name: Reload firewalld rules
+ shell: firewall-cmd --reload
+
+- name: Enable MySQL and Galera services if ands_hostnet_db is enabled
+ firewalld: service="{{ item }}" state="enabled" permanent="true" immediate="true"
+ when: ands_hostnet_db | default(false)
+ with_items:
+ - mysql
+ - galera
+
+- name: Reload firewalld rules
+ shell: firewall-cmd --reload
diff --git a/roles/ands_network/tasks/firewall_service.yml b/roles/ands_network/tasks/firewall_service.yml
new file mode 100644
index 0000000..98bc866
--- /dev/null
+++ b/roles/ands_network/tasks/firewall_service.yml
@@ -0,0 +1,13 @@
+- name: "Copy firewalld service '{{ service }}'"
+ copy: src="{{ service }}.xml" dest="{{ firewall_template_path }}/{{ service }}.xml" owner=root group=root mode="0644"
+ register: result
+
+- name: "Delete old version of firewalld service '{{ service }}'"
+ command: "firewall-offline-cmd --remove-service={{ service }}"
+ when:
+ - service in servicelist
+ - result | changed
+
+- name: "Create firewalld service '{{ service }}'"
+ command: "firewall-offline-cmd --new-service-from-file='{{ firewall_template_path }}/{{ service }}.xml' --name={{ service }}"
+ when: (service not in servicelist) or (result | changed)
diff --git a/roles/ands_network/tasks/nm_configure.yml b/roles/ands_network/tasks/nm_configure.yml
index 4482705..57e40ca 100644
--- a/roles/ands_network/tasks/nm_configure.yml
+++ b/roles/ands_network/tasks/nm_configure.yml
@@ -1,4 +1,3 @@
-
- name: install needed network manager libs
yum: name='{{ item }}' state=installed
with_items:
@@ -21,6 +20,16 @@
cidr: "{{ ands_storage_cidr }}"
force: true
+- name: configure bridged openshift nework
+ include_tasks: nm_configure_connection.yml
+ vars:
+ bridge: "{{ ands_bridge }}"
+ name: "openshift"
+ iface: "{{ ands_inner_interface }}"
+ cidr: "{{ ands_openshift_cidr }}"
+ force: true
+ when: ands_enable_cnr | default(false)
+
- name: configure openshift nework
include_tasks: nm_configure_connection.yml
vars:
@@ -28,6 +37,8 @@
iface: "{{ ands_inner_interface }}"
cidr: "{{ ands_openshift_cidr }}"
force: true
+ when: not (ands_enable_cnr | default(false))
+
- name: configure public nework
include_tasks: nm_configure_connection.yml
@@ -37,3 +48,5 @@
cidr: "{{ ands_openshift_public_cidr }}"
alias: true
+- name: Configure firewall
+ include_tasks: firewall.yml
diff --git a/roles/ands_network/tasks/nm_configure_connection.yml b/roles/ands_network/tasks/nm_configure_connection.yml
index 18fc91e..9354fbf 100644
--- a/roles/ands_network/tasks/nm_configure_connection.yml
+++ b/roles/ands_network/tasks/nm_configure_connection.yml
@@ -1,15 +1,16 @@
-- name: "detect nm connection corresponding to interface '{{ iface }}'"
+- name: "detect nm connection corresponding to interface '{{ bridge | default(iface) }}'"
shell: "nmcli d show {{ iface | quote }} | grep CONNECTION | cut -d ':' -f 2- | sed -E -e 's/^[[:space:]]+//' | grep '^[[:alpha:]]'"
register: conres
failed_when: false
changed_when: false
-- name: "check if the requested ip '{{ cidr }}' is present on the interface '{{ iface }}'"
+- name: "check if the requested ip '{{ cidr }}' is present on the interface '{{ biface }}'"
set_fact:
ip_present: "{{ cidr | ipaddr('address') in ips }}"
vars:
- eth: "{{ hostvars[inventory_hostname]['ansible_' + iface] | default({}) }}"
+ biface: "{{ bridge | default(iface) }}"
+ eth: "{{ hostvars[inventory_hostname]['ansible_' + biface] | default({}) }}"
ipv4: "{{ eth['ipv4'] | default({}) }}"
q: "{{ eth | json_query('ipv4_secondaries[*].address') }}"
sec: "{{ ((q == ands_none) or (q == '')) | ternary([], q) }}"
@@ -27,9 +28,24 @@
- not (alias | default(false))
- not ip_present
-- name: "configure storage network interface '{{ iface }}' to '{{ cidr }}'"
+- name: "create bridge '{{ bridge }}' with cidr '{{ cidr }}'"
+ command: "nmcli connection add type bridge ifname {{ bridge | quote }} con-name {{ name }} ip4 {{ cidr }}"
+ when:
+ - bridge is defined
+ - (conres.rc != 0) or (not (delres | skipped))
+ - (conres.rc != 0) or (not (alias | default(false)))
+
+- name: "connect bridge '{{ bridge }}' to interface '{{ iface }}'"
+ command: "nmcli connection add type bridge-slave ifname {{ iface | quote }} master {{ bridge | quote }}"
+ when:
+ - bridge is defined
+ - (conres.rc != 0) or (not (delres | skipped))
+ - (conres.rc != 0) or (not (alias | default(false)))
+
+- name: "configure network interface '{{ iface }}' to '{{ cidr }}'"
command: "nmcli connection add type infiniband ifname {{ iface | quote }} con-name {{ name }} ip4 {{ cidr }}"
when:
+ - bridge is not defined
- (conres.rc != 0) or (not (delres | skipped))
- (conres.rc != 0) or (not (alias | default(false)))
@@ -41,10 +57,11 @@
- conres.rc == 0
- not ip_present
-
-- name: "add ip alias '{{ cidr }}' to network interface '{{ iface }}'"
- command: "nmcli connection up {{ conres.stdout | quote }}"
+- name: "start connection {{ cname }}"
+ command: "nmcli connection up {{ cname | quote }}"
register: alres
+ vars:
+ cname: "{{ (conres.stdout == '') | ternary(name, conres.stdout) }}"
when:
- not(alres | skipped)
- alres | succeeded