diff options
| author | Scott Dodson <sdodson@redhat.com> | 2016-11-16 19:13:13 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-11-16 19:13:13 -0500 |
| commit | 6782fa3c9e01b02e6a29e676f6bbe53d040b9708 (patch) | |
| tree | 872c4a180b58cc846add2dcbe253930331d37d37 | |
| parent | f116f79f30f295a14f2f36836d2cdb80fe7ab298 (diff) | |
| parent | 769274f376ed189d74e9684e126c17f6ddd3d4ff (diff) | |
| download | openshift-6782fa3c9e01b02e6a29e676f6bbe53d040b9708.tar.gz openshift-6782fa3c9e01b02e6a29e676f6bbe53d040b9708.tar.bz2 openshift-6782fa3c9e01b02e6a29e676f6bbe53d040b9708.tar.xz openshift-6782fa3c9e01b02e6a29e676f6bbe53d040b9708.zip | |
Merge pull request #2819 from vishpat/ip-forwarding
Added ip forwarding for nuage
| -rw-r--r-- | roles/nuage_node/handlers/main.yaml | 4 | ||||
| -rw-r--r-- | roles/nuage_node/meta/main.yml | 13 | ||||
| -rw-r--r-- | roles/nuage_node/tasks/iptables.yml | 17 | ||||
| -rw-r--r-- | roles/nuage_node/tasks/main.yaml | 2 |
4 files changed, 31 insertions, 5 deletions
diff --git a/roles/nuage_node/handlers/main.yaml b/roles/nuage_node/handlers/main.yaml index 5f2b97ae2..fd06d9025 100644 --- a/roles/nuage_node/handlers/main.yaml +++ b/roles/nuage_node/handlers/main.yaml @@ -6,3 +6,7 @@ - name: restart node become: yes service: name={{ openshift.common.service_type }}-node state=restarted + +- name: save iptable rules + become: yes + command: iptables-save diff --git a/roles/nuage_node/meta/main.yml b/roles/nuage_node/meta/main.yml index 9f84eacf6..a6fbcba61 100644 --- a/roles/nuage_node/meta/main.yml +++ b/roles/nuage_node/meta/main.yml @@ -13,8 +13,11 @@ galaxy_info: - cloud - system dependencies: -- role: nuage_ca -- role: os_firewall - os_firewall_allow: - - service: vxlan - port: 4789/udp + - role: nuage_common + - role: nuage_ca + - role: os_firewall + os_firewall_allow: + - service: vxlan + port: 4789/udp + - service: nuage-monitor + port: "{{ nuage_mon_rest_server_port }}/tcp" diff --git a/roles/nuage_node/tasks/iptables.yml b/roles/nuage_node/tasks/iptables.yml new file mode 100644 index 000000000..52935f075 --- /dev/null +++ b/roles/nuage_node/tasks/iptables.yml @@ -0,0 +1,17 @@ +--- +- name: IPtables | Get iptables rules + command: iptables -L --wait + register: iptablesrules + always_run: yes + +- name: Allow traffic from overlay to underlay + command: /sbin/iptables --wait -I FORWARD 1 -s {{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }} -j ACCEPT -m comment --comment "nuage-overlay-underlay" + when: "'nuage-overlay-underlay' not in iptablesrules.stdout" + notify: + - save iptable rules + +- name: Allow traffic from underlay to overlay + command: /sbin/iptables --wait -I FORWARD 1 -d {{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }} -j ACCEPT -m comment --comment "nuage-underlay-overlay" + when: "'nuage-underlay-overlay' not in iptablesrules.stdout" + notify: + - save iptable rules diff --git a/roles/nuage_node/tasks/main.yaml b/roles/nuage_node/tasks/main.yaml index 1146573d3..2ec4be2c2 100644 --- a/roles/nuage_node/tasks/main.yaml +++ b/roles/nuage_node/tasks/main.yaml @@ -37,3 +37,5 @@ notify: - restart vrs - restart node + +- include: iptables.yml |