This repository has been archived by the owner on Feb 9, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 43
/
01_prepare_routing_rules.yml
110 lines (110 loc) · 4.06 KB
/
01_prepare_routing_rules.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
---
- name: Prepare routing rules
block:
- name: Check IPv6
set_fact:
ipv6_deployment: >-
{{ true if he_host_ip not in target_address_v4.stdout_lines and
he_host_ip in target_address_v6.stdout_lines
else false }}
- include_tasks: validate_ip_prefix.yml
- include_tasks: alter_libvirt_default_net_configuration.yml
# all of the next is a workaround for a network issue:
# vdsm installation breaks the routing by defining separate
# routing table for ovirtmgmt. But we need to enable communication
# between virbr0 and ovirtmgmt
- name: Start libvirt
service:
name: libvirtd
state: started
enabled: true
- name: Activate default libvirt network
virt_net:
name: default
state: active
register: virt_net_out
- debug: var=virt_net_out
- name: Get libvirt interfaces
virt_net:
command: facts
- name: Get routing rules, IPv4
command: ip -j rule
environment: "{{ he_cmd_lang }}"
register: route_rules_ipv4
changed_when: true
- debug: var=route_rules_ipv4
- name: Get routing rules, IPv6
command: ip -6 rule
environment: "{{ he_cmd_lang }}"
register: route_rules_ipv6
changed_when: true
when: ipv6_deployment|bool
- debug: var=route_rules_ipv6
- name: Save bridge name
set_fact:
virbr_default: "{{ ansible_libvirt_networks['default']['bridge'] }}"
- name: Wait for the bridge to appear on the host
command: ip link show {{ virbr_default }}
environment: "{{ he_cmd_lang }}"
changed_when: true
register: ip_link_show_bridge
until: ip_link_show_bridge.rc == 0
retries: 30
delay: 3
- name: Refresh network facts
setup:
tags: ['skip_ansible_lint']
- name: Fetch IPv4 CIDR for {{ virbr_default }}
set_fact:
virbr_cidr_ipv4: >-
{{ (hostvars[inventory_hostname]['ansible_'+virbr_default]['ipv4']['address']+'/'
+hostvars[inventory_hostname]['ansible_'+virbr_default]['ipv4']['netmask']) |ipv4('host/prefix') }}
when: not ipv6_deployment|bool
- debug: var=virbr_cidr_ipv4
- name: Fetch IPv6 CIDR for {{ virbr_default }}
set_fact:
virbr_cidr_ipv6: >-
{{ (hostvars[inventory_hostname]['ansible_'+virbr_default]['ipv6'][0]['address']+'/'+
hostvars[inventory_hostname]['ansible_'+virbr_default]['ipv6'][0]['prefix']) |
ipv6('host/prefix') if 'ipv6' in hostvars[inventory_hostname]['ansible_'+virbr_default] else None }}
when: ipv6_deployment|bool
- debug: var=virbr_cidr_ipv6
- name: Add IPv4 outbound route rules
command: ip rule add from {{ virbr_cidr_ipv4 }} priority 101 table main
environment: "{{ he_cmd_lang }}"
register: result
when: >-
not ipv6_deployment|bool and
route_rules_ipv4.stdout | from_json |
selectattr('priority', 'equalto', 101) |
selectattr('src', 'equalto', virbr_cidr_ipv4 | ipaddr('address') ) |
list | length == 0
changed_when: true
- debug: var=result
- name: Add IPv4 inbound route rules
command: ip rule add from all to {{ virbr_cidr_ipv4 }} priority 100 table main
environment: "{{ he_cmd_lang }}"
register: result
changed_when: true
when: >-
not ipv6_deployment|bool and
route_rules_ipv4.stdout | from_json |
selectattr('priority', 'equalto', 100) |
selectattr('dst', 'equalto', virbr_cidr_ipv4 | ipaddr('address') ) |
list | length == 0
- debug: var=result
- name: Add IPv6 outbound route rules
command: ip -6 rule add from {{ virbr_cidr_ipv6 }} priority 101 table main
environment: "{{ he_cmd_lang }}"
register: result
when: ipv6_deployment|bool and "\"101:\tfrom \"+virbr_cidr_ipv6+\" lookup main\" not in route_rules_ipv6.stdout"
changed_when: true
- debug: var=result
- name: Add IPv6 inbound route rules
command: ip -6 rule add from all to {{ virbr_cidr_ipv6 }} priority 100 table main
environment: "{{ he_cmd_lang }}"
register: result
changed_when: true
when: >-
ipv6_deployment|bool and "\"100:\tfrom all to \"+virbr_cidr_ipv6+\" lookup main\" not in route_rules_ipv6.stdout"
- debug: var=result