summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--roles/nuage_node/handlers/main.yaml4
-rw-r--r--roles/nuage_node/meta/main.yml13
-rw-r--r--roles/nuage_node/tasks/iptables.yml17
-rw-r--r--roles/nuage_node/tasks/main.yaml2
4 files changed, 31 insertions, 5 deletions
diff --git a/roles/nuage_node/handlers/main.yaml b/roles/nuage_node/handlers/main.yaml
index 5f2b97ae2..fd06d9025 100644
--- a/roles/nuage_node/handlers/main.yaml
+++ b/roles/nuage_node/handlers/main.yaml
@@ -6,3 +6,7 @@
- name: restart node
become: yes
service: name={{ openshift.common.service_type }}-node state=restarted
+
+- name: save iptable rules
+ become: yes
+ command: iptables-save
diff --git a/roles/nuage_node/meta/main.yml b/roles/nuage_node/meta/main.yml
index 9f84eacf6..a6fbcba61 100644
--- a/roles/nuage_node/meta/main.yml
+++ b/roles/nuage_node/meta/main.yml
@@ -13,8 +13,11 @@ galaxy_info:
- cloud
- system
dependencies:
-- role: nuage_ca
-- role: os_firewall
- os_firewall_allow:
- - service: vxlan
- port: 4789/udp
+ - role: nuage_common
+ - role: nuage_ca
+ - role: os_firewall
+ os_firewall_allow:
+ - service: vxlan
+ port: 4789/udp
+ - service: nuage-monitor
+ port: "{{ nuage_mon_rest_server_port }}/tcp"
diff --git a/roles/nuage_node/tasks/iptables.yml b/roles/nuage_node/tasks/iptables.yml
new file mode 100644
index 000000000..52935f075
--- /dev/null
+++ b/roles/nuage_node/tasks/iptables.yml
@@ -0,0 +1,17 @@
+---
+- name: IPtables | Get iptables rules
+ command: iptables -L --wait
+ register: iptablesrules
+ always_run: yes
+
+- name: Allow traffic from overlay to underlay
+ command: /sbin/iptables --wait -I FORWARD 1 -s {{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }} -j ACCEPT -m comment --comment "nuage-overlay-underlay"
+ when: "'nuage-overlay-underlay' not in iptablesrules.stdout"
+ notify:
+ - save iptable rules
+
+- name: Allow traffic from underlay to overlay
+ command: /sbin/iptables --wait -I FORWARD 1 -d {{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }} -j ACCEPT -m comment --comment "nuage-underlay-overlay"
+ when: "'nuage-underlay-overlay' not in iptablesrules.stdout"
+ notify:
+ - save iptable rules
diff --git a/roles/nuage_node/tasks/main.yaml b/roles/nuage_node/tasks/main.yaml
index 1146573d3..2ec4be2c2 100644
--- a/roles/nuage_node/tasks/main.yaml
+++ b/roles/nuage_node/tasks/main.yaml
@@ -37,3 +37,5 @@
notify:
- restart vrs
- restart node
+
+- include: iptables.yml