Commit Graph

8 Commits

Author SHA1 Message Date
Chandan Kumar (raukadah) 6aa268834c Introduce iptables_package var
on RHEL-9 there is no iptables package, we need to install
iptables-nft package here.

In CentOS Stream-9 and Fedora-34 onwards iptables-nft package
is available.[1]

But we also need to support other distros, so we are introducing
iptables_packages var and distro specific var files (having different
name) for installing iptables package.

[1]. https://pkgs.org/download/iptables-nft

Signed-off-by: Chandan Kumar (raukadah) <chkumar@redhat.com>
Change-Id: I8d5d3182996fc1e83b7f4f7eb99cf4c347d6ef1f
2022-01-19 15:11:08 +05:30
Albin Vass 9062289151 Check for loop_control in with_ type loops
Change-Id: I191265df7709a6262b44a428d78fe28ffaeb4b75
2020-05-01 13:45:34 +02:00
Clark Boylan 121baa0d77 Revert "Use import_role on persistent-firewall"
This reverts commit 46b7b6e1c9.

This didn't end up changing the incidence of the iptables-save command
task failures.

Change-Id: I02e725d7330bc9b438a9864ea49510cca7fee524
2019-10-01 09:11:02 -07:00
Clark Boylan 46b7b6e1c9 Use import_role on persistent-firewall
Previously to persist the filewall we were including the
persistent-firewall role. This seems to occasionally break because the
second invocation of the role (on multinode jobs after setting up the
multinode bridge) fails with an RC of -13 when listing ipv4 iptables
roles. Then when we try to write them to disk the variable is empty.

One thought is that dynamically loading the role multiple times may be
confusing ansible. Use import_role to statically load the role instead
and see if this helps.

Change-Id: I2458f8eb4c2e4638336fa14e436e13b5a2263cce
2019-09-30 10:39:02 -07:00
Sorin Sbarnea 9789943b85 Assure iptables is installed inside multi-node-firewall role
Avoids failure to run on fedora-28 due to missing iptables.

Change-Id: Id3e26508d6a5967c66aca49d968aac3c84e704dd
2019-02-21 13:08:25 +00:00
Ian Wienand 3230139d65 Handle blank public_ipv4
Some clouds such as limestone have no public_ipv4; handle this in the
firewall setup

Change-Id: Id4a8032a6a14a040d62d1c70bf5e6e789fd8ff55
2018-03-27 12:27:21 +00:00
David Moreau-Simard 0bb84bc58e
Persist iptables rules
We configured iptables rules but did not persist them.
This meant that rules would be flushed when restarting iptables or
the instance.

Change-Id: I9d90f55323a33d6a0f0dda1f7ab25d10984fa6cb
2017-10-31 17:39:32 -04:00
David Moreau-Simard a5da23b827
Multi-node: Set up firewalls
This adds nodes in a multi-node job to each other's firewalls so that
they can communicate with each other without restrictions.

Change-Id: Ic9eda6b951c5ecf5997fe9da3338980f2a8121b0
2017-09-22 16:25:51 -04:00