--- - hosts: all any_errors_fatal: true vars: logs_dir: "/tmp/logs" roles: - bindep - multi-node-firewall - role: multi-node-vxlan-overlay vars: vxlan_interface_name: "{{ api_interface_name }}" vxlan_vni: 10000 - role: multi-node-managed-addressing vars: managed_interface_name: "{{ api_interface_name }}" managed_network_prefix: "{{ api_network_prefix }}" managed_network_prefix_length: "{{ api_network_prefix_length }}" managed_network_address_family: "{{ address_family }}" # NOTE(yoctozepto): no addressing for neutron_external_interface in here # because it is enslaved by a bridge - role: multi-node-vxlan-overlay vars: vxlan_interface_name: "{{ neutron_external_interface_name }}" vxlan_vni: 10001 tasks: # NOTE(yoctozepto): we use gawk to add time to each logged line # outside of Ansible (e.g. for init-runonce) - name: Install gawk and Python modules package: name: - gawk - python3-pip - python3-setuptools - python3-virtualenv - python3-wheel become: true # FIXME(hrw): drop when previous_release == ussuri - name: Install Python2 modules for stable/train package: name: - python-pip - python-setuptools - python-virtualenv - python-wheel become: true when: - is_upgrade - previous_release == 'train' - not (ansible_os_family == "RedHat" and ansible_distribution_major_version | int == 8) # NOTE(hrw): On RedHat systems it is part of python3-virtualenv - name: Install virtualenv on Debian systems package: name: - virtualenv become: true when: ansible_os_family == "Debian" - name: Ensure /tmp/logs/ dir file: path: "{{ logs_dir }}" state: "directory" - name: Ensure node directories file: path: "{{ logs_dir }}/{{ item }}" state: "directory" mode: 0777 with_items: - "docker_logs" - "kolla_configs" - "system_logs" - "kolla" - "ansible" # NOTE(yoctozepto): let's observe forwarding behavior - name: iptables - LOG FORWARD become: true iptables: state: present action: append chain: FORWARD jump: LOG log_prefix: 'iptables FORWARD: ' # NOTE(yoctozepto): This is to undo Docker's default policy of DROP which # breaks l3 forwarding and also linuxbridge deploys due to bridge-nf-call-iptables. # FIXME(yoctozepto): really handle this for users - somehow my local multinode # deploy fixed it for itself by setting it to ACCEPT on network nodes without # my intervention but so far we have no idea what did that. It certainly does # not happen in CI where all nodes are aio. - name: iptables - ACCEPT FORWARD become: True iptables: state: present action: append chain: FORWARD jump: ACCEPT - name: set new hostname based on ansible inventory file hostname: name: "{{ inventory_hostname }}" become: true