From now on, tripleo_nftables will use a directory containing rules
snippets instead of a parameter.
This will allow to push snippets from other roles during the deploy,
and then configure the firewall.
We therefore add two new modules:
- tripleo_nftables_snippet: creates files with the relevant content,
as YAML
- tripleo_nftables_from_files: gather snippets, merge the contents,
sorts the rules and pass the whole list to its output.
The tripleo_firewall role is now creating a snippet based on the
current parameter, so that we're still 100% compatible with
tripleo-heat-templates way of pushing things in.
This new usage is especially interesting for the standalone
roles/playbooks deploy, since each service role will just need to:
- ensure the destination directory exists
- push its rule snippet in there, in the tripleo_nftables format, in
YAML
- call the "configure.yaml" from tripleo_nftables in order to get the
rules added/processed (and, eventually, the playbook will call the
run.yaml to apply things)
Depends-On: https://review.opendev.org/c/openstack/tripleo-ansible/+/864392
Change-Id: I38deaff740b2fcdcd7bc74ce81a2164121de11af
f6dd406621