Update baremetal-prep-virthost for Rhel8/C8

Rhel/Centos8 don't have bridge-utils utility. We have to create
network bridge using nmcli tool. Added template for RHEL8/C8
- add-provisioning-interface-os-major-version-8.sh.j2 and modified
logic in playbook to call relevant template based on OS Version.

We also set the required firewalld commands to allow proper network
traffic flow from undercloud to baremetal overcloud nodes.

Change-Id: I5e56b387283fa8deff857bcf3a39a007a3d876a3

playbooks/baremetal-prep-virthost.yml

@@ -41,6 +41,17 @@
   roles:
     - check-to-build-or-not-to-build
 
+- name: Add firewalld services and ports
+  hosts: virthost
+  gather_facts: false
+  tasks:
+    - include_role:
+        name: baremetal-prep-virthost
+        tasks_from: add_services_ports_firewalld.yml
+      when:
+        - ansible_distribution == 'RedHat'
+        - ansible_distribution_major_version|int >= 8
+
 - name: Setup undercloud and baremetal vms and networks in libvirt
   hosts: virthost
   gather_facts: true
@@ -69,7 +80,7 @@
 
 - name: Prepare the host for PXE forwarding
   hosts: virthost
-  gather_facts: false
+  gather_facts: true
   roles:
     - baremetal-prep-virthost
 

roles/baremetal-prep-virthost/tasks/add_services_ports_firewalld.yml

@@ -0,0 +1,13 @@
+---
+- name: ensure public firewalld services are added
+  become: true
+  firewalld:
+    zone: public
+    service: "{{ item }}"
+    permanent: true
+    state: enabled
+  with_items:
+    - tftp
+    - dhcp
+    - dhcpv6
+    - dns

roles/baremetal-prep-virthost/tasks/main.yml

@@ -1,9 +1,21 @@
 ---
-- name: Copy over provisioning nic script template
+- name: Copy over provisioning nic script template for rhel7 or centos7
   template:
     src: add-provisioning-interface.sh.j2
     dest: "{{ working_dir }}/add-provisioning-interface.sh"
     mode: 0755
+  when:
+    - ansible_distribution in ['RedHat', 'CentOS']
+    - ansible_distribution_major_version|int <= 7
+
+- name: Copy over provisioning nic script template for rhel8 or centos8
+  template:
+    src: add-provisioning-interface-os-major-version-8.sh.j2
+    dest: "{{ working_dir }}/add-provisioning-interface.sh"
+    mode: 0755
+  when:
+    - ansible_distribution in ['RedHat', 'CentOS']
+    - ansible_distribution_major_version|int >= 8
 
 - name: wait for  script file to exist
   wait_for: path="{{ working_dir }}/add-provisioning-interface.sh"

roles/baremetal-prep-virthost/templates/add-provisioning-interface-os-major-version-8.sh.j2

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+set -eux
+
+### --start_docs
+
+## * Remove the stale nmcli bridge port connection from the previous deployment
+## ::
+
+if sudo nmcli con show | grep -i brovc-port1; then
+    sudo nmcli con delete brovc-port1
+fi
+
+## * Add the NIC on the provisioning interface to the "brovc" bridge
+## ::
+
+sudo nmcli connection add type ethernet slave-type bridge con-name \
+    brovc-port1 ifname {{ virthost_provisioning_interface }} \
+    master brovc
+
+### --stop_docs

roles/undercloud-setup/tasks/main.yml

@@ -32,3 +32,7 @@
   include: ansible_cfg.yml
   when:
     - undercloud_ansible_cfg|bool and undercloud_ara|bool
+
+- name: Remove ens interface if it exists
+  include: remove_ens3.yml
+  when: ansible_distribution in ["RedHat", "CentOS"] and ansible_distribution_major_version|int >= 8

roles/undercloud-setup/tasks/remove_ens3.yml

@@ -0,0 +1,13 @@
+---
+- name: Check if ifcfg-ens3 exists
+  become: true
+  stat:
+    path: /etc/sysconfig/network-scripts/ifcfg-ens3
+  register: ens3_interface
+
+- name: Remove the interface file
+  become: true
+  file:
+    path: /etc/sysconfig/network-scripts/ifcfg-ens3
+    state: absent
+  when: ens3_interface.stat.exists