Introduce iptables_package var

on RHEL-9 there is no iptables package, we need to install iptables-nft package here. In CentOS Stream-9 and Fedora-34 onwards iptables-nft package is available.[1] But we also need to support other distros, so we are introducing iptables_packages var and distro specific var files (having different name) for installing iptables package. [1]. https://pkgs.org/download/iptables-nft Signed-off-by: Chandan Kumar (raukadah) <chkumar@redhat.com> Change-Id: I8d5d3182996fc1e83b7f4f7eb99cf4c347d6ef1f
2022-01-10 12:27:47 +05:30 · 2022-01-10 12:27:47 +05:30 · 6aa268834c
parent 90c427d630
commit 6aa268834c
7 changed files with 46 additions and 4 deletions
--- a/roles/multi-node-firewall/README.rst
+++ b/roles/multi-node-firewall/README.rst
@ -1,2 +1,10 @@
-Configures the inventory private and public addresses in a multi-node job in
-iptables in order to allow traffic to and from each node without restrictions.
+Multinode firewall is configured.
+
+This role is intended to install iptables and configure firewall.
+
+**Role Variables**
+
+.. zuul:rolevar:: iptables_package
+   :default: iptables
+
+   Install the distribution package for Iptables.
--- a/roles/multi-node-firewall/defaults/main.yaml
+++ b/roles/multi-node-firewall/defaults/main.yaml
@ -0,0 +1,2 @@
+---
+iptables_package: "iptables"
--- a/roles/multi-node-firewall/tasks/main.yaml
+++ b/roles/multi-node-firewall/tasks/main.yaml
@ -1,7 +1,16 @@
- name: Ensure iptables
+- name: Include operating system specific vars
+  include_vars: "{{ zj_distro_os }}"
+  with_first_found:
+    - "{{ ansible_distribution }}.yaml"
+    - "{{ ansible_os_family }}.yaml"
+    - "default.yaml"
+  loop_control:
+    loop_var: zj_distro_os
+
+- name: 'Ensure {{ iptables_package }}'
  become: true
  package:
-    name: iptables
+    name: "{{ iptables_package }}"

 - name: Set up the host ip addresses
  set_fact:
--- a/roles/multi-node-firewall/vars/CentOS.yaml
+++ b/roles/multi-node-firewall/vars/CentOS.yaml
@ -0,0 +1,7 @@
+---
+iptables_package: >-
+  {% if ansible_distribution_major_version|int <= 8 -%}
+  iptables
+  {%- else -%}
+  iptables-nft
+  {%- endif %}
--- a/roles/multi-node-firewall/vars/Fedora.yaml
+++ b/roles/multi-node-firewall/vars/Fedora.yaml
@ -0,0 +1,7 @@
+---
+iptables_package: >-
+  {% if ansible_distribution_major_version|int <= 33 -%}
+  iptables
+  {%- else -%}
+  iptables-nft
+  {%- endif %}
--- a/roles/multi-node-firewall/vars/RedHat.yaml
+++ b/roles/multi-node-firewall/vars/RedHat.yaml
@ -0,0 +1,7 @@
+---
+iptables_package: >-
+  {% if ansible_distribution_major_version|int <= 8 -%}
+  iptables
+  {%- else -%}
+  iptables-nft
+  {%- endif %}
--- a/roles/multi-node-firewall/vars/default.yaml
+++ b/roles/multi-node-firewall/vars/default.yaml
@ -0,0 +1,2 @@
+---
+iptables_package: "iptables"