This is preparation for a later version of ansbile-lint, which finds
missing names on blocks. This seems a reasonable rule, and the
Ansible manual says [1]
Names for blocks have been available since Ansible 2.3. We recommend
using names in all tasks, within blocks or elsewhere, for better
visibility into the tasks being executed when you run the playbook.
This simply adds a name tag for blocks that are missing it. This
should have no operational change, but allows us to update the linter
in a follow-on change.
[1] https://docs.ansible.com/ansible/latest/user_guide/playbooks_blocks.html
Change-Id: I92ed4616775650aced352bc9088a07e919f1a25f
Currently in multi-node-bridge role, For RHEL and CentOS
distro, RDO repos are setted up and from where rdo-openvswitch
get pulled in RHEL deployment and causes unwanted failures.
Like a particular version of rdo-openvswitch is not yet available
in CentOS and it fails the job with nothing provides message.
Enabling RDO repos specifically for CentOS and other distros
except RHEL and Fedora will fix the
issue.
Signed-off-by: Chandan Kumar (raukadah) <chkumar@redhat.com>
Change-Id: Id68f5904c4ec3d667a16e9f4f195d53b02d29cec
In neutron-multinode jobs where we use ovs/ovn from source,
we want to use multi-node-bridge role only for bridge
configuration but not for ovs installation. In the job
we install ovn and openvswitch before calling this role to
configure the bridges.
Adding a role var 'install_ovs' to allow skipping ovs
installation and service start, it's default to true so
no change in current behavior of the role.
It's an alternative approach to [1].
[1] https://review.opendev.org/c/zuul/zuul-jobs/+/762650
Related-Bug: #1904117
Change-Id: I64942679520681bdf7f953c0a3c7fc0d13e77856
(MTU - 50) only supports VxLAN over IPv4, decrease it
to support IPv6 as well, which is 20 bytes larger.
Change-Id: Ifa2633169afe2dd73c78ca7bbfa1a0102caffc95
In case of nodeset which doesn't have peers and switch there is
no need to install openswitch and firewall rules, because nothing
will be installed. Let's skip it if no need.
Change-Id: I98cf5ec390ee22e538baa076c9ab87eea6a44c9e
On Gentoo this allows multiple packages to compile/install at once.
Change-Id: I23fd629a351b4c6b2acc325611ed47cc04bca404
Signed-off-by: Matthew Thode <mthode@mthode.org>
Ansible 2.9 does not accept the "installed" state so we need to update
occurences of that to "present".
Change-Id: I13c95794efc63697c2418334ded7c6912bd7b59f
This reverts commit 46b7b6e1c98a8b12647be4b30b5b54405379d6ec.
This didn't end up changing the incidence of the iptables-save command
task failures.
Change-Id: I02e725d7330bc9b438a9864ea49510cca7fee524
Previously to persist the filewall we were including the
persistent-firewall role. This seems to occasionally break because the
second invocation of the role (on multinode jobs after setting up the
multinode bridge) fails with an RC of -13 when listing ipv4 iptables
roles. Then when we try to write them to disk the variable is empty.
One thought is that dynamically loading the role multiple times may be
confusing ansible. Use import_role to statically load the role instead
and see if this helps.
Change-Id: I2458f8eb4c2e4638336fa14e436e13b5a2263cce
In I32fb17bae98f13f735da4d5b9a6a01e948f21678, the evaluated facts
should also fallback to public_ipv4, when private_ipv4 is "empty-like",
e.g. contains no valid IP but something like '\n'.
It also restores the lost switch_private_ip fact just in case.
Change-Id: I139272746129213994f298a4a9178b4441d439af
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
With the arrival of ansible-lint 4, Jinja2 variable expansions must
include spaces before and after the variable name inside the
brackets.
Adjust the new violations accordingly and remove the rule
206 exclusion.
Change-Id: Ib3ff7b0233a5d5cf99772f9c2adc81861cf34ffa
openvswitch on gentoo needs another packaging hint, add it.
For failure, see https://review.opendev.org/668249
Co-Authored-By: Matthew Thode <mthode@mthode.org>
Change-Id: I0a43dbf2fa63fa93bd7bf73db210ba4685b28127
The static zuul driver returns only a public_ipv4 address for
nodes in use. The multinode bridge role accesses the node
private_ipv4 address. As such, when the private address is
empty/null the role fails.
This review defaults that private address so that the role
uses the public address when the private address is null.
Change-Id: I32fb17bae98f13f735da4d5b9a6a01e948f21678
Installing OVS on CentOS requires one RDO repository and the
centos-release-openstack packages sets up two additional repos which
aren't required.
In addition, we removed the centos-release-openstack package but this
did not remove the two extra repositories, causing them to "leak" into
the jobs.
This sets up the one repository we need and ensures it is removed after
OVS is installed.
Change-Id: Ida2299a4356282d23b79fac6753b6171211a7651
find is used instead of ls as we can select the 'link' type with find
only the link type is needed because files do not have interface
properties and directories are not used for this area of /sys
As an example, the bonding_masters exists in /sys/class/net/ as a file
without any 'subdirectory' of information to it.
Change-Id: Id31fcfb858c6abff4d44444e019f0d48e4f3c671
Drop the dependency on RDO infra in favor of latest OVS releases in
centos-7. This means we'll be bumping to 2.9.0.
This still isn't the best, as we are pinning to a specific release of
openstack. However, until there is the OVS SIG in centos, this is the
best we can do.
Change-Id: Ic8a7ee26ebe0ef4f8c2dcecf9bcfce03b55422e5
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Not all clouds will provide us with MTUs of 1500. Instead of assuming a
1500 - 50 byte MTU to accomodate for vxlan overhead we list all
interface MTUs, filter by those that appear to be "real" interfaces (to
avoid those we ourselves may have created), take the smallest one and
subtract it by 50 to accomodate for vxlan overhead. You can still set an
explicitl bridge_mtu value if necessary.
Change-Id: If899a1bee3b4b69df8c2905a219b41e119d8f652
It seems that there has been a recent change where the PATH used
has changed somehow. This adds it and make sure that it covers
all 3 major distros location where `ip` is stored.
Change-Id: Ic3c255bd24d1202fec436d4fcc484ce420110518
We configured iptables rules but did not persist them.
This meant that rules would be flushed when restarting iptables or
the instance.
Change-Id: I9d90f55323a33d6a0f0dda1f7ab25d10984fa6cb
The RDO community doesn't meaningfully test their packages on
Fedora and openvswitch is also available in Fedora base
repositories at a recent enough version.
Change-Id: I30713e1ecd70d03d8a520e31bdccdfbe08482699
This sets up a default 'br-infra' bridge between nodes in a multi-node
job. Two groups are expected in order for this to be set up:
- switch
- peers
The 'switch' group, with only one expected member, will be set up as
the switch node while the 'peers' group will be connected to the switch
node with virtual ports.
The default settings such as the bridge name, the IP range used, the MTU
and so on can be overridden at the job level by setting vars.
Change-Id: If5a3f512837e5b235bd2f6dbfdbb454435aa983e