46b7b6e1c9
Previously to persist the filewall we were including the persistent-firewall role. This seems to occasionally break because the second invocation of the role (on multinode jobs after setting up the multinode bridge) fails with an RC of -13 when listing ipv4 iptables roles. Then when we try to write them to disk the variable is empty. One thought is that dynamically loading the role multiple times may be confusing ansible. Use import_role to statically load the role instead and see if this helps. Change-Id: I2458f8eb4c2e4638336fa14e436e13b5a2263cce
Configures a VXLAN virtual network overlay through an openvswitch network bridge between a 'switch' node and 'peer' nodes.
This allows members of the bridge to communicate with each other through the virtual network.
By default, this role will:
- Install and start
openvswitch
- Set up a
br-infra
bridge on all nodes - Set up the connectivity between the switch and the peer with a virtual port
- Set up an ip address on the bridge interface:
172.24.4.1/23 # switch node
172.41.4.2/23 # first peer
172.41.4.3/23 # second peer
...
Role requirements
This role requires and expects two groups to be set up in the Ansible host inventory in order to work:
switch
(the node acting as the switch)peers
(nodes connected to the virtual switch ports)
Role variables