Clark Boylan 46b7b6e1c9 Use import_role on persistent-firewall
Previously to persist the filewall we were including the
persistent-firewall role. This seems to occasionally break because the
second invocation of the role (on multinode jobs after setting up the
multinode bridge) fails with an RC of -13 when listing ipv4 iptables
roles. Then when we try to write them to disk the variable is empty.

One thought is that dynamically loading the role multiple times may be
confusing ansible. Use import_role to statically load the role instead
and see if this helps.

Change-Id: I2458f8eb4c2e4638336fa14e436e13b5a2263cce
2019-09-30 10:39:02 -07:00
..

Configures a VXLAN virtual network overlay through an openvswitch network bridge between a 'switch' node and 'peer' nodes.

This allows members of the bridge to communicate with each other through the virtual network.

By default, this role will:

  • Install and start openvswitch
  • Set up a br-infra bridge on all nodes
  • Set up the connectivity between the switch and the peer with a virtual port
  • Set up an ip address on the bridge interface:
172.24.4.1/23 # switch node
172.41.4.2/23 # first peer
172.41.4.3/23 # second peer
...

Role requirements

This role requires and expects two groups to be set up in the Ansible host inventory in order to work:

  • switch (the node acting as the switch)
  • peers (nodes connected to the virtual switch ports)

Role variables