ansible-openqa-management/tasks/openqa-multivm-networking.yml

---
# {{ openqa_multivm_bridge_interface }} should not exist or we should use a different name
- name: Assert bridge interface does not exist
  ansible.builtin.assert:
    that:
      - 'openqa_multivm_bridge_interface not in ansible_interfaces'
    success_msg: 'interface does not exist, can proceed'
    fail_msg: '{{ openqa_multivm_bridge_interface }} already exists, please supply an alternative'

- name: Install multivm networking packages
  ansible.builtin.dnf:
    pkg:
      - os-autoinst-openvswitch
      - tunctl

- name: Create /etc/sysconfig/os-autoinst-openvswitch
  ansible.builtin.copy:
    src: etc/sysconfig/os-autoinst-openvswitch.j2
    dest: /etc/sysconfig/os-autoinst-openvswitch
    mode: '0644'
  notify: Restart os-autoinst-openvswitch

- name: Create bridge interface configuration
  ansible.builtin.copy:
    src: etc/sysconfig/network-scripts/ifcfg-br.j2
    dest: /etc/sysconfig/network-scripts/ifcfg-{{ openqa_multivm_bridge_interface }}
    mode: '0644'

- name: Create worker tap interface configs
  ansible.builtin.copy:
    src: etc/sysconfig/network-scripts/ifcfg-tap.j2
    dest: /etc/sysconfig/network-scripts/ifcfg-tap{{ item }}
    mode: '0644'
  loop: "{{ range(openqa_worker_count) | list }}"

- name: Update /sbin/ifup-pre-local
  ansible.builtin.template:
    src: sbin/ifup-pre-local.j2
    dest: /sbin/ifup-pre-local
    mode: 'ug+x'

- name: Enable bridge interface for internal zone
  ansible.posix.firewalld:
    permanent: true
    interface: '{{ openqa_multivm_bridge_interface }}'
    state: enabled
    zone: internal
  notify: Reload firewalld

- name: Enable masquerade for public and internal zones
  ansible.posix.firewalld:
    masquerade: true
    permanent: true
    state: enabled
    zone: '{{ item }}'
  loop:
    - public
    - internal
  notify: Reload firewalld

- name: Enable ipv4 IP forwarding
  ansible.posix.sysctl:
    name: net.ipv4.ip_forward
    value: '1'
    state: present
    sysctl_file: /etc/sysctl.d/ip-forward.conf
    sysctl_set: true

- name: Set-target ACCEPT on public zone
  ansible.posix.firewalld:
    permanent: true
    state: present
    zone: public
    target: ACCEPT
  notify: Reload firewalld

# Only needed for multi-host setups
- name: Add port for GRE tunnel
  ansible.posix.firewalld:
    permanent: true
    port: 1723/tcp
    state: enabled

- name: Enable openvswitch services
  ansible.builtin.systemd_service:
    name: "{{ item }}"
    state: started
    enabled: true
  loop:
    - openvswitch
    - os-autoinst-openvswitch
  ignore_errors: "{{ ansible_check_mode }}"

- name: Set WORKER_CLASS for tap interfaces
  community.general.ini_file:
    path: /etc/openqa/workers.ini
    section: global
    option: WORKER_CLASS
    value: qemu_x86_64,tap
    state: present
    mode: '0644'
  notify: Restart openqa services

- name: Enable bridge interface for openvswitch
  ansible.builtin.command: ovs-vsctl add-br {{ openqa_multivm_bridge_interface }}
  changed_when: true

- name: Enable capability
  ansible.builtin.command: setcap CAP_NET_ADMIN=ep /usr/bin/qemu-system-x86_64
  changed_when: true
...