134 lines
3.6 KiB
YAML
134 lines
3.6 KiB
YAML
---
|
|
# {{ openqa_multivm_bridge_interface }} should not exist or we should use a different name
|
|
- name: Assert bridge interface does not exist
|
|
ansible.builtin.assert:
|
|
that:
|
|
- 'openqa_multivm_bridge_interface not in ansible_interfaces'
|
|
success_msg: 'interface does not exist, can proceed'
|
|
fail_msg: '{{ openqa_multivm_bridge_interface }} already exists, please supply an alternative'
|
|
|
|
- name: Install multivm networking packages
|
|
ansible.builtin.dnf:
|
|
pkg:
|
|
- os-autoinst-openvswitch
|
|
- tunctl
|
|
- network-scripts
|
|
|
|
- name: Create /etc/sysconfig/os-autoinst-openvswitch
|
|
ansible.builtin.copy:
|
|
dest: /etc/sysconfig/os-autoinst-openvswitch
|
|
mode: '0644'
|
|
content: |
|
|
OS_AUTOINST_BRIDGE_LOCAL_IP=172.16.2.2
|
|
OS_AUTOINST_BRIDGE_REWRITE_TARGET=172.17.0.0
|
|
OS_AUTOINST_USE_BRIDGE={{ openqa_multivm_bridge_interface }}
|
|
notify: restart_os-autoinst-openvswitch
|
|
|
|
- name: Create bridge interface configuration
|
|
ansible.builtin.copy:
|
|
dest: /etc/sysconfig/network-scripts/ifcfg-{{ openqa_multivm_bridge_interface }}
|
|
mode: '0644'
|
|
content: |
|
|
DEVICETYPE='ovs'
|
|
TYPE='OVSBridge'
|
|
BOOTPROTO='static'
|
|
IPADDR='172.16.2.2'
|
|
NETMASK='255.254.0.0'
|
|
DEVICE={{ openqa_multivm_bridge_interface }}
|
|
STP=off
|
|
ONBOOT='yes'
|
|
NAME='{{ openqa_multivm_bridge_interface }}'
|
|
HOTPLUG='no'
|
|
|
|
- name: Create worker tap interface configs
|
|
ansible.builtin.copy:
|
|
dest: /etc/sysconfig/network-scripts/ifcfg-tap{{ item }}
|
|
mode: '0644'
|
|
content: |
|
|
DEVICETYPE='ovs'
|
|
TYPE='OVSPort'
|
|
OVS_BRIDGE='{{ openqa_multivm_bridge_interface }}'
|
|
DEVICE='tap{{ item }}'
|
|
ONBOOT='yes'
|
|
BOOTPROTO='none'
|
|
HOTPLUG='no'
|
|
loop: "{{ range(openqa_worker_count) | list }}"
|
|
|
|
- name: Update /sbin/ifup-pre-local
|
|
ansible.builtin.template:
|
|
src: sbin/ifup-pre-local.j2
|
|
dest: /sbin/ifup-pre-local
|
|
mode: 'ug+x'
|
|
|
|
- name: Enable bridge interface for internal zone
|
|
ansible.posix.firewalld:
|
|
permanent: true
|
|
interface: '{{ openqa_multivm_bridge_interface }}'
|
|
state: enabled
|
|
zone: internal
|
|
notify: reload_firewalld
|
|
|
|
- name: Enable masquerade for public and internal zones
|
|
ansible.posix.firewalld:
|
|
masquerade: true
|
|
permanent: true
|
|
state: enabled
|
|
zone: '{{ item }}'
|
|
loop:
|
|
- public
|
|
- internal
|
|
notify: reload_firewalld
|
|
|
|
- name: Enable ipv4 IP forwarding
|
|
ansible.posix.sysctl:
|
|
name: net.ipv4.ip_forward
|
|
value: '1'
|
|
state: present
|
|
sysctl_file: /etc/sysctl.d/ip-forward.conf
|
|
sysctl_set: true
|
|
|
|
- name: Set-target ACCEPT on public zone
|
|
ansible.posix.firewalld:
|
|
permanent: true
|
|
state: present
|
|
zone: public
|
|
target: ACCEPT
|
|
notify: reload_firewalld
|
|
|
|
# Only needed for multi-host setups
|
|
- name: Add port for GRE tunnel
|
|
ansible.posix.firewalld:
|
|
permanent: true
|
|
port: 1723/tcp
|
|
state: enabled
|
|
|
|
- name: Enable openvswitch services
|
|
ansible.builtin.systemd_service:
|
|
name: "{{ item }}"
|
|
state: started
|
|
enabled: true
|
|
loop:
|
|
- openvswitch
|
|
- network
|
|
- os-autoinst-openvswitch
|
|
ignore_errors: "{{ ansible_check_mode }}"
|
|
|
|
- name: Set WORKER_CLASS for tap interfaces
|
|
community.general.ini_file:
|
|
path: /etc/openqa/workers.ini
|
|
section: global
|
|
option: WORKER_CLASS
|
|
value: qemu_x86_64,tap
|
|
state: present
|
|
mode: '0644'
|
|
notify: restart_openqa_services
|
|
|
|
- name: Enable bridge interface for openvswitch
|
|
ansible.builtin.command: ovs-vsctl add-br {{ openqa_multivm_bridge_interface }}
|
|
changed_when: true
|
|
|
|
- name: Enable capability
|
|
ansible.builtin.command: setcap CAP_NET_ADMIN=ep /usr/bin/qemu-system-x86_64
|
|
changed_when: true
|
|
...
|