summaryrefslogtreecommitdiffstats
path: root/deploy/adapters/ansible/roles/neutron-network/tasks
diff options
context:
space:
mode:
authorcarey.xu <carey.xuhan@huawei.com>2015-11-11 23:57:32 +0800
committercarey.xu <carey.xuhan@huawei.com>2015-11-19 10:19:45 +0800
commit4251f3ca9b4271649f9670468529ba2b077269d0 (patch)
tree619d37247db604325ca63421e54733d8ae1d3096 /deploy/adapters/ansible/roles/neutron-network/tasks
parenta6baefba912112cfb226575fd79245baaa4c1219 (diff)
support FWaaS and VPNaaS
JIRA: COMPASS-149 Change-Id: Ib523580fb7a7a2cd62e4fabb27fd710361cdeef3 Signed-off-by: carey.xu <carey.xuhan@huawei.com>
Diffstat (limited to 'deploy/adapters/ansible/roles/neutron-network/tasks')
-rwxr-xr-xdeploy/adapters/ansible/roles/neutron-network/tasks/firewall.yml9
-rw-r--r--deploy/adapters/ansible/roles/neutron-network/tasks/main.yml55
-rwxr-xr-xdeploy/adapters/ansible/roles/neutron-network/tasks/vpn.yml26
3 files changed, 65 insertions, 25 deletions
diff --git a/deploy/adapters/ansible/roles/neutron-network/tasks/firewall.yml b/deploy/adapters/ansible/roles/neutron-network/tasks/firewall.yml
new file mode 100755
index 00000000..16624a4c
--- /dev/null
+++ b/deploy/adapters/ansible/roles/neutron-network/tasks/firewall.yml
@@ -0,0 +1,9 @@
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: install firewall packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: firewall_packages
+
+- name: update firewall related conf
+ shell: crudini --set --list /etc/neutron/neutron.conf DEFAULT service_plugins firewall
diff --git a/deploy/adapters/ansible/roles/neutron-network/tasks/main.yml b/deploy/adapters/ansible/roles/neutron-network/tasks/main.yml
index 7d643d5a..f8e9e8c4 100644
--- a/deploy/adapters/ansible/roles/neutron-network/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/neutron-network/tasks/main.yml
@@ -13,6 +13,24 @@
sysctl: name=net.ipv4.conf.default.rp_filter
value=0 state=present reload=yes
+- name: assert kernel support for vxlan
+ command: modinfo -F version vxlan
+ when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES }}"
+
+- name: assert iproute2 suppport for vxlan
+ command: ip link add type vxlan help
+ register: iproute_out
+ failed_when: iproute_out.rc == 255
+ when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES }}"
+
+- name: update epel-release
+ shell: yum install -y http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
+ ignore_errors: True
+
+- name: update rdo-release-kilo repo
+ shell: yum install -y http://rdo.fedorapeople.org/openstack-kilo/rdo-release-kilo.rpm
+ ignore_errors: True
+
- name: install neutron network related packages
action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
with_items: packages | union(packages_noarch)
@@ -48,36 +66,23 @@
dest=/etc/neutron/plugins/ml2/ml2_conf.ini
backup=yes
-- name: config neutron
- template: src=templates/neutron-network.conf
- dest=/etc/neutron/neutron.conf backup=yes
- notify:
- - restart common neutron network relation service
- - restart neutron network relation service
- - kill dnsmasq
-
-- meta: flush_handlers
-
- name: ln plugin.ini
file: src=/etc/neutron/plugins/ml2/ml2_conf.ini dest=/etc/neutron/plugin.ini state=link
-- name: restart openvswitch-agent service
- service: name={{ openvswitch_agent }} state=restarted enabled=yes
-
-- meta: flush_handlers
-
-#- include: igmp-router.yml
-# when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES }} and ansible_os_family == 'Debian'"
+- name: config neutron
+ template: src=templates/neutron.conf
+ dest=/etc/neutron/neutron.conf backup=yes
-- name: assert kernel support for vxlan
- command: modinfo -F version vxlan
- when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES }}"
+- include: firewall.yml
+ when: enable_fwaas == True
-- name: assert iproute2 suppport for vxlan
- command: ip link add type vxlan help
- register: iproute_out
- failed_when: iproute_out.rc == 255
- when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES }}"
+- include: vpn.yml
+ when: enable_vpnaas == True
- include: odl.yml
when: "'opendaylight' in {{ NEUTRON_MECHANISM_DRIVERS }}"
+
+- name: restart neutron services
+ debug: msg="restart neutron services"
+ notify:
+ - restart neutron network relation service
diff --git a/deploy/adapters/ansible/roles/neutron-network/tasks/vpn.yml b/deploy/adapters/ansible/roles/neutron-network/tasks/vpn.yml
new file mode 100755
index 00000000..6f70a68b
--- /dev/null
+++ b/deploy/adapters/ansible/roles/neutron-network/tasks/vpn.yml
@@ -0,0 +1,26 @@
+---
+- include_vars: "{{ ansible_os_family }}.yml"
+
+- name: install vpn packages
+ action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
+ with_items: vpn_packages
+
+- name: update vpn related conf
+ shell: crudini --set /etc/neutron/l3_agent.ini vpnagent vpn_device_driver neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver;
+ crudini --set --list /etc/neutron/neutron.conf DEFAULT service_plugins vpnaas
+ crudini --set /etc/neutron/neutron_vpnaas.conf service_providers service_provider 'VPN:strongswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default'
+
+- name: make sure rootwrap.d dir exist
+ file: path=/etc/neutron/rootwrap.d state=directory mode=0755
+
+- name: update rootwrap
+ copy: src=vpnaas.filters dest=/etc/neutron/rootwrap.d/vpnaas.filters
+
+- name: enable vpn service
+ service: name={{ item }} state=started enabled=yes
+ with_items:
+ - neutron-vpn-agent
+ - strongswan
+ notify:
+ - restart vpn agent service
+