diff options
author | carey.xu <carey.xuhan@huawei.com> | 2015-11-11 23:57:32 +0800 |
---|---|---|
committer | carey.xu <carey.xuhan@huawei.com> | 2015-11-19 10:19:45 +0800 |
commit | 4251f3ca9b4271649f9670468529ba2b077269d0 (patch) | |
tree | 619d37247db604325ca63421e54733d8ae1d3096 /deploy/adapters/ansible/roles/neutron-network/tasks | |
parent | a6baefba912112cfb226575fd79245baaa4c1219 (diff) |
support FWaaS and VPNaaS
JIRA: COMPASS-149
Change-Id: Ib523580fb7a7a2cd62e4fabb27fd710361cdeef3
Signed-off-by: carey.xu <carey.xuhan@huawei.com>
Diffstat (limited to 'deploy/adapters/ansible/roles/neutron-network/tasks')
3 files changed, 65 insertions, 25 deletions
diff --git a/deploy/adapters/ansible/roles/neutron-network/tasks/firewall.yml b/deploy/adapters/ansible/roles/neutron-network/tasks/firewall.yml new file mode 100755 index 00000000..16624a4c --- /dev/null +++ b/deploy/adapters/ansible/roles/neutron-network/tasks/firewall.yml @@ -0,0 +1,9 @@ +--- +- include_vars: "{{ ansible_os_family }}.yml" + +- name: install firewall packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: firewall_packages + +- name: update firewall related conf + shell: crudini --set --list /etc/neutron/neutron.conf DEFAULT service_plugins firewall diff --git a/deploy/adapters/ansible/roles/neutron-network/tasks/main.yml b/deploy/adapters/ansible/roles/neutron-network/tasks/main.yml index 7d643d5a..f8e9e8c4 100644 --- a/deploy/adapters/ansible/roles/neutron-network/tasks/main.yml +++ b/deploy/adapters/ansible/roles/neutron-network/tasks/main.yml @@ -13,6 +13,24 @@ sysctl: name=net.ipv4.conf.default.rp_filter value=0 state=present reload=yes +- name: assert kernel support for vxlan + command: modinfo -F version vxlan + when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES }}" + +- name: assert iproute2 suppport for vxlan + command: ip link add type vxlan help + register: iproute_out + failed_when: iproute_out.rc == 255 + when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES }}" + +- name: update epel-release + shell: yum install -y http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm + ignore_errors: True + +- name: update rdo-release-kilo repo + shell: yum install -y http://rdo.fedorapeople.org/openstack-kilo/rdo-release-kilo.rpm + ignore_errors: True + - name: install neutron network related packages action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" with_items: packages | union(packages_noarch) @@ -48,36 +66,23 @@ dest=/etc/neutron/plugins/ml2/ml2_conf.ini backup=yes -- name: config neutron - template: src=templates/neutron-network.conf - dest=/etc/neutron/neutron.conf backup=yes - notify: - - restart common neutron network relation service - - restart neutron network relation service - - kill dnsmasq - -- meta: flush_handlers - - name: ln plugin.ini file: src=/etc/neutron/plugins/ml2/ml2_conf.ini dest=/etc/neutron/plugin.ini state=link -- name: restart openvswitch-agent service - service: name={{ openvswitch_agent }} state=restarted enabled=yes - -- meta: flush_handlers - -#- include: igmp-router.yml -# when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES }} and ansible_os_family == 'Debian'" +- name: config neutron + template: src=templates/neutron.conf + dest=/etc/neutron/neutron.conf backup=yes -- name: assert kernel support for vxlan - command: modinfo -F version vxlan - when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES }}" +- include: firewall.yml + when: enable_fwaas == True -- name: assert iproute2 suppport for vxlan - command: ip link add type vxlan help - register: iproute_out - failed_when: iproute_out.rc == 255 - when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES }}" +- include: vpn.yml + when: enable_vpnaas == True - include: odl.yml when: "'opendaylight' in {{ NEUTRON_MECHANISM_DRIVERS }}" + +- name: restart neutron services + debug: msg="restart neutron services" + notify: + - restart neutron network relation service diff --git a/deploy/adapters/ansible/roles/neutron-network/tasks/vpn.yml b/deploy/adapters/ansible/roles/neutron-network/tasks/vpn.yml new file mode 100755 index 00000000..6f70a68b --- /dev/null +++ b/deploy/adapters/ansible/roles/neutron-network/tasks/vpn.yml @@ -0,0 +1,26 @@ +--- +- include_vars: "{{ ansible_os_family }}.yml" + +- name: install vpn packages + action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" + with_items: vpn_packages + +- name: update vpn related conf + shell: crudini --set /etc/neutron/l3_agent.ini vpnagent vpn_device_driver neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver; + crudini --set --list /etc/neutron/neutron.conf DEFAULT service_plugins vpnaas + crudini --set /etc/neutron/neutron_vpnaas.conf service_providers service_provider 'VPN:strongswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default' + +- name: make sure rootwrap.d dir exist + file: path=/etc/neutron/rootwrap.d state=directory mode=0755 + +- name: update rootwrap + copy: src=vpnaas.filters dest=/etc/neutron/rootwrap.d/vpnaas.filters + +- name: enable vpn service + service: name={{ item }} state=started enabled=yes + with_items: + - neutron-vpn-agent + - strongswan + notify: + - restart vpn agent service + |