aboutsummaryrefslogtreecommitdiffstats
path: root/deploy/adapters/ansible
diff options
context:
space:
mode:
Diffstat (limited to 'deploy/adapters/ansible')
-rw-r--r--deploy/adapters/ansible/openstack_mitaka/roles/secgroup/templates/neutron.j23
-rw-r--r--deploy/adapters/ansible/openstack_mitaka_xenial/roles/secgroup/templates/neutron.j23
-rw-r--r--deploy/adapters/ansible/roles/secgroup/templates/neutron.j23
-rw-r--r--deploy/adapters/ansible/roles/setup-network/files/setup_networks/check_network.py56
-rw-r--r--deploy/adapters/ansible/roles/setup-network/tasks/main.yml14
5 files changed, 79 insertions, 0 deletions
diff --git a/deploy/adapters/ansible/openstack_mitaka/roles/secgroup/templates/neutron.j2 b/deploy/adapters/ansible/openstack_mitaka/roles/secgroup/templates/neutron.j2
index aac6c8a2..e7107660 100644
--- a/deploy/adapters/ansible/openstack_mitaka/roles/secgroup/templates/neutron.j2
+++ b/deploy/adapters/ansible/openstack_mitaka/roles/secgroup/templates/neutron.j2
@@ -2,3 +2,6 @@
firewall_driver = neutron.agent.firewall.NoopFirewallDriver
enable_security_group = True
+[agent]
+prevent_arp_spoofing = False
+
diff --git a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/secgroup/templates/neutron.j2 b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/secgroup/templates/neutron.j2
index aac6c8a2..e7107660 100644
--- a/deploy/adapters/ansible/openstack_mitaka_xenial/roles/secgroup/templates/neutron.j2
+++ b/deploy/adapters/ansible/openstack_mitaka_xenial/roles/secgroup/templates/neutron.j2
@@ -2,3 +2,6 @@
firewall_driver = neutron.agent.firewall.NoopFirewallDriver
enable_security_group = True
+[agent]
+prevent_arp_spoofing = False
+
diff --git a/deploy/adapters/ansible/roles/secgroup/templates/neutron.j2 b/deploy/adapters/ansible/roles/secgroup/templates/neutron.j2
index 7b39e18c..9f3652c4 100644
--- a/deploy/adapters/ansible/roles/secgroup/templates/neutron.j2
+++ b/deploy/adapters/ansible/roles/secgroup/templates/neutron.j2
@@ -2,3 +2,6 @@
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = False
+[agent]
+prevent_arp_spoofing = False
+
diff --git a/deploy/adapters/ansible/roles/setup-network/files/setup_networks/check_network.py b/deploy/adapters/ansible/roles/setup-network/files/setup_networks/check_network.py
new file mode 100644
index 00000000..72a5db97
--- /dev/null
+++ b/deploy/adapters/ansible/roles/setup-network/files/setup_networks/check_network.py
@@ -0,0 +1,56 @@
+import yaml
+import sys
+import subprocess
+
+import log as logging
+
+LOG = logging.getLogger("net-check")
+
+def is_ip_reachable(ip):
+ cmd = "ping -c 2 %s" % ip
+ process = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=None, shell=True)
+
+ output = process.communicate()[0]
+ if " 0% packet loss" in output:
+ LOG.info("%s is reachable", ip)
+ elif "100% packet loss" in output:
+ LOG.error("%s is unreachable" % (ip))
+ return False
+ else:
+ LOG.warn("%r", output)
+
+ return True
+
+def is_host_ips_reachable(settings):
+ external = settings["br-prv"]["ip"]
+ external_gw = settings["br-prv"]["gw"]
+ storage = settings["storage"]["ip"]
+ mgmt = settings["mgmt"]["ip"]
+
+ return is_ip_reachable(external) \
+ and is_ip_reachable(external_gw) \
+ and is_ip_reachable(storage) \
+ and is_ip_reachable(mgmt)
+
+def main(hostname, config):
+ LOG.info("host is %s", hostname)
+
+ result = True
+
+ for host, settings in config.iteritems():
+ LOG.info("check %s network connectivity start", host)
+ result = result and is_host_ips_reachable(settings)
+
+ if result:
+ LOG.info("All hosts ips are reachable")
+ else:
+ LOG.error("Some hosts ips are unreachable !!!")
+ sys.exit(-1)
+
+if __name__ == "__main__":
+ hostname = yaml.load(sys.argv[1])
+ config = yaml.load(sys.argv[2])
+ config.pop(hostname, None)
+
+ main(hostname, config)
+
diff --git a/deploy/adapters/ansible/roles/setup-network/tasks/main.yml b/deploy/adapters/ansible/roles/setup-network/tasks/main.yml
index 7873c073..e1fdf925 100644
--- a/deploy/adapters/ansible/roles/setup-network/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/setup-network/tasks/main.yml
@@ -38,6 +38,9 @@
with_items:
- setup_networks/log.py
- setup_networks/setup_networks.py
+ - setup_networks/check_network.py
+ tags:
+ - network_check
- name: copy boot scripts
copy: src={{ item }} dest=/etc/init.d/ mode=0755
@@ -58,7 +61,18 @@
tags:
- recovery
+- name: check basic network connectivity
+ shell: >
+ python /opt/setup_networks/check_network.py \
+ "{{ inventory_hostname }}" \
+ "{{ ip_settings }}"
+ tags:
+ - network_check
+ retries: 3
+ delay: 2
+
- name: add to boot scripts
service: name=net_init enabled=yes
- meta: flush_handlers
+