/home/zuul/src/opendev.org/openstack/openstack-ansible/tests/roles/bootstrap-host/tasks/prepare_networking.yml
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Check if firewalld is installed
  command: rpm -q firewalld
  register: firewalld_check
  changed_when: false
  failed_when: firewalld_check.rc > 1
  args:
    warn: false
  when: ansible_os_family == 'RedHat'

- name: Disable firewalld
  become: True
  service:
    name: "{{ item }}"
    enabled: false
    state: stopped
  with_items:
    - firewalld
  when:
    - ansible_os_family == 'RedHat'
    - firewalld_check.rc == 0

- name: Run the systemd-networkd role
  include_role:
    name: systemd_networkd
  vars:
    systemd_networkd_prefix: "osa_testing"
    systemd_interface_cleanup: true
    systemd_run_networkd: true
    systemd_netdevs:

      - NetDev:
          Name: dummy-mgmt
          Kind: dummy
      - NetDev:
          Name: dummy-vxlan
          Kind: dummy
      - NetDev:
          Name: dummy-storage
          Kind: dummy
      - NetDev:
          Name: dummy-vlan
          Kind: dummy
      - NetDev:
          Name: dummy-dbaas
          Kind: dummy
      - NetDev:
          Name: dummy-lbaas
          Kind: dummy

      - NetDev:
          Name: br-mgmt
          Kind: bridge
      - NetDev:
          Name: br-vxlan
          Kind: bridge
      - NetDev:
          Name: br-storage
          Kind: bridge
      - NetDev:
          Name: br-vlan
          Kind: bridge
      - NetDev:
          Name: br-dbaas
          Kind: bridge
      - NetDev:
          Name: br-lbaas
          Kind: bridge

      - NetDev:
          Name: br-vlan-veth
          Kind: veth
        Peer:
          Name: eth12
      - NetDev:
          Name: br-dbaas-veth
          Kind: veth
        Peer:
          Name: eth13
      - NetDev:
          Name: br-lbaas-veth
          Kind: veth
        Peer:
          Name: eth14

    systemd_networks:

      - interface: "dummy-mgmt"
        bridge: "br-mgmt"
        mtu: 9000
      - interface: "br-mgmt"
        address: "172.29.236.100"
        netmask: "255.255.252.0"

      - interface: "dummy-storage"
        bridge: "br-storage"
        mtu: 9000
      - interface: "br-storage"
        address: "172.29.244.100"
        netmask: "255.255.252.0"

      - interface: "dummy-dbaas"
        bridge: "br-dbaas"
        mtu: 9000
      - interface: "br-dbaas"
        address: "172.29.232.100"
        netmask: "255.255.252.0"
      - interface: "br-dbaas-veth"
        bridge: "br-dbaas"
        mtu: 9000

      - interface: "dummy-lbaas"
        bridge: "br-lbaas"
        mtu: 9000
      - interface: "br-lbaas"
        address: "172.29.252.100"
        netmask: "255.255.252.0"
      - interface: "br-lbaas-veth"
        bridge: "br-lbaas"
        mtu: 9000

      - interface: "dummy-vxlan"
        bridge: "br-vxlan"
        mtu: 9000
      - interface: "br-vxlan"
        address: "172.29.240.100"
        netmask: "255.255.252.0"

      - interface: "dummy-vlan"
        bridge: "br-vlan"
        mtu: 9000
      - interface: "br-vlan"
        config_overrides:
          Network:
            Address:
              ? "172.29.248.100/22"
              ? "172.29.248.1/22"
      - interface: "br-vlan-veth"
        bridge: "br-vlan"
        mtu: 9000

  tags:
    - network-config

# NOTE(jrosser) The systemd_networkd role uses a handler to restart the networking service
# This will normally not run until the end of the play, so we must force it here
- name: Force systemd_networkd hander to run
  meta: flush_handlers

# NOTE(jrosser) The intention here is not to proceed further until the network bridges are up
# This ensures there will be no race between the bridges coming up and subsequent tasks which
# require functional network interfaces
- name: Check that network bridges are up
  wait_for:
    port: 22
    timeout: 30
    host: "{{ item }}"
  with_items:
    - 172.29.236.100  # br-mgmt
    - 172.29.244.100  # br-storage
    - 172.29.232.100  # br-dbaas
    - 172.29.252.100  # br-lbaas
    - 172.29.240.100  # br-vxlan

- name: Run the systemd service role
  include_role:
    name: systemd_service
  vars:
    systemd_services:
      - service_name: "networking-post-up"
        config_overrides:
          Unit:
            Description: networking-post-up
            After: network-online.target
            Wants: network-online.target
          Service:
            RemainAfterExit: yes
        service_type: oneshot
        execstarts:
          - "-{{ bootstrap_host_iptables_path }} -t nat -A POSTROUTING -o {{ bootstrap_host_public_interface }} -j MASQUERADE"
          - "-{{ bootstrap_host_ethtool_path }} -K br-mgmt gso off sg off tso off tx off"
          - "-{{ bootstrap_host_ethtool_path }} -K br-vxlan gso off sg off tso off tx off"
          - "-{{ bootstrap_host_ethtool_path }} -K br-storage gso off sg off tso off tx off"
          - "-{{ bootstrap_host_ethtool_path }} -K br-vlan gso off sg off tso off tx off"
          - "-{{ bootstrap_host_ethtool_path }} -K br-dbaas gso off sg off tso off tx off"
          - "-{{ bootstrap_host_ethtool_path }} -K br-lbaas gso off sg off tso off tx off"
          - "-{{ bootstrap_host_ip_path }} link set eth12 up"
          - "-{{ bootstrap_host_ip_path }} link set br-vlan-veth up"
          - "-{{ bootstrap_host_ethtool_path }} -K eth12 gso off sg off tso off tx off"
          - "-{{ bootstrap_host_ip_path }} link set eth13 up"
          - "-{{ bootstrap_host_ip_path }} link set br-dbaas-veth up"
          - "-{{ bootstrap_host_ethtool_path }} -K eth13 gso off sg off tso off tx off"
          - "-{{ bootstrap_host_ip_path }} link set eth14 up"
          - "-{{ bootstrap_host_ip_path }} link set br-lbaas-veth up"
          - "-{{ bootstrap_host_ethtool_path }} -K eth14 gso off sg off tso off tx off"
        execstops:
          - "{{ bootstrap_host_iptables_path }} -t nat -D POSTROUTING -o {{ bootstrap_host_public_interface }} -j MASQUERADE"
        enabled: yes
        state: started
    systemd_tempd_prefix: openstack
  tags:
    - network-config

- name: Updating the facts due to net changes
  setup:
    gather_subset: network
  tags:
    - networking