summaryrefslogtreecommitdiffstats
path: root/roles/nuage_node/tasks/iptables.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/nuage_node/tasks/iptables.yml')
-rw-r--r--roles/nuage_node/tasks/iptables.yml23
1 files changed, 23 insertions, 0 deletions
diff --git a/roles/nuage_node/tasks/iptables.yml b/roles/nuage_node/tasks/iptables.yml
new file mode 100644
index 000000000..95ee8643a
--- /dev/null
+++ b/roles/nuage_node/tasks/iptables.yml
@@ -0,0 +1,23 @@
+---
+- name: IPtables | Get iptables rules
+ command: iptables -L --wait
+ register: iptablesrules
+ check_mode: no
+
+- name: Allow traffic from overlay to underlay
+ command: /sbin/iptables --wait -I FORWARD 1 -s {{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }} -j ACCEPT -m comment --comment "nuage-overlay-underlay"
+ when: "'nuage-overlay-underlay' not in iptablesrules.stdout"
+ notify:
+ - save iptable rules
+
+- name: Allow traffic from underlay to overlay
+ command: /sbin/iptables --wait -I FORWARD 1 -d {{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }} -j ACCEPT -m comment --comment "nuage-underlay-overlay"
+ when: "'nuage-underlay-overlay' not in iptablesrules.stdout"
+ notify:
+ - save iptable rules
+
+- name: Allow docker daemon traffic from underlay to overlay
+ command: /sbin/iptables -t nat -A POSTROUTING ! -s {{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }} -o svc-pat-tap -j MASQUERADE -m comment --comment "nuage-docker-underlay-overlay"
+ when: "'nuage-docker-underlay-overlay' not in iptablesrules.stdout"
+ notify:
+ - save iptable rules
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-04 02:30:21 +0000