blob: b99c2252f506e793751586d8a4abefb78d30b8eb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
---
- name: Install flannel
become: yes
package: name=flannel state=present
when: not openshift.common.is_atomic | bool
- name: Set flannel etcd options
become: yes
lineinfile:
dest: /etc/sysconfig/flanneld
backrefs: yes
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
with_items:
- { regexp: "^(FLANNEL_ETCD=)", line: '\1{{ etcd_hosts|join(",") }}' }
- { regexp: "^(FLANNEL_ETCD_ENDPOINTS=)", line: '\1{{ etcd_hosts|join(",") }}' }
- { regexp: "^(FLANNEL_ETCD_KEY=)", line: '\1{{ flannel_etcd_key }}' }
- { regexp: "^(FLANNEL_ETCD_PREFIX=)", line: '\1{{ flannel_etcd_key }}' }
- name: Set flannel options
become: yes
lineinfile:
dest: /etc/sysconfig/flanneld
backrefs: yes
regexp: "^#?(FLANNEL_OPTIONS=)"
line: '\1--iface {{ flannel_interface }} --etcd-cafile={{ etcd_peer_ca_file }} --etcd-keyfile={{ etcd_peer_key_file }} --etcd-certfile={{ etcd_peer_cert_file }}'
- name: Enable flanneld
become: yes
systemd:
name: flanneld
state: started
enabled: yes
register: start_result
- name: Remove docker bridge ip
become: yes
shell: ip a del `ip a show docker0 | grep "inet[[:space:]]" | awk '{print $2}'` dev docker0
notify:
- restart docker
- restart node
- name: Enable Pod to Pod communication
command: /sbin/iptables --wait -I FORWARD -d {{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }} -i {{ flannel_interface }} -j ACCEPT -m comment --comment "Pod to Pod communication"
notify:
- save iptable rules
- name: Allow external network access
command: /sbin/iptables -t nat -A POSTROUTING -o {{ flannel_interface }} -j MASQUERADE -m comment --comment "Allow external network access"
notify:
- save iptable rules
|