--- - name: Configure computes hosts: >- r0-computes,r1-computes,r2-computes {{ networkers_bool | default(false) | bool | ternary(',r0-networkers,r1-networkers,r2-networkers', '') }}" vars: _dash_six: "{{ '' if (ip_version | default(4) | int) == 4 else '-6' }}" _proto: "{{ 'dhcp' if (ip_version | default(4) | int) == 4 else 'ra' }}" tasks: - name: Check default route corresponds with BGP ansible.builtin.command: cmd: > ip {{ _dash_six }} route show default register: _initial_default_ip_route_result changed_when: false - name: Early end if default route is already based on BGP ansible.builtin.meta: end_play when: "'proto bgp' in _initial_default_ip_route_result.stdout" - name: Apply the BGP default routes ansible.builtin.include_tasks: tasks/apply_bgp_default_routes.yaml # Play to add IPv6 routes and iptables filters to HV - name: Configure HV IPv6 routes and iptables filters hosts: hypervisor vars: _ip_version: "{{ ip_version | default(4) | int }}" tasks: - name: Early end if ip version is not 6 ansible.builtin.meta: end_play when: _ip_version != 6 - name: Obtain the router external interface LLA delegate_to: router-0 vars: router_ext_if: eth0 ansible.builtin.shell: cmd: > set -o pipefail && ip -j -6 address show dev {{ router_ext_if }} scope link | jq .[0].addr_info[1].local | sed 's/"//g' register: router_ext_if_lla changed_when: false # NOTE: This route is not persistent, but it is ok because the hypervisor will not be rebooted. # Adding this route NM is a bit overkill (a config file has to be created for it) - name: Add route from HV to test pods via router when IPv6 become: true ansible.builtin.shell: cmd: | ip r del 100.64.10/24 || true ip r add 100.64.10/24 via inet6 {{ router_ext_if_lla.stdout | trim }} dev ocpbm changed_when: false - name: Allow from test pod and to test pod traffic become: true ansible.builtin.shell: cmd: > iptables -t filter -I LIBVIRT_FWI -s 100.64.10.0/24 -i ocpbm -j ACCEPT && iptables -t filter -I LIBVIRT_FWI -d 100.64.10.0/24 -o ocpbm -j ACCEPT changed_when: false