Add support for rhel, aci, vxlan

author: Sanjeev Rampal <srampal@cisco.com> 2017-05-26 14:27:09 -0700
committer: Sanjeev Rampal <srampal@cisco.com> 2017-05-31 12:08:09 -0700
commit: 76d1ee25b7570add1531ba232c46977d7201a122 (patch)
tree: b8a8f04ed6a440c115d037e476a17801f1554e14 /roles/contiv/tasks/netplugin_iptables.yml
parent: d175973070a4dce2055678f9309d2f74517d461e (diff)
download: openshift-76d1ee25b7570add1531ba232c46977d7201a122.tar.gz
openshift-76d1ee25b7570add1531ba232c46977d7201a122.tar.bz2
openshift-76d1ee25b7570add1531ba232c46977d7201a122.tar.xz
openshift-76d1ee25b7570add1531ba232c46977d7201a122.zip
1 files changed, 31 insertions, 2 deletions
diff --git a/roles/contiv/tasks/netplugin_iptables.yml b/roles/contiv/tasks/netplugin_iptables.yml
index 8c348ac67..184c595c5 100644
--- a/roles/contiv/tasks/netplugin_iptables.yml
+++ b/roles/contiv/tasks/netplugin_iptables.yml
@@ -23,7 +23,36 @@
   notify: Save iptables rules
 
 - name: Netplugin IPtables | Open vxlan port with iptables
-  command: /sbin/iptables -I INPUT 1 -p udp --dport 8472 -j ACCEPT -m comment --comment "vxlan"
+  command: /sbin/iptables -I INPUT 1 -p udp --dport 8472 -j ACCEPT -m comment --comment "netplugin vxlan 8472"
+  when: iptablesrules.stdout.find("netplugin vxlan 8472") == -1
+  notify: Save iptables rules
 
 - name: Netplugin IPtables | Open vxlan port with iptables
-  command: /sbin/iptables -I INPUT 1 -p udp --dport 4789 -j ACCEPT -m comment --comment "vxlan"
+  command: /sbin/iptables -I INPUT 1 -p udp --dport 4789 -j ACCEPT -m comment --comment "netplugin vxlan 4789"
+  when: iptablesrules.stdout.find("netplugin vxlan 4789") == -1
+  notify: Save iptables rules
+
+- name: Netplugin IPtables | Allow from contivh0
+  command: /sbin/iptables -I FORWARD 1 -i contivh0 -j ACCEPT -m comment --comment "contivh0 FORWARD input"
+  when: iptablesrules.stdout.find("contivh0 FORWARD input") == -1
+  notify: Save iptables rules
+
+- name: Netplugin IPtables | Allow to contivh0
+  command: /sbin/iptables -I FORWARD 1 -o contivh0 -j ACCEPT -m comment --comment "contivh0 FORWARD output"
+  when: iptablesrules.stdout.find("contivh0 FORWARD output") == -1
+  notify: Save iptables rules
+
+- name: Netplugin IPtables | Allow from contivh1
+  command: /sbin/iptables -I FORWARD 1 -i contivh1 -j ACCEPT -m comment --comment "contivh1 FORWARD input"
+  when: iptablesrules.stdout.find("contivh1 FORWARD input") == -1
+  notify: Save iptables rules
+
+- name: Netplugin IPtables | Allow to contivh1
+  command: /sbin/iptables -I FORWARD 1 -o contivh1 -j ACCEPT -m comment --comment "contivh1 FORWARD output"
+  when: iptablesrules.stdout.find("contivh1 FORWARD output") == -1
+  notify: Save iptables rules
+
+- name: Netplugin IPtables | Allow dns
+  command: /sbin/iptables -I INPUT 1 -p udp --dport 53 -j ACCEPT -m comment --comment "contiv dns"
+  when: iptablesrules.stdout.find("contiv dns") == -1
+  notify: Save iptables rules
author	Sanjeev Rampal <srampal@cisco.com>	2017-05-26 14:27:09 -0700
committer	Sanjeev Rampal <srampal@cisco.com>	2017-05-31 12:08:09 -0700
commit	76d1ee25b7570add1531ba232c46977d7201a122 (patch)
tree	b8a8f04ed6a440c115d037e476a17801f1554e14 /roles/contiv/tasks/netplugin_iptables.yml
parent	d175973070a4dce2055678f9309d2f74517d461e (diff)
download	openshift-76d1ee25b7570add1531ba232c46977d7201a122.tar.gz openshift-76d1ee25b7570add1531ba232c46977d7201a122.tar.bz2 openshift-76d1ee25b7570add1531ba232c46977d7201a122.tar.xz openshift-76d1ee25b7570add1531ba232c46977d7201a122.zip