Merge pull request #2819 from vishpat/ip-forwarding

Added ip forwarding for nuage

roles/nuage_node/handlers/main.yaml

@@ -6,3 +6,7 @@
 - name: restart node
   become: yes
   service: name={{ openshift.common.service_type }}-node state=restarted
+
+- name: save iptable rules
+  become: yes
+  command: iptables-save

roles/nuage_node/meta/main.yml

@@ -13,8 +13,11 @@ galaxy_info:
   - cloud
   - system
 dependencies:
-- role: nuage_ca
-- role: os_firewall
-  os_firewall_allow:
-  - service: vxlan 
-    port: 4789/udp 
+  - role: nuage_common
+  - role: nuage_ca
+  - role: os_firewall
+    os_firewall_allow:
+    - service: vxlan 
+      port: 4789/udp
+    - service: nuage-monitor
+      port: "{{ nuage_mon_rest_server_port }}/tcp"

roles/nuage_node/tasks/iptables.yml

@@ -0,0 +1,17 @@
+---
+- name: IPtables | Get iptables rules
+  command: iptables -L --wait
+  register: iptablesrules
+  always_run: yes
+
+- name: Allow traffic from overlay to underlay
+  command: /sbin/iptables --wait -I FORWARD 1 -s {{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }} -j ACCEPT -m comment --comment "nuage-overlay-underlay" 
+  when: "'nuage-overlay-underlay' not in iptablesrules.stdout"
+  notify:
+    - save iptable rules
+
+- name: Allow traffic from underlay to overlay
+  command: /sbin/iptables --wait -I FORWARD 1 -d {{ hostvars[groups.oo_first_master.0].openshift.master.sdn_cluster_network_cidr }} -j ACCEPT -m comment --comment "nuage-underlay-overlay"
+  when: "'nuage-underlay-overlay' not in iptablesrules.stdout"
+  notify:
+    - save iptable rules

roles/nuage_node/tasks/main.yaml

@@ -37,3 +37,5 @@
   notify:
     - restart vrs
     - restart node 
+
+- include: iptables.yml