ホーム エクスプローラ ヘルプ
登録 サインイン
zhouyuhuan
/
Cloudpods
1
0
フォーク 0
ファイル 課題 0 プルリクエスト 0 Wiki
ブランチ: feature/cloudpods
ブランチ タグ
Cloudpods
/
ocboot
/
onecloud
/
roles
/
utils
/
build-iptables-legacy
/
tasks
/
main.yml

main.yml 2.5 KB
パーマリンク 履歴 Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485 
  1. - name: Get Iptables Version
    2. 

  2.   shell: iptables --version
    3. 

  3.   ignore_errors: true
    4. 

  4.   register: iptables_version
    5. 

  5. 

  6. - block:
    7. 

  7.   - name: Show Iptables Version Info
    8. 

  8.     debug:
    9. 

  9.       msg: "Current iptables version info: {{ iptables_version.stdout }}. Building iptables to enable legacy mode. "
    10. 

  10. 

  11.   - name: Check if local file exists
    12. 

  12.     stat:
    13. 

  13.       path: "{{ iptables_local_path }}"
    14. 

  14.     register: file_stat
    15. 

  15. 

  16.   - name: Check Md5 Checksum Of Local File
    17. 

  17.     block:
    18. 

  18.       - name: Get MD5 checksum of local file
    19. 

  19.         command: "md5sum {{ iptables_local_path }}"
    20. 

  20.         register: md5sum_output
    21. 

  21.       - debug: var=md5sum_output
    22. 

  22.       - debug: msg="Compare MD5 checksum with expected value"
    23. 

  23.         when: md5sum_output.stdout.split()[0] != iptables_md5sum
    24. 

  24.         ignore_errors: true
    25. 

  25.         failed_when: false
    26. 

  26.     when: file_stat.stat.exists
    27. 

  27. 

  28.   - name: Download File From Url If Local File Doesn't Exist Or Has Incorrect Checksum
    29. 

  29.     get_url:
    30. 

  30.       url: "{{ iptables_download_url }}"
    31. 

  31.       dest: "{{ iptables_local_path }}"
    32. 

  32.     when: not file_stat.stat.exists or md5sum_output.stdout.split()[0] != iptables_md5sum
    33. 

  33. 

  34.   - name: Online Repo Iptables
    35. 

  35.     shell: |
    36. 

  36.       if grep yunion-repo-iptables /etc/yum.repos.d/yunion.repo; then
    37. 

  37.         exit 0
    38. 

  38.       fi
    39. 

  39.       cat >> /etc/yum.repos.d/yunion.repo <<EOF_MISC
    40. 

  40.       [yunion-repo-iptables]
    41. 

  41.       name=Packages for Yunion Multi-Cloud Platform Iptables-
    42. 

  42.       baseurl=https://iso.yunion.cn/{{ ansible_distribution| replace(' ','') | lower }}/{{ ansible_distribution_version }}/iptables/{{ ansible_architecture }}/
    43. 

  43.       sslverify=0
    44. 

  44.       failovermethod=priority
    45. 

  45.       enabled=1
    46. 

  46.       gpgcheck=0
    47. 

  47.       priority=2
    48. 

  48.       EOF_MISC
    49. 

  49.       dnf --disablerepo='*' --enablerepo='yunion*'  makecache
    50. 

  50.     become: yes
    51. 

  51.     args:
    52. 

  52.       executable: /bin/bash
    53. 

  53. 

  54.   - name: Install packages
    55. 

  55.     package:
    56. 

  56.       name: "{{ package_item }}"
    57. 

  57.       state: present
    58. 

  58.     with_items:
    59. 

  59.       - gcc
    60. 

  60.       - make
    61. 

  61.       - kernel-devel
    62. 

  62.     loop_control:
    63. 

  63.       loop_var: package_item
    64. 

  64.     tags:
    65. 

  65.     - iptables
    66. 

  66. 

  67.   - name: Build Iptables
    68. 

  68.     shell: |
    69. 

  69.       cd /tmp
    70. 

  70.       tar xf iptables-1.8.9.tar.xz
    71. 

  71.       cd iptables-1.8.9
    72. 

  72.       ./configure --disable-nftables --prefix=/usr &>/dev/null && make -j &>/dev/null && make install &>/dev/null
    73. 

  73.       iptables --version | grep -qi legacy && rm -rf /tmp/iptables*
    74. 

  74.       iptables --version
    75. 

  75.     register: iptables_legacy_version
    76. 

  76.     become: true
    77. 

  77.     args:
    78. 

  78.       executable: /bin/bash
    79. 

  79.     tags:
    80. 

  80.     - iptables
    81. 

  81. 

  82.   - debug: var=iptables_legacy_version.stdout
    83. 

  83. 

  84.   when:
    85. 

  85.   - not (iptables_version.stdout | default('') | regex_search('legacy', ignorecase=True))
    86.