From c992ad3927556914dfa12958758a4b3539732664 Mon Sep 17 00:00:00 2001 From: Kahou Lei Date: Tue, 10 Oct 2017 22:05:44 -0700 Subject: [PATCH 1/2] DO NOT MERGE: Fix iptables persistence after reboot Currently, etcd iptables rule doesn't persist after reboot. This is because we have to enable the iptables service. Otherwise, iptables service will not load after reboot --- roles/etcd/tasks/main.yml | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index c500ed3..fe4e509 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -1,3 +1,4 @@ +[metacloud@mcp1 ansible]$ cat roles/etcd/tasks/main.yml --- # This role contains tasks for configuring and starting etcd service @@ -26,14 +27,20 @@ yum: pkg={{ item }} state=present with_items: - iptables-services - when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' + when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' -- name: Install iptables-persistent +- name: Install iptables-persistent apt: name={{item}} state=installed with_items: - iptables-persistent when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu' +- name: Enable iptables service + command: systemctl enable iptables + +- name: Start iptables service + command: systemctl start iptables + - name: setup iptables for etcd shell: > ( iptables -L INPUT | grep "{{ etcd_rule_comment }} ({{ item }})" ) || \ @@ -45,10 +52,10 @@ - "{{ etcd_peer_port1 }}" - "{{ etcd_peer_port2 }}" -# Save rules into /etc/sysconfig/iptables file for restoring rules on boot +# Save rules into /etc/sysconfig/iptables file for restoring rules on boot - name: Save iptables command: service iptables save - when: ansible_distribution == 'CentOS' or ansible_distribution == 'Red Hat Enterprise Linux' + when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' - name: copy the etcd start/stop script template: src=etcd.j2 dest=/usr/bin/etcd.sh mode=u=rwx,g=rx,o=rx @@ -57,5 +64,4 @@ copy: src=etcd.service dest=/etc/systemd/system/etcd.service - name: start etcd - systemd: name=etcd daemon_reload=yes state=started enabled=yes - + systemd: name=etcd daemon_reload=yes state=started enabled=yes \ No newline at end of file From d7d9a1ed75258b4ac203adbb518ea499bb1265c3 Mon Sep 17 00:00:00 2001 From: Kahou Lei Date: Tue, 10 Oct 2017 22:10:06 -0700 Subject: [PATCH 2/2] Fix typo --- roles/etcd/tasks/main.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index fe4e509..4a9e58f 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -1,4 +1,3 @@ -[metacloud@mcp1 ansible]$ cat roles/etcd/tasks/main.yml --- # This role contains tasks for configuring and starting etcd service @@ -64,4 +63,4 @@ copy: src=etcd.service dest=/etc/systemd/system/etcd.service - name: start etcd - systemd: name=etcd daemon_reload=yes state=started enabled=yes \ No newline at end of file + systemd: name=etcd daemon_reload=yes state=started enabled=yes