IBM · santosh-kowshik · Aug 1, 2023 · Aug 2, 2023 · Sep 25, 2023 · Sep 25, 2023
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,14 @@
+# EditorConfig: http://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+end_of_line = lf
+insert_final_newline = true
+
+# 2 space indentation for YAML
+[*.yml]
+indent_style = space
+indent_size = 2
diff --git a/samples/playbook_iptables_add.yml b/samples/playbook_iptables_add.yml
@@ -0,0 +1,178 @@
+---
+# sample/playbook_iptables_add.yml
+#
+# playbook sample for updating the iptables on bastion server for
+# gui access.
+
+# This file is mandatory to import and it will load inventory variables form
+# vars/gui_access_clusterdefinition.json
+- import_playbook: "set_json_variables_gui.yml"
+
+- hosts: scale_node
+  remote_user: "{{ scale_jump_host_user }}"
+  gather_facts: yes
+  vars:
+    ansible_timeout: 300
+  tasks:
+    - name: Install iptables on RHEL/CentOS/Amazon/Ubuntu
+      become: yes
+      package:
+        name: iptables
+        state: present
+      when: ansible_distribution == "RedHat" or ansible_distribution == "CentOS" or ansible_distribution == "Amazon"
+      register: result
+
+    - name: Debug Install iptables on RHEL/CentOS/Amazon
+      debug:
+        var: result
+
+    - name: Install iptables-services package on RHEL/CentOS
+      become: yes
+      dnf:
+        name: iptables-services
+        state: present
+      register: result
+      when: ansible_distribution == "RedHat" or ansible_distribution == "CentOS"
+
+    - name: Debug Install iptables-services package on RHEL/CentOS
+      debug:
+        var: result
+
+    - name: Stop and disable firewalld on RHEL/CentOS
+      become: yes
+      systemd:
+        name: firewalld
+        state: stopped
+        enabled: no
+      register: result
+      when: ansible_distribution == "RedHat" or ansible_distribution == "CentOS"
+
+    - name: Debug Stop and disable firewalld on RHEL/CentOS
+      debug:
+        var: result
+
+    - name: Start and enable iptables on RHEL/CentOS
+      become: yes
+      systemd:
+        name: iptables
+        state: started
+        enabled: yes
+      register: result
+      when: ansible_distribution == "RedHat" or ansible_distribution == "CentOS"
+
+    - name: Debug Start and enable iptables on RHEL/CentOS
+      debug:
+        var: result
+
+    - name: Enable IP forwarding
+      become: yes
+      sysctl:
+        name: net.ipv4.ip_forward
+        value: 1
+        state: present
+      register: result
+
+    - name: Debug Enable IP forwarding
+      debug:
+        var: result
+
+    - name: Create DNAT rule
+      become: yes
+      iptables:
+        chain: PREROUTING
+        table: nat
+        protocol: tcp
+        rule_num: 1
+        jump: DNAT
+        destination_port: "{{ scale_forwarding_port }}"
+        to_destination: "{{ scale_gui_node }}:{{ scale_gui_port }}"
+        state: present
+      register: result
+
+    - name: Debug create DNAT result
+      debug:
+        var: result
+
+    - name: Create MASQUERADE rule
+      become: yes
+      iptables:
+        chain: POSTROUTING
+        table: nat
+        protocol: tcp
+        rule_num: 2
+        jump: MASQUERADE
+        destination_port: "{{ scale_gui_port }}"
+        destination: "{{ scale_gui_node }}"
+        state: present
+      register: result
+
+    - name: Debug create MASQUERADE result
+      debug:
+        var: result
+
+    - name: Create MASQUERADE rule for all traffic
+      become: yes
+      register: result
+      iptables:
+        chain: POSTROUTING
+        table: nat
+        rule_num: 3
+        jump: MASQUERADE
+        state: present
+
+    - name: Debug create MASQUERADE all result
+      debug:
+        var: result
+
+    - name: Remove the specific iptables rule
+      become: yes
+      shell: iptables -D FORWARD 1
+      when: ansible_distribution == "CentOS"
+      ignore_errors: true
+      register: result
+
+    - name: Debug Remove the iptables rule
+      debug:
+        var: result
+
+    - name: Save IPtables rules on Amazon
+      become: yes
+      ansible.builtin.command: /sbin/service iptables save
+      when: ansible_distribution == "Amazon"
+      register: result
+
+    - name: Debug Save iptables rules on Amazon
+      debug:
+        var: result
+
+    - name: Ensure /etc/sysconfig/ directory exists on RHEL/CentOS
+      become: yes
+      file:
+        path: /etc/sysconfig/
+        state: directory
+      when: ansible_distribution == "RedHat"
+      register: result
+
+    - name: Debug Save iptables rules on RHEL/CentOS
+      debug:
+        var: result
+
+    - name: Save iptables rules on RHEL
+      become: yes
+      shell: iptables-save > /etc/sysconfig/iptables
+      register: result
+      when: ansible_distribution == "RedHat"
+
+    - name: Debug Save iptables rules on RHEL/CentOS
+      debug:
+        var: result
+
+    - name: Save iptables rules on CentOS
+      become: yes
+      shell: service iptables save
+      register: result
+      when: ansible_distribution == "CentOS"
+
+    - name: Debug Save iptables rules on CentOS
+      debug:
+        var: result
diff --git a/samples/playbook_iptables_delete.yml b/samples/playbook_iptables_delete.yml
@@ -0,0 +1,59 @@
+---
+# sample/playbook_iptables_delete.yml
+#
+# playbook sample for deleting the iptables rules on bastion server for
+# gui access.
+
+# This file is mandatory to import and it will load inventory variables form
+# vars/gui_access_clusterdefinition.json
+- import_playbook: "set_json_variables_gui.yml"
+
+- hosts: scale_node
+  remote_user: "{{ scale_jump_host_user }}"
+  become: yes
+  name: Delete an iptables rule
+  tasks:
+    - name: Delete DNAT iptables rule
+      iptables:
+        chain: PREROUTING
+        table: nat
+        protocol: tcp
+        jump: DNAT
+        destination_port: "{{ scale_forwarding_port }}"
+        to_destination: "{{ scale_gui_node }}:{{ scale_gui_port }}"
+        state: absent
+      register: result
+
+    - name: Debug delete a iptables rule
+      debug:
+        var: result
+
+    - name: Save IPtables rules on Amazon
+      ansible.builtin.command: /sbin/service iptables save
+      become: yes
+      when: ansible_distribution == "Amazon"
+      register: result
+
+    - name: Debug Save iptables rules on Amazon
+      debug:
+        var: result
+
+    - name: Save IPtables rules on CentOS
+      ansible.builtin.command: /sbin/service iptables save
+      become: yes
+      when: ansible_distribution == "CentOS"
+      register: result
+
+    - name: Debug Save iptables rules on CentOS
+      debug:
+        var: result
+
+    - name: Save iptables rules on RHEL
+      become: yes
+      shell: iptables-save > /etc/iptables/rules.v4
+      when: ansible_distribution == "RedHat"
+      register: result
+
+    - name: Debug Save iptables rules on RHEL/CentOS
+      debug:
+        var: result
diff --git a/samples/set_json_variables.yml b/samples/set_json_variables.yml
@@ -66,4 +66,4 @@
      scale_cluster_config: "{{ scale_cluster | default(omit) }}"
     loop: "{{ node_details }}"
   tags:
-  - scale_inventory
+  - scale_inventory
diff --git a/samples/set_json_variables_gui.yml b/samples/set_json_variables_gui.yml
@@ -0,0 +1,52 @@
+---
+# This playbook will read all required input from json inventory
+#- name: Create the required groups
+- hosts: localhost
+  connection: local
+
+  tasks:
+    - name: Read all intermediate output from Resource Details
+      include_vars:
+        file: vars/gui_access_clusterdefinition.json
+      register: scale_json
+      when: cluster_inventory_file is undefined
+
+    - name: Read all intermediate output from user defined Resource Details
+      include_vars:
+        file: "{{ cluster_inventory_file }}"
+      register: scale_json_cloud
+      when: cluster_inventory_file is defined
+
+    - name: Check valid json file
+      assert:
+        that: scale_json.failed == false
+        msg: >-
+          scale_clusterdefinition.json is not present in the
+          vars directory. Make sure that this file is present
+          in the vars directory along with all required
+          Ansible scale inventory.
+      when: cluster_inventory_file is undefined
+
+    - name: Check valid json file
+      assert:
+        that: scale_json_cloud.failed == false
+        msg: >-
+          scale_clusterdefinition.json is not present in the
+          vars directory. Make sure that this file is present
+          in the vars directory along with all required
+          Ansible scale inventory.
+      when: cluster_inventory_file is defined
+
+    - name: Pass all inputs related to creating Spectrum Scale cluster to all nodes
+      add_host:
+        name: "{{ item.fqdn }}"
+        groups: scale_node
+        ansible_ssh_common_args: "-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
+        ansible_ssh_private_key_file: "{{ item.ansible_ssh_private_key_file | default(omit) }}"
+        scale_gui_node: "{{ scale_cluster.scale_gui_node | default(omit) }}"
+        scale_gui_port: "{{ scale_cluster.scale_gui_port | default(omit) }}"
+        scale_forwarding_port: "{{ scale_cluster.scale_forwarding_port | default(omit) }}"
+        scale_jump_host_user: "{{ scale_cluster.scale_jump_host_user | default(omit) }}"
+      loop: "{{ node_details }}"
+  tags:
+    - scale_inventory