summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2020-06-24 03:01:50 +0200
committerChristian Pointner <equinox@spreadspace.org>2020-06-24 03:01:50 +0200
commit31e88617f11109078b44327b2abae8f9768e10f7 (patch)
tree7138ae1d6376a216e2eaa6658140d2a13e287841
parentsk-tomnext-hp: final install (diff)
update ch-router and add ch-nic
-rw-r--r--inventory/group_vars/chaos-at-home/network.yml1
-rw-r--r--inventory/host_vars/ch-nic.yml32
-rw-r--r--inventory/host_vars/ch-router.yml7
-rw-r--r--inventory/hosts.ini2
-rw-r--r--roles/openwrt/image/tasks/fetch.yml2
-rw-r--r--roles/vm/network/templates/interfaces.j218
-rw-r--r--roles/vm/network/templates/resolv.conf.j22
7 files changed, 60 insertions, 4 deletions
diff --git a/inventory/group_vars/chaos-at-home/network.yml b/inventory/group_vars/chaos-at-home/network.yml
index f2a5e878..f33235d1 100644
--- a/inventory/group_vars/chaos-at-home/network.yml
+++ b/inventory/group_vars/chaos-at-home/network.yml
@@ -43,6 +43,7 @@ network_zones:
ch-jump: 22
ch-gw-lan: 28
ch-stats: 10
+ ch-nic: 53
ch-web: 80
ch-mail: 143
ch-router-obsd: 253
diff --git a/inventory/host_vars/ch-nic.yml b/inventory/host_vars/ch-nic.yml
new file mode 100644
index 00000000..d26b1c40
--- /dev/null
+++ b/inventory/host_vars/ch-nic.yml
@@ -0,0 +1,32 @@
+---
+install:
+ vm:
+ mem: 768
+ numcpu: 2
+ autostart: True
+ disks:
+ primary: /dev/sda
+ scsi:
+ sda:
+ type: lvm
+ vg: "{{ hostvars[vm_host.name].host_name }}"
+ lv: "{{ inventory_hostname }}"
+ size: 10g
+ interfaces:
+ - bridge: br-svc
+ name: svc0
+
+network:
+ nameservers: "{{ network_zones.svc.dns }}"
+ domain: "{{ host_domain }}"
+ systemd_link:
+ interfaces: "{{ install.interfaces }}"
+ primary: &_network_primary_
+ name: svc0
+ address: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets[inventory_hostname]) | ipaddr('address/prefix') }}"
+ gateway: "{{ network_zones.svc.gateway }}"
+ static_routes:
+ - destination: "{{ network_zones.lan.prefix }}"
+ gateway: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ipaddr('address') }}"
+ interfaces:
+ - *_network_primary_
diff --git a/inventory/host_vars/ch-router.yml b/inventory/host_vars/ch-router.yml
index 19622983..22864a59 100644
--- a/inventory/host_vars/ch-router.yml
+++ b/inventory/host_vars/ch-router.yml
@@ -1,6 +1,6 @@
---
openwrt_variant: openwrt
-openwrt_release: 18.06.4
+openwrt_release: 19.07.3
openwrt_arch: x86
openwrt_target: 64
openwrt_profile: Generic
@@ -153,6 +153,9 @@ openwrt_mixin:
iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 2342 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-jump']) | ipaddr('address') }}"
iptables -A FORWARD -i "$MAGENTA_IF" -o "$SVC_IF" -d "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-jump']) | ipaddr('address') }}" -p tcp --dport 2342 -j ACCEPT
+ iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 53 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-nic']) | ipaddr('address') }}"
+ iptables -A FORWARD -i "$MAGENTA_IF" -o "$SVC_IF" -d "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-nic']) | ipaddr('address') }}" -p tcp --dport 53 -j ACCEPT
+
iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 80 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-web']) | ipaddr('address') }}"
iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 443 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-web']) | ipaddr('address') }}"
iptables -A FORWARD -i "$MAGENTA_IF" -o "$SVC_IF" -d "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-web']) | ipaddr('address') }}" -p tcp --dport 80 -j ACCEPT
@@ -303,7 +306,7 @@ openwrt_uci:
virsh_domxml: |
<domain type='kvm'>
- <name>router</name>
+ <name>ch-router</name>
<memory>131072</memory>
<currentMemory>131072</currentMemory>
<vcpu>2</vcpu>
diff --git a/inventory/hosts.ini b/inventory/hosts.ini
index 68f2383e..c3f1c7ee 100644
--- a/inventory/hosts.ini
+++ b/inventory/hosts.ini
@@ -24,6 +24,7 @@ ch-router host_name=router
ch-router-obsd host_name=router
ch-gw-lan host_name=gw-lan
ch-jump host_name=jump ansible_port=2342 ansible_host=ch-jump
+ch-nic host_name=nic
ch-hroottest host_name=hroot-test
ch-hroottest-vm1 host_name=hroot-test-vm1
ch-hroottest-obsd host_name=hroot-test-obsd
@@ -225,6 +226,7 @@ ch-router
ch-router-obsd
ch-jump
ch-gw-lan
+ch-nic
[vmhost-ch-gnocchi]
ch-gnocchi
[vmhost-ch-gnocchi:children]
diff --git a/roles/openwrt/image/tasks/fetch.yml b/roles/openwrt/image/tasks/fetch.yml
index 21bc0c40..05d2ad6e 100644
--- a/roles/openwrt/image/tasks/fetch.yml
+++ b/roles/openwrt/image/tasks/fetch.yml
@@ -22,7 +22,7 @@
- name: Check OpenPGP signature
command: >-
- gpg2 --no-options --no-default-keyring --secret-keyring /dev/null
+ gpg --no-options --no-default-keyring --secret-keyring /dev/null
--verify --keyring "{{ role_path }}/openwrt-keyring.gpg"
--trust-model always
"{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc"
diff --git a/roles/vm/network/templates/interfaces.j2 b/roles/vm/network/templates/interfaces.j2
index d257a98a..8c288669 100644
--- a/roles/vm/network/templates/interfaces.j2
+++ b/roles/vm/network/templates/interfaces.j2
@@ -17,15 +17,27 @@ iface {{ interface.name }} inet static
netmask {{ interface.address | ipaddr('netmask') }}
{% if 'overlay' in interface %}
up /bin/ip addr add dev $IFACE {{ interface.overlay }}/32
+{% for route in interface.static_routes | default([]) %}
+ up /bin/ip route add {{ route.destination }} via {{ route.gateway }} src {{ interface.overlay }}
+{% endfor %}
{% if 'gateway' in interface %}
up /bin/ip route add default via {{ interface.gateway }} src {{ interface.overlay }}
down /bin/ip route del default via {{ interface.gateway }} src {{ interface.overlay }}
+{% for route in interface.static_routes | default([]) | reverse %}
+ down /bin/ip route del {{ route.destination }} via {{ route.gateway }} src {{ interface.overlay }}
+{% endfor %}
{% endif %}
down /bin/ip addr del dev $IFACE {{ interface.overlay }}/32
{% else %}
{% if 'gateway' in interface %}
gateway {{ interface.gateway }}
{% endif %}
+{% for route in interface.static_routes | default([]) %}
+ up /bin/ip route add {{ route.destination }} via {{ route.gateway }}
+{% endfor %}
+{% for route in interface.static_routes | default([]) | reverse %}
+ down /bin/ip route del {{ route.destination }} via {{ route.gateway }}
+{% endfor %}
{% endif %}
{% if 'address6' in interface %}
@@ -34,5 +46,11 @@ iface {{ interface.name }} inet6 static
{% if 'gateway6' in interface %}
gateway {{ interface.gateway6 }}
{% endif %}
+{% for route in interface.static_routes6 | default([]) %}
+ up /bin/ip -6 route add {{ route.destination }} via {{ route.gateway }}
+{% endfor %}
+{% for route in interface.static_routes6 | default([]) | reverse %}
+ down /bin/ip -6 route del {{ route.destination }} via {{ route.gateway }}
+{% endfor %}
{% endif %}
{% endfor %}
diff --git a/roles/vm/network/templates/resolv.conf.j2 b/roles/vm/network/templates/resolv.conf.j2
index f62b6ed7..00aaafe3 100644
--- a/roles/vm/network/templates/resolv.conf.j2
+++ b/roles/vm/network/templates/resolv.conf.j2
@@ -1,4 +1,4 @@
{% for nsrv in network_cooked.nameservers %}
nameserver {{ nsrv }}
{% endfor %}
-search {{ network.domain }}
+search {{ network_cooked.domain }}