diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2020-06-24 03:01:50 +0200 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2020-06-24 03:01:50 +0200 |
| commit | 31e88617f11109078b44327b2abae8f9768e10f7 (patch) | |
| tree | 7138ae1d6376a216e2eaa6658140d2a13e287841 | |
| parent | sk-tomnext-hp: final install (diff) | |
update ch-router and add ch-nic
| -rw-r--r-- | inventory/group_vars/chaos-at-home/network.yml | 1 | ||||
| -rw-r--r-- | inventory/host_vars/ch-nic.yml | 32 | ||||
| -rw-r--r-- | inventory/host_vars/ch-router.yml | 7 | ||||
| -rw-r--r-- | inventory/hosts.ini | 2 | ||||
| -rw-r--r-- | roles/openwrt/image/tasks/fetch.yml | 2 | ||||
| -rw-r--r-- | roles/vm/network/templates/interfaces.j2 | 18 | ||||
| -rw-r--r-- | roles/vm/network/templates/resolv.conf.j2 | 2 |
7 files changed, 60 insertions, 4 deletions
diff --git a/inventory/group_vars/chaos-at-home/network.yml b/inventory/group_vars/chaos-at-home/network.yml index f2a5e878..f33235d1 100644 --- a/inventory/group_vars/chaos-at-home/network.yml +++ b/inventory/group_vars/chaos-at-home/network.yml @@ -43,6 +43,7 @@ network_zones: ch-jump: 22 ch-gw-lan: 28 ch-stats: 10 + ch-nic: 53 ch-web: 80 ch-mail: 143 ch-router-obsd: 253 diff --git a/inventory/host_vars/ch-nic.yml b/inventory/host_vars/ch-nic.yml new file mode 100644 index 00000000..d26b1c40 --- /dev/null +++ b/inventory/host_vars/ch-nic.yml @@ -0,0 +1,32 @@ +--- +install: + vm: + mem: 768 + numcpu: 2 + autostart: True + disks: + primary: /dev/sda + scsi: + sda: + type: lvm + vg: "{{ hostvars[vm_host.name].host_name }}" + lv: "{{ inventory_hostname }}" + size: 10g + interfaces: + - bridge: br-svc + name: svc0 + +network: + nameservers: "{{ network_zones.svc.dns }}" + domain: "{{ host_domain }}" + systemd_link: + interfaces: "{{ install.interfaces }}" + primary: &_network_primary_ + name: svc0 + address: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets[inventory_hostname]) | ipaddr('address/prefix') }}" + gateway: "{{ network_zones.svc.gateway }}" + static_routes: + - destination: "{{ network_zones.lan.prefix }}" + gateway: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ipaddr('address') }}" + interfaces: + - *_network_primary_ diff --git a/inventory/host_vars/ch-router.yml b/inventory/host_vars/ch-router.yml index 19622983..22864a59 100644 --- a/inventory/host_vars/ch-router.yml +++ b/inventory/host_vars/ch-router.yml @@ -1,6 +1,6 @@ --- openwrt_variant: openwrt -openwrt_release: 18.06.4 +openwrt_release: 19.07.3 openwrt_arch: x86 openwrt_target: 64 openwrt_profile: Generic @@ -153,6 +153,9 @@ openwrt_mixin: iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 2342 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-jump']) | ipaddr('address') }}" iptables -A FORWARD -i "$MAGENTA_IF" -o "$SVC_IF" -d "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-jump']) | ipaddr('address') }}" -p tcp --dport 2342 -j ACCEPT + iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 53 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-nic']) | ipaddr('address') }}" + iptables -A FORWARD -i "$MAGENTA_IF" -o "$SVC_IF" -d "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-nic']) | ipaddr('address') }}" -p tcp --dport 53 -j ACCEPT + iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 80 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-web']) | ipaddr('address') }}" iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 443 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-web']) | ipaddr('address') }}" iptables -A FORWARD -i "$MAGENTA_IF" -o "$SVC_IF" -d "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-web']) | ipaddr('address') }}" -p tcp --dport 80 -j ACCEPT @@ -303,7 +306,7 @@ openwrt_uci: virsh_domxml: | <domain type='kvm'> - <name>router</name> + <name>ch-router</name> <memory>131072</memory> <currentMemory>131072</currentMemory> <vcpu>2</vcpu> diff --git a/inventory/hosts.ini b/inventory/hosts.ini index 68f2383e..c3f1c7ee 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -24,6 +24,7 @@ ch-router host_name=router ch-router-obsd host_name=router ch-gw-lan host_name=gw-lan ch-jump host_name=jump ansible_port=2342 ansible_host=ch-jump +ch-nic host_name=nic ch-hroottest host_name=hroot-test ch-hroottest-vm1 host_name=hroot-test-vm1 ch-hroottest-obsd host_name=hroot-test-obsd @@ -225,6 +226,7 @@ ch-router ch-router-obsd ch-jump ch-gw-lan +ch-nic [vmhost-ch-gnocchi] ch-gnocchi [vmhost-ch-gnocchi:children] diff --git a/roles/openwrt/image/tasks/fetch.yml b/roles/openwrt/image/tasks/fetch.yml index 21bc0c40..05d2ad6e 100644 --- a/roles/openwrt/image/tasks/fetch.yml +++ b/roles/openwrt/image/tasks/fetch.yml @@ -22,7 +22,7 @@ - name: Check OpenPGP signature command: >- - gpg2 --no-options --no-default-keyring --secret-keyring /dev/null + gpg --no-options --no-default-keyring --secret-keyring /dev/null --verify --keyring "{{ role_path }}/openwrt-keyring.gpg" --trust-model always "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc" diff --git a/roles/vm/network/templates/interfaces.j2 b/roles/vm/network/templates/interfaces.j2 index d257a98a..8c288669 100644 --- a/roles/vm/network/templates/interfaces.j2 +++ b/roles/vm/network/templates/interfaces.j2 @@ -17,15 +17,27 @@ iface {{ interface.name }} inet static netmask {{ interface.address | ipaddr('netmask') }} {% if 'overlay' in interface %} up /bin/ip addr add dev $IFACE {{ interface.overlay }}/32 +{% for route in interface.static_routes | default([]) %} + up /bin/ip route add {{ route.destination }} via {{ route.gateway }} src {{ interface.overlay }} +{% endfor %} {% if 'gateway' in interface %} up /bin/ip route add default via {{ interface.gateway }} src {{ interface.overlay }} down /bin/ip route del default via {{ interface.gateway }} src {{ interface.overlay }} +{% for route in interface.static_routes | default([]) | reverse %} + down /bin/ip route del {{ route.destination }} via {{ route.gateway }} src {{ interface.overlay }} +{% endfor %} {% endif %} down /bin/ip addr del dev $IFACE {{ interface.overlay }}/32 {% else %} {% if 'gateway' in interface %} gateway {{ interface.gateway }} {% endif %} +{% for route in interface.static_routes | default([]) %} + up /bin/ip route add {{ route.destination }} via {{ route.gateway }} +{% endfor %} +{% for route in interface.static_routes | default([]) | reverse %} + down /bin/ip route del {{ route.destination }} via {{ route.gateway }} +{% endfor %} {% endif %} {% if 'address6' in interface %} @@ -34,5 +46,11 @@ iface {{ interface.name }} inet6 static {% if 'gateway6' in interface %} gateway {{ interface.gateway6 }} {% endif %} +{% for route in interface.static_routes6 | default([]) %} + up /bin/ip -6 route add {{ route.destination }} via {{ route.gateway }} +{% endfor %} +{% for route in interface.static_routes6 | default([]) | reverse %} + down /bin/ip -6 route del {{ route.destination }} via {{ route.gateway }} +{% endfor %} {% endif %} {% endfor %} diff --git a/roles/vm/network/templates/resolv.conf.j2 b/roles/vm/network/templates/resolv.conf.j2 index f62b6ed7..00aaafe3 100644 --- a/roles/vm/network/templates/resolv.conf.j2 +++ b/roles/vm/network/templates/resolv.conf.j2 @@ -1,4 +1,4 @@ {% for nsrv in network_cooked.nameservers %} nameserver {{ nsrv }} {% endfor %} -search {{ network.domain }} +search {{ network_cooked.domain }} |