diff options
author | Christian Pointner <equinox@spreadspace.org> | 2020-07-11 02:58:28 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2020-07-11 02:58:28 +0200 |
commit | 49c58d575f420165f7d8341bccb8b4ba4629e735 (patch) | |
tree | dfbfe6a937ec04fa7d48de8c1d08a1596ba837b2 | |
parent | Merge branch 'topic/debian-installer-verification' (diff) | |
parent | ch-gnocchi: remove temporary interface config (diff) |
Merge branch 'topic/vm-host-network'
-rw-r--r-- | chaos-at-home/ch-atlas.yml | 3 | ||||
-rw-r--r-- | chaos-at-home/ch-gnocchi.yml | 29 | ||||
-rw-r--r-- | chaos-at-home/ch-oulu.yml | 11 | ||||
-rw-r--r-- | common/vm-install.yml | 10 | ||||
-rw-r--r-- | dan/sk-2019vm.yml | 3 | ||||
-rw-r--r-- | dan/sk-tomnext.yml | 3 | ||||
-rw-r--r-- | inventory/group_vars/vmhost-ch-oulu/main.yml | 21 | ||||
-rw-r--r-- | inventory/host_vars/ch-atlas.yml | 3 | ||||
-rw-r--r-- | inventory/host_vars/ch-gnocchi.yml | 4 | ||||
-rw-r--r-- | inventory/host_vars/ch-oulu.yml | 19 | ||||
-rw-r--r-- | inventory/hosts.ini | 9 | ||||
-rw-r--r-- | roles/vm/grub/handlers/main.yml | 3 | ||||
-rw-r--r-- | roles/vm/grub/tasks/main.yml | 17 | ||||
-rw-r--r-- | roles/vm/guest/base/defaults/main.yml (renamed from roles/vm/guest/defaults/main.yml) | 0 | ||||
-rw-r--r-- | roles/vm/guest/base/handlers/main.yml (renamed from roles/vm/guest/handlers/main.yml) | 4 | ||||
-rw-r--r-- | roles/vm/guest/base/tasks/main.yml (renamed from roles/vm/guest/tasks/main.yml) | 19 | ||||
-rw-r--r-- | roles/vm/guest/define/defaults/main.yml (renamed from roles/vm/define/defaults/main.yml) | 0 | ||||
-rw-r--r-- | roles/vm/guest/define/tasks/main.yml (renamed from roles/vm/define/tasks/main.yml) | 0 | ||||
-rw-r--r-- | roles/vm/guest/define/templates/libvirt-domain.xml.j2 (renamed from roles/vm/define/templates/libvirt-domain.xml.j2) | 0 | ||||
-rw-r--r-- | roles/vm/guest/install/library/wait_for_virt.py (renamed from roles/vm/install/library/wait_for_virt.py) | 0 | ||||
-rw-r--r-- | roles/vm/guest/install/tasks/installer-debian.yml (renamed from roles/vm/install/tasks/installer-debian.yml) | 0 | ||||
-rw-r--r-- | roles/vm/guest/install/tasks/installer-openbsd.yml (renamed from roles/vm/install/tasks/installer-openbsd.yml) | 0 | ||||
-rw-r--r-- | roles/vm/guest/install/tasks/main.yml (renamed from roles/vm/install/tasks/main.yml) | 10 | ||||
-rw-r--r-- | roles/vm/guest/network/handlers/main.yml (renamed from roles/vm/network/handlers/main.yml) | 0 | ||||
-rw-r--r-- | roles/vm/guest/network/tasks/main.yml (renamed from roles/vm/network/tasks/main.yml) | 0 | ||||
-rw-r--r-- | roles/vm/guest/network/templates/interfaces.j2 (renamed from roles/vm/network/templates/interfaces.j2) | 0 | ||||
-rw-r--r-- | roles/vm/guest/network/templates/resolv.conf.j2 (renamed from roles/vm/network/templates/resolv.conf.j2) | 0 | ||||
-rw-r--r-- | roles/vm/guest/network/templates/systemd.link.j2 (renamed from roles/vm/network/templates/systemd.link.j2) | 0 | ||||
-rw-r--r-- | roles/vm/host/base/handlers/main.yml (renamed from roles/vm/host/handlers/main.yml) | 0 | ||||
-rw-r--r-- | roles/vm/host/base/tasks/main.yml (renamed from roles/vm/host/tasks/main.yml) | 4 | ||||
-rw-r--r-- | roles/vm/host/base/tasks/zfs.yml (renamed from roles/vm/host/tasks/zfs.yml) | 0 | ||||
-rw-r--r-- | roles/vm/host/network/tasks/main.yml | 42 | ||||
-rw-r--r-- | roles/vm/host/network/templates/bridge-interfaces.j2 | 53 | ||||
-rw-r--r-- | roles/vm/host/network/templates/interfaces.j2 | 79 | ||||
-rw-r--r-- | roles/vm/host/tasks/network.yml | 75 |
35 files changed, 281 insertions, 140 deletions
diff --git a/chaos-at-home/ch-atlas.yml b/chaos-at-home/ch-atlas.yml index 34fa1141..2e60943b 100644 --- a/chaos-at-home/ch-atlas.yml +++ b/chaos-at-home/ch-atlas.yml @@ -4,7 +4,8 @@ roles: - role: core/sshd - role: core/zsh - - role: vm/host + - role: vm/host/base + - role: vm/host/network ## gpg on this host is too old to open the keyrings. ## to work around this problem the files have been manually converted ## applying the role would break this again!! diff --git a/chaos-at-home/ch-gnocchi.yml b/chaos-at-home/ch-gnocchi.yml index fd519bfd..095948ad 100644 --- a/chaos-at-home/ch-gnocchi.yml +++ b/chaos-at-home/ch-gnocchi.yml @@ -7,32 +7,7 @@ - role: core/sshd - role: core/zsh - role: core/cpu-microcode - - role: vm/host + - role: vm/host/base + - role: vm/host/network - role: installer/debian/base - role: installer/openbsd/base - post_tasks: - # you need to reboot for changes to take effect - - name: install network interface config - copy: - dest: /etc/network/interfaces - content: | - # This file describes the network interfaces available on your system - # and how to activate them. For more information, see interfaces(5). - - # The loopback network interface - auto lo - iface lo inet loopback - {% for interface in (__vmhost_bridge_interface_zones__.keys() | sort) %} - - - auto {{ interface }} - iface {{ interface }} inet manual - {% for zone in __vmhost_bridge_interface_zones__[interface] %} - - auto {{ interface }}.{{ network_zones[zone].vlan }} - iface {{ interface }}.{{ network_zones[zone].vlan }} inet manual - {% endfor %} - {% endfor %} - - - source /etc/network/interfaces.d/* diff --git a/chaos-at-home/ch-oulu.yml b/chaos-at-home/ch-oulu.yml new file mode 100644 index 00000000..ef508629 --- /dev/null +++ b/chaos-at-home/ch-oulu.yml @@ -0,0 +1,11 @@ +--- +- name: Basic Setup + hosts: ch-oulu + roles: + - role: apt-repo/base + - role: core/base + - role: core/sshd + - role: core/zsh + - role: core/cpu-microcode + - role: vm/host/base + - role: vm/host/network diff --git a/common/vm-install.yml b/common/vm-install.yml index b0c3815a..64894d1a 100644 --- a/common/vm-install.yml +++ b/common/vm-install.yml @@ -27,7 +27,7 @@ - name: basic installation hosts: _vmhost_ roles: - - role: vm/install + - role: vm/guest/install - name: wait for new vm to start up @@ -58,14 +58,12 @@ - name: make sure to update cached facts setup: roles: - - role: vm/grub + - role: vm/guest/base when: install_distro in ['debian', 'ubuntu'] - - role: vm/network - when: install_distro in ['debian', 'ubuntu'] - - role: vm/guest + - role: vm/guest/network when: install_distro in ['debian', 'ubuntu'] -- name: reboot and wait for VM come back +- name: reboot and wait for VM to come back hosts: "{{ install_hostname }}" gather_facts: no roles: diff --git a/dan/sk-2019vm.yml b/dan/sk-2019vm.yml index 8859a3c2..07f4062e 100644 --- a/dan/sk-2019vm.yml +++ b/dan/sk-2019vm.yml @@ -12,7 +12,8 @@ - role: zfs/base - role: apt-repo/spreadspace - role: zfs/sanoid - - role: vm/host + - role: vm/host/base + - role: vm/host/network - role: installer/debian/base tasks: - name: install post-boot script diff --git a/dan/sk-tomnext.yml b/dan/sk-tomnext.yml index b6c3b95a..5d72770d 100644 --- a/dan/sk-tomnext.yml +++ b/dan/sk-tomnext.yml @@ -12,7 +12,8 @@ - role: zfs/base - role: apt-repo/spreadspace - role: zfs/sanoid - - role: vm/host + - role: vm/host/base + - role: vm/host/network - role: installer/debian/base tasks: - name: install post-boot script diff --git a/inventory/group_vars/vmhost-ch-oulu/main.yml b/inventory/group_vars/vmhost-ch-oulu/main.yml new file mode 100644 index 00000000..db5daa9c --- /dev/null +++ b/inventory/group_vars/vmhost-ch-oulu/main.yml @@ -0,0 +1,21 @@ +--- +__vmhost_bridge_interface_zones__: + bond0: + - lan + - svc + - mgmt + +__vmhost_bridge_interface_zones_yaml__: | + {% for interface in (__vmhost_bridge_interface_zones__.keys() | sort) %} + {% for zone in __vmhost_bridge_interface_zones__[interface] %} + {{ zone }}: + interfaces: + - {{ interface }}.{{ network_zones[zone].vlan }} + {% endfor %} + {% endfor %} + + +vm_host: + name: ch-oulu + network: + bridges: "{{ __vmhost_bridge_interface_zones_yaml__ | from_yaml }}" diff --git a/inventory/host_vars/ch-atlas.yml b/inventory/host_vars/ch-atlas.yml index aa2c2e0c..120e007d 100644 --- a/inventory/host_vars/ch-atlas.yml +++ b/inventory/host_vars/ch-atlas.yml @@ -9,3 +9,6 @@ network: # address6: "{{ vm_host.network.bridges.public.prefix6 | ipaddr(vm_host.network.bridges.public.offsets6[inventory_hostname]) | ipaddr('address/prefix') }}" address6: "{{ vm_host.network.bridges.public.prefix6 | ipaddr(41) | ipaddr('address/prefix') }}" gateway6: "{{ vm_host.network.bridges.public.gateway6 }}" + vlans: + eth0: + - 502 diff --git a/inventory/host_vars/ch-gnocchi.yml b/inventory/host_vars/ch-gnocchi.yml index c52a1cf4..ff27a081 100644 --- a/inventory/host_vars/ch-gnocchi.yml +++ b/inventory/host_vars/ch-gnocchi.yml @@ -13,6 +13,10 @@ network: interfaces: - name: br-mgmt address: "{{ network_zones.mgmt.prefix | ipaddr(network_zones.mgmt.offsets[inventory_hostname]) | ipaddr('address/prefix') }}" + vlans: + enp1s0: "{{ __vmhost_bridge_interface_zones__['enp1s0'] | map('extract', network_zones) | map(attribute='vlan') | list }}" + enp2s0: "{{ __vmhost_bridge_interface_zones__['enp2s0'] | map('extract', network_zones) | map(attribute='vlan') | list }}" + enp3s0: "{{ __vmhost_bridge_interface_zones__['enp3s0'] | map('extract', network_zones) | map(attribute='vlan') | list }}" apt_repo_components: diff --git a/inventory/host_vars/ch-oulu.yml b/inventory/host_vars/ch-oulu.yml index e63e6f2d..f6ef0e4c 100644 --- a/inventory/host_vars/ch-oulu.yml +++ b/inventory/host_vars/ch-oulu.yml @@ -1,4 +1,6 @@ --- +install_interface: eno1 + install: efi: true disks: @@ -16,8 +18,23 @@ network: - 9.9.9.9 domain: "{{ host_domain }}" primary: &_network_primary_ - name: eno1 + name: br-lan address: "{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets[inventory_hostname]) | ipaddr('address/prefix') }}" gateway: "{{ network_zones.lan.gateway }}" interfaces: - *_network_primary_ + bonds: + - name: bond0 + mode: 802.3ad + slaves: + - eno1 + - eno2 + options: + miimon: 100 + vlans: + bond0: "{{ __vmhost_bridge_interface_zones__['bond0'] | map('extract', network_zones) | map(attribute='vlan') | list }}" + +apt_repo_components: + - main + - contrib + - non-free ## for microcode updates diff --git a/inventory/hosts.ini b/inventory/hosts.ini index 5d19bee4..549e494b 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -231,6 +231,13 @@ ch-atlas [vmhost-ch-atlas:children] vmhost-ch-atlas-guests +[vmhost-ch-oulu-guests] +ch-oulu-vm1 +[vmhost-ch-oulu] +ch-oulu +[vmhost-ch-oulu:children] +vmhost-ch-oulu-guests + [vmhost-sk-2019vm-guests] sk-testvm sk-torrent @@ -255,12 +262,14 @@ vmhost-sk-tomnext-guests [kvmhosts] ch-gnocchi ch-atlas +ch-oulu sk-2019vm sk-tomnext [kvmguests:children] vmhost-ch-gnocchi-guests vmhost-ch-atlas-guests +vmhost-ch-oulu-guests vmhost-sk-2019vm-guests vmhost-sk-tomnext-guests diff --git a/roles/vm/grub/handlers/main.yml b/roles/vm/grub/handlers/main.yml deleted file mode 100644 index 4bddbb14..00000000 --- a/roles/vm/grub/handlers/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: update grub - command: /usr/sbin/update-grub diff --git a/roles/vm/grub/tasks/main.yml b/roles/vm/grub/tasks/main.yml deleted file mode 100644 index e663e808..00000000 --- a/roles/vm/grub/tasks/main.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: enable serial console in grub and for kernel - vars: - grub_options: - GRUB_TIMEOUT: 2 - GRUB_CMDLINE_LINUX: '"console=ttyS0,115200n8"' - GRUB_TERMINAL: serial - GRUB_SERIAL_COMMAND: >- - "serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1" - loop: "{{ grub_options | dict2items }}" - loop_control: - label: "{{ item.key }}" - lineinfile: - dest: /etc/default/grub - regexp: "^{{ item.key }}=" - line: "{{ item.key }}={{ item.value }}" - notify: update grub diff --git a/roles/vm/guest/defaults/main.yml b/roles/vm/guest/base/defaults/main.yml index ce072e95..ce072e95 100644 --- a/roles/vm/guest/defaults/main.yml +++ b/roles/vm/guest/base/defaults/main.yml diff --git a/roles/vm/guest/handlers/main.yml b/roles/vm/guest/base/handlers/main.yml index 5b57f3bc..2dfdddcb 100644 --- a/roles/vm/guest/handlers/main.yml +++ b/roles/vm/guest/base/handlers/main.yml @@ -1,3 +1,7 @@ +--- +- name: update grub + command: /usr/sbin/update-grub + - name: restart rngd service: name: rng-tools diff --git a/roles/vm/guest/tasks/main.yml b/roles/vm/guest/base/tasks/main.yml index e68f04df..b76ee762 100644 --- a/roles/vm/guest/tasks/main.yml +++ b/roles/vm/guest/base/tasks/main.yml @@ -1,3 +1,4 @@ +--- - name: install rngd apt: name: rng-tools @@ -40,3 +41,21 @@ [Service] ExecStart= ExecStart=-/sbin/agetty --keep-baud 115200,38400,9600 --noclear --autologin root --login-pause --host {{ vm_host_cooked.name }} %I $TERM + + +- name: enable serial console in grub and for kernel + vars: + grub_options: + GRUB_TIMEOUT: 2 + GRUB_CMDLINE_LINUX: '"console=ttyS0,115200n8"' + GRUB_TERMINAL: serial + GRUB_SERIAL_COMMAND: >- + "serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1" + loop: "{{ grub_options | dict2items }}" + loop_control: + label: "{{ item.key }}" + lineinfile: + dest: /etc/default/grub + regexp: "^{{ item.key }}=" + line: "{{ item.key }}={{ item.value }}" + notify: update grub diff --git a/roles/vm/define/defaults/main.yml b/roles/vm/guest/define/defaults/main.yml index f0bcc4fd..f0bcc4fd 100644 --- a/roles/vm/define/defaults/main.yml +++ b/roles/vm/guest/define/defaults/main.yml diff --git a/roles/vm/define/tasks/main.yml b/roles/vm/guest/define/tasks/main.yml index d0790628..d0790628 100644 --- a/roles/vm/define/tasks/main.yml +++ b/roles/vm/guest/define/tasks/main.yml diff --git a/roles/vm/define/templates/libvirt-domain.xml.j2 b/roles/vm/guest/define/templates/libvirt-domain.xml.j2 index ba0dcd5a..ba0dcd5a 100644 --- a/roles/vm/define/templates/libvirt-domain.xml.j2 +++ b/roles/vm/guest/define/templates/libvirt-domain.xml.j2 diff --git a/roles/vm/install/library/wait_for_virt.py b/roles/vm/guest/install/library/wait_for_virt.py index 6c49fae1..6c49fae1 100644 --- a/roles/vm/install/library/wait_for_virt.py +++ b/roles/vm/guest/install/library/wait_for_virt.py diff --git a/roles/vm/install/tasks/installer-debian.yml b/roles/vm/guest/install/tasks/installer-debian.yml index e0492969..e0492969 100644 --- a/roles/vm/install/tasks/installer-debian.yml +++ b/roles/vm/guest/install/tasks/installer-debian.yml diff --git a/roles/vm/install/tasks/installer-openbsd.yml b/roles/vm/guest/install/tasks/installer-openbsd.yml index afa17c45..afa17c45 100644 --- a/roles/vm/install/tasks/installer-openbsd.yml +++ b/roles/vm/guest/install/tasks/installer-openbsd.yml diff --git a/roles/vm/install/tasks/main.yml b/roles/vm/guest/install/tasks/main.yml index a4511459..21a13b4d 100644 --- a/roles/vm/install/tasks/main.yml +++ b/roles/vm/guest/install/tasks/main.yml @@ -50,11 +50,12 @@ etype: user permissions: rx - - vars: + - name: define installer vm + vars: vm_define_installer: yes installer_tmpdir: "{{ tmpdir.path }}" import_role: - name: vm/define + name: vm/guest/define - debug: msg: "you can check on the status of the installer running this command 'virsh console {{ install_hostname }}' on host {{ inventory_hostname }}." @@ -82,7 +83,8 @@ path: "{{ tmpdir.path }}" state: absent -- vars: +- name: define vm + vars: vm_define_installer: no import_role: - name: vm/define + name: vm/guest/define diff --git a/roles/vm/network/handlers/main.yml b/roles/vm/guest/network/handlers/main.yml index f967fa86..f967fa86 100644 --- a/roles/vm/network/handlers/main.yml +++ b/roles/vm/guest/network/handlers/main.yml diff --git a/roles/vm/network/tasks/main.yml b/roles/vm/guest/network/tasks/main.yml index 27a7682a..27a7682a 100644 --- a/roles/vm/network/tasks/main.yml +++ b/roles/vm/guest/network/tasks/main.yml diff --git a/roles/vm/network/templates/interfaces.j2 b/roles/vm/guest/network/templates/interfaces.j2 index 8c288669..8c288669 100644 --- a/roles/vm/network/templates/interfaces.j2 +++ b/roles/vm/guest/network/templates/interfaces.j2 diff --git a/roles/vm/network/templates/resolv.conf.j2 b/roles/vm/guest/network/templates/resolv.conf.j2 index 00aaafe3..00aaafe3 100644 --- a/roles/vm/network/templates/resolv.conf.j2 +++ b/roles/vm/guest/network/templates/resolv.conf.j2 diff --git a/roles/vm/network/templates/systemd.link.j2 b/roles/vm/guest/network/templates/systemd.link.j2 index 7093e164..7093e164 100644 --- a/roles/vm/network/templates/systemd.link.j2 +++ b/roles/vm/guest/network/templates/systemd.link.j2 diff --git a/roles/vm/host/handlers/main.yml b/roles/vm/host/base/handlers/main.yml index 6541dd80..6541dd80 100644 --- a/roles/vm/host/handlers/main.yml +++ b/roles/vm/host/base/handlers/main.yml diff --git a/roles/vm/host/tasks/main.yml b/roles/vm/host/base/tasks/main.yml index 4c29970d..1a7cb7d8 100644 --- a/roles/vm/host/tasks/main.yml +++ b/roles/vm/host/base/tasks/main.yml @@ -18,10 +18,6 @@ path: /etc/default/haveged notify: restart haveged -- name: install vm-host network - when: "'network' in vm_host" - include_tasks: network.yml - - name: prepare zfs volumes when: "'zfs' in vm_host" include_tasks: zfs.yml diff --git a/roles/vm/host/tasks/zfs.yml b/roles/vm/host/base/tasks/zfs.yml index b84f2d0d..b84f2d0d 100644 --- a/roles/vm/host/tasks/zfs.yml +++ b/roles/vm/host/base/tasks/zfs.yml diff --git a/roles/vm/host/network/tasks/main.yml b/roles/vm/host/network/tasks/main.yml new file mode 100644 index 00000000..cd415d1e --- /dev/null +++ b/roles/vm/host/network/tasks/main.yml @@ -0,0 +1,42 @@ +--- +- name: configure bonds and vlans + when: "'bonds' in network or 'vlans' in network" + block: + - name: install ifenslave package + when: "'bonds' in network" + apt: + name: ifenslave + state: present + + - name: install vlan package + when: "'vlans' in network" + apt: + name: vlan + state: present + + - name: create network interfaces + template: + src: interfaces.j2 + dest: /etc/network/interfaces + +- name: create network bridges + when: "'bridges' in vm_host.network" + block: + - name: generate bridge interface config + loop: "{{ vm_host.network.bridges | default({}) | dict2items }}" + loop_control: + label: "{{ item.key }}" + template: + src: bridge-interfaces.j2 + dest: "/etc/network/interfaces.d/br-{{ item.key }}" + register: vmhost_bridge_config + + ## We don't try to be to clever here: aka don't call ifdown before ifup because + ## if there are VMs running they would end up with a broken network + - name: bring up bridge interfaces + loop: "{{ vmhost_bridge_config.results }}" + loop_control: + label: "br-{{ item.item.key }}" + when: item is changed + command: "/sbin/ifup br-{{ item.item.key }}" + failed_when: false diff --git a/roles/vm/host/network/templates/bridge-interfaces.j2 b/roles/vm/host/network/templates/bridge-interfaces.j2 new file mode 100644 index 00000000..05144430 --- /dev/null +++ b/roles/vm/host/network/templates/bridge-interfaces.j2 @@ -0,0 +1,53 @@ +{% set bridge_name = 'br-'+item.key %} +{% set bridge = item.value %} +{% set interface = (network.interfaces | selectattr('name', 'eq', bridge_name) | first | default({})) %} +auto {{ bridge_name }} +{% if 'address' in interface %} +iface {{ bridge_name }} inet static + address {{ interface.address | ipaddr('address') }} + netmask {{ interface.address | ipaddr('netmask') }} +{% if 'gateway' in interface %} + gateway {{ interface.gateway }} +{% endif %} +{% else %} +iface {{ bridge_name }} inet manual +{% endif %} +{% if 'interfaces' in bridge and (bridge.interfaces | length) > 0 %} + bridge_ports {{ bridge.interfaces | join(' ') }} +{% else %} + bridge_ports none +{% endif %} + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra + up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf + up modprobe br_netfilter + up /sbin/sysctl net.bridge.bridge-nf-call-iptables=0 + up /sbin/sysctl net.bridge.bridge-nf-call-ip6tables=0 + up /sbin/sysctl net.bridge.bridge-nf-call-arptables=0 +{% if 'address' in interface and 'prefix' in bridge %} +{% if 'nat' in bridge and bridge.nat %} + up echo 1 > /proc/sys/net/ipv4/conf/$IFACE/forwarding + up echo 1 > /proc/sys/net/ipv4/conf/{{ ansible_default_ipv4.interface }}/forwarding + up /sbin/iptables -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ bridge.prefix }} -j SNAT --to {{ ansible_default_ipv4.address }} +{% endif %} +{% if 'overlay' in bridge %} +{% for dest, offset in (bridge.overlay.offsets | dictsort(by='value')) %} + up /bin/ip route add {{ (bridge.overlay.prefix | ipaddr(offset)).split('/')[0] }}/32 via {{ (bridge.prefix | ipaddr(bridge.offsets[dest])).split('/')[0] }} # {{ dest }} +{% endfor %} + up /bin/ip route add unreachable {{ bridge.overlay.prefix }} + down /sbin/ip route del {{ bridge.overlay.prefix }} +{% endif %} +{% if 'nat' in bridge and bridge.nat %} + down /sbin/iptables -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ bridge.prefix }} -j SNAT --to {{ ansible_default_ipv4.address }} +{% endif %} +{% endif %} +{% if 'address6' in interface %} + +iface {{ bridge_name }} inet6 static + address {{ interface.address6 }} +{% if 'gateway6' in interface %} + gateway {{ interface.gateway6 }} +{% endif %} +{% endif %} diff --git a/roles/vm/host/network/templates/interfaces.j2 b/roles/vm/host/network/templates/interfaces.j2 new file mode 100644 index 00000000..fe57a024 --- /dev/null +++ b/roles/vm/host/network/templates/interfaces.j2 @@ -0,0 +1,79 @@ +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +# The loopback network interface +auto lo +iface lo inet loopback + + +## pyhiscal interfaces + +{% for interface in network.bonds | default([]) | map(attribute='slaves') | flatten | union(network.vlans | default({}) | list) | difference(network.bonds | default([]) | map(attribute='name') | list) | sort | unique %} +auto {{ interface }} +iface {{ interface }} inet manual + pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra + pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf + +{% endfor %} + +{% for bond in network.bonds | default([]) %} +## Bond: {{ bond.name }} + +{% set tmp = network.interfaces | selectattr('name', 'eq', bond.name) | list %} +auto {{ bond.name }} +iface {{ bond.name }} inet {{ ((tmp | length) == 0) | ternary('manual', 'static') }} + bond-mode {{ bond.mode }} + bond-slaves {{ bond.slaves | sort | join(' ') }} +{% for option in (bond.options | default({}) | list | sort) %} + bond-{{ option }} {{ bond.options[option] }} +{% endfor %} + up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra + up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf +{% if (tmp | length) > 0 %} +{% set interface = tmp | first %} + address {{ interface.address | ipaddr('address') }} + netmask {{ interface.address | ipaddr('netmask') }} +{% if 'gateway' in interface %} + gateway {{ interface.gateway }} +{% endif %} +{% for route in interface.static_routes | default([]) %} + up /bin/ip route add {{ route.destination }} via {{ route.gateway }} +{% endfor %} +{% for route in interface.static_routes | default([]) | reverse %} + down /bin/ip route del {{ route.destination }} via {{ route.gateway }} +{% endfor %} +{% if 'address6' in interface %} + +iface {{ interface.name }} inet6 static + address {{ interface.address6 }} +{% if 'gateway6' in interface %} + gateway {{ interface.gateway6 }} +{% endif %} +{% for route in interface.static_routes6 | default([]) %} + up /bin/ip -6 route add {{ route.destination }} via {{ route.gateway }} +{% endfor %} +{% for route in interface.static_routes6 | default([]) | reverse %} + down /bin/ip -6 route del {{ route.destination }} via {{ route.gateway }} +{% endfor %} +{% endif %} +{% endif %} + + +{% endfor %} +{% for parent in network.vlans | default({}) | list | sort %} +## vlan interfaces @ {{ parent }} + +{% for vlan in network.vlans[parent] %} +auto {{ parent }}.{{ vlan }} +iface {{ parent }}.{{ vlan }} inet manual + up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra + up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf +{# TODO: add interface config like above if (network.interfaces | selectattr('name', 'eq', 'parent+'.'+vlan') | list) > 0 ... #} + +{% endfor %} + +{% endfor %} + +## source bridge configs + +source /etc/network/interfaces.d/* diff --git a/roles/vm/host/tasks/network.yml b/roles/vm/host/tasks/network.yml deleted file mode 100644 index 802ffd8b..00000000 --- a/roles/vm/host/tasks/network.yml +++ /dev/null @@ -1,75 +0,0 @@ ---- -- name: create network bridges - when: "'bridges' in vm_host.network" - block: - - name: generate bridge interface config - loop: "{{ vm_host.network.bridges | default({}) | dict2items }}" - loop_control: - label: "{{ item.key }}" - copy: - dest: "/etc/network/interfaces.d/br-{{ item.key }}" - content: | - {% set bridge_name = 'br-'+item.key %} - {% set bridge = item.value %} - {% set interface = (network.interfaces | selectattr('name', 'eq', bridge_name) | first | default({})) %} - auto {{ bridge_name }} - {% if 'address' in interface %} - iface {{ bridge_name }} inet static - address {{ interface.address | ipaddr('address') }} - netmask {{ interface.address | ipaddr('netmask') }} - {% if 'gateway' in interface %} - gateway {{ interface.gateway }} - {% endif %} - {% else %} - iface {{ bridge_name }} inet manual - {% endif %} - {% if 'interfaces' in bridge and (bridge.interfaces | length) > 0 %} - bridge_ports {{ bridge.interfaces | join(' ') }} - {% else %} - bridge_ports none - {% endif %} - bridge_stp off - bridge_waitport 0 - bridge_fd 0 - up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra - up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf - up modprobe br_netfilter - up /sbin/sysctl net.bridge.bridge-nf-call-iptables=0 - up /sbin/sysctl net.bridge.bridge-nf-call-ip6tables=0 - up /sbin/sysctl net.bridge.bridge-nf-call-arptables=0 - {% if 'address' in interface and 'prefix' in bridge %} - {% if 'nat' in bridge and bridge.nat %} - up echo 1 > /proc/sys/net/ipv4/conf/$IFACE/forwarding - up echo 1 > /proc/sys/net/ipv4/conf/{{ ansible_default_ipv4.interface }}/forwarding - up /sbin/iptables -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ bridge.prefix }} -j SNAT --to {{ ansible_default_ipv4.address }} - {% endif %} - {% if 'overlay' in bridge %} - {% for dest, offset in (bridge.overlay.offsets | dictsort(by='value')) %} - up /bin/ip route add {{ (bridge.overlay.prefix | ipaddr(offset)).split('/')[0] }}/32 via {{ (bridge.prefix | ipaddr(bridge.offsets[dest])).split('/')[0] }} # {{ dest }} - {% endfor %} - up /bin/ip route add unreachable {{ bridge.overlay.prefix }} - down /sbin/ip route del {{ bridge.overlay.prefix }} - {% endif %} - {% if 'nat' in bridge and bridge.nat %} - down /sbin/iptables -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ bridge.prefix }} -j SNAT --to {{ ansible_default_ipv4.address }} - {% endif %} - {% endif %} - {% if 'address6' in interface %} - - iface {{ bridge_name }} inet6 static - address {{ interface.address6 }} - {% if 'gateway6' in interface %} - gateway {{ interface.gateway6 }} - {% endif %} - {% endif %} - register: vmhost_bridge_config - - ## We don't try to be to clever here: aka don't call ifdown before ifup because - ## if there are VMs running they would end up with a broken network - - name: bring up bridge interfaces - loop: "{{ vmhost_bridge_config.results }}" - loop_control: - label: "br-{{ item.item.key }}" - when: item is changed - command: "/sbin/ifup br-{{ item.item.key }}" - failed_when: false |