diff options
author | Christian Pointner <equinox@spreadspace.org> | 2018-05-24 23:40:30 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2018-05-24 23:40:30 +0200 |
commit | 79c40fec07d7ea906cf1375fa93a4b202766ba79 (patch) | |
tree | 11266d83065f2507da0d1f118a8d832be82a13c2 /roles/vm-network | |
parent | some cleanups (diff) |
move vm roles to subdir
Diffstat (limited to 'roles/vm-network')
-rw-r--r-- | roles/vm-network/handlers/main.yml | 3 | ||||
-rw-r--r-- | roles/vm-network/tasks/lan.yml | 6 | ||||
-rw-r--r-- | roles/vm-network/tasks/main.yml | 9 | ||||
-rw-r--r-- | roles/vm-network/tasks/public.yml | 33 | ||||
-rw-r--r-- | roles/vm-network/tasks/systemd-link.yml | 15 | ||||
-rw-r--r-- | roles/vm-network/templates/firewall.sh_public.j2 | 49 | ||||
-rw-r--r-- | roles/vm-network/templates/interfaces_lan.j2 | 17 | ||||
-rw-r--r-- | roles/vm-network/templates/interfaces_public.j2 | 63 | ||||
-rw-r--r-- | roles/vm-network/templates/systemd.link.j2 | 5 |
9 files changed, 0 insertions, 200 deletions
diff --git a/roles/vm-network/handlers/main.yml b/roles/vm-network/handlers/main.yml deleted file mode 100644 index f967fa86..00000000 --- a/roles/vm-network/handlers/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: rebuild initramfs - command: update-initramfs -u diff --git a/roles/vm-network/tasks/lan.yml b/roles/vm-network/tasks/lan.yml deleted file mode 100644 index ec436e9b..00000000 --- a/roles/vm-network/tasks/lan.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: install interface config (LAN only) - template: - src: interfaces_lan.j2 - dest: /etc/network/interfaces - mode: 0644 diff --git a/roles/vm-network/tasks/main.yml b/roles/vm-network/tasks/main.yml deleted file mode 100644 index 222a350b..00000000 --- a/roles/vm-network/tasks/main.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- import_tasks: systemd-link.yml - when: srv_network.systemd_link is defined - -- import_tasks: public.yml - when: srv_network.public is defined - -- import_tasks: lan.yml - when: srv_network.public is not defined diff --git a/roles/vm-network/tasks/public.yml b/roles/vm-network/tasks/public.yml deleted file mode 100644 index 8b0e317a..00000000 --- a/roles/vm-network/tasks/public.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -- name: set routing table names - with_items: - - { regexp: '^89\s', line: '89 mur-default' } - - { regexp: '^212\s', line: '212 upc-default' } - lineinfile: - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - dest: /etc/iproute2/rt_tables - -- name: calculate address lists - set_fact: - srv_network_public_firewall_ipv4: - - "{{ srv_network.public.ip_mur }}" - - "{{ srv_network.public.ip_upc }}" - srv_network_public_firewall_ipv6: - - "{{ srv_network.public.ip_mur6 }}" - -- name: install firewall scripts - with_items: - - 4 - - 6 - template: - src: firewall.sh_public.j2 - dest: "/etc/network/firewall{{ item }}.sh" - mode: 0755 - when: srv_network.public.firewall is defined - -- name: install interface config (Public) - template: - src: interfaces_public.j2 - dest: /etc/network/interfaces - mode: 0644 diff --git a/roles/vm-network/tasks/systemd-link.yml b/roles/vm-network/tasks/systemd-link.yml deleted file mode 100644 index ad12cd37..00000000 --- a/roles/vm-network/tasks/systemd-link.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: remove legacy systemd.link units - file: - name: "/etc/systemd/network/{{ item }}" - state: absent - with_items: - - 50-virtio-kernel-names.link - - 99-default.link - -- name: install systemd network link units - template: - src: systemd.link.j2 - dest: "/etc/systemd/network/{{ '%02d' | format(item.idx + 10) }}-{{ item.name }}.link" - with_items: "{{ srv_network.systemd_link.interfaces }}" - notify: rebuild initramfs diff --git a/roles/vm-network/templates/firewall.sh_public.j2 b/roles/vm-network/templates/firewall.sh_public.j2 deleted file mode 100644 index df5b1373..00000000 --- a/roles/vm-network/templates/firewall.sh_public.j2 +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/sh - -PUBLIC_IPS="{% if item == 4 %}{{ srv_network_public_firewall_ipv4 | join(' ') }}{% else %}{{ srv_network_public_firewall_ipv6 | join(' ') }}{% endif %}" -PUBLIC_IF="$2" -TCP_PORTS="{{ srv_network.public.firewall.tcp_ports | default([]) | join(' ') }}" -UDP_PORTS="{{ srv_network.public.firewall.udp_ports | default([]) | join(' ') }}" - -##### -IPTABLES="/sbin/ip{% if item == 6 %}6{% endif %}tables" -ICMP="icmp{% if item == 6 %}v6{% endif %}" - -case "$1" in - start) - $IPTABLES -A INPUT -i $PUBLIC_IF -p $ICMP -j ACCEPT - $IPTABLES -A INPUT -i $PUBLIC_IF -m state --state related,established -j ACCEPT - for port in $TCP_PORTS; do - for ip in $PUBLIC_IPS; do - $IPTABLES -A INPUT -i $PUBLIC_IF -d $ip -p tcp --dport $port -j ACCEPT - done - done - for port in $UDP_PORTS; do - for ip in $PUBLIC_IPS; do - $IPTABLES -A INPUT -i $PUBLIC_IF -d $ip -p udp --dport $port -j ACCEPT - done - done - $IPTABLES -A INPUT -i $PUBLIC_IF -j DROP - ;; - stop) - $IPTABLES -D INPUT -i $PUBLIC_IF -j DROP - for port in $UDP_PORTS; do - for ip in $PUBLIC_IPS; do - $IPTABLES -D INPUT -i $PUBLIC_IF -d $ip -p udp --dport $port -j ACCEPT - done - done - for port in $TCP_PORTS; do - for ip in $PUBLIC_IPS; do - $IPTABLES -D INPUT -i $PUBLIC_IF -d $ip -p tcp --dport $port -j ACCEPT - done - done - $IPTABLES -D INPUT -i $PUBLIC_IF -m state --state related,established -j ACCEPT - $IPTABLES -D INPUT -i $PUBLIC_IF -p $ICMP -j ACCEPT - ;; - *) - echo "Usage: $0 (start|stop)" - exit 1 - ;; -esac - -exit 0 diff --git a/roles/vm-network/templates/interfaces_lan.j2 b/roles/vm-network/templates/interfaces_lan.j2 deleted file mode 100644 index 36ae2883..00000000 --- a/roles/vm-network/templates/interfaces_lan.j2 +++ /dev/null @@ -1,17 +0,0 @@ -# This file describes the network interfaces available on your system -# and how to activate them. For more information, see interfaces(5). - -source /etc/network/interfaces.d/* - -# The loopback network interface -auto lo -iface lo inet loopback - -# The internal network interface -auto {{ srv_network.internal.interface }} -iface {{ srv_network.internal.interface }} inet static - address {{ srv_network.internal.ip }} - netmask 255.255.255.0 - gateway 192.168.1.254 - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf diff --git a/roles/vm-network/templates/interfaces_public.j2 b/roles/vm-network/templates/interfaces_public.j2 deleted file mode 100644 index 2e8583ab..00000000 --- a/roles/vm-network/templates/interfaces_public.j2 +++ /dev/null @@ -1,63 +0,0 @@ -# This file describes the network interfaces available on your system -# and how to activate them. For more information, see interfaces(5). - -source /etc/network/interfaces.d/* - -# The loopback network interface -auto lo -iface lo inet loopback - -# The internal network interface -auto {{ srv_network.internal.interface }} -iface {{ srv_network.internal.interface }} inet static - address {{ srv_network.internal.ip }} - netmask 255.255.255.0 - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf - up ip route add default via 192.168.1.254 table default - up ip rule add pref 42000 lookup default - up ip rule del pref 32767 - down ip rule add pref 32767 lookup default - down ip rule del pref 42000 - down ip route del default via 192.168.1.254 table default - - -# The public network interface -auto {{ srv_network.public.interface }} -iface {{ srv_network.public.interface }} inet static - address {{ srv_network.public.ip }} - netmask 255.255.255.0 - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf - ## mur.at - up ip addr add dev $IFACE {{ srv_network.public.ip_mur }}/28 - up ip route add default via 89.106.215.14 src {{ srv_network.public.ip_mur }} table mur-default - up ip rule add pref 33000 from {{ srv_network.public.ip_mur }} lookup mur-default - ## upc - up ip addr add dev $IFACE {{ srv_network.public.ip_upc }}/32 - up ip route add default via 192.168.3.254 src {{ srv_network.public.ip_upc }} table upc-default - up ip rule add pref 35000 from {{ srv_network.public.ip_upc }} lookup upc-default - ### firewall - up /etc/network/firewall4.sh start $IFACE - ########## - down /etc/network/firewall4.sh stop $IFACE - ## upc - down ip rule del pref 35000 - down ip route del default via 192.168.3.254 src {{ srv_network.public.ip_upc }} table upc-default - down ip addr del dev $IFACE {{ srv_network.public.ip_upc }}/32 - ## mur.at - down ip rule del pref 33000 - down ip route del default via 89.106.215.14 src {{ srv_network.public.ip_mur }} table mur-default - down ip addr del dev $IFACE {{ srv_network.public.ip_mur }}/28 - -iface {{ srv_network.public.interface }} inet6 static - address {{ srv_network.public.ip_mur6 }} - netmask 64 - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf - up ip -6 route add default via 2a02:3e0:2003::e src {{ srv_network.public.ip_mur6 }} table mur-default - up ip -6 rule add pref 33000 from {{ srv_network.public.ip_mur6 }} lookup mur-default - up /etc/network/firewall6.sh start $IFACE - down /etc/network/firewall6.sh stop $IFACE - down ip -6 rule del pref 33000 - down ip -6 route del default via 2a02:3e0:2003::e src {{ srv_network.public.ip_mur6 }} table mur-default diff --git a/roles/vm-network/templates/systemd.link.j2 b/roles/vm-network/templates/systemd.link.j2 deleted file mode 100644 index 753fd586..00000000 --- a/roles/vm-network/templates/systemd.link.j2 +++ /dev/null @@ -1,5 +0,0 @@ -[Match] -Path=pci-0000:01:{{ "%02d" | format(item.idx) }}.0 - -[Link] -Name={{ item.name }} |