diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2020-07-07 22:09:19 +0200 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2020-07-11 02:29:02 +0200 |
| commit | 6eacc2ad5539abf37dc90cd378b44320f7758869 (patch) | |
| tree | eacbf207b610a8ee93f830b381d91491671f6ae5 /roles/vm/host/network/templates/bridge-interfaces.j2 | |
| parent | ch-oulu: interface config (diff) | |
refactor vm role names
Diffstat (limited to 'roles/vm/host/network/templates/bridge-interfaces.j2')
| -rw-r--r-- | roles/vm/host/network/templates/bridge-interfaces.j2 | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/roles/vm/host/network/templates/bridge-interfaces.j2 b/roles/vm/host/network/templates/bridge-interfaces.j2 new file mode 100644 index 00000000..05144430 --- /dev/null +++ b/roles/vm/host/network/templates/bridge-interfaces.j2 @@ -0,0 +1,53 @@ +{% set bridge_name = 'br-'+item.key %} +{% set bridge = item.value %} +{% set interface = (network.interfaces | selectattr('name', 'eq', bridge_name) | first | default({})) %} +auto {{ bridge_name }} +{% if 'address' in interface %} +iface {{ bridge_name }} inet static + address {{ interface.address | ipaddr('address') }} + netmask {{ interface.address | ipaddr('netmask') }} +{% if 'gateway' in interface %} + gateway {{ interface.gateway }} +{% endif %} +{% else %} +iface {{ bridge_name }} inet manual +{% endif %} +{% if 'interfaces' in bridge and (bridge.interfaces | length) > 0 %} + bridge_ports {{ bridge.interfaces | join(' ') }} +{% else %} + bridge_ports none +{% endif %} + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra + up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf + up modprobe br_netfilter + up /sbin/sysctl net.bridge.bridge-nf-call-iptables=0 + up /sbin/sysctl net.bridge.bridge-nf-call-ip6tables=0 + up /sbin/sysctl net.bridge.bridge-nf-call-arptables=0 +{% if 'address' in interface and 'prefix' in bridge %} +{% if 'nat' in bridge and bridge.nat %} + up echo 1 > /proc/sys/net/ipv4/conf/$IFACE/forwarding + up echo 1 > /proc/sys/net/ipv4/conf/{{ ansible_default_ipv4.interface }}/forwarding + up /sbin/iptables -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ bridge.prefix }} -j SNAT --to {{ ansible_default_ipv4.address }} +{% endif %} +{% if 'overlay' in bridge %} +{% for dest, offset in (bridge.overlay.offsets | dictsort(by='value')) %} + up /bin/ip route add {{ (bridge.overlay.prefix | ipaddr(offset)).split('/')[0] }}/32 via {{ (bridge.prefix | ipaddr(bridge.offsets[dest])).split('/')[0] }} # {{ dest }} +{% endfor %} + up /bin/ip route add unreachable {{ bridge.overlay.prefix }} + down /sbin/ip route del {{ bridge.overlay.prefix }} +{% endif %} +{% if 'nat' in bridge and bridge.nat %} + down /sbin/iptables -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ bridge.prefix }} -j SNAT --to {{ ansible_default_ipv4.address }} +{% endif %} +{% endif %} +{% if 'address6' in interface %} + +iface {{ bridge_name }} inet6 static + address {{ interface.address6 }} +{% if 'gateway6' in interface %} + gateway {{ interface.gateway6 }} +{% endif %} +{% endif %} |