diff options
author | Christian Pointner <equinox@spreadspace.org> | 2018-05-25 02:04:16 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2018-05-25 02:04:16 +0200 |
commit | 46787e1c9b9c574a13dae748d2f8ff89e7b55b8e (patch) | |
tree | 8a6c10959f53886565d873595d3c285fefbe9039 /roles/vm/network/templates | |
parent | move kubernetes roles to subdir (diff) |
remerge vm roles from realraum noc repo
Diffstat (limited to 'roles/vm/network/templates')
-rw-r--r-- | roles/vm/network/templates/firewall.sh_public.j2 | 49 | ||||
-rw-r--r-- | roles/vm/network/templates/interfaces.j2 (renamed from roles/vm/network/templates/interfaces_lan.j2) | 12 | ||||
-rw-r--r-- | roles/vm/network/templates/interfaces_public.j2 | 63 | ||||
-rw-r--r-- | roles/vm/network/templates/resolv.conf.j2 | 4 | ||||
-rw-r--r-- | roles/vm/network/templates/systemd.link.j2 | 2 |
5 files changed, 11 insertions, 119 deletions
diff --git a/roles/vm/network/templates/firewall.sh_public.j2 b/roles/vm/network/templates/firewall.sh_public.j2 deleted file mode 100644 index df5b1373..00000000 --- a/roles/vm/network/templates/firewall.sh_public.j2 +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/sh - -PUBLIC_IPS="{% if item == 4 %}{{ srv_network_public_firewall_ipv4 | join(' ') }}{% else %}{{ srv_network_public_firewall_ipv6 | join(' ') }}{% endif %}" -PUBLIC_IF="$2" -TCP_PORTS="{{ srv_network.public.firewall.tcp_ports | default([]) | join(' ') }}" -UDP_PORTS="{{ srv_network.public.firewall.udp_ports | default([]) | join(' ') }}" - -##### -IPTABLES="/sbin/ip{% if item == 6 %}6{% endif %}tables" -ICMP="icmp{% if item == 6 %}v6{% endif %}" - -case "$1" in - start) - $IPTABLES -A INPUT -i $PUBLIC_IF -p $ICMP -j ACCEPT - $IPTABLES -A INPUT -i $PUBLIC_IF -m state --state related,established -j ACCEPT - for port in $TCP_PORTS; do - for ip in $PUBLIC_IPS; do - $IPTABLES -A INPUT -i $PUBLIC_IF -d $ip -p tcp --dport $port -j ACCEPT - done - done - for port in $UDP_PORTS; do - for ip in $PUBLIC_IPS; do - $IPTABLES -A INPUT -i $PUBLIC_IF -d $ip -p udp --dport $port -j ACCEPT - done - done - $IPTABLES -A INPUT -i $PUBLIC_IF -j DROP - ;; - stop) - $IPTABLES -D INPUT -i $PUBLIC_IF -j DROP - for port in $UDP_PORTS; do - for ip in $PUBLIC_IPS; do - $IPTABLES -D INPUT -i $PUBLIC_IF -d $ip -p udp --dport $port -j ACCEPT - done - done - for port in $TCP_PORTS; do - for ip in $PUBLIC_IPS; do - $IPTABLES -D INPUT -i $PUBLIC_IF -d $ip -p tcp --dport $port -j ACCEPT - done - done - $IPTABLES -D INPUT -i $PUBLIC_IF -m state --state related,established -j ACCEPT - $IPTABLES -D INPUT -i $PUBLIC_IF -p $ICMP -j ACCEPT - ;; - *) - echo "Usage: $0 (start|stop)" - exit 1 - ;; -esac - -exit 0 diff --git a/roles/vm/network/templates/interfaces_lan.j2 b/roles/vm/network/templates/interfaces.j2 index 36ae2883..542e18d6 100644 --- a/roles/vm/network/templates/interfaces_lan.j2 +++ b/roles/vm/network/templates/interfaces.j2 @@ -7,11 +7,11 @@ source /etc/network/interfaces.d/* auto lo iface lo inet loopback -# The internal network interface -auto {{ srv_network.internal.interface }} -iface {{ srv_network.internal.interface }} inet static - address {{ srv_network.internal.ip }} - netmask 255.255.255.0 - gateway 192.168.1.254 +# The primary network interface +auto {{ vm_network.primary.interface }} +iface {{ vm_network.primary.interface }} inet static + address {{ vm_network.primary.ip }} + netmask {{ vm_network.primary.mask }} + gateway {{ vm_network.primary.gateway }} pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf diff --git a/roles/vm/network/templates/interfaces_public.j2 b/roles/vm/network/templates/interfaces_public.j2 deleted file mode 100644 index 2e8583ab..00000000 --- a/roles/vm/network/templates/interfaces_public.j2 +++ /dev/null @@ -1,63 +0,0 @@ -# This file describes the network interfaces available on your system -# and how to activate them. For more information, see interfaces(5). - -source /etc/network/interfaces.d/* - -# The loopback network interface -auto lo -iface lo inet loopback - -# The internal network interface -auto {{ srv_network.internal.interface }} -iface {{ srv_network.internal.interface }} inet static - address {{ srv_network.internal.ip }} - netmask 255.255.255.0 - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf - up ip route add default via 192.168.1.254 table default - up ip rule add pref 42000 lookup default - up ip rule del pref 32767 - down ip rule add pref 32767 lookup default - down ip rule del pref 42000 - down ip route del default via 192.168.1.254 table default - - -# The public network interface -auto {{ srv_network.public.interface }} -iface {{ srv_network.public.interface }} inet static - address {{ srv_network.public.ip }} - netmask 255.255.255.0 - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf - ## mur.at - up ip addr add dev $IFACE {{ srv_network.public.ip_mur }}/28 - up ip route add default via 89.106.215.14 src {{ srv_network.public.ip_mur }} table mur-default - up ip rule add pref 33000 from {{ srv_network.public.ip_mur }} lookup mur-default - ## upc - up ip addr add dev $IFACE {{ srv_network.public.ip_upc }}/32 - up ip route add default via 192.168.3.254 src {{ srv_network.public.ip_upc }} table upc-default - up ip rule add pref 35000 from {{ srv_network.public.ip_upc }} lookup upc-default - ### firewall - up /etc/network/firewall4.sh start $IFACE - ########## - down /etc/network/firewall4.sh stop $IFACE - ## upc - down ip rule del pref 35000 - down ip route del default via 192.168.3.254 src {{ srv_network.public.ip_upc }} table upc-default - down ip addr del dev $IFACE {{ srv_network.public.ip_upc }}/32 - ## mur.at - down ip rule del pref 33000 - down ip route del default via 89.106.215.14 src {{ srv_network.public.ip_mur }} table mur-default - down ip addr del dev $IFACE {{ srv_network.public.ip_mur }}/28 - -iface {{ srv_network.public.interface }} inet6 static - address {{ srv_network.public.ip_mur6 }} - netmask 64 - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf - up ip -6 route add default via 2a02:3e0:2003::e src {{ srv_network.public.ip_mur6 }} table mur-default - up ip -6 rule add pref 33000 from {{ srv_network.public.ip_mur6 }} lookup mur-default - up /etc/network/firewall6.sh start $IFACE - down /etc/network/firewall6.sh stop $IFACE - down ip -6 rule del pref 33000 - down ip -6 route del default via 2a02:3e0:2003::e src {{ srv_network.public.ip_mur6 }} table mur-default diff --git a/roles/vm/network/templates/resolv.conf.j2 b/roles/vm/network/templates/resolv.conf.j2 new file mode 100644 index 00000000..86d4201e --- /dev/null +++ b/roles/vm/network/templates/resolv.conf.j2 @@ -0,0 +1,4 @@ +{% for nsrv in vm_network.nameservers %} +nameserver {{ nsrv }} +{% endfor %} +search {{ vm_network.domain }} diff --git a/roles/vm/network/templates/systemd.link.j2 b/roles/vm/network/templates/systemd.link.j2 index 753fd586..7093e164 100644 --- a/roles/vm/network/templates/systemd.link.j2 +++ b/roles/vm/network/templates/systemd.link.j2 @@ -1,5 +1,5 @@ [Match] -Path=pci-0000:01:{{ "%02d" | format(item.idx) }}.0 +Path=*pci-0000:01:{{ "%02d" | format(interface_index + 1) }}.0 [Link] Name={{ item.name }} |