diff options
Diffstat (limited to 'roles/vm/host/network')
-rw-r--r-- | roles/vm/host/network/tasks/main.yml | 42 | ||||
-rw-r--r-- | roles/vm/host/network/templates/bridge-interfaces.j2 | 53 | ||||
-rw-r--r-- | roles/vm/host/network/templates/interfaces.j2 | 79 |
3 files changed, 174 insertions, 0 deletions
diff --git a/roles/vm/host/network/tasks/main.yml b/roles/vm/host/network/tasks/main.yml new file mode 100644 index 00000000..cd415d1e --- /dev/null +++ b/roles/vm/host/network/tasks/main.yml @@ -0,0 +1,42 @@ +--- +- name: configure bonds and vlans + when: "'bonds' in network or 'vlans' in network" + block: + - name: install ifenslave package + when: "'bonds' in network" + apt: + name: ifenslave + state: present + + - name: install vlan package + when: "'vlans' in network" + apt: + name: vlan + state: present + + - name: create network interfaces + template: + src: interfaces.j2 + dest: /etc/network/interfaces + +- name: create network bridges + when: "'bridges' in vm_host.network" + block: + - name: generate bridge interface config + loop: "{{ vm_host.network.bridges | default({}) | dict2items }}" + loop_control: + label: "{{ item.key }}" + template: + src: bridge-interfaces.j2 + dest: "/etc/network/interfaces.d/br-{{ item.key }}" + register: vmhost_bridge_config + + ## We don't try to be to clever here: aka don't call ifdown before ifup because + ## if there are VMs running they would end up with a broken network + - name: bring up bridge interfaces + loop: "{{ vmhost_bridge_config.results }}" + loop_control: + label: "br-{{ item.item.key }}" + when: item is changed + command: "/sbin/ifup br-{{ item.item.key }}" + failed_when: false diff --git a/roles/vm/host/network/templates/bridge-interfaces.j2 b/roles/vm/host/network/templates/bridge-interfaces.j2 new file mode 100644 index 00000000..05144430 --- /dev/null +++ b/roles/vm/host/network/templates/bridge-interfaces.j2 @@ -0,0 +1,53 @@ +{% set bridge_name = 'br-'+item.key %} +{% set bridge = item.value %} +{% set interface = (network.interfaces | selectattr('name', 'eq', bridge_name) | first | default({})) %} +auto {{ bridge_name }} +{% if 'address' in interface %} +iface {{ bridge_name }} inet static + address {{ interface.address | ipaddr('address') }} + netmask {{ interface.address | ipaddr('netmask') }} +{% if 'gateway' in interface %} + gateway {{ interface.gateway }} +{% endif %} +{% else %} +iface {{ bridge_name }} inet manual +{% endif %} +{% if 'interfaces' in bridge and (bridge.interfaces | length) > 0 %} + bridge_ports {{ bridge.interfaces | join(' ') }} +{% else %} + bridge_ports none +{% endif %} + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra + up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf + up modprobe br_netfilter + up /sbin/sysctl net.bridge.bridge-nf-call-iptables=0 + up /sbin/sysctl net.bridge.bridge-nf-call-ip6tables=0 + up /sbin/sysctl net.bridge.bridge-nf-call-arptables=0 +{% if 'address' in interface and 'prefix' in bridge %} +{% if 'nat' in bridge and bridge.nat %} + up echo 1 > /proc/sys/net/ipv4/conf/$IFACE/forwarding + up echo 1 > /proc/sys/net/ipv4/conf/{{ ansible_default_ipv4.interface }}/forwarding + up /sbin/iptables -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ bridge.prefix }} -j SNAT --to {{ ansible_default_ipv4.address }} +{% endif %} +{% if 'overlay' in bridge %} +{% for dest, offset in (bridge.overlay.offsets | dictsort(by='value')) %} + up /bin/ip route add {{ (bridge.overlay.prefix | ipaddr(offset)).split('/')[0] }}/32 via {{ (bridge.prefix | ipaddr(bridge.offsets[dest])).split('/')[0] }} # {{ dest }} +{% endfor %} + up /bin/ip route add unreachable {{ bridge.overlay.prefix }} + down /sbin/ip route del {{ bridge.overlay.prefix }} +{% endif %} +{% if 'nat' in bridge and bridge.nat %} + down /sbin/iptables -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ bridge.prefix }} -j SNAT --to {{ ansible_default_ipv4.address }} +{% endif %} +{% endif %} +{% if 'address6' in interface %} + +iface {{ bridge_name }} inet6 static + address {{ interface.address6 }} +{% if 'gateway6' in interface %} + gateway {{ interface.gateway6 }} +{% endif %} +{% endif %} diff --git a/roles/vm/host/network/templates/interfaces.j2 b/roles/vm/host/network/templates/interfaces.j2 new file mode 100644 index 00000000..fe57a024 --- /dev/null +++ b/roles/vm/host/network/templates/interfaces.j2 @@ -0,0 +1,79 @@ +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +# The loopback network interface +auto lo +iface lo inet loopback + + +## pyhiscal interfaces + +{% for interface in network.bonds | default([]) | map(attribute='slaves') | flatten | union(network.vlans | default({}) | list) | difference(network.bonds | default([]) | map(attribute='name') | list) | sort | unique %} +auto {{ interface }} +iface {{ interface }} inet manual + pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra + pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf + +{% endfor %} + +{% for bond in network.bonds | default([]) %} +## Bond: {{ bond.name }} + +{% set tmp = network.interfaces | selectattr('name', 'eq', bond.name) | list %} +auto {{ bond.name }} +iface {{ bond.name }} inet {{ ((tmp | length) == 0) | ternary('manual', 'static') }} + bond-mode {{ bond.mode }} + bond-slaves {{ bond.slaves | sort | join(' ') }} +{% for option in (bond.options | default({}) | list | sort) %} + bond-{{ option }} {{ bond.options[option] }} +{% endfor %} + up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra + up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf +{% if (tmp | length) > 0 %} +{% set interface = tmp | first %} + address {{ interface.address | ipaddr('address') }} + netmask {{ interface.address | ipaddr('netmask') }} +{% if 'gateway' in interface %} + gateway {{ interface.gateway }} +{% endif %} +{% for route in interface.static_routes | default([]) %} + up /bin/ip route add {{ route.destination }} via {{ route.gateway }} +{% endfor %} +{% for route in interface.static_routes | default([]) | reverse %} + down /bin/ip route del {{ route.destination }} via {{ route.gateway }} +{% endfor %} +{% if 'address6' in interface %} + +iface {{ interface.name }} inet6 static + address {{ interface.address6 }} +{% if 'gateway6' in interface %} + gateway {{ interface.gateway6 }} +{% endif %} +{% for route in interface.static_routes6 | default([]) %} + up /bin/ip -6 route add {{ route.destination }} via {{ route.gateway }} +{% endfor %} +{% for route in interface.static_routes6 | default([]) | reverse %} + down /bin/ip -6 route del {{ route.destination }} via {{ route.gateway }} +{% endfor %} +{% endif %} +{% endif %} + + +{% endfor %} +{% for parent in network.vlans | default({}) | list | sort %} +## vlan interfaces @ {{ parent }} + +{% for vlan in network.vlans[parent] %} +auto {{ parent }}.{{ vlan }} +iface {{ parent }}.{{ vlan }} inet manual + up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra + up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf +{# TODO: add interface config like above if (network.interfaces | selectattr('name', 'eq', 'parent+'.'+vlan') | list) > 0 ... #} + +{% endfor %} + +{% endfor %} + +## source bridge configs + +source /etc/network/interfaces.d/* |