summaryrefslogtreecommitdiff
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/vm/host/tasks/main.yml5
-rw-r--r--roles/vm/host/tasks/network.yml31
2 files changed, 36 insertions, 0 deletions
diff --git a/roles/vm/host/tasks/main.yml b/roles/vm/host/tasks/main.yml
index f83b7d0b..83b5fca1 100644
--- a/roles/vm/host/tasks/main.yml
+++ b/roles/vm/host/tasks/main.yml
@@ -25,3 +25,8 @@
file:
name: "{{ item }}"
state: directory
+
+- name: install vm-host network
+ when: vm_host.network is defined
+ include_tasks: network.yml
+
diff --git a/roles/vm/host/tasks/network.yml b/roles/vm/host/tasks/network.yml
new file mode 100644
index 00000000..d3d2edf2
--- /dev/null
+++ b/roles/vm/host/tasks/network.yml
@@ -0,0 +1,31 @@
+---
+## TODO: add support for ubuntu netplan
+- name: create interface config
+ copy:
+ dest: "/etc/network/interfaces.d/{{ vm_host.network.interface }}"
+ content: |
+ auto {{ vm_host.network.interface }}
+ iface {{ vm_host.network.interface }} inet static
+ address {{ vm_host.network.ip }}
+ netmask {{ vm_host.network.mask }}
+ bridge_ports none
+ bridge_stp off
+ bridge_waitport 0
+ bridge_fd 0
+ up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra
+ up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf
+ up modprobe br_netfilter
+ up /sbin/sysctl net.bridge.bridge-nf-call-iptables=0
+ up /sbin/sysctl net.bridge.bridge-nf-call-ip6tables=0
+ up /sbin/sysctl net.bridge.bridge-nf-call-arptables=0
+ {% if 'nat' in vm_host.network and vm_host.network.nat %}
+ up /usr/sbin/iptables -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ (vm_host.network.ip + '/' + vm_host.network.mask) | ipaddr('network/prefix') }} -j SNAT --to {{ ansible_default_ipv4.address }}
+ down /usr/sbin/iptables -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ (vm_host.network.ip + '/' + vm_host.network.mask) | ipaddr('network/prefix') }} -j SNAT --to {{ ansible_default_ipv4.address }}
+ {% endif %}
+ register: vmhost_interface_config
+
+## We don't try to be to clever here: aka don't call ifdown before ifup because
+## if there are VMs running they would end up with a broken network
+- name: bring vm-host interface up
+ when: vmhost_interface_config is changed
+ command: "/usr/sbin/ifup {{ vm_host.network.interface }}"