diff options
Diffstat (limited to 'roles')
-rw-r--r-- | roles/vm/host/tasks/main.yml | 5 | ||||
-rw-r--r-- | roles/vm/host/tasks/network.yml | 31 |
2 files changed, 36 insertions, 0 deletions
diff --git a/roles/vm/host/tasks/main.yml b/roles/vm/host/tasks/main.yml index f83b7d0b..83b5fca1 100644 --- a/roles/vm/host/tasks/main.yml +++ b/roles/vm/host/tasks/main.yml @@ -25,3 +25,8 @@ file: name: "{{ item }}" state: directory + +- name: install vm-host network + when: vm_host.network is defined + include_tasks: network.yml + diff --git a/roles/vm/host/tasks/network.yml b/roles/vm/host/tasks/network.yml new file mode 100644 index 00000000..d3d2edf2 --- /dev/null +++ b/roles/vm/host/tasks/network.yml @@ -0,0 +1,31 @@ +--- +## TODO: add support for ubuntu netplan +- name: create interface config + copy: + dest: "/etc/network/interfaces.d/{{ vm_host.network.interface }}" + content: | + auto {{ vm_host.network.interface }} + iface {{ vm_host.network.interface }} inet static + address {{ vm_host.network.ip }} + netmask {{ vm_host.network.mask }} + bridge_ports none + bridge_stp off + bridge_waitport 0 + bridge_fd 0 + up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra + up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf + up modprobe br_netfilter + up /sbin/sysctl net.bridge.bridge-nf-call-iptables=0 + up /sbin/sysctl net.bridge.bridge-nf-call-ip6tables=0 + up /sbin/sysctl net.bridge.bridge-nf-call-arptables=0 + {% if 'nat' in vm_host.network and vm_host.network.nat %} + up /usr/sbin/iptables -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ (vm_host.network.ip + '/' + vm_host.network.mask) | ipaddr('network/prefix') }} -j SNAT --to {{ ansible_default_ipv4.address }} + down /usr/sbin/iptables -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ (vm_host.network.ip + '/' + vm_host.network.mask) | ipaddr('network/prefix') }} -j SNAT --to {{ ansible_default_ipv4.address }} + {% endif %} + register: vmhost_interface_config + +## We don't try to be to clever here: aka don't call ifdown before ifup because +## if there are VMs running they would end up with a broken network +- name: bring vm-host interface up + when: vmhost_interface_config is changed + command: "/usr/sbin/ifup {{ vm_host.network.interface }}" |