diff options
Diffstat (limited to 'roles')
-rw-r--r-- | roles/reboot-and-wait/defaults/main.yml | 3 | ||||
-rw-r--r-- | roles/reboot-and-wait/tasks/main.yml | 4 | ||||
-rw-r--r-- | roles/vm/grub/tasks/main.yml | 14 | ||||
-rw-r--r-- | roles/vm/host/tasks/main.yml | 29 | ||||
-rw-r--r-- | roles/vm/install/tasks/main.yml | 69 | ||||
-rw-r--r-- | roles/vm/install/templates/libvirt-domain.xml.j2 | 28 | ||||
-rw-r--r-- | roles/vm/install/templates/preseed_debian-stretch.cfg.j2 | 28 | ||||
-rw-r--r-- | roles/vm/network/tasks/lan.yml | 6 | ||||
-rw-r--r-- | roles/vm/network/tasks/main.yml | 40 | ||||
-rw-r--r-- | roles/vm/network/tasks/public.yml | 33 | ||||
-rw-r--r-- | roles/vm/network/tasks/systemd-link.yml | 15 | ||||
-rw-r--r-- | roles/vm/network/templates/firewall.sh_public.j2 | 49 | ||||
-rw-r--r-- | roles/vm/network/templates/interfaces.j2 (renamed from roles/vm/network/templates/interfaces_lan.j2) | 12 | ||||
-rw-r--r-- | roles/vm/network/templates/interfaces_public.j2 | 63 | ||||
-rw-r--r-- | roles/vm/network/templates/resolv.conf.j2 | 4 | ||||
-rw-r--r-- | roles/vm/network/templates/systemd.link.j2 | 2 |
16 files changed, 122 insertions, 277 deletions
diff --git a/roles/reboot-and-wait/defaults/main.yml b/roles/reboot-and-wait/defaults/main.yml new file mode 100644 index 00000000..d25b7097 --- /dev/null +++ b/roles/reboot-and-wait/defaults/main.yml @@ -0,0 +1,3 @@ +--- +reboot_delay: 60 +reboot_timeout: 300 diff --git a/roles/reboot-and-wait/tasks/main.yml b/roles/reboot-and-wait/tasks/main.yml index 4c1b7097..e648f0af 100644 --- a/roles/reboot-and-wait/tasks/main.yml +++ b/roles/reboot-and-wait/tasks/main.yml @@ -6,5 +6,5 @@ - name: waiting for host to come back wait_for_connection: - delay: "{{ reboot_delay | default(60) }}" - timeout: "{{ reboot_timeout | default(300) }}" + delay: "{{ reboot_delay }}" + timeout: "{{ reboot_timeout }}" diff --git a/roles/vm/grub/tasks/main.yml b/roles/vm/grub/tasks/main.yml index bd48a470..f751243a 100644 --- a/roles/vm/grub/tasks/main.yml +++ b/roles/vm/grub/tasks/main.yml @@ -1,12 +1,16 @@ --- - name: enable serial console in grub and for kernel + with_items: + - regexp: '^GRUB_TIMEOUT=' + line: 'GRUB_TIMEOUT=2' + - regexp: '^GRUB_CMDLINE_LINUX=' + line: 'GRUB_CMDLINE_LINUX="console=ttyS0,115200n8"' + - regexp: '^GRUB_TERMINAL=' + line: 'GRUB_TERMINAL=serial' + - regexp: '^GRUB_SERIAL_COMMAND=' + line: 'GRUB_SERIAL_COMMAND="serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1"' lineinfile: dest: /etc/default/grub regexp: "{{ item.regexp }}" line: "{{ item.line }}" - with_items: - - { regexp: '^GRUB_TIMEOUT=', line: 'GRUB_TIMEOUT=2' } - - { regexp: '^GRUB_CMDLINE_LINUX=', line: 'GRUB_CMDLINE_LINUX="console=ttyS0,115200n8"' } - - { regexp: '^GRUB_TERMINAL=', line: 'GRUB_TERMINAL=serial' } - - { regexp: '^GRUB_SERIAL_COMMAND=', line: 'GRUB_SERIAL_COMMAND="serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1"' } notify: update grub diff --git a/roles/vm/host/tasks/main.yml b/roles/vm/host/tasks/main.yml index a5e98fa9..248f855c 100644 --- a/roles/vm/host/tasks/main.yml +++ b/roles/vm/host/tasks/main.yml @@ -1,13 +1,12 @@ --- - name: install tftpd and python-libvirt - with_items: - - atftpd - - openbsd-inetd - - qemu-kvm - - libvirt-bin - - python-libvirt apt: - name: "{{ item }}" + name: + - atftpd + - openbsd-inetd + - qemu-kvm + - libvirt-bin + - python-libvirt state: present - name: configure tftpd via inetd @@ -19,24 +18,24 @@ - name: make sure installer directories exists with_items: - - "{{ vm_host.installer.path }}" - - "{{ vm_host.installer.preseed_path }}" + - "{{ vm_host.installer.path }}" + - "{{ vm_host.installer.preseed_path }}" file: name: "{{ item }}" state: directory - name: prepare directories for installer images with_subelements: - - "{{ vm_host.installer.distros }}" - - arch + - "{{ vm_host.installer.distros }}" + - arch file: name: "{{ vm_host.installer.path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}" state: directory - name: download installer kernel images with_subelements: - - "{{ vm_host.installer.distros }}" - - arch + - "{{ vm_host.installer.distros }}" + - arch get_url: url: "{{ vm_host_installer_url[item.0.distro] }}/dists/{{ item.0.codename }}/main/installer-{{ item.1 }}/current/images/netboot/{{ item.0.distro }}-installer/{{ item.1 }}/linux" dest: "{{ vm_host.installer.path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}/linux" @@ -45,8 +44,8 @@ - name: download installer initrd.gz with_subelements: - - "{{ vm_host.installer.distros }}" - - arch + - "{{ vm_host.installer.distros }}" + - arch get_url: url: "{{ vm_host_installer_url[item.0.distro] }}/dists/{{ item.0.codename }}/main/installer-{{ item.1 }}/current/images/netboot/{{ item.0.distro }}-installer/{{ item.1 }}/initrd.gz" dest: "{{ vm_host.installer.path }}/{{ item.0.distro }}-{{ item.0.codename }}/{{ item.1 }}/initrd.gz" diff --git a/roles/vm/install/tasks/main.yml b/roles/vm/install/tasks/main.yml index 22a6a351..36693125 100644 --- a/roles/vm/install/tasks/main.yml +++ b/roles/vm/install/tasks/main.yml @@ -2,45 +2,39 @@ - name: generate preseed file template: src: "preseed_{{ vmdistro }}-{{ vmdistcodename }}.cfg.j2" - dest: "{{ hostvars[vm_install.host].vm_host.installer.preseed_path }}/vm-{{ inventory_hostname }}-{{ vmdistro }}-{{ vmdistcodename }}.cfg" - delegate_to: "{{ vm_install.host }}" + dest: "{{ vm_host.installer.preseed_path }}/vm-{{ vmname }}-{{ vmdistro }}-{{ vmdistcodename }}.cfg" - name: create disks for vm - with_dict: "{{ vm_install.disks.virtio | default({}) | combine(vm_install.disks.scsi | default({})) }}" + with_dict: "{{ hostvars[vmname].vm_install_cooked.disks.virtio | default({}) | combine(hostvars[vmname].vm_install_cooked.disks.scsi | default({})) }}" lvol: vg: "{{ item.value.vg }}" lv: "{{ item.value.lv }}" size: "{{ item.value.size }}" - delegate_to: "{{ vm_install.host }}" - name: check if vm already exists virt: - name: "{{ inventory_hostname }}" + name: "{{ vmname }}" command: info - delegate_to: "{{ vm_install.host }}" register: vmhost_info - name: destroy exisiting vm virt: - name: "{{ inventory_hostname }}" + name: "{{ vmname }}" state: destroyed - delegate_to: "{{ vm_install.host }}" - when: inventory_hostname in vmhost_info + when: vmname in vmhost_info - name: wait for vm to be destroyed wait_for_virt: - name: "{{ inventory_hostname }}" + name: "{{ vmname }}" states: shutdown,crashed timeout: 5 - delegate_to: "{{ vm_install.host }}" - when: inventory_hostname in vmhost_info + when: vmname in vmhost_info - name: undefining exisiting vm virt: - name: "{{ inventory_hostname }}" + name: "{{ vmname }}" command: undefine - delegate_to: "{{ vm_install.host }}" - when: inventory_hostname in vmhost_info + when: vmname in vmhost_info - name: enable installer in VM config set_fact: @@ -48,41 +42,36 @@ - name: define new installer vm virt: - name: "{{ inventory_hostname }}" + name: "{{ vmname }}" command: define xml: "{{ lookup('template', 'libvirt-domain.xml.j2') }}" - delegate_to: "{{ vm_install.host }}" - name: start vm virt: - name: "{{ inventory_hostname }}" + name: "{{ vmname }}" state: running - delegate_to: "{{ vm_install.host }}" - name: wait for installer to start wait_for_virt: - name: "{{ inventory_hostname }}" + name: "{{ vmname }}" states: running timeout: 10 - delegate_to: "{{ vm_install.host }}" - debug: - msg: "you can check on the status of the installer running this command 'virsh console {{ inventory_hostname }}' on host {{ vm_install.host }}." + msg: "you can check on the status of the installer running this command 'virsh console {{ vmname }}' on host {{ inventory_hostname }}." - name: wait for installer to finish or crash wait_for_virt: - name: "{{ inventory_hostname }}" + name: "{{ vmname }}" states: shutdown,crashed - timeout: 900 - delegate_to: "{{ vm_install.host }}" + timeout: 1500 register: installer_result failed_when: installer_result.failed or installer_result.state == "crashed" - name: undefining installer vm virt: - name: "{{ inventory_hostname }}" + name: "{{ vmname }}" command: undefine - delegate_to: "{{ vm_install.host }}" - name: disable installer in VM config set_fact: @@ -90,34 +79,18 @@ - name: define new production vm virt: - name: "{{ inventory_hostname }}" + name: "{{ vmname }}" command: define xml: "{{ lookup('template', 'libvirt-domain.xml.j2') }}" - delegate_to: "{{ vm_install.host }}" - name: start vm virt: - name: "{{ inventory_hostname }}" + name: "{{ vmname }}" state: running - delegate_to: "{{ vm_install.host }}" - name: mark vm as autostarted virt: - name: "{{ inventory_hostname }}" - autostart: "{{ vm_install.autostart }}" + name: "{{ vmname }}" + autostart: "{{ hostvars[vmname].vm_install_cooked.autostart }}" command: info ## virt module needs either command or state - delegate_to: "{{ vm_install.host }}" - when: vm_install.autostart is defined - -- name: disable ssh StrictHostKeyChecking for the next step - set_fact: - ansible_ssh_extra_args: -o StrictHostKeyChecking=no - -- name: wait for vm to start up - wait_for_connection: - delay: 5 - timeout: 120 - -- name: reenable StrictHostKeyChecking - set_fact: - ansible_ssh_extra_args: "" + when: hostvars[vmname].vm_install_cooked.autostart is defined diff --git a/roles/vm/install/templates/libvirt-domain.xml.j2 b/roles/vm/install/templates/libvirt-domain.xml.j2 index c84b1045..2bf4b57b 100644 --- a/roles/vm/install/templates/libvirt-domain.xml.j2 +++ b/roles/vm/install/templates/libvirt-domain.xml.j2 @@ -1,14 +1,14 @@ <domain type='kvm'> - <name>{{ inventory_hostname }}</name> - <memory>{{ vm_install.mem * 1024 }}</memory> - <currentMemory>{{ vm_install.mem * 1024 }}</currentMemory> - <vcpu>{{ vm_install.numcpu }}</vcpu> + <name>{{ vmname }}</name> + <memory>{{ hostvars[vmname].vm_install_cooked.mem * 1024 }}</memory> + <currentMemory>{{ hostvars[vmname].vm_install_cooked.mem * 1024 }}</currentMemory> + <vcpu>{{ hostvars[vmname].vm_install_cooked.numcpu }}</vcpu> <os> <type arch='x86_64' machine='pc-0.12'>hvm</type> {% if run_installer %} - <kernel>{{ hostvars[vm_install.host].vm_host.installer.path }}/{{ vmdistro }}-{{ vmdistcodename }}/{{ vm_install.arch | default('amd64') }}/linux</kernel> - <initrd>{{ hostvars[vm_install.host].vm_host.installer.path }}/{{ vmdistro }}-{{ vmdistcodename }}/{{ vm_install.arch | default('amd64') }}/initrd.gz</initrd> - <cmdline>console=ttyS0,115200n8 auto=true interface=auto url=tftp://{{ hostvars[vm_install.host]['ansible_' + hostvars[vm_install.host].vm_host.installer.net_if].ipv4.address }}/vm-{{ inventory_hostname }}-{{ vmdistro }}-{{ vmdistcodename }}.cfg netcfg/choose_interface=enp1s1 netcfg/disable_autoconfig=true netcfg/get_ipaddress={{ vm_network.primary.ip }} netcfg/get_netmask={{ vm_network.primary.mask }} netcfg/get_gateway={{ vm_network.primary.gateway }} netcfg/get_nameservers="{{ vm_network.primary.nameservers | join(' ') }}" netcfg/confirm_static=true netcfg/get_hostname={{ inventory_hostname }} netcfg/get_domain={{ vm_network.primary.domain }}</cmdline> + <kernel>{{ vm_host.installer.path }}/{{ vmdistro }}-{{ vmdistcodename }}/{{ hostvars[vmname].vm_install_cooked.arch | default('amd64') }}/linux</kernel> + <initrd>{{ vm_host.installer.path }}/{{ vmdistro }}-{{ vmdistcodename }}/{{ hostvars[vmname].vm_install_cooked.arch | default('amd64') }}/initrd.gz</initrd> + <cmdline>console=ttyS0,115200n8 auto=true interface=auto url=tftp://{{ hostvars[inventory_hostname]['ansible_' + (vm_host.installer.net_if | replace('-', '_'))].ipv4.address }}/vm-{{ vmname }}-{{ vmdistro }}-{{ vmdistcodename }}.cfg netcfg/choose_interface=enp1s1 netcfg/disable_autoconfig=true netcfg/get_ipaddress={{ hostvars[vmname].vm_network_cooked.primary.ip }} netcfg/get_netmask={{ hostvars[vmname].vm_network_cooked.primary.mask }} netcfg/get_gateway={{ hostvars[vmname].vm_network_cooked.primary.gateway }} netcfg/get_nameservers="{{ hostvars[vmname].vm_network_cooked.nameservers | join(' ') }}" netcfg/confirm_static=true netcfg/get_hostname={{ vmname }} netcfg/get_domain={{ hostvars[vmname].vm_network_cooked.domain }}</cmdline> {% endif %} <boot dev='hd'/> </os> @@ -29,8 +29,8 @@ <devices> <emulator>/usr/bin/kvm</emulator> -{% if 'virtio' in vm_install.disks %} -{% for device, lv in vm_install.disks.virtio.items() %} +{% if 'virtio' in hostvars[vmname].vm_install_cooked.disks %} +{% for device, lv in hostvars[vmname].vm_install_cooked.disks.virtio.items() %} <disk type='block' device='disk'> <driver name='qemu' type='raw' cache='none' discard='unmap'/> <source dev='/dev/mapper/{{ lv.vg | replace('-', '--') }}-{{ lv.lv | replace('-', '--') }}'/> @@ -39,9 +39,9 @@ {% endfor %} {% endif %} -{% if 'scsi' in vm_install.disks %} +{% if 'scsi' in hostvars[vmname].vm_install_cooked.disks %} <controller type='scsi' index='0' model='virtio-scsi'/> -{% for device, lv in vm_install.disks.scsi.items() %} +{% for device, lv in hostvars[vmname].vm_install_cooked.disks.scsi.items() %} <disk type='block' device='disk'> <driver name='qemu' type='raw' cache='none' discard='unmap'/> <source dev='/dev/mapper/{{ lv.vg | replace('-', '--') }}-{{ lv.lv | replace('-', '--') }}'/> @@ -50,12 +50,12 @@ {% endfor %} {% endif %} -{% if vm_install.interfaces %} -{% for if in vm_install.interfaces %} +{% if hostvars[vmname].vm_install_cooked.interfaces %} +{% for if in hostvars[vmname].vm_install_cooked.interfaces %} <interface type='bridge'> <source bridge='{{ if.bridge }}'/> <model type='virtio'/> - <address type='pci' domain='0x0000' bus='0x01' slot='0x0{{ if.idx }}' function='0x0'/> + <address type='pci' domain='0x0000' bus='0x01' slot='0x0{{ loop.index }}' function='0x0'/> </interface> {% endfor %} {% endif %} diff --git a/roles/vm/install/templates/preseed_debian-stretch.cfg.j2 b/roles/vm/install/templates/preseed_debian-stretch.cfg.j2 index 55ddbfc2..8e221671 100644 --- a/roles/vm/install/templates/preseed_debian-stretch.cfg.j2 +++ b/roles/vm/install/templates/preseed_debian-stretch.cfg.j2 @@ -10,14 +10,14 @@ d-i keyboard-configuration/xkb-keymap select de #d-i netcfg/choose_interface select enp1s1 #d-i netcfg/disable_autoconfig boolean false -#d-i netcfg/get_ipaddress string {{ vm_network.primary.ip }} -#d-i netcfg/get_netmask string {{ vm_network.primary.mask }} -#d-i netcfg/get_gateway string {{ vm_network.primary.gateway }} -#d-i netcfg/get_nameservers string {{ vm_network.primary.nameservers | join(' ') }} +#d-i netcfg/get_ipaddress string {{ hostvars[vmname].vm_network_cooked.primary.ip }} +#d-i netcfg/get_netmask string {{ hostvars[vmname].vm_network_cooked.primary.mask }} +#d-i netcfg/get_gateway string {{ hostvars[vmname].vm_network_cooked.primary.gateway }} +#d-i netcfg/get_nameservers string {{ hostvars[vmname].vm_network_cooked.nameservers | join(' ') }} #d-i netcfg/confirm_static boolean true -d-i netcfg/get_hostname string {{ inventory_hostname }} -d-i netcfg/get_domain string {{ vm_network.primary.domain }} +d-i netcfg/get_hostname string {{ vmname }} +d-i netcfg/get_domain string {{ hostvars[vmname].vm_network_cooked.domain }} d-i netcfg/wireless_wep string @@ -37,7 +37,7 @@ d-i time/zone string Europe/Vienna d-i clock-setup/ntp boolean false -d-i partman-auto/disk string /dev/{{ vm_install.disks.primary }} +d-i partman-auto/disk string /dev/{{ hostvars[vmname].vm_install_cooked.disks.primary }} d-i partman-auto/method string lvm d-i partman-lvm/device_remove_lvm boolean true d-i partman-md/device_remove_md boolean true @@ -49,22 +49,22 @@ d-i partman-auto/expert_recipe string \ boot-root :: \ 1000 10000 -1 ext4 \ $defaultignore{ } $primary{ } $bootable{ } \ - method{ lvm } vg_name{ {{ inventory_hostname }} } \ + method{ lvm } vg_name{ {{ vmname }} } \ . \ 2048 10000 2560 ext4 \ - $lvmok{ } in_vg{ {{ inventory_hostname }} } \ + $lvmok{ } in_vg{ {{ vmname }} } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ / } \ . \ 1024 11000 1280 ext4 \ - $lvmok{ } in_vg{ {{ inventory_hostname }} } \ + $lvmok{ } in_vg{ {{ vmname }} } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /var } \ . \ 768 10000 768 ext4 \ - $lvmok{ } in_vg{ {{ inventory_hostname }} } \ + $lvmok{ } in_vg{ {{ vmname }} } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /var/log } \ @@ -72,7 +72,7 @@ d-i partman-auto/expert_recipe string \ options/noexec{ noexec } \ . \ 16 20000 -1 ext4 \ - $lvmok{ } in_vg{ {{ inventory_hostname }} } \ + $lvmok{ } in_vg{ {{ vmname }} } \ method( keep } lv_name{ dummy } \ . @@ -92,7 +92,7 @@ d-i pkgsel/include string openssh-server python d-i pkgsel/upgrade select safe-upgrade popularity-contest popularity-contest/participate boolean false -d-i grub-installer/choose_bootdev string /dev/{{ vm_install.disks.primary }} +d-i grub-installer/choose_bootdev string /dev/{{ hostvars[vmname].vm_install_cooked.disks.primary }} d-i grub-installer/only_debian boolean true d-i grub-installer/with_other_os boolean false @@ -100,6 +100,6 @@ d-i finish-install/reboot_in_progress note d-i preseed/late_command string \ - lvremove -f {{ inventory_hostname }}/dummy; \ + lvremove -f {{ vmname }}/dummy; \ in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \ in-target bash -c "passwd -d root; passwd -l root; umask 077; mkdir -p /root/.ssh/; echo -e '{{ sshserver_root_keys }}' > /root/.ssh/authorized_keys" diff --git a/roles/vm/network/tasks/lan.yml b/roles/vm/network/tasks/lan.yml deleted file mode 100644 index ec436e9b..00000000 --- a/roles/vm/network/tasks/lan.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: install interface config (LAN only) - template: - src: interfaces_lan.j2 - dest: /etc/network/interfaces - mode: 0644 diff --git a/roles/vm/network/tasks/main.yml b/roles/vm/network/tasks/main.yml index 222a350b..3d51fff2 100644 --- a/roles/vm/network/tasks/main.yml +++ b/roles/vm/network/tasks/main.yml @@ -1,9 +1,37 @@ --- -- import_tasks: systemd-link.yml - when: srv_network.systemd_link is defined +- block: + - name: remove legacy systemd.link units + with_items: + - 50-virtio-kernel-names.link + - 99-default.link + file: + name: "/etc/systemd/network/{{ item }}" + state: absent -- import_tasks: public.yml - when: srv_network.public is defined + - name: install systemd network link units + with_items: "{{ vm_network.systemd_link.interfaces }}" + loop_control: + index_var: interface_index + template: + src: systemd.link.j2 + dest: "/etc/systemd/network/{{ '%02d' | format(interface_index + 11) }}-{{ item.name }}.link" + notify: rebuild initramfs -- import_tasks: lan.yml - when: srv_network.public is not defined + when: vm_network.systemd_link is defined + +- name: install basic interface config + template: + src: interfaces.j2 + dest: /etc/network/interfaces + mode: 0644 + +- name: remove resolvconf package + apt: + name: resolvconf + state: absent + purge: yes + +- name: generate resolv.conf + template: + src: resolv.conf.j2 + dest: /etc/resolv.conf diff --git a/roles/vm/network/tasks/public.yml b/roles/vm/network/tasks/public.yml deleted file mode 100644 index 8b0e317a..00000000 --- a/roles/vm/network/tasks/public.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -- name: set routing table names - with_items: - - { regexp: '^89\s', line: '89 mur-default' } - - { regexp: '^212\s', line: '212 upc-default' } - lineinfile: - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - dest: /etc/iproute2/rt_tables - -- name: calculate address lists - set_fact: - srv_network_public_firewall_ipv4: - - "{{ srv_network.public.ip_mur }}" - - "{{ srv_network.public.ip_upc }}" - srv_network_public_firewall_ipv6: - - "{{ srv_network.public.ip_mur6 }}" - -- name: install firewall scripts - with_items: - - 4 - - 6 - template: - src: firewall.sh_public.j2 - dest: "/etc/network/firewall{{ item }}.sh" - mode: 0755 - when: srv_network.public.firewall is defined - -- name: install interface config (Public) - template: - src: interfaces_public.j2 - dest: /etc/network/interfaces - mode: 0644 diff --git a/roles/vm/network/tasks/systemd-link.yml b/roles/vm/network/tasks/systemd-link.yml deleted file mode 100644 index ad12cd37..00000000 --- a/roles/vm/network/tasks/systemd-link.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: remove legacy systemd.link units - file: - name: "/etc/systemd/network/{{ item }}" - state: absent - with_items: - - 50-virtio-kernel-names.link - - 99-default.link - -- name: install systemd network link units - template: - src: systemd.link.j2 - dest: "/etc/systemd/network/{{ '%02d' | format(item.idx + 10) }}-{{ item.name }}.link" - with_items: "{{ srv_network.systemd_link.interfaces }}" - notify: rebuild initramfs diff --git a/roles/vm/network/templates/firewall.sh_public.j2 b/roles/vm/network/templates/firewall.sh_public.j2 deleted file mode 100644 index df5b1373..00000000 --- a/roles/vm/network/templates/firewall.sh_public.j2 +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/sh - -PUBLIC_IPS="{% if item == 4 %}{{ srv_network_public_firewall_ipv4 | join(' ') }}{% else %}{{ srv_network_public_firewall_ipv6 | join(' ') }}{% endif %}" -PUBLIC_IF="$2" -TCP_PORTS="{{ srv_network.public.firewall.tcp_ports | default([]) | join(' ') }}" -UDP_PORTS="{{ srv_network.public.firewall.udp_ports | default([]) | join(' ') }}" - -##### -IPTABLES="/sbin/ip{% if item == 6 %}6{% endif %}tables" -ICMP="icmp{% if item == 6 %}v6{% endif %}" - -case "$1" in - start) - $IPTABLES -A INPUT -i $PUBLIC_IF -p $ICMP -j ACCEPT - $IPTABLES -A INPUT -i $PUBLIC_IF -m state --state related,established -j ACCEPT - for port in $TCP_PORTS; do - for ip in $PUBLIC_IPS; do - $IPTABLES -A INPUT -i $PUBLIC_IF -d $ip -p tcp --dport $port -j ACCEPT - done - done - for port in $UDP_PORTS; do - for ip in $PUBLIC_IPS; do - $IPTABLES -A INPUT -i $PUBLIC_IF -d $ip -p udp --dport $port -j ACCEPT - done - done - $IPTABLES -A INPUT -i $PUBLIC_IF -j DROP - ;; - stop) - $IPTABLES -D INPUT -i $PUBLIC_IF -j DROP - for port in $UDP_PORTS; do - for ip in $PUBLIC_IPS; do - $IPTABLES -D INPUT -i $PUBLIC_IF -d $ip -p udp --dport $port -j ACCEPT - done - done - for port in $TCP_PORTS; do - for ip in $PUBLIC_IPS; do - $IPTABLES -D INPUT -i $PUBLIC_IF -d $ip -p tcp --dport $port -j ACCEPT - done - done - $IPTABLES -D INPUT -i $PUBLIC_IF -m state --state related,established -j ACCEPT - $IPTABLES -D INPUT -i $PUBLIC_IF -p $ICMP -j ACCEPT - ;; - *) - echo "Usage: $0 (start|stop)" - exit 1 - ;; -esac - -exit 0 diff --git a/roles/vm/network/templates/interfaces_lan.j2 b/roles/vm/network/templates/interfaces.j2 index 36ae2883..542e18d6 100644 --- a/roles/vm/network/templates/interfaces_lan.j2 +++ b/roles/vm/network/templates/interfaces.j2 @@ -7,11 +7,11 @@ source /etc/network/interfaces.d/* auto lo iface lo inet loopback -# The internal network interface -auto {{ srv_network.internal.interface }} -iface {{ srv_network.internal.interface }} inet static - address {{ srv_network.internal.ip }} - netmask 255.255.255.0 - gateway 192.168.1.254 +# The primary network interface +auto {{ vm_network.primary.interface }} +iface {{ vm_network.primary.interface }} inet static + address {{ vm_network.primary.ip }} + netmask {{ vm_network.primary.mask }} + gateway {{ vm_network.primary.gateway }} pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf diff --git a/roles/vm/network/templates/interfaces_public.j2 b/roles/vm/network/templates/interfaces_public.j2 deleted file mode 100644 index 2e8583ab..00000000 --- a/roles/vm/network/templates/interfaces_public.j2 +++ /dev/null @@ -1,63 +0,0 @@ -# This file describes the network interfaces available on your system -# and how to activate them. For more information, see interfaces(5). - -source /etc/network/interfaces.d/* - -# The loopback network interface -auto lo -iface lo inet loopback - -# The internal network interface -auto {{ srv_network.internal.interface }} -iface {{ srv_network.internal.interface }} inet static - address {{ srv_network.internal.ip }} - netmask 255.255.255.0 - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf - up ip route add default via 192.168.1.254 table default - up ip rule add pref 42000 lookup default - up ip rule del pref 32767 - down ip rule add pref 32767 lookup default - down ip rule del pref 42000 - down ip route del default via 192.168.1.254 table default - - -# The public network interface -auto {{ srv_network.public.interface }} -iface {{ srv_network.public.interface }} inet static - address {{ srv_network.public.ip }} - netmask 255.255.255.0 - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf - ## mur.at - up ip addr add dev $IFACE {{ srv_network.public.ip_mur }}/28 - up ip route add default via 89.106.215.14 src {{ srv_network.public.ip_mur }} table mur-default - up ip rule add pref 33000 from {{ srv_network.public.ip_mur }} lookup mur-default - ## upc - up ip addr add dev $IFACE {{ srv_network.public.ip_upc }}/32 - up ip route add default via 192.168.3.254 src {{ srv_network.public.ip_upc }} table upc-default - up ip rule add pref 35000 from {{ srv_network.public.ip_upc }} lookup upc-default - ### firewall - up /etc/network/firewall4.sh start $IFACE - ########## - down /etc/network/firewall4.sh stop $IFACE - ## upc - down ip rule del pref 35000 - down ip route del default via 192.168.3.254 src {{ srv_network.public.ip_upc }} table upc-default - down ip addr del dev $IFACE {{ srv_network.public.ip_upc }}/32 - ## mur.at - down ip rule del pref 33000 - down ip route del default via 89.106.215.14 src {{ srv_network.public.ip_mur }} table mur-default - down ip addr del dev $IFACE {{ srv_network.public.ip_mur }}/28 - -iface {{ srv_network.public.interface }} inet6 static - address {{ srv_network.public.ip_mur6 }} - netmask 64 - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf - up ip -6 route add default via 2a02:3e0:2003::e src {{ srv_network.public.ip_mur6 }} table mur-default - up ip -6 rule add pref 33000 from {{ srv_network.public.ip_mur6 }} lookup mur-default - up /etc/network/firewall6.sh start $IFACE - down /etc/network/firewall6.sh stop $IFACE - down ip -6 rule del pref 33000 - down ip -6 route del default via 2a02:3e0:2003::e src {{ srv_network.public.ip_mur6 }} table mur-default diff --git a/roles/vm/network/templates/resolv.conf.j2 b/roles/vm/network/templates/resolv.conf.j2 new file mode 100644 index 00000000..86d4201e --- /dev/null +++ b/roles/vm/network/templates/resolv.conf.j2 @@ -0,0 +1,4 @@ +{% for nsrv in vm_network.nameservers %} +nameserver {{ nsrv }} +{% endfor %} +search {{ vm_network.domain }} diff --git a/roles/vm/network/templates/systemd.link.j2 b/roles/vm/network/templates/systemd.link.j2 index 753fd586..7093e164 100644 --- a/roles/vm/network/templates/systemd.link.j2 +++ b/roles/vm/network/templates/systemd.link.j2 @@ -1,5 +1,5 @@ [Match] -Path=pci-0000:01:{{ "%02d" | format(item.idx) }}.0 +Path=*pci-0000:01:{{ "%02d" | format(interface_index + 1) }}.0 [Link] Name={{ item.name }} |