From d3e6cce667930b6a9e9ce9296622f43bec5bf267 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 6 Oct 2019 22:33:31 +0200 Subject: vm/network: add support for public --- roles/vm/host/tasks/network.yml | 14 ++++++-------- roles/vm/network/templates/interfaces.j2 | 11 +++++++++-- 2 files changed, 15 insertions(+), 10 deletions(-) (limited to 'roles/vm') diff --git a/roles/vm/host/tasks/network.yml b/roles/vm/host/tasks/network.yml index a6eb7333..0c7e36f9 100644 --- a/roles/vm/host/tasks/network.yml +++ b/roles/vm/host/tasks/network.yml @@ -20,19 +20,17 @@ {% if 'nat' in vm_host.network and vm_host.network.nat %} up echo 1 > /proc/sys/net/ipv4/conf/$IFACE/forwarding up echo 1 > /proc/sys/net/ipv4/conf/{{ ansible_default_ipv4.interface }}/forwarding - up /usr/sbin/iptables -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ vm_host.network.prefix | ipaddr('network/prefix') }} -j SNAT --to {{ ansible_default_ipv4.address }} + up /sbin/iptables -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ vm_host.network.prefix | ipaddr('network/prefix') }} -j SNAT --to {{ ansible_default_ipv4.address }} {% endif %} {% if 'public' in vm_host.network %} {% for dest in vm_host.network.public.mappings %} - {% for idx in vm_host.network.public.mappings[dest] %} - up /usr/sbin/ip route add {{ (vm_host.network.public.prefix | ipaddr(idx)).split('/')[0] }}/32 via {{ (vm_host.network.prefix | ipaddr(vm_host.network.offsets[dest])).split('/')[0] }} # {{ dest }} - {% endfor %} + up /bin/ip route add {{ (vm_host.network.public.prefix | ipaddr(vm_host.network.public.mappings[dest])).split('/')[0] }}/32 via {{ (vm_host.network.prefix | ipaddr(vm_host.network.offsets[dest])).split('/')[0] }} # {{ dest }} {% endfor %} - up /usr/sbin/ip route add unreachable {{ vm_host.network.public.prefix }} - down /usr/sbin/ip route del {{ vm_host.network.public.prefix }} + up /bin/ip route add unreachable {{ vm_host.network.public.prefix }} + down /sbin/ip route del {{ vm_host.network.public.prefix }} {% endif %} {% if 'nat' in vm_host.network and vm_host.network.nat %} - down /usr/sbin/iptables -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ vm_host.network.prefix | ipaddr('network/prefix') }} -j SNAT --to {{ ansible_default_ipv4.address }} + down /sbin/iptables -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ vm_host.network.prefix | ipaddr('network/prefix') }} -j SNAT --to {{ ansible_default_ipv4.address }} {% endif %} register: vmhost_interface_config @@ -40,4 +38,4 @@ ## if there are VMs running they would end up with a broken network - name: bring vm-host interface up when: vmhost_interface_config is changed - command: "/usr/sbin/ifup {{ vm_host.network.interface }}" + command: "/sbin/ifup {{ vm_host.network.interface }}" diff --git a/roles/vm/network/templates/interfaces.j2 b/roles/vm/network/templates/interfaces.j2 index d59d53e1..aa94440e 100644 --- a/roles/vm/network/templates/interfaces.j2 +++ b/roles/vm/network/templates/interfaces.j2 @@ -10,11 +10,18 @@ iface lo inet loopback # The primary network interface auto {{ network.primary.interface }} iface {{ network.primary.interface }} inet static + pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra + pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf address {{ network.primary.ip }} netmask {{ network.primary.mask }} +{% if 'public' in network.primary %} + up /bin/ip addr add dev $IFACE {{ network.primary.public }}/32 + up /bin/ip route add default via {{ network.primary.gateway }} src {{ network.primary.public }} + down /bin/ip route del default via {{ network.primary.gateway }} src {{ network.primary.public }} + down /bin/ip addr del dev $IFACE {{ network.primary.public }}/32 +{% else %} gateway {{ network.primary.gateway }} - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra - pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf +{% endif %} {% if 'prefix6' in network.primary %} iface {{ network.primary.interface }} inet6 static -- cgit v1.2.3