summaryrefslogtreecommitdiff
path: root/roles/vm/host/network/templates/bridge-interfaces.j2
blob: 0492c7f1c86eb455a23a41d9616b4a5825896f63 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
{% set bridge_name = 'br-'+item.key %}
{% set bridge = item.value %}
{% set matched = (network.interfaces | selectattr('name', 'eq', bridge_name) | list) %}
auto {{ bridge_name }}
iface {{ bridge_name }} inet {{ ((matched | length) == 0) | ternary('manual', 'static') }}
  up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra
  up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf
  bridge_ports {{ bridge.interfaces | default(['none']) | join(' ') }}
  bridge_stp off
  bridge_waitport 0
  bridge_fd 0
  up modprobe br_netfilter
  up /sbin/sysctl net.bridge.bridge-nf-call-iptables=0
  up /sbin/sysctl net.bridge.bridge-nf-call-ip6tables=0
  up /sbin/sysctl net.bridge.bridge-nf-call-arptables=0
{% if (matched | length) > 0 %}
{%   set interface = matched | first %}
{%   if 'content' in interface %}
  {{ interface.content | indent(2) }}
{%   else %}
{%     include 'interfaces/' + (interface.template | default('simple')) + '.j2' %}
{%   endif %}
{%   if 'prefix' in bridge %}
{%     if 'nat' in bridge and bridge.nat %}
  up echo 1 > /proc/sys/net/ipv4/conf/$IFACE/forwarding
  up echo 1 > /proc/sys/net/ipv4/conf/{{ ansible_default_ipv4.interface }}/forwarding
  up /sbin/iptables -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ bridge.prefix }} -j SNAT --to {{ ansible_default_ipv4.address }}
{%     endif %}
{%     for overlay_name in (bridge.overlays | default({}) | list | sort) %}
{%       set overlay = bridge.overlays[overlay_name] %}
{%       for dest, offset in (overlay.offsets | dictsort(by='value')) %}
  up /bin/ip route add {{ (overlay.prefix | ansible.utils.ipaddr(offset)).split('/')[0] }}/32 via {{ (bridge.prefix | ansible.utils.ipaddr(bridge.offsets[dest])).split('/')[0] }}  # {{ dest }}
{%       endfor %}
  up /bin/ip route add unreachable {{ overlay.prefix }}
  down /sbin/ip route del {{ overlay.prefix }}
{%     endfor %}
{%     if 'nat' in bridge and bridge.nat %}
  down /sbin/iptables -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ bridge.prefix }} -j SNAT --to {{ ansible_default_ipv4.address }}
{%     endif %}
{%   endif %}
{%   if 'content6' in interface or 'address6' in interface %}

iface {{ interface.name }} inet6 static
{%     if 'content6' in interface %}
  {{ interface.content6 | indent(2) }}
{%     else %}
{%       include 'interfaces/' + (interface.template6 | default('simple6')) + '.j2' %}
{%     endif %}
{%   endif %}
{% endif %}