blob: 3f2cdf5c46aa632a05c34e4fb1561d20e36da5cc (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
---
- name: create network bridges
when: "'bridges' in vm_host.network"
block:
- name: generate bridge interface config
loop: "{{ vm_host.network.bridges | default({}) | dict2items }}"
loop_control:
label: "{{ item.key }}"
copy:
dest: "/etc/network/interfaces.d/br-{{ item.key }}"
content: |
auto br-{{ item.key }}
{% if 'prefix' in item.value %}
iface br-{{ item.key }} inet static
address {{ item.value.prefix | ipaddr('address') }}
netmask {{ item.value.prefix | ipaddr('netmask') }}
{% if 'gateway' in item.value %}
gateway {{ item.value.gateway }}
{% endif %}
{% else %}
iface br-{{ item.key }} inet manual
{% endif %}
{% if 'interfaces' in item.value and (item.value.interfaces | length) > 0 %}
bridge_ports {{ item.value.interfaces | join(' ') }}
{% else %}
bridge_ports none
{% endif %}
bridge_stp off
bridge_waitport 0
bridge_fd 0
up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra
up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf
up modprobe br_netfilter
up /sbin/sysctl net.bridge.bridge-nf-call-iptables=0
up /sbin/sysctl net.bridge.bridge-nf-call-ip6tables=0
up /sbin/sysctl net.bridge.bridge-nf-call-arptables=0
{% if 'prefix' in item.value %}
{% if 'nat' in item.value and item.value.nat %}
up echo 1 > /proc/sys/net/ipv4/conf/$IFACE/forwarding
up echo 1 > /proc/sys/net/ipv4/conf/{{ ansible_default_ipv4.interface }}/forwarding
up /sbin/iptables -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ item.value.prefix | ipaddr('network/prefix') }} -j SNAT --to {{ ansible_default_ipv4.address }}
{% endif %}
{% if 'overlay' in item.value %}
{% for dest in item.value.overlay.offsets %}
up /bin/ip route add {{ (item.value.overlay.prefix | ipaddr(item.value.overlay.offsets[dest])).split('/')[0] }}/32 via {{ (item.value.prefix | ipaddr(item.value.offsets[dest])).split('/')[0] }} # {{ dest }}
{% endfor %}
up /bin/ip route add unreachable {{ item.value.overlay.prefix }}
down /sbin/ip route del {{ item.value.overlay.prefix }}
{% endif %}
{% if 'nat' in item.value and item.value.nat %}
down /sbin/iptables -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ item.value.prefix | ipaddr('network/prefix') }} -j SNAT --to {{ ansible_default_ipv4.address }}
{% endif %}
{% endif %}
{% if 'prefix6' in item.value %}
iface br-{{ item.key }} inet6 static
address {{ item.value.prefix6 }}
{% if 'gateway6' in item.value %}
gateway {{ item.value.gateway6 }}
{% endif %}
{% endif %}
register: vmhost_bridge_config
## We don't try to be to clever here: aka don't call ifdown before ifup because
## if there are VMs running they would end up with a broken network
- name: bring up bridge interfaces
loop: "{{ vmhost_bridge_config.results }}"
loop_control:
label: "br-{{ item.item.key }}"
when: item is changed
command: "/sbin/ifup br-{{ item.item.key }}"
|
