Add ipforward option to configure IPForward

Add ipforward bool optional setting to systemd_networks to enable or disable forwarding for a given interface. IPForward is disabled by default. Change-Id: Iaea33b1bdde1964f38612ab8c278fed4985d390b
2019-02-08 11:56:19 -05:00 · 2019-02-08 11:56:19 -05:00 · 242b3c3fb4
commit 242b3c3fb4
parent c72988c4ce
4 changed files with 36 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -95,6 +95,10 @@ systemd_netdevs: []
 #  `static_routes` -- (optional) list of routes to use for the network. This
 #                                option requires a gateway and cidr to be set
 #                                within the list item.
+#  `ipforward` -- (optional) When set to true forwarding will be enabled for
+#                            interface.  This setting will enable
+#                            net.ipv4.ip_forward, net.ipv4.conf.all.forwarding
+#                            and net.ipv4.conf.interface.forwarding

 # systemd_networks:
 #   - interface: "dummy0"
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -137,3 +137,18 @@
    - systemd_run_networkd | bool
  tags:
    - systemd-networkd
+
+- name: restart systemd_networkd prior to applying sysctl changes
+  meta: flush_handlers
+
+- name: Add IP Forward for interface
+  sysctl:
+    name: "net.ipv4.conf.{{ item.1.interface }}.forwarding"
+    value: 1
+    sysctl_set: yes
+    state: present
+    reload: yes
+  with_indexed_items: "{{ systemd_networks }}"
+  when:
+    - (ansible_os_family | lower) == 'redhat'
+    - item.1.ipforward | default(false) | bool
--- a/templates/systemd-network.j2
+++ b/templates/systemd-network.j2
@ -55,3 +55,6 @@ MACVLAN={{ item.1.macvlan }}
 {% elif item.1.vxlan is defined %}
 VXLAN={{ item.1.vxlan }}
 {% endif %}
+{% if item.1.ipforward is defined %}
+IPForward={{ (item.1.ipforward | bool) | ternary('yes', 'no') }}
+{% endif %}
--- a/tests/test.yml
+++ b/tests/test.yml
@ -54,6 +54,9 @@
      - NetDev:
          Name: br-test
          Kind: bridge
+      - NetDev:
+          Name: br-test2
+          Kind: bridge
    systemd_networks:
      - interface: "dummy0"
        bond: "bond0"
@ -83,6 +86,10 @@
      - interface: "br-test"
        address: "10.1.0.1"
        netmask: "255.255.255.0"
+      - interface: "br-test2"
+        address: 10.2.0.1
+        netmask: "255.255.255.0"
+        ipforward: true


 - name: Test networkd
@ -131,6 +138,13 @@
      with_items:
        - MACAddressPolicy
        - NamePolicy
+    - name: Check forwarding is enabled
+      shell: 'grep -wo ^1$ /proc/sys/net/{{ item }}'
+      changed_when: false
+      with_items:
+        - "ipv4/ip_forward"
+        - "ipv4/conf/all/forwarding"
+        - "ipv4/conf/br-test2/forwarding"


 - name: Playbook for role testing with cleanup