openstack/ansible-role-systemd_networkd
Code Issues Proposed changes
ansible-role-systemd_networkd/tasks/main.yml
Dmitriy Rabotyagov 1a7de3340b Allow to apply only overrides to the network interface 
In case system is managed through netplan, but deployer want
to extend configuration with extra data, like define extra vlan for
existing bonding interface, they may use override files to extend
configuration and to avoid potential conflicts.

Change-Id: Iaeec0c5a5b1901207e09751bb424df1326cbfc06
2025-02-04 12:40:13 +00:00

265 lines
8.7 KiB
YAML
Raw Permalink Blame History

---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Gather variables for each operating system
include_vars: "{{ lookup('first_found', params) }}"
vars:
params:
files:
- "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml"
- "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
- "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
- "{{ ansible_facts['distribution'] | lower }}.yml"
- "{{ ansible_facts['os_family'] | lower }}.yml"
paths:
- "{{ role_path }}/vars"
skip: true # skip if no files are found
tags:
- always
- name: Install required repos and packages
when:
- systemd_networkd_distro_packages | length > 0
block:
# Copy all factored-in GPG keys.
# KeyID 2F86D6A1 from https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8
- name: If a keyfile is provided, copy the gpg keyfile to the key location
copy:
src: "{{ item.keyfile }}"
dest: "{{ item.key }}"
mode: '0644'
with_items: "{{ systemd_networkd_package_repos_keys | selectattr('keyfile', 'defined') | list }}"
when:
- ansible_facts['os_family'] | lower == 'redhat'
- name: Ensure GPG keys have the correct SELinux contexts applied
command: restorecon -Rv /etc/pki/rpm-gpg/
# TODO(evrardjp): Be more idempotent
changed_when: false
when:
- ansible_facts['os_family'] | lower == 'redhat'
# Handle gpg keys manually
- name: Install gpg keys
rpm_key:
key: "{{ key.key }}"
validate_certs: "{{ key.validate_certs | default(omit) }}"
state: "{{ key.state | default('present') }}"
with_items: "{{ systemd_networkd_package_repos_keys }}"
loop_control:
loop_var: key
register: _add_yum_keys
until: _add_yum_keys is success
retries: 5
delay: 2
when:
- ansible_facts['os_family'] | lower == 'redhat'
# NOTE(jrosser) this repo is configured with the path to the first gpg key provided
- name: Install the EPEL repository
yum_repository:
name: epel-networkd
baseurl: "{{ systemd_networkd_epel_mirror ~ '/' ~ ansible_facts['distribution_major_version'] ~ '/Everything/' ~ ansible_facts['architecture'] }}"
description: 'Extra Packages for Enterprise Linux $releasever - $basearch'
gpgkey: "file://{{ systemd_networkd_package_repos_keys[0].key }}"
gpgcheck: yes
enabled: yes
state: present
includepkgs: 'systemd-networkd'
when:
- ansible_facts['os_family'] | lower == 'redhat'
register: install_epel_repo
until: install_epel_repo is success
retries: 5
delay: 2
- name: Install networkd distro packages
package:
name: "{{ systemd_networkd_distro_packages | select() }}"
state: "present"
update_cache: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary('yes', omit) }}"
cache_valid_time: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary(600, omit) }}"
enablerepo: "{{ systemd_networkd_enablerepo | default(omit) }}"
register: install_packages
until: install_packages is success
retries: 3
delay: 2
notify:
- Restart systemd-networkd
- name: Create systemd-networkd directory
file:
path: "/etc/systemd/network"
state: directory
mode: "0755"
tags:
- systemd-networkd
- name: Create systemd-resolved config
template:
src: "systemd-resolved.conf.j2"
dest: "/etc/systemd/resolved.conf"
owner: "root"
group: "root"
mode: "0644"
when:
- systemd_resolved | length > 0
- systemd_resolved_available | bool
notify:
- Restart systemd-resolved
tags:
- systemd-resolved
- name: Find prefixed netdev and network files
find:
paths: "/etc/systemd/network"
patterns: "*{{ systemd_networkd_prefix }}*.netdev,*{{ systemd_networkd_prefix }}*.network"
register: networkd_files
when:
- systemd_interface_cleanup | bool
tags:
- systemd-networkd
- name: Remove prefixed network files
file:
path: "{{ item.path }}"
state: absent
with_items: "{{ networkd_files.files }}"
when:
- systemd_interface_cleanup | bool
notify:
- Restart systemd-networkd
tags:
- systemd-networkd
- name: Create systemd-networkd network device(s)
template:
src: "systemd-netdev.j2"
dest: "/etc/systemd/network/{{ item.1.filename }}.netdev"
owner: "root"
group: "root"
mode: "0644"
with_indexed_items: "{{ _systemd_netdevs_named }}"
notify:
- Restart systemd-networkd
tags:
- systemd-networkd
- name: Create systemd-networkd network link(s)
openstack.config_template.config_template:
src: "systemd-link.j2"
dest: "/etc/systemd/network/{{ item.1.filename }}.link"
owner: "root"
group: "root"
mode: "0644"
config_overrides: "{{ item.1.link_config_overrides | default(systemd_link_config_overrides) }}"
config_type: "ini"
with_indexed_items: >-
{{
_systemd_networks_named | rejectattr('network_overrides_only', 'defined') +
_systemd_networks_named | selectattr('network_overrides_only', 'defined') | selectattr('network_overrides_only', 'false')
}}
notify:
- Update initramfs
- Restart systemd-networkd
tags:
- systemd-networkd
- name: Create systemd-networkd network network(s)
openstack.config_template.config_template:
src: "systemd-network.j2"
dest: "/etc/systemd/network/{{ item.1.filename }}.network"
owner: "root"
group: "root"
mode: "0644"
config_overrides: "{{ item.1.config_overrides | default({}) }}"
config_type: "ini"
with_indexed_items: >-
{{
_systemd_networks_named | rejectattr('network_overrides_only', 'defined') +
_systemd_networks_named | selectattr('network_overrides_only', 'defined') | selectattr('network_overrides_only', 'false')
}}
notify:
- Restart systemd-networkd
tags:
- systemd-networkd
- name: Create systemd-networkd extra config folder
ansible.builtin.file:
path: "/etc/systemd/network/{{ item }}.network.d"
owner: "root"
group: "root"
mode: "0755"
state: directory
loop: >-
{{
(
_systemd_networks_named | selectattr('static_routes', 'defined') +
_systemd_networks_named | selectattr('network_overrides_only', 'defined') | selectattr('network_overrides_only', 'true')
) | map(attribute='filename')
}}
- name: Create overrides files for network_overrides_only networks
openstack.config_template.config_template:
dest: "/etc/systemd/network/{{ item.1.filename }}.network.d/overrides.conf"
owner: "root"
group: "root"
mode: "0644"
config_overrides: "{{ item.1.config_overrides | default({}) }}"
config_type: "ini"
with_indexed_items: >-
{{ _systemd_networks_named | selectattr('network_overrides_only', 'defined') | selectattr('network_overrides_only', 'true') }}
notify:
- Restart systemd-networkd
tags:
- systemd-networkd
- name: Place systemd-networkd routing policy rules
ansible.builtin.template:
src: systemd-network-rules.j2
dest: "/etc/systemd/network/{{ item['filename'] }}.network.d/rules.conf"
owner: "root"
group: "root"
mode: "0644"
loop: "{{ _systemd_networks_named | selectattr('routing_rules', 'defined') }}"
notify:
- Restart systemd-networkd
- name: Place systemd-networkd network routes
ansible.builtin.template:
src: systemd-network-routes.j2
dest: "/etc/systemd/network/{{ item['filename'] }}.network.d/routes.conf"
owner: "root"
group: "root"
mode: "0644"
loop: "{{ _systemd_networks_named | selectattr('static_routes', 'defined') }}"
notify:
- Restart systemd-networkd
- name: Restart systemd_networkd prior to applying sysctl changes
meta: flush_handlers
- name: Add IP Forward for interface
sysctl:
name: "net.ipv4.conf.{{ item.1.interface }}.forwarding"
value: 1
sysctl_set: yes
state: present
reload: yes
with_indexed_items: "{{ _systemd_networks_named }}"
when:
- (ansible_facts['os_family'] | lower) == 'redhat'
- item.1.ipforward | default(false) | bool
View Git Blame Copy Permalink