ansible-role-systemd_service/templates/systemd-netns-access@.service.j2

[Unit]
Description=Named network namespace %I
Documentation=https://github.com/openstack/ansible-role-systemd_service
After=syslog.target
After=network.target
After=systemd-netns@%i.service
After=%i.service
{% if not (systemd_PrivateNetworkIsolated | bool) %}
BoundBy=systemd-netns@%i.service
{% endif %}

[Service]
Type=oneshot
RemainAfterExit=true

# Start process
ExecStart=/usr/bin/env ip netns exec %I ip link set lo up
ExecStart=-/usr/bin/env ip link add mv-{{ systemd_PrivateNetworkInterface }} link {{ systemd_PrivateNetworkInterface }} type macvlan mode {{ systemd_PrivateNetworkMode }}
ExecStart=-/usr/bin/env ip link set mv-{{ systemd_PrivateNetworkInterface }} up
ExecStart=/usr/bin/env sysctl -w net.ipv4.ip_forward=1
{% if (systemd_PrivateNetworkLocalDHCP | bool) %}
{%   if (systemd_version | int) <= 230 %}
ExecStart=-/usr/bin/env iptables -t nat -D POSTROUTING -s {{ systemd_PrivateNetworkLocalDHCPGateway}} -o {{ systemd_PrivateNetworkInterface }} -j MASQUERADE
ExecStart=/usr/bin/env iptables -t nat -A POSTROUTING -s {{ systemd_PrivateNetworkLocalDHCPGateway}} -o {{ systemd_PrivateNetworkInterface }} -j MASQUERADE
{%   endif %}
ExecStartPre=-/usr/bin/env ip address add {{ systemd_PrivateNetworkLocalDHCPGateway }} dev mv-{{ systemd_PrivateNetworkInterface }}
{% endif %}
{% if not (systemd_PrivateNetworkIsolated | bool) %}
ExecStart=-/usr/bin/env ip link add mv-pivot link {{ systemd_PrivateNetworkInterface }} type macvlan mode {{ systemd_PrivateNetworkMode }}
ExecStart=/usr/bin/env ip link set mv-pivot netns %I name {{ systemd_PrivateNetworkInterface }}
ExecStart=/usr/bin/env ip netns exec %I ip link set dev {{ systemd_PrivateNetworkInterface }} up
{%   if (systemd_PrivateNetworkDHCP | bool) %}
ExecStart=/usr/bin/env ip netns exec %I dhclient {{ systemd_PrivateNetworkInterface }} -v
{%   endif %}
# Stop process
{%   if (systemd_PrivateNetworkLocalDHCP | bool) %}
{%     if (systemd_version | int) <= 230 %}
ExecStop=/usr/bin/env iptables -t nat -D POSTROUTING -s {{ systemd_PrivateNetworkLocalDHCPGateway}} -o {{ systemd_PrivateNetworkInterface }} -j MASQUERADE
{%     endif %}
{%   endif %}
{%   if (systemd_PrivateNetworkLocalDHCP | bool) %}
{%     if (systemd_version | int) <= 230 %}
ExecStop=/usr/bin/env iptables -t nat -D POSTROUTING -s {{ systemd_PrivateNetworkLocalDHCPGateway}} -o {{ systemd_PrivateNetworkInterface }} -j MASQUERADE
{%     endif %}
{%   endif %}
{% endif %}

[Install]
WantedBy=multi-user.target
WantedBy=network-online.target