Converge distro interfaces to systemd-networkd

This change pulls all of our different distro interfaces into a unfied
set. To do this, we're using a common systemd-networkd role which gives
all distros the same network setup, capabilities, and configurations.

Change-Id: I770fc7296490ed09320f9a2e678758d971e2e29a
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
Kevin Carter 2018-03-13 20:17:31 -05:00 committed by Kevin Carter (cloudnull)
parent 3dc59da68a
commit 1dba8b65d3
12 changed files with 141 additions and 423 deletions

View File

@ -13,55 +13,149 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
- include: "prepare_networking_{{ ansible_os_family | lower }}.yml" - name: Run the systemd-networkd role
include_role:
- name: Shut down the network interfaces name: systemd_networkd
command: "ifdown {{ item.name }}" private: true
when: vars:
- network_interfaces | changed or (network_interfaces_multinode is defined and network_interfaces_multinode | changed) systemd_interface_cleanup: true
- item.enabled | default(True) systemd_run_networkd: true
with_items: systemd_netdevs:
- { name: br-mgmt } - NetDev:
- { name: br-storage } Name: dummy0
- { name: br-vlan } Kind: dummy
- { name: br-vxlan } - NetDev:
- { name: br-dbaas, enabled: "{{ (bootstrap_host_scenario == 'translations') | bool }}" } Name: dummy1
- { name: br-lbaas, enabled: "{{ (bootstrap_host_scenario in ['translations', 'octavia']) | bool }}" } Kind: dummy
- NetDev:
Name: dummy2
Kind: dummy
- NetDev:
Name: dummy3
Kind: dummy
- NetDev:
Name: dummy4
Kind: dummy
- NetDev:
Name: dummy5
Kind: dummy
- NetDev:
Name: br-mgmt
Kind: bridge
- NetDev:
Name: br-vxlan
Kind: bridge
- NetDev:
Name: br-storage
Kind: bridge
- NetDev:
Name: br-vlan
Kind: bridge
- NetDev:
Name: br-vlan-veth
Kind: veth
Peer:
Name: eth12
- NetDev:
Name: br-dbaas
Kind: bridge
- NetDev:
Name: br-dbaas-veth
Kind: veth
Peer:
Name: eth13
- NetDev:
Name: br-lbaas
Kind: bridge
- NetDev:
Name: br-lbaas-veth
Kind: veth
Peer:
Name: eth14
systemd_networks:
- interface: "dummy0"
bridge: "br-mgmt"
- interface: "br-mgmt"
address: "172.29.236.100"
netmask: "255.255.252.0"
- interface: "dummy1"
bridge: "br-vxlan"
- interface: "br-vxlan"
address: "172.29.240.100"
netmask: "255.255.252.0"
- interface: "dummy2"
bridge: "br-storage"
- interface: "br-storage"
address: "172.29.244.100"
netmask: "255.255.252.0"
- interface: "dummy3"
bridge: "br-vlan"
- interface: "br-vlan"
config_overrides:
Network:
Address:
? "172.29.248.100/22"
? "172.29.248.1/22"
- interface: "br-vlan-veth"
bridge: "br-vlan"
- interface: "dummy4"
bridge: "br-dbaas"
- interface: "br-dbaas"
address: "172.29.232.100"
netmask: "255.255.252.0"
- interface: "br-dbaas-veth"
bridge: "br-dbaas"
- interface: "dummy5"
bridge: "br-lbaas"
- interface: "br-lbaas"
address: "172.29.252.100"
netmask: "255.255.252.0"
- interface: "br-lbaas-veth"
bridge: "br-lbaas"
tags: tags:
- networking-interfaces-stop - network-config
- name: Shut down the encapsulation network interfaces - name: Run the systemd service role
command: "ifdown {{ item.key }}" include_role:
when: name: systemd_service
- network_interfaces_multinode is defined and network_interfaces_multinode | changed private: true
- bootstrap_host_encapsulation_enabled | bool vars:
with_dict: "{{ bootstrap_host_encapsulation_interfaces }}" systemd_services:
- service_name: "networking-post-up"
config_overrides:
Unit:
Description: networking-post-up
After: network-online.target
Wants: network-online.target
Service:
RemainAfterExit: yes
service_type: oneshot
execstarts:
- "-/sbin/iptables -A POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill"
- "-/sbin/iptables -t nat -A POSTROUTING -o {{ bootstrap_host_public_interface }} -j MASQUERADE"
- "-/sbin/ethtool -K br-mgmt gso off sg off tso off tx off"
- "-/sbin/ethtool -K br-vxlan gso off sg off tso off tx off"
- "-/sbin/ethtool -K br-storage gso off sg off tso off tx off"
- "-/sbin/ethtool -K br-vlan gso off sg off tso off tx off"
- "-/sbin/ethtool -K br-dbaas gso off sg off tso off tx off"
- "-/sbin/ethtool -K br-lbaas gso off sg off tso off tx off"
- "-/bin/ip link set eth12 up"
- "-/bin/ip link set br-vlan-veth up"
- "-/sbin/ethtool -K eth12 gso off sg off tso off tx off"
- "-/bin/ip link set eth13 up"
- "-/bin/ip link set br-dbaas-veth up"
- "-/sbin/ethtool -K eth13 gso off sg off tso off tx off"
- "-/bin/ip link set eth14 up"
- "-/bin/ip link set br-lbaas-veth up"
- "-/sbin/ethtool -K eth14 gso off sg off tso off tx off"
execstops:
- "/sbin/iptables -D POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill"
- "/sbin/iptables -t nat -D POSTROUTING -o {{ bootstrap_host_public_interface }} -j MASQUERADE"
enabled: yes
state: started
systemd_tempd_prefix: openstack
tags: tags:
- networking-interfaces-stop - network-config
- name: Start the encapsulation network interfaces
command: "ifup {{ item.key }}"
when:
- network_interfaces_multinode is defined and network_interfaces_multinode | changed
- bootstrap_host_encapsulation_enabled | bool
with_dict: "{{ bootstrap_host_encapsulation_interfaces }}"
tags:
- networking-interfaces-start
- name: Start the network interfaces
command: "ifup {{ item.name }}"
when:
- network_interfaces | changed
- item.enabled | default(True)
with_items:
- { name: br-mgmt }
- { name: br-storage }
- { name: br-vlan }
- { name: br-vxlan }
- { name: br-dbaas, enabled: "{{ (bootstrap_host_scenario == 'translations') | bool }}" }
- { name: br-lbaas, enabled: "{{ (bootstrap_host_scenario in ['translations', 'octavia']) | bool }}" }
tags:
- networking-interfaces-start
- name: Updating the facts due to net changes - name: Updating the facts due to net changes
setup: setup:

View File

@ -1,48 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Ensure that /etc/network/interfaces.d/ exists
file:
path: /etc/network/interfaces.d/
state: directory
tags:
- networking-dir-create
- name: Copy AIO network configuration
template:
src: osa_interfaces.cfg.j2
dest: /etc/network/interfaces.d/osa_interfaces.cfg
register: network_interfaces
when:
- bootstrap_host_aio_config | bool
tags:
- networking-interfaces-file
- name: Copy multinode network configuration
template:
src: osa_interfaces_multinode.cfg.j2
dest: /etc/network/interfaces.d/osa_interfaces.cfg
register: network_interfaces_multinode
when:
- not bootstrap_host_aio_config | bool
tags:
- networking-interfaces-file
- name: Ensure our interfaces.d configuration files are loaded automatically
lineinfile:
dest: /etc/network/interfaces
line: "source /etc/network/interfaces.d/*.cfg"
tags:
- networking-interfaces-load

View File

@ -1,52 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Copy network configuration
template:
src: "redhat_interface_{{ item.type | default('default') }}.cfg.j2"
dest: "/etc/sysconfig/network-scripts/ifcfg-{{ item.name | default('br-mgmt') }}"
with_items: "{{ bridges }}"
register: network_interfaces
- name: Create alias file when required
template:
src: "redhat_interface_alias.cfg.j2"
dest: "/etc/sysconfig/network-scripts/ifcfg-{{ item.name | default('br-mgmt')}}:0"
with_items: "{{ bridges }}"
when:
- item.alias is defined
- name: Put down post-up script for veth-peer interfaces
template:
src: "rpm_interface_{{ item[0] }}.cfg.j2"
dest: "/etc/sysconfig/network-scripts/{{ item[0] }}-veth-{{ item[1].name | default('br-mgmt') }}-2-{{ item[1].veth_peer | default('eth1') }}"
mode: "0755"
with_nested:
- [ "ifup-post", "ifdown-post" ]
- "{{ bridges }}"
when:
- item[1].veth_peer is defined
- name: Ensure the postup/postdown scripts are loaded
lineinfile:
dest: "/etc/sysconfig/network-scripts/{{ item[0] }}"
line: ". /etc/sysconfig/network-scripts/{{ item[0] }}-veth-{{ item[1].name | default('br-mgmt') }}-2-{{ item[1].veth_peer | default('eth1') }}"
insertbefore: "^exit 0"
with_nested:
- [ "ifup-post", "ifdown-post" ]
- "{{ bridges }}"
when:
- item[1].veth_peer is defined

View File

@ -1,52 +0,0 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Copy network configuration
template:
src: "suse_interface_default.cfg.j2"
dest: "/etc/sysconfig/network/ifcfg-{{ item.name | default('br-mgmt') }}"
with_items: "{{ bridges }}"
register: network_interfaces
- name: Put down post-up script for veth-peer interfaces
template:
src: "rpm_interface_{{ item[0] }}.cfg.j2"
dest: "/etc/sysconfig/network/scripts/{{ item[0] }}-veth-{{ item[1].name | default('br-mgmt') }}-2-{{ item[1].veth_peer | default('eth1') }}"
mode: "0755"
with_nested:
- [ "ifup-post", "ifdown-post" ]
- "{{ bridges }}"
when:
- item[1].veth_peer is defined
- name: Ensure the postup scripts are loaded
lineinfile:
dest: "/etc/sysconfig/network/ifcfg-{{ item[1].name | default('br-mgmt') }}"
line: "POST_UP_SCRIPT=\"compat:suse:{{ item[0] }}-veth-{{ item[1].name | default('br-mgmt') }}-2-{{ item[1].veth_peer | default('eth1') }}\""
with_nested:
- [ "ifup-post" ]
- "{{ bridges }}"
when:
- item[1].veth_peer is defined
- name: Ensure the postdown scripts are loaded
lineinfile:
dest: "/etc/sysconfig/network/ifcfg-{{ item[1].name | default('br-mgmt') }}"
line: "POST_DOWN_SCRIPT=\"compat:suse:{{ item[0] }}-veth-{{ item[1].name | default('br-mgmt') }}-2-{{ item[1].veth_peer | default('eth1') }}\""
with_nested:
- [ "ifdown-post" ]
- "{{ bridges }}"
when:
- item[1].veth_peer is defined

View File

@ -1,107 +0,0 @@
## The default networking requires several bridges. These bridges were named to be informative
## however they can be named what ever you like and is adaptable to any network infrastructure
## environment. This file serves as an example of how to setup basic networking and was ONLY
## built for the purpose of being an example and used expressly in the building of an ALL IN
## ONE development environment.
auto br-mgmt
iface br-mgmt inet static
bridge_stp off
bridge_waitport 0
bridge_fd 0
# Notice the bridge port is the vlan tagged interface
bridge_ports {{ bootstrap_host_bridge_mgmt_ports }}
address 172.29.236.100
netmask 255.255.252.0
offload-sg off
auto br-vxlan
iface br-vxlan inet static
bridge_stp off
bridge_waitport 0
bridge_fd 0
bridge_ports {{ bootstrap_host_bridge_vxlan_ports }}
address 172.29.240.100
netmask 255.255.252.0
offload-sg off
# To ensure ssh checksum is correct
up /sbin/iptables -A POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill
down /sbin/iptables -D POSTROUTING -t mangle -p tcp --dport 22 -j CHECKSUM --checksum-fill
# To provide internet connectivity to instances
up /sbin/iptables -t nat -A POSTROUTING -o {{ bootstrap_host_public_interface }} -j MASQUERADE
down /sbin/iptables -t nat -D POSTROUTING -o {{ bootstrap_host_public_interface }} -j MASQUERADE
auto br-storage
iface br-storage inet static
bridge_stp off
bridge_waitport 0
bridge_fd 0
bridge_ports {{ bootstrap_host_bridge_storage_ports }}
address 172.29.244.100
netmask 255.255.252.0
offload-sg off
auto br-vlan
iface br-vlan inet static
bridge_stp off
bridge_waitport 0
bridge_fd 0
address 172.29.248.100
netmask 255.255.252.0
offload-sg off
# Create veth pair, don't bomb if already exists
pre-up ip link add br-vlan-veth type veth peer name eth12 || true
# Set both ends UP
pre-up ip link set br-vlan-veth up
pre-up ip link set eth12 up
# Delete veth pair on DOWN
post-down ip link del br-vlan-veth || true
bridge_ports br-vlan-veth
{% if bootstrap_host_scenario == "translations" %}
auto br-dbaas
iface br-dbaas inet static
bridge_stp off
bridge_waitport 0
bridge_fd 0
address 172.29.232.100
netmask 255.255.252.0
offload-sg off
# Create veth pair, don't bomb if already exists
pre-up ip link add br-dbaas-veth type veth peer name eth13 || true
# Set both ends UP
pre-up ip link set br-dbaas-veth up
pre-up ip link set eth13 up
# Delete veth pair on DOWN
post-down ip link del br-dbaas-veth || true
bridge_ports br-dbaas-veth
{% endif %}
{% if bootstrap_host_scenario in ["translations", "octavia"] %}
auto br-lbaas
iface br-lbaas inet static
bridge_stp off
bridge_waitport 0
bridge_fd 0
address 172.29.252.100
netmask 255.255.252.0
offload-sg off
# Create veth pair, don't bomb if already exists
pre-up ip link add br-lbaas-veth type veth peer name eth14 || true
# Set both ends UP
pre-up ip link set br-lbaas-veth up
pre-up ip link set eth14 up
# Delete veth pair on DOWN
post-down ip link del br-lbaas-veth || true
bridge_ports br-lbaas-veth
{% endif %}
# Add an additional address to br-vlan
iface br-vlan inet static
# Flat network default gateway
# -- This needs to exist somewhere for network reachability
# -- from the router namespace for floating IP paths.
# -- Putting this here is primarily for tempest to work.
address 172.29.248.1
netmask 255.255.252.0

View File

@ -1,28 +0,0 @@
{% if bootstrap_host_encapsulation_enabled | bool %}
{% for nic_name, nic_details in bootstrap_host_encapsulation_interfaces.items() %}
# {{ nic_details.friendly_name }}
auto {{ nic_name }}
iface {{ nic_name }} inet manual
pre-up ip link add {{ nic_name }} type vxlan id {{ nic_details.id }} group 239.0.0.{{ nic_details.id }} dev {{ nic_details.underlay_device }} || true
up ip link set $IFACE up
down ip link set $IFACE down
post-down ip link del {{ nic_name }} || true
{% endfor %}
{% endif %}
{%- for nic_name, nic_details in bootstrap_host_bridges_interfaces.items() -%}
auto {{ nic_name }}
iface {{ nic_name }} inet {{ nic_details.mode | default('static') }}
bridge_stp off
bridge_waitport 0
bridge_fd 0
bridge_ports {{ nic_details.ports }}
offload-sg {{ nic_details.offload_sg | default('off') }}
{% if nic_details.mode | default('static') == 'static' -%}
address {{ nic_details.ip_address_range }}.{{ node_id }}
netmask {{ nic_details.ip_netmask }}
{% endif %}
{%- if nic_details.state_change_scripts is defined %}{{ nic_details.state_change_scripts }}
{% endif %}
{% endfor %}

View File

@ -1,5 +0,0 @@
# This interface is an alias
DEVICE={{ item.name | default('br-mgmt') }}:0
IPADDR={{ item.alias | default('10.1.0.1') }}
NETMASK={{ item.netmask | default('255.255.255.0') }}
ONBOOT=yes

View File

@ -1,12 +0,0 @@
{% if item.veth_peer is defined %}
# This interface has a veth peer
{% endif %}
DEVICE={{ item.name | default('br-mgmt') }}
TYPE=Bridge
IPADDR={{ item.ip_addr | default('10.1.0.1') }}
NETMASK={{ item.netmask | default('255.255.255.0') }}
ONBOOT=yes
BOOTPROTO=none
NM_CONTROLLED=no
DELAY=0
ETHTOOL_OPTS="-K ${DEVICE} sg off"

View File

@ -1,29 +0,0 @@
#!/usr/bin/env bash
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
source /etc/os-release || source /usr/lib/os-release
case "${ID}" in
*suse*) INTERFACE="${1}"; ;;
centos|rhel|fedora) INTERFACE="${DEVICE}"; ;;
*) echo "Unsupported distribution ${ID}"; exit 1;
esac
_ip=$(which ip 2>/dev/null || { echo "Failed to find ip executable"; exit 1; })
if [ "${INTERFACE}" == "{{ item[1].name | default('br-mgmt') }}" ]; then
eval $_ip link set {{ item[1].name | default('br-mgmt') }}-veth nomaster || true
eval $_ip link del {{ item[1].name | default('br-mgmt') }}-veth || true
fi

View File

@ -1,35 +0,0 @@
#!/usr/bin/env bash
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
source /etc/os-release || source /usr/lib/os-release
case "${ID}" in
*suse*) INTERFACE="${1}"; ;;
centos|rhel|fedora) INTERFACE="${DEVICE}"; ;;
*) echo "Unsupported distribution ${ID}"; exit 1;
esac
_ip=$(which ip 2>/dev/null || { echo "Failed to find ip executable"; exit 1; })
if [ "${INTERFACE}" == "{{ item[1].name | default('br-mgmt') }}" ]; then
# Create veth pair, don't bomb if already exists
echo "Creating veth"
eval $_ip link add {{ item[1].name | default('br-mgmt') }}-veth type veth peer name {{ item[1].veth_peer | default('eth0') }} || true
# Set both ends UP
eval $_ip link set {{ item[1].name | default('br-mgmt') }}-veth up || true
eval $_ip link set {{ item[1].veth_peer | default('eth0') }} up || true
# add eth12 to the bridge
eval $_ip link set {{ item[1].name | default('br-mgmt') }}-veth master {{ item[1].name | default('br-mgmt') }} || true
fi

View File

@ -1,9 +0,0 @@
{% if item.veth_peer is defined %}
# This interface has a veth peer
{% endif %}
BRIDGE='yes'
IPADDR={{ item.ip_addr | default('10.1.0.1') }}
NETMASK={{ item.netmask | default('255.255.255.0') }}
STARTMODE='auto'
BOOTPROTO='static'
ETHTOOL_OPTIONS_sg='-K iface sg off'

View File

@ -27,6 +27,7 @@ packages_install:
- python - python
- python-devel - python-devel
- sshpass - sshpass
- systemd-networkd
- tmux - tmux
- vim - vim
- xfsprogs - xfsprogs