From 4ea6bd968760605a9ca6cfbe510ff390a1cbd74f Mon Sep 17 00:00:00 2001 From: Benjamin Graillot Date: Wed, 19 Aug 2020 13:07:47 +0200 Subject: [PATCH 1/4] [interfaces] Deploy interfaces using LDAP --- host_vars/voyager.adm.crans.org.yml | 4 + lookup_plugins/ldap.py | 7 +- plays/network-interfaces.yml | 78 +++++-------------- roles/interfaces/tasks/main.yml | 4 +- .../templates/network/interfaces.d/ifalias.j2 | 38 +++++---- 5 files changed, 51 insertions(+), 80 deletions(-) diff --git a/host_vars/voyager.adm.crans.org.yml b/host_vars/voyager.adm.crans.org.yml index 52213494..be4b13d5 100644 --- a/host_vars/voyager.adm.crans.org.yml +++ b/host_vars/voyager.adm.crans.org.yml @@ -1,2 +1,6 @@ +interfaces: + adm: ens18 + srv_nat: ens19 + loc_framadate: path: /var/www/framadate diff --git a/lookup_plugins/ldap.py b/lookup_plugins/ldap.py index 7810204e..ee8e3cbd 100644 --- a/lookup_plugins/ldap.py +++ b/lookup_plugins/ldap.py @@ -98,12 +98,15 @@ class LookupModule(LookupBase): result = self.base.result(query_id) result = result[1][0][1] result = [res.decode('utf-8') for res in result[attr]] - elif terms[0] == 'networks': + elif terms[0] == 'network': network = terms[1] query_id = self.base.search(f"cn={network},ou=networks,{self.base_dn}", ldap.SCOPE_BASE, "objectClass=ipNetwork") result = self.base.result(query_id) result = result[1][0][1] - return [str(ipaddress.ip_network('{}/{}'.format(result['ipNetworkNumber'][0].decode('utf-8'), result['ipNetmaskNumber'][0].decode('utf-8'))))] + return { + 'network': result['ipNetworkNumber'][0].decode('utf-8'), + 'netmask': result['ipNetmaskNumber'][0].decode('utf-8'), + } elif terms[0] == 'vlanid': network = terms[1] query_id = self.base.search(f"cn={network},ou=networks,{self.base_dn}", ldap.SCOPE_BASE, "objectClass=ipNetwork") diff --git a/plays/network-interfaces.yml b/plays/network-interfaces.yml index df0fce81..e64825d1 100755 --- a/plays/network-interfaces.yml +++ b/plays/network-interfaces.yml @@ -1,69 +1,27 @@ #!/usr/bin/env ansible-playbook --- -# Get ifname of configured vlan for all servers -- hosts: server - tasks: - - shell: "grep {{ item }} /sys/class/net/*/ifalias | sed \"s|/sys/class/net/||\" | sed \"s|/ifalias:.*||\"" - check_mode: false - register: ifaces - loop: - - srv - - ens - - adm - - borne - - switch - - fil - -- hosts: boeing.adm.crans.org,cochon.adm.crans.org,tracker.adm.crans.org,voyager.adm.crans.org,lutim.adm.crans.org,gateau.adm.crans.org,owncloud-srv.adm.crans.org,charybde.adm.crans.org,cas-srv.adm.crans.org,fyre.adm.crans.org,silice.adm.crans.org,frontdaur.adm.crans.org,bakdaur.adm.crans.org,ethercalc-srv.adm.crans.org,alice.adm.crans.org,mailman.adm.crans.org +- hosts: voyager.adm.crans.org vars: vlan: - name: srv - id: 0 - metric: 100 - gateway: 185.230.79.254 - dns: 185.230.79.152 185.230.79.4 - dns_search: crans.org - ifnames: "{{ ifaces | json_query('results[?item==`srv`].stdout') }}" - - - name: ens - id: 1 - metric: 300 - gateway: 138.231.136.254 - dns: 138.231.136.152 138.231.136.4 - dns_search: crans.org - ifnames: "{{ ifaces | json_query('results[?item==`ens`].stdout') }}" - - - name: adm id: 2 - dns: 10.231.136.152 10.231.136.4 - dns_search: adm.crans.org - ifnames: "{{ ifaces | json_query('results[?item==`adm`].stdout') }}" - - - name: borne + dns: 185.230.79.99 + - name: srv_nat id: 3 - dns: 10.231.148.52 10.231.148.4 - dns_search: borne.crans.org - ifnames: "{{ ifaces | json_query('results[?item==`borne`].stdout') }}" - - - name: switch + dns: 172.16.3.99 + - name: san id: 4 - dns: 10.231.100.152 10.231.100.4 - dns_search: switch.crans.org - ifnames: "{{ ifaces | json_query('results[?item==`switch`].stdout') }}" - - - name: fil - id: 21 - metric: 400 - gateway: 10.54.0.254 - dns: 10.54.0.152 10.54.0.4 - dns_search: fil.crans.org - ifnames: "{{ ifaces | json_query('results[?item==`fil`].stdout') }}" - + - name: adm + id: 10 + dns: 172.16.10.101 172.16.10.102 + - name: infra + id: 11 + dns: 172.16.32.99 - name: adh - id: 23 - metric: 200 - gateway: 185.230.78.254 - dns: 185.230.78.152 185.230.78.4 - dns_search: crans.org - ifnames: "{{ ifaces | json_query('results[?item==`adh`].stdout') }}" - roles: ["interfaces"] + id: 12 + dns: 185.230.78.99 + - name: adh_nat + id: 13 + dns: 100.64.0.99 + roles: + - interfaces diff --git a/roles/interfaces/tasks/main.yml b/roles/interfaces/tasks/main.yml index 886b45d3..e8298d88 100644 --- a/roles/interfaces/tasks/main.yml +++ b/roles/interfaces/tasks/main.yml @@ -17,7 +17,7 @@ - name: Deploy interfaces config template: src: "network/interfaces.d/ifalias.j2" - dest: "/etc/network/interfaces.d/{{ '%02d' | format(item.id) }}-{{ item.name }}" + dest: "/etc/network/interfaces.d/{{ '%02d' | format(item.id) }}-{{ item.name | replace('_', '-') }}" mode: 0644 - when: (item.ifnames | length > 0) and item.ifnames[0] != '' + when: item.name in interfaces loop: "{{ vlan }}" diff --git a/roles/interfaces/templates/network/interfaces.d/ifalias.j2 b/roles/interfaces/templates/network/interfaces.d/ifalias.j2 index daf6a938..4436e806 100644 --- a/roles/interfaces/templates/network/interfaces.d/ifalias.j2 +++ b/roles/interfaces/templates/network/interfaces.d/ifalias.j2 @@ -1,35 +1,41 @@ {{ ansible_header | comment }} -{% set ifconfig = hostvars[inventory_hostname]['ansible_' + item.ifnames[0]] %} -auto {{ item.ifnames[0] }} -iface {{ item.ifnames[0] }} inet static - address {{ ifconfig.ipv4.address }} - network {{ ifconfig.ipv4.network }} - netmask {{ ifconfig.ipv4.netmask }} - broadcast {{ ifconfig.ipv4.broadcast }} +{% set vlan_name = (item.name | replace('_', '-')) %} +{% set subnet = query('ldap', 'network', vlan_name) %} +{% set ips = query('ldap', 'ip', ansible_hostname, vlan_name) %} +auto {{ interfaces[item.name] }} +iface {{ interfaces[item.name] }} inet static +{% for ip in (ips | ipv4) %} + address {{ ip }} +{% endfor %} + network {{ subnet.network }} + netmask {{ subnet.netmask }} {% if item.gateway is defined %} gateway {{ item.gateway }} {% endif %} {% if item.metric is defined %} metric {{ item.metric }} {% endif %} - mtu 1496 +{% if item.dns is defined %} dns-nameservers {{ item.dns }} - dns-search {{ item.dns_search }} - up /sbin/ip link set $IFACE alias {{ item.name }} +{% endif %} + dns-search {{ vlan_nameĀ }}.crans.org + up /sbin/ip link set $IFACE alias {{ vlan_name }} {% if ansible_local.interfaces.sup_if_4 is defined %} -{% if item.ifnames[0] in ansible_local.interfaces.sup_if_4 %} -{% for line in ansible_local.interfaces.sup_if_4[item.ifnames[0]] %} +{% if interfaces[item.name] in ansible_local.interfaces.sup_if_4 %} +{% for line in ansible_local.interfaces.sup_if_4[interfaces[item.name]] %} {{ line }} {% endfor %} {% endif %} {% endif %} -iface {{ item.ifnames[0] }} inet6 static - address {{ ifconfig.ipv6[0].address }}/{{ ifconfig.ipv6[0].prefix }} +iface {{ interfaces[item.name] }} inet6 static +{% for ip in (ips | ipv6) %} + address {{ ip }}/64 +{% endfor %} {% if ansible_local.interfaces.sup_if_6 is defined %} -{% if item.ifnames[0] in ansible_local.interfaces.sup_if_6 %} -{% for line in ansible_local.interfaces.sup_if_6[item.ifnames[0]] %} +{% if interfaces[item.name] in ansible_local.interfaces.sup_if_6 %} +{% for line in ansible_local.interfaces.sup_if_6[interfaces[item.name]] %} {{ line }} {% endfor %} {% endif %} From a47058fcacd83c051e3725ba7a106df23d439dea Mon Sep 17 00:00:00 2001 From: Benjamin Graillot Date: Wed, 19 Aug 2020 13:32:32 +0200 Subject: [PATCH 2/4] [interfaces] Add gateways --- plays/network-interfaces.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/plays/network-interfaces.yml b/plays/network-interfaces.yml index e64825d1..85c6e6e9 100755 --- a/plays/network-interfaces.yml +++ b/plays/network-interfaces.yml @@ -5,9 +5,11 @@ vlan: - name: srv id: 2 + gateway: 185.230.79.99 dns: 185.230.79.99 - name: srv_nat id: 3 + gateway: 172.16.3.99 dns: 172.16.3.99 - name: san id: 4 @@ -19,9 +21,11 @@ dns: 172.16.32.99 - name: adh id: 12 + gateway: 185.230.78.99 dns: 185.230.78.99 - name: adh_nat id: 13 + gateway: 100.64.0.99 dns: 100.64.0.99 roles: - interfaces From fa41bdb81633c5b5ccce4648625c153dbcb8d11e Mon Sep 17 00:00:00 2001 From: Benjamin Graillot Date: Wed, 19 Aug 2020 17:36:25 +0200 Subject: [PATCH 3/4] [interfaces] Configure interfaces only if an IP exists --- roles/interfaces/templates/network/interfaces.d/ifalias.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/interfaces/templates/network/interfaces.d/ifalias.j2 b/roles/interfaces/templates/network/interfaces.d/ifalias.j2 index 4436e806..a6e3f128 100644 --- a/roles/interfaces/templates/network/interfaces.d/ifalias.j2 +++ b/roles/interfaces/templates/network/interfaces.d/ifalias.j2 @@ -3,6 +3,7 @@ {% set vlan_name = (item.name | replace('_', '-')) %} {% set subnet = query('ldap', 'network', vlan_name) %} {% set ips = query('ldap', 'ip', ansible_hostname, vlan_name) %} +{% if (ips | ipv4 | length) > 0 %} auto {{ interfaces[item.name] }} iface {{ interfaces[item.name] }} inet static {% for ip in (ips | ipv4) %} @@ -28,7 +29,9 @@ iface {{ interfaces[item.name] }} inet static {% endfor %} {% endif %} {% endif %} +{% endif %} +{% if (ips | ipv6 | length) > 0 %} iface {{ interfaces[item.name] }} inet6 static {% for ip in (ips | ipv6) %} address {{ ip }}/64 @@ -40,3 +43,4 @@ iface {{ interfaces[item.name] }} inet6 static {% endfor %} {% endif %} {% endif %} +{% endif %} From a65076dc28594d1b72771ba90d7a060a03b902a7 Mon Sep 17 00:00:00 2001 From: Benjamin Graillot Date: Thu, 20 Aug 2020 18:10:36 +0200 Subject: [PATCH 4/4] [interfaces] Add IPv6 gateways --- plays/network-interfaces.yml | 4 ++++ roles/interfaces/templates/network/interfaces.d/ifalias.j2 | 3 +++ 2 files changed, 7 insertions(+) diff --git a/plays/network-interfaces.yml b/plays/network-interfaces.yml index 85c6e6e9..b89b02c8 100755 --- a/plays/network-interfaces.yml +++ b/plays/network-interfaces.yml @@ -7,10 +7,12 @@ id: 2 gateway: 185.230.79.99 dns: 185.230.79.99 + gateway_v6: 2a0c:700:2::ff:fe00:9902 - name: srv_nat id: 3 gateway: 172.16.3.99 dns: 172.16.3.99 + gateway_v6: 2a0c:700:3::ff:fe00:9903 - name: san id: 4 - name: adm @@ -23,9 +25,11 @@ id: 12 gateway: 185.230.78.99 dns: 185.230.78.99 + gateway_v6: 2a0c:700:12::ff:fe00:9912 - name: adh_nat id: 13 gateway: 100.64.0.99 dns: 100.64.0.99 + gateway_v6: 2a0c:700:13::ff:fe00:9913 roles: - interfaces diff --git a/roles/interfaces/templates/network/interfaces.d/ifalias.j2 b/roles/interfaces/templates/network/interfaces.d/ifalias.j2 index a6e3f128..54ee3ff1 100644 --- a/roles/interfaces/templates/network/interfaces.d/ifalias.j2 +++ b/roles/interfaces/templates/network/interfaces.d/ifalias.j2 @@ -36,6 +36,9 @@ iface {{ interfaces[item.name] }} inet6 static {% for ip in (ips | ipv6) %} address {{ ip }}/64 {% endfor %} +{% if item.gateway_v6 is defined %} + gateway {{ item.gateway_v6 }} +{% endif %} {% if ansible_local.interfaces.sup_if_6 is defined %} {% if interfaces[item.name] in ansible_local.interfaces.sup_if_6 %} {% for line in ansible_local.interfaces.sup_if_6[interfaces[item.name]] %}