0152215eb4
Since ansible-core 2.10 it is recommended to use modules via FQCN In order to align with recommendation, we perform migration by applying suggestions made by `ansible-lint --fix=fqcn` Change-Id: I2e3312f1bccc30dbf7504ab503afa97a945cb061
265 lines
8.9 KiB
YAML
265 lines
8.9 KiB
YAML
---
|
|
# Copyright 2017, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Gather variables for each operating system
|
|
ansible.builtin.include_vars: "{{ lookup('first_found', params) }}"
|
|
vars:
|
|
params:
|
|
files:
|
|
- "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml"
|
|
- "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
|
|
- "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
|
|
- "{{ ansible_facts['distribution'] | lower }}.yml"
|
|
- "{{ ansible_facts['os_family'] | lower }}.yml"
|
|
paths:
|
|
- "{{ role_path }}/vars"
|
|
skip: true # skip if no files are found
|
|
tags:
|
|
- always
|
|
|
|
- name: Install required repos and packages
|
|
when:
|
|
- systemd_networkd_distro_packages | length > 0
|
|
block:
|
|
# Copy all factored-in GPG keys.
|
|
# KeyID 2F86D6A1 from https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8
|
|
- name: If a keyfile is provided, copy the gpg keyfile to the key location
|
|
ansible.builtin.copy:
|
|
src: "{{ item.keyfile }}"
|
|
dest: "{{ item.key }}"
|
|
mode: "0644"
|
|
with_items: "{{ systemd_networkd_package_repos_keys | selectattr('keyfile', 'defined') | list }}"
|
|
when:
|
|
- ansible_facts['os_family'] | lower == 'redhat'
|
|
|
|
- name: Ensure GPG keys have the correct SELinux contexts applied
|
|
ansible.builtin.command: restorecon -Rv /etc/pki/rpm-gpg/
|
|
# TODO(evrardjp): Be more idempotent
|
|
changed_when: false
|
|
when:
|
|
- ansible_facts['os_family'] | lower == 'redhat'
|
|
|
|
# Handle gpg keys manually
|
|
- name: Install gpg keys
|
|
ansible.builtin.rpm_key:
|
|
key: "{{ key.key }}"
|
|
validate_certs: "{{ key.validate_certs | default(omit) }}"
|
|
state: "{{ key.state | default('present') }}"
|
|
with_items: "{{ systemd_networkd_package_repos_keys }}"
|
|
loop_control:
|
|
loop_var: key
|
|
register: _add_yum_keys
|
|
until: _add_yum_keys is success
|
|
retries: 5
|
|
delay: 2
|
|
when:
|
|
- ansible_facts['os_family'] | lower == 'redhat'
|
|
|
|
# NOTE(jrosser) this repo is configured with the path to the first gpg key provided
|
|
- name: Install the EPEL repository
|
|
ansible.builtin.yum_repository:
|
|
name: epel-networkd
|
|
baseurl: "{{ systemd_networkd_epel_mirror ~ '/' ~ ansible_facts['distribution_major_version'] ~ '/Everything/' ~ ansible_facts['architecture'] }}"
|
|
description: "Extra Packages for Enterprise Linux $releasever - $basearch"
|
|
gpgkey: "file://{{ systemd_networkd_package_repos_keys[0].key }}"
|
|
gpgcheck: true
|
|
enabled: true
|
|
state: present
|
|
includepkgs: "systemd-networkd"
|
|
when:
|
|
- ansible_facts['os_family'] | lower == 'redhat'
|
|
register: install_epel_repo
|
|
until: install_epel_repo is success
|
|
retries: 5
|
|
delay: 2
|
|
|
|
- name: Install networkd distro packages
|
|
ansible.builtin.package:
|
|
name: "{{ systemd_networkd_distro_packages | select() }}"
|
|
state: "present"
|
|
update_cache: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary('yes', omit) }}"
|
|
cache_valid_time: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary(600, omit) }}"
|
|
enablerepo: "{{ systemd_networkd_enablerepo | default(omit) }}"
|
|
register: install_packages
|
|
until: install_packages is success
|
|
retries: 3
|
|
delay: 2
|
|
notify:
|
|
- Restart systemd-networkd
|
|
|
|
- name: Create systemd-networkd directory
|
|
ansible.builtin.file:
|
|
path: "/etc/systemd/network"
|
|
state: directory
|
|
mode: "0755"
|
|
tags:
|
|
- systemd-networkd
|
|
|
|
- name: Create systemd-resolved config
|
|
ansible.builtin.template:
|
|
src: "systemd-resolved.conf.j2"
|
|
dest: "/etc/systemd/resolved.conf"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0644"
|
|
when:
|
|
- systemd_resolved | length > 0
|
|
- systemd_resolved_available | bool
|
|
notify:
|
|
- Restart systemd-resolved
|
|
tags:
|
|
- systemd-resolved
|
|
|
|
- name: Find prefixed netdev and network files
|
|
ansible.builtin.find:
|
|
paths: "/etc/systemd/network"
|
|
patterns: "*{{ systemd_networkd_prefix }}*.netdev,*{{ systemd_networkd_prefix }}*.network"
|
|
register: networkd_files
|
|
when:
|
|
- systemd_interface_cleanup | bool
|
|
tags:
|
|
- systemd-networkd
|
|
|
|
- name: Remove prefixed network files
|
|
ansible.builtin.file:
|
|
path: "{{ item.path }}"
|
|
state: absent
|
|
with_items: "{{ networkd_files.files }}"
|
|
when:
|
|
- systemd_interface_cleanup | bool
|
|
notify:
|
|
- Restart systemd-networkd
|
|
tags:
|
|
- systemd-networkd
|
|
|
|
- name: Create systemd-networkd network device(s)
|
|
ansible.builtin.template:
|
|
src: "systemd-netdev.j2"
|
|
dest: "/etc/systemd/network/{{ item.1.filename }}.netdev"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0644"
|
|
with_indexed_items: "{{ _systemd_netdevs_named }}"
|
|
notify:
|
|
- Restart systemd-networkd
|
|
tags:
|
|
- systemd-networkd
|
|
|
|
- name: Create systemd-networkd network link(s)
|
|
openstack.config_template.config_template:
|
|
src: "systemd-link.j2"
|
|
dest: "/etc/systemd/network/{{ item.1.filename }}.link"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0644"
|
|
config_overrides: "{{ item.1.link_config_overrides | default(systemd_link_config_overrides) }}"
|
|
config_type: "ini"
|
|
with_indexed_items: >-
|
|
{{
|
|
_systemd_networks_named | rejectattr('network_overrides_only', 'defined') +
|
|
_systemd_networks_named | selectattr('network_overrides_only', 'defined') | selectattr('network_overrides_only', 'false')
|
|
}}
|
|
notify:
|
|
- Update initramfs
|
|
- Restart systemd-networkd
|
|
tags:
|
|
- systemd-networkd
|
|
|
|
- name: Create systemd-networkd network network(s)
|
|
openstack.config_template.config_template:
|
|
src: "systemd-network.j2"
|
|
dest: "/etc/systemd/network/{{ item.1.filename }}.network"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0644"
|
|
config_overrides: "{{ item.1.config_overrides | default({}) }}"
|
|
config_type: "ini"
|
|
with_indexed_items: >-
|
|
{{
|
|
_systemd_networks_named | rejectattr('network_overrides_only', 'defined') +
|
|
_systemd_networks_named | selectattr('network_overrides_only', 'defined') | selectattr('network_overrides_only', 'false')
|
|
}}
|
|
notify:
|
|
- Restart systemd-networkd
|
|
tags:
|
|
- systemd-networkd
|
|
|
|
- name: Create systemd-networkd extra config folder
|
|
ansible.builtin.file:
|
|
path: "/etc/systemd/network/{{ item }}.network.d"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0755"
|
|
state: directory
|
|
loop: >-
|
|
{{
|
|
(
|
|
_systemd_networks_named | selectattr('static_routes', 'defined') +
|
|
_systemd_networks_named | selectattr('network_overrides_only', 'defined') | selectattr('network_overrides_only', 'true')
|
|
) | map(attribute='filename')
|
|
}}
|
|
|
|
- name: Create overrides files for network_overrides_only networks
|
|
openstack.config_template.config_template:
|
|
dest: "/etc/systemd/network/{{ item.1.filename }}.network.d/overrides.conf"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0644"
|
|
config_overrides: "{{ item.1.config_overrides | default({}) }}"
|
|
config_type: "ini"
|
|
with_indexed_items: >-
|
|
{{ _systemd_networks_named | selectattr('network_overrides_only', 'defined') | selectattr('network_overrides_only', 'true') }}
|
|
notify:
|
|
- Restart systemd-networkd
|
|
tags:
|
|
- systemd-networkd
|
|
|
|
- name: Place systemd-networkd routing policy rules
|
|
ansible.builtin.template:
|
|
src: systemd-network-rules.j2
|
|
dest: "/etc/systemd/network/{{ item['filename'] }}.network.d/rules.conf"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0644"
|
|
loop: "{{ _systemd_networks_named | selectattr('routing_rules', 'defined') }}"
|
|
notify:
|
|
- Restart systemd-networkd
|
|
|
|
- name: Place systemd-networkd network routes
|
|
ansible.builtin.template:
|
|
src: systemd-network-routes.j2
|
|
dest: "/etc/systemd/network/{{ item['filename'] }}.network.d/routes.conf"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0644"
|
|
loop: "{{ _systemd_networks_named | selectattr('static_routes', 'defined') }}"
|
|
notify:
|
|
- Restart systemd-networkd
|
|
|
|
- name: Restart systemd_networkd prior to applying sysctl changes
|
|
ansible.builtin.meta: flush_handlers
|
|
|
|
- name: Add IP Forward for interface
|
|
ansible.posix.sysctl:
|
|
name: "net.ipv4.conf.{{ item.1.interface }}.forwarding"
|
|
value: 1
|
|
sysctl_set: true
|
|
state: present
|
|
reload: true
|
|
with_indexed_items: "{{ _systemd_networks_named }}"
|
|
when:
|
|
- (ansible_facts['os_family'] | lower) == 'redhat'
|
|
- item.1.ipforward | default(false) | bool
|