212 lines
6.6 KiB
YAML

---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Gather variables for each operating system
include_vars: "{{ item }}"
with_first_found:
- files:
- "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml"
- "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
- "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
- "{{ ansible_facts['distribution'] | lower }}.yml"
- "{{ ansible_facts['os_family'] | lower }}.yml"
skip: true
tags:
- always
# Copy all factored-in GPG keys.
# KeyID 2F86D6A1 from https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8
- name: If a keyfile is provided, copy the gpg keyfile to the key location
copy:
src: "{{ item.keyfile }}"
dest: "{{ item.key }}"
mode: '0644'
with_items: "{{ systemd_networkd_package_repos_keys | selectattr('keyfile','defined') | list }}"
when:
- ansible_facts['os_family'] | lower == 'redhat'
- ansible_facts['distribution_major_version'] is version('8', '>=')
- name: Ensure GPG keys have the correct SELinux contexts applied
command: restorecon -Rv /etc/pki/rpm-gpg/
# TODO(evrardjp): Be more idempotent
changed_when: false
when:
- ansible_facts['os_family'] | lower == 'redhat'
- ansible_facts['distribution_major_version'] is version('8', '>=')
# Handle gpg keys manually
- name: Install gpg keys
rpm_key:
key: "{{ key.key }}"
validate_certs: "{{ key.validate_certs | default(omit) }}"
state: "{{ key.state | default('present') }}"
with_items: "{{ systemd_networkd_package_repos_keys }}"
loop_control:
loop_var: key
register: _add_yum_keys
until: _add_yum_keys is success
retries: 5
delay: 2
when:
- ansible_facts['os_family'] | lower == 'redhat'
- ansible_facts['distribution_major_version'] is version('8', '>=')
# NOTE(jrosser) this repo is configured with the path to the first gpg key provided
- name: Install the EPEL repository
yum_repository:
name: epel-networkd
baseurl: "{{ systemd_networkd_epel_mirror ~ '/' ~ ansible_facts['distribution_major_version'] ~ '/Everything/' ~ ansible_facts['architecture'] }}"
description: 'Extra Packages for Enterprise Linux $releasever - $basearch'
gpgkey: "file://{{ systemd_networkd_package_repos_keys[0].key }}"
gpgcheck: yes
enabled: yes
state: present
includepkgs: 'systemd-networkd'
when:
- ansible_facts['os_family'] | lower == 'redhat'
- ansible_facts['distribution_major_version'] is version('8', '>=')
register: install_epel_repo
until: install_epel_repo is success
retries: 5
delay: 2
- name: Install networkd distro packages
package:
name: "{{ systemd_networkd_distro_packages }}"
state: "present"
update_cache: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary('yes', omit) }}"
cache_valid_time: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary(600, omit) }}"
enablerepo: "{{ systemd_networkd_enablerepo | default(omit) }}"
when:
- systemd_networkd_distro_packages | length > 0
register: install_packages
until: install_packages is success
retries: 3
delay: 2
- name: Create systemd-networkd directory
file:
path: "/etc/systemd/network"
state: directory
tags:
- systemd-networkd
- name: Create systemd-resolved config
template:
src: "systemd-resolved.conf.j2"
dest: "/etc/systemd/resolved.conf"
owner: "root"
group: "root"
mode: "0644"
when:
- systemd_resolved | length > 0
notify:
- Restart systemd-resolved
tags:
- systemd-resolved
- name: Find prefixed netdev and network files
find:
paths: "/etc/systemd/network"
patterns: "*{{ systemd_networkd_prefix }}*.netdev,*{{ systemd_networkd_prefix }}*.network"
register: networkd_files
when:
- systemd_interface_cleanup | bool
tags:
- systemd-networkd
- name: Remove prefixed network files
file:
path: "{{ item.path }}"
state: absent
with_items: "{{ networkd_files.files }}"
when:
- systemd_interface_cleanup | bool
notify:
- Restart systemd-networkd
tags:
- systemd-networkd
- name: Create systemd-networkd network device(s)
template:
src: "systemd-netdev.j2"
dest: "/etc/systemd/network/{{ (item.1.filename | default(systemd_networkd_filename)) ~ '.netdev' }}"
owner: "root"
group: "root"
mode: "0644"
with_indexed_items: "{{ systemd_netdevs }}"
notify:
- Restart systemd-networkd
tags:
- systemd-networkd
- name: Create systemd-networkd network link(s)
config_template:
src: "systemd-link.j2"
dest: "/etc/systemd/network/{{ (item.1.filename | default(systemd_networkd_filename_alt)) ~ '.link' }}"
owner: "root"
group: "root"
mode: "0644"
config_overrides: "{{ item.1.link_config_overrides | default(systemd_link_config_overrides) }}"
config_type: "ini"
with_indexed_items: "{{ systemd_networks }}"
notify:
- Update initramfs
- Restart systemd-networkd
tags:
- systemd-networkd
- name: Create systemd-networkd network network(s)
config_template:
src: "systemd-network.j2"
dest: "/etc/systemd/network/{{ (item.1.filename | default(systemd_networkd_filename_alt)) ~ '.network' }}"
owner: "root"
group: "root"
mode: "0644"
config_overrides: "{{ item.1.config_overrides | default({}) }}"
config_type: "ini"
with_indexed_items: "{{ systemd_networks }}"
notify:
- Restart systemd-networkd
tags:
- systemd-networkd
- name: Enable and start systemd-networkd
systemd:
name: "systemd-networkd"
enabled: "yes"
state: started
async: 45
poll: 0
when:
- systemd_run_networkd | bool
tags:
- systemd-networkd
- name: restart systemd_networkd prior to applying sysctl changes
meta: flush_handlers
- name: Add IP Forward for interface
sysctl:
name: "net.ipv4.conf.{{ item.1.interface }}.forwarding"
value: 1
sysctl_set: yes
state: present
reload: yes
with_indexed_items: "{{ systemd_networks }}"
when:
- (ansible_facts['os_family'] | lower) == 'redhat'
- item.1.ipforward | default(false) | bool