212 lines
6.6 KiB
YAML
212 lines
6.6 KiB
YAML
---
|
|
# Copyright 2017, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Gather variables for each operating system
|
|
include_vars: "{{ item }}"
|
|
with_first_found:
|
|
- files:
|
|
- "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml"
|
|
- "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
|
|
- "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
|
|
- "{{ ansible_facts['distribution'] | lower }}.yml"
|
|
- "{{ ansible_facts['os_family'] | lower }}.yml"
|
|
skip: true
|
|
tags:
|
|
- always
|
|
|
|
# Copy all factored-in GPG keys.
|
|
# KeyID 2F86D6A1 from https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8
|
|
- name: If a keyfile is provided, copy the gpg keyfile to the key location
|
|
copy:
|
|
src: "{{ item.keyfile }}"
|
|
dest: "{{ item.key }}"
|
|
mode: '0644'
|
|
with_items: "{{ systemd_networkd_package_repos_keys | selectattr('keyfile','defined') | list }}"
|
|
when:
|
|
- ansible_facts['os_family'] | lower == 'redhat'
|
|
- ansible_facts['distribution_major_version'] is version('8', '>=')
|
|
|
|
- name: Ensure GPG keys have the correct SELinux contexts applied
|
|
command: restorecon -Rv /etc/pki/rpm-gpg/
|
|
# TODO(evrardjp): Be more idempotent
|
|
changed_when: false
|
|
when:
|
|
- ansible_facts['os_family'] | lower == 'redhat'
|
|
- ansible_facts['distribution_major_version'] is version('8', '>=')
|
|
|
|
# Handle gpg keys manually
|
|
- name: Install gpg keys
|
|
rpm_key:
|
|
key: "{{ key.key }}"
|
|
validate_certs: "{{ key.validate_certs | default(omit) }}"
|
|
state: "{{ key.state | default('present') }}"
|
|
with_items: "{{ systemd_networkd_package_repos_keys }}"
|
|
loop_control:
|
|
loop_var: key
|
|
register: _add_yum_keys
|
|
until: _add_yum_keys is success
|
|
retries: 5
|
|
delay: 2
|
|
when:
|
|
- ansible_facts['os_family'] | lower == 'redhat'
|
|
- ansible_facts['distribution_major_version'] is version('8', '>=')
|
|
|
|
# NOTE(jrosser) this repo is configured with the path to the first gpg key provided
|
|
- name: Install the EPEL repository
|
|
yum_repository:
|
|
name: epel-networkd
|
|
baseurl: "{{ systemd_networkd_epel_mirror ~ '/' ~ ansible_facts['distribution_major_version'] ~ '/Everything/' ~ ansible_facts['architecture'] }}"
|
|
description: 'Extra Packages for Enterprise Linux $releasever - $basearch'
|
|
gpgkey: "file://{{ systemd_networkd_package_repos_keys[0].key }}"
|
|
gpgcheck: yes
|
|
enabled: yes
|
|
state: present
|
|
includepkgs: 'systemd-networkd'
|
|
when:
|
|
- ansible_facts['os_family'] | lower == 'redhat'
|
|
- ansible_facts['distribution_major_version'] is version('8', '>=')
|
|
register: install_epel_repo
|
|
until: install_epel_repo is success
|
|
retries: 5
|
|
delay: 2
|
|
|
|
- name: Install networkd distro packages
|
|
package:
|
|
name: "{{ systemd_networkd_distro_packages }}"
|
|
state: "present"
|
|
update_cache: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary('yes', omit) }}"
|
|
cache_valid_time: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary(600, omit) }}"
|
|
enablerepo: "{{ systemd_networkd_enablerepo | default(omit) }}"
|
|
when:
|
|
- systemd_networkd_distro_packages | length > 0
|
|
register: install_packages
|
|
until: install_packages is success
|
|
retries: 3
|
|
delay: 2
|
|
|
|
- name: Create systemd-networkd directory
|
|
file:
|
|
path: "/etc/systemd/network"
|
|
state: directory
|
|
tags:
|
|
- systemd-networkd
|
|
|
|
- name: Create systemd-resolved config
|
|
template:
|
|
src: "systemd-resolved.conf.j2"
|
|
dest: "/etc/systemd/resolved.conf"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0644"
|
|
when:
|
|
- systemd_resolved | length > 0
|
|
notify:
|
|
- Restart systemd-resolved
|
|
tags:
|
|
- systemd-resolved
|
|
|
|
- name: Find prefixed netdev and network files
|
|
find:
|
|
paths: "/etc/systemd/network"
|
|
patterns: "*{{ systemd_networkd_prefix }}*.netdev,*{{ systemd_networkd_prefix }}*.network"
|
|
register: networkd_files
|
|
when:
|
|
- systemd_interface_cleanup | bool
|
|
tags:
|
|
- systemd-networkd
|
|
|
|
- name: Remove prefixed network files
|
|
file:
|
|
path: "{{ item.path }}"
|
|
state: absent
|
|
with_items: "{{ networkd_files.files }}"
|
|
when:
|
|
- systemd_interface_cleanup | bool
|
|
notify:
|
|
- Restart systemd-networkd
|
|
tags:
|
|
- systemd-networkd
|
|
|
|
- name: Create systemd-networkd network device(s)
|
|
template:
|
|
src: "systemd-netdev.j2"
|
|
dest: "/etc/systemd/network/{{ (item.1.filename | default(systemd_networkd_filename)) ~ '.netdev' }}"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0644"
|
|
with_indexed_items: "{{ systemd_netdevs }}"
|
|
notify:
|
|
- Restart systemd-networkd
|
|
tags:
|
|
- systemd-networkd
|
|
|
|
- name: Create systemd-networkd network link(s)
|
|
config_template:
|
|
src: "systemd-link.j2"
|
|
dest: "/etc/systemd/network/{{ (item.1.filename | default(systemd_networkd_filename_alt)) ~ '.link' }}"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0644"
|
|
config_overrides: "{{ item.1.link_config_overrides | default(systemd_link_config_overrides) }}"
|
|
config_type: "ini"
|
|
with_indexed_items: "{{ systemd_networks }}"
|
|
notify:
|
|
- Update initramfs
|
|
- Restart systemd-networkd
|
|
tags:
|
|
- systemd-networkd
|
|
|
|
- name: Create systemd-networkd network network(s)
|
|
config_template:
|
|
src: "systemd-network.j2"
|
|
dest: "/etc/systemd/network/{{ (item.1.filename | default(systemd_networkd_filename_alt)) ~ '.network' }}"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0644"
|
|
config_overrides: "{{ item.1.config_overrides | default({}) }}"
|
|
config_type: "ini"
|
|
with_indexed_items: "{{ systemd_networks }}"
|
|
notify:
|
|
- Restart systemd-networkd
|
|
tags:
|
|
- systemd-networkd
|
|
|
|
- name: Enable and start systemd-networkd
|
|
systemd:
|
|
name: "systemd-networkd"
|
|
enabled: "yes"
|
|
state: started
|
|
async: 45
|
|
poll: 0
|
|
when:
|
|
- systemd_run_networkd | bool
|
|
tags:
|
|
- systemd-networkd
|
|
|
|
- name: restart systemd_networkd prior to applying sysctl changes
|
|
meta: flush_handlers
|
|
|
|
- name: Add IP Forward for interface
|
|
sysctl:
|
|
name: "net.ipv4.conf.{{ item.1.interface }}.forwarding"
|
|
value: 1
|
|
sysctl_set: yes
|
|
state: present
|
|
reload: yes
|
|
with_indexed_items: "{{ systemd_networks }}"
|
|
when:
|
|
- (ansible_facts['os_family'] | lower) == 'redhat'
|
|
- item.1.ipforward | default(false) | bool
|