Michael Vollman 242b3c3fb4 Add ipforward option to configure IPForward
Add ipforward bool optional setting to systemd_networks to enable
or disable forwarding for a given interface.  IPForward is disabled
by default.

Change-Id: Iaea33b1bdde1964f38612ab8c278fed4985d390b
2019-02-11 09:55:26 -05:00

187 lines
5.3 KiB
YAML

---
# Copyright 2018, Rackspace US, Inc.
# Copyright 2018, Logan Vig <logan2211@gmail.com>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Playbook for role testing
hosts: localhost
connection: local
become: true
gather_facts: true
roles:
- role: "systemd_networkd"
vars:
systemd_networkd_link:
MACAddressPolicy: "persistent"
NamePolicy: "kernel database onboard slot path"
systemd_run_networkd: yes
systemd_resolved:
DNS: "208.67.222.222"
FallbackDNS: "8.8.8.8"
Cache: yes
systemd_netdevs:
- NetDev:
Name: dummy0
Kind: dummy
- NetDev:
Name: dummy1
Kind: dummy
- NetDev:
Name: bond0
Kind: bond
Bond:
Mode: 802.3ad
TransmitHashPolicy: layer3+4
MIIMonitorSec: 1s
LACPTransmitRate: fast
- NetDev:
Name: br-dummy
Kind: bridge
- NetDev:
Name: dummy2
Kind: dummy
- NetDev:
Name: br-test
Kind: bridge
- NetDev:
Name: br-test2
Kind: bridge
systemd_networks:
- interface: "dummy0"
bond: "bond0"
mtu: 9000
- interface: "dummy1"
bond: "bond0"
mtu: 9000
- interface: "bond0"
bridge: "br-dummy"
mtu: 9000
- interface: "br-dummy"
address: "10.0.0.100"
netmask: "255.255.255.0"
gateway: "{{ ansible_default_ipv4.gateway | default('10.0.0.1') }}"
mtu: 9000
usedns: true
static_routes:
- gateway: "10.1.0.1"
cidr: "10.1.0.0/24"
config_overrides:
Network:
ConfigureWithoutCarrier: true
link_config_overrides:
Alias: "dummy-bridge0"
- interface: "dummy2"
bridge: "br-test"
- interface: "br-test"
address: "10.1.0.1"
netmask: "255.255.255.0"
- interface: "br-test2"
address: 10.2.0.1
netmask: "255.255.255.0"
ipforward: true
- name: Test networkd
hosts: localhost
connection: local
become: true
gather_facts: true
tasks:
- name: Interface check
assert:
that:
- ansible_dummy0['active'] == true
- ansible_dummy0['type'] == 'ether'
- ansible_dummy0['mtu'] == 9000
- ansible_dummy1['active'] == true
- ansible_dummy1['type'] == 'ether'
- ansible_dummy1['mtu'] == 9000
- ansible_dummy2['active'] == true
- ansible_dummy2['type'] == 'ether'
- name: Bond check
assert:
that:
- ansible_bond0['active'] == true
- ansible_bond0['type'] == 'bonding'
- ansible_bond0['mtu'] == 9000
- name: Bridge check
assert:
that:
- ansible_br_dummy['active'] == true
- ansible_br_dummy['type'] == 'bridge'
- ansible_br_dummy['ipv4']['address'] == '10.0.0.100'
- ansible_br_dummy['ipv4']['netmask'] == '255.255.255.0'
- name: Bridge check
assert:
that:
- ansible_br_test['active'] == true
- ansible_br_test['type'] == 'bridge'
- ansible_br_test['ipv4']['address'] == '10.1.0.1'
- ansible_br_test['ipv4']['netmask'] == '255.255.255.0'
- name: Check link config overrides
shell: 'grep -wo "Alias" /etc/systemd/network/*br-dummy.link'
changed_when: false
- name: Check general link config
shell: 'grep -wo "{{ item }}" /etc/systemd/network/*.link'
changed_when: false
with_items:
- MACAddressPolicy
- NamePolicy
- name: Check forwarding is enabled
shell: 'grep -wo ^1$ /proc/sys/net/{{ item }}'
changed_when: false
with_items:
- "ipv4/ip_forward"
- "ipv4/conf/all/forwarding"
- "ipv4/conf/br-test2/forwarding"
- name: Playbook for role testing with cleanup
hosts: localhost
connection: local
become: true
gather_facts: true
roles:
- role: "systemd_networkd"
post_tasks:
- name: Interface check
assert:
that:
- ansible_br_test is defined
- ansible_dummy2['active'] == true
- ansible_dummy2['type'] == 'ether'
- name: Bridge check
assert:
that:
- ansible_br_test['active'] == true
- ansible_br_test['type'] == 'bridge'
- ansible_br_test['ipv4']['address'] == '10.1.0.1'
- ansible_br_test['ipv4']['netmask'] == '255.255.255.0'
vars:
systemd_interface_cleanup: true
systemd_run_networkd: yes
systemd_netdevs:
- NetDev:
Name: dummy2
Kind: dummy
- NetDev:
Name: br-test
Kind: bridge
systemd_networks:
- interface: "dummyX"
bridge: "br-test"
- interface: "br-test"
address: "10.1.0.1"
netmask: "255.255.255.0"