Mark Goddard 9053183fe7 Support dict format IP routing rules on CentOS/Rocky
This support is now available in the MichaelRigart.interfaces role.

The host configuration CI test has been updated to test policy-based
routing routes and rules on CentOS Stream and Rocky Linux. It also now
tests both the string and dict rule formats on CentOS and Rocky.

Change-Id: Ie77530c38ab426dcbaa442776bcf048d7bbc0f01
2024-05-01 21:40:34 +02:00

218 lines
6.2 KiB
Django/Jinja

---
# The following configuration aims to test some of the 'host configure'
# command.
# Additional users.
controller_users:
- username: kayobe-test-user
name: Kayobe test user
password: kayobe-test-user-password
groups:
- stack
# Additional network interfaces, testing a variety of interface configurations.
controller_extra_network_interfaces:
- test_net_eth
- test_net_eth_vlan
- test_net_bridge
- test_net_bridge_vlan
- test_net_bond
- test_net_bond_vlan
- test_net_bridge_noip
{% if ansible_os_family == "Debian" %}
- test_net_systemd_vlan
{% endif %}
# Custom IP routing tables.
network_route_tables:
- id: 2
name: kayobe-test-route-table
# dummy2: Ethernet interface.
test_net_eth_cidr: 192.168.34.0/24
test_net_eth_routes:
- cidr: 192.168.40.0/24
gateway: 192.168.34.254
test_net_eth_interface: dummy2
# dummy2.42: VLAN subinterface of dummy2.
test_net_eth_vlan_cidr: 192.168.35.0/24
test_net_eth_vlan_interface: "{% raw %}{{ test_net_eth_interface }}.{{ test_net_eth_vlan_vlan }}{% endraw %}"
test_net_eth_vlan_vlan: 42
test_net_eth_vlan_routes:
- cidr: 192.168.40.0/24
gateway: 192.168.35.254
table: kayobe-test-route-table
test_net_eth_vlan_rules:
{% if ansible_facts.os_family == 'RedHat' %}
- from 192.168.35.0/24 table 2
- to: 192.168.35.0/24
table: kayobe-test-route-table
{% else %}
- from: 192.168.35.0/24
table: kayobe-test-route-table
- to: 192.168.35.0/24
table: kayobe-test-route-table
{% endif %}
test_net_eth_vlan_zone: test-zone1
# br0: bridge with ports dummy3, dummy4.
test_net_bridge_cidr: 192.168.36.0/24
test_net_bridge_interface: br0
test_net_bridge_bridge_ports: [dummy3, dummy4]
test_net_bridge_bridge_stp: false
test_net_bridge_zone: test-zone2
# br0.43: VLAN subinterface of br0.
test_net_bridge_vlan_cidr: 192.168.37.0/24
test_net_bridge_vlan_interface: "{% raw %}{{ test_net_bridge_interface }}.{{ test_net_bridge_vlan_vlan }}{% endraw %}"
test_net_bridge_vlan_vlan: 43
test_net_bridge_vlan_zone: test-zone3
# bond0: bond with slaves dummy5, dummy6.
test_net_bond_cidr: 192.168.38.0/24
test_net_bond_interface: bond0
test_net_bond_bond_slaves: [dummy5, dummy6]
test_net_bond_zone: test-zone3
# bond0.44: VLAN subinterface of bond0.
test_net_bond_vlan_cidr: 192.168.39.0/24
test_net_bond_vlan_interface: "{% raw %}{{ test_net_bond_interface }}.{{ test_net_bond_vlan_vlan }}{% endraw %}"
test_net_bond_vlan_vlan: 44
test_net_bond_vlan_zone: public
# br1: Bridge interface without IP address.
test_net_bridge_noip_cidr: 192.168.40.0/24
test_net_bridge_noip_interface: br1
test_net_bridge_noip_bridge_ports: [dummy7]
test_net_bridge_noip_bridge_stp: true
test_net_bridge_noip_no_ip: true
{% if ansible_os_family == "Debian" %}
# vlan45: VLAN interface of bond0 using systemd-networkd style
test_net_systemd_vlan_cidr: 192.168.41.0/24
test_net_systemd_vlan_interface: "vlan{% raw %}{{ test_net_systemd_vlan_vlan }}{% endraw %}"
test_net_systemd_vlan_parent: "{% raw %}{{ test_net_bond_interface }}{% endraw %}"
test_net_systemd_vlan_vlan: 45
test_net_systemd_vlan_zone: public
{% endif %}
# Define a software RAID device consisting of two loopback devices.
controller_mdadm_arrays:
- name: md0
devices:
- /dev/loop0
- /dev/loop1
level: '1'
state: present
# Layer LUKS encryption on top of the software RAID
controller_luks_devices:
- name: loopback-crypt
device: /dev/md0
# Create an LVM volume group for Docker volumes.
controller_lvm_groups:
- "{% raw %}{{ controller_lvm_group_data }}{% endraw %}"
# Provide a disk for use by LVM. Uses the LUKS encrypted device created above.
controller_lvm_group_data_disks:
- /dev/mapper/loopback-crypt
# Set a sysctl.
controller_sysctl_parameters:
fs.mount-max: 99999
# Disable cloud-init.
disable_cloud_init: true
# Set Honolulu time.
timezone: Pacific/Honolulu
{% if ansible_facts.os_family == "Debian" %}
apt_config:
- content: |
Acquire::Retries 1;
filename: 99retries
apt_keys:
- url: https://packages.treasuredata.com/GPG-KEY-td-agent
filename: td-agent.asc
apt_repositories:
# Ubuntu jammy repositories.
- url: "http://{{ zuul_site_mirror_fqdn }}/ubuntu/"
suites: jammy jammy-updates
components: main restricted universe multiverse
- url: "http://{{ zuul_site_mirror_fqdn }}/ubuntu/"
suites: jammy-security
components: main restricted universe multiverse
# Treasuredata repository.
- url: http://packages.treasuredata.com/4/ubuntu/jammy/
components: contrib
signed_by: td-agent.asc
apt_disable_sources_list: true
apt_auth:
- machine: https://apt.example.com
login: foo
password: bar
filename: test.conf
{% endif %}
{% if ansible_facts.os_family == 'RedHat' %}
# Use a local DNF mirror.
dnf_use_local_mirror: true
{% if ansible_facts.distribution == 'CentOS' %}
# Mirror FQDN for DNF repos.
dnf_centos_mirror_host: "{{ zuul_site_mirror_fqdn }}"
# Mirror directory for DNF CentOS repos.
dnf_centos_mirror_directory: 'centos-stream'
{% endif %}
# Mirror FQDN for DNF EPEL repos.
dnf_epel_mirror_host: "{{ zuul_site_mirror_fqdn }}"
# Mirror directory for DNF EPEL repos.
dnf_epel_mirror_directory: 'epel'
# Configure a custom DNF repository.
dnf_custom_repos:
td-agent:
baseurl: http://packages.treasuredata.com/4/redhat/$releasever/$basearch
gpgkey: https://packages.treasuredata.com/GPG-KEY-td-agent
gpgcheck: yes
# Install EPEL local mirror.
dnf_install_epel: true
# Enable DNF Automatic.
dnf_automatic_enabled: true
{% endif %}
# Override the default NTP pool
chrony_ntp_servers:
- server: time.cloudflare.com
type: pool
options:
- option: maxsources
val: 2
# Enable firewalld
controller_firewalld_enabled: true
controller_firewalld_zones:
- zone: test-zone1
- zone: test-zone2
- zone: test-zone3
controller_firewalld_default_zone:
controller_firewalld_rules:
- port: 8080/tcp
zone: test-zone1
- service: http
zone: test-zone2
- icmp_block: echo-request
zone: test-zone3
- service: cockpit
state: disabled
zone: public
# Configure a swap file.
controller_swap:
- path: /swapfile
size_mb: 256
# Generate a password for libvirt SASL authentication.
compute_libvirt_sasl_password: "{% raw %}{{ lookup('password', '/tmp/libvirt-sasl-password') }}{% endraw %}"