From f6b12fd69664e8378900c8a48a03e86d9dda2880 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 27 Aug 2022 08:31:42 +0200 Subject: [PATCH 1/5] ifupdown2: add minimal support for bridges --- roles/ifupdown2/templates/interfaces.j2 | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/roles/ifupdown2/templates/interfaces.j2 b/roles/ifupdown2/templates/interfaces.j2 index d61606c..63eba91 100644 --- a/roles/ifupdown2/templates/interfaces.j2 +++ b/roles/ifupdown2/templates/interfaces.j2 @@ -3,11 +3,27 @@ {% for name, iface in ifupdown2__interfaces.items() %} auto {{ name }} iface {{ name }} -{% for address in iface.addresses %} +{% for address in iface.addresses | default([]) %} address {{ address | ipaddr }} {% endfor %} {% for gateway in iface.gateways | default([]) %} gateway {{ gateway | ipaddr }} {% endfor %} +{% if iface.bridge_ports is defined %} + bridge-ports {{ iface.bridge_ports | join(" ") }} +{% endif %} +{% if iface.bridge_vlan_aware is defined %} + bridge-vlan-aware {{ iface.bridge_vlan_aware + | ternary("yes", "no") }} +{% endif %} +{% if iface.bridge_vids is defined %} + bridge-vids {{ iface.bridge_vids | join(",") }} +{% endif %} +{% if iface.vlan_id is defined %} + vlan-id {{ iface.vlan_id | int }} +{% endif %} +{% if iface.vlan_raw_device is defined %} + vlan-raw-device {{ iface.vlan_raw_device }} +{% endif %} {% endfor %} -- 2.38.5 From d5b0fd85c8059e158ab2d304a3e56cea0f47f931 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 27 Aug 2022 09:18:16 +0200 Subject: [PATCH 2/5] ifupdown2: add bridge_disable_pvid option --- roles/ifupdown2/templates/interfaces.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/ifupdown2/templates/interfaces.j2 b/roles/ifupdown2/templates/interfaces.j2 index 63eba91..eecf4fe 100644 --- a/roles/ifupdown2/templates/interfaces.j2 +++ b/roles/ifupdown2/templates/interfaces.j2 @@ -25,5 +25,9 @@ iface {{ name }} {% if iface.vlan_raw_device is defined %} vlan-raw-device {{ iface.vlan_raw_device }} {% endif %} +{% if iface.bridge_disable_pvid | default(false) %} + bridge-pvid 0 + post-up bridge vlan del dev {{ name }} vid 1 self +{% endif %} {% endfor %} -- 2.38.5 From 5485254c4745de20563be3415c7e0a68569bb169 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 27 Aug 2022 09:28:07 +0200 Subject: [PATCH 3/5] ifupdown2: add forward option --- roles/ifupdown2/templates/interfaces.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/ifupdown2/templates/interfaces.j2 b/roles/ifupdown2/templates/interfaces.j2 index eecf4fe..4d53123 100644 --- a/roles/ifupdown2/templates/interfaces.j2 +++ b/roles/ifupdown2/templates/interfaces.j2 @@ -29,5 +29,9 @@ iface {{ name }} bridge-pvid 0 post-up bridge vlan del dev {{ name }} vid 1 self {% endif %} +{% if iface.forward | default(false) %} + ip-forward yes + ip6-forward yes +{% endif %} {% endfor %} -- 2.38.5 From 34b0ed54784dccacb9a923d841f4a649d9372f0a Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 27 Aug 2022 09:35:56 +0200 Subject: [PATCH 4/5] ifupdown2: add ipv6_addrgen option --- roles/ifupdown2/templates/interfaces.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/ifupdown2/templates/interfaces.j2 b/roles/ifupdown2/templates/interfaces.j2 index 4d53123..a1e8f8a 100644 --- a/roles/ifupdown2/templates/interfaces.j2 +++ b/roles/ifupdown2/templates/interfaces.j2 @@ -33,5 +33,9 @@ iface {{ name }} ip-forward yes ip6-forward yes {% endif %} +{% if iface.ipv6_addrgen is defined %} + ipv6-addrgen {{ iface.ipv6_addrgen + | ternary("yes", "no") }} +{% endif %} {% endfor %} -- 2.38.5 From 8cc6e916b77059faf84747fc74dd98f662c90579 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Sat, 27 Aug 2022 10:21:04 +0200 Subject: [PATCH 5/5] ifupdown2: add sample playbook --- hosts | 5 ++ playbooks/ifupdown2.yml | 181 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 186 insertions(+) diff --git a/hosts b/hosts index 26e2665..52f5078 100644 --- a/hosts +++ b/hosts @@ -93,6 +93,11 @@ ntp-1.int.infra.auro.re prometheus-fleming.adm.auro.re #prometheus-fleming-fo.adm.auro.re radius-fleming.adm.auro.re +dns-1.int.infra.auro.re +isp-1.rtr.infra.auro.re +isp-2.rtr.infra.auro.re +dhcp-1.isp.auro.re +dhcp-2.isp.auro.re radius-fleming-backup.adm.auro.re unifi-fleming.adm.auro.re routeur-fleming.adm.auro.re diff --git a/playbooks/ifupdown2.yml b/playbooks/ifupdown2.yml index 01d72f0..fcd816c 100755 --- a/playbooks/ifupdown2.yml +++ b/playbooks/ifupdown2.yml @@ -2,6 +2,11 @@ --- - hosts: - ntp-1.int.infra.auro.re + - dns-1.int.infra.auro.re + - dhcp-1.isp.auro.re + - dhcp-2.isp.auro.re + - isp-1.rtr.infra.auro.re + - isp-2.rtr.infra.auro.re vars: # TODO: netbox ifupdown2__hosts: @@ -13,12 +18,188 @@ addresses: - 2a09:6840:128::203/56 - 10.128.0.203/16 + dns-1.int.infra.auro.re: + ens18: + gateways: + - 2a09:6840:128::254 + - 10.128.0.254 + addresses: + - 2a09:6840:128::127/56 + - 10.128.0.127/16 + dhcp-1.isp.auro.re: + ens18: + gateways: + - 2a09:6840:128::254 + - 10.128.0.254 + addresses: + - 2a09:6840:128::204/56 + - 10.128.0.204/16 + ens19: null + clients: + bridge_vlan_aware: true + bridge_ports: + - ens19 + bridge_vids: + - 1000-1004 + client-0: + addresses: + - 100.64.0.2/27 + vlan_id: 1000 + vlan_raw_device: clients + client-1: + addresses: + - 100.64.0.34/27 + vlan_id: 1001 + vlan_raw_device: clients + client-2: + addresses: + - 100.64.0.66/27 + vlan_id: 1002 + vlan_raw_device: clients + client-3: + addresses: + - 100.64.0.98/27 + vlan_id: 1003 + vlan_raw_device: clients + client-4: + addresses: + - 100.64.0.130/27 + vlan_id: 1004 + vlan_raw_device: clients + dhcp-2.isp.auro.re: + ens18: + gateways: + - 2a09:6840:128::254 + - 10.128.0.254 + addresses: + - 2a09:6840:128::91/56 + - 10.128.0.91/16 + ens19: null + clients: + bridge_vlan_aware: true + bridge_ports: + - ens19 + bridge_vids: + - 1000-1004 + client-0: + addresses: + - 100.64.0.3/27 + vlan_id: 1000 + vlan_raw_device: clients + client-1: + addresses: + - 100.64.0.35/27 + vlan_id: 1001 + vlan_raw_device: clients + client-2: + addresses: + - 100.64.0.67/27 + vlan_id: 1002 + vlan_raw_device: clients + client-3: + addresses: + - 100.64.0.99/27 + vlan_id: 1003 + vlan_raw_device: clients + client-4: + addresses: + - 100.64.0.131/27 + vlan_id: 1004 + vlan_raw_device: clients + isp-1.rtr.infra.auro.re: + ens18: + gateways: + - 2a09:6840:128::254 + - 10.128.0.254 + addresses: + - 2a09:6840:128::255/56 + - 10.128.0.255/16 + ens19: null + clients: + bridge_vlan_aware: true + bridge_ports: + - ens19 + bridge_vids: + - 1000-1004 + bridge_disable_pvid: true + forward: true + ipv6_addrgen: false + client-0: + forward: true + vlan_id: 1000 + vlan_raw_device: clients + ipv6_addrgen: false + client-1: + forward: true + vlan_id: 1001 + vlan_raw_device: clients + ipv6_addrgen: false + client-2: + forward: true + vlan_id: 1002 + vlan_raw_device: clients + ipv6_addrgen: false + client-3: + forward: true + vlan_id: 1003 + vlan_raw_device: clients + ipv6_addrgen: false + client-4: + forward: true + vlan_id: 1004 + vlan_raw_device: clients + ipv6_addrgen: false + isp-2.rtr.infra.auro.re: + ens18: + gateways: + - 2a09:6840:128::254 + - 10.128.0.254 + addresses: + - 2a09:6840:128::158/56 + - 10.128.0.158/16 + ens19: null + clients: + bridge_vlan_aware: true + bridge_ports: + - ens19 + bridge_vids: + - 1000-1004 + client-0: + forward: true + vlan_id: 1000 + vlan_raw_device: clients + ipv6_addrgen: false + client-1: + forward: true + vlan_id: 1001 + vlan_raw_device: clients + ipv6_addrgen: false + client-2: + forward: true + vlan_id: 1002 + vlan_raw_device: clients + ipv6_addrgen: false + client-3: + forward: true + vlan_id: 1003 + vlan_raw_device: clients + ipv6_addrgen: false + client-4: + forward: true + vlan_id: 1004 + vlan_raw_device: clients + ipv6_addrgen: false ifupdown2__interfaces: "{{ ifupdown2__hosts[inventory_hostname] }}" roles: - ifupdown2 - hosts: - ntp-1.int.infra.auro.re + - dns-1.int.infra.auro.re + - dhcp-1.isp.auro.re + - dhcp-2.isp.auro.re + - isp-1.rtr.infra.auro.re + - isp-2.rtr.infra.auro.re vars: resolvconf__nameservers: - 2a09:6840:128::127 -- 2.38.5