From 3a2753c178504bc8f931669b6274eef2c22af027 Mon Sep 17 00:00:00 2001 From: Murat Aybars <39916128+aybarsm@users.noreply.github.com> Date: Thu, 27 Jun 2024 12:30:43 +0100 Subject: [PATCH] Empty commit message --- roles/network_interfaces/defaults/main.yml | 115 ++++++++++++++---- roles/network_interfaces/handlers/command.yml | 19 +++ roles/network_interfaces/handlers/main.yml | 6 + roles/network_interfaces/handlers/service.yml | 17 +++ .../tasks/network_interfaces.yml | 8 +- .../templates/network_interfaces.j2 | 2 +- roles/posix/handlers/.gitkeep | 0 roles/posix/tasks/sysctl.yml | 10 +- roles/posix/templates/.gitkeep | 0 roles/posix/vars/.gitkeep | 0 roles/systemd/defaults/network.yml | 6 +- roles/systemd/handlers/main.yml | 11 +- roles/systemd/tasks/network.yml | 32 ++--- .../templates/{network_unit.j2 => network.j2} | 0 roles/systemd/vars/.gitkeep | 0 15 files changed, 161 insertions(+), 65 deletions(-) create mode 100644 roles/network_interfaces/handlers/command.yml create mode 100644 roles/network_interfaces/handlers/main.yml create mode 100644 roles/network_interfaces/handlers/service.yml delete mode 100644 roles/posix/handlers/.gitkeep delete mode 100644 roles/posix/templates/.gitkeep delete mode 100644 roles/posix/vars/.gitkeep rename roles/systemd/templates/{network_unit.j2 => network.j2} (100%) delete mode 100644 roles/systemd/vars/.gitkeep diff --git a/roles/network_interfaces/defaults/main.yml b/roles/network_interfaces/defaults/main.yml index 8cf342a..4edd8c4 100644 --- a/roles/network_interfaces/defaults/main.yml +++ b/roles/network_interfaces/defaults/main.yml @@ -1,43 +1,104 @@ --- linux_manage_network_interfaces: false + +# Leave empty not to apply changes +linux_network_interfaces_change_strategy: '' + +# Example for apply changes via command strategy: +# linux_network_interfaces_change_strategy: command +# linux_network_interfaces_change: +# - cmd: ifreload -a + +# Example for apply changes via service strategy: +# linux_network_interfaces_change_strategy: service +# linux_network_interfaces_change: +# - name: networking +# state: restarted + linux_network_interfaces_dir: /etc/network linux_network_interfaces_file: interfaces +linux_network_interfaces_file_destination: "{{ linux_network_interfaces_dir + '/' + linux_network_interfaces_file }}" +# Keep the lo interface in the file linux_network_interfaces_file_keep_lo: true +# The location of the source line in the file (controversial topic) linux_network_interfaces_file_source_position: bottom - -# Seggrate network interfaces into separate files i.e. /etc/network/interfaces.d/eth0 -# This has not been implemented yet -# TODO: Implement this feature -linux_network_interfaces_segregate: false -linux_network_interfaces_seggregate_dir: "{{ linux_network_interfaces_dir }}/interfaces.d" linux_network_interfaces_source_line: "source {{ linux_network_interfaces_seggregate_dir }}/*" -linux_network_interfaces_backup_files: true +linux_network_interfaces_backup: true linux_network_interfaces_template: network_interfaces.j2 -# This has not been implemented yet -# TODO: Implement this feature -linux_network_interfaces_iface_template: network_interfaces.iface.j2 - -linux_network_interfaces_apply_changes: false -# TODO: Implement this feature -linux_systemd_network_responsible_services: - - networking -linux_systemd_network_responsible_commands: - - ifreload -a - -linux_network_interfaces_ifaces_static_excludes: [] -linux_network_interfaces_ifaces_dhcp_excludes: [ +linux_network_interfaces_static_excludes: [] +linux_network_interfaces_dhcp_excludes: [ 'address', 'netmask', 'gateway', 'broadcast', 'network', 'dns-nameservers', 'dns-search', 'dns-domain', 'dns-domain-search', 'dns-options', 'dns-sortlist', 'dns-opts'] -linux_network_interfaces_ifaces_default: [] -linux_network_interfaces_ifaces_group: [] -linux_network_interfaces_ifaces_host: [] -linux_network_interfaces_ifaces_all: "{{ - [linux_interfaces_file_ifaces_default, linux_interfaces_file_ifaces_group, linux_interfaces_file_ifaces_host] | +linux_network_interfaces_default: [] +linux_network_interfaces_group: [] +linux_network_interfaces_host: [] + +# The combination strategy below is highly nested hierarchy compliant and recommended (Example provided below) +# linux_network_interfaces_host > linux_network_interfaces_group > linux_network_interfaces_default +linux_network_interfaces_all: "{{ + [linux_network_interfaces_default, linux_network_interfaces_group, linux_network_interfaces_host] | community.general.lists_mergeby('name', recursive=true, list_merge='prepend') | - unique_recursive(attribute='name', recurse='inet') | unique_recursive(attribute='name', recurse='inet6') }}" + aybarsm.helper.unique_recursive(attribute='name', recurse='inet') | aybarsm.helper.unique_recursive(attribute='name', recurse='inet6') }}" + +# linux_network_interfaces_default: +# - name: enp0s6 +# mount: auto +# - name: vmbr0 +# inet: +# - name: bridge-ports +# value: enp0s6 +# - name: bridge-stp +# value: "on" + +# linux_network_interfaces_group: +# - name: vmbr0 +# mount: auto +# inet: +# - name: method +# value: dhcp +# - name: bridge-stp +# value: "off" +# - name: bridge-fd +# value: 0 + +# linux_network_interfaces_host: +# - name: enp0s6 +# mount: None +# - name: vmbr0 +# inet: +# - name: method +# value: static +# - name: address +# value: 10.255.255.2/24 +# inet6: +# - name: method +# value: static +# - name: address +# value: fdff::1/64 -__linux_network_interfaces_file_destination: "{{ linux_network_interfaces_dir + '/' + linux_network_interfaces_file }}" +# !!!!! RESULT: !!!!! +# linux_network_interfaces_all: +# - name: enp0s6 +# mount: None # Replaced from default by host +# - name: vmbr0 +# mount: auto # Merged from group +# inet: +# - name: method # Replaced from group by host +# value: static +# - name: address # Replaced from group by host +# value: 10.255.255.2/24 +# - name: bridge-ports # Merged from default by group +# value: enp0s6 +# - name: bridge-stp # Replaced from default by group +# value: "off" +# - name: bridge-fd # Merged from group +# value: 0 +# inet6: +# - name: method # Merged from host +# value: static +# - name: address # Merged from host +# value: fdff::1/64 diff --git a/roles/network_interfaces/handlers/command.yml b/roles/network_interfaces/handlers/command.yml new file mode 100644 index 0000000..9d38e64 --- /dev/null +++ b/roles/network_interfaces/handlers/command.yml @@ -0,0 +1,19 @@ +--- +- name: Apply command(s) for linux_network_interfaces changes + become: true + ansible.builtin.command: + argv: "{{ item.argv | default(omit) }}" + chdir: "{{ item.chdir | default(omit) }}" + cmd: "{{ item.cmd }}" + creates: "{{ item.creates | default(omit) }}" + expand_argument_vars: "{{ item.expand_argument_vars | default(omit) }}" + free_form: "{{ item.free_form | default(omit) }}" + removes: "{{ item.removes | default(omit) }}" + stdin: "{{ item.stdin | default(omit) }}" + stdin_add_newline: "{{ item.stdin_add_newline | default(omit) }}" + strip_empty_ends: "{{ item.strip_empty_ends | default(omit) }}" + loop: "{{ linux_network_interfaces_change | selectattr('cmd', 'defined') }}" + register: linux_network_interfaces_apply_changes_command + when: + - linux_network_interfaces_change | type_debug == 'list' + - linux_network_interfaces_change | selectattr('cmd', 'defined') | length > 0 diff --git a/roles/network_interfaces/handlers/main.yml b/roles/network_interfaces/handlers/main.yml new file mode 100644 index 0000000..439f745 --- /dev/null +++ b/roles/network_interfaces/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: Apply linux_network_interfaces changes + ansible.builtin.import_tasks: + file: "{{ linux_network_interfaces_change_strategy }}.yml" + listen: "linux_network_interfaces_apply_changes" + when: linux_network_interfaces_change_strategy | default('') | in ['command', 'service'] diff --git a/roles/network_interfaces/handlers/service.yml b/roles/network_interfaces/handlers/service.yml new file mode 100644 index 0000000..ab64df3 --- /dev/null +++ b/roles/network_interfaces/handlers/service.yml @@ -0,0 +1,17 @@ +--- +- name: Effect service(s) for linux_network_interfaces changes + become: true + ansible.builtin.service: + arguments: "{{ item.arguments | default(omit) }}" + enabled: "{{ item.enabled | default(omit) }}" + name: "{{ item.name }}" + pattern: "{{ item.pattern | default(omit) }}" + runlevel: "{{ item.runlevel | default(omit) }}" + sleep: "{{ item.sleep | default(omit) }}" + state: "{{ item.state | default(omit) }}" + use: "{{ item.use | default(omit) }}" + loop: "{{ linux_network_interfaces_change | selectattr('name', 'defined') }}" + register: linux_network_interfaces_apply_changes_service + when: + - linux_network_interfaces_change | type_debug == 'list' + - linux_network_interfaces_change | selectattr('name', 'defined') | length > 0 diff --git a/roles/network_interfaces/tasks/network_interfaces.yml b/roles/network_interfaces/tasks/network_interfaces.yml index 3035057..9c5479f 100644 --- a/roles/network_interfaces/tasks/network_interfaces.yml +++ b/roles/network_interfaces/tasks/network_interfaces.yml @@ -3,11 +3,11 @@ become: true ansible.builtin.template: src: "{{ linux_network_interfaces_template }}" - dest: "{{ __linux_network_interfaces_file_destination }}" - backup: "{{ linux_network_interfaces_backup_files | default(omit) | bool }}" + dest: "{{ linux_network_interfaces_file_destination }}" + backup: "{{ linux_network_interfaces_backup | default(omit) | bool }}" mode: "0644" when: - linux_network_interfaces_ifaces_all | type_debug == 'list' - linux_network_interfaces_ifaces_all | length > 0 - register: linux_network_interfaces_deploy_files - notify: linux_network_interfaces_update + register: linux_network_interfaces_deploy_file + notify: linux_network_interfaces_apply_changes diff --git a/roles/network_interfaces/templates/network_interfaces.j2 b/roles/network_interfaces/templates/network_interfaces.j2 index f5edd67..4ea3df6 100644 --- a/roles/network_interfaces/templates/network_interfaces.j2 +++ b/roles/network_interfaces/templates/network_interfaces.j2 @@ -19,7 +19,7 @@ iface lo inet loopback {% set ifaceMethod = iface[addr_family] | selectattr('name', 'equalto', 'method') | map(attribute='value') | first | default('') %} {% if ifaceMethod in ['static', 'dhcp'] %} iface {{ iface.name }} {{ addr_family }} {{ ifaceMethod }} -{% set ifaceParamsExclude = linux_network_interfaces_ifaces_dhcp_excludes if ifaceMethod == 'dhcp' else linux_network_interfaces_ifaces_static_excludes %} +{% set ifaceParamsExclude = linux_network_interfaces_dhcp_excludes | default([]) if ifaceMethod == 'dhcp' else linux_network_interfaces_static_excludes | default([]) %} {% set ifaceParamsExclude = ifaceParamsExclude + ['method'] %} {% set ifaceParams = iface[addr_family] | rejectattr('name', 'in', ifaceParamsExclude) %} {% if ifaceParams | length > 0 %} diff --git a/roles/posix/handlers/.gitkeep b/roles/posix/handlers/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/roles/posix/tasks/sysctl.yml b/roles/posix/tasks/sysctl.yml index f6e8862..4a93475 100644 --- a/roles/posix/tasks/sysctl.yml +++ b/roles/posix/tasks/sysctl.yml @@ -1,14 +1,14 @@ --- -- name: Manage sysctl settings +- name: Deploy posix sysctl settings ansible.posix.sysctl: name: "{{ item.name }}" value: "{{ item.value }}" ignoreerrors: "{{ item.ignoreerrors | default(omit) | bool }}" reload: "{{ item.reload | default(omit) | bool }}" - state: "{{ item.state | default('present') }}" + state: "{{ item.state | default(omit) }}" sysctl_file: "{{ item.sysctl_file | default(omit) }}" sysctl_set: "{{ item.sysctl_set | default(omit) | bool }}" when: - - linux_posix_sysctl_conf | linux_type_debug == 'list' - - linux_posix_sysctl_conf | length > 0 - loop: "{{ linux_posix_sysctl_conf }}" + - linux_posix_sysctl_all | linux_type_debug == 'list' + - linux_posix_sysctl_all | length > 0 + loop: "{{ linux_posix_sysctl_all }}" diff --git a/roles/posix/templates/.gitkeep b/roles/posix/templates/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/roles/posix/vars/.gitkeep b/roles/posix/vars/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/roles/systemd/defaults/network.yml b/roles/systemd/defaults/network.yml index dea860e..068d55b 100644 --- a/roles/systemd/defaults/network.yml +++ b/roles/systemd/defaults/network.yml @@ -1,11 +1,7 @@ --- linux_manage_systemd_network: false -linux_systemd_network_apply_changes: [] -# linux_systemd_network_apply_changes: -# - service: systemd-networkd -# state: restarted -# - command: "systemctl daemon-reload" +linux_systemd_network_apply_changes: false linux_systemd_network_backup: true linux_systemd_network_cleanup: false diff --git a/roles/systemd/handlers/main.yml b/roles/systemd/handlers/main.yml index 0986566..9c6e805 100644 --- a/roles/systemd/handlers/main.yml +++ b/roles/systemd/handlers/main.yml @@ -1,11 +1,8 @@ --- -- name: Restart designated service(s) for systemd network changes +- name: Restart systemd-networkd service for linux_systemd_network changes become: true ansible.builtin.service: - name: "{{ item }}" + name: "systemd-networkd" state: restarted - listen: "linux_systemd_network_restart" - loop: "{{ linux_systemd_network_responsible_services }}" - when: - - linux_systemd_network_apply_changes | type_debug == 'list' - - linux_systemd_network_apply_changes | length > 0 + listen: "linux_systemd_networkd_restart" + when: linux_systemd_network_apply_changes | bool diff --git a/roles/systemd/tasks/network.yml b/roles/systemd/tasks/network.yml index 27da96d..49936fc 100644 --- a/roles/systemd/tasks/network.yml +++ b/roles/systemd/tasks/network.yml @@ -1,35 +1,35 @@ --- -- name: Find unexpected systemd-network unit files +- name: Find unexpected systemd-network files become: true ansible.builtin.find: - paths: "{{ linux_systemd_network_unit_dir }}" + paths: "{{ linux_systemd_network_dir }}" patterns: "{{ linux_systemd_network_cleanup_patterns }}" use_regex: "{{ linux_systemd_network_cleanup_patterns_use_regex | bool }}" - when: linux_systemd_network_cleanup_units | bool + when: linux_systemd_network_cleanup | bool register: linux_systemd_network_find_cleanup_files -- name: Remove unexpected systemd-network unit files +- name: Remove unexpected systemd-network files become: true ansible.builtin.file: path: "{{ item }}" state: absent loop: "{{ linux_systemd_network_find_cleanup_files.files | map(attribute='path') }}" when: - - linux_systemd_network_cleanup_units | bool + - linux_systemd_network_cleanup | bool - linux_systemd_network_find_cleanup_files.files | length > 0 - register: linux_systemd_network_cleanup_unit_files - notify: linux_systemd_network_restart + register: linux_systemd_network_cleanup_files + notify: linux_systemd_networkd_restart -- name: Deploy systemd-network unit files +- name: Deploy systemd-network files become: true ansible.builtin.template: - src: "{{ linux_systemd_network_unit_template }}" - dest: "{{ linux_systemd_network_unit_dir }}/{{ item.name }}" - backup: "{{ linux_systemd_network_backup_units | default(omit) | bool }}" + src: "{{ linux_systemd_network_template }}" + dest: "{{ linux_systemd_network_dir }}/{{ item.name }}" + backup: "{{ linux_systemd_network_backup | default(omit) | bool }}" mode: "0644" - loop: "{{ linux_systemd_network_units_all }}" + loop: "{{ linux_systemd_network_all }}" when: - - linux_systemd_network_units_all | type_debug == 'list' - - linux_systemd_network_units_all | length > 0 - register: linux_systemd_network_deploy_unit_files - notify: linux_systemd_network_restart + - linux_systemd_network_all | type_debug == 'list' + - linux_systemd_network_all | length > 0 + register: linux_systemd_network_deploy_files + notify: linux_systemd_networkd_restart diff --git a/roles/systemd/templates/network_unit.j2 b/roles/systemd/templates/network.j2 similarity index 100% rename from roles/systemd/templates/network_unit.j2 rename to roles/systemd/templates/network.j2 diff --git a/roles/systemd/vars/.gitkeep b/roles/systemd/vars/.gitkeep deleted file mode 100644 index e69de29..0000000