From: David Galloway <dgallowa@redhat.com>
Date: Tue, 11 May 2021 16:53:11 +0000 (-0400)
Subject: gateway: Support writing addl routes
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F620%2Fhead;p=ceph-cm-ansible.git

gateway: Support writing addl routes

Signed-off-by: David Galloway <dgallowa@redhat.com>
---

diff --git a/roles/gateway/README.rst b/roles/gateway/README.rst
index 565cae36..5cea2e12 100644
--- a/roles/gateway/README.rst
+++ b/roles/gateway/README.rst
@@ -78,8 +78,8 @@ VLAN in your lab.  The subelements ``peerdns`` and ``dns{1,2}`` are optional for
 all but one NIC.  These are what set your nameservers in
 ``/etc/resolv.conf``.
 ``dns1`` and ``dns2`` should be defined under a single NIC and ``peerdns``
-should be set to ``"yes"``.  Defined in the
-secrets repo::
+should be set to ``"yes"``.  ``routes`` is optional but must be formatted as documented in RHEL_ documentation.
+Defined in the secrets repo::
 
     # Example:
     gw_networks:
@@ -94,6 +94,13 @@ secrets repo::
         search "private.example.com"
         dns1: "192.168.1.1"
         dns2: "8.8.8.8"
+        routes: |
+          ADDRESS0=192.168.1.0
+          NETMASK0=255.255.240.0
+          GATEWAY0=192.168.1.1
+          ADDRESS1=172.21.64.0
+          NETMASK1=255.255.252.0
+          GATEWAY1=192.168.1.1
       public:
         ifname: "eth1"
         etc...
@@ -154,3 +161,4 @@ To Do
 - Generate and pull (to secrets?) CA, keys, and certificates
 
 .. _Sepia: https://ceph.github.io/sepia/
+.. _RHEL: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/networking_guide/sec-Configuring_Static_Routes_in_ifcfg_files#bh-Static_Routes_Using_the_Network-Netmask_Directives_Format
diff --git a/roles/gateway/tasks/network.yml b/roles/gateway/tasks/network.yml
index 3c80efcb..b61c8d19 100644
--- a/roles/gateway/tasks/network.yml
+++ b/roles/gateway/tasks/network.yml
@@ -6,6 +6,13 @@
   with_dict: "{{ gw_networks }}"
   register: interfaces
 
+- name: Write additional routes
+  copy:
+    content: "{{ item.value.routes }}"
+    dest: "/etc/sysconfig/network-scripts/route-{{ item.value.ifname }}"
+  with_dict: "{{ gw_networks }}"
+  when: item.value.routes is defined
+
 # Restart networking right away if changes made.  This makes sure
 # the public interface is up and ready for OpenVPN to bind to.
 - name: Restart networking