From 7713b5f3ee21a0e3d7084c3dd9aaf5203af59f14 Mon Sep 17 00:00:00 2001 From: David Galloway Date: Fri, 22 Apr 2016 18:24:16 -0400 Subject: [PATCH] gateway: Enable server network config Signed-off-by: David Galloway --- roles/gateway/handlers/main.yml | 6 +++++ roles/gateway/tasks/main.yml | 5 ++++ roles/gateway/tasks/network.yml | 36 +++++++++++++++++++++++++++ roles/gateway/templates/ifcfg.j2 | 27 ++++++++++++++++++++ roles/gateway/templates/resolvconf.j2 | 7 ++++++ 5 files changed, 81 insertions(+) create mode 100644 roles/gateway/handlers/main.yml create mode 100644 roles/gateway/tasks/network.yml create mode 100644 roles/gateway/templates/ifcfg.j2 create mode 100644 roles/gateway/templates/resolvconf.j2 diff --git a/roles/gateway/handlers/main.yml b/roles/gateway/handlers/main.yml new file mode 100644 index 00000000..b6612c4a --- /dev/null +++ b/roles/gateway/handlers/main.yml @@ -0,0 +1,6 @@ +--- +# Restart networking +- name: restart networking + service: + name: network + state: restarted diff --git a/roles/gateway/tasks/main.yml b/roles/gateway/tasks/main.yml index 8977c1f3..11a52a64 100644 --- a/roles/gateway/tasks/main.yml +++ b/roles/gateway/tasks/main.yml @@ -10,6 +10,11 @@ tags: - packages +# Configure networking +- include: network.yml + tags: + - networking + - name: Ensure data directory exists file: path: "{{ openvpn_data_dir }}" diff --git a/roles/gateway/tasks/network.yml b/roles/gateway/tasks/network.yml new file mode 100644 index 00000000..3c80efcb --- /dev/null +++ b/roles/gateway/tasks/network.yml @@ -0,0 +1,36 @@ +--- +- name: Write ifcfg scripts + template: + src: ifcfg.j2 + dest: "/etc/sysconfig/network-scripts/ifcfg-{{ item.value.ifname }}" + with_dict: "{{ gw_networks }}" + register: interfaces + +# Restart networking right away if changes made. This makes sure +# the public interface is up and ready for OpenVPN to bind to. +- name: Restart networking + service: + name: network + state: restarted + when: interfaces.changed + +- name: Write resolv.conf + template: + src: resolvconf.j2 + dest: "/etc/resolv.conf" + +- name: Disable IPv6 + sysctl: + name: net.ipv6.conf.all.disable_ipv6 + value: 1 + sysctl_set: yes + state: present + reload: yes + +- name: Enable IPv4 forwarding + sysctl: + name: net.ipv4.ip_forward + value: 1 + sysctl_set: yes + state: present + reload: yes diff --git a/roles/gateway/templates/ifcfg.j2 b/roles/gateway/templates/ifcfg.j2 new file mode 100644 index 00000000..36a564d5 --- /dev/null +++ b/roles/gateway/templates/ifcfg.j2 @@ -0,0 +1,27 @@ +# +# {{ ansible_managed }} +# +NAME="{{ item.key }}" +DEVICE="{{ item.value.ifname }}" +HWADDR="{{ item.value.mac }}" +NM_CONTROLLED="no" +ONBOOT="yes" +BOOTPROTO="static" +IPADDR="{{ item.value.ip4 }}" +NETMASK="{{ item.value.netmask }}" +GATEWAY="{{ item.value.gw4 }}" +DEFROUTE="{{ item.value.defroute }}" + +# Optional values +{% if item.value.search is defined %} +SEARCH="{{ item.value.search }}" +{% endif %} +{% if item.value.peerdns is defined %} +PEERDNS="{{ item.value.peerdns }}" +{% endif %} +{% if item.value.dns1 is defined %} +DNS1="{{ item.value.dns1 }}" +{% endif %} +{% if item.value.dns2 is defined %} +DNS2="{{ item.value.dns2 }}" +{% endif %} diff --git a/roles/gateway/templates/resolvconf.j2 b/roles/gateway/templates/resolvconf.j2 new file mode 100644 index 00000000..71ded309 --- /dev/null +++ b/roles/gateway/templates/resolvconf.j2 @@ -0,0 +1,7 @@ +# +# {{ ansible_managed }} +# +search {{ gw_resolv_search }} +{% for nameserver in gw_resolv_ns %} +nameserver {{ nameserver }} +{% endfor %} -- 2.47.3