diff options
author | Trygve Laugstøl <trygvis@inamo.no> | 2019-01-11 07:45:58 +0100 |
---|---|---|
committer | Trygve Laugstøl <trygvis@inamo.no> | 2019-01-11 07:45:58 +0100 |
commit | 99ce768a7d6fe9e828caf932554c4e095c1d00b2 (patch) | |
tree | b367f0776e0640714d6a581ba5eb0d4e2f3d1b76 /ansible/roles/lxc-host | |
parent | fca718acb8d31e3f05608fb5aedfa4c7d34c7455 (diff) | |
download | infra-99ce768a7d6fe9e828caf932554c4e095c1d00b2.tar.gz infra-99ce768a7d6fe9e828caf932554c4e095c1d00b2.tar.bz2 infra-99ce768a7d6fe9e828caf932554c4e095c1d00b2.tar.xz infra-99ce768a7d6fe9e828caf932554c4e095c1d00b2.zip |
lxc-host: Moving to its own playbook. Adding arius-test1. Only
configuring ipv4/6 forwarding for the created interface. Adding
configurable ipv6 address too.
wireguard: Tagging old nets with never.
nftables: Trying out portforwarding on arius.
Diffstat (limited to 'ansible/roles/lxc-host')
-rw-r--r-- | ansible/roles/lxc-host/tasks/networkd.yml | 30 | ||||
-rw-r--r-- | ansible/roles/lxc-host/tasks/per-host.yml | 3 |
2 files changed, 13 insertions, 20 deletions
diff --git a/ansible/roles/lxc-host/tasks/networkd.yml b/ansible/roles/lxc-host/tasks/networkd.yml index f7ae410..526fc29 100644 --- a/ansible/roles/lxc-host/tasks/networkd.yml +++ b/ansible/roles/lxc-host/tasks/networkd.yml @@ -10,32 +10,12 @@ - debug: var=br_if - debug: var=internal_if - - name: Configure sysctl, enable ipv4 and ipv6 forwarding - sysctl: - name: "{{ item }}" - value: 1 - with_items: - - net.ipv4.ip_forward - - net.ipv6.conf.all.forwarding - - name: enable systemd-networkd service: name: systemd-networkd enabled: yes state: started -# - name: "/etc/systemd/network/50-0-lxc-host-{{ lxc_host__hardware_if }}.network" -# notify: systemctl restart systemd-networkd -# copy: -# dest: "/etc/systemd/network/50-0-lxc-host-{{ lxc_host__hardware_if }}.network" -# content: | -# [Match] -# Name={{ lxc_host__hardware_if }} -# -# [Network] -# Address={{ hardware_if.ipv4.address }}/{{ hardware_if.ipv4.netmask }} -# Gateway={{ hardware_if.ipv4.gateway }} - - name: "{{ file_prefix }}-1-{{ lxc_host__internal_if }}.netdev" notify: systemctl restart systemd-networkd copy: @@ -80,3 +60,13 @@ {% if internal_if.ipv6 is defined %} Address={{ internal_if.ipv6.address }}/{{ internal_if.ipv6.netmask }} {% endif %} + + - meta: flush_handlers + + - name: Configure sysctl, enable ipv4 and ipv6 forwarding for {{ br_if }} + sysctl: + name: "{{ item }}" + value: 1 + with_items: + - net.ipv4.conf.{{ br_if }}.forwarding + - net.ipv6.conf.{{ br_if }}.forwarding diff --git a/ansible/roles/lxc-host/tasks/per-host.yml b/ansible/roles/lxc-host/tasks/per-host.yml index 3bc9d24..ca33685 100644 --- a/ansible/roles/lxc-host/tasks/per-host.yml +++ b/ansible/roles/lxc-host/tasks/per-host.yml @@ -60,6 +60,9 @@ {% if lan.ipv6 is defined %} lxc.net.0.ipv6.address = {{ lan.ipv6.address }}/{{ lan.ipv6.netmask }} {% endif %} + {% if lan.ipv6.gateway is defined %} + lxc.net.0.ipv6.gateway = {{ lan.ipv6.gateway }} + {% endif %} # 0 = trace, 1 = debug, 2 = info, 3 = notice, 4 = warn, 5 = error, 6 = critical, 7 = alert, and 8 = fatal. lxc.log.level = 1 |