diff --git a/data/defaults.yaml b/data/defaults.yaml --- a/data/defaults.yaml +++ b/data/defaults.yaml @@ -39,6 +39,7 @@ - 127.0.0.0/8 - "[::ffff:127.0.0.0]/104" - "[::1]/128" + smtp::relay_destinations: [] smtp::virtual_aliases: [] smtp::mail_aliases: @@ -105,6 +106,26 @@ aliases: - nicolas.gattolin@softwareheritage.org +networks: {} + +networks::private_routes: + vpn: + network: 192.168.101.0/24 + gateway: "%{alias('networks::private_gateway')}" + enabled: true + azure: + network: 192.168.200.0/21 + gateway: "%{alias('networks::private_gateway')}" + enabled: true + staging: + network: 192.168.128.0/24 + gateway: "%{alias('networks::staging_gateway')}" + enabled: false + +networks::private_network: 192.168.100.0/24 +networks::private_gateway: 192.168.100.1 +networks::staging_gateway: 192.168.100.125 + locales::default_locale: C.UTF-8 locales::installed_locales: - C.UTF-8 UTF-8 diff --git a/data/hostname/gateway.internal.staging.swh.network.yaml b/data/hostname/gateway.internal.staging.swh.network.yaml --- a/data/hostname/gateway.internal.staging.swh.network.yaml +++ b/data/hostname/gateway.internal.staging.swh.network.yaml @@ -15,3 +15,9 @@ netmask: 255.255.255.0 ups: [] downs: [] + +networks::private_routes: + vpn: + enabled: false + azure: + enabled: false diff --git a/data/hostname/pergamon.softwareheritage.org.yaml b/data/hostname/pergamon.softwareheritage.org.yaml --- a/data/hostname/pergamon.softwareheritage.org.yaml +++ b/data/hostname/pergamon.softwareheritage.org.yaml @@ -20,29 +20,17 @@ address: 192.168.100.29 netmask: 255.255.255.0 gateway: 192.168.100.1 - ups: - - "ip route add 192.168.101.0/24 via 192.168.100.1" - - "ip route add 192.168.200.0/21 via 192.168.100.1" - - "ip route add 192.168.128.0/24 via 192.168.100.125" - - "ip rule add from 192.168.100.29 table private" - - "ip route add 192.168.100.0/24 src 192.168.100.29 dev eth1 table private" - - "ip route add default via 192.168.100.1 dev eth1 table private" - - 'ip route flush cache' - downs: - - "ip route del default via 192.168.100.1 dev eth1 table private" - - "ip route del 192.168.100.0/24 src 192.168.100.29 dev eth1 table private" - - "ip rule del from 192.168.100.29 table private" - - "ip route del 192.168.128.0/24 via 192.168.100.125" - - "ip route del 192.168.200.0/24 via 192.168.100.1" - - "ip route del 192.168.101.0/24 via 192.168.100.1" - - 'ip route flush cache' - default: interface: eth0 address: 128.93.193.29 netmask: 255.255.255.0 gateway: 128.93.193.254 +networks::private_routes: + staging: + enabled: true + + # Set apache MPM to prefork apache::mpm_module: prefork diff --git a/site-modules/profile/manifests/network.pp b/site-modules/profile/manifests/network.pp --- a/site-modules/profile/manifests/network.pp +++ b/site-modules/profile/manifests/network.pp @@ -11,12 +11,11 @@ # - address: ip address for the node # - netmask: netmask # - gateway: to use for the network - # - ups: Post instruction when the interface is up (should be set to [] when - # none) - # - downs: Post instructions to run when the interface is teared down (should - # be set to [] when none) + # - ups: Post instruction when the interface is up + # - downs: Post instructions to run when the interface is teared down $interfaces = lookup('networks') + $private_routes = lookup('networks::private_routes', Hash, 'deep') each($interfaces) |$label, $data| { if $label == 'private' { @@ -26,45 +25,38 @@ path => '/etc/iproute2/rt_tables', } - if $data['ups'] { - $ups = $data['ups'] - } else { - $ups = [ - "ip route add 192.168.101.0/24 via ${data['gateway']}", - "ip route add 192.168.200.0/21 via ${data['gateway']}", - "ip rule add from ${data['address']} table private", - "ip route add 192.168.100.0/24 src ${data['address']} dev ${data['interface']} table private", - "ip route add default via ${data['gateway']} dev ${data['interface']} table private", - 'ip route flush cache', - ] - } + $filtered_routes = $private_routes.filter |$route_label, $route_data| { pick($route_data['enabled'], true) } - if $data['downs'] { - $downs = $data['downs'] - } else { - $downs = [ - "ip route del default via ${data['gateway']} dev ${data['interface']} table private", - "ip route del 192.168.100.0/24 src ${data['address']} dev ${data['interface']} table private", - "ip rule del from ${data['address']} table private", - "ip route del 192.168.200.0/24 via ${data['gateway']}", - "ip route del 192.168.101.0/24 via ${data['gateway']}", - 'ip route flush cache', - ] + $routes_up = $filtered_routes.map |$route_label, $route_data| { + "ip route add ${route_data['network']} via ${route_data['gateway']}" } + $routes_down = $filtered_routes.map |$route_label, $route_data| { + "ip route del ${route_data['network']} via ${route_data['gateway']}" + }.reverse + + $_ups = $routes_up + [ + "ip rule add from ${data['address']} table private", + "ip route add 192.168.100.0/24 src ${data['address']} dev ${data['interface']} table private", + "ip route add default via ${data['gateway']} dev ${data['interface']} table private", + 'ip route flush cache', + ] + + $_downs = [ + "ip route del default via ${data['gateway']} dev ${data['interface']} table private", + "ip route del 192.168.100.0/24 src ${data['address']} dev ${data['interface']} table private", + "ip rule del from ${data['address']} table private", + ] + $routes_down + [ + 'ip route flush cache', + ] + + $ups = pick_default($data['ups'], $_ups) + $downs = pick_default($data['downs'], $_downs) $gateway = undef - } else { - if $data['ups'] { - $ups = $data['ups'] - } else { - $ups = [] - } - if $data['downs'] { - $downs = $data['downs'] - } else { - $downs = [] - } + } else { + $ups = pick_default($data['ups'], []) + $downs = pick_default($data['downs'], []) $gateway = $data['gateway'] }