Changeset View
Changeset View
Standalone View
Standalone View
site-modules/profile/manifests/network.pp
| # Network configuration for Software Heritage servers | # Network configuration for Software Heritage servers | ||||
| # | # | ||||
| # Supports one private and one public interface | # Supports one private and one public interface | ||||
| class profile::network { | class profile::network { | ||||
| debnet::iface::loopback { 'lo': } | debnet::iface::loopback { 'lo': } | ||||
| # The network description is expected to be a dict of key route_label | |||||
| # (values: private, default) and value a dict describing the interface. | |||||
| # The interface dict has the following possible keys: | |||||
| # - interface: interface's name | |||||
| # - address: ip address for the node | |||||
| # - netmask: netmask | |||||
| # - gateway: to use for the network | |||||
| # - ups: Post instruction when the interface is up (should be set to [] when | |||||
| # none) | |||||
| # - downs: Post instructions to run when the interface is teared down (should | |||||
| # be set to [] when none) | |||||
| $interfaces = lookup('networks') | $interfaces = lookup('networks') | ||||
| each($interfaces) |$label, $data| { | each($interfaces) |$label, $data| { | ||||
| if $label == 'private' { | if $label == 'private' { | ||||
| file_line {'private route table': | file_line {'private route table': | ||||
| ensure => 'present', | ensure => 'present', | ||||
| line => '42 private', | line => '42 private', | ||||
| path => '/etc/iproute2/rt_tables', | path => '/etc/iproute2/rt_tables', | ||||
| } | } | ||||
| if $data['ups'] { | |||||
| $ups = $data['ups'] | |||||
| } else { | |||||
| $ups = [ | $ups = [ | ||||
| "ip route add 192.168.101.0/24 via ${data['gateway']}", | "ip route add 192.168.101.0/24 via ${data['gateway']}", | ||||
| "ip route add 192.168.200.0/21 via ${data['gateway']}", | "ip route add 192.168.200.0/21 via ${data['gateway']}", | ||||
| "ip rule add from ${data['address']} table private", | "ip rule add from ${data['address']} table private", | ||||
| "ip route add 192.168.100.0/24 src ${data['address']} dev ${data['interface']} table private", | "ip route add 192.168.100.0/24 src ${data['address']} dev ${data['interface']} table private", | ||||
| "ip route add default via ${data['gateway']} dev ${data['interface']} table private", | "ip route add default via ${data['gateway']} dev ${data['interface']} table private", | ||||
| 'ip route flush cache', | 'ip route flush cache', | ||||
| ] | ] | ||||
| } | |||||
| if $data['downs'] { | |||||
| $downs = $data['downs'] | |||||
| } else { | |||||
| $downs = [ | $downs = [ | ||||
| "ip route del default via ${data['gateway']} dev ${data['interface']} table private", | "ip route del default via ${data['gateway']} dev ${data['interface']} table private", | ||||
| "ip route del 192.168.100.0/24 src ${data['address']} dev ${data['interface']} table private", | "ip route del 192.168.100.0/24 src ${data['address']} dev ${data['interface']} table private", | ||||
| "ip rule del from ${data['address']} table private", | "ip rule del from ${data['address']} table private", | ||||
| "ip route del 192.168.200.0/24 via ${data['gateway']}", | "ip route del 192.168.200.0/24 via ${data['gateway']}", | ||||
| "ip route del 192.168.101.0/24 via ${data['gateway']}", | "ip route del 192.168.101.0/24 via ${data['gateway']}", | ||||
| 'ip route flush cache', | 'ip route flush cache', | ||||
| ] | ] | ||||
| } | |||||
| $gateway = undef | $gateway = undef | ||||
| } else { | } else { | ||||
| if $data['ups'] { | |||||
| $ups = $data['ups'] | |||||
| } else { | |||||
| $ups = [] | $ups = [] | ||||
| } | |||||
| if $data['downs'] { | |||||
| $downs = $data['downs'] | |||||
| } else { | |||||
| $downs = [] | $downs = [] | ||||
| } | |||||
| $gateway = $data['gateway'] | $gateway = $data['gateway'] | ||||
| } | } | ||||
| debnet::iface { $data['interface']: | debnet::iface { $data['interface']: | ||||
| method => 'static', | method => 'static', | ||||
| address => $data['address'], | address => $data['address'], | ||||
| netmask => $data['netmask'], | netmask => $data['netmask'], | ||||
| gateway => $gateway, | gateway => $gateway, | ||||
| ups => $ups, | ups => $ups, | ||||
| downs => $downs, | downs => $downs, | ||||
| } | } | ||||
| } | } | ||||
| } | } | ||||