Changeset View
Changeset View
Standalone View
Standalone View
site-modules/profile/manifests/network.pp
# Network configuration for Software Heritage servers | # Network configuration for Software Heritage servers | ||||
# | # | ||||
# Supports one private and one public interface | # Supports one private and one public interface | ||||
class profile::network { | class profile::network { | ||||
debnet::iface::loopback { 'lo': } | debnet::iface::loopback { 'lo': } | ||||
# The network description is expected to be a dict of key route_label | # The network description is expected to be a dict of key route_label | ||||
ardumont: a dict of key `interface` (eth0, eth1, ...) | |||||
# (values: private, default) and value a dict describing the interface. | # (values: private, default) and value a dict describing the interface. | ||||
# The interface dict has the following possible keys: | # The interface dict has the following possible keys: | ||||
# - interface: interface's name | # - interface: interface's name | ||||
Done Inline Actions- type: private or none ardumont: ```
- type: private or none
``` | |||||
Done Inline ActionsNot exactly, but yeah, I'll improve this comment olasd: Not exactly, but yeah, I'll improve this comment | |||||
Not Done Inline Actionsthx! ardumont: thx! | |||||
# - address: ip address for the node | # - address: ip address for the node | ||||
# - netmask: netmask | # - netmask: netmask | ||||
# - gateway: to use for the network | # - gateway: to use for the network | ||||
# - ups: Post instruction when the interface is up (should be set to [] when | # - ups: Post instruction when the interface is up | ||||
# none) | # - downs: Post instructions to run when the interface is teared down | ||||
Done Inline Actionsinstructions ardumont: instructions | |||||
# - downs: Post instructions to run when the interface is teared down (should | |||||
# be set to [] when none) | |||||
$interfaces = lookup('networks') | $interfaces = lookup('networks') | ||||
$private_routes = lookup('networks::private_routes', Hash, 'deep') | |||||
each($interfaces) |$label, $data| { | each($interfaces) |$label, $data| { | ||||
if $label == 'private' { | if $label == 'private' { | ||||
Done Inline Actionsi read this as the pick the value of key "type" if defined, else fallback to "static", am I correct? ardumont: i read this as the pick the value of key "type" if defined, else fallback to "static", am I… | |||||
Done Inline Actionsthat is correct. olasd: that is correct. | |||||
file_line {'private route table': | file_line {'private route table': | ||||
ensure => 'present', | ensure => 'present', | ||||
line => '42 private', | line => '42 private', | ||||
path => '/etc/iproute2/rt_tables', | path => '/etc/iproute2/rt_tables', | ||||
} | } | ||||
if $data['ups'] { | $filtered_routes = $private_routes.filter |$route_label, $route_data| { pick($route_data['enabled'], true) } | ||||
$ups = $data['ups'] | |||||
} else { | $routes_up = $filtered_routes.map |$route_label, $route_data| { | ||||
$ups = [ | "ip route add ${route_data['network']} via ${route_data['gateway']}" | ||||
"ip route add 192.168.101.0/24 via ${data['gateway']}", | } | ||||
"ip route add 192.168.200.0/21 via ${data['gateway']}", | |||||
$routes_down = $filtered_routes.map |$route_label, $route_data| { | |||||
"ip route del ${route_data['network']} via ${route_data['gateway']}" | |||||
}.reverse | |||||
$_ups = $routes_up + [ | |||||
"ip rule add from ${data['address']} table private", | "ip rule add from ${data['address']} table private", | ||||
"ip route add 192.168.100.0/24 src ${data['address']} dev ${data['interface']} table private", | "ip route add 192.168.100.0/24 src ${data['address']} dev ${data['interface']} table private", | ||||
"ip route add default via ${data['gateway']} dev ${data['interface']} table private", | "ip route add default via ${data['gateway']} dev ${data['interface']} table private", | ||||
'ip route flush cache', | 'ip route flush cache', | ||||
] | ] | ||||
} | |||||
if $data['downs'] { | $_downs = [ | ||||
$downs = $data['downs'] | |||||
} else { | |||||
$downs = [ | |||||
"ip route del default via ${data['gateway']} dev ${data['interface']} table private", | "ip route del default via ${data['gateway']} dev ${data['interface']} table private", | ||||
"ip route del 192.168.100.0/24 src ${data['address']} dev ${data['interface']} table private", | "ip route del 192.168.100.0/24 src ${data['address']} dev ${data['interface']} table private", | ||||
"ip rule del from ${data['address']} table private", | "ip rule del from ${data['address']} table private", | ||||
"ip route del 192.168.200.0/24 via ${data['gateway']}", | ] + $routes_down + [ | ||||
"ip route del 192.168.101.0/24 via ${data['gateway']}", | |||||
'ip route flush cache', | 'ip route flush cache', | ||||
] | ] | ||||
} | |||||
$ups = pick_default($data['ups'], $_ups) | |||||
$downs = pick_default($data['downs'], $_downs) | |||||
$gateway = undef | $gateway = undef | ||||
} else { | |||||
if $data['ups'] { | |||||
$ups = $data['ups'] | |||||
} else { | |||||
$ups = [] | |||||
} | |||||
if $data['downs'] { | |||||
$downs = $data['downs'] | |||||
} else { | } else { | ||||
$downs = [] | $ups = pick_default($data['ups'], []) | ||||
} | $downs = pick_default($data['downs'], []) | ||||
$gateway = $data['gateway'] | $gateway = $data['gateway'] | ||||
} | } | ||||
debnet::iface { $data['interface']: | debnet::iface { $data['interface']: | ||||
method => 'static', | method => 'static', | ||||
address => $data['address'], | address => $data['address'], | ||||
netmask => $data['netmask'], | netmask => $data['netmask'], | ||||
gateway => $gateway, | gateway => $gateway, | ||||
ups => $ups, | ups => $ups, | ||||
downs => $downs, | downs => $downs, | ||||
} | } | ||||
} | } | ||||
} | } |
a dict of key interface (eth0, eth1, ...)