Changeset View
Changeset View
Standalone View
Standalone View
site-modules/profile/manifests/network.pp
| # Network configuration for Software Heritage servers | # Network configuration for Software Heritage servers | ||||
| # | # | ||||
| # Supports one private and one public interface | # Supports one private and one public interface | ||||
| class profile::network { | class profile::network { | ||||
| debnet::iface::loopback { 'lo': } | debnet::iface::loopback { 'lo': } | ||||
| # The network description is expected to be a dict of key route_label | # The network description is expected to be a dict of key route_label | ||||
ardumont: a dict of key `interface` (eth0, eth1, ...) | |||||
| # (values: private, default) and value a dict describing the interface. | # (values: private, default) and value a dict describing the interface. | ||||
| # The interface dict has the following possible keys: | # The interface dict has the following possible keys: | ||||
| # - interface: interface's name | # - interface: interface's name | ||||
Done Inline Actions- type: private or none ardumont: ```
- type: private or none
``` | |||||
Done Inline ActionsNot exactly, but yeah, I'll improve this comment olasd: Not exactly, but yeah, I'll improve this comment | |||||
Not Done Inline Actionsthx! ardumont: thx! | |||||
| # - address: ip address for the node | # - address: ip address for the node | ||||
| # - netmask: netmask | # - netmask: netmask | ||||
| # - gateway: to use for the network | # - gateway: to use for the network | ||||
| # - ups: Post instruction when the interface is up (should be set to [] when | # - ups: Post instruction when the interface is up | ||||
| # none) | # - downs: Post instructions to run when the interface is teared down | ||||
Done Inline Actionsinstructions ardumont: instructions | |||||
| # - downs: Post instructions to run when the interface is teared down (should | |||||
| # be set to [] when none) | |||||
| $interfaces = lookup('networks') | $interfaces = lookup('networks') | ||||
| $private_routes = lookup('networks::private_routes', Hash, 'deep') | |||||
| each($interfaces) |$label, $data| { | each($interfaces) |$label, $data| { | ||||
| if $label == 'private' { | if $label == 'private' { | ||||
Done Inline Actionsi read this as the pick the value of key "type" if defined, else fallback to "static", am I correct? ardumont: i read this as the pick the value of key "type" if defined, else fallback to "static", am I… | |||||
Done Inline Actionsthat is correct. olasd: that is correct. | |||||
| file_line {'private route table': | file_line {'private route table': | ||||
| ensure => 'present', | ensure => 'present', | ||||
| line => '42 private', | line => '42 private', | ||||
| path => '/etc/iproute2/rt_tables', | path => '/etc/iproute2/rt_tables', | ||||
| } | } | ||||
| if $data['ups'] { | $filtered_routes = $private_routes.filter |$route_label, $route_data| { pick($route_data['enabled'], true) } | ||||
| $ups = $data['ups'] | |||||
| } else { | $routes_up = $filtered_routes.map |$route_label, $route_data| { | ||||
| $ups = [ | "ip route add ${route_data['network']} via ${route_data['gateway']}" | ||||
| "ip route add 192.168.101.0/24 via ${data['gateway']}", | } | ||||
| "ip route add 192.168.200.0/21 via ${data['gateway']}", | |||||
| $routes_down = $filtered_routes.map |$route_label, $route_data| { | |||||
| "ip route del ${route_data['network']} via ${route_data['gateway']}" | |||||
| }.reverse | |||||
| $_ups = $routes_up + [ | |||||
| "ip rule add from ${data['address']} table private", | "ip rule add from ${data['address']} table private", | ||||
| "ip route add 192.168.100.0/24 src ${data['address']} dev ${data['interface']} table private", | "ip route add 192.168.100.0/24 src ${data['address']} dev ${data['interface']} table private", | ||||
| "ip route add default via ${data['gateway']} dev ${data['interface']} table private", | "ip route add default via ${data['gateway']} dev ${data['interface']} table private", | ||||
| 'ip route flush cache', | 'ip route flush cache', | ||||
| ] | ] | ||||
| } | |||||
| if $data['downs'] { | $_downs = [ | ||||
| $downs = $data['downs'] | |||||
| } else { | |||||
| $downs = [ | |||||
| "ip route del default via ${data['gateway']} dev ${data['interface']} table private", | "ip route del default via ${data['gateway']} dev ${data['interface']} table private", | ||||
| "ip route del 192.168.100.0/24 src ${data['address']} dev ${data['interface']} table private", | "ip route del 192.168.100.0/24 src ${data['address']} dev ${data['interface']} table private", | ||||
| "ip rule del from ${data['address']} table private", | "ip rule del from ${data['address']} table private", | ||||
| "ip route del 192.168.200.0/24 via ${data['gateway']}", | ] + $routes_down + [ | ||||
| "ip route del 192.168.101.0/24 via ${data['gateway']}", | |||||
| 'ip route flush cache', | 'ip route flush cache', | ||||
| ] | ] | ||||
| } | |||||
| $ups = pick_default($data['ups'], $_ups) | |||||
| $downs = pick_default($data['downs'], $_downs) | |||||
| $gateway = undef | $gateway = undef | ||||
| } else { | |||||
| if $data['ups'] { | |||||
| $ups = $data['ups'] | |||||
| } else { | |||||
| $ups = [] | |||||
| } | |||||
| if $data['downs'] { | |||||
| $downs = $data['downs'] | |||||
| } else { | } else { | ||||
| $downs = [] | $ups = pick_default($data['ups'], []) | ||||
| } | $downs = pick_default($data['downs'], []) | ||||
| $gateway = $data['gateway'] | $gateway = $data['gateway'] | ||||
| } | } | ||||
| debnet::iface { $data['interface']: | debnet::iface { $data['interface']: | ||||
| method => 'static', | method => 'static', | ||||
| address => $data['address'], | address => $data['address'], | ||||
| netmask => $data['netmask'], | netmask => $data['netmask'], | ||||
| gateway => $gateway, | gateway => $gateway, | ||||
| ups => $ups, | ups => $ups, | ||||
| downs => $downs, | downs => $downs, | ||||
| } | } | ||||
| } | } | ||||
| } | } | ||||
a dict of key interface (eth0, eth1, ...)