From 785dfc358bc9fa8eb53e63d20f8c3dfa39df96a6 Mon Sep 17 00:00:00 2001
From: Attila Farkas <ati@mail.muni.cz>
Date: Thu, 28 May 2020 09:11:45 +0200
Subject: [PATCH] add connection to Internet through border router
---
modules/ansible_generator.py | 14 +++++---
templates/br | 70 ++++++++++++++++++------------------
2 files changed, 45 insertions(+), 39 deletions(-)
diff --git a/modules/ansible_generator.py b/modules/ansible_generator.py
index bdef379..cc6ff53 100644
--- a/modules/ansible_generator.py
+++ b/modules/ansible_generator.py
@@ -2,9 +2,10 @@
from modules.file_manager import generate_file, copy_template_file
from modules.ansible_vars_generator import generate_ansible_vars
+from conf.border_router import BORDER_ROUTER_NAME
-def _create_config_playbooks(input_definitions):
+def _create_config_playbooks(input_definitions, flags):
"""Generate playbooks and roles for basic device configuration."""
copy_template_file("device_configuration",
"base_provisioning/device_configuration.yml")
@@ -17,8 +18,13 @@ def _create_config_playbooks(input_definitions):
"base_provisioning/roles/routers/tasks/main.yml")
for device in input_definitions["hosts"] + input_definitions["routers"]:
- copy_template_file("separate_devices", "base_provisioning/roles/" +
- device["name"] + "/tasks/main.yml")
+ if "border_router" in flags and flags["border_router"] and\
+ device["name"] == BORDER_ROUTER_NAME:
+ copy_template_file("br", "base_provisioning/roles/" +
+ device["name"] + "/tasks/main.yml")
+ else:
+ copy_template_file("separate_devices", "base_provisioning/roles/" +
+ device["name"] + "/tasks/main.yml")
def _create_user_playbooks(input_definitions):
@@ -49,5 +55,5 @@ def generate_playbooks(input_definitions, flags):
:param flags: command line input flags
"""
generate_ansible_vars(input_definitions, flags)
- _create_config_playbooks(input_definitions)
+ _create_config_playbooks(input_definitions, flags)
_create_user_playbooks(input_definitions)
diff --git a/templates/br b/templates/br
index b3ce313..4bb1ca7 100644
--- a/templates/br
+++ b/templates/br
@@ -1,40 +1,40 @@
---
-# Configuration for the border router
+# Configuration of the border router
-- name: Enable IP forwarding
- copy:
- dest: "/etc/sysctl.conf"
- content: "net.ipv4.ip_forward=1"
-
-- name: Restarting procps service
- command: /etc/init.d/procps restart
-
-{% for host in hosts %}
-- name: Add {{ host.host_name }} alias
- lineinfile:
- path: /etc/hosts
- line: {{ host.host_ip }} {{ host.host_name }}
-
-{% endfor %}
-{% for router in routers %}
-- name: Add {{ router.router_name }} alias
+- name: Adding aliases
+ loop: "{{ aliases | dict2items }}"
lineinfile:
path: /etc/hosts
- line: {{ router.router_ip }} {{ router.router_name }}
-
-{% endfor %}
-
-{% for target_cidr, router_ip in br_routes.items() %}
-- name: Add routing to network {{ target_cidr }}
- command: route add -net {{ target_cidr }} gw {{ router_ip }} eth1
-{% endfor %}
-
-- name: Add postrouting
- # ssh connection fails without async after execution of iptables commands
- shell: "sleep 2 && sudo iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source {{ border_router_public_ip }}"
- async: 1
- poll: 0
-
-{# name: Save postrouting rule #}
-{# command: su -c 'iptables-save > /etc/iptables.rules' #}
+ line: "{{ item.value }} {{ item.key }}"
+
+- name: Set up nondefault routes
+ include_role:
+ name: interface
+ vars:
+ interface_ip: "{{ route.interface_ip }}"
+ interface_routes:
+ - gateway: "{{ route.gateway }}"
+ network: "{{ route.network }}"
+ mask: "{{ route.netmask }}"
+ loop: "{{ routings.simple }}"
+ loop_control:
+ loop_var: route
+
+- name: Set up default route
+ include_role:
+ name: interface
+ vars:
+ interface_ip: "{{ route.interface_ip }}"
+ interface_default_gateway: "{{ route.gateway }}"
+ loop: "{{ routings.default }}"
+ loop_control:
+ loop_var: route
+
+- name: Set up postrouting
+ iptables:
+ table: nat
+ chain: POSTROUTING
+ out_interface: "{{ ansible_default_ipv4.interface }}"
+ jump: SNAT
+ to_source: "{{ ansible_default_ipv4.address }}"
...
--
GitLab