add connection to Internet through border router

785dfc35 · Attila Farkas · e9b32d22 · 785dfc35 · 785dfc35
Commit 785dfc35 authored 4 years ago by Attila Farkas
--- a/modules/ansible_generator.py
+++ b/modules/ansible_generator.py
@@ -2,9 +2,10 @@
 from modules.file_manager import generate_file, copy_template_file
 from modules.ansible_vars_generator import generate_ansible_vars
+from conf.border_router import BORDER_ROUTER_NAME
-def _create_config_playbooks(input_definitions):
+def _create_config_playbooks(input_definitions, flags):
    """Generate playbooks and roles for basic device configuration."""
    copy_template_file("device_configuration",
                       "base_provisioning/device_configuration.yml")
@@ -17,8 +18,13 @@ def _create_config_playbooks(input_definitions):
                           "base_provisioning/roles/routers/tasks/main.yml")
    for device in input_definitions["hosts"] + input_definitions["routers"]:
-        copy_template_file("separate_devices", "base_provisioning/roles/" +
+        if "border_router" in flags and flags["border_router"] and\
-                           device["name"] + "/tasks/main.yml")
+           device["name"] == BORDER_ROUTER_NAME:
+            copy_template_file("br", "base_provisioning/roles/" +
+                               device["name"] + "/tasks/main.yml")
+        else:
+            copy_template_file("separate_devices", "base_provisioning/roles/" +
+                               device["name"] + "/tasks/main.yml")
 def _create_user_playbooks(input_definitions):
@@ -49,5 +55,5 @@ def generate_playbooks(input_definitions, flags):
    :param flags: command line input flags
    """
    generate_ansible_vars(input_definitions, flags)
-    _create_config_playbooks(input_definitions)
+    _create_config_playbooks(input_definitions, flags)
    _create_user_playbooks(input_definitions)
--- a/templates/br
+++ b/templates/br
 ---
-# Configuration for the border router
+# Configuration of the border router
- name: Enable IP forwarding
+- name: Adding aliases
-  copy:
+  loop: "{{ aliases | dict2items }}"
-    dest: "/etc/sysctl.conf"
-    content: "net.ipv4.ip_forward=1"
- name: Restarting procps service
-  command: /etc/init.d/procps restart
-{% for host in hosts %}
- name: Add {{ host.host_name }} alias
-  lineinfile:
-    path: /etc/hosts
-    line: {{ host.host_ip }} {{ host.host_name }}
-{% endfor %}
-{% for router in routers %}
- name: Add {{ router.router_name }} alias
  lineinfile:
    path: /etc/hosts
-    line: {{ router.router_ip }} {{ router.router_name }}
+    line: "{{ item.value }} {{ item.key }}"
-{% endfor %}
+- name: Set up nondefault routes
+  include_role:
-{% for target_cidr, router_ip in br_routes.items() %} 
+    name: interface
- name: Add routing to network {{ target_cidr }} 
+  vars:
-  command: route add -net {{ target_cidr }} gw {{ router_ip }} eth1
+    interface_ip: "{{ route.interface_ip }}"
-{% endfor %}
+    interface_routes:
+      - gateway: "{{ route.gateway }}"
- name: Add postrouting
+        network: "{{ route.network }}"
-  # ssh connection fails without async after execution of iptables commands
+        mask: "{{ route.netmask }}"
-  shell: "sleep 2 && sudo iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source {{ border_router_public_ip }}"
+  loop: "{{ routings.simple }}"
-  async: 1
+  loop_control:
-  poll: 0
+    loop_var: route
-{# name: Save postrouting rule #}
+- name: Set up default route
-{# command: su -c 'iptables-save > /etc/iptables.rules' #}
+  include_role:
+    name: interface
+  vars:
+    interface_ip: "{{ route.interface_ip }}"
+    interface_default_gateway: "{{ route.gateway }}"
+  loop: "{{ routings.default }}"
+  loop_control:
+    loop_var: route
+- name: Set up postrouting
+  iptables:
+    table: nat
+    chain: POSTROUTING
+    out_interface: "{{ ansible_default_ipv4.interface }}"
+    jump: SNAT
+    to_source: "{{ ansible_default_ipv4.address }}"
 ...