Modify the network to ensure their more restrictive

The network rules used to be too broad and could result in conflict when
address space is more restricted. This change updates the network rule
set such that it will not only add address to a macvlan interface using
the `noprefixroute` option and setting the route to the local table
only. This limits the macvlan network scope to ensure we're not creating
conflicts while also not breaking inter host connectivity.

Change-Id: I9b27a006a5587150254b35288d8907ae32651b57
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
Kevin Carter 2018-10-03 23:20:19 -05:00
parent dd1aaf6277
commit 4f0837931b
No known key found for this signature in database
GPG Key ID: 9443251A787B9FB3
1 changed files with 4 additions and 2 deletions

View File

@ -102,9 +102,11 @@
{%- set _ = start_commands.append('-/sbin/ip link set dev ' + mv_interface + ' up') %}
{% if hostvars[inventory_hostname][key.split('_')[0] + '_cidr'] is defined and (value.address is undefined) %}
{% set net_cidr = hostvars[inventory_hostname][key.split('_')[0] + '_cidr'] %}
{% set _ = start_commands.append('-/sbin/ip route add ' + net_cidr + ' dev ' + (value.routed_interface | default(nspawn_primary_interface)) + ' metric 100 proto kernel scope link table local') %}
{% set _ = start_commands.append('-/sbin/ip route add ' ~ net_cidr ~ ' dev ' ~ (value.routed_interface | default(nspawn_primary_interface)) ~ ' metric 100 proto kernel scope link table local') %}
{% elif (value.address is defined) and ((interface_data['ipv4'] | default({'address': none}))['address'] != value.address) and ((value.host_only | default(false)) | bool) %}
{% set _ = start_commands.append('-/sbin/ip address add ' + value.address + '/' + (value.netmask | default('32')) + ' dev ' + mv_interface + ' scope host') %}
{% set net_cidr = (value.address ~ '/' ~ (value.netmask | default('32'))) %}
{% set _ = start_commands.append('-/sbin/ip address add ' ~ net_cidr ~ ' dev ' ~ mv_interface ~ ' scope host noprefixroute') %}
{% set _ = start_commands.append('-/sbin/ip route add ' ~ net_cidr ~ '/' ~ (value.netmask | default('32')) ~ ' dev ' ~ mv_interface ~ ' metric 100 proto kernel scope link table local') %}
{%- endif %}
{%- endif %}
{%- endif %}