From 4f0837931baa073d750064e7e221aeb3089dbda2 Mon Sep 17 00:00:00 2001
From: Kevin Carter <kevin.carter@rackspace.com>
Date: Wed, 3 Oct 2018 23:20:19 -0500
Subject: [PATCH] Modify the network to ensure their more restrictive

The network rules used to be too broad and could result in conflict when
address space is more restricted. This change updates the network rule
set such that it will not only add address to a macvlan interface using
the `noprefixroute` option and setting the route to the local table
only. This limits the macvlan network scope to ensure we're not creating
conflicts while also not breaking inter host connectivity.

Change-Id: I9b27a006a5587150254b35288d8907ae32651b57
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
---
 tasks/nspawn_networking.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/tasks/nspawn_networking.yml b/tasks/nspawn_networking.yml
index b555db3..b9c5bd6 100644
--- a/tasks/nspawn_networking.yml
+++ b/tasks/nspawn_networking.yml
@@ -102,9 +102,11 @@
           {%-       set _ = start_commands.append('-/sbin/ip link set dev ' + mv_interface + ' up') %}
           {%        if hostvars[inventory_hostname][key.split('_')[0] + '_cidr'] is defined and (value.address is undefined) %}
           {%          set net_cidr = hostvars[inventory_hostname][key.split('_')[0] + '_cidr'] %}
-          {%          set _ = start_commands.append('-/sbin/ip route add ' + net_cidr + ' dev ' + (value.routed_interface | default(nspawn_primary_interface)) + ' metric 100 proto kernel scope link table local') %}
+          {%          set _ = start_commands.append('-/sbin/ip route add ' ~ net_cidr ~ ' dev ' ~ (value.routed_interface | default(nspawn_primary_interface)) ~ ' metric 100 proto kernel scope link table local') %}
           {%        elif (value.address is defined) and ((interface_data['ipv4'] | default({'address': none}))['address'] != value.address) and ((value.host_only | default(false)) | bool) %}
-          {%          set _ = start_commands.append('-/sbin/ip address add ' + value.address + '/' + (value.netmask | default('32')) + ' dev ' + mv_interface + ' scope host') %}
+          {%          set net_cidr = (value.address ~ '/' ~ (value.netmask | default('32'))) %}
+          {%          set _ = start_commands.append('-/sbin/ip address add ' ~ net_cidr ~ ' dev ' ~ mv_interface ~ ' scope host noprefixroute') %}
+          {%          set _ = start_commands.append('-/sbin/ip route add ' ~ net_cidr ~ '/' ~ (value.netmask | default('32')) ~ ' dev ' ~ mv_interface ~ ' metric 100 proto kernel scope link table local') %}
           {%-       endif %}
           {%-     endif %}
           {%-   endif %}