Add ipforward option to configure IPForward

Add ipforward bool optional setting to systemd_networks to enable
or disable forwarding for a given interface.  IPForward is disabled
by default.

Change-Id: Iaea33b1bdde1964f38612ab8c278fed4985d390b
This commit is contained in:
Michael Vollman 2019-02-08 11:56:19 -05:00
parent c72988c4ce
commit 242b3c3fb4
4 changed files with 36 additions and 0 deletions

View File

@ -95,6 +95,10 @@ systemd_netdevs: []
# `static_routes` -- (optional) list of routes to use for the network. This
# option requires a gateway and cidr to be set
# within the list item.
# `ipforward` -- (optional) When set to true forwarding will be enabled for
# interface. This setting will enable
# net.ipv4.ip_forward, net.ipv4.conf.all.forwarding
# and net.ipv4.conf.interface.forwarding
# systemd_networks:
# - interface: "dummy0"

View File

@ -137,3 +137,18 @@
- systemd_run_networkd | bool
tags:
- systemd-networkd
- name: restart systemd_networkd prior to applying sysctl changes
meta: flush_handlers
- name: Add IP Forward for interface
sysctl:
name: "net.ipv4.conf.{{ item.1.interface }}.forwarding"
value: 1
sysctl_set: yes
state: present
reload: yes
with_indexed_items: "{{ systemd_networks }}"
when:
- (ansible_os_family | lower) == 'redhat'
- item.1.ipforward | default(false) | bool

View File

@ -55,3 +55,6 @@ MACVLAN={{ item.1.macvlan }}
{% elif item.1.vxlan is defined %}
VXLAN={{ item.1.vxlan }}
{% endif %}
{% if item.1.ipforward is defined %}
IPForward={{ (item.1.ipforward | bool) | ternary('yes', 'no') }}
{% endif %}

View File

@ -54,6 +54,9 @@
- NetDev:
Name: br-test
Kind: bridge
- NetDev:
Name: br-test2
Kind: bridge
systemd_networks:
- interface: "dummy0"
bond: "bond0"
@ -83,6 +86,10 @@
- interface: "br-test"
address: "10.1.0.1"
netmask: "255.255.255.0"
- interface: "br-test2"
address: 10.2.0.1
netmask: "255.255.255.0"
ipforward: true
- name: Test networkd
@ -131,6 +138,13 @@
with_items:
- MACAddressPolicy
- NamePolicy
- name: Check forwarding is enabled
shell: 'grep -wo ^1$ /proc/sys/net/{{ item }}'
changed_when: false
with_items:
- "ipv4/ip_forward"
- "ipv4/conf/all/forwarding"
- "ipv4/conf/br-test2/forwarding"
- name: Playbook for role testing with cleanup