Add ipforward option to configure IPForward
Add ipforward bool optional setting to systemd_networks to enable or disable forwarding for a given interface. IPForward is disabled by default. Change-Id: Iaea33b1bdde1964f38612ab8c278fed4985d390b
This commit is contained in:
parent
c72988c4ce
commit
242b3c3fb4
|
@ -95,6 +95,10 @@ systemd_netdevs: []
|
||||||
# `static_routes` -- (optional) list of routes to use for the network. This
|
# `static_routes` -- (optional) list of routes to use for the network. This
|
||||||
# option requires a gateway and cidr to be set
|
# option requires a gateway and cidr to be set
|
||||||
# within the list item.
|
# within the list item.
|
||||||
|
# `ipforward` -- (optional) When set to true forwarding will be enabled for
|
||||||
|
# interface. This setting will enable
|
||||||
|
# net.ipv4.ip_forward, net.ipv4.conf.all.forwarding
|
||||||
|
# and net.ipv4.conf.interface.forwarding
|
||||||
|
|
||||||
# systemd_networks:
|
# systemd_networks:
|
||||||
# - interface: "dummy0"
|
# - interface: "dummy0"
|
||||||
|
|
|
@ -137,3 +137,18 @@
|
||||||
- systemd_run_networkd | bool
|
- systemd_run_networkd | bool
|
||||||
tags:
|
tags:
|
||||||
- systemd-networkd
|
- systemd-networkd
|
||||||
|
|
||||||
|
- name: restart systemd_networkd prior to applying sysctl changes
|
||||||
|
meta: flush_handlers
|
||||||
|
|
||||||
|
- name: Add IP Forward for interface
|
||||||
|
sysctl:
|
||||||
|
name: "net.ipv4.conf.{{ item.1.interface }}.forwarding"
|
||||||
|
value: 1
|
||||||
|
sysctl_set: yes
|
||||||
|
state: present
|
||||||
|
reload: yes
|
||||||
|
with_indexed_items: "{{ systemd_networks }}"
|
||||||
|
when:
|
||||||
|
- (ansible_os_family | lower) == 'redhat'
|
||||||
|
- item.1.ipforward | default(false) | bool
|
||||||
|
|
|
@ -55,3 +55,6 @@ MACVLAN={{ item.1.macvlan }}
|
||||||
{% elif item.1.vxlan is defined %}
|
{% elif item.1.vxlan is defined %}
|
||||||
VXLAN={{ item.1.vxlan }}
|
VXLAN={{ item.1.vxlan }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if item.1.ipforward is defined %}
|
||||||
|
IPForward={{ (item.1.ipforward | bool) | ternary('yes', 'no') }}
|
||||||
|
{% endif %}
|
||||||
|
|
|
@ -54,6 +54,9 @@
|
||||||
- NetDev:
|
- NetDev:
|
||||||
Name: br-test
|
Name: br-test
|
||||||
Kind: bridge
|
Kind: bridge
|
||||||
|
- NetDev:
|
||||||
|
Name: br-test2
|
||||||
|
Kind: bridge
|
||||||
systemd_networks:
|
systemd_networks:
|
||||||
- interface: "dummy0"
|
- interface: "dummy0"
|
||||||
bond: "bond0"
|
bond: "bond0"
|
||||||
|
@ -83,6 +86,10 @@
|
||||||
- interface: "br-test"
|
- interface: "br-test"
|
||||||
address: "10.1.0.1"
|
address: "10.1.0.1"
|
||||||
netmask: "255.255.255.0"
|
netmask: "255.255.255.0"
|
||||||
|
- interface: "br-test2"
|
||||||
|
address: 10.2.0.1
|
||||||
|
netmask: "255.255.255.0"
|
||||||
|
ipforward: true
|
||||||
|
|
||||||
|
|
||||||
- name: Test networkd
|
- name: Test networkd
|
||||||
|
@ -131,6 +138,13 @@
|
||||||
with_items:
|
with_items:
|
||||||
- MACAddressPolicy
|
- MACAddressPolicy
|
||||||
- NamePolicy
|
- NamePolicy
|
||||||
|
- name: Check forwarding is enabled
|
||||||
|
shell: 'grep -wo ^1$ /proc/sys/net/{{ item }}'
|
||||||
|
changed_when: false
|
||||||
|
with_items:
|
||||||
|
- "ipv4/ip_forward"
|
||||||
|
- "ipv4/conf/all/forwarding"
|
||||||
|
- "ipv4/conf/br-test2/forwarding"
|
||||||
|
|
||||||
|
|
||||||
- name: Playbook for role testing with cleanup
|
- name: Playbook for role testing with cleanup
|
||||||
|
|
Loading…
Reference in New Issue