From 4f6ed536ed1b7085f44ab484dd128c217fda4425 Mon Sep 17 00:00:00 2001
From: Kevin Carter <kevin.carter@rackspace.com>
Date: Thu, 2 Aug 2018 17:34:20 -0500
Subject: [PATCH] Add route when required on the local table

With the use of nspawn containers and macvlans, without an intermediary
bridge, there's no way to send traffic from the host back to the
container without configuring VEPA and having 802.1qg enabled
switches. To enhance the usability of nspawn a local route is added to
macvlan devices when an interface address is detected. This allows
the host to route back to the containers without issues and will not
interfere with the main host route. To ensure there's absolutely no
conflict with host routes a metric has added to all routes added to the
local table.

Change-Id: Id4326c9783f46884d3f39692e691775ba1118b38
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
---
 tasks/nspawn_networking.yml | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/tasks/nspawn_networking.yml b/tasks/nspawn_networking.yml
index d131659..15d1cbd 100644
--- a/tasks/nspawn_networking.yml
+++ b/tasks/nspawn_networking.yml
@@ -91,11 +91,20 @@
           {%-       set _ = start_commands.append('-/sbin/ip link set dev veth-' + interface + '2 mtu ' + (interface_data['mtu'] | default(1500)) | string) %}
           {%-       set _ = start_commands.append('-/sbin/ip link set dev veth-' + interface + '1 master ' + value.bridge) %}
           {%-       set _ = start_commands.append('-/sbin/ip link add ' + mv_interface + ' link veth-' + interface + '2 type macvlan mode ' + value.macvlan_mode | default(nspawn_macvlan_mode)) %}
+          {%-       set _ = start_commands.append('-/sbin/ip link set dev ' + mv_interface + ' up') %}
           {%-     else %}
           {%-       set _ = start_commands.append('-/sbin/ip link add ' + mv_interface + ' link ' + value.bridge + ' type macvlan mode ' + value.macvlan_mode | default(nspawn_macvlan_mode)) %}
+          {%-       set _ = start_commands.append('-/sbin/ip link set dev ' + mv_interface + ' up') %}
+          {%        if hostvars[inventory_hostname][key.split('_')[0] + '_cidr'] is defined %}
+          {%          set net_cidr = hostvars[inventory_hostname]['container_cidr'] %}
+          {%-         set _ = start_commands.append('-/sbin/ip route add ' + net_cidr + ' dev ' + mv_interface + ' metric 100 proto kernel scope link table local') %}
+          {%        elif (value.address is defined) and (value.netmask is defined) %}
+          {%          set prefix = (value.address ~ '/' ~ value.netmask) | ipaddr('prefix') %}
+          {%          set _network = (value.address ~ '/' ~ prefix) | ipaddr('network') %}
+          {%          set _net_addr_network = (_network ~ '/' ~ prefix) %}
+          {%-         set _ = start_commands.append('-/sbin/ip route add ' + _net_addr_network + ' dev ' + mv_interface + ' metric 100 proto kernel scope link table local') %}
+          {%-       endif %}
           {%-     endif %}
-          {%-     set _ = start_commands.append('-/sbin/ip link set dev ' + mv_interface + ' up') %}
-          {%-     set _ = seen_start_interfaces.append(value.bridge) %}
           {%-   endif %}
           {%- endfor %}
           {{ start_commands }}