X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/a60f8a522d3ab47b49ba10b4c5cb756e5785ef58..aeaa46f3071de018b5c5e0f5678cb5b4082e3ddc:/cookbooks/networking/recipes/default.rb diff --git a/cookbooks/networking/recipes/default.rb b/cookbooks/networking/recipes/default.rb index dfa73f196..a6fcaf80f 100644 --- a/cookbooks/networking/recipes/default.rb +++ b/cookbooks/networking/recipes/default.rb @@ -23,6 +23,8 @@ require "ipaddr" require "yaml" +package "netplan.io" + netplan = { "network" => { "version" => 2, @@ -39,16 +41,19 @@ node[:networking][:interfaces].each do |name, interface| if role[interface[:family]] node.normal[:networking][:interfaces][name][:prefix] = role[interface[:family]][:prefix] node.normal[:networking][:interfaces][name][:gateway] = role[interface[:family]][:gateway] + node.normal[:networking][:interfaces][name][:routes] = role[interface[:family]][:routes] end node.normal[:networking][:interfaces][name][:metric] = role[:metric] node.normal[:networking][:interfaces][name][:zone] = role[:zone] end - prefix = node[:networking][:interfaces][name][:prefix] + if interface[:address] + prefix = node[:networking][:interfaces][name][:prefix] - node.normal[:networking][:interfaces][name][:netmask] = (~IPAddr.new(interface[:address]).mask(0)).mask(prefix) - node.normal[:networking][:interfaces][name][:network] = IPAddr.new(interface[:address]).mask(prefix) + node.normal[:networking][:interfaces][name][:netmask] = (~IPAddr.new(interface[:address]).mask(0)).mask(prefix) + node.normal[:networking][:interfaces][name][:network] = IPAddr.new(interface[:address]).mask(prefix) + end interface = node[:networking][:interfaces][name] @@ -74,7 +79,9 @@ node[:networking][:interfaces].each do |name, interface| } end - deviceplan["addresses"].push("#{interface[:address]}/#{prefix}") + if interface[:address] + deviceplan["addresses"].push("#{interface[:address]}/#{prefix}") + end if interface[:mtu] deviceplan["mtu"] = interface[:mtu] @@ -124,6 +131,20 @@ node[:networking][:interfaces].each do |name, interface| ) end end + + if interface[:routes] + interface[:routes].each do |to, parameters| + route = { + "to" => to + } + + route["type"] = parameters[:type] if parameters[:type] + route["via"] = parameters[:via] if parameters[:via] + route["metric"] = parameters[:metric] if parameters[:metric] + + deviceplan["routes"].push(route) + end + end else node.rm(:networking, :interfaces, name) end @@ -152,7 +173,7 @@ end file "/etc/netplan/99-chef.yaml" do owner "root" group "root" - mode 0o644 + mode "644" content YAML.dump(netplan) end @@ -160,24 +181,23 @@ package "cloud-init" do action :purge end -execute "hostname" do +ohai "reload-hostname" do action :nothing - command "/bin/hostname -F /etc/hostname" + plugin "hostname" end -template "/etc/hostname" do - source "hostname.erb" - owner "root" - group "root" - mode 0o644 - notifies :run, "execute[hostname]" +execute "hostnamectl-set-hostname" do + command "hostnamectl set-hostname #{node[:networking][:hostname]}" + notifies :reload, "ohai[reload-hostname]" + not_if { ENV.key?("TEST_KITCHEN") || node[:hostnamectl][:static_hostname] == node[:networking][:hostname] } end template "/etc/hosts" do source "hosts.erb" owner "root" group "root" - mode 0o644 + mode "644" + not_if { ENV["TEST_KITCHEN"] } end service "systemd-resolved" do @@ -187,15 +207,26 @@ end directory "/etc/systemd/resolved.conf.d" do owner "root" group "root" - mode 0o755 + mode "755" end template "/etc/systemd/resolved.conf.d/99-chef.conf" do source "resolved.conf.erb" owner "root" group "root" - mode 0o644 - notifies :restart, "service[systemd-resolved]" + mode "644" + notifies :restart, "service[systemd-resolved]", :immediately +end + +if node[:filesystem][:by_mountpoint][:"/etc/resolv.conf"] + mount "/etc/resolv.conf" do + action :umount + device node[:filesystem][:by_mountpoint][:"/etc/resolv.conf"][:devices].first + end +end + +link "/etc/resolv.conf" do + to "../run/systemd/resolve/stub-resolv.conf" end if node[:networking][:tcp_fastopen_key] @@ -257,7 +288,7 @@ template "/etc/default/shorewall" do source "shorewall-default.erb" owner "root" group "root" - mode 0o644 + mode "644" notifies :restart, "service[shorewall]" end @@ -265,7 +296,7 @@ template "/etc/shorewall/shorewall.conf" do source "shorewall.conf.erb" owner "root" group "root" - mode 0o644 + mode "644" notifies :restart, "service[shorewall]" end @@ -273,7 +304,7 @@ template "/etc/shorewall/zones" do source "shorewall-zones.erb" owner "root" group "root" - mode 0o644 + mode "644" variables :type => "ipv4" notifies :restart, "service[shorewall]" end @@ -282,7 +313,7 @@ template "/etc/shorewall/interfaces" do source "shorewall-interfaces.erb" owner "root" group "root" - mode 0o644 + mode "644" notifies :restart, "service[shorewall]" end @@ -290,7 +321,7 @@ template "/etc/shorewall/hosts" do source "shorewall-hosts.erb" owner "root" group "root" - mode 0o644 + mode "644" variables :zones => zones notifies :restart, "service[shorewall]" end @@ -299,7 +330,7 @@ template "/etc/shorewall/conntrack" do source "shorewall-conntrack.erb" owner "root" group "root" - mode 0o644 + mode "644" notifies :restart, "service[shorewall]" only_if { node[:networking][:firewall][:raw] } end @@ -308,7 +339,7 @@ template "/etc/shorewall/policy" do source "shorewall-policy.erb" owner "root" group "root" - mode 0o644 + mode "644" notifies :restart, "service[shorewall]" end @@ -316,7 +347,7 @@ template "/etc/shorewall/rules" do source "shorewall-rules.erb" owner "root" group "root" - mode 0o644 + mode "644" variables :family => "inet" notifies :restart, "service[shorewall]" end @@ -331,7 +362,7 @@ template "/etc/logrotate.d/shorewall" do source "logrotate.shorewall.erb" owner "root" group "root" - mode 0o644 + mode "644" variables :name => "shorewall" end @@ -361,7 +392,7 @@ if node[:roles].include?("gateway") source "shorewall-masq.erb" owner "root" group "root" - mode 0o644 + mode "644" notifies :restart, "service[shorewall]" end else @@ -378,7 +409,7 @@ unless node.interfaces(:family => :inet6).empty? source "shorewall-default.erb" owner "root" group "root" - mode 0o644 + mode "644" notifies :restart, "service[shorewall6]" end @@ -386,7 +417,7 @@ unless node.interfaces(:family => :inet6).empty? source "shorewall6.conf.erb" owner "root" group "root" - mode 0o644 + mode "644" notifies :restart, "service[shorewall6]" end @@ -394,7 +425,7 @@ unless node.interfaces(:family => :inet6).empty? source "shorewall-zones.erb" owner "root" group "root" - mode 0o644 + mode "644" variables :type => "ipv6" notifies :restart, "service[shorewall6]" end @@ -403,7 +434,7 @@ unless node.interfaces(:family => :inet6).empty? source "shorewall6-interfaces.erb" owner "root" group "root" - mode 0o644 + mode "644" notifies :restart, "service[shorewall6]" end @@ -411,7 +442,7 @@ unless node.interfaces(:family => :inet6).empty? source "shorewall6-hosts.erb" owner "root" group "root" - mode 0o644 + mode "644" variables :zones => zones notifies :restart, "service[shorewall6]" end @@ -420,7 +451,7 @@ unless node.interfaces(:family => :inet6).empty? source "shorewall-conntrack.erb" owner "root" group "root" - mode 0o644 + mode "644" notifies :restart, "service[shorewall6]" only_if { node[:networking][:firewall][:raw] } end @@ -429,7 +460,7 @@ unless node.interfaces(:family => :inet6).empty? source "shorewall-policy.erb" owner "root" group "root" - mode 0o644 + mode "644" notifies :restart, "service[shorewall6]" end @@ -437,7 +468,7 @@ unless node.interfaces(:family => :inet6).empty? source "shorewall-rules.erb" owner "root" group "root" - mode 0o644 + mode "644" variables :family => "inet6" notifies :restart, "service[shorewall6]" end @@ -452,7 +483,7 @@ unless node.interfaces(:family => :inet6).empty? source "logrotate.shorewall.erb" owner "root" group "root" - mode 0o644 + mode "644" variables :name => "shorewall6" end