Include VPN routes in the netplan config

diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
index de96b3d16e5f8104e642b8d91c83766f18410c36..2f7e6ded4d4b0542ab2e562b33211e169741203f 100644 (file)
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2020-07-29 12:02:45 UTC using RuboCop version 0.88.0.
+# on 2020-07-30 08:39:06 UTC using RuboCop version 0.88.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -19,3 +19,8 @@ ChefModernize/Definitions:
 # SupportedStyles: strings, symbols
 ChefStyle/AttributeKeys:
   EnforcedStyle: symbols
+
+# Offense count: 3
+# Configuration parameters: CountBlocks.
+Metrics/BlockNesting:
+  Max: 4

diff --git a/cookbooks/networking/recipes/default.rb b/cookbooks/networking/recipes/default.rb
index b643296f4883e1f36b6a1cd26f6e655d51804187..d85f2ebbda8bcd30291ac3a109869fee5881f65a 100644 (file)
--- a/cookbooks/networking/recipes/default.rb
+++ b/cookbooks/networking/recipes/default.rb
@@ -130,6 +130,44 @@ node[:networking][:interfaces].each do |name, interface|
           "scope" => "link"
         )
       end
+
+      if interface[:role] == "internal" && interface[:gateway] != interface[:address]
+        search(:node, "networking_interfaces*address:#{interface[:gateway]}") do |gateway|
+          next unless gateway[:openvpn]
+
+          gateway[:openvpn][:tunnels].each_value do |tunnel|
+            if tunnel[:peer][:address]
+              deviceplan["routes"].push(
+                "to" => "#{tunnel[:peer][:address]}/32",
+                "via" => interface[:gateway]
+              )
+
+              route tunnel[:peer][:address] do
+                netmask "255.255.255.255"
+                gateway interface[:gateway]
+                device interface[:interface]
+              end
+            end
+
+            next unless tunnel[:peer][:networks]
+
+            tunnel[:peer][:networks].each do |network|
+              prefix = IPAddr.new("#{network[:address]}/#{network[:netmask]}").prefix
+
+              deviceplan["routes"].push(
+                "to" => "#{network[:address]}/#{prefix}",
+                "via" => interface[:gateway]
+              )
+
+              route network[:address] do
+                netmask network[:netmask]
+                gateway interface[:gateway]
+                device interface[:interface]
+              end
+            end
+          end
+        end
+      end
     end
 
     if interface[:routes]
@@ -229,34 +267,6 @@ link "/etc/resolv.conf" do
   to "../run/systemd/resolve/stub-resolv.conf"
 end
 
-node.interfaces(:role => :internal) do |interface|
-  if interface[:gateway] && interface[:gateway] != interface[:address]
-    search(:node, "networking_interfaces*address:#{interface[:gateway]}") do |gateway|
-      next unless gateway[:openvpn]
-
-      gateway[:openvpn][:tunnels].each_value do |tunnel|
-        if tunnel[:peer][:address]
-          route tunnel[:peer][:address] do
-            netmask "255.255.255.255"
-            gateway interface[:gateway]
-            device interface[:interface]
-          end
-        end
-
-        next unless tunnel[:peer][:networks]
-
-        tunnel[:peer][:networks].each do |network|
-          route network[:address] do
-            netmask network[:netmask]
-            gateway interface[:gateway]
-            device interface[:interface]
-          end
-        end
-      end
-    end
-  end
-end
-
 zones = {}
 
 search(:node, "networking:interfaces").collect do |n|