add network

README.md

@@ -0,0 +1,48 @@
+Configure interfaces and pbr for RHEL and its derivatives
+Supported iterface types for network-scripts:
+- ethernet (default)
+- loopback
+
+For RHEL8 use:
+
+    network:
+      network_manager:
+        iface:
+          - conn_name: ens256
+            ip4:
+              - "100.127.2.2/29"
+          - conn_name: dummy0
+            type: dummy
+            ip4:
+              - "18.12.3.1/32"
+            routes4:
+              - 0.0.0.0/0 100.127.2.6 table=200
+              - 100.127.2.0/29 100.127.2.2 table=200
+            routes_rule4:
+              - priority 5 from 100.127.2.2 table 200
+              - priority 5 from 18.12.3.1 table 200
+    
+For RHEL7 use: 
+
+    network:
+      network_scripts:
+        iface:
+          - name: ens256
+            ip:
+              - ipaddr: "100.127.2.2"
+                prefix: "/29"
+          - name: lo
+            type: loopback
+            ip:
+              - ipaddr: "18.12.3.1"
+                prefix: "/32"
+            route:
+              - default table 200 via 100.127.2.6
+              - 100.127.2.0/29 table 200 via 100.127.2.2
+            rule:
+              - from 100.127.2.2 table 200
+              - from 18.12.3.1 table 200
+        pbr:
+          table:
+            - number: 200
+              name: "prod"

handlers/main.yml

@@ -0,0 +1,9 @@
+---
+- name: Up interface
+  shell: |
+    ifup {{ item.name }}
+  loop: "{{ network.network_scripts.iface }}"
+
+- name: Reload interface with nmcli
+  command: nmcli conn up {{ item.conn_name }}
+  loop: "{{ network.network_manager.iface }}"

meta/main.yml

@@ -0,0 +1 @@
+dependencies: []

tasks/RedHat/7.yaml

@@ -0,0 +1,20 @@
+---
+- block:
+  - include_tasks: network_scripts.yaml
+
+  when: network.network_scripts is defined
+
+- block:
+  - name: Install NetworkManager-dispatcher-routing-rules
+    package:
+      name:
+        - NetworkManager-dispatcher-routing-rules
+      state: present
+
+  - name: Configure interfaces and routes with nmcli
+    include: network_manager.yaml iface={{ item }}
+    loop: "{{ network.network_manager.iface }}"
+
+  when: network.network_manager is defined
+
+

tasks/RedHat/8.yaml

@@ -0,0 +1,15 @@
+---
+- block:
+  - name: Install network scripts
+    package: 
+      name: network-scripts
+      state: present
+
+  - include_tasks: network_scripts.yaml
+
+  when: network.network_scripts is defined
+
+- name: Configure interfaces and routes with nmcli
+  include: network_manager.yaml iface={{ item }}
+  when: network.network_manager is defined
+  loop: "{{ network.network_manager.iface }}"

tasks/RedHat/network_manager.yaml

@@ -0,0 +1,54 @@
+---
+- block:
+  - name: Configure interfaces with nmcli
+    community.general.nmcli:
+      conn_name: "{{ iface.conn_name }}"
+      type: "{{ iface.type | default('ethernet') }}"
+      ip4: "{{ omit if iface.ip4 is not defined else (iface.ip4|join(', ')) }}"
+      ip6: "{{ omit if iface.ip6 is not defined else (iface.ip6|join(', ')) }}"
+      gw4: "{{ iface.gw4 | default(omit) }}"
+      gw6: "{{ iface.gw6 | default(omit) }}"
+      never_default4: "{{ iface.never_default4 | default('yes') }}"
+      vlanid: "{{ iface.vlanid | default(omit) }}"
+      mtu: "{{ iface.mtu | default(0) }}"
+      zone: "{{ iface.zone | default(omit) }}"
+      state: present
+    notify:
+      - Reload interface with nmcli
+
+  - name: Get existing routes
+    shell: nmcli -g ipv4.routes connection show {{ iface.conn_name }}
+    register: existing_routes4_res
+    changed_when: False
+  
+  - name: Set fact about existing and new routes
+    set_fact:
+      existing_routes4: "{{ existing_routes4_res.stdout | hash('sha256') }}"
+      new_routes4: "{{ '' if iface.routes4 is not defined else (iface.routes4|join(', ') | hash('sha256')) }}"
+
+  #- debug:
+  #    msg: "{{ existing_routes4_res.stdout | hash('sha256') }}"
+
+  #- debug:
+  #    msg: "{{ '' if iface.routes4 is not defined else (iface.routes4|join(', ') | hash('sha256')) }}"
+
+  - name: Add routes and rules with nmcli
+    community.general.nmcli:
+      conn_name: "{{ iface.conn_name }}"
+      type: "{{ iface.type | default('ethernet') }}"
+      ip4: "{{ omit if iface.ip4 is not defined else (iface.ip4|join(', ')) }}"
+      ip6: "{{ omit if iface.ip6 is not defined else (iface.ip6|join(', ')) }}"
+      gw4: "{{ iface.gw4 | default(omit) }}"
+      gw6: "{{ iface.gw6 | default(omit) }}"
+      never_default4: "{{ iface.never_default4 | default('yes') }}"
+      vlanid: "{{ iface.vlanid | default(omit) }}"
+      routes4: "{{ iface.routes4 | default(omit) }}"
+      routing_rules4: "{{ iface.routing_rules4 | default(omit) }}"
+      routes6: "{{ iface.routes6 | default(omit) }}"
+      routing_rules6: "{{ iface.routing_rules6 | default(omit) }}"
+      mtu: "{{ iface.mtu | default(0) }}"
+      zone: "{{ iface.zone | default(omit) }}"
+      state: present
+    when: existing_routes4 != new_routes4
+    notify:
+      - Reload interface with nmcli

tasks/RedHat/network_scripts.yaml

@@ -0,0 +1,34 @@
+---
+- block:
+  - name: Create interfaces config files
+    template:
+      src: "ifcfg-{{ item.type | default('ethernet') }}.j2"
+      dest: "/etc/sysconfig/network-scripts/ifcfg-{{ item.name }}"
+    notify:
+      - Up interface
+    loop: "{{ network.network_scripts.iface }}"
+
+  - name: Create routing table in rt_tables
+    template:
+      src: rt_tables.j2
+      dest: /etc/iproute2/rt_tables
+    notify:
+      - Up interface
+
+  - name: Create routing rules for interfaces
+    template:
+      src: rule.j2
+      dest: "/etc/sysconfig/network-scripts/rule-{{ item.name }}"
+    notify:
+      - Up interface
+    loop: "{{ network.network_scripts.iface }}"
+
+  - name: Create routes for interfaces
+    template:
+      src: route.j2
+      dest: "/etc/sysconfig/network-scripts/route-{{ item.name }}"
+    notify:
+      - Up interface
+    loop: "{{ network.network_scripts.iface }}"
+
+  when: network.network_scripts is defined

tasks/main.yml

@@ -0,0 +1,3 @@
+---
+- name: Include interfaces configuration tasks
+  include: "{{ ansible_os_family }}/{{ ansible_distribution_version }}.yaml"

templates/ifcfg-ethernet.j2

@@ -0,0 +1,27 @@
+DEVICE="{{ item.name }}"
+USERCTL="{{ item.userctl | default('no') }}"
+NM_CONTROLLED="{{ item.nm_controlled | default('no') }}"
+{% if ite.bootproto is defined %}
+BOOTPROTO="{{ item.bootproto }}"
+{% endif %}
+ONBOOT="{{ item.onboot | default('yes') }}"
+{% if item.mtu is defined %}
+MTU="{{ item.mtu }}"
+{% endif %}
+{% if item.slave is defined %}
+MASTER="{{ item.master }}"
+SLAVE="yes"
+{% endif %}
+{% if item.gateway is defined %}
+GATEWAY="{{ item.gateway }}"
+{% endif %}
+{% for network in item.ip %}
+{% if network.ipaddr is defined %}
+IPADDR{{ loop.index }}="{{ network.ipaddr }}"
+{% endif %}
+{% if network.netmask is defined %}
+NETMASK{{ loop.index }}="{{ network.netmask }}"
+{% elif network.prefix is defined %}
+PREFIX{{ loop.index }}="{{ network.prefix }}"
+{% endif %}
+{% endfor %}

templates/ifcfg-loopback.j2

@@ -0,0 +1,17 @@
+DEVICE=lo
+IPADDR=127.0.0.1
+NETMASK=255.0.0.0
+NETWORK=127.0.0.0
+# If you're having problems with gated making 127.0.0.0/8 a martian,
+# you can change this to something else (255.255.255.255, for example)
+BROADCAST=127.255.255.255
+{% for network in item.ip %}
+IPADDR{{ loop.index }}={{ network.ipaddr }}
+{% if network.netmask is defined  %}
+NETMASK{{ loop.index }}={{ network.netmask }}
+{% elif network.prefix is defined %}
+PREFIX{{ loop.index }}={{ network.prefix }}
+{% endif %}
+{% endfor %}
+ONBOOT=yes
+NAME=loopback

templates/route.j2

@@ -0,0 +1,3 @@
+{% for route in item.route %}
+{{ route }}
+{% endfor %}

templates/rt_tables.j2

@@ -0,0 +1,14 @@
+#
+# reserved values
+#
+255	local
+254	main
+253	default
+0	unspec
+#
+# local
+#
+#1	inr.ruhep
+{% for table in network.network_scripts.pbr.table %}
+{{ table.number }} {{ table.name }}
+{% endfor %}

templates/rule.j2

@@ -0,0 +1,3 @@
+{% for rule in item.rule %}
+{{ rule }}
+{% endfor %}