Document primary interfaces and add mv addresses

The macvlan primary interface will now allow deployers to run a fully minimal network stack without any bridges or out-of-band configurations. This capability has now been added to the defaults with documentation regarding how its implemented. Change-Id: I73e52ff9237dcc9c0d1bd156345d730454d28533 Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2018-08-10 13:23:59 -05:00 · 2018-08-10 13:23:59 -05:00 · bf931fb29f
parent 4d40aa71cc
commit bf931fb29f
2 changed files with 49 additions and 10 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -34,6 +34,50 @@ nspawn_networks:
    # Optional | Set the macvlan mode
    macvlan_mode: bridge

+# Primary interface used for host to container communications. In the event that
+# the underlying system is running a condensed network stack a route will be
+# created for all networks that have a defined `cidr` using the primary
+# interface. In the event that an address is defined for a given network Ansible
+# facts will be used to determine if an address needs to be assigned to the
+# macvlan interface.
+#
+# + simple example:
+#   management_cidr: "172.29.236.0/24"
+#   container_networks:
+#     management_address:
+#       bridge: eth0
+#
+# In this example the `managemen_cidr` corresponds to the `management_address`
+# network and because there's no IP address within the address block a route is
+# used allowing the host to communicate with the containers. For the route to be
+# added using any network, the network must have a corresponding CIDR with no
+# defined address.
+#
+# Multiple macvlans can be spawned from a single host interface.
+# + simple example:
+#   management_cidr: "172.29.236.0/24"
+#   storage_cidr: "10.0.0.0/24"
+#   container_networks:
+#     management_address:
+#       bridge: eth0
+#     storage_address:
+#       bridge: eth0
+#       address: 10.0.0.100
+#       netmask: 255.255.255.0
+#     tunnel_address:
+#       bridge: eth0.10
+#
+# In this example management storage and tunnel networks will be created and
+# attached to the containers.
+#  + The management network will have a route created for its corresponding CIDR
+#  + The storage network will have the defined address added to the macvlan
+#    interface with `scope` set to `host`, assuming the address is not already
+#    assigned to the underlying interface, "eth0".
+#  + The tunnel network will be attached to the container and isolated from the
+#    host with no access to without first attaching to the container.
+#
+nspawn_primary_interface: "{{ nspawn_networks['nspawn_address']['bridge'] }}"
+
 # Used to define the default macvlan mode when not specifically defined within
 # container_networks or nspawn_networks. See all available options here:
 # https://www.freedesktop.org/software/systemd/man/systemd.netdev.html#%5BMACVLAN%5D%20Section%20Options
--- a/tasks/nspawn_networking.yml
+++ b/tasks/nspawn_networking.yml
@ -95,16 +95,11 @@
          {%-     else %}
          {%-       set _ = start_commands.append('-/sbin/ip link add ' + mv_interface + ' link ' + value.bridge + ' mtu ' ~ (interface_data["mtu"] | default(1500)) ~ ' type macvlan mode ' + value.macvlan_mode | default(nspawn_macvlan_mode)) %}
          {%-       set _ = start_commands.append('-/sbin/ip link set dev ' + mv_interface + ' up') %}
-          {%        if not (value.enable_dhcp | default(false)) | bool %}
-          {%          if hostvars[inventory_hostname][key.split('_')[0] + '_cidr'] is defined %}
-          {%            set net_cidr = hostvars[inventory_hostname]['container_cidr'] %}
-          {%-           set _ = start_commands.append('-/sbin/ip route add local ' + net_cidr + ' dev ' + mv_interface + ' metric 100 proto kernel scope host table local') %}
-          {%          elif (value.address is defined) and (value.netmask is defined) %}
-          {%            set prefix = (value.address ~ '/' ~ value.netmask) | ipaddr('prefix') %}
-          {%            set _network = (value.address ~ '/' ~ prefix) | ipaddr('network') %}
-          {%            set _net_addr_network = (_network ~ '/' ~ prefix) %}
-          {%-           set _ = start_commands.append('-/sbin/ip route add local ' + _net_addr_network + ' dev ' + mv_interface + ' metric 100 proto kernel scope host table local') %}
-          {%-         endif %}
+          {%        if hostvars[inventory_hostname][key.split('_')[0] + '_cidr'] is defined and (value.address is undefined) %}
+          {%          set net_cidr = hostvars[inventory_hostname][key.split('_')[0] + '_cidr'] %}
+          {%          set _ = start_commands.append('-/sbin/ip route add ' + net_cidr + ' dev ' + nspawn_primary_interface + ' metric 100 proto kernel scope link table local') %}
+          {%        elif (value.address is defined) and ((interface_data['ipv4'] | default({'address': none}))['address'] != value.address) %}
+          {%          set _ = start_commands.append('-/sbin/ip address add ' + value.address + '/' + (value.netmask | default('32')) + ' dev ' + mv_interface + ' scope host') %}
          {%-       endif %}
          {%-     endif %}
          {%-   endif %}