diff --git a/roles/gw/files/sysctls.conf b/roles/gw/files/sysctls.conf index 211743f..f6bc081 100644 --- a/roles/gw/files/sysctls.conf +++ b/roles/gw/files/sysctls.conf @@ -4,8 +4,8 @@ net.ipv6.conf.all.accept_ra=0 # CM: 2018-01-12 - Disable Reverse Path Filtering as it breaks our tri-homed setup. net.ipv4.conf.all.rp_filter=2 -net.ipv4.conf.eth1.rp_filter=2 -net.ipv4.conf.eth2.rp_filter=2 +net.ipv4.conf.dmz.rp_filter=2 +net.ipv4.conf.uplink.rp_filter=2 # 2019-01-31/drn: Enable magic for conntrack asymmetric routing net.netfilter.nf_conntrack_tcp_be_liberal=1 diff --git a/roles/gw/tasks/main.yml b/roles/gw/tasks/main.yml index 2ddd6bb..d4eb037 100644 --- a/roles/gw/tasks/main.yml +++ b/roles/gw/tasks/main.yml @@ -92,12 +92,12 @@ dest: "/etc/systemd/network/{{ item }}" mode: "644" loop: - - eth0.network - - eth1.network - - eth2.network - - eth3.network + - mgmt.network - dmz.network - - dmz.netdev + - uplink.network + - sown.network + - oob.network + - oob.netdev notify: - Reload networkd - name: Deploy NRPE IPMI monitoring diff --git a/roles/gw/templates/conntrackd.conf b/roles/gw/templates/conntrackd.conf index 559a653..cb954cb 100644 --- a/roles/gw/templates/conntrackd.conf +++ b/roles/gw/templates/conntrackd.conf @@ -30,7 +30,7 @@ Sync { IPv4_address {{gw_uplink_ip_v4}} IPv4_Destination_Address {{gw_conntrackd_peer}} Port 3781 - Interface eth2 + Interface uplink SndSocketBuffer 1249280 RcvSocketBuffer 1249280 Checksum on diff --git a/roles/gw/templates/keepalived.conf b/roles/gw/templates/keepalived.conf index 4385e66..b8cdbfc 100644 --- a/roles/gw/templates/keepalived.conf +++ b/roles/gw/templates/keepalived.conf @@ -1,7 +1,7 @@ include /etc/keepalived/local.conf vrrp_instance SOWN_v4 { - interface eth3 + interface sown virtual_router_id 50 priority $PRIORITY advert_int 1 @@ -15,7 +15,7 @@ vrrp_instance SOWN_v4 { } vrrp_instance SOWN_v6 { - interface eth3 + interface sown virtual_router_id 50 priority $PRIORITY advert_int 1 @@ -26,11 +26,11 @@ vrrp_instance SOWN_v6 { virtual_ipaddress { 2001:630:d0:f700::254/64 } - notify_master "/sbin/ip addr change 2001:630:d0:f700::254 dev eth3 preferred_lft 0" + notify_master "/sbin/ip addr change 2001:630:d0:f700::254 dev sown preferred_lft 0" } vrrp_instance UoS_Link_v4 { - interface eth2 + interface uplink virtual_router_id 50 priority $PRIORITY advert_int 1 @@ -44,7 +44,7 @@ vrrp_instance UoS_Link_v4 { } vrrp_instance UoS_Link_v6 { - interface eth2 + interface uplink virtual_router_id 50 priority $PRIORITY advert_int 1 @@ -55,5 +55,5 @@ vrrp_instance UoS_Link_v6 { virtual_ipaddress { 2001:630:d0:505::5032/64 } - notify_master "/sbin/ip addr change 2001:630:d0:505::5032 dev eth2 preferred_lft 0" + notify_master "/sbin/ip addr change 2001:630:d0:505::5032 dev uplink preferred_lft 0" } diff --git a/roles/gw/templates/networkd/dmz.network b/roles/gw/templates/networkd/dmz.network index a9d9c89..9f71894 100644 --- a/roles/gw/templates/networkd/dmz.network +++ b/roles/gw/templates/networkd/dmz.network @@ -1,5 +1,9 @@ +# OOB DMZ link [Match] Name=dmz -[Link] -ActivationPolicy=up +[Network] +ConfigureWithoutCarrier=yes +Address={{gw_dmz_ip}}/24 +Gateway=152.78.189.254 +VRF=oob diff --git a/roles/gw/templates/networkd/eth1.network b/roles/gw/templates/networkd/eth1.network deleted file mode 100644 index a6841b7..0000000 --- a/roles/gw/templates/networkd/eth1.network +++ /dev/null @@ -1,9 +0,0 @@ -# OOB DMZ link -[Match] -Name=eth1 - -[Network] -ConfigureWithoutCarrier=yes -Address={{gw_dmz_ip}}/24 -Gateway=152.78.189.254 -VRF=dmz diff --git a/roles/gw/templates/networkd/eth0.network b/roles/gw/templates/networkd/mgmt.network similarity index 87% rename from roles/gw/templates/networkd/eth0.network rename to roles/gw/templates/networkd/mgmt.network index ad88ede..6728305 100644 --- a/roles/gw/templates/networkd/eth0.network +++ b/roles/gw/templates/networkd/mgmt.network @@ -1,5 +1,5 @@ [Match] -Name=eth0 +Name=mgmt [Network] ConfigureWithoutCarrier=yes diff --git a/roles/gw/templates/networkd/dmz.netdev b/roles/gw/templates/networkd/oob.netdev similarity index 79% rename from roles/gw/templates/networkd/dmz.netdev rename to roles/gw/templates/networkd/oob.netdev index b684218..b3c2f6f 100644 --- a/roles/gw/templates/networkd/dmz.netdev +++ b/roles/gw/templates/networkd/oob.netdev @@ -1,5 +1,5 @@ [NetDev] -Name=dmz +Name=oob Kind=vrf [VRF] diff --git a/roles/gw/templates/networkd/oob.network b/roles/gw/templates/networkd/oob.network new file mode 100644 index 0000000..633de7a --- /dev/null +++ b/roles/gw/templates/networkd/oob.network @@ -0,0 +1,5 @@ +[Match] +Name=oob + +[Link] +ActivationPolicy=up diff --git a/roles/gw/templates/networkd/eth3.network b/roles/gw/templates/networkd/sown.network similarity index 93% rename from roles/gw/templates/networkd/eth3.network rename to roles/gw/templates/networkd/sown.network index ac3ec20..ce4b9fc 100644 --- a/roles/gw/templates/networkd/eth3.network +++ b/roles/gw/templates/networkd/sown.network @@ -1,6 +1,6 @@ # SOWN LAN [Match] -Name=eth3 +Name=sown [Network] ConfigureWithoutCarrier=yes diff --git a/roles/gw/templates/networkd/eth2.network b/roles/gw/templates/networkd/uplink.network similarity index 93% rename from roles/gw/templates/networkd/eth2.network rename to roles/gw/templates/networkd/uplink.network index 7b1a9ed..e7d323f 100644 --- a/roles/gw/templates/networkd/eth2.network +++ b/roles/gw/templates/networkd/uplink.network @@ -1,6 +1,6 @@ # uplink to isolutions [Match] -Name=eth2 +Name=uplink [Network] ConfigureWithoutCarrier=yes diff --git a/roles/pxe/templates/dnsmasq.conf.j2 b/roles/pxe/templates/dnsmasq.conf.j2 index 9efc94b..e489c43 100644 --- a/roles/pxe/templates/dnsmasq.conf.j2 +++ b/roles/pxe/templates/dnsmasq.conf.j2 @@ -2,7 +2,7 @@ port=0 #dhcp on sown lan only -interface=eth3 +interface=sown dhcp-range={{pxe_dhcp_range_start}},{{pxe_dhcp_range_end}},1h dhcp-option=6,10.5.0.254 # dns dhcp-option=3,10.5.0.254 # def gw