Merge branch 'networking-role' into 'master'

New networking role shared. Closes #288 See merge request !355

Merge branch 'networking-role' into 'master'
1f2203c4 · Kristian Klausen · 208a5339 · a8369f31 · 1f2203c4 · 1f2203c4
Commit 1f2203c4 authored 3 years ago by Kristian Klausen
--- a/host_vars/gemini.archlinux.org/misc
+++ b/host_vars/gemini.archlinux.org/misc
@@ -8,7 +8,6 @@ ipv6_netmask: "/128"
 ipv4_gateway: "49.12.124.65"
 ipv6_gateway: "fe80::1"
 filesystem: "btrfs"
-network_interface: "en*"
 system_disks:
  - /dev/sda
  - /dev/sdb

--- a/host_vars/mail.archlinux.org/misc
+++ b/host_vars/mail.archlinux.org/misc
@@ -10,6 +10,5 @@ fail2ban_jails:
 ipv4_address: "95.216.189.61"
 ipv6_address: "2a01:4f9:c010:3052::1"
-dns_servers: ["127.0.0.1"]
 wireguard_address: 10.0.0.14
 wireguard_public_key: +RJ/ZNRmw2uCHxSjJZHftk7lWUl5nJ6VSZww8GPwhEI=
--- a/host_vars/packer-base-image
+++ b/host_vars/packer-base-image
@@ -2,7 +2,6 @@
 hostname: "archlinux-packer"
 dhcp: true
-network_interface: "en*"
 filesystem: btrfs
 system_disks:
  - /dev/sda
--- a/host_vars/secure-runner1.archlinux.org/misc
+++ b/host_vars/secure-runner1.archlinux.org/misc
@@ -8,7 +8,6 @@ ipv6_netmask: "/128"
 ipv4_gateway: "116.202.134.129"
 ipv6_gateway: "fe80::1"
 filesystem: "btrfs"
-network_interface: "en*"
 system_disks:
  - /dev/nvme0n1
  - /dev/nvme1n1

--- a/roles/common/defaults/main.yml
+++ b/roles/common/defaults/main.yml
 ---
 configure_network: false
 enable_zram_swap: false
-network_interface: "e*"
-dns_servers: []
--- a/roles/common/handlers/main.yml
+++ b/roles/common/handlers/main.yml
 ---
- name: restart networkd
-  systemd:
-    name: systemd-networkd
-    state: restarted
-    daemon_reload: true
 - name: restart journald
  systemd:
    name: systemd-journald

--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
 ---
- name: set fact for local dns resolver in use
-  set_fact:
-    host_has_local_dns_resolver: "{{ dns_servers|length == 1 and '127.0.0.1' in dns_servers }}"
 - name: install inetutils for hostname
  pacman: name=inetutils state=present
@@ -63,32 +59,10 @@
 - name: generate ssh key for root
  command: ssh-keygen -b 4096 -N "" -f /root/.ssh/id_rsa creates="/root/.ssh/id_rsa"
- name: configure network
+- name: configure networking
-  template: src=10-static-ethernet.network.j2 dest=/etc/systemd/network/10-static-ethernet.network owner=root group=root mode=0644
+  include_role:
-  notify:
+    name: networking
-    - restart networkd
-  when: configure_network
- name: create symlink to resolv.conf
-  file: src=/run/systemd/resolve/stub-resolv.conf dest=/etc/resolv.conf state=link force=yes owner=root group=root mode=0755
-  when: configure_network and not host_has_local_dns_resolver
- name: create resolv.conf
-  template: src=resolv.conf.j2 dest=/etc/resolv.conf owner=root group=root mode=0644
-  when: configure_network and host_has_local_dns_resolver
- name: start networkd
-  service: name=systemd-networkd state=started enabled=yes
-  when: configure_network
- name: start resolved
-  service:
-    name: systemd-resolved
-    state: "{{'stopped' if host_has_local_dns_resolver else 'started'}}"
-    enabled: "{{'no' if host_has_local_dns_resolver else 'yes'}}"
  when: configure_network
-  tags:
-    - this
 - name: configure tcp receive window limits
  sysctl:

--- a/roles/install_arch/defaults/main.yml
+++ b/roles/install_arch/defaults/main.yml
---
-network_interface: "e*"
-dns_servers: []
--- a/roles/install_arch/tasks/main.yml
+++ b/roles/install_arch/tasks/main.yml
@@ -122,27 +122,11 @@
  register: chroot_mkinitcpio
  changed_when: "chroot_mkinitcpio.rc == 0"
- name: configure network (static)
+- name: configure networking
-  template: src=10-static-ethernet.network.j2 dest=/mnt/etc/systemd/network/10-static-ethernet.network owner=root group=root mode=0644
+  include_role:
-  when: not dhcp|default(false)
+    name: networking
+  vars:
- name: configure network (dhcp)
+    chroot_path: "/mnt"
-  template: src=10-dhcp-ethernet.network.j2 dest=/mnt/etc/systemd/network/10-dhcp-ethernet.network owner=root group=root mode=0644
-  when: dhcp|default(false)
- name: install hcloud-init
-  copy: src=hcloud-init dest=/mnt/usr/local/bin/hcloud-init owner=root group=root mode=0755
-  when: "'hcloud' in group_names or inventory_hostname == 'packer-base-image'"
- name: install hcloud-init.service
-  copy: src=hcloud-init.service dest=/mnt/etc/systemd/system/hcloud-init.service owner=root group=root mode=0644
-  when: "'hcloud' in group_names or inventory_hostname == 'packer-base-image'"
- name: enable hcloud-init inside chroot
-  command: chroot /mnt systemctl enable hcloud-init
-  register: chroot_systemd_services
-  changed_when: "chroot_systemd_services.rc == 0"
-  when: "'hcloud' in group_names or inventory_hostname == 'packer-base-image'"
 - name: provide default mount options (btrfs)
  lineinfile:
@@ -180,9 +164,6 @@
 - name: configure sshd
  template: src=sshd_config.j2 dest=/mnt/etc/ssh/sshd_config owner=root group=root mode=0644
- name: create symlink to resolv.conf
-  file: src=/run/systemd/resolve/stub-resolv.conf dest=/mnt/etc/resolv.conf state=link force=yes owner=root group=root mode=0644
 - name: clean pacman cache
  command: yes | chroot /mnt pacman -Scc
  register: chroot_pacman_clean_cache

--- a/roles/install_arch/templates/10-dhcp-ethernet.network.j2
+++ b/roles/install_arch/templates/10-dhcp-ethernet.network.j2
-../../common/templates/10-dhcp-ethernet.network.j2
\ No newline at end of file
--- a/roles/install_arch/templates/10-static-ethernet.network.j2
+++ b/roles/install_arch/templates/10-static-ethernet.network.j2
-../../common/templates/10-static-ethernet.network.j2
\ No newline at end of file
--- a/roles/networking/defaults/main.yml
+++ b/roles/networking/defaults/main.yml
+---
+chroot_path: ""
+network_interface: "en*"
--- a/roles/install_arch/files/hcloud-init
+++ b/roles/install_arch/files/hcloud-init
--- a/roles/install_arch/files/hcloud-init.service
+++ b/roles/install_arch/files/hcloud-init.service
@@ -10,6 +10,7 @@ Wants=systemd-networkd.service
 [Service]
 ExecStart=/usr/local/bin/hcloud-init
 Type=oneshot
+RemainAfterExit=yes
 StandardOutput=journal
 StandardError=journal

--- a/roles/networking/handlers/main.yml
+++ b/roles/networking/handlers/main.yml
+---
+- name: restart networkd
+  systemd:
+    name: systemd-networkd
+    state: restarted
+    daemon_reload: true
+  when: chroot_path | length == 0
--- a/roles/networking/tasks/main.yml
+++ b/roles/networking/tasks/main.yml
+---
+- name: configure network (static)
+  template: src=10-static-ethernet.network.j2 dest={{ chroot_path }}/etc/systemd/network/10-static-ethernet.network owner=root group=root mode=0644
+  notify:
+    - restart networkd
+  when: not dhcp|default(false)
+- name: configure network (dhcp)
+  template: src=10-dhcp-ethernet.network.j2 dest={{ chroot_path }}/etc/systemd/network/10-dhcp-ethernet.network owner=root group=root mode=0644
+  notify:
+    - restart networkd
+  when: dhcp|default(false)
+- name: create symlink to resolv.conf
+  file: src=/run/systemd/resolve/stub-resolv.conf dest={{ chroot_path }}/etc/resolv.conf state=link force=yes follow=no owner=root group=root
+- name: install hcloud-init
+  copy: src=hcloud-init dest={{ chroot_path }}/usr/local/bin/hcloud-init owner=root group=root mode=0755
+  when: "'hcloud' in group_names or inventory_hostname == 'packer-base-image'"
+- name: install hcloud-init.service
+  copy: src=hcloud-init.service dest={{ chroot_path }}/etc/systemd/system/hcloud-init.service owner=root group=root mode=0644
+  when: "'hcloud' in group_names or inventory_hostname == 'packer-base-image'"
+- name: enable hcloud-init inside chroot
+  command: chroot {{ chroot_path }} systemctl enable hcloud-init
+  register: chroot_systemd_services
+  changed_when: "chroot_systemd_services.rc == 0"
+  when: chroot_path | length != 0 and ("'hcloud' in group_names or inventory_hostname == 'packer-base-image'")
+- name: start and enable hcloud-init
+  service: name=hcloud-init daemon_reload=yes state=started enabled=yes
+  when: chroot_path | length == 0
+- name: start and enable networkd
+  service: name=systemd-networkd state=started enabled=yes
+  when: chroot_path | length == 0
+- name: start and enable resolved
+  service: name=systemd-resolved state=started enabled=yes
+  when: chroot_path | length == 0
--- a/roles/common/templates/10-dhcp-ethernet.network.j2
+++ b/roles/common/templates/10-dhcp-ethernet.network.j2
--- a/roles/common/templates/10-static-ethernet.network.j2
+++ b/roles/common/templates/10-static-ethernet.network.j2
@@ -2,9 +2,6 @@
 Name={{ network_interface }}
 [Network]
-{% for server in dns_servers %}
-DNS={{server}}
-{% endfor %}
 Gateway={{ ipv4_gateway }}
 {% if ipv6_gateway is defined %}
 Gateway={{ ipv6_gateway }}

--- a/roles/common/templates/resolv.conf.j2
+++ b/roles/common/templates/resolv.conf.j2