Add network configuration magic :-)

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>

network/ifupdown2.conf

@@ -0,0 +1,64 @@
+#
+# ifupdown2 configuration file
+#
+# This file contains default settings for ifupdown
+#
+
+# enable templates
+template_enable=0
+
+# default template engine (only mako is currently supported)
+template_engine=mako
+
+# default template lookup path during template rendering
+template_lookuppath=/etc/network/ifupdown2/templates
+
+# Support /etc/network/if-*/ scripts
+addon_scripts_support=0
+
+# By default ifupdown2 only supports a single vlan filtering bridge
+# on the system. Set this flag to 1 to support multiple vlan
+# filtering bridges
+multiple_vlan_aware_bridge_support=0
+
+# ifquery check status strings.
+# By default `ifquery --check` prints the check and
+# cross marks against interface attributes.
+# Use the below strings to modify the default behaviour.
+#
+ifquery_check_success_str=[ OK ]
+ifquery_check_error_str=[FAIL]
+ifquery_check_unknown_str=
+#
+
+# This attribute controls iface/vlan range expansions
+# in ifquery default output.
+ifquery_ifacename_expand_range=0
+
+# Let link master (bridges, bonds) own the link state of slaves
+link_master_slave=1
+
+# Delay admin state change till the end
+delay_admin_state_change=0
+
+# ifreload by default downs: 'all interfaces for which config changed' +
+# 'interfaces that were deleted'. With the below variable set to '0'
+# ifreload will only down 'interfaces that were deleted'
+ifreload_down_changed=0
+
+# enable addon module syntax check:
+# Python addon modules register dictionary of supported attributes.
+# The syntax checker in ifupdown2 uses this dictionary for syntax
+# checks in the interfaces file. This works well, when only python modules
+# are used. But when a mix of scripts and modules are used (which is the
+# default case), you may get false warnings for attributes supported
+# by scripts
+addon_syntax_check=0
+
+# Support executing of ifupdown style scripts.
+# Note that by default python addon modules override scripts with the same
+# name
+addon_scripts_support=1
+
+# enable python addons
+addon_python_modules_support=1

network/init.sls

@@ -0,0 +1,39 @@
+#
+# Networking
+#
+
+include:
+  - apt
+  - network.interfaces
+
+network-pkg:
+  pkg.installed:
+    - pkgs:
+      - bridge-utils
+      - vlan
+      - tcpdump
+      - mtr-tiny
+      - iperf
+      - vnstat
+      - host
+      - dnsutils
+      - ipv6calc
+    - require_in:
+      - file: /etc/network/interfaces
+#    - require:
+#      - APT-FFHO
+
+iproute2:
+  pkg.latest
+
+# Udev rules
+/etc/udev/rules.d/42-ffho-net.rules:
+  file.managed:
+    - template: jinja
+    - source: salt://network/udev-rules.tmpl
+
+
+# /etc/resolv.conf
+/etc/resolv.conf:
+  file.managed:
+    - source: salt://network/resolv.conf

network/interfaces/init.sls

@@ -0,0 +1,33 @@
+#
+# /etc/network/interfaces
+#
+
+ifupdown2:
+  pkg.installed
+
+
+# ifupdown2 configuration
+/etc/network/ifupdown2/ifupdown2.conf:
+  file.managed:
+    - source: salt://network/ifupdown2.conf
+    - require:
+      - pkg: ifupdown2
+
+
+# Write network configuration
+/etc/network/interfaces:
+ file.managed:
+    - template: jinja
+    - source: salt://network/interfaces/interfaces.tmpl
+    - require:
+      - pkg: ifupdown2
+
+
+# Reload interface configuration if neccessary
+ifreload:
+  cmd.wait:
+    - name: /sbin/ifreload -a
+    - watch:
+      - file: /etc/network/interfaces
+    - require:
+      - file: /etc/network/ifupdown2/ifupdown2.conf

network/interfaces/interfaces.tmpl

@@ -0,0 +1,100 @@
+#
+# /etc/network/interfaces (Salt managed)
+#
+
+{%- set node_config = salt['pillar.get']('nodes:' ~ grains['id'], {}) %}
+{%- set node_id = grains['id'] %}
+{%- set sites_config = salt['pillar.get']('sites', {}) %}
+
+#source /etc/network/interfaces.d/*
+
+{#
+ # Configure any secondary IPs / router_id / infra-srv IPs on loopback, if present
+ #}
+{%- set lo_prefixes = salt['pillar.get']('nodes:' ~ grains['id'] ~ ':ifaces:lo:prefixes', []) %}
+
+{#- Add user/infra-srv VPN IPs, too #}
+{%- for vpn in ['user-srv', 'infra-srv'] %}
+  {#- COMPATIBILITY GLUE #}
+  {%- for prefix in salt['pillar.get']("tinc:" ~ vpn ~ ":" ~ grains['nodename'] ~ ":subnet", []) %}
+    {%- do lo_prefixes.append (prefix) %}
+  {%- endfor %}
+  {%- for prefix in salt['pillar.get']("tinc:" ~ vpn ~ ":" ~ grains['id'] ~ ":subnet", []) %}
+    {%- do lo_prefixes.append (prefix) %}
+  {%- endfor %}
+{%- endfor %}
+# The loopback network interface
+auto lo
+iface lo
+{%- for prefix in lo_prefixes %}
+  {%- set mask = '128' if ':' in prefix else '32' %}
+  {%- set prefix = prefix if '/' in prefix else prefix ~ '/' ~ mask %}
+	address {{ prefix }}
+{%- endfor %}
+
+
+{#
+ # Special static config for this node?
+{%- set host_config_file = "network/interfaces/hosts/" ~ node_id ~ ".cfg" %}
+{%- include host_config_file ignore missing %}
+ #}
+
+
+{#
+ # Set up ifaces dict with configured and generated interfaces.
+ #}
+{%- set ifaces = salt['ffho_net.get_interface_config'](node_config, sites_config) %}
+{%- for interface in ifaces|sort if interface not in ['lo'] %}
+  {%- set config = ifaces.get (interface) %}
+
+  {#- Let's go #}
+# {{ config.get ('desc', interface) }}
+  {%- if config.get ('auto', True) == True %}
+auto {{ interface }}
+  {%- endif %}
+  {%- if 'method' in config %}
+iface {{ interface }} inet {{ config.get ('method') }}
+  {%- else %}
+iface {{ interface }}
+  {%- endif %}
+  {#- Configure stuff for bonding, bridging, etc.? #}
+  {%- for feature in ['batman', 'bond', 'bridge', 'vlan', 'vxlan'] if feature in config %}
+    {%- set feature_config = config.get (feature) %}
+    {%- for opt in feature_config|sort %}
+	{{ opt }}	{{ feature_config.get (opt) }}
+    {%- endfor %}
+	#
+  {%- endfor %}
+
+  {#- Configure IP addresses #}
+  {%- for prefix in config.get ('prefixes', []) %}
+	address {{ prefix }}
+  {%- endfor %}
+
+  {#- Anything else... #}
+  {%- for keyword in config|sort %}
+    {%- set argument = config.get (keyword) %}
+    {%- if argument is none %}
+    {%- elif keyword.startswith ("_") %}
+    {%- elif keyword in [ 'auto', 'batman', 'bond', 'bridge', 'method', 'vlan', 'vxlan', 'desc', 'prefixes' ] %}
+    {%- elif argument is string or argument is number %}
+	{{ keyword }} {{ argument }}
+    {%- else %}
+      {%- for item in argument %}
+	{{ keyword }} {{ item }}
+      {%- endfor %}
+    {%- endif %}
+  {%- endfor %}
+{% endfor %}
+
+
+{#-
+ # OpenVPN VPNs (if any)
+ #}
+{%- include "network/interfaces/openvpn.tmpl" %}
+
+
+{#-
+ # Tinc VPNs (if any)
+ #}
+{#%- include "network/interfaces/tinc.tmpl" %#}

network/interfaces/openvpn.tmpl

@@ -0,0 +1,25 @@
+{#-
+ # OpenVPN VPNs (if any)
+ #}
+{%- set networks = [] %}
+{%- for netname, network in salt['pillar.get']('ovpn', {}).items () if grains['id'] in network %}
+  {%- do networks.append (netname) %}
+{%- endfor %}
+{%- for netname in networks|sort %}
+  {%- set network = salt['pillar.get']('ovpn:' ~ netname) %}
+  {%- set network_config = network.get ('config') %}
+  {%- set host_stanza = network.get (grains['id']) %}
+  {%- set host_config = host_stanza.get ('config', {}) %}
+
+#
+# {{ network_config.get ('_desc') }}
+  {%- set interface = host_config.get ('interface', network_config.get ('interface')) %}
+  {%- if network_config.get ('dev-type', 'tap') == 'tap' %}
+auto {{ interface }}
+iface {{ interface }}
+    {%- for ip in host_stanza.get ('ip', []) %}
+      {%- set netmask = network_config['netmask_v6'] if ':' in ip else network_config['netmask_v4'] %}
+	address {{ ip }}/{{ netmask }}
+    {%- endfor %}
+  {%- endif %} {#- dev-type tap #}
+{% endfor %} {#- network #}

network/resolv.conf

@@ -0,0 +1,5 @@
+#
+# /etc/resolv.conf (Salt managed)
+#
+search in.ffho.net
+nameserver 10.132.251.53

network/udev-rules.tmpl

@@ -0,0 +1,14 @@
+#
+# FFHO net rules (Salt managed)
+#
+
+{%- set host_config_file = "network/udev-rules/" + grains['nodename'] + ".rules" %}
+{% include host_config_file ignore missing %}
+
+{%- for iface, iface_config in salt['pillar.get']('nodes:' ~ grains['id'] ~ ':ifaces', {}).items () %}
+  {%- if '_udev_mac' in iface_config %}
+# {{ iface_config.get ('desc', '') }}
+SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="{{ iface_config.get ('_udev_mac') }}", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="{{ iface }}"
+
+  {%- endif %}
+{%- endfor %}