xbazzi/ansible-on-prem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ansible-on-prem/roles/server/network/tasks/main.yml
xbazzi e7ba86f10a
All checks were successful
Simple Mirror to GitHub / mirror (push) Successful in 35s
Details
Feat: add scylladb + a bunch of stuff I forgot to commit earlier
2025-08-21 23:43:52 -06:00

163 lines
4.2 KiB
YAML
Raw Blame History

---
##### Firewall pre-requisites #####
# - name: Enable and start firewalld
# ansible.builtin.systemd:
# name: firewalld
# enabled: yes
# state: started
# - name: firewall-cmd --get-zones
# ansible.builtin.command: firewall-cmd --get-zones
# register: firewalld_zones
# - name: firewall-cmd --get-active-zones
# ansible.builtin.command: firewall-cmd --get-active-zones
# register: firewalld_zones
# - name: Check existing zones
# ansible.builtin.debug:
# var: firewalld_zones.stdout
# - name: Create firewalld core zone
# ansible.posix.firewalld:
# zone: core
# state: present
# permanent: true
# - name: Create firewalld mgmt zone
# ansible.posix.firewalld:
# zone: mgmt
# state: present
# permanent: true
# - name: Create firewalld dmz zone
# ansible.posix.firewalld:
# zone: dmz
# state: present
# permanent: true
# - name: Reload firewalld to apply changes
# ansible.builtin.command: firewall-cmd --reload
# - name: Enable ssh rule in core
# ansible.posix.firewalld:
# zone: core
# service: ssh
# state: enabled
# permanent: true
# - name: Enable ssh rule in mgmt
# ansible.posix.firewalld:
# zone: mgmt
# service: ssh
# state: enabled
# permanent: true
# - name: Reload firewalld to apply changes
# ansible.builtin.command: firewall-cmd --reload
#### Network config ####
- name: Enable and start systemd-networkd
ansible.builtin.systemd:
name: systemd-networkd
enabled: true
state: started
- name: Ensure systemd-networkd directories exist
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: root
group: root
mode: '0755'
loop:
- /etc/systemd/network
- /etc/systemd/networkd.conf.d
- name: Rename default network interface via .link files
ansible.builtin.template:
src: rename-default-dev.link.j2
dest: "/etc/systemd/network/1-rename-{{ default_interface.ifname }}-to-{{ default_interface.name }}.link"
owner: root
group: root
mode: '0644'
notify: Trigger udev for new interface names
- name: Rename network interfaces via .link files
ansible.builtin.template:
src: rename-auxiliary-dev.link.j2
dest: "/etc/systemd/network/1-rename-{{ item.ifname }}-to-{{ item.name }}.link"
owner: root
group: root
mode: '0644'
loop: "{{ network_interfaces }}"
notify: Trigger udev for new interface names
- name: Generate default interface .network file
ansible.builtin.template:
src: default-interface.network.j2
dest: "/etc/systemd/network/{{ default_interface.prefix }}-{{ default_interface.ifname }}-{{ default_interface.name }}.network"
owner: root
group: root
mode: '0644'
notify: Restart systemd-networkd
- name: Generate auxiliary interfaces .network files
ansible.builtin.template:
src: auxiliary-interface.network.j2
dest: "/etc/systemd/network/{{ item.prefix }}-{{ item.ifname }}-{{ item.name }}.network"
owner: root
group: root
mode: '0644'
loop: "{{ network_interfaces }}"
notify: Restart systemd-networkd
# - name: Deploy .network files
# ansible.builtin.copy:
# src: "files/network/{{ item }}"
# dest: "/etc/systemd/network/{{ item }}"
# owner: root
# group: root
# mode: '0644'
# loop:
# - 10-ens18-core.network
# - 20-ens19-mgmt.network
# - 30-ens20-dmz.network
# notify: Restart systemd-networkd
- name: Deploy systemd-networkd global .conf files
ansible.builtin.copy:
src: "files/networkd.conf.d/{{ item }}"
dest: "/etc/systemd/networkd.conf.d/{{ item }}"
owner: root
group: root
mode: '0644'
loop:
- 10-routes.conf
notify: Restart systemd-networkd
- name: Ensure networking is disabled
ansible.builtin.systemd_service:
name: networking
masked: true
enabled: false
state: stopped
ignore_errors: true
- name: Ensure NetworkManager is disabled
ansible.builtin.systemd_service:
name: NetworkManager
masked: true
enabled: false
state: stopped
ignore_errors: true
- name: Ensure NetworkManager-wait-online is disabled
ansible.builtin.systemd_service:
name: NetworkManager-wait-online
masked: true
enabled: false
state: stopped
ignore_errors: true
Reference in New Issue View Git Blame Copy Permalink