|
28 | 28 | mode: "0644" |
29 | 29 | create: true |
30 | 30 |
|
31 | | - - name: Configure connection profile and specify the numeric table in |
32 | | - static routes |
33 | | - import_role: |
34 | | - name: linux-system-roles.network |
35 | | - vars: |
36 | | - network_connections: |
37 | | - - name: "{{ interface }}" |
38 | | - interface_name: "{{ interface }}" |
39 | | - state: up |
40 | | - type: ethernet |
41 | | - autoconnect: true |
42 | | - ip: |
43 | | - dhcp4: false |
44 | | - address: |
45 | | - - 198.51.100.3/26 |
46 | | - - 2001:db8::2/32 |
47 | | - route: |
48 | | - - network: 198.51.100.64 |
49 | | - prefix: 26 |
50 | | - gateway: 198.51.100.6 |
51 | | - metric: 4 |
52 | | - table: 30200 |
53 | | - - network: 198.51.100.128 |
54 | | - prefix: 26 |
55 | | - gateway: 198.51.100.1 |
56 | | - metric: 2 |
57 | | - table: 30400 |
58 | | - - network: 2001:db8::4 |
59 | | - prefix: 32 |
60 | | - gateway: 2001:db8::1 |
61 | | - metric: 2 |
62 | | - table: 30600 |
63 | | - routing_rule: |
64 | | - - priority: 30200 |
65 | | - from: 198.51.100.58/26 |
66 | | - table: 30200 |
67 | | - - priority: 30201 |
68 | | - family: ipv4 |
69 | | - fwmark: 1 |
70 | | - fwmask: 1 |
71 | | - table: 30200 |
72 | | - - priority: 30202 |
73 | | - family: ipv4 |
74 | | - ipproto: 6 |
75 | | - table: 30200 |
76 | | - - priority: 30203 |
77 | | - family: ipv4 |
78 | | - sport: 128 - 256 |
79 | | - table: 30200 |
80 | | - - priority: 30204 |
81 | | - family: ipv4 |
82 | | - tos: 8 |
83 | | - table: 30200 |
84 | | - - priority: 30400 |
85 | | - to: 198.51.100.128/26 |
86 | | - table: 30400 |
87 | | - - priority: 30401 |
88 | | - family: ipv4 |
89 | | - iif: iiftest |
90 | | - table: 30400 |
91 | | - - priority: 30402 |
92 | | - family: ipv4 |
93 | | - oif: oiftest |
94 | | - table: 30400 |
95 | | - - priority: 30403 |
96 | | - from: 0.0.0.0/0 |
97 | | - to: 0.0.0.0/0 |
98 | | - table: 30400 |
99 | | - - priority: 30600 |
100 | | - to: 2001:db8::4/32 |
101 | | - table: 30600 |
102 | | - - priority: 30601 |
103 | | - family: ipv6 |
104 | | - dport: 128 - 256 |
105 | | - invert: true |
106 | | - table: 30600 |
107 | | - - priority: 30602 |
108 | | - from: ::/0 |
109 | | - to: ::/0 |
110 | | - table: 30600 |
111 | | - - priority: 200 |
112 | | - from: 198.51.100.56/26 |
113 | | - table: custom |
| 31 | + - name: Set __network_end_play variable |
| 32 | + set_fact: |
| 33 | + __network_end_play: false |
| 34 | + |
| 35 | + - name: Configure routes and routing rules with error handling |
| 36 | + block: |
| 37 | + - name: Configure connection profile and specify the numeric table in |
| 38 | + static routes |
| 39 | + import_role: |
| 40 | + name: linux-system-roles.network |
| 41 | + vars: |
| 42 | + network_connections: |
| 43 | + - name: "{{ interface }}" |
| 44 | + interface_name: "{{ interface }}" |
| 45 | + state: up |
| 46 | + type: ethernet |
| 47 | + autoconnect: true |
| 48 | + ip: |
| 49 | + dhcp4: false |
| 50 | + address: |
| 51 | + - 198.51.100.3/26 |
| 52 | + - 2001:db8::2/32 |
| 53 | + route: |
| 54 | + - network: 198.51.100.64 |
| 55 | + prefix: 26 |
| 56 | + gateway: 198.51.100.6 |
| 57 | + metric: 4 |
| 58 | + table: 30200 |
| 59 | + - network: 198.51.100.128 |
| 60 | + prefix: 26 |
| 61 | + gateway: 198.51.100.1 |
| 62 | + metric: 2 |
| 63 | + table: 30400 |
| 64 | + - network: 2001:db8::4 |
| 65 | + prefix: 32 |
| 66 | + gateway: 2001:db8::1 |
| 67 | + metric: 2 |
| 68 | + table: 30600 |
| 69 | + routing_rule: |
| 70 | + - priority: 30200 |
| 71 | + from: 198.51.100.58/26 |
| 72 | + table: 30200 |
| 73 | + - priority: 30201 |
| 74 | + family: ipv4 |
| 75 | + fwmark: 1 |
| 76 | + fwmask: 1 |
| 77 | + table: 30200 |
| 78 | + - priority: 30202 |
| 79 | + family: ipv4 |
| 80 | + ipproto: 6 |
| 81 | + table: 30200 |
| 82 | + - priority: 30203 |
| 83 | + family: ipv4 |
| 84 | + sport: 128 - 256 |
| 85 | + table: 30200 |
| 86 | + - priority: 30204 |
| 87 | + family: ipv4 |
| 88 | + tos: 8 |
| 89 | + table: 30200 |
| 90 | + - priority: 30205 |
| 91 | + uid: 2000 - 3000 |
| 92 | + family: ipv4 |
| 93 | + table: 30200 |
| 94 | + - priority: 30206 |
| 95 | + suppress_prefixlength: 8 |
| 96 | + family: ipv4 |
| 97 | + table: 30200 |
| 98 | + - priority: 30400 |
| 99 | + to: 198.51.100.128/26 |
| 100 | + table: 30400 |
| 101 | + - priority: 30401 |
| 102 | + family: ipv4 |
| 103 | + iif: iiftest |
| 104 | + table: 30400 |
| 105 | + - priority: 30402 |
| 106 | + family: ipv4 |
| 107 | + oif: oiftest |
| 108 | + table: 30400 |
| 109 | + - priority: 30403 |
| 110 | + from: 0.0.0.0/0 |
| 111 | + to: 0.0.0.0/0 |
| 112 | + table: 30400 |
| 113 | + - priority: 30600 |
| 114 | + to: 2001:db8::4/32 |
| 115 | + table: 30600 |
| 116 | + - priority: 30601 |
| 117 | + family: ipv6 |
| 118 | + dport: 128 - 256 |
| 119 | + invert: true |
| 120 | + table: 30600 |
| 121 | + - priority: 30602 |
| 122 | + from: ::/0 |
| 123 | + to: ::/0 |
| 124 | + table: 30600 |
| 125 | + - priority: 30603 |
| 126 | + uid: 6000 - 8000 |
| 127 | + family: ipv6 |
| 128 | + table: 30600 |
| 129 | + - priority: 30604 |
| 130 | + suppress_prefixlength: 24 |
| 131 | + family: ipv6 |
| 132 | + table: 30600 |
| 133 | + - priority: 200 |
| 134 | + from: 198.51.100.56/26 |
| 135 | + table: custom |
| 136 | + |
| 137 | + rescue: |
| 138 | + - name: Assert that the routing rule attribute 'suppress_prefixlength' |
| 139 | + validation failure is not raised when the distro's major version is 7 |
| 140 | + assert: |
| 141 | + that: |
| 142 | + - __network_connections_result.stderr is search("the routing rule |
| 143 | + selector 'suppress_prefixlength' is not supported in NetworkManger |
| 144 | + until NM 1.20") |
| 145 | + msg: The routing rule attribute 'suppress_prefixlength' validation |
| 146 | + failure is not raised when the distro's major version is 7 |
| 147 | + when: ansible_distribution_major_version == "7" |
| 148 | + |
| 149 | + - name: Clear errors |
| 150 | + meta: clear_host_errors |
| 151 | + |
| 152 | + - name: Reset __network_end_play variable |
| 153 | + set_fact: |
| 154 | + __network_end_play: true |
| 155 | + |
| 156 | + - name: Force playbook end earlier after rescue |
| 157 | + meta: end_play |
| 158 | + |
114 | 159 | # the routing rule selector sport and ipproto are not supported by iproute |
115 | 160 | # since v4.17.0, and the iproute installed in CentOS-7 and RHEL-7 is |
116 | 161 | # v4.11.0 |
|
168 | 213 | 128-256 lookup 30200") |
169 | 214 | - route_rule_table_30200.stdout is search("30204:(\s+)from all tos |
170 | 215 | (0x08|throughput) lookup 30200") |
| 216 | + - route_rule_table_30200.stdout is search("30205:(\s+)from all |
| 217 | + uidrange 2000-3000 lookup 30200") |
| 218 | + - route_rule_table_30200.stdout is search("30206:(\s+)from all lookup |
| 219 | + 30200 suppress_prefixlength 8") |
171 | 220 | msg: "the routing rule with table lookup 30200 does not match the |
172 | 221 | specified rule" |
173 | 222 | when: ansible_distribution_major_version != "7" |
|
194 | 243 | 2001:db8::4/32 lookup 30600") |
195 | 244 | - route_rule_table_30600.stdout is search("30601:(\s+)not from all |
196 | 245 | dport 128-256 lookup 30600") |
| 246 | + - route_rule_table_30600.stdout is search("30603:(\s+)from all |
| 247 | + uidrange 6000-8000 lookup 30600") |
| 248 | + - route_rule_table_30600.stdout is search("30604:(\s+)from all |
| 249 | + lookup 30600 suppress_prefixlength 24") |
197 | 250 | msg: "the routing rule with table lookup 30600 does not match the |
198 | 251 | specified rule" |
199 | 252 | when: ansible_distribution_major_version != "7" |
|
222 | 275 | 0.0.0.0/0 sport 128-256 table 30200") |
223 | 276 | - connection_route_rule.stdout is search("priority 30204 from |
224 | 277 | 0.0.0.0/0 tos 0x08 table 30200") |
| 278 | + - connection_route_rule.stdout is search("priority 30205 from |
| 279 | + 0.0.0.0/0 uidrange 2000-3000 table 30200") |
| 280 | + - connection_route_rule.stdout is search("priority 30206 from |
| 281 | + 0.0.0.0/0 suppress_prefixlength 8 table 30200") |
225 | 282 | - connection_route_rule.stdout is search("priority 30400 to |
226 | 283 | 198.51.100.128/26 table 30400") |
227 | 284 | - connection_route_rule.stdout is search("priority 30401 from |
|
247 | 304 | ::/0 dport 128-256 table 30600") |
248 | 305 | - connection_route_rule6.stdout is search("priority 30602 from |
249 | 306 | ::/0 table 30600") |
| 307 | + - connection_route_rule6.stdout is search("priority 30603 from |
| 308 | + ::/0 uidrange 6000-8000 table 30600") |
| 309 | + - connection_route_rule6.stdout is search("priority 30604 from |
| 310 | + ::/0 suppress_prefixlength 24 table 30600") |
250 | 311 | msg: "the specified IPv6 routing rule was not configured in the |
251 | 312 | connection '{{ interface }}'" |
252 | 313 |
|
| 314 | +- name: Remove profile and device, assert device and profile are absent |
| 315 | + hosts: all |
| 316 | + tasks: |
253 | 317 | - name: Remove the dedicated test file in `/etc/iproute2/rt_tables.d/` |
254 | 318 | file: |
255 | 319 | state: absent |
256 | 320 | path: /etc/iproute2/rt_tables.d/table.conf |
257 | | - |
258 | | -- name: Import the playbook 'down_profile+delete_interface.yml' |
259 | | - import_playbook: down_profile+delete_interface.yml |
260 | | - vars: |
261 | | - profile: "{{ interface }}" |
262 | | -# FIXME: assert profile/device down |
263 | | -- name: Import the playbook 'remove_profile.yml' |
264 | | - import_playbook: remove_profile.yml |
265 | | - vars: |
266 | | - profile: "{{ interface }}" |
267 | | -- name: Assert device and profile are absent |
268 | | - hosts: all |
269 | | - tasks: |
| 321 | + - name: Include the task 'remove+down_profile.yml' |
| 322 | + include_tasks: tasks/remove+down_profile.yml |
| 323 | + vars: |
| 324 | + profile: "{{ interface }}" |
| 325 | + when: not __network_end_play | d(false) |
| 326 | + - name: Include the task 'delete_interface.yml' |
| 327 | + include_tasks: tasks/delete_interface.yml |
270 | 328 | - name: Include the task 'assert_profile_absent.yml' |
271 | 329 | include_tasks: tasks/assert_profile_absent.yml |
272 | 330 | vars: |
|
0 commit comments