From 487e41c05879d74f7c17a36434ed2854b899e9da Mon Sep 17 00:00:00 2001
From: Ethan Paul <e@enp.one>
Date: Sat, 6 Nov 2021 00:33:41 -0400
Subject: [PATCH] Add networkd configuration to server role

Update inventory with necessary networking settings
---
 inventory.yaml                    | 39 +++++++++---
 roles/server/tasks/main.yaml      |  4 ++
 roles/server/tasks/networkd.yaml  | 99 +++++++++++++++++++++++++++++++
 roles/server/templates/netdev.j2  | 18 ++++++
 roles/server/templates/network.j2 | 32 ++++++++++
 5 files changed, 185 insertions(+), 7 deletions(-)
 create mode 100644 roles/server/tasks/networkd.yaml
 create mode 100644 roles/server/templates/netdev.j2
 create mode 100644 roles/server/templates/network.j2

diff --git a/inventory.yaml b/inventory.yaml
index d4fdb84..c751e5e 100644
--- a/inventory.yaml
+++ b/inventory.yaml
@@ -42,28 +42,50 @@ en1:
           skylab_cluster:
             address: 10.42.101.10/24
             interface: bond0
+          skylab_networking:
+            hostname: pegasus.skylab.enp.one
+            dns: [10.42.101.1]
+            gateway: 10.42.101.1/24
+            interfaces:
+              eno1:
+                bond: bond0
+              eno2:
+                bond: bond0
+              bond0:
+                type: bond
+                addresses:
+                  - 10.42.101.100/24
+                  - 192.168.255.255/32
+                dhcp: false
+              bond0.99:
+                type: vlan
+                addresses: [192.168.42.10/24]
+                dhcp: false
 
         saturn:  # remus
           ansible_host: 10.42.101.110
           skylab_description: Operational Node
           skylab_cluster:
-            address: 10.42.101.110/24
+            address: 10.42.101.11/24
             interface: bond0
           skylab_networking:
             hostname: saturn.skylab.enp.one
             dns: [10.42.101.1]
             gateway: 10.42.101.1/24
             interfaces:
+              eno1:
+                bond: bond0
+              eno2:
+                bond: bond0
               bond0:
                 type: bond
-                members: [eno1, eno2]
                 addresses:
-                  - 10.42.101.11/24
                   - 10.42.101.110/24
+                  - 192.168.255.255/32
                 dhcp: false
               bond0.99:
                 type: vlan
-                address: 192.168.42.20/24
+                addresses: [192.168.42.20/24]
                 dhcp: false
 
         orion:  # romulus
@@ -77,16 +99,19 @@ en1:
             dns: [10.42.101.1]
             gateway: 10.42.101.1/24
             interfaces:
+              eno1:
+                bond: bond0
+              eno2:
+                bond: bond0
               bond0:
                 type: bond
-                members: [eno1, eno2]
                 addresses:
-                  - 10.42.101.12/24
                   - 10.42.101.120/24
+                  - 192.168.255.255/32
                 dhcp: false
               bond0.99:
                 type: vlan
-                address: 192.168.42.30/24
+                addresses: [192.168.42.30/24]
                 dhcp: false
 
 en2:
diff --git a/roles/server/tasks/main.yaml b/roles/server/tasks/main.yaml
index e2fe4c1..bf3c474 100644
--- a/roles/server/tasks/main.yaml
+++ b/roles/server/tasks/main.yaml
@@ -4,3 +4,7 @@
 
 - name: Configure SSH server
   ansible.builtin.import_tasks: sshd.yaml
+
+- name: Configure network settings
+  when: skylab_networking is defined
+  ansible.builtin.include_tasks: networkd.yaml
diff --git a/roles/server/tasks/networkd.yaml b/roles/server/tasks/networkd.yaml
new file mode 100644
index 0000000..b563874
--- /dev/null
+++ b/roles/server/tasks/networkd.yaml
@@ -0,0 +1,99 @@
+---
+- name: Install systemd-networkd on Rocky
+  become: true
+  ansible.builtin.dnf:
+    name: systemd-networkd
+    state: present
+
+- name: Ensure network config directory exists
+  ansible.builtin.file:
+    path: /etc/systemd/network
+    state: directory
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Create network files
+  become: true
+  ansible.builtin.template:
+    src: network.j2
+    dest: /etc/systemd/network/{{ item.key }}.network
+    mode: 0644
+    owner: root
+    group: "{{ ansible_user }}"
+  loop: "{{ skylab_networking.interfaces | dict2items }}"
+
+- name: Create netdev files
+  become: true
+  when: item.kind is defined
+  ansible.builtin.template:
+    src: netdev.j2
+    dest: /etc/systemd/network/{{ item.key }}.netdev
+    mode: 0644
+    owner: root
+    group: "{{ ansible_user }}"
+  loop: "{{ skylab_networking.interfaces | dict2items }}"
+
+- name: Fetch existing network config directory contents
+  become: true
+  changed_when: false
+  ansible.builtin.command:
+    cmd: /usr/bin/ls /etc/systemd/network
+  register: _network_config_dir_raw
+
+- name: Remove legacy network config files
+  become: true
+  when: item.strip().replace('.netdev', '').replace('.network', '') not in skylab_networking.interfaces
+  ansible.builtin.file:
+    path: /etc/systemd/network/{{ item }}
+    state: absent
+  loop: "{{ _network_config_dir_raw.stdout.split(' ') }}"
+
+- name: Configure fallback DNS
+  become: true
+  ansible.builtin.lineinfile:
+    path: /etc/systemd/resolved.conf
+    create: false
+    line: FallbackDNS=
+
+- name: Enable systemd-networkd
+  become: true
+  ansible.builtin.systemd:
+    name: "{{ item }}"
+    enabled: true
+  loop:
+    - systemd-networkd
+    - systemd-networkd-wait-online
+    - systemd-resolved
+
+- name: Disable NetworkManager
+  become: true
+  ansible.builtin.systemd:
+    name: "{{ item }}"
+    enabled: false
+  loop:
+    - NetworkManager
+    - NetworkManager-wait-online
+
+- name: Start systemd-resolved to enable symlink creation
+  become: true
+  ansible.builtin.systemd:
+    name: systemd-resolved
+    state: started
+
+- name: Link system resolv.conf to systemd-resolved
+  become: true
+  ansible.builtin.file:
+    dest: /etc/resolv.conf
+    src: /run/systemd/resolve/resolv.conf
+    state: link
+    force: true
+    setype: net_conf_t
+
+- name: Link systemd-resolved to multi-user target
+  become: true
+  ansible.builtin.file:
+    dest: /etc/systemd/system/multi-user.target.wants/systemd-resolved.service
+    src: /usr/lib/systemd/system/systemd-resolved.service
+    state: link
+    force: true
diff --git a/roles/server/templates/netdev.j2 b/roles/server/templates/netdev.j2
new file mode 100644
index 0000000..08e679e
--- /dev/null
+++ b/roles/server/templates/netdev.j2
@@ -0,0 +1,18 @@
+# ANSIBLE MANAGED FILE - DO NOT MANUALLY EDIT
+#
+[NetDev]
+Name={{ item.key }}
+type={{ item.value.type }}
+
+{% if item.value.type.lower() == 'bond' %}
+[Bond]
+Mode={{ item.value.bond_mode | default('balance-rr') }}
+PrimaryReselectPolicy=always
+MIIMonitorSec=1s
+{% endif %}
+{% if item.value.type.lower() == 'vlan' %}
+[VLAN]
+Id={{ item.key.partition('.')[2] }}
+{% endif %}
+
+# EOF
diff --git a/roles/server/templates/network.j2 b/roles/server/templates/network.j2
new file mode 100644
index 0000000..93cee6d
--- /dev/null
+++ b/roles/server/templates/network.j2
@@ -0,0 +1,32 @@
+# ANSIBLE MANAGED FILE - DO NOT EDIT
+#
+[Match]
+Name={{ item.key }}
+
+[Network]
+DHCP={{ "Yes" if item.value.dhcp | default(false) else "No" }}
+IPv6AcceptRA=No
+{% if item.value.dns is defined %}
+{% for server in item.value.dns %}
+DNS={{ server }}
+{% endfor %}
+{% endif %}
+{% if item.value.bond is defined %}
+Bond={{ item.value.bond }}
+{% endif %}
+
+{% if item.value.dhcp | default(false) %}
+Gateway={{ item.value.gateway | ansible.netcommon.ipaddr('address') }}
+{% for address in item.value.addresses %}
+Address={{ address | ansible.netcommon.ipaddr('host/prefix') }}
+{% endfor %}
+{% endif %}
+
+
+{% for interface in skylab_networking.interfaces.keys() %}
+{% if interface.startswith(item.key) and interface.partition('.')[2] | number %}
+VLAN={{ interface }}
+{% endif %}
+{% endfor %}
+
+# EOF