Saltstack Official Linux Formula

457 lines
13KB

  1. {%- from "linux/map.jinja" import network with context %}
  2. {%- from "linux/map.jinja" import system with context %}
  3. {%- if network.enabled %}
  4. {%- set dpdk_enabled = network.get('dpdk', {}).get('enabled', False) %}
  5. {%- if dpdk_enabled %}
  6. include:
  7. - linux.network.dpdk
  8. {%- endif %}
  9. {%- macro set_param(param_name, param_dict) -%}
  10. {%- if param_dict.get(param_name, False) -%}
  11. - {{ param_name }}: {{ param_dict[param_name] }}
  12. {%- endif -%}
  13. {%- endmacro -%}
  14. {%- if network.bridge != 'none' %}
  15. linux_network_bridge_pkgs:
  16. pkg.installed:
  17. {%- if network.bridge == 'openvswitch' %}
  18. - pkgs: {{ network.ovs_pkgs }}
  19. {%- else %}
  20. - pkgs: {{ network.bridge_pkgs }}
  21. {%- endif %}
  22. {%- endif %}
  23. {%- for f in network.get('concat_iface_files', []) %}
  24. {%- if salt['file.file_exists'](f.src) %}
  25. append_{{ f.src }}_{{ f.dst }}:
  26. file.append:
  27. - name: {{ f.dst }}
  28. - source: {{ f.src }}
  29. remove_appended_{{ f.src }}:
  30. file.absent:
  31. - name: {{ f.src }}
  32. {%- endif %}
  33. {%- endfor %}
  34. {%- for f in network.get('remove_iface_files', []) %}
  35. remove_iface_file_{{ f }}:
  36. file.absent:
  37. - name: {{ f }}
  38. {%- endfor %}
  39. {%- if network.interface is defined %}
  40. remove_cloud_init_file:
  41. file.absent:
  42. - name: /etc/network/interfaces.d/50-cloud-init.cfg
  43. {%- endif %}
  44. {%- for interface_name, interface in network.interface.items() %}
  45. {%- set interface_name = interface.get('name', interface_name) %}
  46. {# add linux network interface into OVS dpdk bridge #}
  47. {%- if interface.type == 'dpdk_ovs_bridge' %}
  48. {%- for int_name, int in network.interface.items() %}
  49. {%- set int_name = int.get('name', int_name) %}
  50. {%- if int.ovs_bridge is defined and interface_name == int.ovs_bridge %}
  51. add_int_{{ int_name }}_to_ovs_dpdk_bridge_{{ interface_name }}:
  52. cmd.run:
  53. - unless: ovs-vsctl show | grep -w {{ int_name }}
  54. - name: ovs-vsctl{%- if network.ovs_nowait %} --no-wait{%- endif %} add-port {{ interface_name }} {{ int_name }}
  55. {%- endif %}
  56. {%- endfor %}
  57. {%- endif %}
  58. {# it is not used for any interface with type preffix dpdk,eg. dpdk_ovs_port #}
  59. {%- if interface.get('managed', True) and not 'dpdk' in interface.type %}
  60. {%- if grains.os_family in ['RedHat', 'Debian'] %}
  61. {%- if interface.type == 'ovs_bridge' %}
  62. ovs_bridge_{{ interface_name }}:
  63. openvswitch_bridge.present:
  64. - name: {{ interface_name }}
  65. {# add linux network interface into OVS bridge #}
  66. {%- for int_name, int in network.interface.items() %}
  67. {%- set int_name = int.get('name', int_name) %}
  68. {%- if int.ovs_bridge is defined and interface_name == int.ovs_bridge %}
  69. add_int_{{ int_name }}_to_ovs_bridge_{{ interface_name }}:
  70. cmd.run:
  71. - unless: ovs-vsctl show | grep {{ int_name }}
  72. - name: ovs-vsctl{%- if network.ovs_nowait %} --no-wait{%- endif %} add-port {{ interface_name }} {{ int_name }}
  73. {%- endif %}
  74. {%- endfor %}
  75. {%- elif interface.type == 'ovs_port' %}
  76. {%- if interface.get('port_type','internal') == 'patch' %}
  77. ovs_port_{{ interface_name }}:
  78. openvswitch_port.present:
  79. - name: {{ interface_name }}
  80. - bridge: {{ interface.bridge }}
  81. - require:
  82. {%- if dpdk_enabled and network.interface.get(interface.bridge, {}).get('type', 'ovs_bridge') == 'dpdk_ovs_bridge' %}
  83. - cmd: linux_network_dpdk_bridge_interface_{{ interface.bridge }}
  84. {%- else %}
  85. - openvswitch_bridge: ovs_bridge_{{ interface.bridge }}
  86. {%- endif %}
  87. ovs_port_set_type_{{ interface_name }}:
  88. cmd.run:
  89. - name: ovs-vsctl{%- if network.ovs_nowait %} --no-wait{%- endif %} set interface {{ interface_name }} type=patch
  90. - unless: ovs-vsctl show | grep -A 1 'Interface {{ interface_name }}' | grep patch
  91. ovs_port_set_peer_{{ interface_name }}:
  92. cmd.run:
  93. - name: ovs-vsctl{%- if network.ovs_nowait %} --no-wait{%- endif %} set interface {{ interface_name }} options:peer={{ interface.peer }}
  94. - unless: ovs-vsctl show | grep -A 2 'Interface {{ interface_name }}' | grep {{ interface.peer }}
  95. {% if interface.tag is defined %}
  96. ovs_port_set_tag_{{ interface_name }}:
  97. cmd.run:
  98. - name: ovs-vsctl{%- if network.ovs_nowait %} --no-wait{%- endif %} set port {{ interface_name }} tag={{ interface.tag }}
  99. - unless: ovs-vsctl get Port {{ interface_name }} tag | grep -Fx {{ interface.tag }}
  100. {%- endif %}
  101. {%- else %}
  102. linux_interfaces_include_{{ interface_name }}:
  103. file.prepend:
  104. - name: /etc/network/interfaces
  105. - text: |
  106. source /etc/network/interfaces.d/*
  107. # Workaround for Upstream-Bug: https://github.com/saltstack/salt/issues/40262
  108. source /etc/network/interfaces.u/*
  109. ovs_port_{{ interface_name }}:
  110. file.managed:
  111. - name: /etc/network/interfaces.u/ifcfg-{{ interface_name }}
  112. - makedirs: True
  113. - source: salt://linux/files/ovs_port
  114. - defaults:
  115. port: {{ interface|yaml }}
  116. port_name: {{ interface_name }}
  117. - template: jinja
  118. ovs_port_{{ interface_name }}_line1:
  119. file.replace:
  120. - name: /etc/network/interfaces
  121. - pattern: auto {{ interface_name }}$
  122. - repl: ""
  123. ovs_port_{{ interface_name }}_line2:
  124. file.replace:
  125. - name: /etc/network/interfaces
  126. - pattern: 'iface {{ interface_name }} inet .*'
  127. - repl: ""
  128. ovs_port_up_{{ interface_name }}:
  129. cmd.run:
  130. - name: ifup {{ interface_name }}
  131. - require:
  132. - file: ovs_port_{{ interface_name }}
  133. - file: ovs_port_{{ interface_name }}_line1
  134. - file: ovs_port_{{ interface_name }}_line2
  135. - openvswitch_bridge: ovs_bridge_{{ interface.bridge }}
  136. - file: linux_interfaces_final_include
  137. {%- endif %}
  138. {%- else %}
  139. linux_interface_{{ interface_name }}:
  140. network.managed:
  141. - enabled: {{ interface.enabled }}
  142. - name: {{ interface_name }}
  143. - type: {{ interface.type }}
  144. {%- if interface.address is defined %}
  145. {%- if grains.os_family == 'Debian' %}
  146. - proto: {{ interface.get('proto', 'static') }}
  147. {% endif %}
  148. {%- if grains.os_family == 'RedHat' %}
  149. {%- if interface.get('proto', 'none') == 'manual' %}
  150. - proto: 'none'
  151. {%- else %}
  152. - proto: {{ interface.get('proto', 'none') }}
  153. {%- endif %}
  154. {% endif %}
  155. - ipaddr: {{ interface.address }}
  156. - netmask: {{ interface.netmask }}
  157. {%- else %}
  158. - proto: {{ interface.get('proto', 'dhcp') }}
  159. {%- endif %}
  160. {%- if interface.type == 'slave' %}
  161. - master: {{ interface.master }}
  162. {%- endif %}
  163. {%- if interface.name_servers is defined %}
  164. - dns: {{ interface.name_servers }}
  165. {%- endif %}
  166. {%- if interface.wireless is defined and grains.os_family == 'Debian' %}
  167. {%- if interface.wireless.security == "wpa" %}
  168. - wpa-ssid: {{ interface.wireless.essid }}
  169. - wpa-psk: {{ interface.wireless.key }}
  170. {%- else %}
  171. - wireless-ssid: {{ interface.wireless.essid }}
  172. - wireless-psk: {{ interface.wireless.key }}
  173. {%- endif %}
  174. {%- endif %}
  175. {%- for param in network.interface_params %}
  176. {{ set_param(param, interface) }}
  177. {%- endfor %}
  178. {%- if interface.require_interfaces is defined %}
  179. - require:
  180. {%- for netif in interface.get('require_interfaces', []) %}
  181. - network: linux_interface_{{ netif }}
  182. {%- endfor %}
  183. {%- for network in interface.get('use_ovs_ports', []) %}
  184. - cmd: ovs_port_up_{{ network }}
  185. {%- endfor %}
  186. {%- endif %}
  187. {%- if interface.type == 'bridge' %}
  188. - bridge: {{ interface_name }}
  189. - delay: 0
  190. - bypassfirewall: True
  191. - use:
  192. {%- for network in interface.use_interfaces %}
  193. - network: linux_interface_{{ network }}
  194. {%- endfor %}
  195. - ports: {% for network in interface.get('use_interfaces', []) %}{{ network }} {% endfor %}{% for network in interface.get('use_ovs_ports', []) %}{{ network }} {% endfor %}
  196. - require:
  197. {%- for network in interface.get('use_interfaces', []) %}
  198. - network: linux_interface_{{ network }}
  199. {%- endfor %}
  200. {%- for network in interface.get('use_ovs_ports', []) %}
  201. - cmd: ovs_port_up_{{ network }}
  202. {%- endfor %}
  203. {%- endif %}
  204. {%- if interface.type == 'bond' %}
  205. - slaves: {{ interface.slaves }}
  206. - mode: {{ interface.mode }}
  207. {%- endif %}
  208. {%- if salt['grains.get']('saltversion') < '2017.7' %}
  209. # TODO(ddmitriev): Remove this 'if .. endif' block completely when
  210. # switched to salt version 2017.7 that has the same functionality.
  211. {%- if interface.type == 'bond' and interface.enabled == True %}
  212. linux_bond_interface_{{ interface_name }}:
  213. cmd.run:
  214. - name: ifenslave {{ interface_name }} {{ interface.slaves }}
  215. - require:
  216. - network: linux_interface_{{ interface_name }}
  217. - onchanges:
  218. - network: linux_interface_{{ interface_name }}
  219. {%- for network in interface.slaves.split() %}
  220. - network: linux_interface_{{ network }}
  221. {%- endfor %}
  222. {%- endif %}
  223. {%- endif %}
  224. {%- for network in interface.get('use_ovs_ports', []) %}
  225. remove_interface_{{ network }}_line1:
  226. file.replace:
  227. - name: /etc/network/interfaces
  228. - pattern: auto {{ network }}$
  229. - repl: ""
  230. remove_interface_{{ network }}_line2:
  231. file.replace:
  232. - name: /etc/network/interfaces
  233. - pattern: iface {{ network }} inet manual
  234. - repl: ""
  235. {%- endfor %}
  236. {%- if interface.gateway is defined %}
  237. linux_system_network:
  238. network.system:
  239. - enabled: {{ interface.enabled }}
  240. - hostname: {{ network.fqdn }}
  241. {%- if interface.gateway is defined %}
  242. - gateway: {{ interface.gateway }}
  243. - gatewaydev: {{ interface_name }}
  244. {%- endif %}
  245. - nozeroconf: True
  246. - nisdomain: {{ system.domain }}
  247. - require_reboot: True
  248. {%- endif %}
  249. {%- endif %}
  250. {%- endif %}
  251. {%- if interface.wireless is defined %}
  252. {%- if grains.os_family == 'Arch' %}
  253. linux_network_packages:
  254. pkg.installed:
  255. - pkgs: {{ network.pkgs }}
  256. /etc/netctl/network_{{ interface.wireless.essid }}:
  257. file.managed:
  258. - source: salt://linux/files/wireless
  259. - mode: 755
  260. - template: jinja
  261. - require:
  262. - pkg: linux_network_packages
  263. - defaults:
  264. interface_name: {{ interface_name }}
  265. switch_profile_{{ interface.wireless.essid }}:
  266. cmd.run:
  267. - name: netctl switch-to network_{{ interface.wireless.essid }}
  268. - cwd: /root
  269. - unless: "iwconfig {{ interface_name }} | grep -e 'ESSID:\"{{ interface.wireless.essid }}\"'"
  270. - require:
  271. - file: /etc/netctl/network_{{ interface.wireless.essid }}
  272. enable_profile_{{ interface.wireless.essid }}:
  273. cmd.run:
  274. - name: netctl enable network_{{ interface.wireless.essid }}
  275. - cwd: /root
  276. - unless: test -e /etc/systemd/system/multi-user.target.wants/netctl@network_{{ interface.wireless.essid }}.service
  277. - require:
  278. - file: /etc/netctl/network_{{ interface.wireless.essid }}
  279. {%- endif %}
  280. {%- endif %}
  281. {%- endif %}
  282. {%- if interface.route is defined %}
  283. linux_network_{{ interface_name }}_routes:
  284. network.routes:
  285. - name: {{ interface_name }}
  286. - routes:
  287. {%- for route_name, route in interface.route.items() %}
  288. - name: {{ route_name }}
  289. ipaddr: {{ route.address }}
  290. netmask: {{ route.netmask }}
  291. {%- if route.gateway is defined %}
  292. gateway: {{ route.gateway }}
  293. {%- endif %}
  294. {%- endfor %}
  295. {%- if interface.noifupdown is defined %}
  296. - require_reboot: {{ interface.noifupdown }}
  297. {%- endif %}
  298. {%- endif %}
  299. {%- if interface.type in ('eth','ovs_port') %}
  300. {%- if interface.get('ipflush_onchange', False) %}
  301. linux_interface_ipflush_onchange_{{ interface_name }}:
  302. cmd.run:
  303. - name: "/sbin/ip address flush dev {{ interface_name }}"
  304. {%- if interface.type == 'eth' %}
  305. - onchanges:
  306. - network: linux_interface_{{ interface_name }}
  307. {%- elif interface.type == 'ovs_port' %}
  308. - onchanges:
  309. - file: ovs_port_{{ interface_name }}
  310. {%- endif %}
  311. {%- if interface.get('restart_on_ipflush', False) %}
  312. linux_interface_restart_on_ipflush_{{ interface_name }}:
  313. cmd.run:
  314. - name: "ifdown {{ interface_name }}; ifup {{ interface_name }};"
  315. - onchanges:
  316. - cmd: linux_interface_ipflush_onchange_{{ interface_name }}
  317. {%- endif %}
  318. {%- endif %}
  319. {%- endif %}
  320. {%- endfor %}
  321. {%- if network.bridge != 'none' %}
  322. linux_interfaces_final_include:
  323. file.prepend:
  324. - name: /etc/network/interfaces
  325. - text: |
  326. source /etc/network/interfaces.d/*
  327. # Workaround for Upstream-Bug: https://github.com/saltstack/salt/issues/40262
  328. source /etc/network/interfaces.u/*
  329. linux_interfaces_final_include_no_requisite:
  330. file.prepend:
  331. - name: /etc/network/interfaces
  332. - text: |
  333. source /etc/network/interfaces.d/*
  334. # Workaround for Upstream-Bug: https://github.com/saltstack/salt/issues/40262
  335. source /etc/network/interfaces.u/*
  336. {%- endif %}
  337. {%- endif %}
  338. {%- if network.network_manager.disable is defined and network.network_manager.disable == True %}
  339. NetworkManager:
  340. service.dead:
  341. - enable: false
  342. {%- endif %}
  343. {%- if network.tap_custom_txqueuelen is defined %}
  344. /etc/udev/rules.d/60-net-txqueue.rules:
  345. file.managed:
  346. - source: salt://linux/files/60-net-txqueue.rules
  347. - mode: 755
  348. - template: jinja
  349. - defaults:
  350. tap_custom_txqueuelen: {{ network.tap_custom_txqueuelen }}
  351. udev_reload_rules:
  352. cmd.run:
  353. - name: "/bin/udevadm control --reload-rules"
  354. - onchanges:
  355. - file: /etc/udev/rules.d/60-net-txqueue.rules
  356. udev_retrigger:
  357. cmd.run:
  358. - name: "/bin/udevadm trigger --attr-match=subsystem=net"
  359. - onchanges:
  360. - udev_reload_rules
  361. {%- endif %}