ansibleguy.linux_networking
Ansible角色 - Linux网络配置
这是一个用于在Linux服务器上部署网络配置/接口的Ansible角色。
测试版本:
- Debian 11
安装
# 最新版本
ansible-galaxy role install git+https://github.com/ansibleguy/linux_networking
# 从Galaxy安装
ansible-galaxy install ansibleguy.linux_networking
# 或者指定自定义角色路径
ansible-galaxy install ansibleguy.linux_networking --roles-path ./roles
# 安装依赖
ansible-galaxy install -r requirements.yml
python3 -m pip install -r requirements.txt
用法
想要一个简单的Ansible GUI?可以看看我的Ansible WebUI
配置
根据需要定义网络配置:
network:
support:
vlan: true
bridge: true
bonding: true
traffic_forwarding: true
ipv6: true
purge_orphaned_interfaces: true
interfaces: # 更多配置信息请查看:https://wiki.debian.org/NetworkConfiguration
ens192:
address: '192.168.142.90/24'
gateway: '192.168.142.1'
script_post-up: ['ip route add 172.16.100.0/24 dev ens192 src 192.168.142.90 via 192.168.142.10']
aliases:
- address: '2a09:cd41:f:42ee::1'
gateway: '2a09:cd41:f:42ee::f'
- '2a09:cd41:f:42ee::1'
bridge01:
bridge_ports: ['ens193', 'ens194']
script_down: ['/usr/local/sbin/random_script.sh']
ens195: # 初始化父接口
ens195.85:
vlan: true
hotplug: false
address: '10.0.85.90/24'
gateway: '10.0.85.1'
nameservers: ['10.0.85.1']
bond01:
bond-mode: '802.3ad'
bond-lacp-rate: 1
bond-miimon: 100
address: '192.168.200.10/26'
bond-slaves: ['ens196', 'ens197']
bond02:
bond-mode: 'active-passive'
address: '192.168.210.10/26'
bond-slaves: ['ens198', 'ens199']
validation:
enable: true
tests:
ping:
google_dns: '8.8.8.8'
port:
internal_web:
host: 'someSite.internal'
port: 443
startup_service:
enable: true
interfaces:
tunnel01:
type: 'vti'
args:
key: 32
local: '192.168.133.1'
remote: '192.168.133.2'
routes:
'192.168.142.1':
- net: '10.10.40.0/22'
metric: 50
tunnel01:
- net: '10.10.52.0/24'
routes_cmd:
- 'ip route add 0.0.0.0/0 via 192.168.142.254 metric 200'
执行
运行剧本:
ansible-playbook -K -D -i inventory/hosts.yml playbook.yml
还有一些有用的标签可用:
- base
- interfaces
- routing
功能
网络接口
- 桥接
- 绑定
- vlan
- ipv4 & ipv6
静态路由
- 通过接口上下文脚本
- 通过启动服务
默认启用:
- 安装基本网络诊断工具
- 清除孤立接口
- 支持:
- ipv6
默认禁用:
- 网络启动服务以允许特定配置
- 通过网络验证脚本防止锁定
- 支持:
- 接口绑定
- 接口桥接
- vlan接口
- 流量转发(类似路由器)
信息
注意: 此角色当前仅支持Debian系统(Ubuntu部分支持)
注意: 角色的许多功能可以选择启用或禁用。
有关所有可用选项,请参见主默认文件中的默认配置!
警告: 你提供的并非每个设置/变量都会被检查有效性。错误的配置可能会导致角色无法正常使用!
注意: 网络验证端口检查仅支持TCP目标端口,因为UDP连接无法轻易验证。
示例
基本、绑定、Vlan
配置
network:
support:
vlan: true
bridge: true
bonding: true
ipv6: false
interfaces:
ens192:
address: '10.48.2.90/24'
gateway: '10.48.2.254'
bond01:
bond-mode: 'balance-tlb'
address: '10.48.2.92/24'
bond-slaves: ['ens224', 'ens256']
ens161:
ens161.5:
vlan: true
hotplug: false
address: '10.10.55.10/24'
nameservers: ['10.0.55.1']
script_post-up: ['ip route add 192.168.4.0/22 via 10.10.55.1 metric 50']
结果:
guy@ansible:~# ip a
> 2: ens192:
> altname enp11s0
> inet 10.48.2.90/24 brd 10.48.2.255 scope global ens192
> 3: bond01 <MASTER,UP>
> inet 10.48.2.92/24 brd 10.48.2.255 scope global bond01
> 4: ens256: <SLAVE,UP>
> altname enp27s0
> 5: ens224: <SLAVE,UP>
> altname enp19s0
> 6: ens161:
> altname enp4s0
> 7: ens161.5@ens161:
> inet 10.10.55.10/24 brd 10.10.55.255 scope global ens161.5
guy@ansible:~# ip route show
> default via 10.48.2.254 dev ens192 onlink
> 10.10.55.0/24 dev ens161.5 proto kernel scope link src 10.10.55.10
> 10.48.2.0/24 dev bond01 proto kernel scope link src 10.48.2.92 linkdown
> 10.48.2.0/24 dev ens192 proto kernel scope link src 10.48.2.90
> 192.168.4.0/22 via 10.10.55.1 dev ens161.5 metric 50
guy@ansible:~# cat /proc/net/bonding/bond01
> Ethernet Channel Bonding Driver: v5.10.0-8-amd64
>
> Bonding Mode: transmit load balancing
> Primary Slave: None
> Currently Active Slave: ens224
> MII Status: up
> MII Polling Interval (ms): 100
> Up Delay (ms): 200
> Down Delay (ms): 200
> Peer Notification Delay (ms): 0
>
> Slave Interface: ens224
> MII Status: up
> Speed: 10000 Mbps
> Duplex: full
> Link Failure Count: 0
> Permanent HW addr: xx:xx:xx:xx:xx:xx
> Slave queue ID: 0
>
> Slave Interface: ens256
> MII Status: up
> Speed: 10000 Mbps
> Duplex: full
> Link Failure Count: 0
> Permanent HW addr: xx:xx:xx:xx:xx:xx
> Slave queue ID: 0
IPv6 & 别名
配置
network:
validation:
enable: true
interfaces:
eth0:
address: '10.0.85.90/24'
gateway: '10.0.85.1'
aliases:
- address: '2a09:cd41:f:42ee::1/124'
gateway: '2a09:cd41:f:42ee::f'
- '2a09:cd41:f:42ee::2'
结果:
guy@ansible:~# ping -6 one.one.one.one -I 2a09:cd41:f:42ee::2
> PING one.one.one.one(one.one.one.one (2606:4700:4700::1111)) from 2a09:cd41:f:42ee::2 : 56 data bytes
> 64 bytes from one.one.one.one (2606:4700:4700::1111): icmp_seq=1 ttl=58 time=14.7 ms
guy@ansible:~# ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP>
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
> inet 10.0.85.90/24 brd 10.0.85.255 scope global eth0
> inet6 2a09:cd41:f:42ee::2/128 scope global deprecated
> inet6 2a09:cd41:f:42ee::1/124 scope global deprecated
guy@ansible:~# cat /etc/network/interfaces.d/eth0
> # Ansible管理
> # ansibleguy.linux_networking
>
> auto eth0
> allow-hotplug eth0
>
> iface eth0 inet static
> address 194.32.76.202/24
> gateway 194.32.76.1
> dns-nameservers 8.8.8.8 1.1.1.1
>
> # 接口别名(附加IP)
> auto eth0:1
> allow-hotplug eth0:1
> iface eth0:1 inet6 static
> address 2a09:cd41:f:42ee::1/124
> gateway 2a09:cd41:f:42ee::f
>
> auto eth0:2
> allow-hotplug eth0:2
> iface eth0:2 inet6 static
> address 2a09:cd41:f:42ee::2
关于项目
Role to configure network interfaces and routing on linux servers
安装
ansible-galaxy install ansibleguy.linux_networking许可证
other
下载
2.5k
拥有者
[email protected] | GPG: https://badges.ansibleguy.net/public.gpg