Network Interfaces & Brige Utilities¶
Installation¶
apt install bridge-utils
Kernel Parameter¶
Folgende Kernel Parameter einstellen und speichern.
sysctl -w net.ipv4.ip_forward="1"
sysctl -w net.ipv4.conf.default.rp_filter="0"
sysctl -w net.ipv4.conf.all.rp_filter="0"
sysctl -w net.ipv6.conf.all.forwarding="1"
sysctl -w net.ipv6.conf.all.autoconf="0"
sysctl -w net.ipv6.conf.default.autoconf="0"
sysctl -w net.ipv6.conf.all.accept_ra="0"
sysctl -w net.ipv6.conf.default.accept_ra="0"
Schnittstellen¶
Vorsicht
In der Datei /etc/network/interfaces sollte der Eintrag source /etc/network/interfaces.d/* stehen!
Netzwerk Brücke /etc/network/interfaces.d/bridge.
# This file is managed by Salt, do not edit.
auto {{ bridge }}
iface {{ bridge }} inet static
{%- if pillar['network']['bridge']['bridge_ports'] is defined %}
bridge_ports {{ pillar['network']['primary']['interface'] }}
{%- endif %}
hwaddress {{ hwaddress }}
address {{ address }}
netmask {{ netmask }}
pre-up brctl addbr $IFACE
up ip address add {{ address6mask }} dev $IFACE
post-down brctl delbr $IFACE
B.A.T.M.A.N. Schnittstelle /etc/network/interfaces.d/batman.
# This file is managed by Salt, do not edit.
allow-hotplug {{ batman }}
iface {{ batman }} inet6 manual
pre-up modprobe batman-adv
post-up brctl addif {{ bridge }} $IFACE
post-up batctl -m $IFACE it 10000
# post-up batctl -m $IFACE vm server # Error - The installed batctl version and kernel module don't have vis support. The vis functionality
post-up batctl -m $IFACE gw server 96mbit/96mbit
pre-down brctl delif {{ bridge }} $IFACE || true
Mesh Schnittstelle (fastd) /etc/network/interfaces.d/mesh.
# This file is managed by Salt, do not edit.
allow-hotplug {{ mesh }}
iface {{ mesh }} inet6 manual
hwaddress {{ pillar['network']['mesh']['hwaddress'] }}
pre-up modprobe batman-adv
post-up batctl -m {{ batman }} if add $IFACE
post-up ip link set dev {{ batman }} up
Netzwerk Brücke¶
Mit dem Befehl ifup {{ bridge }} die Netzwerk Brücke starten, falls diese nicht vorhanden ist.
Salt State File¶
network.sls
# Network Interfaces & Brige Utilities
{% set bridgeutils = salt['grains.filter_by']({
'Debian': {'pkg': 'bridge-utils'},
}, default='Debian') %}
{{ bridgeutils.pkg }}:
pkg.installed:
- name: {{ bridgeutils.pkg }}
# {#% if grains['os'] == 'Ubuntu' and grains['osrelease'] == '18.04' %#}
{% set ifupdown = salt['grains.filter_by']({
'Debian': {'pkg': 'ifupdown'},
}, default='Debian') %}
{{ ifupdown.pkg }}:
pkg.installed:
- name: {{ ifupdown.pkg }}
{% set resolvconf = salt['grains.filter_by']({
'Debian': {'pkg': 'resolvconf'},
}, default='Debian') %}
{{ resolvconf.pkg }}:
pkg.installed:
- name: {{ resolvconf.pkg }}
# {#% endif %#}
# Interfaces
{% if grains['os_family'] == 'Debian' %}
# /etc/network/interfaces:
# file.managed:
# - name: /etc/network/interfaces
# - srouce: salt://etc/network/interfaces-{#{ grains['nodename'] }#}
# /etc/network/interfaces.d/br0:
# file.managed:
# - name: /etc/network/interfaces.d/br0
# - source: salt://gateway/etc/network/interfaces.d/br0
# - template: jinja
# - defaults:
# address: {#{ pillar['network']['bridge']['ipv4']['address'] }#}
# netmask: {#{ pillar['network']['bridge']['ipv4']['netmask'] }#}
# address6: {#{ pillar['network']['bridge']['ipv6']['address'] }#}
# netmask6: {#{ pillar['network']['bridge']['ipv6']['netmask'] }#}
# - user: root
# - group: root
# - mode: 644
# /etc/network/interfaces.d/bat0:
# file.managed:
# - name: /etc/network/interfaces.d/bat0
# - source: salt://gateway/etc/network/interfaces.d/bat0
# - user: root
# - group: root
# - mode: 64
{% if not pillar['testing'] is defined %}
/etc/resolvconf/resolv.conf.d/head:
file.managed:
- name: /etc/resolvconf/resolv.conf.d/head
- source: salt://gateway/etc/resolvconf/resolv.conf.d/head
{% endif %}
/etc/network/interfaces:
file.append:
- name: /etc/network/interfaces
- text: |
source /etc/network/interfaces.d/*
/etc/network/interfaces.d:
file.directory:
- name: /etc/network/interfaces.d
- makedirs: True
/etc/network/interfaces.d/bridge:
file.managed:
- name: /etc/network/interfaces.d/bridge
- source: salt://gateway/etc/network/interfaces.d/bridge
- user: root
- group: root
- mode: 644
- template: jinja
- defaults:
primary: {{ pillar['network']['primary']['interface'] }}
bridge: {{ pillar['network']['bridge']['interface'] }}
hwaddress: {{ pillar['network']['bridge']['hwaddress'] }}
address: {{ pillar['network']['bridge']['address'] }}
netmask: {{ pillar['network']['bridge']['netmask'] }}
address6mask: {{ pillar['network']['bridge']['address6mask'] }}
cmd.run:
- name: ifup {{ pillar['network']['bridge']['interface'] }}
- unless: test -n "$(ifconfig | grep {{ pillar['network']['bridge']['interface'] }})"
{% if pillar['fastd']['secret'] is defined %}
/etc/network/interfaces.d/batman:
file.managed:
- name: /etc/network/interfaces.d/batman
- source: salt://gateway/etc/network/interfaces.d/batman
- user: root
- group: root
- mode: 644
- template: jinja
- defaults:
primary: {{ pillar['network']['primary']['interface'] }}
bridge: {{ pillar['network']['bridge']['interface'] }}
batman: {{ pillar['network']['batman']['interface'] }}
{% endif %}
{% if pillar['network']['mesh']['hwaddress'] is defined %}
/etc/network/interfaces.d/mesh:
file.managed:
- name: /etc/network/interfaces.d/mesh
- source: salt://gateway/etc/network/interfaces.d/mesh
- user: root
- group: root
- mode: 644
- template: jinja
- defaults:
primary: {{ pillar['network']['primary']['interface'] }}
batman: {{ pillar['network']['batman']['interface'] }}
mesh: {{ pillar['network']['mesh']['interface'] }}
hwaddress: {{ pillar['network']['mesh']['hwaddress'] }}
{% endif %}
{% if pillar['exit'] is defined and pillar['exit']['provider'] == 'ffrl' %}
/etc/network/interfaces.d/ffrl:
file.managed:
- name: /etc/network/interfaces.d/ffrl
- source: salt://gateway/etc/network/interfaces.d/ffrl
- user: root
- group: root
- mode: 644
- template: jinja
{% endif %}
{% endif %}
# Forwarding
# IPv4
# Affects: /etc/sysctl.d/99-salt.conf
# Validate: sysctl net.ipv4.ip_forward
net.ipv4.ip_forward:
sysctl.present:
- value: 1
# Sven
net.ipv4.conf.default.rp_filter:
sysctl.present:
- value: 0
net.ipv4.conf.all.rp_filter:
sysctl.present:
- value: 0
# IPv6
# Affects: /etc/sysctl.d/99-salt.conf
# Validate: sysctl net.ipv6.conf.all.forwarding
net.ipv6.conf.all.forwarding:
sysctl.present:
- value: 1
# Sven
net.ipv6.conf.all.autoconf:
sysctl.present:
- value: 0
net.ipv6.conf.default.autoconf:
sysctl.present:
- value: 0
# net.ipv6.conf.eth0.autoconf:
# sysctl.present:
# - value: 0
net.ipv6.conf.all.accept_ra:
sysctl.present:
- value: 0
net.ipv6.conf.default.accept_ra:
sysctl.present:
- value: 0
# net.ipv6.conf.eth0.accept_ra:
# sysctl.present:
# - value: 0
# % if grains['kernelrelease'] < '3.18' %}
# /etc/resolv.conf