Merge pull request 'Network configuration' (#1) from network_config into master

Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/deuxfleurs.fr/pulls/1

5 files changed, 10 insertions, 52 deletions

diff --git a/ansible/roles/network/files/nsswitch.conf b/ansible/roles/network/files/nsswitch.conf
index f4c3149..a84e024 100644
--- a/ansible/roles/network/files/nsswitch.conf
+++ b/ansible/roles/network/files/nsswitch.conf
@@ -9,8 +9,7 @@ group:          files systemd
 shadow:         files
 gshadow:        files
 
-#hosts:          files dns
-hosts:          files mymachines resolve [!UNAVAIL=return] dns myhostname
+hosts:          files dns
 networks:       files
 
 protocols:      db files
diff --git a/ansible/roles/network/files/systemd-resolve-no-listen.conf b/ansible/roles/network/files/systemd-resolve-no-listen.conf
deleted file mode 100644
index 6e95967..0000000
--- a/ansible/roles/network/files/systemd-resolve-no-listen.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-[Resolve]
-DNSStubListener=no
diff --git a/ansible/roles/network/handlers/main.yml b/ansible/roles/network/handlers/main.yml
deleted file mode 100644
index 3454894..0000000
--- a/ansible/roles/network/handlers/main.yml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-- name: reload iptables
-  shell: iptables-restore < /etc/iptables/rules.v4 && systemctl restart docker && ifdown nomad1 || true && ifup nomad1 || true
-
-- name: reload ip6tables
-  shell: ip6tables-restore < /etc/iptables/rules.v6
-
-- name: reload nomad interface
-  shell: ifdown nomad1 || true ; ifup nomad1
-
-- name: reload systemd-resolved
-  service: name=systemd-resolved state=restarted 
diff --git a/ansible/roles/network/tasks/main.yml b/ansible/roles/network/tasks/main.yml
index 7f95b0f..2087765 100644
--- a/ansible/roles/network/tasks/main.yml
+++ b/ansible/roles/network/tasks/main.yml
@@ -1,42 +1,23 @@
-- name: "Add dummy interface to handle Nomad NAT restriction nomad#2770"
-  template: src=nomad-interface.j2 dest=/etc/network/interfaces.d/nomad.cfg
-  when: public_ip != private_ip
-  notify:
-    - reload nomad interface
-
 - name: "Deploy iptablesv4 configuration"
   template: src=rules.v4.j2 dest=/etc/iptables/rules.v4
-  notify:
-    - reload iptables
 
 - name: "Deploy iptablesv6 configuration"
   copy: src=rules.v6 dest=/etc/iptables/rules.v6
-  notify:
-    - reload ip6tables
 
 - name: "Activate IP forwarding"
   sysctl:
     name: net.ipv4.ip_forward
-    value: 1
+    value: "1"
     sysctl_set: yes
 
-- name: "Create systemd-resolved override directory"
-  file: path=/etc/systemd/resolved.conf.d/ state=directory
-
-- name: "Prevent systemd-resolved from listening on port 53 (DNS)"
-  copy: src=systemd-resolve-no-listen.conf dest=/etc/systemd/resolved.conf.d/systemd-resolve-no-listen.conf
-  notify: reload systemd-resolved
+# These two lines are used to undo previous config, remove them once it is done
+- name: "Update nsswitch.conf to not use systemd-resolved"
+  copy: src=nsswitch.conf dest=/etc/nsswitch.conf
 
-- name: "Use systemd-resolved as a source for /etc/resolv.conf"
-  file:
-    src: "/run/systemd/resolve/resolv.conf"
-    dest: "/etc/resolv.conf"
-    state: link
-    force: yes
-  notify: reload systemd-resolved
+- name: "Disable systemd-resolved"
+  systemd:
+    name: systemd-resolved
+    state: stopped
+    enabled: false
 
-- name: "Update nsswitch.conf to use systemd-resolved"
-  copy: src=nsswitch.conf dest=/etc/nsswitch.conf
 
-- name: "Flush handlers"
-  meta: flush_handlers
diff --git a/ansible/roles/network/templates/nomad-interface.j2 b/ansible/roles/network/templates/nomad-interface.j2
deleted file mode 100644
index 74e9cd4..0000000
--- a/ansible/roles/network/templates/nomad-interface.j2
+++ /dev/null
@@ -1,8 +0,0 @@
-auto nomad1
-iface nomad1 inet manual
-    pre-up /sbin/ip link add nomad1 type dummy
-    up /sbin/ip addr add {{ public_ip }} dev nomad1
-    up /sbin/iptables -t nat -A PREROUTING -d {{ private_ip }}/32 -j NETMAP --to {{ public_ip }}/32
-    down /sbin/iptables -t nat -D PREROUTING -d {{ private_ip }}/32 -j NETMAP --to {{ public_ip }}/32
-    post-down /sbin/ip link del nomad1
-