File tree Expand file tree Collapse file tree 9 files changed +156
-0
lines changed Expand file tree Collapse file tree 9 files changed +156
-0
lines changed Original file line number Diff line number Diff line change @@ -63,6 +63,23 @@ that can be set for this role.
6363 addresses :
6464 - 10.11.12.99/24
6565` ` `
66+ ## Using vaulted variables
67+ Vault encrypted variables need to be defined outside the ` netplan_configuration` variable to be evaluated.
68+
69+ ` ` ` yaml
70+ netplan_configuration:
71+ network:
72+ version: 2
73+ tunnels:
74+ wg_test:
75+ mode: wireguard
76+ key: "{{ my_wireguard_private_key }}"
77+ ....
78+
79+ my_wireguard_private_key: !vault |
80+ 31366530666465373834386563636465636135323562303866363333333865376330303130363162
81+ ....
82+ ` ` `
6683
6784# # License
6885
Original file line number Diff line number Diff line change 22galaxy_info :
33 author : Larry Smith Jr.
44 description : An [Ansible](https://www.ansible.com) role to manage [Netplan](https://netplan.io)
5+ role_name : netplan
6+ namespace : mrlesmithjr
57
68 license : MIT
79
Original file line number Diff line number Diff line change 1+ ---
2+ - name : Converge
3+ hosts : all
4+ become : true
5+ vars :
6+ netplan_renderer : ' NetworkManager'
7+ debug : true
8+ netplan_configuration :
9+ network :
10+ version : 2
11+ tunnels :
12+ wg_test :
13+ mode : wireguard
14+ addresses :
15+ - 10.42.42.2/32
16+ nameservers :
17+ addresses :
18+ - 10.10.10.1
19+ search :
20+ - dns.example.com
21+ key : ' gDdP5JHM6VQQOeGZPLANiTMa+V2bbwyR8Z2o86m7gUg='
22+ peers :
23+ - keys :
24+ public : ' KqOQG90uvqVWGHwLW+Z5tH019Qt5QcIhpKitIovkviA='
25+ allowed-ips :
26+ - 10.10.10.0/24
27+ keepalive : 15
28+ endpoint : ' wireguard.example.com:51820'
29+ routes :
30+ - to : 10.10.10.0/24
31+ tasks :
32+ - name : " Include ansible-netplan"
33+ include_role :
34+ name : " mrlesmithjr.netplan"
Original file line number Diff line number Diff line change 1+ ---
2+ dependency :
3+ name : galaxy
4+ options :
5+ ignore-certs : true
6+ ignore-errors : true
7+ driver :
8+ name : vagrant
9+ platforms :
10+ - name : vagrant-ubuntu
11+ box : ubuntu/focal64
12+ memory : 4048
13+ cpus : 4
14+ instance_raw_config_args :
15+ - " vm.network 'forwarded_port', guest: 8081, host: 30080"
16+ provisioner :
17+ name : ansible
18+ lint : ansible-lint --force-color
19+ lint : |
20+ set -e
21+ yamllint .
22+ ansible-lint
23+ verifier :
24+ name : ansible
Original file line number Diff line number Diff line change 1+ ---
2+ - name : Prepare
3+ hosts : all
4+ become : true
5+ tasks :
6+ - name : Update apt cache
7+ ansible.builtin.apt :
8+ update_cache : true
9+ cache_valid_time : 3600
10+ when : ansible_os_family == 'Debian'
Original file line number Diff line number Diff line change 1+ ---
2+ # This is an example playbook to execute Ansible tests.
3+
4+ - name : Verify
5+ hosts : all
6+ gather_facts : false
7+ vars :
8+ # netplan_renderer: 'NetworkManager'
9+ netplan_configuration :
10+ network :
11+ version : ' 2'
12+ tunnels :
13+ wg_test :
14+ mode : wireguard
15+ addresses :
16+ - 10.42.42.2/32
17+ nameservers :
18+ addresses :
19+ - 10.10.10.1
20+ search :
21+ - dns.example.com
22+ key : ' gDdP5JHM6VQQOeGZPLANiTMa+V2bbwyR8Z2o86m7gUg='
23+ peers :
24+ - keys :
25+ public : ' KqOQG90uvqVWGHwLW+Z5tH019Qt5QcIhpKitIovkviA='
26+ allowed-ips :
27+ - 10.10.10.0/24
28+ keepalive : ' 15'
29+ endpoint : ' wireguard.example.com:51820'
30+ routes :
31+ - to : 10.10.10.0/24
32+ become : true
33+ become_user : root
34+ tasks :
35+ - name : Read netplan config
36+ ansible.builtin.slurp :
37+ src : ' /etc/netplan/ansible-config.yaml'
38+ register : netplan_wg_config_encoded
39+
40+ - name : Check wireguard config
41+ ansible.builtin.assert :
42+ that :
43+ - netplan_configuration.network.version in netplan_wg_config
44+ - netplan_configuration.network.tunnels.wg_test.mode in netplan_wg_config
45+ - netplan_configuration.network.tunnels.wg_test.addresses[0] in netplan_wg_config
46+ - netplan_configuration.network.tunnels.wg_test.nameservers.addresses[0] in netplan_wg_config
47+ - netplan_configuration.network.tunnels.wg_test.nameservers.search[0] in netplan_wg_config
48+ - netplan_configuration.network.tunnels.wg_test.key in netplan_wg_config
49+ - netplan_configuration.network.tunnels.wg_test.peers[0]['keys']['public'] in netplan_wg_config
50+ - netplan_configuration.network.tunnels.wg_test.peers[0]['allowed-ips'][0] in netplan_wg_config
51+ - netplan_configuration.network.tunnels.wg_test.peers[0].keepalive in netplan_wg_config
52+ - netplan_configuration.network.tunnels.wg_test.peers[0].endpoint in netplan_wg_config
53+ - netplan_configuration.network.tunnels.wg_test.routes[0].to in netplan_wg_config
54+ vars :
55+ - netplan_wg_config : " {{ netplan_wg_config_encoded.content | b64decode }}"
Original file line number Diff line number Diff line change 66 become : true
77 register : result
88 until : result is successful
9+
10+ - name : Install network-manager when used as renderer
11+ apt :
12+ name : " {{ netplan_networkmanager_pkt }}"
13+ state : present
14+ become : true
15+ register : result
16+ until : result is successful
17+ when : netplan_renderer == 'NetworkManager'
Original file line number Diff line number Diff line change @@ -24,3 +24,7 @@ network:
2424 vlans:
2525{{ netplan_configuration['network'] ['vlans'] |to_nice_yaml|indent(4, true) }}
2626{% endif %}
27+ {% if netplan_configuration ['network' ]['tunnels' ] is defined %}
28+ tunnels:
29+ {{ netplan_configuration['network'] ['tunnels'] |to_nice_yaml|indent(4, true) }}
30+ {% endif %}
Original file line number Diff line number Diff line change 11---
2+ netplan_networkmanager_pkt : ' network-manager'
23# vars file for ansible-netplan
You can’t perform that action at this time.
0 commit comments