iptables

roles/2-common/tasks/iptables.yml

@@ -47,10 +47,9 @@
             group='root'
             mode={{ item.2 }}
   with_items:
-   - { 0: 'roles/network/templates/gateway/iptables-config', 1: '/etc/sysconfig/iptables-config', 2: '0644' }
-   - { 0: 'roles/network/templates/gateway/check-LAN', 1: '/usr/bin/check-LAN', 2: '0755' }
+   - { 0: 'iptables-config', 1: '/etc/sysconfig/iptables-config', 2: '0644' }
 
 - name: Install Debian config
-  template: src=roles/network/templates/gateway/iptables dest=/etc/network/if-pre-up.d/iptables
+  template: src=iptables dest=/etc/network/if-pre-up.d/iptables
             mode=0755
   when: is_debuntu

roles/2-common/tasks/main.yml

@@ -18,7 +18,7 @@
 # the following installs common packages for both debian and fedora
 - include_tasks: packages.yml
 
-- include_tasks: roles/network/tasks/iptables.yml
+- include_tasks: iptables.yml
 
 - sysctl: name=net.ipv4.ip_forward value=1 state=present
 - sysctl: name=net.ipv4.conf.default.rp_filter value=1 state=present

roles/network/templates/gateway/check-LAN

@@ -1,61 +0,0 @@
-#!/bin/bash
-run_detect(){
-    logger "check-LAN: running reconfig"
-    cd /opt/schoolserver/iiab
-    /opt/schoolserver/iiab/runtags network > /dev/null
-    logger "check-LAN: completed reconfig"
-    exit 0
-}
-
-exit_clean(){
-    logger "check-LAN: completed - nothing to do"
-    exit 0
-}
-
-logger "check-LAN: startup"
-
-if [ -f /etc/sysconfig/xs_lan_device ]; then
-    LAN_DEVICE=`cat /etc/sysconfig/xs_lan_device`
-    if [ "x$LAN_DEVICE" = "x" ]; then
-        logger "check-LAN: no lan expected"
-        exit_clean
-    else
-        if [ "$LAN_DEVICE" = "br0" ]; then
-            SLAVES=`egrep -rn BRIDGE=br0 /etc/sysconfig/network-scripts/ifcfg-* \
-            | gawk -F'[-:]' '{print $3}'`
-            SLAVE_COUNT=`egrep -rn BRIDGE=br0 /etc/sysconfig/network-scripts/ifcfg-* \
-            | wc | awk '{print $1}'`
-
-            logger "check-LAN: looking for $SLAVE_COUNT slaves"
-
-            while [ "$SLAVE_COUNT" > 1 ]; do 
-                TEST_SLAVE=`brctl show | tail -n $[ $SLAVE_COUNT - 1 ] | awk '{print $1}'`
-                if [ "x$TEST_SLAVE" = "x" ]; then
-                    logger "check-LAN: blank slave for number $SLAVE_COUNT"
-                    run_detect
-                else
-                    logger "check-LAN: slave number $SLAVE_COUNT $TEST_SLAVE present"
-                fi
-                SLAVE_COUNT="$[ $SLAVE_COUNT - 1 ]"
-                if [ "$SLAVE_COUNT" = 1 ]; then
-                    TEST_SLAVE=`brctl show | grep br0 | awk '{print $4}'`
-                    if [ "x$TEST_SLAVE" = "x" ]; then
-                        logger "check-LAN: single blank slave for number $SLAVE_COUNT"
-                        run_detect
-                    else
-                        logger "check-LAN: single slave number $SLAVE_COUNT $TEST_SLAVE present"
-                        exit_clean
-                    fi
-                fi
-            done
-        fi
-        LAN_IF=`ip -o addr | grep 172.18 | awk '{print $2}'`
-        if [ "$LAN_IF" = "$LAN_DEVICE" ]; then
-            logger "check-LAN: expected LAN matched $LAN_DEVICE"
-            exit_clean
-        fi
-    fi
-else
-    logger "check-LAN: unconfigured"
-    exit_clean
-fi