diff --git a/roles/network/tasks/iptables.yml b/roles/2-common/tasks/iptables.yml similarity index 81% rename from roles/network/tasks/iptables.yml rename to roles/2-common/tasks/iptables.yml index 0025fab99..eb3a27b1f 100644 --- a/roles/network/tasks/iptables.yml +++ b/roles/2-common/tasks/iptables.yml @@ -47,10 +47,9 @@ group='root' mode={{ item.2 }} with_items: - - { 0: 'roles/network/templates/gateway/iptables-config', 1: '/etc/sysconfig/iptables-config', 2: '0644' } - - { 0: 'roles/network/templates/gateway/check-LAN', 1: '/usr/bin/check-LAN', 2: '0755' } + - { 0: 'iptables-config', 1: '/etc/sysconfig/iptables-config', 2: '0644' } - name: Install Debian config - template: src=roles/network/templates/gateway/iptables dest=/etc/network/if-pre-up.d/iptables + template: src=iptables dest=/etc/network/if-pre-up.d/iptables mode=0755 when: is_debuntu diff --git a/roles/2-common/tasks/main.yml b/roles/2-common/tasks/main.yml index ad0604c0d..8b8df2f2e 100644 --- a/roles/2-common/tasks/main.yml +++ b/roles/2-common/tasks/main.yml @@ -18,7 +18,7 @@ # the following installs common packages for both debian and fedora - include_tasks: packages.yml -- include_tasks: roles/network/tasks/iptables.yml +- include_tasks: iptables.yml - sysctl: name=net.ipv4.ip_forward value=1 state=present - sysctl: name=net.ipv4.conf.default.rp_filter value=1 state=present diff --git a/roles/network/templates/gateway/iptables b/roles/2-common/templates/iptables similarity index 100% rename from roles/network/templates/gateway/iptables rename to roles/2-common/templates/iptables diff --git a/roles/network/templates/gateway/iptables-config b/roles/2-common/templates/iptables-config similarity index 100% rename from roles/network/templates/gateway/iptables-config rename to roles/2-common/templates/iptables-config diff --git a/roles/network/templates/gateway/check-LAN b/roles/network/templates/gateway/check-LAN deleted file mode 100755 index 659f7590e..000000000 --- a/roles/network/templates/gateway/check-LAN +++ /dev/null @@ -1,61 +0,0 @@ -#!/bin/bash -run_detect(){ - logger "check-LAN: running reconfig" - cd /opt/schoolserver/iiab - /opt/schoolserver/iiab/runtags network > /dev/null - logger "check-LAN: completed reconfig" - exit 0 -} - -exit_clean(){ - logger "check-LAN: completed - nothing to do" - exit 0 -} - -logger "check-LAN: startup" - -if [ -f /etc/sysconfig/xs_lan_device ]; then - LAN_DEVICE=`cat /etc/sysconfig/xs_lan_device` - if [ "x$LAN_DEVICE" = "x" ]; then - logger "check-LAN: no lan expected" - exit_clean - else - if [ "$LAN_DEVICE" = "br0" ]; then - SLAVES=`egrep -rn BRIDGE=br0 /etc/sysconfig/network-scripts/ifcfg-* \ - | gawk -F'[-:]' '{print $3}'` - SLAVE_COUNT=`egrep -rn BRIDGE=br0 /etc/sysconfig/network-scripts/ifcfg-* \ - | wc | awk '{print $1}'` - - logger "check-LAN: looking for $SLAVE_COUNT slaves" - - while [ "$SLAVE_COUNT" > 1 ]; do - TEST_SLAVE=`brctl show | tail -n $[ $SLAVE_COUNT - 1 ] | awk '{print $1}'` - if [ "x$TEST_SLAVE" = "x" ]; then - logger "check-LAN: blank slave for number $SLAVE_COUNT" - run_detect - else - logger "check-LAN: slave number $SLAVE_COUNT $TEST_SLAVE present" - fi - SLAVE_COUNT="$[ $SLAVE_COUNT - 1 ]" - if [ "$SLAVE_COUNT" = 1 ]; then - TEST_SLAVE=`brctl show | grep br0 | awk '{print $4}'` - if [ "x$TEST_SLAVE" = "x" ]; then - logger "check-LAN: single blank slave for number $SLAVE_COUNT" - run_detect - else - logger "check-LAN: single slave number $SLAVE_COUNT $TEST_SLAVE present" - exit_clean - fi - fi - done - fi - LAN_IF=`ip -o addr | grep 172.18 | awk '{print $2}'` - if [ "$LAN_IF" = "$LAN_DEVICE" ]; then - logger "check-LAN: expected LAN matched $LAN_DEVICE" - exit_clean - fi - fi -else - logger "check-LAN: unconfigured" - exit_clean -fi