Skip to content

Commit

Permalink
[WIP] Add playbooks to set up the nat64 net and VM
Browse files Browse the repository at this point in the history 
TODOs:
- Tests
  • Loading branch information
@hjensas
hjensas committed May 14, 2024
1 parent 5796e8f commit 3df99e3
Show file tree
Hide file tree
Showing 13 changed files with 413 additions and 15 deletions.
2 changes: 1 addition & 1 deletion roles/config_drive/templates/network-config.j2
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{{ cifmw_config_drive_networkconfig | to_nice_yaml(indent=2, default_style="\"") }}
{{ cifmw_config_drive_networkconfig | to_nice_yaml(indent=2) }}
51 changes: 44 additions & 7 deletions roles/nat64_appliance/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,31 @@
# nat64_appliance

`diskimage-builder` definition and element to build a NAT64 + DNS64 appliance VM image.
`main.yml`: Tasks to build a NAT64 + DNS64 appliance VM image, uses `diskimage-builder`.
`deploy.yml`: Tasks to deploy networks and appliance VM on a libvirt hypervisor.
`cleanup.yml`: Tasks to destroy and undefine the VM and networks on a libvirt hypervisor, and delete the built image.

## Parameters

* `cifmw_nat64_appliance_basedir`: (String) Base directory. Defaults to `{{ cifmw_basedir }}` which defaults to `~/ci-framework-data`.
* `cifmw_nat64_appliance_workdir`: (String) Working directory. Defaults to `{{ cifmw_nat64_appliance_basedir }}/nat64_appliance`.
* `cifmw_nat64_appliance_venv_dir`: (String) Python virtual environment directory. Defaults to `{{ cifmw_nat64_appliance_workdir }}/venv`.
* `cifmw_nat64_libvirt_uri`: (String) The libvirt URI for the hypervisor to deploy on. Defaults to `qemu:///system`.
* `cifmw_nat64_network_ipv4_name`: (String) Name of the nat64 IPv4 libvirt network. Defaults to: `nat64-net-v4`.
* `cifmw_nat64_network_ipv4_bridge_name`: (String) Bridge name for the nat64 IPv4 libvirt network. Defaults to: `br-64v4`.
* `cifmw_nat64_network_ipv4_address`: (String) IP address for the nat64 IPv4 libvirt network. Defaults to: `172.31.255.1`.
* `cifmw_nat64_network_ipv4_prefix`: (Integer) IP prefix length for the nat64 IPv4 libvirt network. Defaults to: `24`.
* `cifmw_nat64_network_ipv6_name`: (String) Name of the nat64 IPv6 libvirt network. Defaults to: `nat64-net-v6`.
* `cifmw_nat64_network_ipv6_bridge_name`: (String) The bridge name for the nat64 IPv6 libvirt network. Defaults to: `br-64v6`.
* `cifmw_nat64_network_ipv6_address`: (String) IP address for the nat64 IPv6 libvirt network. Defaults to: `fd00:abcd:abcd:fc00::1`.
* `cifmw_nat64_network_ipv6_prefix`: (Integer) IP prefix length for the nat64 IPv6 libvirt network. Defaults to: `64`.
* `cifmw_nat64_appliance_name`: (String) Name and hostname for the nat64 appliance VM. Defaults to: `nat64-appliance`.
* `cifmw_nat64_appliance_ipv4_address`: (String) IPv4 address for the nat64 appliance VM. Defaults to: `172.31.255.2`.
* `cifmw_nat64_appliance_ipv6_address`: (String) IPv6 address for the nat64 appliance VM. Defaults to: `fd00:abcd:abcd:fc00::2`.
* `cifmw_nat64_appliance_memory`: (Integer) Memory in GiB for the nat64 appliance VM. Defaults to: `2`.
* `cifmw_nat64_appliance_cpus`: (Interger) Virtual CPUs for the nat64 appliance VM. Defaults to: `2`.
* `cifmw_nat64_appliance_ssh_pub_key`: (String) Path to ssh public key for the nat64 appliance VM. Defaults to: `{{ ansible_user_dir }}/.ssh/id_rsa.pub`
* `cifmw_nat64_ipv6_prefix`: (String) IPv6 prefix for nat64. Defaults to: `fd00:abcd:abcd:fc00::/64`.
* `cifmw_nat64_ipv6_tayga_address`: (String) Tayga IPv6 address. Defaults to: `fd00:abcd:abcd:fc00::3`.

## Building the image

Expand All @@ -18,12 +37,34 @@ Include the `nat64_appliance` role in a playbook. For example:
roles:
- nat64_appliance
```
The built image will be in: `{{ cifmw_basedir }}/artifacts/roles/nat64-appliance/nat64-appliance.qcow2`

The built image will be in: `{{ cifmw_nat64_appliance_workdir }}/nat64-appliance.qcow2`

## Using the nat64-appliance

- [With Openstack cloud](#with-openstack-cloud){#toc-with-openstack-cloud}
- [With Libvirt](#with-libvirt){#toc-with-libvirt}
- [With Openstack cloud](#with-openstack-cloud){#toc-with-openstack-cloud}

### With Libvirt

```
- name: "Build nat64 appliance image"
ansible.builtin.include_role:
name: nat64_appliance
- name: "Deploy the nat64 appliance and networks"
ansible.builtin.include_role:
name: nat64_appliance
tasks_from: deploy.yml
```

To clenup the libvirt nat64 deployment:
```
- name: "Build nat64 appliance image"
ansible.builtin.include_role:
name: nat64_appliance
tasks_from: cleanup.yml
```


### With Openstack cloud

Expand Down Expand Up @@ -220,7 +261,3 @@ $ ssh -J [email protected] fedora@fd00:abcd:aaaa:fc00::2b8
PING sunet.se(fd00:abcd:abcd:fcff::259c:c033 (fd00:abcd:abcd:fcff::259c:c033)) 56 data bytes
64 bytes from fd00:abcd:abcd:fcff::259c:c033 (fd00:abcd:abcd:fcff::259c:c033): icmp_seq=1 ttl=53 time=4.91 ms
```

### With Libvirt

TODO
21 changes: 21 additions & 0 deletions roles/nat64_appliance/defaults/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,24 @@ cifmw_nat64_appliance_basedir: >-
}}
cifmw_nat64_appliance_workdir: "{{ cifmw_nat64_appliance_basedir }}/nat64_appliance"
cifmw_nat64_appliance_venv_dir: "{{ cifmw_nat64_appliance_workdir }}/venv"

cifmw_nat64_libvirt_uri: "qemu:///system"
cifmw_nat64_network_ipv4_name: nat64-net-v4
cifmw_nat64_network_ipv4_bridge_name: br-64v4
cifmw_nat64_network_ipv4_address: 172.31.255.1
cifmw_nat64_network_ipv4_prefix: 24

cifmw_nat64_network_ipv6_name: nat64-net-v6
cifmw_nat64_network_ipv6_bridge_name: br-64v6
cifmw_nat64_network_ipv6_address: fd00:abcd:abcd:fc00::1
cifmw_nat64_network_ipv6_prefix: 64
cifmw_nat64_appliance_name: nat64-appliance
cifmw_nat64_appliance_ipv4_address: 172.31.255.2
cifmw_nat64_appliance_ipv6_address: fd00:abcd:abcd:fc00::2

cifmw_nat64_appliance_memory: 2
cifmw_nat64_appliance_cpus: 2
cifmw_nat64_appliance_ssh_pub_key: "{{ ansible_user_dir }}/.ssh/id_rsa.pub"

cifmw_nat64_ipv6_prefix: "fd00:abcd:abcd:fc00::/64"
cifmw_nat64_ipv6_tayga_address: "fd00:abcd:abcd:fc00::3"
11 changes: 11 additions & 0 deletions roles/nat64_appliance/files/nat64-appliance.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
- block-device-efi
- package-installs
- nat64-router
- reset-bls-entries # Requires edpm-image-builder elements.
environment:
DIB_RELEASE: '9-stream'
DIB_PYTHON_VERSION: '3'
Expand All @@ -34,6 +35,16 @@
- name: BSP
type: 'EF02'
size: 8MiB
- name: boot
type: '8300'
size: 512MiB
mkfs:
type: xfs
mount:
mount_point: /boot
fstab:
options: "defaults"
fsck-passno: 1
- name: root
type: '8300'
size: 100%
Expand Down
16 changes: 13 additions & 3 deletions roles/nat64_appliance/molecule/default/converge.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,20 @@
# under the License.

- name: Converge
hosts: all
hosts: instance
tasks:
- name: Set selinux permissive
become: true
ansible.posix.selinux:
policy: targeted
state: permissive

- name: Build nat64 appliance image
vars:
extra_args: "--dry-run"
ansible.builtin.include_role:
name: nat64_appliance

- name: Set selinux permissive
become: true
ansible.posix.selinux:
policy: targeted
state: enforcing
3 changes: 1 addition & 2 deletions roles/nat64_appliance/molecule/default/prepare.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,7 @@
# License for the specific language governing permissions and limitations
# under the License.


- name: Prepare
hosts: all
roles:
- role: test_deps
- role: test_deps
35 changes: 35 additions & 0 deletions roles/nat64_appliance/tasks/cleanup.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,38 @@
ansible.builtin.file:
state: absent
path: "{{ cifmw_nat64_appliance_workdir }}/nat64-appliance.qcow2"

- name: Stop the nat64_appliance VM
community.libvirt.virt:
command: destroy
name: "{{ cifmw_nat64_appliance_name }}"
uri: "{{ cifmw_nat64_libvirt_uri }}"

- name: Undefine the nat64_appliance VM
community.libvirt.virt:
command: undefine
name: "{{ cifmw_nat64_appliance_name }}"
force: true
uri: "{{ cifmw_nat64_libvirt_uri }}"

- name: Destroy the nat64 networks
register: net_destroy
community.libvirt.virt_net:
command: destroy
name: "{{ item }}"
uri: "{{ cifmw_nat64_libvirt_uri }}"
loop:
- "{{ cifmw_nat64_network_ipv4_name }}"
- "{{ cifmw_nat64_network_ipv6_name }}"
failed_when:
- net_destroy.rc is defined
- net_destroy.rc > 1

- name: Undefine the nat64 networks
community.libvirt.virt_net:
command: undefine
name: "{{ item }}"
uri: "{{ cifmw_nat64_libvirt_uri }}"
loop:
- "{{ cifmw_nat64_network_ipv4_name }}"
- "{{ cifmw_nat64_network_ipv6_name }}"
108 changes: 108 additions & 0 deletions roles/nat64_appliance/tasks/deploy.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
---
- name: Set MAC address facts
ansible.builtin.set_fact:
cifmw_nat64_appliance_ipv4_mac_address: "{{ '52:54:00' | community.general.random_mac }}"
cifmw_nat64_appliance_ipv6_mac_address: "{{ '52:54:00' | community.general.random_mac }}"

- name: Create the IPv4 libvirt network for nat64
community.libvirt.virt_net:
command: define
name: "{{ cifmw_nat64_network_ipv4_name }}"
xml: "{{ lookup('template', 'ipv4_network.xml.j2') }}"
uri: "{{ cifmw_nat64_libvirt_uri }}"

- name: Ensure the IPv4 libvirt network for nat64 is created/started
community.libvirt.virt_net:
command: create
name: "{{ cifmw_nat64_network_ipv4_name }}"
uri: "{{ cifmw_nat64_libvirt_uri }}"

- name: Ensure the IPv4 libvirt network for nat64 is active
community.libvirt.virt_net:
state: active
name: "{{ cifmw_nat64_network_ipv4_name }}"
uri: "{{ cifmw_nat64_libvirt_uri }}"

- name: Ensure the IPv4 libvirt network for nat64 is enabled to autostart
community.libvirt.virt_net:
autostart: true
name: "{{ cifmw_nat64_network_ipv4_name }}"
uri: "{{ cifmw_nat64_libvirt_uri }}"

- name: Create the IPv6 libvirt network for nat64
community.libvirt.virt_net:
command: define
name: "{{ cifmw_nat64_network_ipv6_name }}"
xml: "{{ lookup('template', 'ipv6_network.xml.j2') }}"
uri: "{{ cifmw_nat64_libvirt_uri }}"

- name: Ensure the IPv6 libvirt network for nat64 is created/started
community.libvirt.virt_net:
command: create
name: "{{ cifmw_nat64_network_ipv6_name }}"
uri: "{{ cifmw_nat64_libvirt_uri }}"

- name: Ensure the IPv6 libvirt network for nat64 network is active
community.libvirt.virt_net:
state: active
name: "{{ cifmw_nat64_network_ipv6_name }}"
uri: "{{ cifmw_nat64_libvirt_uri }}"

- name: Ensure the IPv6 libvirt network for nat64 is enabled to autostart
community.libvirt.virt_net:
autostart: true
name: "{{ cifmw_nat64_network_ipv6_name }}"
uri: "{{ cifmw_nat64_libvirt_uri }}"

- name: "Generate nat64-appliance UUID"
ansible.builtin.set_fact:
nat64_appliance_uuid: "{{ 99999999 | random | to_uuid | lower }}"

- name: "Create the config-drive ISO for the nat64-appliance"
vars:
cifmw_config_drive_iso_image: "{{ cifmw_nat64_appliance_workdir }}/{{ nat64_appliance_uuid }}.iso"
cifmw_config_drive_uuid: "{{ nat64_appliance_uuid }}"
cifmw_config_drive_name: "{{ cifmw_nat64_appliance_name }}"
cifmw_config_drive_hostname: "{{ cifmw_nat64_appliance_name }}"
cifmw_config_drive_userdata:
ssh_authorized_keys:
- "{{ lookup('file', cifmw_nat64_appliance_ssh_pub_key) }}"
write_files:
- path: "/etc/nat64/config-data"
owner: "root:root"
content: "{{ lookup('template', 'config-data.j2') }}"
cifmw_config_drive_networkconfig:
network:
version: 2
ethernets:
id0:
match:
macaddress: "{{ cifmw_nat64_appliance_ipv4_mac_address }}"
addresses:
- "{{ cifmw_nat64_appliance_ipv4_address }}/{{ cifmw_nat64_network_ipv4_prefix }}"
routes:
- to: "0.0.0.0/0"
via: "{{ cifmw_nat64_network_ipv4_address }}"
on-link: true
nameservers:
addresses:
- "{{ cifmw_nat64_network_ipv4_address }}"
id1:
match:
macaddress: "{{ cifmw_nat64_appliance_ipv6_mac_address }}"
addresses:
- "{{ cifmw_nat64_appliance_ipv6_address }}/{{ cifmw_nat64_network_ipv6_prefix }}"
ansible.builtin.include_role:
name: config_drive

- name: "Define nat64-appliance VM"
community.libvirt.virt:
command: define
xml: "{{ lookup('template', 'domain.xml.j2') }}"
uri: "{{ cifmw_nat64_libvirt_uri }}"

- name: "Start VMs for type {{ vm_type }}"
community.libvirt.virt:
state: running
name: "{{ cifmw_nat64_appliance_name }}"
uri: "{{ cifmw_nat64_libvirt_uri }}"
9 changes: 7 additions & 2 deletions roles/nat64_appliance/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@
state: directory
mode: "0755"


- name: Install required RPM packages
tags:
- packages
Expand Down Expand Up @@ -61,9 +60,15 @@
- "elements/"
- nat64-appliance.yaml

- name: Clone edpm-image-builder (reset-bls-entries dib element)
ansible.builtin.git:
repo: https://github.com/openstack-k8s-operators/edpm-image-builder.git
dest: "{{ cifmw_nat64_appliance_workdir }}/edpm-image-builder"
version: main

- name: Build the nat64-appliance image using DIB
environment:
ELEMENTS_PATH: "{{ cifmw_nat64_appliance_workdir }}/elements"
ELEMENTS_PATH: "{{ cifmw_nat64_appliance_workdir }}/elements:{{ cifmw_nat64_appliance_workdir }}/edpm-image-builder/dib/"
DIB_IMAGE_CACHE: "{{ cifmw_nat64_appliance_workdir }}/cache"
cifmw.general.ci_script:
chdir: "{{ cifmw_nat64_appliance_workdir }}"
Expand Down
8 changes: 8 additions & 0 deletions roles/nat64_appliance/templates/config-data.j2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# The IPv6 ip subnet, for example: fd00:abcd:abcd:fc00::/64
NAT64_IPV6_PREFIX={{ cifmw_nat64_ipv6_prefix }}

# The IPv6 host address, for example: fd00:abcd:abcd:fc00::2
NAT64_HOST_IPV6={{ cifmw_nat64_appliance_ipv6_address }}

# The IPv6 address used for the tayga tun interface, for example: fd00:abcd:abcd:fc00::3
NAT64_TAYGA_IPV6={{ cifmw_nat64_ipv6_tayga_address }}
Loading

0 comments on commit 3df99e3

Please sign in to comment.