From 55920c002528c55190cc2c7fed1ad491fc9fa374 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sun, 10 Oct 2021 11:57:00 -0500
Subject: [PATCH] vmhost: Define VM/storage networks

Originally, the network configuration for the VM networks and the
storage network was configured using the *netifaces* role.  This has
effectively stopped working in recent versions of Fedora, as it sort of
relied on `dhcpcd`, which has not been maintained in Fedora for a while
and no longer behaves correctly.  After evaluating *NetworkManager* as a
replacement, I decided that *systemd-networkd* is a more appropriate
solution.

There are effectively two "layers" of network configuration needed for
the VM hosts: the host-specific settings, and the common settings.  The
host-specific settings include such properties as the IP address of the
management interface and the names of the physical ports that make up
the bonded interfaces.  The common settings are the bonded interfaces,
the VLAN interfaces created on top of the bond, and the bridges that
provide access to VMs.

To configure the host-specific settings, each host simply needs the
appropriate `networkd_*` variables in its `host_vars` file.  For the
common settings, we apply the *systemd-networkd* role again in the
`vmhost.yml` with different values for these variables.  Thus,
effectively, `systemd-networkd.yml` manages the host-specific settings,
while `vmhost.yml` manages the common settings.
---
 group_vars/vm-hosts.yml | 155 ++++++++++++++++++++++++++++++++++++++++
 vmhost.yml              |  10 +++
 2 files changed, 165 insertions(+)

diff --git a/group_vars/vm-hosts.yml b/group_vars/vm-hosts.yml
index 7cac2de..c3515a9 100644
--- a/group_vars/vm-hosts.yml
+++ b/group_vars/vm-hosts.yml
@@ -17,3 +17,158 @@ mount_shared_volumes:
   host: '[{{ lookup("dig", storage_host, "qtype=AAAA") }}]'
   share: /volume1/VirtualMachines
   opts: vers=4,intr
+
+vmhost_netdevs:
+- name: 40-bond0
+  NetDev:
+    Description: Bonded link for Virtual Machines
+    Name: bond0
+    Kind: bond
+  Bond:
+    Mode: 802.3ad
+    MIIMonitorSec: 100ms
+- name: 40-bond1
+  NetDev:
+    Description: Bonded link for storage network
+    Name: bond1
+    Kind: bond
+  Bond:
+    Mode: 802.3ad
+    MIIMonitorSec: 100ms
+
+- name: 50-vlan1
+  NetDev:
+    Description: pyrocufflink.blue network (VLAN 1)
+    Name: vlan1
+    Kind: vlan
+  VLAN:
+    Id: 1
+- name: 51-vlan10
+  NetDev:
+    Description: Management network (VLAN 10)
+    Name: vlan10
+    Kind: vlan
+  VLAN:
+    Id: 10
+- name: 52-vlan101
+  NetDev:
+    Description: pyrocufflink.red network (VLAN 101)
+    Name: vlan101
+    Kind: vlan
+  VLAN:
+    Id: 101
+- name: 52-vlan102
+  NetDev:
+    Description: Camera network (VLAN 102)
+    Name: vlan102
+    Kind: vlan
+  VLAN:
+    Id: 102
+
+- name: 60-prod
+  NetDev:
+    Description: pyrocufflink.blue VM network bridge
+    Name: br0
+    Kind: bridge
+- name: 60-mgmt
+  NetDev:
+    Description: Management VM network bridge
+    Name: mgmt
+    Kind: bridge
+- name: 60-test
+  NetDev:
+    Description: pyrocufflink.red VM network bridge
+    Name: br1
+    Kind: bridge
+- name: 60-camera
+  NetDev:
+    Description: Camera VM network bridge
+    Name: camera
+    Kind: bridge
+
+vmhost_networks:
+- name: 40-bond0
+  Match:
+    Name: bond0
+  Network:
+    Description: VM network bond
+    DHCP: 'no'
+    LinkLocalAddressing: 'no'
+    VLAN:
+    - vlan1  # pyrocufflink.blue
+    - vlan10  # Management
+    - vlan101  # pyrocufflink.red
+    - vlan102  # Cameras
+- name: 40-bond1
+  Match:
+    Name: bond1
+  Network:
+    Description: Storage network bond
+    DHCP: 'no'
+    Address: '{{ storage_net_address }}'
+    IPv6AcceptRA: 'no'
+    RequiredFamilyForOnline: ipv6
+  Link:
+    MTUBytes: 9000
+
+- name: 50-vlan1
+  Match:
+    Name: vlan1
+  Network:
+    Description: pyrocufflink.blue network
+    DHCP: 'no'
+    LinkLocalAddressing: 'no'
+    Bridge: br0
+- name: 51-vlan10
+  Match:
+    Name: vlan10
+  Network:
+    Description: Management network
+    DHCP: 'no'
+    LinkLocalAddressing: 'no'
+    Bridge: mgmt
+- name: 52-vlan101
+  Match:
+    Name: vlan101
+  Network:
+    Description: pyrocufflink.red network
+    DHCP: 'no'
+    LinkLocalAddressing: 'no'
+    Bridge: br1
+- name: 52-vlan102
+  Match:
+    Name: vlan102
+  Network:
+    Description: Camera network
+    DHCP: 'no'
+    LinkLocalAddressing: 'no'
+    Bridge: camera
+
+- name: 60-prod
+  Match:
+    Name: br0
+  Network:
+    Description: pyrocufflink.blue VM network bridge
+    DHCP: 'no'
+    LinkLocalAddressing: 'no'
+- name: 60-mgmt
+  Match:
+    Name: mgmt
+  Network:
+    Description: Management VM network bridge
+    DHCP: 'no'
+    LinkLocalAddressing: 'no'
+- name: 60-test
+  Match:
+    Name: test
+  Network:
+    Description: pyrocufflink.red VM network bridge
+    DHCP: 'no'
+    LinkLocalAddressing: 'no'
+- name: 60-camera
+  Match:
+    Name: camera
+  Network:
+    Description: Camera VM network bridge
+    DHCP: 'no'
+    LinkLocalAddressing: 'no'
diff --git a/vmhost.yml b/vmhost.yml
index 421e1b0..d5d9378 100644
--- a/vmhost.yml
+++ b/vmhost.yml
@@ -1,3 +1,13 @@
+- hosts: vm-hosts:&networkd
+  roles:
+  - role: systemd-networkd
+    vars:
+      networkd_links: []
+      networkd_devices: '{{ vmhost_netdevs }}'
+      networkd_networks: '{{ vmhost_networks }}'
+    tags:
+    - networkd
+    - netconfig
 - hosts: vm-hosts
   roles:
   - vmhost