Refactor; allow udev rules to be applied from host_vars

automation/ansible/group_vars/all/packages.yml

@@ -1,8 +1,8 @@
 ---
-
 global_packages:
   Debian:
     - vim
     - mtr-tiny
     - traceroute
     - tcpdump
+    - ethtool

automation/ansible/host_vars/server1/udev.yml.example

@@ -0,0 +1,5 @@
+---
+udev_rules:
+  nic:
+    - 'SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="52:54:00:ce:2a:b2", NAME="xgei0"'
+    - 'SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="52:54:00:74:5b:6e", NAME="xgei1"'

automation/ansible/main.yml

@@ -5,8 +5,15 @@
   roles:
     - common
 
-- name: Router
+- name: Set up routers
   hosts: routers
   roles:
     - firewall
     - router
+
+- name: Restart if required
+  hosts: all
+  tasks:
+    - name: Reboot
+      ansible.builtin.reboot:
+      when: restart_required is defined

automation/ansible/roles/common/handlers/main.yml

@@ -0,0 +1,7 @@
+---
+- name: update initramfs
+  ansible.builtin.command: "update-initramfs -u"
+  # register: restart_required
+
+- name: trigger udev add
+  ansible.builtin.command: "udevadm trigger --action=add"

automation/ansible/roles/common/tasks/interfaces.yml

@@ -0,0 +1,27 @@
+---
+- name: Check whether vlan config is valid
+  ansible.builtin.assert:
+    that:
+      - item.value.name is defined if item.value.type == "eth"
+      - item.value.parent is defined if item.value.type == "vlan"
+      - item.value.parent in interfaces if item.value.parent is defined
+  with_items:
+    - interfaces
+
+- name: Create physical interfaces
+  community.general.interfaces_file:
+    dest: "/etc/network/interfaces.d/{{ item.key }}.conf"
+    iface: "{{ item.value.name }}"
+  with_items:
+    - interfaces | select(item.value.type != "vlan")
+
+- name: Create vlan interfaces
+  community.general.interfaces_file:
+    dest: "/etc/network/interfaces.d/{{ item.key }}.conf"
+    iface: "{{ interfaces[item.value.parent].name }}.{{ item.value.vlan_id }}"
+  with_items:
+    - interfaces | select(item.value.type == "vlan")
+
+- name: Restart networking
+  ansible.builtin.notify:
+    - restart networking

automation/ansible/roles/common/tasks/main.yml

@@ -1,7 +1,13 @@
 ---
 
 - name: Add ssh keys for root
-  ansible.builtin.include_tasks: root_sshkeys.yml
+  ansible.posix.authorized_key:
+    user: root
+    key: "{{ lookup('ansible.builtin.url', item) }}"
+    state: present  # Note: we don't remove other/existing keys
+  with_items:
+    - "{{ global_root_ssh_key_urls | default([]) }}"
+    - "{{ root_ssh_keys | default([]) }}"
 
 - name: Set hostname
   ansible.builtin.hostname:
@@ -12,3 +18,15 @@
   ansible.builtin.package:
     name: sudo
     state: present
+
+- name: Install standard packages
+  ansible.builtin.package:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - "{{ global_packages[ansible_os_family] | default([]) }}"
+    - "{{ local_packages | default([]) }}"
+
+- name: Configure udev rules
+  ansible.builtin.include_tasks: udev.yml
+  when: udev_rules is defined

automation/ansible/roles/common/tasks/packages.yml

@@ -1,10 +0,0 @@
----
-
-- name: Install standard packages
-  ansible.builtin.package:
-    name: "{{ item }}"
-    state: present
-  with_items: "{{
-    (global_packages[ansible_os_family] | default([])) +
-    (local_packages | default([]))
-  }}"

automation/ansible/roles/common/tasks/root_sshkeys.yml

@@ -1,11 +0,0 @@
----
-
-- name: Add public keys for root
-  ansible.posix.authorized_key:
-    user: root
-    key: "{{ lookup('ansible.builtin.url', item) }}"
-    state: present  # Note: we don't remove other/existing keys
-  with_items: "{{
-    (global_root_ssh_key_urls | default([])) +
-    (root_ssh_keys | default([]))
-  }}"

automation/ansible/roles/common/tasks/udev.yml

@@ -0,0 +1,17 @@
+---
+- name: Create /etc/udev/rules.d
+  ansible.builtin.file:
+    name: /etc/udev/rules.d
+    state: directory
+    mode: "755"
+
+- name: Template out to udev.d
+  ansible.builtin.template:
+    src: udev.rules.j2
+    dest: "/etc/udev/rules.d/{{ item.key }}.rules"
+    mode: "644"
+  with_items:
+    - "{{ udev_rules | dict2items }}"
+  notify:
+    - update initramfs
+    - trigger udev add

automation/ansible/roles/common/templates/udev.rules.j2

@@ -0,0 +1,9 @@
+{%- if item.value is string -%}
+{{ item.value }}
+{%- elif item.value is iterable -%}
+{% for val in item.value -%}
+{{ val }}
+{% endfor -%}
+{%- else -%}
+{{ ("udev_rules for " + item.key + " are incorrect")/0 }}
+{%- endif -%}