Implement better IP address/network notation.

2019-11-28 16:34:37 +01:00 · 2019-11-28 16:34:37 +01:00 · 2ff1354fe3
commit 2ff1354fe3
parent 3670bf6597
8 changed files with 9 additions and 10 deletions
--- a/installbox.yml
+++ b/installbox.yml
@ -16,7 +16,7 @@
    if_lan: "{{ ansible_interfaces | difference([if_wan, 'lo']) | first }}"

    ## LAN IP address range:
-    ipaddr_lan: 192.168.0.10
+    ipaddr_lan: 192.168.0.10/24
    dhcp_range: 192.168.0.50,192.168.0.150,2h
    dhcp_list: "{{ lookup('sequence', 'start=50 end=150 format=192.168.0.%d', wantlist=True) }}"

--- a/kerberox.yml
+++ b/kerberox.yml
@ -15,7 +15,7 @@
    if_lan: "{{ ansible_interfaces | difference([if_wan, 'lo']) | first }}"

    ## LAN IP address range:
-    ipaddr_lan: 192.168.0.10
+    ipaddr_lan: 192.168.0.10/24
    dhcp_range: 192.168.0.50,192.168.0.150,2h
    dhcp_list: "{{ lookup('sequence', 'start=50 end=150 format=192.168.0.%d', wantlist=True) }}"

--- a/roles/krb5-kdc-ldap/tasks/main.yml
+++ b/roles/krb5-kdc-ldap/tasks/main.yml
@ -176,7 +176,7 @@
 - name: "make 'kerberos' an alias hostname resolvable from the LAN"
  replace:
    path: /etc/hosts
-    regexp: "^({{ ipaddr_lan }}\\s.+)$"
+    regexp: "^({{ ipaddr_lan | ipaddr('address') }}\\s.+)$"
    replace: '\1	kerberos'
  when: not krb5kdc.stat.exists

--- a/roles/ldap/tasks/main.yml
+++ b/roles/ldap/tasks/main.yml
@ -65,7 +65,7 @@
 - name: "make 'ldap' an alias hostname resolvable from the LAN"
  replace:
    path: /etc/hosts
-    regexp: "^({{ ipaddr_lan }}\\s.+)$"
+    regexp: "^({{ ipaddr_lan | ipaddr('address') }}\\s.+)$"
    replace: '\1	ldap'
  when: not slapd.stat.exists

--- a/roles/nfs-server/tasks/main.yml
+++ b/roles/nfs-server/tasks/main.yml
@ -25,14 +25,14 @@
    dest: /etc/exports
    insertbefore: EOF
    block: |
-      {{ export_root }}         *(sec=krb5p,rw,fsid=0,crossmnt,no_subtree_check)
-      {{ export_root }}/home/   *(sec=krb5p,rw,no_subtree_check)
+      {{ export_root }}         {{ ipaddr_lan | ipaddr('subnet') }}(sec=krb5p,rw,fsid=0,crossmnt,no_subtree_check)
+      {{ export_root }}/home/   {{ ipaddr_lan | ipaddr('subnet') }}(sec=krb5p,rw,no_subtree_check)
  notify: "restart nfs-kernel-server"

 - name: "make 'nfs' an alias hostname resolvable from the LAN"
  replace:
    path: /etc/hosts
-    regexp: "^({{ ipaddr_lan }}\\s.+)$"
+    regexp: "^({{ ipaddr_lan | ipaddr('address') }}\\s.+)$"
    replace: '\1	nfs'
  when: not exports.stat.exists

--- a/roles/tftp-netboot-installer/tasks/main.yml
+++ b/roles/tftp-netboot-installer/tasks/main.yml
@ -30,4 +30,4 @@
  replace:
    path: /etc/hosts
    regexp: '^(127\.0\.1\.1.*)$'
-    replace: '#\1\n{{ ipaddr_lan }}	{{ ansible_hostname }}.{{ ansible_domain }}	{{ ansible_hostname }}'
+    replace: '#\1\n{{ ipaddr_lan | ipaddr("address") }}	{{ ansible_hostname }}.{{ ansible_domain }}	{{ ansible_hostname }}'
--- a/roles/two-interface-firewalld/templates/interfaces-static.j2
+++ b/roles/two-interface-firewalld/templates/interfaces-static.j2
@ -1,4 +1,4 @@
 auto {{ if_lan }}
 allow-hotplug {{ if_lan }}
 iface {{ if_lan }} inet static
-  address {{ ipaddr_lan }}/24
+  address {{ ipaddr_lan }}
--- a/roles/two-interface-shorewall/templates/interfaces-static.j2
+++ b/roles/two-interface-shorewall/templates/interfaces-static.j2
@ -2,4 +2,3 @@ auto {{ if_lan }}
 allow-hotplug {{ if_lan }}
 iface {{ if_lan }} inet static
  address {{ ipaddr_lan }}
-  netmask 255.255.255.0