From 93d261e73ba519c2200b032833520e5c768589de Mon Sep 17 00:00:00 2001 From: Raphael Dannecker Date: Thu, 23 May 2024 09:58:41 +0200 Subject: [PATCH] Network devices are now only managed by NetworkManager. Systemd-networkd is no longer used. NetworkManager creates a MACVTAP device for each physical Ethernet device. When calling vm-run with option macvtap, all macvtap-devices are passed to the VM. --- lmn-client.yml | 16 +++++++++++++--- roles/lmn_vm/files/vm-run | 12 +++++++++++- roles/lmn_vm/tasks/main.yml | 14 ++++++++------ roles/lmn_wlan_iwd/tasks/main.yml | 15 ++++++++++----- 4 files changed, 42 insertions(+), 15 deletions(-) diff --git a/lmn-client.yml b/lmn-client.yml index d2da0a4..d2b0cb8 100644 --- a/lmn-client.yml +++ b/lmn-client.yml @@ -89,8 +89,6 @@ when: groups.localhome is defined and inventory_hostname in groups.localhome - role: lmn_teacherlaptop when: groups.teacherlaptop is defined and inventory_hostname in groups.teacherlaptop - - role: lmn_networkd - when: ansible_interfaces | select('search', 'enp.+') | length > 1 tasks: ## Temporary fixes and quirks: @@ -269,6 +267,13 @@ - /etc/sudoers.d/90-lmn-startvirtiofsd - /etc/sudoers.d/90-lmn-link-images - /etc/rsync.secret + - /etc/systemd/network/30-virbr1.netdev + - /etc/systemd/network/30-virbr2.netdev + - /etc/systemd/network/40-ethernet.network + - /etc/systemd/network/40-ethernet-usb.network + - /etc/systemd/network/50-virbr1.network + - /etc/systemd/network/50-virbr2.network + - /etc/systemd/network/60-wlan0-dhcp.network - name: check if vm_usage_information.txt exists stat: path=/lmn/vm/vm_usage_information.txt @@ -303,6 +308,12 @@ line: 'Listen 192.168.122.1:631' state: absent + - name: Remove NetworkManager Ansible-Block for non-laptops + blockinfile: + path: /etc/NetworkManager/NetworkManager.conf + state: absent + when: groups.laptop is defined and inventory_hostname not in groups.laptop + ## bookworm fixes/hacks: - name: Work around sddm hang on shutdown ansible.builtin.lineinfile: @@ -361,7 +372,6 @@ roles: - role: lmn_wlan_iwd when: ansible_interfaces | select('search', 'wl.+') | first is defined - - lmn_networkd - lmn_localuser tasks: - name: Remove deprecated files and directories (laptop-class) diff --git a/roles/lmn_vm/files/vm-run b/roles/lmn_vm/files/vm-run index 5ef6e2a..4214ae9 100755 --- a/roles/lmn_vm/files/vm-run +++ b/roles/lmn_vm/files/vm-run @@ -19,6 +19,7 @@ options: --os OS operating system (win10|linux|..) --data-disk size additional data-disk --bridge virbrX additional network interface on bridge virbrX + --macvtap additional network interface on device macvtap --options options additional options for virt-install command EOF } @@ -115,7 +116,7 @@ NO_VIEWER=0 source /etc/lmn/vm.conf -TEMP=$(getopt -o no:ps --long new,no-viewer,options:,persistent,system,memory:,data-disk:,heads:,cpu:,bridge:,os:,help -n $0 -- "$@") +TEMP=$(getopt -o no:ps --long new,no-viewer,options:,persistent,system,memory:,data-disk:,heads:,cpu:,bridge:,macvtap,os:,help -n $0 -- "$@") if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi eval set -- "$TEMP" @@ -180,6 +181,15 @@ while true; do fi shift 2 ;; + --macvtap ) + for interface in $(ip link | sed -En 's/.*(macvtap-.*)@.*/\1/p'); do + mac="$(ip link | grep -A1 "${interface}" | \ + sed -nE "s%\s+link/ether ([[:xdigit:]:]{17}) .+%\1%p")" + type="ethernet,mac=${mac},target.dev=${interface},xpath1.set=./target/@managed=no,model.type=virtio" + LIBVIRTOPTS="${LIBVIRTOPTS} --network type=$type" + done + shift + ;; --os ) LIBVIRTOSINFO=$2 shift 2 diff --git a/roles/lmn_vm/tasks/main.yml b/roles/lmn_vm/tasks/main.yml index d109fca..1aade31 100644 --- a/roles/lmn_vm/tasks/main.yml +++ b/roles/lmn_vm/tasks/main.yml @@ -215,29 +215,31 @@ - name: Configure macvtap interface ansible.builtin.copy: - dest: /etc/NetworkManager/system-connections/macvlan-vm-macvtap.nmconnection + dest: "/etc/NetworkManager/system-connections/macvlan-vm-macvtap-{{ item }}.nmconnection" mode: '0600' content: | [connection] - id=macvlan-vm-macvtap + id=macvlan-macvtap-{{ item[3:9] }} type=macvlan - interface-name=vm-macvtap + interface-name=macvtap-{{ item[3:9] }} [macvlan] mode=2 - parent={{ ansible_default_ipv4['interface'] }} + parent={{ item }} tap=true [ipv4] method=disabled [ipv6] method=disabled [proxy] + loop: "{{ ansible_interfaces | select('search', '^enp.+') }}" - name: Adjust interface permissions for user mode VMs ansible.builtin.copy: dest: /etc/udev/rules.d/80-macvlan.rules content: | - SUBSYSTEMS=="net", KERNELS=="vm-macvtap", MODE="0666" - + {% for interface in (ansible_interfaces | select('search', '^enp.+')) %} + SUBSYSTEMS=="net", KERNELS=="macvtap-{{ interface[3:9] }}", MODE="0666" + {% endfor %} - name: Create directory for local .desktop-Files ansible.builtin.file: diff --git a/roles/lmn_wlan_iwd/tasks/main.yml b/roles/lmn_wlan_iwd/tasks/main.yml index c8ff1c1..6265067 100644 --- a/roles/lmn_wlan_iwd/tasks/main.yml +++ b/roles/lmn_wlan_iwd/tasks/main.yml @@ -33,11 +33,16 @@ [Security] Passphrase={{ wifipasswd }} -- name: Enable systemd-networkd - ansible.builtin.systemd: - name: systemd-networkd.service - enabled: True - +- name: Use iwd (NetworkManager) + blockinfile: + dest: /etc/NetworkManager/NetworkManager.conf + block: | + [device] + match-device=interface-name:wl* + wifi.backend=iwd + [connection] + match-device=interface-name:wl* + ipv4.route-metric=2048 - name: Provide service to enable WiFi on boot ansible.builtin.copy: