From 46a0dfd0a659c4085696b9fc89021298a61b85a6 Mon Sep 17 00:00:00 2001
From: alex <alex@pdp7.net>
Date: Sat, 17 Dec 2022 20:57:20 +0100
Subject: [PATCH] Add Proxmox networking

---
 personal_infra/README.md                      | 27 +++++++++++++++++++
 personal_infra/playbooks/apply_puppet.yml     | 18 ++++++++++++-
 .../puppet/modules/proxmox/manifests/init.pp  | 11 ++++++++
 .../modules/proxmox/templates/interfaces.epp  | 18 +++++++++++++
 personal_infra/puppet/site/h1.pdp7.net.pp     |  1 +
 5 files changed, 74 insertions(+), 1 deletion(-)
 create mode 100644 personal_infra/puppet/modules/proxmox/manifests/init.pp
 create mode 100644 personal_infra/puppet/modules/proxmox/templates/interfaces.epp

diff --git a/personal_infra/README.md b/personal_infra/README.md
index 9d46689..0cd32d5 100644
--- a/personal_infra/README.md
+++ b/personal_infra/README.md
@@ -4,3 +4,30 @@ This is a collection of files I use setting up my personal infrastructure.
 This is a work in progress, as I am redoing a bit how I do configuration management.
 The main source is in a private repo, but I put here as much material as I can make public.
 Inventory, vaults, etc. remain in the private repo.
+
+## Ansible
+
+### Initial setup
+
+Symlink everything in this directory into your root infrastructure directory.
+
+Create an `inventory` file.
+
+Run `./setup_venv` to create a virtual environment.
+
+Create `vault_password` with a vault password.
+
+### Usage
+
+Run `. .venv/bin/activate` to activate the virtual environment.
+
+Run Ansible commands normally.
+
+## Ansible/Puppet integration
+
+I prefer using Ansible for orchestration, and Puppet for configuration management.
+
+`playbooks/apply_puppet.yml` runs Puppet using Ansible.
+The `puppet` directory contains Puppet manifests.
+
+The playbook adds the Ansible inventory to Puppet using Hiera.
diff --git a/personal_infra/playbooks/apply_puppet.yml b/personal_infra/playbooks/apply_puppet.yml
index 5267f1e..15ee4eb 100644
--- a/personal_infra/playbooks/apply_puppet.yml
+++ b/personal_infra/playbooks/apply_puppet.yml
@@ -27,8 +27,24 @@
       unarchive:
         src: "{{ local_temp.path }}/puppet.tar.gz"
         dest: "{{ remote_temp.path }}"
+    - name: dump variables
+      copy:
+        dest: "{{ remote_temp.path }}/vars.json"
+        content: "{{ hostvars }}"
+    - name: create hiera.yaml
+      copy:
+        dest: "{{ remote_temp.path }}/hiera.yaml"
+        content: |
+          version: 5
+          hierarchy:
+            - name: ansible
+              datadir: {{ remote_temp.path }}
+              path: vars.json
+              data_hash: json_data
     - name: run puppet
-      command: puppet apply {{ remote_temp.path }}
+      command: puppet apply {{ remote_temp.path }} --modulepath={{ remote_temp.path }}/puppet/modules --hiera_config={{ remote_temp.path }}/hiera.yaml
+      environment:
+        FACTER_ansible_inventory_hostname: "{{ inventory_hostname }}"
     - name: clean up local temporary directory
       file:
         state: absent
diff --git a/personal_infra/puppet/modules/proxmox/manifests/init.pp b/personal_infra/puppet/modules/proxmox/manifests/init.pp
new file mode 100644
index 0000000..dd06cdd
--- /dev/null
+++ b/personal_infra/puppet/modules/proxmox/manifests/init.pp
@@ -0,0 +1,11 @@
+class proxmox {
+  file {'/etc/network/interfaces':
+    content => epp('proxmox/interfaces', {
+      "network" => lookup("'$ansible_inventory_hostname'.network"),
+    }),
+  }
+  ~>
+  exec {'/usr/sbin/ifreload -a':
+    refreshonly => true
+  }
+}
diff --git a/personal_infra/puppet/modules/proxmox/templates/interfaces.epp b/personal_infra/puppet/modules/proxmox/templates/interfaces.epp
new file mode 100644
index 0000000..e0bfece
--- /dev/null
+++ b/personal_infra/puppet/modules/proxmox/templates/interfaces.epp
@@ -0,0 +1,18 @@
+auto lo
+iface lo inet loopback
+
+auto eno1
+iface eno1 inet static
+	address <%= $network['ip'] %>
+	netmask <%= $network['netmask'] %>
+	gateway <%= $network['gateway'] %>
+
+auto vmbr0
+iface vmbr0 inet static
+	address <%= $network['proxmox']['ip'] %>
+	netmask <%= $network['proxmox']['netmask'] %>
+	bridge_ports none
+	bridge_stp off
+	bridge_fd 0
+	post-up echo 1 > /proc/sys/net/ipv4/ip_forward
+	post-up iptables -t nat -A POSTROUTING -s '<%= $network['proxmox']['network'] %>' -o eno1 -j MASQUERADE
diff --git a/personal_infra/puppet/site/h1.pdp7.net.pp b/personal_infra/puppet/site/h1.pdp7.net.pp
index 7ddb4c5..3dd937c 100644
--- a/personal_infra/puppet/site/h1.pdp7.net.pp
+++ b/personal_infra/puppet/site/h1.pdp7.net.pp
@@ -1,2 +1,3 @@
 node 'h1.pdp7.net' {
+  class {'proxmox':}
 }
-- 
2.47.3