diff --git a/roles/access/tasks/main.yml b/roles/access/tasks/main.yml index 7739bdb..0cd612b 100644 --- a/roles/access/tasks/main.yml +++ b/roles/access/tasks/main.yml @@ -15,7 +15,7 @@ ansible.netcommon.cli_config: config: '{{ lookup("template", "config-"~manufacturer~"-"~device_type~".j2") }}' vars: - ansible_command_timeout: 240 + ansible_command_timeout: 60 ansible_terminal_stderr_re: [] # some errors are not actually errors register: result # These lines are not displayed by 'sho ru' and always reported as different, so ignore them. diff --git a/roles/access/templates/config-d-link.j2 b/roles/access/templates/config-d-link.j2 index 3250be7..283e4ec 100644 --- a/roles/access/templates/config-d-link.j2 +++ b/roles/access/templates/config-d-link.j2 @@ -10,7 +10,6 @@ ip ssh server vlan {{ vlans | map(attribute='vid') | compact_numlist }} -{# bond members #} {% for iface in interfaces | selectattr('lag') %} interface {{ iface.name }} {% if iface.enabled %} no{% endif %} shutdown @@ -18,21 +17,13 @@ interface {{ iface.name }} {% endfor %} -{# access interfaces #} {%- set mgmt = namespace(ip=false, gw=false) %} {%- for iface in interfaces | rejectattr('lag') %} interface {{ iface.name }} -{# common setup for user-facing interfaces #} -{% if iface.type.value != 'lag' and not iface.mgmt_only %} - switchport port-security - switchport port-security maximum 250 - switchport port-security violation shutdown - switchport port-security aging time 5 - switchport port-security aging type inactivity +{% if iface.type.value != 'lag' %} {% if iface.enabled %} no shutdown{% else %} shutdown{% endif %} {% endif %} -{# set VLAN for untagged ports #} {%+ if iface.mode and iface.mode.value == 'access' %} switchport mode access {% if iface.untagged_vlan and iface.untagged_vlan.vid != 1 %} @@ -46,9 +37,6 @@ interface {{ iface.name }} no voice vlan enable {% endif %} -{# set tagged and native VLANs for tagged ports #} -{# if native (untagged) VLAN is set, add it to the list of tagged VLANs #} -{# without this, the switch won’t forward traffic #} {%+ elif iface.mode and iface.mode.value == 'tagged' %} switchport mode trunk {% if iface.untagged_vlan %} @@ -60,12 +48,10 @@ interface {{ iface.name }} {% endif %} switchport trunk allowed vlan {{ iface_vlans | map(attribute='vid') | compact_numlist }} -{# we don’t support any other mode #} {%+ else %} {% endif %} -{# store management address and gateway for later #} {%- if iface.mgmt_only and iface.ip_addresses %} {% set mgmt.ip = iface.ip_addresses[0].address %} {% if iface.custom_fields.gateway %} @@ -80,7 +66,6 @@ interface {{ iface.name }} {% endif %} {% endfor %} -{# management VLAN #} {%- if mgmt.ip %} interface Vlan1 ip address {{ mgmt.ip | ipaddr('address') }} {{ mgmt.ip | ipaddr('netmask') }} diff --git a/roles/exit/tasks/keepalived.yml b/roles/exit/tasks/keepalived.yml index 8c554eb..a9edf50 100644 --- a/roles/exit/tasks/keepalived.yml +++ b/roles/exit/tasks/keepalived.yml @@ -3,13 +3,13 @@ block: - name: Install deps for keepalived package: - name: autoconf,automake,build-essential,pkg-config,libxtables-dev,libip4tc-dev,libip6tc-dev,libnl-3-dev,libnl-genl-3-dev,libssl-dev + name: autoconf,automake,build-essential,pkg-config,libxtables-dev,libip4tc-dev,libip6tc-dev,libipset-dev,libnl-3-dev,libnl-genl-3-dev,libssl-dev - name: Checkout keepalived source git: repo: https://github.com/acassen/keepalived dest: /usr/local/src/keepalived - version: v2.3.2 + version: v2.2.7 - name: Build and install keepalived shell: | diff --git a/roles/exit/tasks/radvd.yml b/roles/exit/tasks/radvd.yml index 000fb0c..0642042 100644 --- a/roles/exit/tasks/radvd.yml +++ b/roles/exit/tasks/radvd.yml @@ -5,7 +5,6 @@ - name: Install deps for radvd package: name: autoconf,automake,bison,build-essential,flex,gettext,libtool,pkg-config,libbsd-dev,libbsd0 - update_cache: true - name: Checkout radvd source git: