From 7a4a868d416c18733b12acd1774f40fe9303062c Mon Sep 17 00:00:00 2001 From: Timotej Lazar Date: Wed, 22 Oct 2025 18:46:49 +0200 Subject: [PATCH] alpine: add support for VRF interfaces MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Mostly so we can merge the firewall role from the network repo, there aren’t any other current users. --- roles/alpine/templates/interfaces.j2 | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/roles/alpine/templates/interfaces.j2 b/roles/alpine/templates/interfaces.j2 index 98126f0..a18ebbe 100644 --- a/roles/alpine/templates/interfaces.j2 +++ b/roles/alpine/templates/interfaces.j2 @@ -5,6 +5,16 @@ iface lo {% endif -%} +{# Define VRFs. #} +{% for vrf in interfaces | selectattr("vrf") | map(attribute="vrf.name") %} +auto {{ vrf }} +iface {{ vrf }} + pre-up ip link add $IFACE type vrf table {{ 100 + loop.index }} + up ip link set dev $IFACE up + post-down ip link del $IFACE + +{% endfor -%} + {# Skip disabled and OOB management interfaces. #} {# For VMs we have to set the attribute manually (to false) so rejectattr works. #} {% for iface in interfaces @@ -13,6 +23,10 @@ iface lo | selectattr('enabled') %} auto {{ iface.name }} iface {{ iface.name }} +{% if iface.vrf %} + requires {{ iface.vrf.name }} + pre-up ip link set $IFACE master {{ iface.vrf.name }} +{% endif %} {% if iface.mtu %} mtu {{ iface.mtu }} {% endif %} @@ -23,9 +37,13 @@ iface {{ iface.name }} {% set prefix = prefixes | selectattr('prefix', '==', subnet) | first %} {% set gateway = prefix.custom_fields.gateway.address %} {% if gateway is defined and gateway != address.address %} +{% if iface.vrf %} + up ip route add default via {{ gateway | ipaddr('address') }} {% if iface.vrf.name %}vrf {{ iface.vrf.name }}{% endif +%} +{% else %} gateway {{ gateway | ipaddr('address') }} {% endif %} {% endif %} +{% endif %} {% endfor -%} {# disable SLAAC if we have a manually set IPv6 address #}