From 98b634f16277bf381610819761b0188773e875a2 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Tue, 22 Nov 2016 08:34:56 +0200
Subject: [PATCH] - Forked from ansible-role-example, dump from a previous
 role.

---
 README.rst                  | 14 +++++++++-----
 defaults/main.yml           |  2 +-
 handlers/main.yml           |  2 +-
 meta/main.yml               | 17 ++++++++++++-----
 molecule.yml                |  6 +++---
 tasks/main.yml              | 32 +++++++++++++++++++++++++++++---
 templates/lxcbr0.netdev.j2  |  3 +++
 templates/lxcbr0.network.j2 |  9 +++++++++
 tests/playbook.yml          |  8 ++------
 vars/main.yml               |  2 +-
 10 files changed, 70 insertions(+), 25 deletions(-)
 create mode 100644 templates/lxcbr0.netdev.j2
 create mode 100644 templates/lxcbr0.network.j2

diff --git a/README.rst b/README.rst
index 29b4ed2..4e3abea 100644
--- a/README.rst
+++ b/README.rst
@@ -1,9 +1,7 @@
-Example
-#######
+lxc-host
+########
 
-An (empty) example Ansible role complete with working tests out of the box. For
-more information read the `blog post
-<https://www.shore.co.il/blog/ansible-example-role/>`_.
+Ansible role to configure an LXC host.
 
 Requirements
 ------------
@@ -58,3 +56,9 @@ Nimrod Adar, `contact me <nimrod@shore.co.il>`_ or visit my `website
 <https://www.shore.co.il/>`_. Patches are welcome via `git send-email
 <http://git-scm.com/book/en/v2/Git-Commands-Email>`_. The repository is located
 at: https://www.shore.co.il/git/.
+
+TODO
+----
+
+- Tests.
+- Systemd-networkd DHCP server (fixed in which version of Debian/ Ubuntu).
diff --git a/defaults/main.yml b/defaults/main.yml
index 25ca86f..80ea3a6 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,2 +1,2 @@
 ---
-# defaults file for ansible-role-example
+# defaults file for lxc-host
diff --git a/handlers/main.yml b/handlers/main.yml
index 1d74a03..f0b980d 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,2 +1,2 @@
 ---
-# handlers file for ansible-role-example
+# handlers file for lxc-host
diff --git a/meta/main.yml b/meta/main.yml
index 2dea7f4..9b5d94d 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,15 +1,22 @@
 galaxy_info:
   author: Nimrod Adar
-  description: An example Ansible role
+  description: Ansible role to configure an LXC host
   company: Shore technologies
   license: MIT
   min_ansible_version: 2.0
   platforms:
-  - name: OpenBSD
+  - name: Debian
     versions:
-    - 6.0
+    - jessie
+    - stretch
   - name: Ubuntu
     versions:
     - xenial
-  galaxy_tags: [ ansible ]
-dependencies: []
+  galaxy_tags: [ lxc ]
+dependencies:
+    - src: https://www.shore.co.il/git/ansible-role-networkd
+      scm: git
+      name: networkd
+    - src: https://www.shore.co.il/git/ansible-role-ufw
+      scm: git
+      name: ufw
diff --git a/molecule.yml b/molecule.yml
index 16a28c0..36c8a25 100644
--- a/molecule.yml
+++ b/molecule.yml
@@ -11,12 +11,12 @@ vagrant:
   - name: virtualbox
     type: virtualbox
   platforms:
-  - name: openbsd
-    box: kaorimatz/openbsd-6.0-amd64
+  - name: debian
+    box: debian/jessie64
   - name: ubuntu
     box: ubuntu/xenial64
   instances:
-  - name: ansible-role-example
+  - name: ansible-role-lxc-host
     options:
         append_platform_to_hostname: yes
   raw_config_args:
diff --git a/tasks/main.yml b/tasks/main.yml
index 5772d26..444b0e0 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,8 +1,34 @@
 ---
-# tasks file for ansible-role-example
+# tasks file for lxc-host
 
 - name: Assertions
   assert:
     that:
-        - ansible_os_family in ['OpenBSD', 'Debian']
-        - ansible_distribution_release in ['6.0', 'xenial']
+        - ansible_os_family == 'Debian'
+        - ansible_service_mgr == 'systemd'
+        - ansible_distribution_release in ['jessie', 'stretch', 'xenial']
+
+- name: APT install
+  apt:
+      name: ['lxc', 'debootstrap', 'yum', 'dnsmasq', 'python-lxc']
+      state: present
+      update_cache: yes
+      cache_valid_time: 3600
+
+- name: Create bridge
+  with_items:
+      - lxcbr0.netdev
+      - lxcbr0.network
+  template:
+      src: '{{ item }}.j2'
+      dest: '/etc/systemd/network/{{ item }}'
+      owner: root
+      group: root
+      mode: 0o0644
+  notify:
+      - Restart systemd-networkd
+
+- name: Allow IP forwarding in UFW
+  ufw:
+      direction: routed
+      policy: allow
diff --git a/templates/lxcbr0.netdev.j2 b/templates/lxcbr0.netdev.j2
new file mode 100644
index 0000000..86d2e91
--- /dev/null
+++ b/templates/lxcbr0.netdev.j2
@@ -0,0 +1,3 @@
+[NetDev]
+Name=lxcbr0
+Kind=bridge
diff --git a/templates/lxcbr0.network.j2 b/templates/lxcbr0.network.j2
new file mode 100644
index 0000000..a569648
--- /dev/null
+++ b/templates/lxcbr0.network.j2
@@ -0,0 +1,9 @@
+[Match]
+Name=lxcbr0
+
+[Network]
+Address=192.168.123.0/24
+DHCPServer=yes
+# Doesn't work due to bug #787480.
+IPForward=yes
+IPMasquerade=yes
diff --git a/tests/playbook.yml b/tests/playbook.yml
index 02cca1a..f4a0a9e 100644
--- a/tests/playbook.yml
+++ b/tests/playbook.yml
@@ -1,12 +1,8 @@
 ---
-- hosts: ansible-role-example-openbsd
-  gather_facts: false
-  roles: [openbsd_bootstrap]
-
-- hosts: ansible-role-example-ubuntu
+- hosts: ansible-role-lxc-host-ubuntu
   gather_facts: false
   roles: [debian_bootstrap]
 
 - hosts: all
   roles:
-    - role: ansible-role-example
+    - role: ansible-role-lxc-host
diff --git a/vars/main.yml b/vars/main.yml
index 2417503..ec37e3e 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,2 +1,2 @@
 ---
-# vars file for ansible-role-example
+# vars file for lxc-host
-- 
GitLab