From 1a7de3340babe506dd2d80b43894b383f6ddc1a9 Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <dmitriy.rabotyagov@cleura.com>
Date: Tue, 28 Jan 2025 19:01:25 +0100
Subject: [PATCH] Allow to apply only overrides to the network interface

In case system is managed through netplan, but deployer want
to extend configuration with extra data, like define extra vlan for
existing bonding interface, they may use override files to extend
configuration and to avoid potential conflicts.

Change-Id: Iaeec0c5a5b1901207e09751bb424df1326cbfc06
---
 defaults/main.yml                             |  9 ++++-
 ...twork_overrides_only-f54364a799bb20a1.yaml |  9 +++++
 tasks/main.yml                                | 35 +++++++++++++++++--
 tests/test.yml                                | 31 ++++++++++++++++
 tests/verify.yml                              | 14 ++++++++
 5 files changed, 94 insertions(+), 4 deletions(-)
 create mode 100644 releasenotes/notes/network_overrides_only-f54364a799bb20a1.yaml

diff --git a/defaults/main.yml b/defaults/main.yml
index ac54276..b627f88 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -132,7 +132,14 @@ systemd_netdevs: []
 #     config_overrides:
 #       Network:
 #         ConfigureWithoutCarrier: true
-
+#   - interface: "bond1"
+#     network_overrides_only: True
+#     config_overrides:
+#       Network:
+#         VLAN:
+#           ? 100
+#           ? 200
+#     filename: 10-netplan-bond1
 systemd_networks: []
 
 # The systemd resolved service can be setup using th following configuration.
diff --git a/releasenotes/notes/network_overrides_only-f54364a799bb20a1.yaml b/releasenotes/notes/network_overrides_only-f54364a799bb20a1.yaml
new file mode 100644
index 0000000..4760aa1
--- /dev/null
+++ b/releasenotes/notes/network_overrides_only-f54364a799bb20a1.yaml
@@ -0,0 +1,9 @@
+---
+features:
+  - |
+    Implemented flag ``network_overrides_only`` which is applicable to
+    ``systemd_networks``. When this flag is used no .network or .link
+    defenition is created - only ``{{ filename }}.network.d/overrides.conf``
+    configuration file, which contains arbitrary data from ``config_overrides``
+    This can be used to extend existing interface configuration, which is not
+    managed by the role directly (ie managed through ``netplan``).
diff --git a/tasks/main.yml b/tasks/main.yml
index 3c69dee..5ca5289 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -166,7 +166,11 @@
     mode: "0644"
     config_overrides: "{{ item.1.link_config_overrides | default(systemd_link_config_overrides) }}"
     config_type: "ini"
-  with_indexed_items: "{{ _systemd_networks_named }}"
+  with_indexed_items: >-
+    {{
+      _systemd_networks_named | rejectattr('network_overrides_only', 'defined') +
+      _systemd_networks_named | selectattr('network_overrides_only', 'defined') | selectattr('network_overrides_only', 'false')
+    }}
   notify:
     - Update initramfs
     - Restart systemd-networkd
@@ -182,7 +186,11 @@
     mode: "0644"
     config_overrides: "{{ item.1.config_overrides | default({}) }}"
     config_type: "ini"
-  with_indexed_items: "{{ _systemd_networks_named }}"
+  with_indexed_items: >-
+    {{
+      _systemd_networks_named | rejectattr('network_overrides_only', 'defined') +
+      _systemd_networks_named | selectattr('network_overrides_only', 'defined') | selectattr('network_overrides_only', 'false')
+    }}
   notify:
     - Restart systemd-networkd
   tags:
@@ -195,7 +203,28 @@
     group: "root"
     mode: "0755"
     state: directory
-  loop: "{{ _systemd_networks_named | selectattr('static_routes', 'defined') | map(attribute='filename') }}"
+  loop: >-
+    {{
+      (
+        _systemd_networks_named | selectattr('static_routes', 'defined') +
+        _systemd_networks_named | selectattr('network_overrides_only', 'defined') | selectattr('network_overrides_only', 'true')
+      ) | map(attribute='filename')
+    }}
+
+- name: Create overrides files for network_overrides_only networks
+  openstack.config_template.config_template:
+    dest: "/etc/systemd/network/{{ item.1.filename }}.network.d/overrides.conf"
+    owner: "root"
+    group: "root"
+    mode: "0644"
+    config_overrides: "{{ item.1.config_overrides | default({}) }}"
+    config_type: "ini"
+  with_indexed_items: >-
+    {{ _systemd_networks_named | selectattr('network_overrides_only', 'defined') | selectattr('network_overrides_only', 'true') }}
+  notify:
+    - Restart systemd-networkd
+  tags:
+    - systemd-networkd
 
 - name: Place systemd-networkd routing policy rules
   ansible.builtin.template:
diff --git a/tests/test.yml b/tests/test.yml
index 7ccb9c9..08204d2 100644
--- a/tests/test.yml
+++ b/tests/test.yml
@@ -49,12 +49,25 @@
       - NetDev:
           Name: dummy2
           Kind: dummy
+      - NetDev:
+          Name: dummy3
+          Kind: dummy
       - NetDev:
           Name: br-test
           Kind: bridge
       - NetDev:
           Name: br-test2
           Kind: bridge
+      - NetDev:
+          Name: vlan-100
+          Kind: vlan
+        VLAN:
+          Id: 100
+      - NetDev:
+          Name: vlan-200
+          Kind: vlan
+        VLAN:
+          Id: 200
     systemd_networks:
       - interface: "dummy0"
         bond: "bond0"
@@ -88,6 +101,8 @@
             Alias: "dummy-bridge0"
       - interface: "dummy2"
         bridge: "br-test"
+      - interface: "dummy3"
+        bridge: "br-test2"
       - interface: "br-test"
         address: "10.1.0.1"
         netmask: "255.255.255.0"
@@ -95,3 +110,19 @@
         address: 10.2.0.1
         netmask: "255.255.255.0"
         ipforward: true
+        vlan:
+          - vlan-100
+        filename: 6-general-br-test2
+      - interface: "br-test2"
+        filename: 6-general-br-test2
+        network_overrides_only: true
+        config_overrides:
+          Network:
+            VLAN:
+              ? vlan-200
+      - interface: "vlan-100"
+        address: 10.3.0.1
+        netmask: "255.255.255.0"
+      - interface: "vlan-200"
+        address: 10.4.0.1
+        netmask: "255.255.255.0"
diff --git a/tests/verify.yml b/tests/verify.yml
index aef3c5f..b7cb4f6 100644
--- a/tests/verify.yml
+++ b/tests/verify.yml
@@ -47,6 +47,20 @@
           - ansible_facts['br_test']['type'] == 'bridge'
           - ansible_facts['br_test']['ipv4']['address'] == '10.1.0.1'
           - ansible_facts['br_test']['ipv4']['netmask'] == '255.255.255.0'
+    - name: Vlan 100 check
+      assert:
+        that:
+          - ansible_facts['vlan_100']['active']
+          - ansible_facts['vlan_100']['type'] == 'ether'
+          - ansible_facts['vlan_100']['ipv4']['address'] == '10.3.0.1'
+          - ansible_facts['vlan_100']['ipv4']['netmask'] == '255.255.255.0'
+    - name: Vlan 200 check
+      assert:
+        that:
+          - ansible_facts['vlan_200']['active']
+          - ansible_facts['vlan_200']['type'] == 'ether'
+          - ansible_facts['vlan_200']['ipv4']['address'] == '10.4.0.1'
+          - ansible_facts['vlan_200']['ipv4']['netmask'] == '255.255.255.0'
     - name: Check link config overrides
       shell: 'grep -wo "Alias" /etc/systemd/network/*br-dummy.link'
       changed_when: false