Add routing policy management for interfaces

In case of complex configurations it might be required to support multiple routing tables and create policies for marking traffic. The patch implements `routing_rules` key for the systemd network which can be used for this purpose. Change-Id: I2632eb035e3fa78120660aaab7241fc541e03c63
2024-12-12 15:14:00 +01:00 · 2024-12-12 15:14:00 +01:00 · 3a6325a197
commit 3a6325a197
parent 852739df6d
6 changed files with 51 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -66,6 +66,12 @@ Release notes for the project can be found at:
          static_routes:
            - Gateway: "10.1.0.1"
              Destination: "10.1.0.0/24"
+            - Gateway: "192.168.0.1"
+              Table: 100
+          routing_rules:
+            - IncomingInterface: bond1
+              Priority: 900
+              Table: 100
          config_overrides:
            Network:
              ConfigureWithoutCarrier: true
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -96,6 +96,8 @@ systemd_netdevs: []
 #  `static_routes` -- (optional) list of routes to use for the network. This
 #                                option requires a gateway and cidr to be set
 #                                within the list item.
+#  `routing_rules` -- (optional) list of routing rule policies which will be
+#                                applied for the interface.
 #  `ipforward` -- (optional) When set to true forwarding will be enabled for
 #                            interface.  This setting will enable
 #                            net.ipv4.ip_forward, net.ipv4.conf.all.forwarding
@ -112,6 +114,14 @@ systemd_netdevs: []
 #   - interface: "bond0"
 #     bridge: "br-dummy"
 #     mtu: 9000
+#     static_routes:
+#       - gateway: 10.0.0.1
+#         destination: 0.0.0.0/0
+#         table: 100
+#     routing_rules:
+#       - From: 192.168.0.0/24
+#         Priority: 900
+#         Table: 100
 #   - interface: "br-dummy"
 #     bridge: "br-dummy"
 #     address: "10.0.0.100"
--- a/releasenotes/notes/routing_policy_rules-188c8ff5e8c5450f.yaml
+++ b/releasenotes/notes/routing_policy_rules-188c8ff5e8c5450f.yaml
@ -0,0 +1,9 @@
+---
+features:
+  - |
+    Added `routing_rules` to manage routing policy rules for the network
+    interface.
+    It is a list of mappings, where each mapping accept keys applicable
+    for section RoutingPolicyRule of systemd.network.
+    You can check documentation for `systemd.network <https://www.freedesktop.org/software/systemd/man/latest/systemd.network.html#%5BRoutingPolicyRule%5D%20Section%20Options>`_
+    for more details.
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -194,6 +194,17 @@
    state: directory
  loop: "{{ _systemd_networks_named | selectattr('static_routes', 'defined') | map(attribute='filename') }}"

+- name: Place systemd-networkd routing policy rules
+  ansible.builtin.template:
+    src: systemd-network-rules.j2
+    dest: "/etc/systemd/network/{{ item['filename'] }}.network.d/rules.conf"
+    owner: "root"
+    group: "root"
+    mode: "0644"
+  loop: "{{ _systemd_networks_named | selectattr('routing_rules', 'defined') }}"
+  notify:
+    - Restart systemd-networkd
+
 - name: Place systemd-networkd network routes
  ansible.builtin.template:
    src: systemd-network-routes.j2
--- a/templates/systemd-network-rules.j2
+++ b/templates/systemd-network-rules.j2
@ -0,0 +1,9 @@
+# {{ ansible_managed }}
+
+{% for rule in item['routing_rules'] %}
+[RoutingPolicyRule]
+{% for key, val in rule.items() %}
+{{ key }}={{ val }}
+{% endfor %}
+
+{% endfor %}
--- a/tests/test.yml
+++ b/tests/test.yml
@ -76,6 +76,12 @@
        static_routes:
          - Gateway: "10.1.0.1"
            cidr: "10.1.0.0/24"
+          - Gateway: "10.1.0.100"
+            Table: 100
+        routing_rules:
+          - From: 192.168.0.0/24
+            Priority: 900
+            Table: 100
        config_overrides:
          Network:
            ConfigureWithoutCarrier: true