Add routing policy management for interfaces

In case of complex configurations it might be required to support
multiple routing tables and create policies for marking traffic.

The patch implements `routing_rules` key for the systemd network which
can be used for this purpose.

Change-Id: I2632eb035e3fa78120660aaab7241fc541e03c63

README.md

@@ -66,6 +66,12 @@ Release notes for the project can be found at:
           static_routes:
             - Gateway: "10.1.0.1"
               Destination: "10.1.0.0/24"
+            - Gateway: "192.168.0.1"
+              Table: 100
+          routing_rules:
+            - IncomingInterface: bond1
+              Priority: 900
+              Table: 100
           config_overrides:
             Network:
               ConfigureWithoutCarrier: true

defaults/main.yml

@@ -96,6 +96,8 @@ systemd_netdevs: []
 #  `static_routes` -- (optional) list of routes to use for the network. This
 #                                option requires a gateway and cidr to be set
 #                                within the list item.
+#  `routing_rules` -- (optional) list of routing rule policies which will be
+#                                applied for the interface.
 #  `ipforward` -- (optional) When set to true forwarding will be enabled for
 #                            interface.  This setting will enable
 #                            net.ipv4.ip_forward, net.ipv4.conf.all.forwarding
@@ -112,6 +114,14 @@ systemd_netdevs: []
 #   - interface: "bond0"
 #     bridge: "br-dummy"
 #     mtu: 9000
+#     static_routes:
+#       - gateway: 10.0.0.1
+#         destination: 0.0.0.0/0
+#         table: 100
+#     routing_rules:
+#       - From: 192.168.0.0/24
+#         Priority: 900
+#         Table: 100
 #   - interface: "br-dummy"
 #     bridge: "br-dummy"
 #     address: "10.0.0.100"

releasenotes/notes/routing_policy_rules-188c8ff5e8c5450f.yaml

@@ -0,0 +1,9 @@
+---
+features:
+  - |
+    Added `routing_rules` to manage routing policy rules for the network
+    interface.
+    It is a list of mappings, where each mapping accept keys applicable
+    for section RoutingPolicyRule of systemd.network.
+    You can check documentation for `systemd.network <https://www.freedesktop.org/software/systemd/man/latest/systemd.network.html#%5BRoutingPolicyRule%5D%20Section%20Options>`_
+    for more details.

tasks/main.yml

@@ -194,6 +194,17 @@
     state: directory
   loop: "{{ _systemd_networks_named | selectattr('static_routes', 'defined') | map(attribute='filename') }}"
 
+- name: Place systemd-networkd routing policy rules
+  ansible.builtin.template:
+    src: systemd-network-rules.j2
+    dest: "/etc/systemd/network/{{ item['filename'] }}.network.d/rules.conf"
+    owner: "root"
+    group: "root"
+    mode: "0644"
+  loop: "{{ _systemd_networks_named | selectattr('routing_rules', 'defined') }}"
+  notify:
+    - Restart systemd-networkd
+
 - name: Place systemd-networkd network routes
   ansible.builtin.template:
     src: systemd-network-routes.j2

templates/systemd-network-rules.j2

@@ -0,0 +1,9 @@
+# {{ ansible_managed }}
+
+{% for rule in item['routing_rules'] %}
+[RoutingPolicyRule]
+{% for key, val in rule.items() %}
+{{ key }}={{ val }}
+{% endfor %}
+
+{% endfor %}

tests/test.yml

@@ -76,6 +76,12 @@
         static_routes:
           - Gateway: "10.1.0.1"
             cidr: "10.1.0.0/24"
+          - Gateway: "10.1.0.100"
+            Table: 100
+        routing_rules:
+          - From: 192.168.0.0/24
+            Priority: 900
+            Table: 100
         config_overrides:
           Network:
             ConfigureWithoutCarrier: true