Add hifis.netplan role

Signed-off-by: Norman Ziegner <[email protected]>

Author: Normo

.github/labeler.yml

@@ -16,6 +16,12 @@ gitlab_runner:
           - "roles/gitlab_runner/**"
           - "molecule/gitlab_runner/**"
           - ".github/workflows/gitlab_runner.yml"
+netplan:
+  - changed-files:
+      - any-glob-to-any-file:
+          - "roles/netplan/**"
+          - "molecule/netplan/**"
+          - ".github/workflows/netplan.yml"
 ssh_keys:
   - changed-files:
       - any-glob-to-any-file:

.github/workflows/netplan.yml

@@ -0,0 +1,69 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+name: "hifis.toolkit.netplan"
+
+on:
+  pull_request:
+    paths:
+      - '.github/workflows/netplan.yml'
+      - 'roles/netplan/**'
+      - 'molecule/netplan/**'
+      - 'Pipfile'
+      - 'Pipfile.lock'
+  push:
+    branches:
+      - "main"
+    tags:
+      - "v*.*.*"
+    paths:
+      - '.github/workflows/netplan.yml'
+      - 'roles/netplan/**'
+      - 'molecule/netplan/**'
+      - 'Pipfile'
+      - 'Pipfile.lock'
+  schedule:
+    - cron: "0 0 * * *"
+
+jobs:
+
+  test:
+    name: "Run Molecule tests."
+    runs-on: "ubuntu-24.04"
+    env:
+      PY_COLORS: 1
+      ANSIBLE_FORCE_COLOR: 1
+    strategy:
+      fail-fast: false
+      matrix:
+        image:
+          - "ghcr.io/hifis-net/ubuntu-systemd:20.04"
+          - "ghcr.io/hifis-net/ubuntu-systemd:22.04"
+
+    steps:
+      - name: "Check out the codebase."
+        uses: "actions/checkout@v4"
+        with:
+          path: "ansible_collections/hifis/toolkit"
+
+      - name: "Prepare the job environment."
+        uses: "./ansible_collections/hifis/toolkit/.github/workflows/prepare-action"
+
+      # https://github.com/ansible/molecule/issues/3806
+      - name: "Help molecule to find the dependencies"
+        run: |
+          mkdir -p /home/runner/.ansible
+          ln -s /home/runner/work/ansible-collection-toolkit/ansible-collection-toolkit/ansible_collections/hifis/toolkit/roles \
+            /home/runner/.ansible/roles
+
+      - name: "Create Podman network required for testing"
+        run: "podman network create --subnet 10.123.0.0/24 netplan_network"
+
+      - name: "Run Molecule tests."
+        run: "pipenv run molecule test -s netplan"
+        env:
+          MOLECULE_IMAGE: "${{ matrix.image }}"
+        working-directory: "ansible_collections/hifis/toolkit"

Pipfile

@@ -14,6 +14,7 @@ ansible-lint = "~=24.5.0"
 molecule = "~=24.2.0"
 molecule-plugins = {extras = ["podman"], version = "~=23.5.3"}
 reuse = "~=3.0.2"
+netaddr = "~=1.2.1"
 
 [packages]
 ansible = "~=9.5.1"

Pipfile.lock

@@ -10,6 +10,7 @@ SPDX-License-Identifier: Apache-2.0
 [![Latest release](https://img.shields.io/github/v/release/hifis-net/ansible-collection-toolkit)](https://github.com/hifis-net/ansible-collection-toolkit/releases)
 [![hifis.gitlab_runner](https://github.com/hifis-net/ansible-collection-toolkit/actions/workflows/gitlab_runner.yml/badge.svg)](https://github.com/hifis-net/ansible-collection-toolkit/actions/workflows/gitlab_runner.yml)
 [![hifis.keepalived](https://github.com/hifis-net/ansible-collection-toolkit/actions/workflows/keepalived.yml/badge.svg)](https://github.com/hifis-net/ansible-collection-toolkit/actions/workflows/keepalived.yml)
+[![hifis.netplan](https://github.com/hifis-net/ansible-collection-toolkit/actions/workflows/netplan.yml/badge.svg)](https://github.com/hifis-net/ansible-collection-toolkit/actions/workflows/netplan.yml)
 [![hifis.ssh_keys](https://github.com/hifis-net/ansible-collection-toolkit/actions/workflows/ssh_keys.yml/badge.svg)](https://github.com/hifis-net/ansible-collection-toolkit/actions/workflows/ssh_keys.yml)
 [![hifis.unattended_upgrades](https://github.com/hifis-net/ansible-collection-toolkit/actions/workflows/unattended_upgrades.yml/badge.svg)](https://github.com/hifis-net/ansible-collection-toolkit/actions/workflows/unattended_upgrades.yml)
 [![hifis.zammad](https://github.com/hifis-net/ansible-collection-toolkit/actions/workflows/zammad.yml/badge.svg)](https://github.com/hifis-net/ansible-collection-toolkit/actions/workflows/zammad.yml)
@@ -31,7 +32,7 @@ software engineers, but not exclusively. The following use cases are supported:
     * [**Keepalived**](roles/keepalived)
 * OS-related:
     * [**unattended-upgrades**](roles/unattended_upgrades)
-    * [netplan](https://github.com/hifis-net/ansible-role-netplan) (**coming soon!**)
+    * [**netplan**](roles/netplan)
     * distribute authorized [**SSH keys**](role/ssh_keys) to users
 
 ## Looking for the unattended_upgrades role?

README.md

@@ -0,0 +1,28 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+- name: "Converge"
+  hosts: "all"
+  vars:
+    netplan_ethernets:
+      - interface_name: "eth0"
+        dhcp4: "no"
+        gateway4: "10.123.0.1"
+        addresses:
+          - "10.123.0.10/24"
+        nameservers:
+          addresses:
+            - "8.8.8.8"
+            - "9.9.9.9"
+          search:
+            - "domain.local"
+            - "domain.name"
+  tasks:
+    - name: "Include netplan_role"
+      ansible.builtin.include_role:
+        name: "hifis.toolkit.netplan"
+
+...

molecule/netplan/converge.yml

@@ -0,0 +1,30 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+dependency:
+  name: "galaxy"
+driver:
+  name: "podman"
+platforms:
+  - name: "instancenetplan"
+    image: "${MOLECULE_IMAGE:-ghcr.io/hifis-net/ubuntu-systemd:22.04}"
+    pre_build_image: true
+    override_command: false
+    privileged: true
+    systemd: true
+    tty: true
+    extra_opts:
+      - "--network=netplan_network"
+provisioner:
+  name: "ansible"
+  playbooks:
+    prepare: "prepare.yml"
+    converge: "converge.yml"
+    verify: "verify.yml"
+verifier:
+  name: "ansible"
+
+...

molecule/netplan/molecule.yml

@@ -0,0 +1,19 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+- name: "Prepare"
+  hosts: "all"
+  tasks:
+    - name: "Install dependencies"
+      ansible.builtin.apt:
+        name:
+          - "sudo"      # for `become` privilege escalation
+          - "iproute2"  # for gathering network facts
+          - "udev"      # needed for netplan
+        update_cache: true
+        state: "present"
+
+...

molecule/netplan/prepare.yml

@@ -0,0 +1,46 @@
+# SPDX-FileCopyrightText: Helmholtz Centre for Environmental Research (UFZ)
+# SPDX-FileCopyrightText: Helmholtz-Zentrum Dresden-Rossendorf (HZDR)
+#
+# SPDX-License-Identifier: Apache-2.0
+
+---
+- name: "Verify"
+  hosts: "all"
+  gather_facts: true
+  vars:
+    netplan_ethernets:
+      - interface_name: "eth0"
+        dhcp4: "no"
+        gateway4: "10.123.0.1"
+        addresses:
+          - "10.123.0.10/24"
+        nameservers:
+          addresses:
+            - "8.8.8.8"
+            - "9.9.9.9"
+          search:
+            - "domain.local"
+            - "domain.name"
+  tasks:
+    - name: "Check network settings if no DHCP is set."
+      when: "netplan_ethernets is defined and netplan_ethernets | length > 0 and netplan_ethernets[0]['dhcp4'] == 'no'"
+      block:
+        - name: "Store actual and target network settings."
+          ansible.builtin.set_fact:
+            actual_interface_name: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['interface'] }}"
+            target_interface_name: "{{ netplan_ethernets[0]['interface_name'] }}"
+            actual_ip_addresses: "{{ hostvars[inventory_hostname]['ansible_all_ipv4_addresses'] | ansible.utils.ipaddr('address') }}"
+            target_ip_address: "{{ netplan_ethernets[0]['addresses'][0] | ansible.utils.ipaddr('address') }}"
+            actual_subnet: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['netmask'] }}"
+            target_subnet: "{{ netplan_ethernets[0]['addresses'][0] | ansible.utils.ipaddr('netmask') }}"
+
+        - name: "Check that network settings are correct."
+          ansible.builtin.assert:
+            that:
+              - "actual_ip_addresses | ansible.utils.ipaddr('bool')"
+              - "target_ip_address | ansible.utils.ipaddr('bool')"
+              - "actual_interface_name == target_interface_name"
+              - "target_ip_address in actual_ip_addresses"
+              - "actual_subnet == target_subnet"
+
+...