Allow PVE VMs to access nebula hosts via ingress

2021-01-31 12:19:33 +00:00 · 2021-01-31 12:19:33 +00:00 · 9023b269eb
commit 9023b269eb
parent 643d843bfb
3 changed files with 25 additions and 0 deletions
--- a/ansible/main.yml
+++ b/ansible/main.yml
@ -44,6 +44,7 @@
    - gitea
    - duplicati
    - yourls
+    - pve_nebula_route

 - hosts: ingress
  roles:
@ -58,3 +59,4 @@
      become: true
    - pve
    - zfs
+    - pve_nebula_route
--- a/ansible/roles/pve_nebula_route/tasks/main.yml
+++ b/ansible/roles/pve_nebula_route/tasks/main.yml
@ -0,0 +1,22 @@
+- name: Get routes
+  command:
+    argv:
+      - ip
+      - route
+      - show
+      - "{{ nebula.subnet }}"
+  register: routes
+  changed_when: false
+  become: true
+
+- name: Add route to nebula hosts via ingress
+  command:
+    argv:
+      - ip
+      - route
+      - add
+      - "{{ nebula.subnet }}"
+      - via
+      - "{{ ingress_private_ip }}"
+  become: true
+  when: nebula.subnet not in routes.stdout
--- a/ansible/roles/pve_nebula_route/vars/main.yml
+++ b/ansible/roles/pve_nebula_route/vars/main.yml
@ -0,0 +1 @@
+ingress_private_ip: 10.23.1.88