michaelrigart / ansible-role-interfaces Goto Github PK
View Code? Open in Web Editor NEWAn ansible role for configuring different network interfaces
License: GNU General Public License v3.0
ansible-role-interfaces's People
Contributors
Stargazers
Watchers
Forkers
badabinski cjsteel pieterlexis kurojishi gsautereau stackhpc marthin- uzer mozgiii mxjeff bjmingyang aptira busterswt zipper97412 pmscheffler neuralnoise obourdon niedbalski cavamagie hidetakakojo bwlang asotirov0 code4public pescobar awlx toxpenguin abakabir ultransible marcoskv knorrkator jrvilda imcitius boban-mitevski huongbn roumano bbezak smutel mnasiadka jdub willyd61 gbeine-forks mariomelofilho neverreadsemail eshwar93 teadur mmalchuk mrmachine3 chazzrobbz jxc2022 eb4x ranjeetbadhe sielickinet yuxingw aethylred tbasset jbe-dw nightsnake guegreransible-role-interfaces's Issues
On RedHat, bridge and ethernet onboot only honoured for static bootproto
OS: RHEL 7.3
Ansible: 2.2
When configuring a bridge interface, I noticed that the onboot flag is only applied for interfaces configured as bootproto == 'static'. This should also be applied for interfaces in dhcp mode. This is also true of ethernet interfaces.
PR incoming.
VLAN interfaces lose static routes after bouncing parent
On CentOS/RHEL systems, if the parent device of a VLAN interface goes down, the VLAN interface will also go down. If the parent device is brought back up again, the VLAN interface will become active again, but any static routes previously assigned to the VLAN interface are not reinstated.
Steps to reproduce:
playbook.yml
---
- hosts: localhost
tasks:
- import_role:
name: MichaelRigart.interfaces
vars:
interfaces_ether_interfaces:
- device: fake1.2
bootproto: static
vlan: 2
address: 10.10.1.0
netmask: 255.255.255.0
route:
- network: 10.10.2.0
netmask: 255.255.255.0
gateway: 10.10.1.1
onboot: yes
- device: fake1
bootproto: static
address: 10.10.3.0
netmask: 255.255.255.0
onboot: yes
Create a fake interface:
sudo ip link add fake1 type dummy
Run the playbook:
ansible-playbook playbook.yml
The fake1.2 interface has a static route.
ip route
Trigger a restart of the parent:
sudo rm /etc/sysconfig/network-scripts/ifcfg-fake1
Run the playbook again:
ansible-playbook playbook.yml
It succeeds, but the fake1.2 interface has lost its static route.
ip route
netaddr missing in role's dependencies
TASK [MichaelRigart.interfaces : RedHat | Write configuration files for rhel route configuration] ***************************************************************************************************************************************************************************************************************
task path: /home/stack/ansible-role-interfaces/tasks/ethernet_configuration.yml:26
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.errors.AnsibleFilterError: The ipaddr filter requires python's netaddr be installed on the ansible controller
failed: [localhost] (item={'device': 'veth1.1001', 'bootproto': 'static', 'address': '10.1.0.1', 'netmask': '255.255.255.0', 'rules': ['from 10.1.0.0/24 table myroutetable', 'to 10.1.0.0/24 table myroutetable'], 'route': [{'network': '10.6.0.0', 'netmask': '255.255.255.0', 'gateway': '10.1.0.2'}, {'network': '10.3.0.0', 'netmask': '255.255.255.0', 'gateway': '10.1.0.3', 'table': 'myroutetable'}, {'network': '10.1.0.0', 'netmask': '255.255.255.0', 'table': 'myroutetable'}, {'network': '10.7.0.0', 'netmask': '255.255.255.0', 'gateway': '10.1.0.2', 'options': ['onlink']}]}) => {"ansible_loop_var": "item", "changed": false, "item": {"address": "10.1.0.1", "bootproto": "static", "device": "veth1.1001", "netmask": "255.255.255.0", "route": [{"gateway": "10.1.0.2", "netmask": "255.255.255.0", "network": "10.6.0.0"}, {"gateway": "10.1.0.3", "netmask": "255.255.255.0", "network": "10.3.0.0", "table": "myroutetable"}, {"netmask": "255.255.255.0", "network": "10.1.0.0", "table": "myroutetable"}, {"gateway": "10.1.0.2", "netmask": "255.255.255.0", "network": "10.7.0.0", "options": ["onlink"]}], "rules": ["from 10.1.0.0/24 table myroutetable", "to 10.1.0.0/24 table myroutetable"]}, "msg": "AnsibleFilterError: The ipaddr filter requires python's netaddr be installed on the ansible controller"}
TASK [MichaelRigart.interfaces : Create the network configuration file for bond devices] ************************************************************************************************************************************************************************************************************************
[DEPRECATION WARNING]: Use 'ansible.utils.ipaddr' module instead. This feature will be removed from ansible.netcommon in a release after 2024-01-01. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.errors.AnsibleFilterError: Failed to import the required Python library (netaddr) on piotr-rh.novalocal's Python /home/rocky/venv/bin/python. Please read the module documentation and install it in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter
failed: [localhost] (item={'device': 'bond7', 'bootproto': 'static', 'address': '10.4.0.1', 'netmask': '255.255.255.0', 'bond_mode': '802.3ad', 'bond_slaves': ['veth1', 'veth2']}) => {"ansible_loop_var": "item", "changed": false, "item": {"address": "10.4.0.1", "bond_mode": "802.3ad", "bond_slaves": ["veth1", "veth2"], "bootproto": "static", "device": "bond7", "netmask": "255.255.255.0"}, "msg": "AnsibleFilterError: Failed to import the required Python library (netaddr) on piotr-rh.novalocal's Python /home/rocky/venv/bin/python. Please read the module documentation and install it in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter"}
Debian bad templates bridge_Debian.j2 : missing trailing newline
If i use the role on a Debian 10 with this data :
interfaces_bridge_interfaces:
- device: br15
type: bridge
address: 172.26.15.99
netmask: 255.255.255.0
bootproto: static
stp: "off"
mtu: 1500
ports: [eno1]
The debug output will be :
TASK [interfaces : Create the network configuration file for bridge devices] *******************************************************************************
changed: [XXX] => (item={'device': 'br15', 'type': 'bridge', 'address': '172.26.15.99', 'netmask': '255.255.255.0', 'bootproto': 'static', 'stp': 'off', 'mtu': 1500, 'ports': ['eno1']})
"item": {
"address": "172.26.15.99",
"bootproto": "static",
"device": "br15",
"mtu": 1500,
"netmask": "255.255.255.0",
"ports": [
"eno1"
],
"stp": "off",
"type": "bridge"
And the destination file will look like this :
auto br15
iface br15 inet static
mtu 1500
address 172.26.15.99
netmask 255.255.255.0
bridge_ports eno1bridge_stp off
- the
bridge_stp offshould be on a new line ... - ideally, we should also remove the 3 empty line at the end of the file
dns-nameservers not set in Debian bond template
The little dns-nameservers bit is missing from the Debian bond template โ would you like a PR to fix this?
{% if item.dnsnameservers is defined %}
dns-nameservers {{ item.dnsnameservers }}
{% endif %}Ansible Galaxy imports failing
We have an action to automatically import this role, but it seems to be failing: https://github.com/michaelrigart/ansible-role-interfaces/actions/workflows/publish-role.yml
subelements lookup expects a dictionary, got 'interfaces_bridge_interfaces'
OS: RHEL 7.3
Ansible: 2.2
Configuring a bridge interface I saw the following error:
...
TASK [MichaelRigart.interfaces : Create the network configuration file for port on the bridge devices] ***
fatal: [control01]: FAILED! => {"failed": true, "msg": "subelements lookup expects a dictionary, got 'interfaces_bridge_interfaces'"}
to retry, use: --limit @/home/stack/kayobe/ansible/net.retry
PLAY RECAP *********************************************************************
control01 : ok=3 changed=0 unreachable=0 failed=1
After applying the following patch:
diff --git a/tasks/bridge_configuration.yml b/tasks/bridge_configuration.yml
index 3fd31f1..916208d 100644
--- a/tasks/bridge_configuration.yml
+++ b/tasks/bridge_configuration.yml
@@ -24,7 +24,7 @@
src: 'bridge_port_{{ ansible_os_family }}.j2'
dest: '{{ interfaces_net_path[ansible_os_family|lower] }}/ifcfg-{{ item.1 }}'
with_subelements:
- - interfaces_bridge_interfaces
+ - "{{ interfaces_bridge_interfaces }}"
- ports
register: bridge_port_result
I saw a similar issue for the bond tasks, despite not configuring any bond interfaces:
TASK [MichaelRigart.interfaces : Create the network configuration file for slave in the bond devices] ***
fatal: [control01]: FAILED! => {"failed": true, "msg": "subelements lookup expects a dictionary, got 'interfaces_bond_interfaces'"}
to retry, use: --limit @/home/stack/kayobe/ansible/net.retry
PLAY RECAP *********************************************************************
control01 : ok=4 changed=0 unreachable=0 failed=1
This was fixed with a similar patch as for the bridge error.
PR incoming.
CentOS/RHEL invalid interface workaround may fail if interface is managed
The CentOS cloud images may include network interface files used when the image was built, which may be invalid. This role already has a workaround to remove them. It only removes files for interfaces that are not managed by this role. This ensures that the role is idempotent. However, if an invalid interface file exists for an interface that is managed by this role, it may prevent the network service from starting, resulting in Ansible failing in the following task:
RedHat | ensure network service is started and enabled
Failed to bring up eth1 - ifdown: interface eth1 not configured
Hello,
I am using Linux Mint 19.3.
I try to setup a eth1/eth2 interfaces with the following:
interfaces_ether_interfaces:
- device: eth1
bootproto: static
address: 192.168.33.15
netmask: 255.255.255.0
gateway: 192.168.0.254
dnsnameservers: 8.8.8.8 8.8.4.4
mtu: 9000
- device: eth2
bootproto: dhcp
The [workstation/network : Bounce network devices] task triggers the following error:
fatal: [workstation]: FAILED! => {
"changed": true,
"cmd": [
"nohup",
"bash",
"-c",
" returncode=0 ifdown --allow auto eth1; ifdown --allow auto eth2; if ! ifup --allow auto eth2; then\necho \"Failed to bring up interface eth2\";\nreturncode=1\nfi; if ! ifup --allow auto eth1; then\necho \"Failed to bring up interface eth1\";\nreturncode=1\nfi; exit $returncode"
],
"delta": "0:00:00.062514",
"end": "2020-06-16 14:30:19.033546",
"rc": 1,
"start": "2020-06-16 14:30:18.971032"
}
STDOUT:
Failed to bring up eth2.
Failed to bring up interface eth2
Failed to bring up eth1.
Failed to bring up interface eth1
STDERR:
ifdown: interface eth1 not configured
ifdown: interface eth2 not configured
Internet Systems Consortium DHCP Client 4.3.5
Copyright 2004-2016 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Cannot find device "eth2"
Error getting hardware address for "eth2": No such device
If you think you have received this message due to a bug rather
than a configuration issue please read the section on submitting
bugs on either our web page at www.isc.org or in the README file
before submitting a bug. These pages explain the proper
process and the information we find helpful for debugging..
exiting.
Cannot find device "eth1"
I think it may come from missing entries in /run/network/ifstate which outputs:
lo=lo
Do I need to create a task to add my interfaces or your role is already supposed to do it and there is a bug?
On RedHat, bridge ports do not honour onboot flag.
OS: RHEL 7.3
Ansible: 2.2
When configuring a bridge interface I noticed that the bridge ports do not honour the onboot flag. This means that these interfaces will not be instantiated on subsequent boots.
PR incoming.
Support for IPv6
I see that listing an IPv6 address for an interface is currently not supported. Any plans of supporting it?
Support managing Infiniband IPoIB interfaces
This role works brilliantly for ethernet interfaces but cannot manage "IP over IB" interfaces. On the whole they should work very similar to the ethernet devices but with a few different options for the network-scripts template.
Failure while running "Bounce network devices" handler
Recent releases 1.7.0 and 1.8.0 of this role are broken when no Ethernet interface is being configured:
RUNNING HANDLER [MichaelRigart.interfaces : Bounce network devices] ************
task path: /home/zuul/kayobe-venv/share/kayobe/ansible/roles/MichaelRigart.interfaces/handlers/main.yml:110
fatal: [controller0]: FAILED! => {
"msg": "The task includes an option with an undefined variable. The error was: 'ether_interfaces_changed' is undefined\n\nThe error appears to be in '/home/zuul/kayobe-venv/share/kayobe/ansible/roles/MichaelRigart.interfaces/handlers/main.yml': line 110, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Bounce network devices\n ^ here\n"
}
I believe this was caused by #79: when interfaces_ether_interfaces is empty, ethernet_configuration.yml isn't included anymore, resulting in an undefined variable.
The same issue probably happens when interfaces_bond_interfaces or interfaces_bridge_interfaces is empty.
Bridge interface down after all ports bounced (CentOS/RHEL 8)
On CentOS/RHEL 8 systems, if all ports of a bridge go down, the bridge interface will also go down. If the ports are brought back up again, the bridge interface does not automatically come back up. Therefore, if there is some change to the configuration of all of the bridge ports, the bridge may be left in an inactive state.
Steps to reproduce:
playbook.yml:
---
- hosts: localhost
tasks:
- import_role:
name: .
vars:
interfaces_bridge_interfaces:
- device: br0
bootproto: static
address: 10.10.0.2
netmask: 255.255.255.0
bond_mode: 802.3ad
ports: [fake1, fake2]
onboot: yes
Create fake interfaces:
sudo ip link add fake1 type dummy
sudo ip link add fake2 type dummy
Run the playbook:
ansible-playbook playbook.yml
Trigger a restart of both of the bridge port interfaces:
sudo rm /etc/sysconfig/network-scripts/ifcfg-fake1
sudo rm /etc/sysconfig/network-scripts/ifcfg-fake2
Run the playbook again:
ansible-playbook playbook.yml
It fails:
RUNNING HANDLER [. : Check active bridge interface state] **************************************************************************************************************************************************
failed: [localhost] (item={'device': 'br0', 'bootproto': 'static', 'address': '10.10.0.2', 'netmask': '255.255.255.0', 'onboot': True, 'ports': ['fake1', 'fake2']}) => {"changed": false, "item": {"address": "10.10.0.2", "bootproto": "static", "device": "br0", "netmask": "255.255.255.0", "onboot": true, "ports": ["fake1", "fake2"]}, "msg": "Interface br0 is not active"}
release v1.13.2 is not available in ansible galaxy
release v1.13.2 is not available in ansible galaxy - travis-ci.org builds are not working for some time already, shall we move to GitHub actions instead?
Release 1.3.0 not downloadable from ansible galaxy
Hey,
I was not able to download the latest release 'v1.3.0' from ansible galaxy. I tried ansible-galaxy install -r roles.yml
roles.yml
---
- name: MichaelRigart.interfaces
version: "v1.3.0"
I get the following output from ansible-galaxy:
- downloading role 'interfaces', owned by MichaelRigart
[WARNING]: - MichaelRigart.interfaces was NOT installed successfully: - the specified version (v1.3.0) of MichaelRigart.interfaces was
not found in the list of available versions ([{u'download_url': u'https://github.com/michaelrigart/ansible-role-
interfaces/archive/v1.0.0.tar.gz', u'name': u'v1.0.0', u'created': u'2018-02-20T14:30:48.119034Z', u'url': u'', u'summary_fields': {},
u'modified': u'2018-06-19T08:29:08.095092Z', u'related': {}, u'commit_date': u'2017-12-20T15:17:49-05:00', u'version': u'1.0.0',
u'commit_sha': None, u'active': None, u'id': 53602}, {u'download_url': u'https://github.com/michaelrigart/ansible-role-
interfaces/archive/v1.1.0.tar.gz', u'name': u'v1.1.0', u'created': u'2018-08-06T08:07:41.385338Z', u'url': u'', u'summary_fields': {},
u'modified': u'2018-08-06T08:07:41.385367Z', u'related': {}, u'commit_date': u'2018-06-19T04:27:02-04:00', u'version': u'1.1.0',
u'commit_sha': u'fd7fc2589b6b7636c55540e1eae0609efc682ae7', u'active': None, u'id': 72116}, {u'download_url':
u'https://github.com/michaelrigart/ansible-role-interfaces/archive/v1.2.0.tar.gz', u'name': u'v1.2.0', u'created':
u'2019-01-29T11:44:54.965949Z', u'url': u'', u'summary_fields': {}, u'modified': u'2019-01-29T11:44:54.965972Z', u'related': {},
u'commit_date': u'2019-01-29T04:22:11-05:00', u'version': u'1.2.0', u'commit_sha': u'cd3bbd715c29276f642e0841e09eeb67d3a07e5a',
u'active': None, u'id': 86879}]).
- maybe it was not correctly imported to ansible galaxy
- maybe it's because of the "v" in front of the version/tag, I remember ansible galaxy becoming more strict about semantic versioning at some point
Bond interface down after all members bounced
On CentOS/RHEL systems, if all members in a bond go down, the bond interface will also go down. If the members are brought back up again, the bond interface does not automatically come back up. Therefore, if there is some change to the configuration of bond members, the bond may be left in an inactive state.
Steps to reproduce:
playbook.yml:
---
- hosts: localhost
tasks:
- import_role:
name: .
vars:
interfaces_bond_interfaces:
- device: bond0
bootproto: static
address: 10.10.0.2
netmask: 255.255.255.0
bond_mode: 802.3ad
bond_slaves: [fake1, fake2]
onboot: yes
Create fake interfaces:
sudo ip link add fake1 type dummy
sudo ip link add fake2 type dummy
Run the playbook:
ansible-playbook playbook.yml
Trigger a restart of both of the bond member interfaces:
sudo rm /etc/sysconfig/network-scripts/ifcfg-fake1
sudo rm /etc/sysconfig/network-scripts/ifcfg-fake2
Run the playbook again:
ansible-playbook playbook.yml
It fails:
RUNNING HANDLER [. : Check active bond interface state] ****************************************************************************************************************************************************
failed: [localhost] (item={u'bond_slaves': [u'fake1', u'fake2'], u'bond_mode': u'802.3ad', u'netmask': u'255.255.255.0', u'bootproto': u'static', u'address': u'10.10.0.2', u'device': u'bond0', u'onboot': True}) => {"changed": false, "item": {"address": "10.10.0.2", "bond_mode": "802.3ad", "bond_slaves": ["fake1", "fake2"], "bootproto": "static", "device": "bond0", "netmask": "255.255.255.0", "onboot": true}, "msg": "Interface bond0 is not active"}
Regression: RHEL route options
These had ceased to work after conditional has been replaced by loop in 51a2e99 - route var can not be therefore modified. When running the sample playbook, onlink option is missing:
TASK [MichaelRigart.interfaces : RedHat | Write configuration files for rhel route configuration] ***************************************************************************************************************************************************************************************************************
task path: /home/stack/ansible-role-interfaces/tasks/ethernet_configuration.yml:26
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: stack
<localhost> EXEC /bin/sh -c 'echo ~stack && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/stack/.ansible/tmp `"&& mkdir "` echo /home/stack/.ansible/tmp/ansible-tmp-1690206385.0158195-57452-276322253783155 `" && echo ansible-tmp-1690206385.0158195-57452-276322253783155="` echo /home/stack/.ansible/tmp/ansible-tmp-1690206385.0158195-57452-276322253783155 `" ) && sleep 0'
redirecting (type: filter) ansible.builtin.ipaddr to ansible.netcommon.ipaddr
redirecting (type: filter) ansible.builtin.ipaddr to ansible.netcommon.ipaddr
redirecting (type: filter) ansible.builtin.ipaddr to ansible.netcommon.ipaddr
Using module file /home/stack/venv/lib64/python3.6/site-packages/ansible/modules/stat.py
<localhost> PUT /home/stack/.ansible/tmp/ansible-local-56666u8btr9ep/tmp0_41jtb1 TO /home/stack/.ansible/tmp/ansible-tmp-1690206385.0158195-57452-276322253783155/AnsiballZ_stat.py
<localhost> EXEC /bin/sh -c 'chmod u+x /home/stack/.ansible/tmp/ansible-tmp-1690206385.0158195-57452-276322253783155/ /home/stack/.ansible/tmp/ansible-tmp-1690206385.0158195-57452-276322253783155/AnsiballZ_stat.py && sleep 0'
<localhost> EXEC /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-sfnsqxzvzquynslmyrcyttybvgzxnviu ; /usr/libexec/platform-python /home/stack/.ansible/tmp/ansible-tmp-1690206385.0158195-57452-276322253783155/AnsiballZ_stat.py'"'"' && sleep 0'
Using module file /home/stack/venv/lib64/python3.6/site-packages/ansible/modules/file.py
<localhost> PUT /home/stack/.ansible/tmp/ansible-local-56666u8btr9ep/tmph9251nju TO /home/stack/.ansible/tmp/ansible-tmp-1690206385.0158195-57452-276322253783155/AnsiballZ_file.py
<localhost> EXEC /bin/sh -c 'chmod u+x /home/stack/.ansible/tmp/ansible-tmp-1690206385.0158195-57452-276322253783155/ /home/stack/.ansible/tmp/ansible-tmp-1690206385.0158195-57452-276322253783155/AnsiballZ_file.py && sleep 0'
<localhost> EXEC /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-ggepugvoqetvacrclkhlcxsvhibnucfj ; /usr/libexec/platform-python /home/stack/.ansible/tmp/ansible-tmp-1690206385.0158195-57452-276322253783155/AnsiballZ_file.py'"'"' && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /home/stack/.ansible/tmp/ansible-tmp-1690206385.0158195-57452-276322253783155/ > /dev/null 2>&1 && sleep 0'
--- before
+++ after: /home/stack/.ansible/tmp/ansible-local-56666u8btr9ep/tmp6_totbb6/route_RedHat.j2
@@ -0,0 +1,6 @@
+# Ansible managed
+
+ 10.6.0.0/24 via 10.1.0.2
+ 10.3.0.0/24 via 10.1.0.3 table myroutetable
+ 10.1.0.0/24 dev veth1.1001 table myroutetable
+ 10.7.0.0/24 via 10.1.0.2
changed: [localhost] => (item={'device': 'veth1.1001', 'bootproto': 'static', 'address': '10.1.0.1', 'netmask': '255.255.255.0', 'rules': ['from 10.1.0.0/24 table myroutetable', 'to 10.1.0.0/24 table myroutetable'], 'route': [{'network': '10.6.0.0', 'netmask': '255.255.255.0', 'gateway': '10.1.0.2'}, {'network': '10.3.0.0', 'netmask': '255.255.255.0', 'gateway': '10.1.0.3', 'table': 'myroutetable'}, {'network': '10.1.0.0', 'netmask': '255.255.255.0', 'table': 'myroutetable'}, {'network': '10.7.0.0', 'netmask': '255.255.255.0', 'gateway': '10.1.0.2', 'options': ['onlink']}]}) => {
"ansible_loop_var": "item",
"changed": true,
"diff": [
{
"after": "# Ansible managed\n\n 10.6.0.0/24 via 10.1.0.2\n 10.3.0.0/24 via 10.1.0.3 table myroutetable\n 10.1.0.0/24 dev veth1.1001 table myroutetable\n 10.7.0.0/24 via 10.1.0.2\n",
"after_header": "/home/stack/.ansible/tmp/ansible-local-56666u8btr9ep/tmp6_totbb6/route_RedHat.j2",
"before": ""
}
],
"invocation": {
"dest": "/etc/sysconfig/network-scripts/route-veth1.1001",
"follow": false,
"mode": null,
"module_args": {
"dest": "/etc/sysconfig/network-scripts/route-veth1.1001",
"follow": false,
"mode": null,
"src": "/home/stack/.ansible/tmp/ansible-local-56666u8btr9ep/tmp6_totbb6/route_RedHat.j2"
},
"src": "/home/stack/.ansible/tmp/ansible-local-56666u8btr9ep/tmp6_totbb6/route_RedHat.j2"
},
"item": {
"address": "10.1.0.1",
"bootproto": "static",
"device": "veth1.1001",
"netmask": "255.255.255.0",
"route": [
{
"gateway": "10.1.0.2",
"netmask": "255.255.255.0",
"network": "10.6.0.0"
},
{
"gateway": "10.1.0.3",
"netmask": "255.255.255.0",
"network": "10.3.0.0",
"table": "myroutetable"
},
{
"netmask": "255.255.255.0",
"network": "10.1.0.0",
"table": "myroutetable"
},
{
"gateway": "10.1.0.2",
"netmask": "255.255.255.0",
"network": "10.7.0.0",
"options": [
"onlink"
]
}
],
"rules": [
"from 10.1.0.0/24 table myroutetable",
"to 10.1.0.0/24 table myroutetable"
]
}
}
Allow unmanaged addresses on an interface
Sometimes it may be useful to not assign an IP address to an interface, but to allow another process to assign one. An example use case is a virtual IP address dynamically added or by a process such as keepalived.
Support multiple IP's per interface?
Do you have plans to support multiple IP's per interface? On RedHat family ifcfg look like:
IPADDR=4.4.4.4
PREFIX=32
IPADDR1=8.8.8.8
PREFIX1=32
GATEWAY=9.9.9.9
[DEPRECATION WARNING]: Use 'ansible.utils.ipaddr'
Hi,
When executing the task RedHat | Write configuration files for rhel route configuration we get the following message:
[DEPRECATION WARNING]: Use 'ansible.utils.ipaddr' module instead. This feature will be removed from ansible.netcommon in a release after 2024-01-01. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
Nothing urgent. But i just open an issue to keep trace of it. I'll try to PR if I find time.
Thanks for this role.
Network not configured after reboot on RHEL/CentOS 8
On RHEL/CentOS 8, this role now installs the network-scripts RPM. This RPM provides the legacy ifup / ifdown implementations that can bypass NetworkManager. It also provides a network init.d script. However, this script is not enabled by default.
Since we use NM_CONTROLLED=no, this means that a role invocation will work fine, until the next reboot or until the DHCP lease expires (when using DHCP), whichever comes first.
Steps to reproduce in a fresh CentOS 8 cloud image using DHCP on eth0:
- Run the following playbook:
- hosts: localhost
roles:
- role: MichaelRigart.interfaces
interfaces_ether_interfaces:
- device: eth0
bootproto: dhcp
- Reboot
Expected result
Network is functional
Actual result
No network is configured
Solution
Enable the legacy network init script:
$ sudo systemctl enable network.service
network.service is not a native service, redirecting to systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable network
Feature: Ability to consolidate configuration in interfaces file
Hello,
We are using your role to configure our servers. However, we have an issue for configuring Proxmox: it only loads the network configuration from /etc/network/interfaces (on Debian) and doesn't care about interfaces.d folder.
We would like to be able to store the config in a single file, using an option, for this special use case.
I'd like you opinion before working on a PR because the role is a bit complex:
- My first idea would be to use *assemble to gather all interfaces.d files in interfaces (But I'm not sure if composing content from interface name ordering is OK). We just need to put loopback config in a separate file and assemble the folder (light changes). All the mechanics are left untouched because they rely on still existing separate files but not included
- Another idea is to completely disable single files in this case. I'm not sure though why a bounce is triggered if the running config does not match the target config AND also when the configuration file is changed (I think that not having the bounce on the later one is ok because if the config file is changed it means that the bounce will happen anyway.
- Another option, regardless of keeping or not separate files, could be to use a template with includes if the declaration order is important
Regards
J
[Question] Is it possible to deactive a interface?
I've got the following:
1. I want to setup a bridge with a ethernet (card) enslaved
This is no problem with ansible-role-interfaces, even if the ethernet had the ip addr given to the bridge before the change. Easy peasy.
- role: MichaelRigart.interfaces
interfaces_bridge_interfaces:
- device: br0
type: bridge
bootproto: static
address: x.x.x.x
ports: [eth0]
[...]
2. I want to go back: deactivate the bridge and assign the ip addr (direct) to the ethernet (card) again
This is possible with ansible-role-interfaces:
- role: MichaelRigart.interfaces
interfaces_ether_interfaces:
- device: eth0
bootproto: static
address: x.x.x.x
[...]
interfaces_bridge_interfaces:
- device: br0
type: bridge
bootproto: static
ports: []
[...]
The ports: [] is important to remove eth0 from being enslaved. However, this always errors out at the very end with the message:
'Interface br0 is not active'
Well, I guess the bridge has no ip addr (any more), and nothing enslaved, hence ifup is not possible. A possible solution to this is to allow something like remove or 'deactive' as an possible explicit state for an interface.
Check active Ethernet interface state complaints for sub interfaces
When adding sub-interfaces (eth1:1), most of the role works fine except for the last check task. I am new to Ansible in general, so I was wondering if I was missing something or if there is a way to recognize the sub interface.
[DEPRECATION WARNING]: Using tests as filters is deprecated.
DEPRECATION WARNING]: Using tests as filters is deprecated. Instead of using
result|match use result is match. This feature will be removed in version
2.9. Deprecation warnings can be disabled by setting deprecation_warnings=False
in ansible.cfg.
templates/bridge_Debian.j2 generates output with missing newline.
In particular when I have an interface
- device: "external-br0"
type: bridge
address: ""
netmask: ""
gateway: ""
bootproto: static
stp: "on"
mtu: 1500
ports: [eno1]
this snippet of the templates/bridge_Debian.j2 template:
{% if item.ports is defined %}
bridge_ports {{ item.ports|join(' ') }}{% if item.ports | default([], true) | length == 0 %}none{% endif %}
{% endif %}
{% if item.stp is defined %}
bridge_stp {{ item.stp }}
{% endif %}
generates a file in /etc/network/interfaces.d/ifcfg-external-br0 with the following line:
bridge_ports eno1bridge_stp on
note the lack of newline between the bridge_ports and bridge_stp entries.
AnsibleError/KeyError related to "cidr"
Whenever interfaces_ether_interfaces is referenced, an AnsibleError/KeyError related to "cidr" occurs:
TASK [MichaelRigart.interfaces : Debian | install VLAN packages] ********************************************
fatal: [kayobe-seed]: FAILED! => {"msg": "The conditional check 'all_interfaces | selectattr('device', 'match', vlan_interface_regex) | list | length > 0\n' failed. The error was: An unhandled exception occurred while templating '{{ interfaces_ether_interfaces +\n interfaces_bridge_interfaces +\n interfaces_bond_interfaces }}\n'. Error was a <class 'ansible.errors.AnsibleError'>, original message: An unhandled exception occurred while templating '{{ ether_interfaces |\n map('net_interface_obj') |\n list }}\n'. Error was a <type 'exceptions.KeyError'>, original message: cidr\n\nThe error appears to have been in '/isis/src/kayobe/ansible/roles/MichaelRigart.interfaces/tasks/debian.yml': line 11, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Debian | install VLAN packages\n ^ here\n"}
TASK [MichaelRigart.interfaces : Check active Ethernet interface state] *********************************
fatal: [kayobe-seed]: FAILED! => {"msg": "The conditional check 'interfaces_ether_interfaces is defined' failed. The error was: An unhandled exception occurred while templating '{{ ether_interfaces |\n map('net_interface_obj') |\n list }}\n'. Error was a <type 'exceptions.KeyError'>, original message: cidr\n\nThe error appears to have been in '/isis/src/kayobe/ansible/roles/MichaelRigart.interfaces/tasks/ethernet_configuration.yml': line 3, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Check active Ethernet interface state weh\n ^ here\n"}
Create a manual or non-IP interface?
Is there a recommended way to create an interface with neither static nor DHCP address?
In my use case, I want to create a bonded parent interface, which won't have any IP address of its own, but act purely as a parent to multiple VLAN interfaces, which will have their own addresses.
On a [Debian] host that is already set up this way, the parent interface is simply configured as:
iface bond1 inet manual
bond-mode 802.3ad
bond-slaves enp1s0f2 enp1s0f3
If I set bootproto to static but don't give it any address, the role completes but fails to bring the interface up due to missing address. If I set bootproto to static and set the address to 0.0.0.0 it works (although it's probably not a good config) but the 'Check active bond interface state' handler fails.
Thanks!
error when configuring ip for a infiniband interface
I have defined this variable to configure the ip for an infiniband interface:
interfaces_ether_interfaces:
- device: ib0
bootproto: static
address: 10.41.0.10
netmask: 255.255.128.0
but when running the playbook task Check active Ethernet interface state always reports a change for interface ib0 with this message:
changed: [login10] => (item={'device': 'ib0', 'bootproto': 'static', 'address': '10.41.0.10', 'netmask': '255.255.128.0'}) => {
"msg": "Checking Ethernet interface configuration for ib0: {'diff': True, 'reason': 'Interface ib0 is of an unexpected type'}\n"
}
Later in handler Check active Ethernet interface state I get an error:
failed: [login10] (item={'device': 'ib0', 'bootproto': 'static', 'address': '10.41.0.10', 'netmask': '255.255.128.0'}) => {"ansible_loop_var": "item", "changed": false, "item": {"address": "10.41.0.10", "bootproto": "static", "device": "ib0", "netmask": "255.255.128.0"}, "msg": "Interface ib0 is of an unexpected type"}
The problem seems to be in here because for a regular ethernet interface fact["type"] = ether but for an infiniband interface fact["type"] = infiniband
Is it possible to add support to define interfaces_infiniband_interfaces? Or can I somehow define that the type for this interface is infiniband?
I can work on a PR or do beta-testing if you are open to add this feature to the role.
Bridge configuration can cause loss of connectivity
In some cases we might find that bouncing a bridge interface separately from its ports can cause us to lose connectivity. This might be because the bridge is being an assigned an IP that was previously assigned to one of the ports, or because bringing up the bridge adds a default route that is not accessible while the ports are inactive or detached from the bridge.
To overcome this limitation, the bridge and its ports should be bounced (ifdown/ifup) in a single task.
Misconfigured bridges when using DHCP on Red Hat
When configuring bridges with DHCP, the generated interface configuration file on Red Hat uses TYPE=bridge instead of TYPE=Bridge, which results in a misconfigured network as the argument is case sensitive.
template ethernet_RedHat.j2 : bootproto set at none instead of static
Hi,
I've just found an error on the template ethernet_RedHat.j2 of the current version 1.11.1 and on the master branch.
At line 9, bootproto must be set at static and not none.
must be :
...
{% if item.bootproto == 'static' %}
BOOTPROTO=static
...
dnsnameservers redhat?
in the redhat the dnsnameservers is not enabled??
When configuring an IP over IB (`ipoib`) interface failing with "Interface ib0 is not active"
I'm trying to set up an InfiniBand interface on a Mellanox ConnectX-6 with OFED driver version 5.5-1.0.3.2 on Rocky 8.5
Drivers are installed and interfaces can be brought up manually.
I'm calling the role like this because the role has already been called earlier to set up the real Ethernet interfaces:
---
- name: Configure Infiniband interfaces
hosts: infiniband
tasks:
- name: Configure Infinband interfaces
import_role:
name: michaelrigart.interfaces
vars:
interfaces_pause_time: 120
interfaces_ether_interfaces:
- device: "{{ infiniband_interface }}"
bootproto: static
address: "{{ ib_ip }}"
netmask: "{{ infiniband_netmask }}"
type: ipoib
become: true
I've added interfaces_pause_time: 120 as I assumed that the interfaces were just taking time to become active after being bounced, I'
However when executing the playbook they end with:
RUNNING HANDLER [michaelrigart.interfaces : Check active Ethernet interface state] *********************************************
failed: [ib-host11] (item={'device': 'ib0', 'bootproto': 'static', 'address': '10.10.10.11', 'netmask': '255.255.252.0', 'type': 'ipoib'}) => {"ansible_loop_var": "item", "changed": false, "item": {"address": "10.10.10.11", "bootproto": "static", "device": "ib0", "netmask": "255.255.252.0", "type": "ipoib"}, "msg": "Interface ib0 is not active"}
I've check for other issues for ipoib and #76 and #58 look like they've been resolved, and don't seem to help resolve this issue.
Interface active check fails if bond negotiation slow
There is a race on checking the interface state, please see:
https://storyboard.openstack.org/#!/story/2007787
I propose we use @busterswt's proposed fix of adding a pause, see:
thoughts?
jinja2 contextfilter is deprecated
contextfilter is deprecated in jinja2 and can be replaced by pass_context
jupyter/nbconvert#1568
Can we please replace contextfilter in filter_plugins/filters.py? Otherwise there is an error with new jinja2:
michaelrigart.interfaces/filter_plugins/filters.py) as it seems to be invalid: module 'jinja2' has no attribute 'contextfilter'
Newer version of jinja2 breaks the role
tested with:
- latest role version
1.13.1 - python
3.10 - jinja2
3.1.2 - will fail with:
TASK [MichaelRigart.interfaces : Check active Ethernet interface state] ************
[WARNING]: Skipping plugin (/home/stefan/private/ansible-
homecenter/roles/MichaelRigart.interfaces/filter_plugins/filters.py) as it seems to
be invalid: module 'jinja2' has no attribute 'contextfilter'
fatal: [homecenter]: FAILED! => {"msg": "An unhandled exception occurred while templating '{{ item | ether_check }}'. Error was a <class 'ansible.errors.AnsibleError'>, original message: template error while templating string: No filter named 'ether_check'.. String: {{ item | ether_check }}"}
tested workaround:
- going back to jinja
3.0.3fixes the problem
I haven't checked which jinja2 version update really introduces the breaking change...
error when changing default gateway to another interface
I am trying to configure a machine that is working with gateway 10.10.10.1 (eth0) to use a different gateway (100.100.100.254) in eth1 . this is my config:
interfaces_ether_interfaces:
- device: eth0
bootproto: dhcp
dnsnameservers: 10.10.10.1
- device: eth1
bootproto: static
address: 100.100.100.66
netmask: 255.255.255.0
gateway: 100.100.100.254
When I run the role I get this error:
RUNNING HANDLER [MichaelRigart.interfaces : Check active Ethernet interface state] ****************************************************************************************************************************************************
skipping: [sosci-devel.scicore-dmz.lan] => (item={u'device': u'eth0', u'dnsnameservers': u'10.10.10.1', u'bootproto': u'dhcp', u'dnssearch': u'scicore-dmz.lan scicore.unibas.ch unibas.ch'}) => {
"changed": false,
"item": {
"bootproto": "dhcp",
"device": "eth0",
"dnsnameservers": "10.10.10.1",
},
"skip_reason": "Conditional result was False"
}
failed: [sosci-devel.scicore-dmz.lan] (item={u'device': u'eth1', u'netmask': u'255.255.255.0', u'bootproto': u'static', u'gateway': u'100.100.100.254', u'address': u'100.100.100.66'}) => {
"changed": false,
"item": {
"address": "100.100.100.66",
"bootproto": "static",
"device": "eth1",
"gateway": "100.100.100.254",
"netmask": "255.255.255.0"
},
"msg": "Default IPv4 gateway is incorrect"
}
If I rerun the role it works fine at the second try.
I could also workaround the issue by commenting out these lines
any suggestion about how to do a proper fix that could be merged upstream? I can test it and send a PR
When creating a bonded InfiniBand re-running the role gives 'Interface ib0 is of an unexpected type'
The interface type for a bonded Infinband interface should either not be defined, ot be InfiniBand, but not ether as per
https://github.com/michaelrigart/ansible-role-interfaces/blob/master/filter_plugins/filters.py#L234
The variables I'm using for this are:
interfaces_bond_interfaces:
- device: "ib-bond0"
bootproto: static
address: "{{ ib_ip }}"
netmask: "{{ ib_netmask }}"
type: ipoib
bond_mode: active-backup
bond_slaves:
- ib0
- ib1
I'm expectin the type: ipoib to do "the right thing"
Error output:
RUNNING HANDLER [michaelrigart.interfaces : Check active bond interface state] *********************************************************************************************************************************************************************
task path: /home/test/ib_playbooks/ignore/roles/michaelrigart.interfaces/handlers/main.yml:182
failed: [test01] (item={'device': 'ib-bond0', 'bootproto': 'static', 'address': '10.0.0.1', 'netmask': '255.255.252.0', 'type': 'ipoib', 'bond_mode': 'active-backup', 'bond_slaves': ['ib0', 'ib1']}) => changed=false
ansible_loop_var: item
item:
address: 10.0.0.1
bond_mode: active-backup
bond_slaves:
- ib0
- ib1
bootproto: static
device: ib-bond0
netmask: 255.255.252.0
type: ipoib
msg: Interface ib0 is of an unexpected type
[RedHat] Warn about stale ifcfg files
On RedHat systems, this role doesn't manage existing ifcfg files that don't match active interface names. This can cause conflicts on reboot when the OS applies all ifcfg files, including stale ones.
Could we at least warn about their presence?
Regression due to "CentOS: remove stale interfaces"
#118 introduced a regression, where configuration for active interfaces could be removed and not recreated, if not present in the network interface variables. This could lead to loss of network connectivity.
We should find a way to achieve the aims of this change in a different way.
Introduce tags for versioning
The advantage for people is that they can stick to a version and then adapt to a new version (with a change potentially breaking their playbook) at their own pace.
Proposal for a versioning schema could be https://semver.org/
ifupdown2 package requirement missing for Debian
netplan
Is netplan going to be supported soon? Ubuntu 18.04 seem to use it by default.
Error after enabling VLAN interface
After running a playbook with the following configuration twice:
-
device: eno2
bootproto: static
mtu: 1500 -
device: eno2.21
bootproto: static
address: 10.21.x.x
netmask: 255.255.0.0
gateway: 10.21.x.x -
device: eno2.22
bootproto: static
address: 10.22.x.x
netmask: 255.255.0.0
gateway: 10.22.x.x
I get the following error message:
"msg": "non-zero return code",
"rc": 1,
"start": "2018-04-11 02:32:45.800879",
"stderr": "ifdown: interface eno2.22 not configured\nifdown: interface eno2.21 not configured\nRTNETLINK answers: File exists\nifup: failed to bring up eno2.21\nRTNETLINK answers: File exists\nifup: failed to bring up eno2.22",
"stderr_lines": [
"ifdown: interface eno2.22 not configured",
"ifdown: interface eno2.21 not configured",
"RTNETLINK answers: File exists",
"ifup: failed to bring up eno2.21",
"RTNETLINK answers: File exists",
"ifup: failed to bring up eno2.22"
],
[Question] Is it possible to set the default route?
Is it possible to set the default route?
'network_ether_interfaces' is undefined
OS: RHEL 7.3
Ansible: 2.2
When configuring a bridge interface I hit the following error (in the ethernet tasks):
TASK [MichaelRigart.interfaces : RedHat | Write configuration files for rhel route configuration] ***
fatal: [control01]: FAILED! => {"failed": true, "msg": "'network_ether_interfaces' is undefined"}
to retry, use: --limit @/home/stack/kayobe/ansible/net.retry
PLAY RECAP *********************************************************************
control01 : ok=2 changed=0 unreachable=0 failed=1
Applying the following patch resolved the issue:
diff --git a/tasks/ethernet_configuration.yml b/tasks/ethernet_configuration.yml
index 10b80d0..72f7525 100644
--- a/tasks/ethernet_configuration.yml
+++ b/tasks/ethernet_configuration.yml
@@ -11,7 +11,7 @@
template:
src: 'route_{{ ansible_os_family }}.j2'
dest: '{{ interfaces_net_path[ansible_os_family|lower] }}/route-{{ item.device }}'
- with_items: '{{ network_ether_interfaces }}'
+ with_items: '{{ interfaces_ether_interfaces }}'
when: item.route is defined and ansible_os_family == 'RedHat'
- name: Bounce ethernet devicesPR incoming.
REd Hat: support promiscuous mode
This flag is needed
PROMISC=no
the need for resolvconf on Debian
Hello,
Why are you installing resolvconf on Debian ?
This seems to be redundant now that systemd-resolved is the default.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.