michaelrigart / ansible-role-interfaces Goto Github PK
View Code? Open in Web Editor NEWAn ansible role for configuring different network interfaces
License: GNU General Public License v3.0
An ansible role for configuring different network interfaces
License: GNU General Public License v3.0
OS: RHEL 7.3
Ansible: 2.2
When configuring a bridge interface, I noticed that the onboot
flag is only applied for interfaces configured as bootproto == 'static'
. This should also be applied for interfaces in dhcp
mode. This is also true of ethernet interfaces.
PR incoming.
On CentOS/RHEL systems, if the parent device of a VLAN interface goes down, the VLAN interface will also go down. If the parent device is brought back up again, the VLAN interface will become active again, but any static routes previously assigned to the VLAN interface are not reinstated.
Steps to reproduce:
playbook.yml
---
- hosts: localhost
tasks:
- import_role:
name: MichaelRigart.interfaces
vars:
interfaces_ether_interfaces:
- device: fake1.2
bootproto: static
vlan: 2
address: 10.10.1.0
netmask: 255.255.255.0
route:
- network: 10.10.2.0
netmask: 255.255.255.0
gateway: 10.10.1.1
onboot: yes
- device: fake1
bootproto: static
address: 10.10.3.0
netmask: 255.255.255.0
onboot: yes
Create a fake interface:
sudo ip link add fake1 type dummy
Run the playbook:
ansible-playbook playbook.yml
The fake1.2 interface has a static route.
ip route
Trigger a restart of the parent:
sudo rm /etc/sysconfig/network-scripts/ifcfg-fake1
Run the playbook again:
ansible-playbook playbook.yml
It succeeds, but the fake1.2 interface has lost its static route.
ip route
TASK [MichaelRigart.interfaces : RedHat | Write configuration files for rhel route configuration] ***************************************************************************************************************************************************************************************************************
task path: /home/stack/ansible-role-interfaces/tasks/ethernet_configuration.yml:26
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.errors.AnsibleFilterError: The ipaddr filter requires python's netaddr be installed on the ansible controller
failed: [localhost] (item={'device': 'veth1.1001', 'bootproto': 'static', 'address': '10.1.0.1', 'netmask': '255.255.255.0', 'rules': ['from 10.1.0.0/24 table myroutetable', 'to 10.1.0.0/24 table myroutetable'], 'route': [{'network': '10.6.0.0', 'netmask': '255.255.255.0', 'gateway': '10.1.0.2'}, {'network': '10.3.0.0', 'netmask': '255.255.255.0', 'gateway': '10.1.0.3', 'table': 'myroutetable'}, {'network': '10.1.0.0', 'netmask': '255.255.255.0', 'table': 'myroutetable'}, {'network': '10.7.0.0', 'netmask': '255.255.255.0', 'gateway': '10.1.0.2', 'options': ['onlink']}]}) => {"ansible_loop_var": "item", "changed": false, "item": {"address": "10.1.0.1", "bootproto": "static", "device": "veth1.1001", "netmask": "255.255.255.0", "route": [{"gateway": "10.1.0.2", "netmask": "255.255.255.0", "network": "10.6.0.0"}, {"gateway": "10.1.0.3", "netmask": "255.255.255.0", "network": "10.3.0.0", "table": "myroutetable"}, {"netmask": "255.255.255.0", "network": "10.1.0.0", "table": "myroutetable"}, {"gateway": "10.1.0.2", "netmask": "255.255.255.0", "network": "10.7.0.0", "options": ["onlink"]}], "rules": ["from 10.1.0.0/24 table myroutetable", "to 10.1.0.0/24 table myroutetable"]}, "msg": "AnsibleFilterError: The ipaddr filter requires python's netaddr be installed on the ansible controller"}
TASK [MichaelRigart.interfaces : Create the network configuration file for bond devices] ************************************************************************************************************************************************************************************************************************
[DEPRECATION WARNING]: Use 'ansible.utils.ipaddr' module instead. This feature will be removed from ansible.netcommon in a release after 2024-01-01. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.errors.AnsibleFilterError: Failed to import the required Python library (netaddr) on piotr-rh.novalocal's Python /home/rocky/venv/bin/python. Please read the module documentation and install it in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter
failed: [localhost] (item={'device': 'bond7', 'bootproto': 'static', 'address': '10.4.0.1', 'netmask': '255.255.255.0', 'bond_mode': '802.3ad', 'bond_slaves': ['veth1', 'veth2']}) => {"ansible_loop_var": "item", "changed": false, "item": {"address": "10.4.0.1", "bond_mode": "802.3ad", "bond_slaves": ["veth1", "veth2"], "bootproto": "static", "device": "bond7", "netmask": "255.255.255.0"}, "msg": "AnsibleFilterError: Failed to import the required Python library (netaddr) on piotr-rh.novalocal's Python /home/rocky/venv/bin/python. Please read the module documentation and install it in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter"}
If i use the role on a Debian 10 with this data :
interfaces_bridge_interfaces:
- device: br15
type: bridge
address: 172.26.15.99
netmask: 255.255.255.0
bootproto: static
stp: "off"
mtu: 1500
ports: [eno1]
The debug output will be :
TASK [interfaces : Create the network configuration file for bridge devices] *******************************************************************************
changed: [XXX] => (item={'device': 'br15', 'type': 'bridge', 'address': '172.26.15.99', 'netmask': '255.255.255.0', 'bootproto': 'static', 'stp': 'off', 'mtu': 1500, 'ports': ['eno1']})
"item": {
"address": "172.26.15.99",
"bootproto": "static",
"device": "br15",
"mtu": 1500,
"netmask": "255.255.255.0",
"ports": [
"eno1"
],
"stp": "off",
"type": "bridge"
And the destination file will look like this :
auto br15
iface br15 inet static
mtu 1500
address 172.26.15.99
netmask 255.255.255.0
bridge_ports eno1bridge_stp off
bridge_stp off
should be on a new line ...The little dns-nameservers
bit is missing from the Debian bond template โ would you like a PR to fix this?
{% if item.dnsnameservers is defined %}
dns-nameservers {{ item.dnsnameservers }}
{% endif %}
We have an action to automatically import this role, but it seems to be failing: https://github.com/michaelrigart/ansible-role-interfaces/actions/workflows/publish-role.yml
OS: RHEL 7.3
Ansible: 2.2
Configuring a bridge interface I saw the following error:
...
TASK [MichaelRigart.interfaces : Create the network configuration file for port on the bridge devices] ***
fatal: [control01]: FAILED! => {"failed": true, "msg": "subelements lookup expects a dictionary, got 'interfaces_bridge_interfaces'"}
to retry, use: --limit @/home/stack/kayobe/ansible/net.retry
PLAY RECAP *********************************************************************
control01 : ok=3 changed=0 unreachable=0 failed=1
After applying the following patch:
diff --git a/tasks/bridge_configuration.yml b/tasks/bridge_configuration.yml
index 3fd31f1..916208d 100644
--- a/tasks/bridge_configuration.yml
+++ b/tasks/bridge_configuration.yml
@@ -24,7 +24,7 @@
src: 'bridge_port_{{ ansible_os_family }}.j2'
dest: '{{ interfaces_net_path[ansible_os_family|lower] }}/ifcfg-{{ item.1 }}'
with_subelements:
- - interfaces_bridge_interfaces
+ - "{{ interfaces_bridge_interfaces }}"
- ports
register: bridge_port_result
I saw a similar issue for the bond tasks, despite not configuring any bond interfaces:
TASK [MichaelRigart.interfaces : Create the network configuration file for slave in the bond devices] ***
fatal: [control01]: FAILED! => {"failed": true, "msg": "subelements lookup expects a dictionary, got 'interfaces_bond_interfaces'"}
to retry, use: --limit @/home/stack/kayobe/ansible/net.retry
PLAY RECAP *********************************************************************
control01 : ok=4 changed=0 unreachable=0 failed=1
This was fixed with a similar patch as for the bridge error.
PR incoming.
The CentOS cloud images may include network interface files used when the image was built, which may be invalid. This role already has a workaround to remove them. It only removes files for interfaces that are not managed by this role. This ensures that the role is idempotent. However, if an invalid interface file exists for an interface that is managed by this role, it may prevent the network service from starting, resulting in Ansible failing in the following task:
RedHat | ensure network service is started and enabled
Hello,
I am using Linux Mint 19.3.
I try to setup a eth1/eth2 interfaces with the following:
interfaces_ether_interfaces:
- device: eth1
bootproto: static
address: 192.168.33.15
netmask: 255.255.255.0
gateway: 192.168.0.254
dnsnameservers: 8.8.8.8 8.8.4.4
mtu: 9000
- device: eth2
bootproto: dhcp
The [workstation/network : Bounce network devices]
task triggers the following error:
fatal: [workstation]: FAILED! => {
"changed": true,
"cmd": [
"nohup",
"bash",
"-c",
" returncode=0 ifdown --allow auto eth1; ifdown --allow auto eth2; if ! ifup --allow auto eth2; then\necho \"Failed to bring up interface eth2\";\nreturncode=1\nfi; if ! ifup --allow auto eth1; then\necho \"Failed to bring up interface eth1\";\nreturncode=1\nfi; exit $returncode"
],
"delta": "0:00:00.062514",
"end": "2020-06-16 14:30:19.033546",
"rc": 1,
"start": "2020-06-16 14:30:18.971032"
}
STDOUT:
Failed to bring up eth2.
Failed to bring up interface eth2
Failed to bring up eth1.
Failed to bring up interface eth1
STDERR:
ifdown: interface eth1 not configured
ifdown: interface eth2 not configured
Internet Systems Consortium DHCP Client 4.3.5
Copyright 2004-2016 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Cannot find device "eth2"
Error getting hardware address for "eth2": No such device
If you think you have received this message due to a bug rather
than a configuration issue please read the section on submitting
bugs on either our web page at www.isc.org or in the README file
before submitting a bug. These pages explain the proper
process and the information we find helpful for debugging..
exiting.
Cannot find device "eth1"
I think it may come from missing entries in /run/network/ifstate
which outputs:
lo=lo
Do I need to create a task to add my interfaces or your role is already supposed to do it and there is a bug?
OS: RHEL 7.3
Ansible: 2.2
When configuring a bridge interface I noticed that the bridge ports do not honour the onboot
flag. This means that these interfaces will not be instantiated on subsequent boots.
PR incoming.
I see that listing an IPv6 address for an interface is currently not supported. Any plans of supporting it?
This role works brilliantly for ethernet interfaces but cannot manage "IP over IB" interfaces. On the whole they should work very similar to the ethernet devices but with a few different options for the network-scripts template.
Recent releases 1.7.0 and 1.8.0 of this role are broken when no Ethernet interface is being configured:
RUNNING HANDLER [MichaelRigart.interfaces : Bounce network devices] ************
task path: /home/zuul/kayobe-venv/share/kayobe/ansible/roles/MichaelRigart.interfaces/handlers/main.yml:110
fatal: [controller0]: FAILED! => {
"msg": "The task includes an option with an undefined variable. The error was: 'ether_interfaces_changed' is undefined\n\nThe error appears to be in '/home/zuul/kayobe-venv/share/kayobe/ansible/roles/MichaelRigart.interfaces/handlers/main.yml': line 110, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Bounce network devices\n ^ here\n"
}
I believe this was caused by #79: when interfaces_ether_interfaces
is empty, ethernet_configuration.yml
isn't included anymore, resulting in an undefined variable.
The same issue probably happens when interfaces_bond_interfaces
or interfaces_bridge_interfaces
is empty.
On CentOS/RHEL 8 systems, if all ports of a bridge go down, the bridge interface will also go down. If the ports are brought back up again, the bridge interface does not automatically come back up. Therefore, if there is some change to the configuration of all of the bridge ports, the bridge may be left in an inactive state.
Steps to reproduce:
playbook.yml:
---
- hosts: localhost
tasks:
- import_role:
name: .
vars:
interfaces_bridge_interfaces:
- device: br0
bootproto: static
address: 10.10.0.2
netmask: 255.255.255.0
bond_mode: 802.3ad
ports: [fake1, fake2]
onboot: yes
Create fake interfaces:
sudo ip link add fake1 type dummy
sudo ip link add fake2 type dummy
Run the playbook:
ansible-playbook playbook.yml
Trigger a restart of both of the bridge port interfaces:
sudo rm /etc/sysconfig/network-scripts/ifcfg-fake1
sudo rm /etc/sysconfig/network-scripts/ifcfg-fake2
Run the playbook again:
ansible-playbook playbook.yml
It fails:
RUNNING HANDLER [. : Check active bridge interface state] **************************************************************************************************************************************************
failed: [localhost] (item={'device': 'br0', 'bootproto': 'static', 'address': '10.10.0.2', 'netmask': '255.255.255.0', 'onboot': True, 'ports': ['fake1', 'fake2']}) => {"changed": false, "item": {"address": "10.10.0.2", "bootproto": "static", "device": "br0", "netmask": "255.255.255.0", "onboot": true, "ports": ["fake1", "fake2"]}, "msg": "Interface br0 is not active"}
release v1.13.2 is not available in ansible galaxy - travis-ci.org builds are not working for some time already, shall we move to GitHub actions instead?
Hey,
I was not able to download the latest release 'v1.3.0' from ansible galaxy. I tried ansible-galaxy install -r roles.yml
roles.yml
---
- name: MichaelRigart.interfaces
version: "v1.3.0"
I get the following output from ansible-galaxy:
- downloading role 'interfaces', owned by MichaelRigart
[WARNING]: - MichaelRigart.interfaces was NOT installed successfully: - the specified version (v1.3.0) of MichaelRigart.interfaces was
not found in the list of available versions ([{u'download_url': u'https://github.com/michaelrigart/ansible-role-
interfaces/archive/v1.0.0.tar.gz', u'name': u'v1.0.0', u'created': u'2018-02-20T14:30:48.119034Z', u'url': u'', u'summary_fields': {},
u'modified': u'2018-06-19T08:29:08.095092Z', u'related': {}, u'commit_date': u'2017-12-20T15:17:49-05:00', u'version': u'1.0.0',
u'commit_sha': None, u'active': None, u'id': 53602}, {u'download_url': u'https://github.com/michaelrigart/ansible-role-
interfaces/archive/v1.1.0.tar.gz', u'name': u'v1.1.0', u'created': u'2018-08-06T08:07:41.385338Z', u'url': u'', u'summary_fields': {},
u'modified': u'2018-08-06T08:07:41.385367Z', u'related': {}, u'commit_date': u'2018-06-19T04:27:02-04:00', u'version': u'1.1.0',
u'commit_sha': u'fd7fc2589b6b7636c55540e1eae0609efc682ae7', u'active': None, u'id': 72116}, {u'download_url':
u'https://github.com/michaelrigart/ansible-role-interfaces/archive/v1.2.0.tar.gz', u'name': u'v1.2.0', u'created':
u'2019-01-29T11:44:54.965949Z', u'url': u'', u'summary_fields': {}, u'modified': u'2019-01-29T11:44:54.965972Z', u'related': {},
u'commit_date': u'2019-01-29T04:22:11-05:00', u'version': u'1.2.0', u'commit_sha': u'cd3bbd715c29276f642e0841e09eeb67d3a07e5a',
u'active': None, u'id': 86879}]).
On CentOS/RHEL systems, if all members in a bond go down, the bond interface will also go down. If the members are brought back up again, the bond interface does not automatically come back up. Therefore, if there is some change to the configuration of bond members, the bond may be left in an inactive state.
Steps to reproduce:
playbook.yml:
---
- hosts: localhost
tasks:
- import_role:
name: .
vars:
interfaces_bond_interfaces:
- device: bond0
bootproto: static
address: 10.10.0.2
netmask: 255.255.255.0
bond_mode: 802.3ad
bond_slaves: [fake1, fake2]
onboot: yes
Create fake interfaces:
sudo ip link add fake1 type dummy
sudo ip link add fake2 type dummy
Run the playbook:
ansible-playbook playbook.yml
Trigger a restart of both of the bond member interfaces:
sudo rm /etc/sysconfig/network-scripts/ifcfg-fake1
sudo rm /etc/sysconfig/network-scripts/ifcfg-fake2
Run the playbook again:
ansible-playbook playbook.yml
It fails:
RUNNING HANDLER [. : Check active bond interface state] ****************************************************************************************************************************************************
failed: [localhost] (item={u'bond_slaves': [u'fake1', u'fake2'], u'bond_mode': u'802.3ad', u'netmask': u'255.255.255.0', u'bootproto': u'static', u'address': u'10.10.0.2', u'device': u'bond0', u'onboot': True}) => {"changed": false, "item": {"address": "10.10.0.2", "bond_mode": "802.3ad", "bond_slaves": ["fake1", "fake2"], "bootproto": "static", "device": "bond0", "netmask": "255.255.255.0", "onboot": true}, "msg": "Interface bond0 is not active"}
These had ceased to work after conditional has been replaced by loop in 51a2e99 - route
var can not be therefore modified. When running the sample playbook, onlink
option is missing:
TASK [MichaelRigart.interfaces : RedHat | Write configuration files for rhel route configuration] ***************************************************************************************************************************************************************************************************************
task path: /home/stack/ansible-role-interfaces/tasks/ethernet_configuration.yml:26
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: stack
<localhost> EXEC /bin/sh -c 'echo ~stack && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/stack/.ansible/tmp `"&& mkdir "` echo /home/stack/.ansible/tmp/ansible-tmp-1690206385.0158195-57452-276322253783155 `" && echo ansible-tmp-1690206385.0158195-57452-276322253783155="` echo /home/stack/.ansible/tmp/ansible-tmp-1690206385.0158195-57452-276322253783155 `" ) && sleep 0'
redirecting (type: filter) ansible.builtin.ipaddr to ansible.netcommon.ipaddr
redirecting (type: filter) ansible.builtin.ipaddr to ansible.netcommon.ipaddr
redirecting (type: filter) ansible.builtin.ipaddr to ansible.netcommon.ipaddr
Using module file /home/stack/venv/lib64/python3.6/site-packages/ansible/modules/stat.py
<localhost> PUT /home/stack/.ansible/tmp/ansible-local-56666u8btr9ep/tmp0_41jtb1 TO /home/stack/.ansible/tmp/ansible-tmp-1690206385.0158195-57452-276322253783155/AnsiballZ_stat.py
<localhost> EXEC /bin/sh -c 'chmod u+x /home/stack/.ansible/tmp/ansible-tmp-1690206385.0158195-57452-276322253783155/ /home/stack/.ansible/tmp/ansible-tmp-1690206385.0158195-57452-276322253783155/AnsiballZ_stat.py && sleep 0'
<localhost> EXEC /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-sfnsqxzvzquynslmyrcyttybvgzxnviu ; /usr/libexec/platform-python /home/stack/.ansible/tmp/ansible-tmp-1690206385.0158195-57452-276322253783155/AnsiballZ_stat.py'"'"' && sleep 0'
Using module file /home/stack/venv/lib64/python3.6/site-packages/ansible/modules/file.py
<localhost> PUT /home/stack/.ansible/tmp/ansible-local-56666u8btr9ep/tmph9251nju TO /home/stack/.ansible/tmp/ansible-tmp-1690206385.0158195-57452-276322253783155/AnsiballZ_file.py
<localhost> EXEC /bin/sh -c 'chmod u+x /home/stack/.ansible/tmp/ansible-tmp-1690206385.0158195-57452-276322253783155/ /home/stack/.ansible/tmp/ansible-tmp-1690206385.0158195-57452-276322253783155/AnsiballZ_file.py && sleep 0'
<localhost> EXEC /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-ggepugvoqetvacrclkhlcxsvhibnucfj ; /usr/libexec/platform-python /home/stack/.ansible/tmp/ansible-tmp-1690206385.0158195-57452-276322253783155/AnsiballZ_file.py'"'"' && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /home/stack/.ansible/tmp/ansible-tmp-1690206385.0158195-57452-276322253783155/ > /dev/null 2>&1 && sleep 0'
--- before
+++ after: /home/stack/.ansible/tmp/ansible-local-56666u8btr9ep/tmp6_totbb6/route_RedHat.j2
@@ -0,0 +1,6 @@
+# Ansible managed
+
+ 10.6.0.0/24 via 10.1.0.2
+ 10.3.0.0/24 via 10.1.0.3 table myroutetable
+ 10.1.0.0/24 dev veth1.1001 table myroutetable
+ 10.7.0.0/24 via 10.1.0.2
changed: [localhost] => (item={'device': 'veth1.1001', 'bootproto': 'static', 'address': '10.1.0.1', 'netmask': '255.255.255.0', 'rules': ['from 10.1.0.0/24 table myroutetable', 'to 10.1.0.0/24 table myroutetable'], 'route': [{'network': '10.6.0.0', 'netmask': '255.255.255.0', 'gateway': '10.1.0.2'}, {'network': '10.3.0.0', 'netmask': '255.255.255.0', 'gateway': '10.1.0.3', 'table': 'myroutetable'}, {'network': '10.1.0.0', 'netmask': '255.255.255.0', 'table': 'myroutetable'}, {'network': '10.7.0.0', 'netmask': '255.255.255.0', 'gateway': '10.1.0.2', 'options': ['onlink']}]}) => {
"ansible_loop_var": "item",
"changed": true,
"diff": [
{
"after": "# Ansible managed\n\n 10.6.0.0/24 via 10.1.0.2\n 10.3.0.0/24 via 10.1.0.3 table myroutetable\n 10.1.0.0/24 dev veth1.1001 table myroutetable\n 10.7.0.0/24 via 10.1.0.2\n",
"after_header": "/home/stack/.ansible/tmp/ansible-local-56666u8btr9ep/tmp6_totbb6/route_RedHat.j2",
"before": ""
}
],
"invocation": {
"dest": "/etc/sysconfig/network-scripts/route-veth1.1001",
"follow": false,
"mode": null,
"module_args": {
"dest": "/etc/sysconfig/network-scripts/route-veth1.1001",
"follow": false,
"mode": null,
"src": "/home/stack/.ansible/tmp/ansible-local-56666u8btr9ep/tmp6_totbb6/route_RedHat.j2"
},
"src": "/home/stack/.ansible/tmp/ansible-local-56666u8btr9ep/tmp6_totbb6/route_RedHat.j2"
},
"item": {
"address": "10.1.0.1",
"bootproto": "static",
"device": "veth1.1001",
"netmask": "255.255.255.0",
"route": [
{
"gateway": "10.1.0.2",
"netmask": "255.255.255.0",
"network": "10.6.0.0"
},
{
"gateway": "10.1.0.3",
"netmask": "255.255.255.0",
"network": "10.3.0.0",
"table": "myroutetable"
},
{
"netmask": "255.255.255.0",
"network": "10.1.0.0",
"table": "myroutetable"
},
{
"gateway": "10.1.0.2",
"netmask": "255.255.255.0",
"network": "10.7.0.0",
"options": [
"onlink"
]
}
],
"rules": [
"from 10.1.0.0/24 table myroutetable",
"to 10.1.0.0/24 table myroutetable"
]
}
}
Sometimes it may be useful to not assign an IP address to an interface, but to allow another process to assign one. An example use case is a virtual IP address dynamically added or by a process such as keepalived.
Do you have plans to support multiple IP's per interface? On RedHat family ifcfg look like:
IPADDR=4.4.4.4
PREFIX=32
IPADDR1=8.8.8.8
PREFIX1=32
GATEWAY=9.9.9.9
Hi,
When executing the task RedHat | Write configuration files for rhel route configuration
we get the following message:
[DEPRECATION WARNING]: Use 'ansible.utils.ipaddr' module instead. This feature will be removed from ansible.netcommon in a release after 2024-01-01. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
Nothing urgent. But i just open an issue to keep trace of it. I'll try to PR if I find time.
Thanks for this role.
On RHEL/CentOS 8, this role now installs the network-scripts
RPM. This RPM provides the legacy ifup
/ ifdown
implementations that can bypass NetworkManager. It also provides a network init.d script. However, this script is not enabled by default.
Since we use NM_CONTROLLED=no
, this means that a role invocation will work fine, until the next reboot or until the DHCP lease expires (when using DHCP), whichever comes first.
eth0
:- hosts: localhost
roles:
- role: MichaelRigart.interfaces
interfaces_ether_interfaces:
- device: eth0
bootproto: dhcp
Network is functional
No network is configured
Enable the legacy network init script:
$ sudo systemctl enable network.service
network.service is not a native service, redirecting to systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable network
Hello,
We are using your role to configure our servers. However, we have an issue for configuring Proxmox: it only loads the network configuration from /etc/network/interfaces (on Debian) and doesn't care about interfaces.d folder.
We would like to be able to store the config in a single file, using an option, for this special use case.
I'd like you opinion before working on a PR because the role is a bit complex:
Regards
J
I've got the following:
This is no problem with ansible-role-interfaces, even if the ethernet had the ip addr given to the bridge before the change. Easy peasy.
- role: MichaelRigart.interfaces
interfaces_bridge_interfaces:
- device: br0
type: bridge
bootproto: static
address: x.x.x.x
ports: [eth0]
[...]
This is possible with ansible-role-interfaces:
- role: MichaelRigart.interfaces
interfaces_ether_interfaces:
- device: eth0
bootproto: static
address: x.x.x.x
[...]
interfaces_bridge_interfaces:
- device: br0
type: bridge
bootproto: static
ports: []
[...]
The ports: []
is important to remove eth0 from being enslaved. However, this always errors out at the very end with the message:
'Interface br0 is not active'
Well, I guess the bridge has no ip addr (any more), and nothing enslaved, hence ifup
is not possible. A possible solution to this is to allow something like remove or 'deactive' as an possible explicit state for an interface.
When adding sub-interfaces (eth1:1), most of the role works fine except for the last check task. I am new to Ansible in general, so I was wondering if I was missing something or if there is a way to recognize the sub interface.
DEPRECATION WARNING]: Using tests as filters is deprecated. Instead of using
result|match
use result is match
. This feature will be removed in version
2.9. Deprecation warnings can be disabled by setting deprecation_warnings=False
in ansible.cfg.
In particular when I have an interface
this snippet of the templates/bridge_Debian.j2 template:
{% if item.ports is defined %}
bridge_ports {{ item.ports|join(' ') }}{% if item.ports | default([], true) | length == 0 %}none{% endif %}
{% endif %}
{% if item.stp is defined %}
bridge_stp {{ item.stp }}
{% endif %}
generates a file in /etc/network/interfaces.d/ifcfg-external-br0 with the following line:
bridge_ports eno1bridge_stp on
note the lack of newline between the bridge_ports and bridge_stp entries.
Whenever interfaces_ether_interfaces is referenced, an AnsibleError/KeyError related to "cidr" occurs:
TASK [MichaelRigart.interfaces : Debian | install VLAN packages] ********************************************
fatal: [kayobe-seed]: FAILED! => {"msg": "The conditional check 'all_interfaces | selectattr('device', 'match', vlan_interface_regex) | list | length > 0\n' failed. The error was: An unhandled exception occurred while templating '{{ interfaces_ether_interfaces +\n interfaces_bridge_interfaces +\n interfaces_bond_interfaces }}\n'. Error was a <class 'ansible.errors.AnsibleError'>, original message: An unhandled exception occurred while templating '{{ ether_interfaces |\n map('net_interface_obj') |\n list }}\n'. Error was a <type 'exceptions.KeyError'>, original message: cidr\n\nThe error appears to have been in '/isis/src/kayobe/ansible/roles/MichaelRigart.interfaces/tasks/debian.yml': line 11, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Debian | install VLAN packages\n ^ here\n"}
TASK [MichaelRigart.interfaces : Check active Ethernet interface state] *********************************
fatal: [kayobe-seed]: FAILED! => {"msg": "The conditional check 'interfaces_ether_interfaces is defined' failed. The error was: An unhandled exception occurred while templating '{{ ether_interfaces |\n map('net_interface_obj') |\n list }}\n'. Error was a <type 'exceptions.KeyError'>, original message: cidr\n\nThe error appears to have been in '/isis/src/kayobe/ansible/roles/MichaelRigart.interfaces/tasks/ethernet_configuration.yml': line 3, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Check active Ethernet interface state weh\n ^ here\n"}
Is there a recommended way to create an interface with neither static nor DHCP address?
In my use case, I want to create a bonded parent interface, which won't have any IP address of its own, but act purely as a parent to multiple VLAN interfaces, which will have their own addresses.
On a [Debian] host that is already set up this way, the parent interface is simply configured as:
iface bond1 inet manual
bond-mode 802.3ad
bond-slaves enp1s0f2 enp1s0f3
If I set bootproto to static but don't give it any address, the role completes but fails to bring the interface up due to missing address. If I set bootproto to static and set the address to 0.0.0.0 it works (although it's probably not a good config) but the 'Check active bond interface state' handler fails.
Thanks!
I have defined this variable to configure the ip for an infiniband interface:
interfaces_ether_interfaces:
- device: ib0
bootproto: static
address: 10.41.0.10
netmask: 255.255.128.0
but when running the playbook task Check active Ethernet interface state
always reports a change for interface ib0
with this message:
changed: [login10] => (item={'device': 'ib0', 'bootproto': 'static', 'address': '10.41.0.10', 'netmask': '255.255.128.0'}) => {
"msg": "Checking Ethernet interface configuration for ib0: {'diff': True, 'reason': 'Interface ib0 is of an unexpected type'}\n"
}
Later in handler Check active Ethernet interface state
I get an error:
failed: [login10] (item={'device': 'ib0', 'bootproto': 'static', 'address': '10.41.0.10', 'netmask': '255.255.128.0'}) => {"ansible_loop_var": "item", "changed": false, "item": {"address": "10.41.0.10", "bootproto": "static", "device": "ib0", "netmask": "255.255.128.0"}, "msg": "Interface ib0 is of an unexpected type"}
The problem seems to be in here because for a regular ethernet interface fact["type"] = ether
but for an infiniband interface fact["type"] = infiniband
Is it possible to add support to define interfaces_infiniband_interfaces
? Or can I somehow define that the type for this interface is infiniband
?
I can work on a PR or do beta-testing if you are open to add this feature to the role.
In some cases we might find that bouncing a bridge interface separately from its ports can cause us to lose connectivity. This might be because the bridge is being an assigned an IP that was previously assigned to one of the ports, or because bringing up the bridge adds a default route that is not accessible while the ports are inactive or detached from the bridge.
To overcome this limitation, the bridge and its ports should be bounced (ifdown/ifup) in a single task.
When configuring bridges with DHCP, the generated interface configuration file on Red Hat uses TYPE=bridge
instead of TYPE=Bridge
, which results in a misconfigured network as the argument is case sensitive.
Hi,
I've just found an error on the template ethernet_RedHat.j2 of the current version 1.11.1 and on the master branch.
At line 9, bootproto
must be set at static
and not none
.
must be :
...
{% if item.bootproto == 'static' %}
BOOTPROTO=static
...
in the redhat the dnsnameservers is not enabled??
I'm trying to set up an InfiniBand interface on a Mellanox ConnectX-6 with OFED driver version 5.5-1.0.3.2 on Rocky 8.5
Drivers are installed and interfaces can be brought up manually.
I'm calling the role like this because the role has already been called earlier to set up the real Ethernet interfaces:
---
- name: Configure Infiniband interfaces
hosts: infiniband
tasks:
- name: Configure Infinband interfaces
import_role:
name: michaelrigart.interfaces
vars:
interfaces_pause_time: 120
interfaces_ether_interfaces:
- device: "{{ infiniband_interface }}"
bootproto: static
address: "{{ ib_ip }}"
netmask: "{{ infiniband_netmask }}"
type: ipoib
become: true
I've added interfaces_pause_time: 120
as I assumed that the interfaces were just taking time to become active after being bounced, I'
However when executing the playbook they end with:
RUNNING HANDLER [michaelrigart.interfaces : Check active Ethernet interface state] *********************************************
failed: [ib-host11] (item={'device': 'ib0', 'bootproto': 'static', 'address': '10.10.10.11', 'netmask': '255.255.252.0', 'type': 'ipoib'}) => {"ansible_loop_var": "item", "changed": false, "item": {"address": "10.10.10.11", "bootproto": "static", "device": "ib0", "netmask": "255.255.252.0", "type": "ipoib"}, "msg": "Interface ib0 is not active"}
I've check for other issues for ipoib and #76 and #58 look like they've been resolved, and don't seem to help resolve this issue.
There is a race on checking the interface state, please see:
https://storyboard.openstack.org/#!/story/2007787
I propose we use @busterswt's proposed fix of adding a pause, see:
thoughts?
contextfilter is deprecated in jinja2 and can be replaced by pass_context
jupyter/nbconvert#1568
Can we please replace contextfilter in filter_plugins/filters.py? Otherwise there is an error with new jinja2:
michaelrigart.interfaces/filter_plugins/filters.py) as it seems to be invalid: module 'jinja2' has no attribute 'contextfilter'
tested with:
1.13.1
3.10
3.1.2
TASK [MichaelRigart.interfaces : Check active Ethernet interface state] ************
[WARNING]: Skipping plugin (/home/stefan/private/ansible-
homecenter/roles/MichaelRigart.interfaces/filter_plugins/filters.py) as it seems to
be invalid: module 'jinja2' has no attribute 'contextfilter'
fatal: [homecenter]: FAILED! => {"msg": "An unhandled exception occurred while templating '{{ item | ether_check }}'. Error was a <class 'ansible.errors.AnsibleError'>, original message: template error while templating string: No filter named 'ether_check'.. String: {{ item | ether_check }}"}
tested workaround:
3.0.3
fixes the problemI haven't checked which jinja2 version update really introduces the breaking change...
I am trying to configure a machine that is working with gateway 10.10.10.1 (eth0) to use a different gateway (100.100.100.254) in eth1 . this is my config:
interfaces_ether_interfaces:
- device: eth0
bootproto: dhcp
dnsnameservers: 10.10.10.1
- device: eth1
bootproto: static
address: 100.100.100.66
netmask: 255.255.255.0
gateway: 100.100.100.254
When I run the role I get this error:
RUNNING HANDLER [MichaelRigart.interfaces : Check active Ethernet interface state] ****************************************************************************************************************************************************
skipping: [sosci-devel.scicore-dmz.lan] => (item={u'device': u'eth0', u'dnsnameservers': u'10.10.10.1', u'bootproto': u'dhcp', u'dnssearch': u'scicore-dmz.lan scicore.unibas.ch unibas.ch'}) => {
"changed": false,
"item": {
"bootproto": "dhcp",
"device": "eth0",
"dnsnameservers": "10.10.10.1",
},
"skip_reason": "Conditional result was False"
}
failed: [sosci-devel.scicore-dmz.lan] (item={u'device': u'eth1', u'netmask': u'255.255.255.0', u'bootproto': u'static', u'gateway': u'100.100.100.254', u'address': u'100.100.100.66'}) => {
"changed": false,
"item": {
"address": "100.100.100.66",
"bootproto": "static",
"device": "eth1",
"gateway": "100.100.100.254",
"netmask": "255.255.255.0"
},
"msg": "Default IPv4 gateway is incorrect"
}
If I rerun the role it works fine at the second try.
I could also workaround the issue by commenting out these lines
any suggestion about how to do a proper fix that could be merged upstream? I can test it and send a PR
The interface type for a bonded Infinband interface should either not be defined, ot be InfiniBand
, but not ether
as per
https://github.com/michaelrigart/ansible-role-interfaces/blob/master/filter_plugins/filters.py#L234
The variables I'm using for this are:
interfaces_bond_interfaces:
- device: "ib-bond0"
bootproto: static
address: "{{ ib_ip }}"
netmask: "{{ ib_netmask }}"
type: ipoib
bond_mode: active-backup
bond_slaves:
- ib0
- ib1
I'm expectin the type: ipoib
to do "the right thing"
Error output:
RUNNING HANDLER [michaelrigart.interfaces : Check active bond interface state] *********************************************************************************************************************************************************************
task path: /home/test/ib_playbooks/ignore/roles/michaelrigart.interfaces/handlers/main.yml:182
failed: [test01] (item={'device': 'ib-bond0', 'bootproto': 'static', 'address': '10.0.0.1', 'netmask': '255.255.252.0', 'type': 'ipoib', 'bond_mode': 'active-backup', 'bond_slaves': ['ib0', 'ib1']}) => changed=false
ansible_loop_var: item
item:
address: 10.0.0.1
bond_mode: active-backup
bond_slaves:
- ib0
- ib1
bootproto: static
device: ib-bond0
netmask: 255.255.252.0
type: ipoib
msg: Interface ib0 is of an unexpected type
On RedHat systems, this role doesn't manage existing ifcfg files that don't match active interface names. This can cause conflicts on reboot when the OS applies all ifcfg files, including stale ones.
Could we at least warn about their presence?
#118 introduced a regression, where configuration for active interfaces could be removed and not recreated, if not present in the network interface variables. This could lead to loss of network connectivity.
We should find a way to achieve the aims of this change in a different way.
The advantage for people is that they can stick to a version and then adapt to a new version (with a change potentially breaking their playbook) at their own pace.
Proposal for a versioning schema could be https://semver.org/
Is netplan going to be supported soon? Ubuntu 18.04 seem to use it by default.
After running a playbook with the following configuration twice:
device: eno2
bootproto: static
mtu: 1500
device: eno2.21
bootproto: static
address: 10.21.x.x
netmask: 255.255.0.0
gateway: 10.21.x.x
device: eno2.22
bootproto: static
address: 10.22.x.x
netmask: 255.255.0.0
gateway: 10.22.x.x
I get the following error message:
"msg": "non-zero return code",
"rc": 1,
"start": "2018-04-11 02:32:45.800879",
"stderr": "ifdown: interface eno2.22 not configured\nifdown: interface eno2.21 not configured\nRTNETLINK answers: File exists\nifup: failed to bring up eno2.21\nRTNETLINK answers: File exists\nifup: failed to bring up eno2.22",
"stderr_lines": [
"ifdown: interface eno2.22 not configured",
"ifdown: interface eno2.21 not configured",
"RTNETLINK answers: File exists",
"ifup: failed to bring up eno2.21",
"RTNETLINK answers: File exists",
"ifup: failed to bring up eno2.22"
],
Is it possible to set the default route?
OS: RHEL 7.3
Ansible: 2.2
When configuring a bridge interface I hit the following error (in the ethernet tasks):
TASK [MichaelRigart.interfaces : RedHat | Write configuration files for rhel route configuration] ***
fatal: [control01]: FAILED! => {"failed": true, "msg": "'network_ether_interfaces' is undefined"}
to retry, use: --limit @/home/stack/kayobe/ansible/net.retry
PLAY RECAP *********************************************************************
control01 : ok=2 changed=0 unreachable=0 failed=1
Applying the following patch resolved the issue:
diff --git a/tasks/ethernet_configuration.yml b/tasks/ethernet_configuration.yml
index 10b80d0..72f7525 100644
--- a/tasks/ethernet_configuration.yml
+++ b/tasks/ethernet_configuration.yml
@@ -11,7 +11,7 @@
template:
src: 'route_{{ ansible_os_family }}.j2'
dest: '{{ interfaces_net_path[ansible_os_family|lower] }}/route-{{ item.device }}'
- with_items: '{{ network_ether_interfaces }}'
+ with_items: '{{ interfaces_ether_interfaces }}'
when: item.route is defined and ansible_os_family == 'RedHat'
- name: Bounce ethernet devices
PR incoming.
This flag is needed
PROMISC=no
Hello,
Why are you installing resolvconf on Debian ?
This seems to be redundant now that systemd-resolved is the default.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.