From c3861330761d8c77a9894b0be61ed5e175a56dc9 Mon Sep 17 00:00:00 2001 From: Thomas Elrod Date: Tue, 6 Nov 2018 15:06:02 -0600 Subject: [PATCH 01/12] Fixed some formating in the ReadMe. Improved template formating for RedHat systems. --- README.md | 54 +++++++++----- tasks/main.yml | 14 ++++ tasks/redhat.yml | 4 +- templates/RedHat_generic_options.j2 | 29 ++++++++ templates/RedHat_ipv6_options.j2 | 15 ++++ ...vlan_options.j2 => RedHat_vlan_options.j2} | 1 - templates/bond_RedHat.j2 | 54 ++++---------- templates/bond_slave_RedHat.j2 | 12 +--- templates/bridge_RedHat.j2 | 70 +++---------------- templates/bridge_port_RedHat.j2 | 2 + templates/ethernet_RedHat.j2 | 66 ++++------------- 11 files changed, 134 insertions(+), 187 deletions(-) create mode 100644 templates/RedHat_generic_options.j2 create mode 100644 templates/RedHat_ipv6_options.j2 rename templates/{ethernet_RedHat_vlan_options.j2 => RedHat_vlan_options.j2} (97%) diff --git a/README.md b/README.md index 390d73e..614cb58 100644 --- a/README.md +++ b/README.md @@ -41,40 +41,45 @@ Examples Debian (not RedHat) network configurations can optionally use CIDR notation for IPv4 addresses instead of specifying the address and subnet mask separately. It is required to use CIDR notation for IPv6 addresses on Debian. IPv4 example with CIDR notation: - +``` cidr: 192.168.10.18/24 # OPTIONAL: specify a gateway for that network, or auto for network+1 gateway: auto +``` IPv4 example with classic IPv4: - +``` address: 192.168.10.18 netmask: 255.255.255.0 network: 192.168.10.0 broadcast: 192.168.10.255 gateway: 192.168.10.1 +``` If you want to use a different MAC Address for your Interface, you can simply add it. - +``` hwaddress: aa:bb:cc:dd:ee:ff +``` On some rare occasion it might be good to set whatever option you like. Therefore it is possible to use - +``` options: - "up /execute/my/command" - "down /execute/my/other/command" +``` and the IPv6 version - +``` ipv6_options: - "up /execute/my/command" - "down /execute/my/other/command" +``` 1) Configure eth1 and eth2 on a host with a static IP and a dhcp IP. Also define static routes and a gateway. - +``` - hosts: myhost roles: - role: network @@ -92,11 +97,12 @@ define static routes and a gateway. gateway: 192.168.10.1 - device: eth2 bootproto: dhcp +``` Note: it is not required to add routes, default route will be added automatically. 2) Configure a bridge interface with multiple NIcs added to the bridge. - +``` - hosts: myhost roles: - role: network @@ -118,12 +124,13 @@ Note: it is not required to add routes, default route will be added automaticall bridge_portprio: "eth1 128" bridge_stp: "on" bridge_waitport: "5 eth1 eth2" +``` Note: Routes can also be added for this interface in the same way routes are added for ethernet interfaces. 3) Configure a bond interface with an "active-backup" slave configuration. - +``` - hosts: myhost roles: - role: network @@ -138,10 +145,11 @@ added for ethernet interfaces. bond_miimon: 100 bond_lacp_rate: slow bond_xmit_hash_policy: layer3+4 +``` 4) Configure a bonded interface with "802.3ad" as the bonding mode and IP address obtained via DHCP. - +``` - hosts: myhost roles: - role: network @@ -151,9 +159,10 @@ address obtained via DHCP. bond_mode: 802.3ad bond_miimon: 100 bond_slaves: [eth1, eth2] +``` 5) Configure a VLAN interface with the vlan tag 2 for an ethernet interface - +``` - hosts: myhost roles: - role: network @@ -166,6 +175,7 @@ address obtained via DHCP. - device: eth1.2 bootproto: static cidr: 192.168.20.18/24 +``` 6) All the above examples show how to configure a single host, The below example shows how to define your network configurations for all your machines. @@ -173,15 +183,16 @@ example shows how to define your network configurations for all your machines. Assume your host inventory is as follows: ### /etc/ansible/hosts - +``` [dc1] host1 host2 +``` Describe your network configuration for each host in host vars: ### host_vars/host1 - +``` network_ether_interfaces: - device: eth1 bootproto: static @@ -198,35 +209,39 @@ Describe your network configuration for each host in host vars: bond_mode: 802.3ad bond_miimon: 100 bond_slaves: [eth2, eth3] +``` ### host_vars/host2 - +``` network_ether_interfaces: - device: eth0 bootproto: static address: 192.168.10.18 netmask: 255.255.255.0 gateway: 192.168.10.1 +``` 7) If resolvconf package should be used, it is possible to add some DNS configurations - +``` dns-nameserver: [ "8.8.8.8", "8.8.4.4" ] dns-search: "search.mydomain.tdl" dns-domain: "mydomain.tdl" +``` 8) You can add IPv6 static IP configuration on Ethernet, Bond or Bridge interfaces - +``` ipv6_address: "aaaa:bbbb:cccc:dddd:dead:beef::1/64" ipv6_gateway: "aaaa:bbbb:cccc:dddd::1" - +``` Create a playbook which applies this role to all hosts as shown below, and run the playbook. All the servers should have their network interfaces configured and routed updated. - +``` - hosts: all roles: - role: network +``` 9) This role can also optionally add network interfaces to firewalld zones. The core firewalld module (http://docs.ansible.com/ansible/latest/firewalld_module.html) @@ -236,7 +251,7 @@ module is used: * network_interface role runs; with no firewalld_zone host var set then any ZONE line will be removed from ifcfg-* - * firewalld module runs; adds a ZONE line to ifcfg-* + * firewalld module runs; adds a ZONE line to ifcfg-\* * On the next playbook run, the network_interface role runs and removes the ZONE line again, and so the cycle repeats. @@ -244,13 +259,14 @@ In order for this role to manage firewalld zones, the system must be running a RHEL based distribution, and using NetworkManager to manage the network interfaces. If those criteria are met, the following example shows how to add the eth0 interface to the public firewalld zone: - +``` - device: eth0 bootproto: static address: 192.168.10.18 netmask: 255.255.255.0 gateway: 192.168.10.1 firewalld_zone: public +``` Note: Ansible needs network connectivity throughout the playbook process, you may need to have a control interface that you do *not* modify using this diff --git a/tasks/main.yml b/tasks/main.yml index da4bbc0..5bca085 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -10,6 +10,8 @@ include: debian.yml when: ansible_os_family == "Debian" + +# Create network configuration files for any general interface - name: Create the network configuration file for ethernet interfaces template: src: "ethernet_{{ ansible_os_family }}.j2" @@ -18,6 +20,8 @@ when: network_ether_interfaces is defined register: ether_result + +# Create configs for bond devices and their slaves - name: Create the network configuration file for slave in the bond devices template: src: "bond_slave_{{ ansible_os_family }}.j2" @@ -42,6 +46,8 @@ state: present when: bond_result|changed + +# Create configs for vlans - name: Create the network configuration file for vlan devices template: src: "ethernet_{{ ansible_os_family }}.j2" @@ -50,6 +56,8 @@ when: network_vlan_interfaces is defined register: vlan_result + +# Create configs for bridge devices and their ports - name: Create the network configuration file for bridge devices template: src: "bridge_{{ ansible_os_family }}.j2" @@ -68,10 +76,14 @@ when: network_bridge_interfaces is defined register: bridge_port_result + + # Restart Network Interfaces (deconfigurate & reconfigurate interfaces) - include: restartscript.yml when: network_allow_service_restart and ansible_os_family == 'Debian' + + - name: Enable the "network" service service: name: network @@ -102,6 +114,8 @@ and not NetworkManager_service.changed }}" when: network_allow_service_restart and ansible_os_family == 'RedHat' + + - name: Restart the "network" service on Red Hat systems service: name: network diff --git a/tasks/redhat.yml b/tasks/redhat.yml index 73bf057..8435658 100644 --- a/tasks/redhat.yml +++ b/tasks/redhat.yml @@ -1,5 +1,5 @@ --- -- name: Install the required packages in Redhat derivatives +- name: Install the required packages in Redhat derivatives yum: name: "{{ item }}" state: installed @@ -34,7 +34,7 @@ with_items: "{{ network_bridge_interfaces }}" when: network_bridge_interfaces is defined and item.route is defined -- name: Cleanup gateway dev that does not set to the one we want +- name: Cleanup gateway dev that is not set to the one we want lineinfile: dest: /etc/sysconfig/network regexp: "^GATEWAYDEV=(?!{{ gateway_dev }})" diff --git a/templates/RedHat_generic_options.j2 b/templates/RedHat_generic_options.j2 new file mode 100644 index 0000000..2da0a96 --- /dev/null +++ b/templates/RedHat_generic_options.j2 @@ -0,0 +1,29 @@ +{% if item.dns_nameservers is defined %} + {% for dns_nameserver in item.dns_nameservers %} +DNS{{ loop.index }}={{ dns_nameserver }} + {% endfor %} +{% endif -%} + +{% if item.nm_controlled is defined %} +NM_CONTROLLED={{ item.nm_controlled | bool | ternary("yes", "no") }} +{% endif -%} + +{% if item.onboot is defined %} +ONBOOT={{ item.onboot | bool | ternary("yes", "no") }} +{% endif -%} + +{% if item.defroute is defined %} +DEFROUTE={{ item.defroute | bool | ternary("yes", "no") }} +{% endif -%} + +{% if item.stp is defined %} +STP={{ item.stp }} +{% endif -%} + +{% if item.mtu is defined %} +MTU={{ item.mtu }} +{% endif -%} + +{% if item.firewalld_zone is defined %} +ZONE={{ item.firewalld_zone }} +{% endif -%} diff --git a/templates/RedHat_ipv6_options.j2 b/templates/RedHat_ipv6_options.j2 new file mode 100644 index 0000000..f1d2616 --- /dev/null +++ b/templates/RedHat_ipv6_options.j2 @@ -0,0 +1,15 @@ +{% if item.ipv6_address is defined %} +IPV6INIT="yes" +IPV6_AUTOCONF="yes" +IPV6_DEFROUTE="yes" +IPV6_FAILURE_FATAL="no" +IPV6_FORWARDING="yes" +IPV6_PEERDNS="yes" +IPV6_PEERROUTES="yes" +IPV6_PRIVACY="no" +IPV6ADDR={{ item.ipv6_address }} +{% endif -%} + +{% if item.ipv6_gateway is defined %} +IPV6_DEFAULTGW="{{ item.ipv6_gateway }}" +{% endif -%} diff --git a/templates/ethernet_RedHat_vlan_options.j2 b/templates/RedHat_vlan_options.j2 similarity index 97% rename from templates/ethernet_RedHat_vlan_options.j2 rename to templates/RedHat_vlan_options.j2 index f2d7358..b1319a5 100644 --- a/templates/ethernet_RedHat_vlan_options.j2 +++ b/templates/RedHat_vlan_options.j2 @@ -1,5 +1,4 @@ VLAN=yes -TYPE=Vlan {% if item.vlan_physdev is defined %} PHYSDEV={{ item.vlan_physdev }} {% else %} diff --git a/templates/bond_RedHat.j2 b/templates/bond_RedHat.j2 index 7451476..f9ccf5a 100644 --- a/templates/bond_RedHat.j2 +++ b/templates/bond_RedHat.j2 @@ -1,10 +1,15 @@ #jinja2: lstrip_blocks: "True", trim_blocks: "True" -{% if item.bootproto != 'dhcp' %} +NAME={{ item.name | default(item.device) }} DEVICE={{ item.device }} -USERCTL=no -BOOTPROTO={{ item.bootproto|default('static') }} -BONDING_MASTER=yes TYPE=Bond +ONBOOT={{ item.onboot|default("yes") }} +USERCTL=no + +{% if item.bootproto == 'dhcp' %} +BOOTPROTO=dhcp + +{% else %} +BOOTPROTO={{ item.bootproto|default('none') }} {% if item.address is defined %} IPADDR={{ item.address }} {% endif -%} @@ -16,48 +21,15 @@ NETMASK={{ item.netmask }} {% if item.gateway is defined %} GATEWAY={{ item.gateway }} {% endif -%} - - {% include "RedHat_bond_options.j2" %} {% endif -%} -{% if item.dns_nameservers is defined %} - {% for dns_nameserver in item.dns_nameservers %} -DNS{{ loop.index }}={{ dns_nameserver }} - {% endfor %} -{% endif -%} - -{% if item.bootproto == 'dhcp' %} -DEVICE={{ item.device }} +BONDING_MASTER=yes {% include "RedHat_bond_options.j2" %} -USERCTL=no -BOOTPROTO=dhcp -TYPE=Bond -{% endif -%} - -{% if item.onboot is defined %} -ONBOOT={{ item.onboot | bool | ternary("yes", "no") }} -{% endif -%} - -{% if item.nm_controlled is defined %} -NM_CONTROLLED={{ item.nm_controlled }} -{% endif -%} - -{% if item.defroute is defined %} -DEFROUTE={{ item.defroute | bool | ternary("yes", "no") }} -{% endif -%} - -{% if item.mtu is defined %} -MTU={{ item.mtu }} -{% endif -%} - -{% if item.bonding_master is defined %} -BONDING_MASTER={{ item.bonding_master }} -{% endif -%} {% if item.bridge is defined %} BRIDGE={{ item.bridge }} {% endif -%} -{% if item.firewalld_zone is defined %} -ZONE={{ item.firewalld_zone }} -{% endif -%} +{% include "RedHat_ipv6_options.j2" %} + +{% include "RedHat_generic_options.j2" %} diff --git a/templates/bond_slave_RedHat.j2 b/templates/bond_slave_RedHat.j2 index 3b9b37b..17dfd09 100644 --- a/templates/bond_slave_RedHat.j2 +++ b/templates/bond_slave_RedHat.j2 @@ -1,17 +1,7 @@ +NAME={{ item.1 }} DEVICE={{ item.1 }} BOOTPROTO=none MASTER={{ item.0.device }} ONBOOT=yes SLAVE=yes USERCTL=no -{% if item.nm_controlled is defined %} -NM_CONTROLLED={{ item.nm_controlled }} -{% endif -%} - -{% if item.defroute is defined %} -DEFROUTE={{ item.defroute | bool | ternary("yes", "no") }} -{% endif -%} - -{% if item.0.mtu is defined %} -MTU={{ item.0.mtu }} -{% endif %} diff --git a/templates/bridge_RedHat.j2 b/templates/bridge_RedHat.j2 index eabaca9..1e83b39 100644 --- a/templates/bridge_RedHat.j2 +++ b/templates/bridge_RedHat.j2 @@ -1,16 +1,14 @@ #jinja2: lstrip_blocks: "True", trim_blocks: "True" -{% if item.bootproto == 'static' %} +NAME={{ item.name | default(item.device) }} DEVICE={{ item.device }} TYPE=Bridge -BOOTPROTO=none - {% if item.mtu is defined %} -MTU={{ item.mtu }} - {% endif -%} +ONBOOT={{ item.onboot|default("yes") }} - {% if item.stp is defined %} -STP={{ item.stp }} - {% endif -%} +{% if item.bootproto == 'dhcp' %} +BOOTPROTO=dhcp +{% else %} +BOOTPROTO={{ item.bootproto|default("none") }} {% if item.address is defined %} IPADDR={{ item.address }} {% endif -%} @@ -22,60 +20,8 @@ NETMASK={{ item.netmask }} {% if item.gateway is defined %} GATEWAY={{ item.gateway }} {% endif -%} - -{% endif -%} - -{% if item.dns_nameservers is defined %} - {% for dns_nameserver in item.dns_nameservers %} -DNS{{ loop.index }}={{ dns_nameserver }} - {% endfor %} {% endif -%} -{% if item.bootproto == 'dhcp' %} -DEVICE={{ item.device }} -TYPE=bridge -BOOTPROTO=dhcp - {% if item.mtu is defined %} -MTU={{ item.mtu }} - {% endif -%} - - {% if item.stp is defined %} -STP={{ item.stp }} - {% endif %} -{% endif -%} - -{% if item.onboot is defined %} -ONBOOT={{ item.onboot | bool | ternary("yes", "no") }} -{% endif -%} - -{% if item.nm_controlled is defined %} -NM_CONTROLLED={{ item.nm_controlled }} -{% endif -%} - -{% if item.ipv6_address is defined %} -IPV6INIT="yes" -IPV6_AUTOCONF="yes" -IPV6_DEFROUTE="yes" -IPV6_FAILURE_FATAL="no" -IPV6_FORWARDING="yes" -IPV6_PEERDNS="yes" -IPV6_PEERROUTES="yes" -IPV6_PRIVACY="no" -IPV6ADDR={{ item.ipv6_address }} -{% endif -%} - -{% if item.ipv6_gateway is defined %} -IPV6_DEFAULTGW="{{ item.ipv6_gateway }}" -{% endif -%} - -{% if item.defroute is defined %} -DEFROUTE={{ item.defroute | bool | ternary("yes", "no") }} -{% endif -%} - -{% if item.mtu is defined %} -MTU={{ item.mtu }} -{% endif -%} +{% include "RedHat_ipv6_options.j2" %} -{% if item.firewalld_zone is defined %} -ZONE={{ item.firewalld_zone }} -{% endif %} +{% include "RedHat_generic_options.j2" %} diff --git a/templates/bridge_port_RedHat.j2 b/templates/bridge_port_RedHat.j2 index 2575b62..a4f96e4 100644 --- a/templates/bridge_port_RedHat.j2 +++ b/templates/bridge_port_RedHat.j2 @@ -1,6 +1,8 @@ +NAME={{ item.1 }} DEVICE={{ item.1 }} TYPE=Ethernet BOOTPROTO=none +ONBOOT={{ item.onboot|default("yes") }} BRIDGE={{ item.0.device }} {% if item.mtu is defined %} MTU={{ item.mtu }} diff --git a/templates/ethernet_RedHat.j2 b/templates/ethernet_RedHat.j2 index c330401..c18058b 100644 --- a/templates/ethernet_RedHat.j2 +++ b/templates/ethernet_RedHat.j2 @@ -1,7 +1,14 @@ #jinja2: lstrip_blocks: "True", trim_blocks: "True" -{% if item.bootproto == 'static' %} +NAME={{ item.name | default(item.device) }} DEVICE={{ item.device }} -BOOTPROTO=static +TYPE={{ item.type | default("Ethernet") }} +ONBOOT={{ item.onboot|default("yes") }} + +{% if item.bootproto == 'dhcp' %} +BOOTPROTO=dhcp + +{% else %} +BOOTPROTO={{ item.bootproto|default("none") }} {% if item.address is defined %} IPADDR={{ item.address }} {% endif -%} @@ -13,63 +20,20 @@ NETMASK={{ item.netmask }} {% if item.gateway is defined %} GATEWAY={{ item.gateway }} {% endif -%} - - {% if item.vlan is defined and item.vlan | bool %} -{% include "ethernet_RedHat_vlan_options.j2" %} - {% endif -%} - -{% endif -%} - -{% if item.dns_nameservers is defined %} - {% for dns_nameserver in item.dns_nameservers %} -DNS{{ loop.index }}={{ dns_nameserver }} - {% endfor %} {% endif -%} {% if item.hwaddress is defined%} HWADDR={{ item.hwaddress }} {% endif -%} -{% if item.bootproto == 'dhcp' %} -DEVICE={{ item.device }} -BOOTPROTO=dhcp - {% if item.vlan is defined and item.vlan | bool %} -{% include "ethernet_RedHat_vlan_options.j2" %} - {% endif %} -{% endif -%} - -{% if item.nm_controlled is defined %} -NM_CONTROLLED={{ item.nm_controlled }} -{% endif -%} - -{% if item.ipv6_address is defined %} -IPV6INIT="yes" -IPV6_AUTOCONF="yes" -IPV6_DEFROUTE="yes" -IPV6_FAILURE_FATAL="no" -IPV6_FORWARDING="yes" -IPV6_PEERDNS="yes" -IPV6_PEERROUTES="yes" -IPV6_PRIVACY="no" -IPV6ADDR={{ item.ipv6_address }} +{% if item.vlan is defined and item.vlan | bool %} +{% include "RedHat_vlan_options.j2" %} {% endif -%} -{% if item.ipv6_gateway is defined %} -IPV6_DEFAULTGW="{{ item.ipv6_gateway }}" +{% if item.bridge is defined %} +BRIDGE={{ item.bridge }} {% endif -%} -{% if item.onboot is defined %} -ONBOOT={{ item.onboot | bool | ternary("yes", "no") }} -{% endif -%} - -{% if item.defroute is defined %} -DEFROUTE={{ item.defroute | bool | ternary("yes", "no") }} -{% endif -%} - -{% if item.mtu is defined %} -MTU={{ item.mtu }} -{% endif -%} +{% include "RedHat_ipv6_options.j2" %} -{% if item.firewalld_zone is defined %} -ZONE={{ item.firewalld_zone }} -{% endif %} +{% include "RedHat_generic_options.j2" %} From 9a8c05f44e17b529e02b40e0b261ffb5cadf45b3 Mon Sep 17 00:00:00 2001 From: Thomas Elrod Date: Wed, 7 Nov 2018 14:54:55 -0600 Subject: [PATCH 02/12] Fix some formatting and improve template functionality. --- tasks/debian.yml | 3 +-- tasks/main.yml | 10 ++++++++-- tasks/redhat.yml | 3 +-- templates/RedHat_generic_options.j2 | 6 ++---- templates/bond_RedHat.j2 | 7 ++----- templates/bridge_RedHat.j2 | 7 ++----- templates/ethernet_RedHat.j2 | 14 ++++++++------ 7 files changed, 24 insertions(+), 26 deletions(-) diff --git a/tasks/debian.yml b/tasks/debian.yml index 764c4e6..92f8296 100644 --- a/tasks/debian.yml +++ b/tasks/debian.yml @@ -1,9 +1,8 @@ --- - name: Install the required packages in Debian derivatives apt: - name: "{{ item }}" + name: "{{ network_pkgs }}" state: installed - with_items: "{{ network_pkgs }}" environment: "{{ env }}" when: network_check_packages diff --git a/tasks/main.yml b/tasks/main.yml index 5bca085..37babe0 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -29,7 +29,10 @@ with_subelements: - "{{ network_bond_interfaces }}" - bond_slaves - when: network_bond_interfaces is defined + when: network_bond_interfaces is defined and + not item.1 in network_ether_interfaces|map(attribute='device')|list and + not item.1 in network_bridge_interfaces|map(attribute='device')|list and + not item.1 in network_vlan_interfaces|map(attribute='device')|list register: bond_port_result - name: Create the network configuration file for bond devices @@ -73,7 +76,10 @@ with_subelements: - '{{ network_bridge_interfaces }}' - bridge_ports - when: network_bridge_interfaces is defined + when: network_bridge_interfaces is defined and + not item.1 in network_ether_interfaces|map(attribute='device')|list and + not item.1 in network_bond_interfaces|map(attribute='device')|list and + not item.1 in network_vlan_interfaces|map(attribute='device')|list register: bridge_port_result diff --git a/tasks/redhat.yml b/tasks/redhat.yml index 8435658..8d82da1 100644 --- a/tasks/redhat.yml +++ b/tasks/redhat.yml @@ -1,9 +1,8 @@ --- - name: Install the required packages in Redhat derivatives yum: - name: "{{ item }}" + name: "{{ network_pkgs }}" state: installed - with_items: "{{ network_pkgs }}" when: network_check_packages - name: Write configuration files for rhel route configuration with vlan diff --git a/templates/RedHat_generic_options.j2 b/templates/RedHat_generic_options.j2 index 2da0a96..87f0145 100644 --- a/templates/RedHat_generic_options.j2 +++ b/templates/RedHat_generic_options.j2 @@ -8,10 +8,6 @@ DNS{{ loop.index }}={{ dns_nameserver }} NM_CONTROLLED={{ item.nm_controlled | bool | ternary("yes", "no") }} {% endif -%} -{% if item.onboot is defined %} -ONBOOT={{ item.onboot | bool | ternary("yes", "no") }} -{% endif -%} - {% if item.defroute is defined %} DEFROUTE={{ item.defroute | bool | ternary("yes", "no") }} {% endif -%} @@ -27,3 +23,5 @@ MTU={{ item.mtu }} {% if item.firewalld_zone is defined %} ZONE={{ item.firewalld_zone }} {% endif -%} + +ONBOOT={{ item.onboot|default("yes") }} diff --git a/templates/bond_RedHat.j2 b/templates/bond_RedHat.j2 index f9ccf5a..0d52272 100644 --- a/templates/bond_RedHat.j2 +++ b/templates/bond_RedHat.j2 @@ -2,12 +2,9 @@ NAME={{ item.name | default(item.device) }} DEVICE={{ item.device }} TYPE=Bond -ONBOOT={{ item.onboot|default("yes") }} USERCTL=no - -{% if item.bootproto == 'dhcp' %} +{% if item.bootproto is defined and item.bootproto == 'dhcp' %} BOOTPROTO=dhcp - {% else %} BOOTPROTO={{ item.bootproto|default('none') }} {% if item.address is defined %} @@ -30,6 +27,6 @@ BONDING_MASTER=yes BRIDGE={{ item.bridge }} {% endif -%} -{% include "RedHat_ipv6_options.j2" %} +{% include "RedHat_ipv6_options.j2" -%} {% include "RedHat_generic_options.j2" %} diff --git a/templates/bridge_RedHat.j2 b/templates/bridge_RedHat.j2 index 1e83b39..3da1269 100644 --- a/templates/bridge_RedHat.j2 +++ b/templates/bridge_RedHat.j2 @@ -2,11 +2,8 @@ NAME={{ item.name | default(item.device) }} DEVICE={{ item.device }} TYPE=Bridge -ONBOOT={{ item.onboot|default("yes") }} - -{% if item.bootproto == 'dhcp' %} +{% if item.bootproto is defined and item.bootproto == 'dhcp' %} BOOTPROTO=dhcp - {% else %} BOOTPROTO={{ item.bootproto|default("none") }} {% if item.address is defined %} @@ -22,6 +19,6 @@ GATEWAY={{ item.gateway }} {% endif -%} {% endif -%} -{% include "RedHat_ipv6_options.j2" %} +{% include "RedHat_ipv6_options.j2" -%} {% include "RedHat_generic_options.j2" %} diff --git a/templates/ethernet_RedHat.j2 b/templates/ethernet_RedHat.j2 index c18058b..3e52c9e 100644 --- a/templates/ethernet_RedHat.j2 +++ b/templates/ethernet_RedHat.j2 @@ -2,11 +2,8 @@ NAME={{ item.name | default(item.device) }} DEVICE={{ item.device }} TYPE={{ item.type | default("Ethernet") }} -ONBOOT={{ item.onboot|default("yes") }} - -{% if item.bootproto == 'dhcp' %} +{% if item.bootproto is defined and item.bootproto == 'dhcp' %} BOOTPROTO=dhcp - {% else %} BOOTPROTO={{ item.bootproto|default("none") }} {% if item.address is defined %} @@ -22,7 +19,7 @@ GATEWAY={{ item.gateway }} {% endif -%} {% endif -%} -{% if item.hwaddress is defined%} +{% if item.hwaddress is defined %} HWADDR={{ item.hwaddress }} {% endif -%} @@ -34,6 +31,11 @@ HWADDR={{ item.hwaddress }} BRIDGE={{ item.bridge }} {% endif -%} -{% include "RedHat_ipv6_options.j2" %} +{% if item.bond_master is defined %} +MASTER={{ item.bond_master }} +SLAVE=yes +{% endif -%} + +{% include "RedHat_ipv6_options.j2" -%} {% include "RedHat_generic_options.j2" %} From be6d4558af58f05c3bc4942f14788b00f34b40af Mon Sep 17 00:00:00 2001 From: Thomas Elrod Date: Tue, 13 Nov 2018 09:01:05 -0600 Subject: [PATCH 03/12] Add bonding support to basic config. --- templates/ethernet_RedHat.j2 | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/templates/ethernet_RedHat.j2 b/templates/ethernet_RedHat.j2 index 3e52c9e..a91d2b0 100644 --- a/templates/ethernet_RedHat.j2 +++ b/templates/ethernet_RedHat.j2 @@ -31,8 +31,14 @@ HWADDR={{ item.hwaddress }} BRIDGE={{ item.bridge }} {% endif -%} -{% if item.bond_master is defined %} -MASTER={{ item.bond_master }} +{% if item.type is defined and item.type == "Bond" %} +BONDING_MASTER=yes +{% include "RedHat_bond_options.j2" %} + +{% endif -%} + +{% if item.master is defined %} +MASTER={{ item.master }} SLAVE=yes {% endif -%} From f266e86095edaaf2069d413c6e98952cebea6bb5 Mon Sep 17 00:00:00 2001 From: Thomas Elrod Date: Wed, 21 Nov 2018 08:28:47 -0600 Subject: [PATCH 04/12] Updated README with rhel template changes. --- README.md | 84 +++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 79 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 614cb58..b0e6e57 100644 --- a/README.md +++ b/README.md @@ -107,7 +107,7 @@ Note: it is not required to add routes, default route will be added automaticall roles: - role: network network_bridge_interfaces: - - device: br1 + - device: br1 type: bridge cidr: 192.168.10.10/24 bridge_ports: [eth1, eth2] @@ -177,7 +177,81 @@ address obtained via DHCP. cidr: 192.168.20.18/24 ``` -6) All the above examples show how to configure a single host, The below +6) It's also possible to configure all types of interfaces manually. +``` +network_ether_interfaces: + - device: eth0 + master: bond0 + - device: eth1 + master: bond0 + - device: bond0 + type: Bond + bond_mode: 802.3ad +``` + + + +Configure a bridge interface on a bond interface. The bond must be configured. +``` +network_bond_interfaces: + - device: bond0 + bridge: br0 + bond_mode: 802.3ad + bond_miimon: 100 + bond_slaves: [eth0, eth1] + +network_bridge_interfaces: + - device: br0 + type: Bridge + address: 192.168.10.18 + netmask: 255.255.255.0 + gateway: 192.168.10.1 + bridge_ports: [bond0] +``` +The same as the above but completely manually. +``` +network_ether_interfaces: + - device: eth0 + master: bond0 + - device: eth1 + master: bond0 + - device: bond0 + type: Bond + bridge: br0 + bond_mode: 802.3ad + bond_miimon: 100 + - device: br0 + type: Bridge + address: 192.168.10.18 + netmask: 255.255.255.0 + gateway: 192.168.10.1 +``` + + + +Example of creating a vlan on a bond interface. +``` +network_ether_interfaces: + - device: bond0.201 + vlan: True + address: 192.168.100.78 + netmask: 255.255.255.0 + gateway: 192.168.100.1 + +network_bond_interfaces: + - device: bond0 + bond_mode: 802.3ad + bond_miimon: 100 + bond_slaves: [eth0, eth1] +``` + + + + + + + +7) All the above examples show how to configure a single host, The below example shows how to define your network configurations for all your machines. Assume your host inventory is as follows: @@ -221,14 +295,14 @@ Describe your network configuration for each host in host vars: gateway: 192.168.10.1 ``` -7) If resolvconf package should be used, it is possible to add some DNS configurations +8) If resolvconf package should be used, it is possible to add some DNS configurations ``` dns-nameserver: [ "8.8.8.8", "8.8.4.4" ] dns-search: "search.mydomain.tdl" dns-domain: "mydomain.tdl" ``` -8) You can add IPv6 static IP configuration on Ethernet, Bond or Bridge interfaces +9) You can add IPv6 static IP configuration on Ethernet, Bond or Bridge interfaces ``` ipv6_address: "aaaa:bbbb:cccc:dddd:dead:beef::1/64" ipv6_gateway: "aaaa:bbbb:cccc:dddd::1" @@ -243,7 +317,7 @@ and routed updated. - role: network ``` -9) This role can also optionally add network interfaces to firewalld zones. The +10) This role can also optionally add network interfaces to firewalld zones. The core firewalld module (http://docs.ansible.com/ansible/latest/firewalld_module.html) can perform the same function, so if you make use of both modules then your playbooks may not be idempotent. Consider this case, where only the firewalld From cfa5d1d60fdd9cc343aa784ad7827ae065ce4c87 Mon Sep 17 00:00:00 2001 From: Thomas Elrod Date: Wed, 21 Nov 2018 14:49:50 -0600 Subject: [PATCH 05/12] Clean up the Debian templates a little bit. Start adding documentation for all the variables. --- README.md | 132 ++++++++++++++++++++++++++++- templates/Debian_bond_options.j2 | 50 +++++++++++ templates/Debian_bridge_options.j2 | 41 +++++++++ templates/bond_Debian.j2 | 54 +----------- templates/bridge_Debian.j2 | 47 +--------- 5 files changed, 224 insertions(+), 100 deletions(-) create mode 100644 templates/Debian_bond_options.j2 create mode 100644 templates/Debian_bridge_options.j2 diff --git a/README.md b/README.md index b0e6e57..21cb612 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,137 @@ them are as follows: | `network_bond_interfaces` | No | `[]` | The list of bonded interfaces to be added to the system. | | `network_vlan_interfaces` | No | `[]` | The list of vlan interfaces to be added to the system. | -Note: The values for the list are listed in the examples below. + +The different types of interfaces can be configured with following variables: + +### Ethernet +| Variable | OS | Is Required | +| ----------- | ------ | ----------------- | +| device | * | Yes | +| type | RedHat | Optional | +| _ADDR VARS_ | * | - | + +### Bond +| Variable | OS | Is Required | +| ------------ | ------ | ----------------- | +| device | * | Yes | +| bond\_mode | * | Yes | +| bond\_slaves | Debian | Yes | +| bond\_slaves | RedHat | For Auto Config | +| type | RedHat | For Manual Config | +| _BOND VARS_ | * | - | + +### Bond Slave (manual config) +| Variable | OS | Is Required | +| ----------- | ------ | ----------- | +| device | * | Yes | +| master | * | Yes | +| type | RedHat | Optional | + +### Bridge +| Variable | OS | Is Required | +| ------------- | ------ | ----------------- | +| device | * | Yes | +| bridge\_ports | * | Optional | +| type | RedHat | For Manual Config | +| ? | Debian | For Manual Config | +| _BRIDGE VARS_ | * | - | + +### Bridge Port (manual config) +| Variable | OS | Is Required | +| ----------- | ------ | ----------------- | +| device | * | Yes | +| bridge | RedHat | For Manual Config | +| type | RedHat | Optional | + +### VLAN +| Variable | OS | Is Required | +| ------------- | ------ | ----------------- | +| device | * | Yes | +| vlan | Redhat | For Manual Config | +| vlan\_physdev | RedHat | Optional | +| vlan\_id | RedHat | Optional | +| reorder\_hdr | RedHat | Optional | + + +### _ADDR VARS_ +| Variable | OS | +| ---------------- | ------ | +| bootproto | * | +| address | * | +| netmask | * | +| gateway | * | +| cidr | Debian | +| network | Debian | +| broadcast | Debian | +| ipv6\_options | Debian | +| ipv6\_address | * | +| ipv6\_gateway | * | +| name | RedHat | +| nm\_controlled | RedHat | +| defroute | RedHat | +| stp | RedHat | +| mtu | RedHat | +| firewalld\_zone | RedHat | +| route | Debian | +| dns\_nameservers | Debian | +| dns\_search | Debian | +| dns\_domain | Debian | +| options | Debian | +| hwaddress | * | + +### _BOND VARS_ +| Variable | OS | +| ------------------------ | ------ | +| bond\_miimon | * | +| bond\_lacp\_rate | Debian | +| bond\_xmit\_hash\_policy | * | +| bond\_downdelay | * | +| bond\_updelay | * | +| bond\_use\_carrier | * | +| bond\_primary | * | +| bond\_primary\_reselect | Debian | +| bond\_bond\_ad\_select | Debian | +| bond\_arp\_interval | Debian | +| bond\_arp\_ip\_target | Debian | +| bond\_arp\_validate | Debian | +| bond\_num\_grat\_arp | Debian | +| bond\_num\_unsol\_na | Debian | +| bond\_active\_slave | Debian | +| bond\_extra\_opts | RedHat | + +### _BRIDGE VARS_ +| Variable | OS | +| -------------------| ------ | +| bridge\_ageing | Debian | +| bridge\_bridgeprio | Debian | +| bridge\_fd | Debian | +| bridge\_gcint | Debian | +| bridge\_hello | Debian | +| bridge\_maxage | Debian | +| bridge\_maxwait | Debian | +| bridge\_pathcost | Debian | +| bridge\_portprio | Debian | +| bridge\_stp | Debian | +| bridge\_waitport | Debian | + +## Combinations +Every type of interface can be configured using `network_ether_interfaces` using the variables of the following: + +ethernet \ +vlan \ +bond \ +bond slave \ +bridge \ +bridge port \ +vlan+ethernet \ +bond+ethernet \ +bridge+ethernet \ +bond+bridge port \ +ethernet+bridge port \ +vlan+bridge port + + Examples -------- diff --git a/templates/Debian_bond_options.j2 b/templates/Debian_bond_options.j2 new file mode 100644 index 0000000..f170b4e --- /dev/null +++ b/templates/Debian_bond_options.j2 @@ -0,0 +1,50 @@ + bond-mode {{ item.bond_mode }} + bond-miimon {{ item.bond_miimon | default(100) }} +{% if item.bond_mode == '802.3ad' or item.bond_mode == 4 %} + bond-lacp-rate {{ item.bond_lacp_rate | default('slow') }} +{% endif %} +{% if item.bond_mode == 2 or item.bond_mode == 'balance-xor' + or item.bond_mode == 4 or item.bond_mode == '802.3ad' + or item.bond_mode == 6 or item.bond_mode == 'balance-tlb' +%} + bond-xmit-hash-policy {{ item.bond_xmit_hash_policy | default('layer3+4') }} +{% endif %} +{% if item.bond_downdelay is defined %} + bond-downdelay {{ item.bond_downdelay }} +{% endif %} +{% if item.bond_updelay is defined %} + bond-updelay {{ item.bond_updelay }} +{% endif %} +{% if item.bond_ad_select is defined %} + bond-ad-select {{ item.bond_bond_ad_select }} +{% endif %} +{% if item.bond_arp_interval is defined %} + bond-arp-interval {{ item.bond_arp_interval }} +{% endif %} +{% if item.bond_arp_ip_target is defined %} + bond-arp-ip-target {{ item.bond_arp_ip_target }} +{% endif %} +{% if item.bond_arp_validate is defined %} + bond-arp-validate {{ item.bond_arp_validate }} +{% endif %} +{% if item.bond_num_grat_arp is defined %} + bond-num-grat-arp {{ item.bond_num_grat_arp }} +{% endif %} +{% if item.bond_num_unsol_na is defined %} + bond-num-unsol-na {{ item.bond_num_unsol_na }} +{% endif %} +{% if item.bond_primary is defined %} + bond-primary {{ item.bond_primary }} +{% endif %} +{% if item.bond_primary_reselect is defined %} + bond-primary-reselect {{ item.bond_primary_reselect }} +{% endif %} +{% if item.bond_use_carrier is defined %} + bond-use-carrier {{ item.bond_use_carrier }} +{% endif %} +{% if item.bond_slaves is defined %} + bond-slaves {{ item.bond_slaves|join(' ') }} +{% endif %} +{% if item.bond_active_slave is defined %} + bond-active-slave {{ item.bond_active_slave }} +{% endif %} diff --git a/templates/Debian_bridge_options.j2 b/templates/Debian_bridge_options.j2 new file mode 100644 index 0000000..9a54212 --- /dev/null +++ b/templates/Debian_bridge_options.j2 @@ -0,0 +1,41 @@ +{% if item.bridge_ports is defined %} + bridge_ports {{ item.bridge_ports|join(' ') }} +{% else %} + bridge_ports none +{% endif %} +{% if item.bridge_ageing is defined %} + bridge_ageing {{ item.bridge_ageing }} +{% endif %} +{% if item.bridge_bridgeprio is defined %} + bridge_bridgeprio {{ item.bridge_bridgeprio }} +{% endif %} +{% if item.bridge_fd is defined %} + bridge_fd {{ item.bridge_fd }} +{% endif %} +{% if item.bridge_gcint is defined %} + bridge_gcint {{ item.bridge_gcint }} +{% endif %} +{% if item.bridge_hello is defined %} + bridge_hello {{ item.bridge_hello }} +{% endif %} +{% if item.hwaddress is defined %} + bridge_hw {{ item.hwaddress }} +{% endif %} +{% if item.bridge_maxage is defined %} + bridge_maxage {{ item.bridge_maxage }} +{% endif %} +{% if item.bridge_maxwait is defined %} + bridge_maxwait {{ item.bridge_maxwait }} +{% endif %} +{% if item.bridge_pathcost is defined %} + bridge_pathcost {{ item.bridge_pathcost }} +{% endif %} +{% if item.bridge_portprio is defined %} + bridge_portprio {{ item.bridge_portprio }} +{% endif %} +{% if item.bridge_stp is defined %} + bridge_stp {{ item.bridge_stp }} +{% endif %} +{% if item.bridge_waitport is defined %} + bridge_waitport {{ item.bridge_waitport }} +{% endif %} diff --git a/templates/bond_Debian.j2 b/templates/bond_Debian.j2 index d42fac4..8012960 100644 --- a/templates/bond_Debian.j2 +++ b/templates/bond_Debian.j2 @@ -7,59 +7,7 @@ iface {{ item.device }} inet {% if item.bootproto is defined %}{{ item.bootproto {% include 'route_Debian.j2' %} {% if item.bond_mode is defined and item.bond_slaves is defined %} -{% if item.bond_mode is defined %} - bond-mode {{ item.bond_mode }} - bond-miimon {{ item.bond_miimon | default(100) }} -{% if item.bond_mode == '802.3ad' or item.bond_mode == 4 %} - bond-lacp-rate {{ item.bond_lacp_rate | default('slow') }} -{% endif %} -{% if item.bond_mode == 2 or item.bond_mode == 'balance-xor' - or item.bond_mode == 4 or item.bond_mode == '802.3ad' - or item.bond_mode == 6 or item.bond_mode == 'balance-tlb' -%} - bond-xmit-hash-policy {{ item.bond_xmit_hash_policy | default('layer3+4') }} -{% endif %} - -{% if item.bond_downdelay is defined %} - bond-downdelay {{ item.bond_downdelay }} -{% endif %} -{% if item.bond_updelay is defined %} - bond-updelay {{ item.bond_updelay }} -{% endif %} -{% if item.bond_ad_select is defined %} - bond-ad-select {{ item.bond_bond_ad_select }} -{% endif %} -{% if item.bond_arp_interval is defined %} - bond-arp-interval {{ item.bond_arp_interval }} -{% endif %} -{% if item.bond_arp_ip_target is defined %} - bond-arp-ip-target {{ item.bond_arp_ip_target }} -{% endif %} -{% if item.bond_arp_validate is defined %} - bond-arp-validate {{ item.bond_arp_validate }} -{% endif %} -{% if item.bond_num_grat_arp is defined %} - bond-num-grat-arp {{ item.bond_num_grat_arp }} -{% endif %} -{% if item.bond_num_unsol_na is defined %} - bond-num-unsol-na {{ item.bond_num_unsol_na }} -{% endif %} -{% if item.bond_primary is defined %} - bond-primary {{ item.bond_primary }} -{% endif %} -{% if item.bond_primary_reselect is defined %} - bond-primary-reselect {{ item.bond_primary_reselect }} -{% endif %} -{% if item.bond_use_carrier is defined %} - bond-use-carrier {{ item.bond_use_carrier }} -{% endif %} -{% if item.bond_slaves is defined %} - bond-slaves {{ item.bond_slaves|join(' ') }} -{% endif %} -{% if item.bond_active_slave is defined %} - bond-active-slave {{ item.bond_active_slave }} -{% endif %} -{% endif %} +{% include 'Debian_bond_options.j2' %} {% endif %} {% if item.hwaddress is defined %} diff --git a/templates/bridge_Debian.j2 b/templates/bridge_Debian.j2 index 579ddea..6ba152b 100644 --- a/templates/bridge_Debian.j2 +++ b/templates/bridge_Debian.j2 @@ -5,52 +5,7 @@ iface {{ item.device }} inet {% if item.bootproto is defined %}{{ item.bootproto {% include 'Debian_ipv4_config.j2' %} {% include 'Debian_resolvconf.j2' %} {% include 'route_Debian.j2' %} -{% if item.bridge_ports is defined %} - bridge_ports {{ item.bridge_ports|join(' ') }} -{% else %} - bridge_ports none -{% endif %} -{% if item.bridge_ageing is defined %} - bridge_ageing {{ item.bridge_ageing }} -{% endif %} -{% if item.bridge_bridgeprio is defined %} - bridge_bridgeprio {{ item.bridge_bridgeprio }} -{% endif %} -{% if item.bridge_fd is defined %} - bridge_fd {{ item.bridge_fd }} -{% endif %} -{% if item.bridge_gcint is defined %} - bridge_gcint {{ item.bridge_gcint }} -{% endif %} -{% if item.bridge_hello is defined %} - bridge_hello {{ item.bridge_hello }} -{% endif %} -{% if item.hwaddress is defined %} - bridge_hw {{ item.hwaddress }} -{% endif %} -{% if item.bridge_maxage is defined %} - bridge_maxage {{ item.bridge_maxage }} -{% endif %} -{% if item.bridge_maxwait is defined %} - bridge_maxwait {{ item.bridge_maxwait }} -{% endif %} -{% if item.bridge_pathcost is defined %} - bridge_pathcost {{ item.bridge_pathcost }} -{% endif %} -{% if item.bridge_portprio is defined %} - bridge_portprio {{ item.bridge_portprio }} -{% endif %} -{% if item.bridge_stp is defined %} - bridge_stp {{ item.bridge_stp }} -{% endif %} -{% if item.bridge_waitport is defined %} - bridge_waitport {{ item.bridge_waitport }} -{% endif %} -{% if item.options is defined %} -{% for option in item.options %} - {{ option }} -{% endfor %} -{% endif %} +{% include 'Debian_bridge_options.j2' %} {% if item.ipv6_address is defined %} iface {{ item.device }} inet6 static From 6268faf7dc626b407689b2c1122d16a2ad6f0f46 Mon Sep 17 00:00:00 2001 From: Thomas Elrod Date: Thu, 13 Dec 2018 07:39:20 -0600 Subject: [PATCH 06/12] Changed RedHat route template to also support IP Command Arguments Format entries instead of just Network/Netmask Directives Format entries. --- templates/route_RedHat.j2 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/templates/route_RedHat.j2 b/templates/route_RedHat.j2 index 0a71ec7..d19402f 100644 --- a/templates/route_RedHat.j2 +++ b/templates/route_RedHat.j2 @@ -1,8 +1,12 @@ #jinja2: lstrip_blocks: "True", trim_blocks: "True" {% for i in item.route %} + {% if i is mapping %} ADDRESS{{ loop.index - 1 }}={{ i.network }} NETMASK{{ loop.index - 1 }}={{ i.netmask }} - {% if i.gateway is defined %} + {% if i.gateway is defined %} GATEWAY{{ loop.index - 1 }}={{ i.gateway }} + {% endif %} + {% else %} +{{ i }} {% endif %} {% endfor %} From da7996ecea7a13f2e40daab2e073b961a22c25f0 Mon Sep 17 00:00:00 2001 From: Eric Anderson Date: Fri, 18 Jan 2019 10:45:40 -0800 Subject: [PATCH 07/12] fixed typo on ad_select and added to RedHat (#19) * changes deprecated install state * Changes deprecated tests * fixed typo for bond_ad_select * added bond_ad_select to RHEL * added bond_ad_select to example --- README.md | 1 + templates/RedHat_bond_options.j2 | 3 +++ templates/bond_Debian.j2 | 5 ++--- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 390d73e..0c7947b 100644 --- a/README.md +++ b/README.md @@ -151,6 +151,7 @@ address obtained via DHCP. bond_mode: 802.3ad bond_miimon: 100 bond_slaves: [eth1, eth2] + bond_ad_select: 2 5) Configure a VLAN interface with the vlan tag 2 for an ethernet interface diff --git a/templates/RedHat_bond_options.j2 b/templates/RedHat_bond_options.j2 index c5efbbd..1cf72ad 100644 --- a/templates/RedHat_bond_options.j2 +++ b/templates/RedHat_bond_options.j2 @@ -14,6 +14,9 @@ BONDING_OPTS="mode={{ item.bond_mode }} miimon={{ item.bond_miimon|default(100) {%- if item.bond_use_carrier is defined %} use_carrier={{ item.bond_use_carrier }} {%- endif -%} +{%- if item.bond_ad_select is defined %} + ad_select={{ item.bond_ad_select }} +{%- endif -%} {%- if item.bond_extra_opts is defined %} {{ item.bond_extra_opts }} {%- endif -%} diff --git a/templates/bond_Debian.j2 b/templates/bond_Debian.j2 index d42fac4..571852e 100644 --- a/templates/bond_Debian.j2 +++ b/templates/bond_Debian.j2 @@ -15,7 +15,7 @@ iface {{ item.device }} inet {% if item.bootproto is defined %}{{ item.bootproto {% endif %} {% if item.bond_mode == 2 or item.bond_mode == 'balance-xor' or item.bond_mode == 4 or item.bond_mode == '802.3ad' - or item.bond_mode == 6 or item.bond_mode == 'balance-tlb' + or item.bond_mode == 6 or item.bond_mode == 'balance-tlb' %} bond-xmit-hash-policy {{ item.bond_xmit_hash_policy | default('layer3+4') }} {% endif %} @@ -27,7 +27,7 @@ iface {{ item.device }} inet {% if item.bootproto is defined %}{{ item.bootproto bond-updelay {{ item.bond_updelay }} {% endif %} {% if item.bond_ad_select is defined %} - bond-ad-select {{ item.bond_bond_ad_select }} + bond-ad-select {{ item.bond_ad_select }} {% endif %} {% if item.bond_arp_interval is defined %} bond-arp-interval {{ item.bond_arp_interval }} @@ -81,4 +81,3 @@ iface {{ item.device }} inet6 static {% endfor %} {% endif %} {% endif %} - From 4d1cadf936de0a58eef252763121362ddc24e76f Mon Sep 17 00:00:00 2001 From: Julien Viard de Galbert Date: Sat, 6 Apr 2019 22:10:19 +0200 Subject: [PATCH 08/12] Remove deprecation warnings Signed-off-by: Julien Viard de Galbert --- tasks/debian.yml | 5 ++--- tasks/redhat.yml | 5 ++--- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/tasks/debian.yml b/tasks/debian.yml index 764c4e6..33e0136 100644 --- a/tasks/debian.yml +++ b/tasks/debian.yml @@ -1,9 +1,8 @@ --- - name: Install the required packages in Debian derivatives apt: - name: "{{ item }}" - state: installed - with_items: "{{ network_pkgs }}" + name: "{{ network_pkgs }}" + state: present environment: "{{ env }}" when: network_check_packages diff --git a/tasks/redhat.yml b/tasks/redhat.yml index 73bf057..12f4ed8 100644 --- a/tasks/redhat.yml +++ b/tasks/redhat.yml @@ -1,9 +1,8 @@ --- - name: Install the required packages in Redhat derivatives yum: - name: "{{ item }}" - state: installed - with_items: "{{ network_pkgs }}" + name: "{{ network_pkgs }}" + state: present when: network_check_packages - name: Write configuration files for rhel route configuration with vlan From 19888c8b468ce354344ea4fe7d9976ebc4082af2 Mon Sep 17 00:00:00 2001 From: Julien Viard de Galbert Date: Sat, 6 Apr 2019 22:28:07 +0200 Subject: [PATCH 09/12] Avoid calling restartscript (and status changed) when config is unchanged Signed-off-by: Julien Viard de Galbert --- tasks/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tasks/main.yml b/tasks/main.yml index e430cae..f4fae1e 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -97,6 +97,12 @@ # Restart Network Interfaces (deconfigurate & reconfigurate interfaces) - include: restartscript.yml when: network_allow_service_restart and ansible_os_family == 'Debian' + and (ether_result is changed + or bond_port_result is changed + or bond_result is changed + or vlan_result is changed + or bridge_result is changed + or bridge_port_result is changed) - name: Enable the "network" service service: From 449051cbd07d7b24205e750006a1a9b8c1650cdd Mon Sep 17 00:00:00 2001 From: Julien Viard de Galbert Date: Sat, 6 Apr 2019 22:55:45 +0200 Subject: [PATCH 10/12] Allow creating bridges without attached port Signed-off-by: Julien Viard de Galbert --- tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/main.yml b/tasks/main.yml index f4fae1e..c178ace 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -91,6 +91,7 @@ with_subelements: - '{{ network_bridge_interfaces }}' - bridge_ports + - skip_missing: True when: network_bridge_interfaces is defined register: bridge_port_result From 52f1a0de233605e876a1018a222b178685a854ce Mon Sep 17 00:00:00 2001 From: Quentin Smith Date: Tue, 28 May 2019 22:02:42 -0400 Subject: [PATCH 11/12] Restart the right service and not one that might not exist --- tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/main.yml b/tasks/main.yml index c178ace..3e0855b 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -152,7 +152,7 @@ - name: Restart the "NetworkManager" service on Red Hat systems service: - name: network + name: NetworkManager state: restarted when: > (network_allow_service_restart From 71bea8781ae392d4b6c987b589f313392cd832a6 Mon Sep 17 00:00:00 2001 From: Thomas Elrod Date: Sun, 17 Oct 2021 13:54:26 -0500 Subject: [PATCH 12/12] Documentation and small RH ethernet updates Update setting of type for RedHat ethernet. Update minimum ansible version required. ReadMe updates: - Fix links - Add some more documentation - Fix some spelling and grammar --- README.md | 110 +++++++++++++++++------------------ meta/main.yml | 2 +- templates/ethernet_RedHat.j2 | 4 +- 3 files changed, 59 insertions(+), 57 deletions(-) diff --git a/README.md b/README.md index 70b6cd1..7244942 100644 --- a/README.md +++ b/README.md @@ -16,8 +16,7 @@ machines. The role can be used to configure: ## Requirements - -This role requires Ansible 2.0 or higher, and platform requirements are listed in the metadata file. +This role requires Ansible 2.5 or higher, and platform requirements are listed in the metadata file. ## Role Variables @@ -34,74 +33,75 @@ them are as follows: | `network_vlan_interfaces` | No | `[]` | The list of vlan interfaces to be added to the system. | | `network_check_packages` | No | `true` | Install packages listed in network_pkgs. | | `network_allow_service_restart` | No | `true` | Whether interfaces/networking should get reconfigured and restarted. | -| `network_modprobe_persist` | No | `true` | Persisting module loading. | +| `network_modprobe_persist` | No | `true` | Persistent module loading. | | `network_configured_interfaces_only` | No | `false` | Removes interfaces not configured over this role entirely when enabled. | | `network_interface_file_prefix` | No | `ifcfg-` | The prefix for interface configuration files. | -| `network_interface_file_postfix` | No | `` | The postfix for interface configuration files. | +| `network_interface_file_postfix` | No | `None` | The postfix for interface configuration files. | + +## Defining Interfaces +The different types of interfaces can be configured with the following variables.(manual config currently only available for RedHat) -## Variables Defining Interfaces -The different types of interfaces can be configured with following variables.(manual config currently only availible for RedHat) +Each of the `network_*_interfaces`role variables is a list of dictionaries describing the interface. These dictionaries are built out of the variables described in this section. #### Ethernet _for use with `network_ether_interfaces`_ -| Variable | OS | Is Required | -| ----------- | ------ | ----------------- | -| device | * | Yes | -| type | RedHat | Optional | -| [_ADDR VARS_](#addr-vars) | * | - | +| Variable | OS | Required | Comments | +| ----------- | ------ | -------------- |----------------------- | +| device | * | Yes | Network interface name | +| type | RedHat | Optional | Config option `TYPE` | +| [_ADDR VARS_](#addr-vars) | * | - | #### Bond _for use with `network_bond_interfaces`_ -| Variable | OS | Is Required | -| ------------ | ------ | ----------------- | -| device | * | Yes | -| bond\_mode | * | Yes | -| bond\_slaves | Debian | Yes | -| bond\_slaves | RedHat | For Auto Config | -| type | RedHat | For Manual Config | -| [_BOND VARS_](#addr-vars) | * | - | -| [_ADDR VARS_](#addr-vars) | * | - | +| Variable | OS | Required | Comments | +| ------------ | ------ | ----------------- | ---------------------------- | +| device | * | Yes | Network interface name | +| bond\_mode | * | Yes | Desired bonding mode | +| bond\_slaves | Debian | Yes | List of the slave interfaces | +| bond\_slaves | RedHat | For Auto Config | List of the slave interfaces | +| type | RedHat | For Manual Config | Config option `TYPE` | +| [_BOND VARS_](#bond-vars) | * | - | +| [_ADDR VARS_](#addr-vars) | * | - | #### Bond Slave (manual config) -| Variable | OS | Is Required | -| ----------- | ------ | ----------- | -| device | * | Yes | -| master | * | Yes | -| type | RedHat | Optional | +| Variable | OS | Required | Comments | +| ----------- | ------ | -------- | ---------------------- | +| device | * | Yes | Network interface name | +| master | * | Yes | The bond interface | +| type | RedHat | Optional | Config option `TYPE` | #### Bridge _for use with `network_bridge_interfaces`_ -| Variable | OS | Is Required | -| ------------- | ------ | ----------------- | -| device | * | Yes | -| bridge\_ports | * | Optional | -| type | RedHat | For Manual Config | -| ? | Debian | For Manual Config | -| [_BRIDGE VARS_](#addr-vars) | * | - | -| [_ADDR VARS_](#addr-vars) | * | - | +| Variable | OS | Required | Comments | +| ------------- | ------ | ----------------- | ----------------------------------------- | +| device | * | Yes | Network interface name | +| bridge\_ports | * | Optional | List of interfaces attached to the bridge | +| type | RedHat | For Manual Config | Config option `TYPE` | +| [_BRIDGE VARS_](#bridge-vars) | * | - | +| [_ADDR VARS_](#addr-vars) | * | - | #### Bridge Port (manual config) -| Variable | OS | Is Required | -| ----------- | ------ | ----------------- | -| device | * | Yes | -| bridge | RedHat | For Manual Config | -| type | RedHat | Optional | +| Variable | OS | Required | Comments | +| ----------- | ------ | ----------------- | ---------------------- | +| device | * | Yes | Network interface name | +| bridge | RedHat | For Manual Config | The bridge interface | +| type | RedHat | Optional | Config option `TYPE` | #### VLAN _for use with `network_vlan_interfaces`_ -| Variable | OS | Is Required | -| ------------- | ------ | ----------------- | -| device | * | Yes | -| vlan | Redhat | For Manual Config | -| vlan\_physdev | RedHat | Optional | -| vlan\_id | RedHat | Optional | -| reorder\_hdr | RedHat | Optional | -| [_ADDR VARS_](#addr-vars) | * | - | +| Variable | OS | Required | Comments | +| ------------- | ------ | -------- | ---------------------- | +| device | * | Yes | Network interface name | +| vlan | Redhat | Yes | boolean, set `True` | +| vlan\_physdev | RedHat | Optional | Device VLAN resides on, default value is extraced from device name | +| vlan\_id | RedHat | Optional | VLAN ID, default value is extraced from device name | +| reorder\_hdr | RedHat | Optional | +| [_ADDR VARS_](#addr-vars) | * | - | #### _ADDR VARS_ @@ -167,17 +167,17 @@ _for use with `network_vlan_interfaces`_ ## Combinations (RedHat Only) (Currently only possible on RedHat systems) -Every type of interface can be configured using `network_ether_interfaces` by using the variables of the other interfaces types with it. There are some interfaces that can only be configured using a combination of the interface variables. Here is a list of the different interfaces and combinations thereof avalible to be configured using `network_ether_interfaces`: +Every type of interface can be configured using `network_ether_interfaces` by using the variables of the other interfaces types. There are some interfaces that can only be configured using a combination of the interface variables. Here is a list of the different interfaces and combinations thereof available to be configured using `network_ether_interfaces`: - [ethernet](#ethernet) - [vlan](#vlan) - [bond](#bond) -- [bond slave](#bond-slave--manual-config) +- [bond slave](#bond-slave-manual-config) - [bond](#bond)+[vlan](#vlan) (VLAN on a Bond interface) - [bridge](#bridge) -- [bridge port](#bridge-port--manual-config) -- [bond](#bond)+[bridge port](#bridge-port--manual-config) (Bond interface used as a bridge port. Exclude [_ADDR VARS_](#addr-vars)) -- [vlan](#vlan)+[bridge port](#bridge-port--manual-config) (VLAN interface used as a bridge port. Exclude [_ADDR VARS_](#addr-vars)) +- [bridge port](#bridge-port-manual-config) +- [bond](#bond)+[bridge port](#bridge-port-manual-config) (Bond interface used as a bridge port. Exclude [_ADDR VARS_](#addr-vars)) +- [vlan](#vlan)+[bridge port](#bridge-port-manual-config) (VLAN interface used as a bridge port. Exclude [_ADDR VARS_](#addr-vars)) @@ -204,7 +204,7 @@ If you want to use a different MAC Address for your Interface, you can simply ad ``` hwaddress: aa:bb:cc:dd:ee:ff ``` -On some rare occasion it might be good to set whatever option you like. Therefore it +On some rare occasion it might be good to set whatever options you like. Therefore(Debian systems only) it is possible to use ``` options: @@ -436,7 +436,7 @@ ipv6_gateway: "aaaa:bbbb:cccc:dddd::1" Create a playbook which applies this role to all hosts as shown below, and run the playbook. All the servers should have their network interfaces configured -and routed updated. +and routes updated. ``` - hosts: all @@ -471,8 +471,8 @@ the eth0 interface to the public firewalld zone: Note: Ansible needs network connectivity throughout the playbook process, you may need to have a control interface that you do *not* modify using this method while changing IP Addresses so that Ansible has a stable connection -to configure the target systems. All network changes are done within a single -generated script and network connectivity is only lost for few seconds. +to configure the target systems. All network changes are activated within a single +generated script and network connectivity is only lost for a few seconds. ## Dependencies diff --git a/meta/main.yml b/meta/main.yml index bf62cf3..7c4a079 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -5,7 +5,7 @@ galaxy_info: author: "Benno Joy, Martin Verges, Luke Short, Eric Anderson" company: "AnsibleWorks, First Colo GmbH" license: BSD-2-Clause - min_ansible_version: 1.9 + min_ansible_version: 2.5 platforms: - name: Debian versions: diff --git a/templates/ethernet_RedHat.j2 b/templates/ethernet_RedHat.j2 index bb70716..5d072df 100644 --- a/templates/ethernet_RedHat.j2 +++ b/templates/ethernet_RedHat.j2 @@ -2,7 +2,6 @@ # {{ ansible_managed }} NAME={{ item.name | default(item.device) }} DEVICE={{ item.device }} -TYPE={{ item.type | default("Ethernet") }} {% if item.bootproto is defined and item.bootproto == 'dhcp' %} BOOTPROTO=dhcp {% else %} @@ -25,7 +24,10 @@ HWADDR={{ item.hwaddress }} {% endif -%} {% if item.vlan is defined and item.vlan | bool %} +TYPE=Vlan {% include "RedHat_vlan_options.j2" %} +{% else %} +TYPE={{ item.type | default("Ethernet") }} {% endif -%} {% if item.bridge is defined %}