Git Product home page Git Product logo

network_management's Introduction

network_management

This role configures your network interfaces automatically. This role also support complex setups with openvswitch and different vlans. On debian based systems a proper /etc/network/interfaces configuration is generated unless network_management_always_script is set to True.

Requirements

A Linux distribution with debian networking support or systemd as init system. python-netaddr has to be installed on the executing machine.

Role Variables

Primary

Option Type Default Description Required
network_management_default_type string dhcp Default type to setup a interface or bridge N
network_management_default_bring_up boolean True Bring interface up on start N
network_management_default_dhcp_options dict {} Additional options for dhcp interfaces N
network_management_default_gateway string Add a default route via this gateway address N
network_management_default_mtu integer Detault MTU size to use for all interfaces N
network_management_default_src_address string Source Address to use for outgoing addresses, only used if network_management_default_gateway is specified, the source address has to be assigned to an interface N
network_management_default_allow_hotplug boolean False Allow hotplugging (True) or configure automatically (False) N
network_management_pre_up string Shell Commands to execute before any other action is performed N
network_management_post_up string Shell Commands to execute after all other network operations are performed N
network_management_pre_down string Shell Commands to execute before network goes down N
network_management_post_down string Shell Commands to execute after network has gone down N
network_management_nameservers list of strings ['8.8.8.8', '8.8.4.4'] List of all nameservers to use N
network_management_domains list of strings [] List of all search domains to use N
network_management_clear_bridges boolean False Remove all ovs bridges before recreating them. This is useful for renaming bridges. N
network_management_reboot_for_config boolean False Reboot target server to setup new network config, useful for major network configuration, which may require manual interactions otherwise N
network_management_default_cidr string Default CIDR suffix to use, with leading '/' (ex. '/24') N
network_management_default_port_type string Default type for interfaces/ports. For valid values see man ovs-vswitchd.conf.db N
network_management_default_port_options list of strings Default ovs options to set for new interfaces/ports. For valid options see man ovs-vswitchd.conf.db N
network_management_plain_run boolean False Only write network configuration, do not apply them N
interfaces list of dicts [] List of all interfaces to setup, keep in mind it can cause various errors if you configure a interface here and later use it as a port on a bridge N
bridges list of dicts [] List of network bridges to setup (all bridges are managed by openvswitch) N
patch_field list of key values [] A list of network interfaces or bridge ports to patch together (ex. wire/patch one bridge port with one vlan to another bridge with a different vlan) N
network_management_routes list of key values A list of additional routes to set N
network_management_tables dict {} A list of all custom routing tables N
network_management_disable_ipv6 boolean False Disables IPv6 N
network_management_ipv4_forwarding boolean False Enables IPv4 forwarding N
network_management_default_rp_filter boolean False Enables rp_filter for interfaces by default N
network_management_create_nftables_definitions boolean True Create nftables defines for all hosts N
network_management_nftables_definitions_path string /etc/nftables_def.nft Path to create nftables defines N

network_management nftables defines

For each interface of each host a define ip_<hostname>_<interface index>_<ip on interface index> = <ip_address(without prefix)> definition is created. All none alphabetic and numeric characters are replaced by underscores.

type

Defines how a network or bridge should be configured. Possible values are:

Value Description Side effects
manual Do nothing but bring up interface link Ignore options ips, gateway and dhcp
static Configure interface statically Ignore option dhcp
dhcp Configure interface via dhcp Ignore option ips and gateway

dhcp

Option Type Default Description Required
hostname string {{ ansible_hostname }} Hostname to be requested (is ignored in network_management_default_dhcp_options) N
leasetime integer Request a specific lease time in seconds. N
metric integer Metrics are used to prefer an interface over another one, lowest wins. N

interfaces

Option Type Default Description Required
name string Name of the interface to configure, ignored if mac is specified only if mac is not specified
mac string MAC-Address of the interface to configure. If name is specified, mac is autodetected. only if name is not specified
bring_up boolean {{ network_management_default_bring_up }} Automatically bring interface link up N
type string {{ network_management_default_type }} Specify how the network interface should be configured N
nameservers list of strings {{ network_management_nameservers }} Nameservers to use N
domains list of strings {{ network_management_domains }} List of search domains to use N
mtu integer MTU size N
ip string IP address to assign (CIDR suffix is required if network_management_default_cird is not specified) N
ips list of strings IP addresses to assign (CIDR suffix is required if network_management_default_cidr is not specified) only if type is static
gateway string Gateway address to use for this interface N
broadcast string auto calculated Broadcast address to use N
hostname string {{ ansible_hostname }} Hostname to be requested (network_management_default_dhcp_options don't apply here). Only used on dhcp interfaces. N
leasetime integer Request a specific lease time in seconds. Only used on dhcp interfaces. N
metric integer Metrics are used to prefer an interface over another one, lowest wins. Only used on dhcp interfaces. N
allow_hotplug boolean {{ network_management_default_allow_hotplug }} Allow hotplugging (True) or configure automatically (False) N

bridges

Beside every option from the interfaces dict, the following options can be specified:

Option Type Default Description Required
ports list of dicts [] List of physical interfaces to add to the bridge N
allow_hotplug boolean {{ network_management_default_allow_hotplug }} Allow hotplugging (True) or configure automatically (False) N

port

Option Type Default Description Required
port string Interface name to add to bridge Y
vlan integer Add the port with specified vlan to selected bridge N
type string {{ network_management_default_port_type }} Type of the port to add N
options list of strings {{ network_management_default_port_options }} Additional ovs options for new port, type must been seeded N
allow_hotplug boolean {{ network_management_default_allow_hotplug }} Allow hotplugging (True) or configure automatically (False) N

patch_field

Option Type Default Description Required
key string First port or interface in between the link should be made Y
value string Second port or interfaces in between the link should be made Y

network_management_routes

Option Type Default Description Required
network string default, IP address or IP network to route Y
gateway string IP address to use as gateway N
interface string Interface/device to us to forward traffic N
source string Source IP address to us to forward traffic N
metric integer Metric to use for this route definition N
table string/integer Routing table to use for this route N
mtu integer {{ network_management_default_mtu}} MTU to use for this route, this is done by iptroute2 (ex. ip route add 1.2.3.4/32 via 1.1.1.1 mtu 1500) N

network_management_tables

Option Type Default Description Required
key string Name of the custom routing table Y
value dict Routing table options Y

routing_table_options

For additional information see iproute2 documentation.

Option Type Default Description Required
id integer routing table identifier Y
rules list of dicts rules to identify traffic to be routed with this table N

routing_table_rules

Option Type Default Description Required
type string type of this rule (one of unicast, blackhole, unreachable, prohibit, nat) N
from string select source prefix to match N
to string select destination prefix to match N
interface string incoming interface to match (lo for local traffic) N
nat string the base of IP address block to translate source address N
tos integer/string select TOS value to match N
fwmark integer/string select value of fwmark to match N
priority integer (32bit) priority of this rule. Each rule should have an explicitly set unique priority value N
realms string realms to select if the rule matched and routing table lookup succeeded N

License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Author Information

network_management's People

Contributors

astrocbxy avatar dasj avatar haslersn avatar mr-pi avatar scriptkiddi avatar slothofanarchy avatar

Stargazers

avatar avatar

Watchers

avatar avatar

network_management's Issues

CIDR appending task fails

Error message:

MSG:

The task includes an option with an undefined variable. The error was: 'unicode object' has no attribute 'ips'

The error appears to have been in '/home/michel/stuvus_config/roles/network_management/tasks/interfaces.yml': line 36, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:


- name: Append default CIDR if not already specified (interfaces)
  ^ here

exception type: <class 'ansible.errors.AnsibleUndefinedVariable'>
exception: 'unicode object' has no attribute 'ips'

Host vars

interfaces:
  - mac: AA:AA:AA:AA:BB:CC
    ip: 129.69.139.21
  - mac: AA:AA:AA:AA:CC:BB
    bridge: int_vpn
    type: manual

Pretest vars

Test for required variables and throw an useful error message.

Handle running dhcpcd

Some distributions have dhcpcd enabled by default for all interfaces. This doesn't work when at least one of the interface obtains a static IP. The dhcpcd.service will then fail. This role could prevent it by modifying /etc/dhcpcd.conf in the right way. Alternatively, it could just encompass a task that disables dhcpcd.service altogether.

Port or Parent MTU might be too low

The role should give an error in the following cases:

  • A bridge's parent has a lower MTU than the bridge
  • A bridge's port has a lower MTU than the bridge

In case a physical port doesn't have an MTU set explicitly but is connected to at least one bridge, then I propose that it should get the maximum MTU of those bridges.

Restarting networking.service doesn't work

handlers/main.yml contains:

- name: Restart networking.service
  service:
    name: networking
    state: restarted
  listen: reload_network
  when: not network_management_reboot_for_config and not network_management_plain_run

Is there any distribution where this works? (And as a side question: Why doesn't it have daemon_reload: true?)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.