NOTE: This also requires upgrading to tox-lsr 3.10.0, and some
hacks to workaround a podman issue in ubuntu.
These tests run the role during a bootc container image build, deploy
the container into a QEMU VM, boot that, and validate the expected
configuration there. They run in two different tox environments, and
thus have to be run in two steps (preparation in buildah, validation in
QEMU). The preparation is expected to output a qcow2 image in
`tests/tmp/TESTNAME/qcow2/disk.qcow2`, i.e. the output structure of
<https://github.com/osbuild/bootc-image-builder>.
There are two possibilities:
* Have separate bootc end-to-end tests. These are tagged with
`tests::bootc-e2` and are skipped in the normal qemu-* scenarios.
They run as part of the container-* ones.
* Modify an existing test: These need to build a qcow2 image exactly
*once* (via calling `bootc-buildah-qcow.sh`) and skip setup/cleanup
and role invocations in validation mode, i.e. when
`__bootc_validation` is true.
In the container scenario, run the QEMU validation as a separate step in
the workflow.
See https://issues.redhat.com/browse/RHEL-88396
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
* You can ignore words inline by adding a comment like `# codespell:ignore word`.
* You can ignore words by adding them to the `.codespell_ignores` file.
* You can ignore files and directories by adding them with `skip = ` to the `.codespellrc` file.
Signed-off-by: Sergei Petrosian <spetrosi@redhat.com>
Add support for the `wait_ip` property, the system will consider
connection activated only when specific IP stack is configured.
This enables flexibility in scenarios such as
IPv6-only networks, where the overall network configuration can still
succeed when IPv4 configuration fails but IPv6 completes successfully.
The `wait_ip` can be configured with the following possible values:
* "any": System will consider interface activated when any IP stack is
configured.
* "ipv4": System will wait IPv4 been configured.
* "ipv6": System will wait IPv6 been configured.
* "ipv4+ipv6": System will wait both IPv4 and IPv6 been configured.
Resolves: https://issues.redhat.com/browse/RHEL-63026
Signed-off-by: Wen Liang <wenliang@redhat.com>
There is no fine-grained control over the number of retries for
automatically reconnecting a network connection in the role. This
limitation can be problematic for certain use cases where extending the
retry process is critical, particularly in environments with unstable
networks. Introduce support for the `autoconnect_retries` property in nm
provider of `network_connections` variable. This feature allows users to
configure how many times NetworkManager will attempt to reconnect a
connection after a autoconnect failure, providing more control over
network stability and performance.
Resolves: https://issues.redhat.com/browse/RHEL-61599
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Enhancement: Add the optional route source parameter for the nm provider
Reason: In a scenario where you have a machine with multiple public IP
addresses, typically due to a multi-WAN setup, the src parameter in the
context of routes allows you to specify which source IP address should
be used when sending packets via a specific route. This is crucial when
you want to ensure that outbound traffic uses a specific IP address tied
to a particular network interface, especially when dealing with multiple
WAN connections.
Result: Adding support for the src parameter in routes results in a
more powerful and flexible network configuration capability, especially
important in environments with multiple network interfaces or multiple
IP addresses, it provides better control over traffic routing.
Resolves: https://issues.redhat.com/browse/RHEL-3252
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
* Remove plan from role dir, it's too complicated and long to run tests from tmt
* Use plan from linux-system-roles/tft-tests
* Move getting datetime to testing-farm job where it's used
* Add a workflow for running [citest_bad]
* Bump sclorg/testing-farm-as-github-action to v3
* Move concurrency group to first job
* Dump GitHub context
Signed-off-by: Sergei Petrosian <spetrosi@redhat.com>
This change is for running tests in Testing Farm CI. This is a replacement for
BaseOS CI that we are currently using. Running it Testing Farm gives us more
control.
It adds a workflow for running tests, and a plans directory containing a test
plan and a README-plans.md with some info.
Note that this workflow runs from the main branch. This means that changes to
the workflow must be merged to main, then pull requests will be able to run it.
This is because the workflow uses on: issue_comment context, this is a security
measure recommended by GitHub. It saves us from leaking organization secrets.
The functionality is WIP, so await future fixes and updates.
Signed-off-by: Sergei Petrosian <spetrosi@redhat.com>
It is useful and common practice to configure the routes with blackhole,
prohibit, and unreachable route types when users have BGP routing
setups.
Notice that this feature is only for nm provider using
`network_connections` variable. Configuring blackhole, prohibit, and
unreachable route types is also supported by using `network_state` since
nmstate version 2.2.20 (the setting name is `route-type`).
Resolves: https://issues.redhat.com/browse/RHEL-19579
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
- Consistently generate badges for GH workflows in README RHELPLAN-146921
- Run markdownlint on all .md files
- Add custom-woke-action if not used already
- Use woke from linux-system-roles/lsr-woke-action
Signed-off-by: Sergei Petrosian <spetrosi@redhat.com>
- markdownlint runs against README.md to avoid any issues with
converting it to HTML
- test_converting_readme converts README.md > HTML and uploads this test
artifact to ensure that conversion works fine
- build_docs converts README.md > HTML and pushes the result to the
docs branch to publish dosc to GitHub pages site.
- Fix markdown issues in README.md
Signed-off-by: Sergei Petrosian <spetrosi@redhat.com>
reason: The administrator wants to suppress the AAAA queries made by
the stub resolver, including AAAA lookups triggered by NSS-based
interfaces such as getaddrinfo. Only the DNS lookups are affected.
result: The administrator is able to suppress AAAA queries made by the
stub resolver.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
reason: The user wants to ignore automatically configured name servers and
search domains (e.g. dns record from DHCP), and only use the name
servers and search domains specified in the `dns` and `dns_search`
properties.
result: The user is able to ignore automatically configured name servers
and search domains.
Notice that there are two settings here distinguished by the address
families, which aims to be compatible with NetworkManager
(`ipv4.ignore-auto-dns` and `ipv6.ignore-auto-dns`)and Nmstate (setting
`auto-dns` on `ipv4` or `ipv6` section). Also, the users can get auto
DNS from DHCPv4, DHCPv6, modem etc, and they may want to ignore auto
DNS on Ipv4 but not on IPv6, in this case, it is better to have two
settings distinguished by the address families.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
To allow a "non-inclusive word" in README.md, a wokeignore rule
was added as follows.
```
<!--- wokeignore:rule=word -->
"non-inclusive word" in kernel and NetworkManager.
```
When the markdown format is converged to the html format,
the comment line is treated as a blank line proceeded by `<p>`.
```
<p><!--- wokeignore:rule=word --><br />
"non-inclusive word" in kernel and NetworkManager.
```
Starting with `<p>` and being followed by`<br />`, the
wokeignore rule loses the ability to make the inclusive language
utility `woke` skip checking the non-inclusive word in the next
line.
Instead of putting the wokeignore rule comment above the non-
inclusive word, it's placed in the same line.
Signed-off-by: Noriko Hosoi <nhosoi@redhat.com>
The users want to create the bonding interface with the MAC address
specified by themselves or specify the strategy (e.g. random, preserve)
to get the default MAC for the bonding interface. Thus, add support for
the cloned MAC address.
Signed-off-by: Sylvain <35niavlys@gmail.com>
ansible-core 2.14 is now the current version of Ansible. This version
does not support `args: warn: false` so we have to remove it from the
network role. Users will need to use `COMMAND_WARNINGS` in their
Ansible configuration in order to suppress the warning in older versions
of Ansible such as 2.9, 2.11.
In addition, the gating tests are getting stricter about using new best
practices, such as using `true`, `false` for booleans instead of `yes`,
`no`; use of spaces in Jinja expressions; etc. These issues were
addressed.
The `tests/` directory contains far too many cases of non-recommended
practices, so this directory has been exempted.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
The user may need to define the named route table in the routing rule
besides the table id, add support for that.
The commit fixes
https://github.com/linux-system-roles/network/issues/506.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The users want to apply the nmstate network state configuration to the
interface directly through the role, which necessitates the less
complexity of the network configuration and allows the partial
configuration on the network.
To warrant that the users are capable to apply the nmstate network state
configuration, add the support for the `network_state` variable.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
In order to enable the user using the policy routing (e.g. source
routing) or instructing the system which table to look up to determine
the correct route, add support for routing rules.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The storage plugin used by NM is an implementation detail that the role
does not care about, since it uses NM via libnm.
Signed-off-by: Till Maas <opensource@till.name>
In order to enable user to flexibly control the network transmission
over the bonded interface, support all the bond options which are
currently supported by NetworkManager.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The users want to use the policy routing (e.g. source routing), so
that they can forward the packet based on the other criteria except for
the destination address in the packet. In such scenario, the routing
tables have to be supported beforehand in static routes, so that the
users can define policy routing rules later to instruct the system
which table to use to determine the correct route.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Users can easily configure or update network connection via matching
physical device path of the interface, which add certain flexibilty of
user experience.
Update connection profile via matching `path` setting:
```yaml
- name: eth0
type: ethernet
autoconnect: yes
# For PCI devices, the path has the form "pci-$domain:$bus:$device.$function"
# It will only update the interface with the path "pci-0000:00:03.0"
match:
path:
- pci-0000:00:03.0
```
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Enable WPA3 SAE support via:
```yaml
network_connections:
- name: wlan0
type: wireless
wireless:
ssid: "WIFI_SSID"
key_mgmt: "sae"
password: "p@55w0rD"
```
Integration test case was included for Fedora and CentOS. ( Failed in setting up the
mock wifi on RHEL, so skipped the integration test on RHEL)
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
If enabled, a default route will be configured using the default gateway. If disabled,
the default route will be removed.
If this variable is not specified, the role will use the default behavior of the
`network_provider` selected.
Setting this option to `no` is equivalent to:
- `DEFROUTE = no` in initscripts, or
- `ipv4.never-default/ipv6.never-default yes` in nmcli
Signed-off-by: Jack Adolph <jack.adolph@gmail.com>
`dns_search` and `dns_options` should not be specific to the address
family. Previously, `dns_search` and `dns_options` were only supported
for IPv4 nameservers, so we also need to support `dns_search` and
`dns_options` for IPv6 nameservers.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Enable WPA3 OWE support via:
```yaml
network_connections:
- name: wlan0
type: wireless
wireless:
ssid: "WIFI_SSID"
key_mgmt: "owe"
```
Integration test case was included for Fedora and CentOS. ( Failed in setting up the
mock wifi on RHEL, so skipped the integration test on RHEL)
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
ETHTOOL Ring option is not supported by NetworkManager until
NM 1.25.2. Currently, ETHTOOL Ring option is not suppored by
Network role, so enable the support for ETHTOOL Ring option.
Configure ethtool ring option via:
```yaml
network_connections:
- name: testnic1
type: ethernet
state: up
ip:
dhcp4: no
auto6: no
ethtool:
ring:
rx: 128
rx_jumbo: 128
rx_mini: 128
tx: 128
```
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Automation Hub, and possibly Galaxy in the future, require the
collection to be screened with `ansible-test sanity` among other
checks. The role had a number of issues:
* Use `AssertionError` instead of `assert`
* Use of `logging` module not in accordance with standards, but these
are ok and the errors were suppressed
* Several import errors which are ok because they are checked
elsewhere
* __init__.py in the module_utils directories must be empty, so a
new file myerror.py was added to move the code from __init__.py
* NOTE: network_lsr/nm/__init__.py is not empty
* The documentation block in the module was not properly constructed
or formatted.
* shellcheck issues, including removing unused files
* use `unused` instead of `_` (underscore) for variables that are
unused
add WARNING to module docs - collection users should not use directly
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
- Use a consistent style for lists and fix indentations
- Adjust whitespace to fence lists or code blocks
- Remove double blank lines
- Wrap lines at 88 characters
- Add missing notations for code
- Use proper links instead of plain URLs
- Reword some parts to fit the style and update the text
Signed-off-by: Till Maas <opensource@till.name>
