The only thing we need to skip currently is using FQCN for ansible
builtin modules, plugins
Add `kinds` - otherwise, Ansible thinks anything not in a traditional
role path is a plain YAML file, and we don't get the additional
checking.
Ensure all plays are named.
Fix some other minor problems.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
The users want to create the bonding interface with the MAC address
specified by themselves or specify the strategy (e.g. random, preserve)
to get the default MAC for the bonding interface. Thus, add support for
the cloned MAC address.
Signed-off-by: Sylvain <35niavlys@gmail.com>
CI is broken pretty hard right now due to tox 4.x being released
It will take non-trivial effort to make tox-lsr work with tox 4.x. So,
in the meantime, tox-lsr 2.13.1 forces the use of tox 3.x
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
The python version used now requires a corresponding os version e.g. python 2.7 and
python 3.6 are no longer supported on ubuntu-latest - must use 20.04. Update
the python matrix to include the os to use as well.
Use checkout@v3 and setup-python@v4
python 3.11 stable is now supported by setup-python
Add `push` action for status reporting on role main page if missing
Use `docker` for ansible-test if not already doing that
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
ansible-core 2.14 is now the current version of Ansible. This version
does not support `args: warn: false` so we have to remove it from the
network role. Users will need to use `COMMAND_WARNINGS` in their
Ansible configuration in order to suppress the warning in older versions
of Ansible such as 2.9, 2.11.
In addition, the gating tests are getting stricter about using new best
practices, such as using `true`, `false` for booleans instead of `yes`,
`no`; use of spaces in Jinja expressions; etc. These issues were
addressed.
The `tests/` directory contains far too many cases of non-recommended
practices, so this directory has been exempted.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
[1.10.0] - 2022-11-01
--------------------
- Support looking up named route table in routing rule
- Support 'route_metric4' for initscripts provider
- Support the DNS priority
- bond: improve the validation for setting peer_notif_delay
- bond: test arp_all_targets only when arp_interval is enabled
- bond: attach ports when creating the bonding connection
- Set the route metric when testing the 'auto_gateway'
- Fix markdownlint 'unordered list indentation' issue
- add ip.route_metric4: 65535 to failing bond tests
- use rpm -i instead of yum install for epel7
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
On BaseOS CI systems, `yum install` for the epel7 rpm does not work.
Instead, use `rpm -i` which should work on any system. We should not
need to use `yum install` here because the epel7 setup rpm does not have
additional dependencies.
In addition, the rpm download sometimes returns 403 - I think it is because
multiple tests run in parallel in BaseOS CI, resulting in too many
download attempts in too short a period of time - so introduce a retry
to mitigate the situation.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
When creating a bond, the bond also creates a default route with a
default metric of 0. This causes test failures on CI systems as
it overrides the system default route. Use the new `ip.route_metric4`
parameter to set a high metric value so as not to override the
default system route.
Some systems cannot use a metric value of 32 bit unsigned int max value. To ensure
the broadest possible support, use a metric value of 16 bit signed int max value,
which should be high enough to ensure the routes always have the lowest priority.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
For initscripts provider, the metric for the default route defaults to
0, as a result, the default route can take precedence or blindly ingore
other routes. Adding a higher route metric value to honor other routes
during the route selection.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
When ports are not attached, the bonding connection may risk not in fully
connected state, e.g. connecting (getting IP configuration). Therefore,
attach ports for the bonding connection.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Kernel allows to set `arp_all_targets` when `arp_interval` is disabled
(disable ARP monitoring). But `arp_all_targets` specifies the quantity
of `arp_ip_targets` that must be reachable in order for the ARP monitor
to consider a slave as being up. It makes more sense to only set the
`arp_all_targets` while enabling the `arp_interval`.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Synchronize with NM, the default value of peer_notif_delay in NM is 0,
which is not considered as enabling the setting or specifying the
delay.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The user may need to define the named route table in the routing rule
besides the table id, add support for that.
The commit fixes
https://github.com/linux-system-roles/network/issues/506.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
`libnmstate.show()` would include the info like bridge timer etc which
should not be considered when comparing between the previous state and
current state. Instead, using the the `libnmstate.show_running_config()`
which would filter out these kind of data.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
We need to get the name of the branch to which CHANGELOG.md was pushed.
For now, it looks as though `GITHUB_REF_NAME` is that name. But don't
trust it - first, check that it is `main` or `master`. If not, then use
a couple of other methods to determine what is the push branch.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Accept any whitespace sequence, according to Python's `rb"\s"` class.
This way, tabs are also accepted. This is also what iproute2 does.
Use just one regex for this.
Also add a unit test for the default iproute2 file.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Description:
When a new changelog section is added to CHANGELOG.md and pushed,
changelog_to_tag.yml is triggered, which generates a new tag and
a new release.
Example of CHANGELOG.md changes:
[9.9.9] - 2022-12-31
--------------------
### New features
- New feature A
### Bug fixes
- Bug fix B
Using this example, when the commit on CHANGELOG.md is pushed, a
new tag "9.9.9" is added and Version 9.9.9 is released in github.
If tag "9.9.9" already exists, the CHANGELOG.md push fails.
Signed-off-by: Noriko Hosoi <nhosoi@redhat.com>
The users want to apply the nmstate network state configuration to the
interface directly through the role, which necessitates the less
complexity of the network configuration and allows the partial
configuration on the network.
To warrant that the users are capable to apply the nmstate network state
configuration, add the support for the `network_state` variable.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The Ansible developers say that `min_ansible_version` in meta/main.yml
must be a `string` value like `"2.9"`, not a `float` value like `2.9`.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
For the active bonding/bridge connection, when all the port connection
profiles are brought down firstly, then the operstate of the controller
device will change into "down" automatically, which denotes missing the
carrier for the controller device. However, the connection for the
controller device should still be considered as active as long as
there is any valid IP address configured.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The current default `p_key` value is `-1`, which is only useful for the
recognizability with NetworkManager API. NetworkManager chooses the
`-1` as the default pkey value only because the connection should be
created on the physical infiniband interface by default and the
positive pkey value would make the connection created on the virtual
infiniband partition. But NetworkManager should also have represented
the default value as not specifying the pkey property initially.
Therefore, change the default value of `p_key` into `None`.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
When testing the infiniband ports in active backup mode, certainly the
physical infiniband device is required to be present upfront. Because
the last commit fixes the bug of wrongly checking the existence of
virtual infiniband device and only checks the presence of the infiniband
device when pkey is not explicitly set, the test which testing
infiniband ports in active backup bonding mode will definitely fail
now. To address the issue, remove the testing code now as it is not
significant for testing the bond options, probably the testing code
will be added back to the dedicated infiniband test playbook for
completeness.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
If the `p_key` is specified, then ipoib (IP over Infiniband) connection
will be created. In this case, the interface name must be unset.
NM only allows the user to set the interface name to a fixed value
based on the interface name of the parent and the value of the `p_key`,
for example, if the interface name of the parent is `ib0` and the
`p_key` is `0x000a`, then the `interface_name` for the ipoib connection
must be `ib0.000a` or unset. But this kind of validation in NM is
pointless because it is not useful at all to have the interface name for
the ipoib connection, NM should has also rejected setting the interface
name for the ipoib connection initially.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
When the `p_key` is specified, the virtual infiniband device should be
created automatically. And activating the connection on the virtual
infiniband device should not require the users to create virtual
infiniband device manually upfront. The previous implementation is
wrong which validating the presence of virtual infiniband device
upfront, as a result, the users have to create the virtual infiniband
device manually in the target system in order to activate the
connection on the virtual infiniband device through the role. This is
an actual bug, the exception raised when the users do not
pre-configured such a virtual infiniband device. To address the
problem, only checking the existence of the device when the `p_key` is
not specified.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
tox-lsr version 2.11.0 has support for collection-requirements.yml,
runqemu improvements, and support for python 3.10
python 3.7 is not used on any supported platform, so remove it
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
DHCP server certainly needs the IP address configured in order to lease
the address to the client. There is a bug in NM which wrongly removes
all addresses on the unmanaged interface while it should not. To
guarantee the IP address indeed configured for DHCP server, rescue it
via adding conditional loop for configuring IP address to DHCP server.
Notice that this workaround will be removed eventually when NM fixes
the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2079642
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
When running CI tests, test performance can be improved by creating a
snapshot image to use for the test, pre-installed with packages used by
the role tests. The CI system can use tests/setup-snapshot.yml to
prepare the snapshot image. Rather than having a list of packages to
install in multiple places, the code which ensures the facts and
variables is moved to a separate tasks/set_facts.yml so that the setup
playbook can use `tasks_from: set_facts.yml` to get the list of network
packages to install. NOTE: The network role developers should add
additional packages to setup-snapshot.yml for other packages installed
by other tests.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Some users prefer to use `gather_facts: false` in their playbooks.
However, the network role requires certain ansible_facts to be set. If
the user wants to use the network role with `gather_facts: false`, the
role will gather the minimum subset of facts required. If the user does
not want the role to gather facts, the user can either not use the
network role, or ensure that all required facts are in the facts cache.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
In order to enable the user using the policy routing (e.g. source
routing) or instructing the system which table to look up to determine
the correct route, add support for routing rules.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Some address family values (e.g. "ipv4" or "ipv6") should not be
considered as bogus value if they can be normalized into
`socket.AF_INET` or `socket.AF_INET6`, it is more tolerant but also
still preserving the capability for rejecting the utterly bogus address
family values.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
