The bond tests fail regularly in our single host downstream testing,
so mark them as `expfail` (expect to fail) so that these failures
do not clutter up our test results.
We have tried to fix this in the past - several times over the past
three years, at a cost of many man weeks of effort - and the fixes just
don't seem to "take". We have reached the point where we need to cut
our losses and just skip these tests. Perhaps at some point in the
future we can revisit this issue.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Almost all the network role tests fail with fact gathering disabled.
Therefore, in order to support the tests running with
ANSIBLE_GATHERING=explicit, gather the minimum subset of facts
required.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The users want to create the bonding interface with the MAC address
specified by themselves or specify the strategy (e.g. random, preserve)
to get the default MAC for the bonding interface. Thus, add support for
the cloned MAC address.
Signed-off-by: Sylvain <35niavlys@gmail.com>
ansible-core 2.14 is now the current version of Ansible. This version
does not support `args: warn: false` so we have to remove it from the
network role. Users will need to use `COMMAND_WARNINGS` in their
Ansible configuration in order to suppress the warning in older versions
of Ansible such as 2.9, 2.11.
In addition, the gating tests are getting stricter about using new best
practices, such as using `true`, `false` for booleans instead of `yes`,
`no`; use of spaces in Jinja expressions; etc. These issues were
addressed.
The `tests/` directory contains far too many cases of non-recommended
practices, so this directory has been exempted.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
On BaseOS CI systems, `yum install` for the epel7 rpm does not work.
Instead, use `rpm -i` which should work on any system. We should not
need to use `yum install` here because the epel7 setup rpm does not have
additional dependencies.
In addition, the rpm download sometimes returns 403 - I think it is because
multiple tests run in parallel in BaseOS CI, resulting in too many
download attempts in too short a period of time - so introduce a retry
to mitigate the situation.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
When creating a bond, the bond also creates a default route with a
default metric of 0. This causes test failures on CI systems as
it overrides the system default route. Use the new `ip.route_metric4`
parameter to set a high metric value so as not to override the
default system route.
Some systems cannot use a metric value of 32 bit unsigned int max value. To ensure
the broadest possible support, use a metric value of 16 bit signed int max value,
which should be high enough to ensure the routes always have the lowest priority.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
For initscripts provider, the metric for the default route defaults to
0, as a result, the default route can take precedence or blindly ingore
other routes. Adding a higher route metric value to honor other routes
during the route selection.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
When ports are not attached, the bonding connection may risk not in fully
connected state, e.g. connecting (getting IP configuration). Therefore,
attach ports for the bonding connection.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Kernel allows to set `arp_all_targets` when `arp_interval` is disabled
(disable ARP monitoring). But `arp_all_targets` specifies the quantity
of `arp_ip_targets` that must be reachable in order for the ARP monitor
to consider a slave as being up. It makes more sense to only set the
`arp_all_targets` while enabling the `arp_interval`.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The user may need to define the named route table in the routing rule
besides the table id, add support for that.
The commit fixes
https://github.com/linux-system-roles/network/issues/506.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Accept any whitespace sequence, according to Python's `rb"\s"` class.
This way, tabs are also accepted. This is also what iproute2 does.
Use just one regex for this.
Also add a unit test for the default iproute2 file.
Signed-off-by: Thomas Haller <thaller@redhat.com>
The users want to apply the nmstate network state configuration to the
interface directly through the role, which necessitates the less
complexity of the network configuration and allows the partial
configuration on the network.
To warrant that the users are capable to apply the nmstate network state
configuration, add the support for the `network_state` variable.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The current default `p_key` value is `-1`, which is only useful for the
recognizability with NetworkManager API. NetworkManager chooses the
`-1` as the default pkey value only because the connection should be
created on the physical infiniband interface by default and the
positive pkey value would make the connection created on the virtual
infiniband partition. But NetworkManager should also have represented
the default value as not specifying the pkey property initially.
Therefore, change the default value of `p_key` into `None`.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
When testing the infiniband ports in active backup mode, certainly the
physical infiniband device is required to be present upfront. Because
the last commit fixes the bug of wrongly checking the existence of
virtual infiniband device and only checks the presence of the infiniband
device when pkey is not explicitly set, the test which testing
infiniband ports in active backup bonding mode will definitely fail
now. To address the issue, remove the testing code now as it is not
significant for testing the bond options, probably the testing code
will be added back to the dedicated infiniband test playbook for
completeness.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
If the `p_key` is specified, then ipoib (IP over Infiniband) connection
will be created. In this case, the interface name must be unset.
NM only allows the user to set the interface name to a fixed value
based on the interface name of the parent and the value of the `p_key`,
for example, if the interface name of the parent is `ib0` and the
`p_key` is `0x000a`, then the `interface_name` for the ipoib connection
must be `ib0.000a` or unset. But this kind of validation in NM is
pointless because it is not useful at all to have the interface name for
the ipoib connection, NM should has also rejected setting the interface
name for the ipoib connection initially.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
DHCP server certainly needs the IP address configured in order to lease
the address to the client. There is a bug in NM which wrongly removes
all addresses on the unmanaged interface while it should not. To
guarantee the IP address indeed configured for DHCP server, rescue it
via adding conditional loop for configuring IP address to DHCP server.
Notice that this workaround will be removed eventually when NM fixes
the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2079642
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
When running CI tests, test performance can be improved by creating a
snapshot image to use for the test, pre-installed with packages used by
the role tests. The CI system can use tests/setup-snapshot.yml to
prepare the snapshot image. Rather than having a list of packages to
install in multiple places, the code which ensures the facts and
variables is moved to a separate tasks/set_facts.yml so that the setup
playbook can use `tasks_from: set_facts.yml` to get the list of network
packages to install. NOTE: The network role developers should add
additional packages to setup-snapshot.yml for other packages installed
by other tests.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Some users prefer to use `gather_facts: false` in their playbooks.
However, the network role requires certain ansible_facts to be set. If
the user wants to use the network role with `gather_facts: false`, the
role will gather the minimum subset of facts required. If the user does
not want the role to gather facts, the user can either not use the
network role, or ensure that all required facts are in the facts cache.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
In order to enable the user using the policy routing (e.g. source
routing) or instructing the system which table to look up to determine
the correct route, add support for routing rules.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
ip.ipv6_disabled is not supported by the running version of
NetworkManager when testing on RHEL-7 or CentOS-7, therefore, skip the
tests on RHEL-7 or CentOS-7.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
In NM, the property `NM_SETTING_IP6_CONFIG_METHOD_DISABLED` is only
supported since NM 1.20, therefore, the role should reject configuring
`ipv6 disabled` if `NM_SETTING_IP6_CONFIG_METHOD_DISABLED` is not
supported by the running version of NM.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Extract the version of Python interpreter using the `sys.version` will
break the Python26CompatTestCase class when the Python version is 3.11.
Rather the correct way to compare the Python version is using the
`sys.version_info` or the `platform` module as suggested in Python
official doc, https://docs.python.org/3/library/sys.html#sys.version.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Running the pytest with nm provider failed in the downstream testing
because the "NM_CONTROLLED=no" appeared in
`/etc/sysconfig/network-scripts/ifcfg-testeth` which caused the veth
`testeth` strictly unmanaged by NetworkManager. To fix it, clean up
such a connection profile at the end when running the pytest.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The tests are giving failures that are unfortunately being ignored.
One of which is that pidof is not available by default on all platforms,
and on some platforms is not available at all (el7). Same with sysctl.
There are a couple of fixes:
* run the large embedded test `shell` with `set -euo pipefail` to
trigger script errors to be handled.
* install the procps or procps-ng package which provides the tools
such as pgrep, pkill, sysctl, etc.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
bz#2044640
The network role create an ifcfg file for initscripts. The file
used to append a comment "# this file was created by ansible".
This patch replaces the proprietary string with the ansible
standard {{ ansible_managed }} to adjust to the other system
roles.
For the implementation, it borrowed the method from kernel_settings,
getting the ansible managed comment using the get_ansible_managed.j2
template and pass the comment to network_connections which is added
to the ifcfg file.
In case network_provider is nm, the comment is not added to the
ifcfg file as the file is not managed by Ansible.
Note: the required parameter name to pass the ansible managed comment
to the network_connection module is "__header".
Do not use get_ansible_managed.j2 in the test scripts, but use a
hardcoded ansible managed comment to simplify the tests.
tests/tasks/get_profile_stat.yml: replace the '=' style with the YAML
notation in set_fact.
Signed-off-by: Noriko Hosoi <nhosoi@redhat.com>
The hostapd package was moved from EPEL to CentOS Stream and therefore
is not available anymore on EPEL, which made the installation failed.
To fix it, install the hostapd via CentOS Stream in order to run
managed host testing in RHEL-8.5.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
In order to enable user to flexibly control the network transmission
over the bonded interface, support all the bond options which are
currently supported by NetworkManager.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The initscripts provider tests are unstable on Fedora and users are not
using the initscripts on Fedora, therefore, disable all initscripts
provider tests on Fedora.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The files must be named so that it explain what happens. In addition,
`down_profile+delete_interface` must use `changed_when` to match the
content of `delete_interface`.
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Problem:
After `tests_bridge_initscripts.yml` passed, the `tests_bridge_nm.yml`
will fail with NetworkManager 1.18.
Root cause:
1. The `absent` and `down` action of initscript provider will not
remove the bridge interface which fail the assertion in
`tests_bridge_nm.yml`.
2. In initscript mode, network role will create ifcfg file with
`NM_CONTROLLED=no` instructing NetworkManager to mark the bridge as
unmanaged. The follow up `down` and `absent` action of initscript
provider will not change the NetworkManager's understanding on
unmanaged state of this interface.
Fixes:
1. We cannot change existing behaviour of initscript on not deleting
interface in `down` and `absent` action. So we change the test
function `tests/playbooks/down_profile.yml` to delete the interface
manually via `ip link del <ifname>` command.
2. Use `NM.Client.reload_connections_async()` to reload the
configuration for nm provider on NetworkManager 1.18.
Previous test infrastructure is running each test file in a brand new VM
or container which cause this problem not been found before.
Dedicate test case `tests/tests_switch_provider.yml` included.
Signed-off-by: Gris Ge <fge@redhat.com>
The users want to use the policy routing (e.g. source routing), so
that they can forward the packet based on the other criteria except for
the destination address in the packet. In such scenario, the routing
tables have to be supported beforehand in static routes, so that the
users can define policy routing rules later to instruct the system
which table to use to determine the correct route.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
NetworkManager requires to configure DNS options (such as the search
setting) for each IP family even though it does not matter in the
system's DNS configuration. Also, NetworkManager only allows to
configure the DNS options for each IP family, when they are enabled. In
the network_connections dictionary, the DNS options are configured
without considering the IP family. Therefore, configure ipv4.dns-search
or ipv6.dns-search only if the IP family is enabled.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
NetworkManager only allows to configure the DNS options for each IP
family, when they are enabled. Therefore, reject DNS settings in
ArgValidator if no IP family is enabled.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
NetworkManager only allows to configure the IPv6 nameservers if the
IPv6 family is enabled. Therefore, reject the IPv6 nameservers setting
in ArgValidator if the IPv6 family is not enabled.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
When static IPv6 is configured, configuring IPv6 DNS will not raise any
validation error. Add unit test to verify that.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Introduce Python26CompatTestCase to fix Python 2.6 support for unit
tests:
- Use TestCase.assertRaises on Python 2.6 because it does not support
TestCase.assertRaisesRegexp
- Use TestCase.assertRaisesRegex on Python 3.2 and newer because it
deprecates TestCase.assertRaisesRegexp
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Fix ensure_provider_tests.py so that the tests are correctly generated.
Because the generated tests have not been checked in a while, there was
some drift between the actual tests and what should have been generated,
so the new generated tests have also been included.
When `ensure_provider_tests.py` detects differences, it will now show
the diffs using a unified diff format.
Added a new tox testenv `ensure_provider_tests` - use
`tox -e ensure_provider_tests` to run - to pass arguments, use
`tox -e ensure_provider_tests -- generate`
Added `ensure_provider_tests` as one of the tox testenvs to run for
github tox CI.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Add support for using latest ansible-lint and ansible-test with
ansible-core 2.11. There are a few new warnings that need to
be addressed or suppressed.
One of the changes is to add `# noqa ignore-errors` to the places in
the role where `ignore_errors: true` is used. In general, it is not
a good idea to use `ignore_errors: true` - instead, it is better to
capture the result of the command using a `register`, then use
`failed_when`. Or, if that is not possible, use a `block`/`rescue`
for more complex error handling. However, in the case where the network
role is using `ignore_errors: true` in test code, it is acceptable.
see https://ansible-lint.readthedocs.io/en/latest/default_rules.html#ignore-errors
Another change is to have all tasks have a valid `name:`. This
is explained at https://ansible-lint.readthedocs.io/en/latest/default_rules.html#unnamed-task
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Users can easily configure or update network connection via matching
physical device path of the interface, which add certain flexibilty of
user experience.
Update connection profile via matching `path` setting:
```yaml
- name: eth0
type: ethernet
autoconnect: yes
# For PCI devices, the path has the form "pci-$domain:$bus:$device.$function"
# It will only update the interface with the path "pci-0000:00:03.0"
match:
path:
- pci-0000:00:03.0
```
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Users might want to use jinja2 templates to set properties. As such,
it's convenient to accept None as an alias for an empty dictionary.
For exmaple, setting like `"match": None` will be allowed by the role:
e.g.
network_connections:
- name: enp0s8
type: ethernet
persistent_state: present
state: up
match:
ip:
route_metric4: 10
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
