reason: The user wants to ignore automatically configured name servers and
search domains (e.g. dns record from DHCP), and only use the name
servers and search domains specified in the `dns` and `dns_search`
properties.
result: The user is able to ignore automatically configured name servers
and search domains.
Notice that there are two settings here distinguished by the address
families, which aims to be compatible with NetworkManager
(`ipv4.ignore-auto-dns` and `ipv6.ignore-auto-dns`)and Nmstate (setting
`auto-dns` on `ipv4` or `ipv6` section). Also, the users can get auto
DNS from DHCPv4, DHCPv6, modem etc, and they may want to ignore auto
DNS on Ipv4 but not on IPv6, in this case, it is better to have two
settings distinguished by the address families.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Without an explicit output device, the kernel might use a different
output device than intended by the user. Therefore, use the interface
name of connections to specify it if it is available. Otherwise,
educate the user about this potential problem with a warning. This
aligns the behavior with NetworkManager which configures the output
device in routes when activating profiles on devices.
Fixes: https://bugzilla.redhat.com/2168735
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The users want to create the bonding interface with the MAC address
specified by themselves or specify the strategy (e.g. random, preserve)
to get the default MAC for the bonding interface. Thus, add support for
the cloned MAC address.
Signed-off-by: Sylvain <35niavlys@gmail.com>
`libnmstate.show()` would include the info like bridge timer etc which
should not be considered when comparing between the previous state and
current state. Instead, using the the `libnmstate.show_running_config()`
which would filter out these kind of data.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The users want to apply the nmstate network state configuration to the
interface directly through the role, which necessitates the less
complexity of the network configuration and allows the partial
configuration on the network.
To warrant that the users are capable to apply the nmstate network state
configuration, add the support for the `network_state` variable.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
For the active bonding/bridge connection, when all the port connection
profiles are brought down firstly, then the operstate of the controller
device will change into "down" automatically, which denotes missing the
carrier for the controller device. However, the connection for the
controller device should still be considered as active as long as
there is any valid IP address configured.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The current default `p_key` value is `-1`, which is only useful for the
recognizability with NetworkManager API. NetworkManager chooses the
`-1` as the default pkey value only because the connection should be
created on the physical infiniband interface by default and the
positive pkey value would make the connection created on the virtual
infiniband partition. But NetworkManager should also have represented
the default value as not specifying the pkey property initially.
Therefore, change the default value of `p_key` into `None`.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
When the `p_key` is specified, the virtual infiniband device should be
created automatically. And activating the connection on the virtual
infiniband device should not require the users to create virtual
infiniband device manually upfront. The previous implementation is
wrong which validating the presence of virtual infiniband device
upfront, as a result, the users have to create the virtual infiniband
device manually in the target system in order to activate the
connection on the virtual infiniband device through the role. This is
an actual bug, the exception raised when the users do not
pre-configured such a virtual infiniband device. To address the
problem, only checking the existence of the device when the `p_key` is
not specified.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
In order to enable the user using the policy routing (e.g. source
routing) or instructing the system which table to look up to determine
the correct route, add support for routing rules.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
bz#2044640
The network role create an ifcfg file for initscripts. The file
used to append a comment "# this file was created by ansible".
This patch replaces the proprietary string with the ansible
standard {{ ansible_managed }} to adjust to the other system
roles.
For the implementation, it borrowed the method from kernel_settings,
getting the ansible managed comment using the get_ansible_managed.j2
template and pass the comment to network_connections which is added
to the ifcfg file.
In case network_provider is nm, the comment is not added to the
ifcfg file as the file is not managed by Ansible.
Note: the required parameter name to pass the ansible managed comment
to the network_connection module is "__header".
Do not use get_ansible_managed.j2 in the test scripts, but use a
hardcoded ansible managed comment to simplify the tests.
tests/tasks/get_profile_stat.yml: replace the '=' style with the YAML
notation in set_fact.
Signed-off-by: Noriko Hosoi <nhosoi@redhat.com>
In order to enable user to flexibly control the network transmission
over the bonded interface, support all the bond options which are
currently supported by NetworkManager.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Problem:
After `tests_bridge_initscripts.yml` passed, the `tests_bridge_nm.yml`
will fail with NetworkManager 1.18.
Root cause:
1. The `absent` and `down` action of initscript provider will not
remove the bridge interface which fail the assertion in
`tests_bridge_nm.yml`.
2. In initscript mode, network role will create ifcfg file with
`NM_CONTROLLED=no` instructing NetworkManager to mark the bridge as
unmanaged. The follow up `down` and `absent` action of initscript
provider will not change the NetworkManager's understanding on
unmanaged state of this interface.
Fixes:
1. We cannot change existing behaviour of initscript on not deleting
interface in `down` and `absent` action. So we change the test
function `tests/playbooks/down_profile.yml` to delete the interface
manually via `ip link del <ifname>` command.
2. Use `NM.Client.reload_connections_async()` to reload the
configuration for nm provider on NetworkManager 1.18.
Previous test infrastructure is running each test file in a brand new VM
or container which cause this problem not been found before.
Dedicate test case `tests/tests_switch_provider.yml` included.
Signed-off-by: Gris Ge <fge@redhat.com>
The users want to use the policy routing (e.g. source routing), so
that they can forward the packet based on the other criteria except for
the destination address in the packet. In such scenario, the routing
tables have to be supported beforehand in static routes, so that the
users can define policy routing rules later to instruct the system
which table to use to determine the correct route.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
NetworkManager requires to configure DNS options (such as the search
setting) for each IP family even though it does not matter in the
system's DNS configuration. Also, NetworkManager only allows to
configure the DNS options for each IP family, when they are enabled. In
the network_connections dictionary, the DNS options are configured
without considering the IP family. Therefore, configure ipv4.dns-search
or ipv6.dns-search only if the IP family is enabled.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Use the new tox-lsr that uses ansible-core 2.12.
Use ansible-plugin-scan in CI.
Fix pylint errors found by new ansible-test pylinter.
CI test with py39
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Users can easily configure or update network connection via matching
physical device path of the interface, which add certain flexibilty of
user experience.
Update connection profile via matching `path` setting:
```yaml
- name: eth0
type: ethernet
autoconnect: yes
# For PCI devices, the path has the form "pci-$domain:$bus:$device.$function"
# It will only update the interface with the path "pci-0000:00:03.0"
match:
path:
- pci-0000:00:03.0
```
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
When `setting_type` is `NM.SettingMatch`, `setting_type.new()` will not
work because `nm_setting_match_new()` symbol is only exposed and usable
since libnm version 1.32 (using `setting_type.new()` is equivalent to
call libnm function `nm_setting_*_new()`).
Function `setting_type()` will always construct an instance of that
`setting_type` and will not need a workaround when `setting_type` is
`NM.SettingMatch`. So drop `setting_type.new()` in favor of
`setting_type()`.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Enable WPA3 SAE support via:
```yaml
network_connections:
- name: wlan0
type: wireless
wireless:
ssid: "WIFI_SSID"
key_mgmt: "sae"
password: "p@55w0rD"
```
Integration test case was included for Fedora and CentOS. ( Failed in setting up the
mock wifi on RHEL, so skipped the integration test on RHEL)
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
If present, use the newer API to avoid the deprecation warning:
$ pytest tests/unit/test_network_connections.py -v
...
tests/unit/test_network_connections.py::TestValidator::test_802_1x_1
/data/src/linux-system-roles-network/tests/unit/fake_env/network_connections.py:956: DeprecationWarning: NM.SettingEthtool.set_feature is deprecated
s_ethtool.set_feature(nm_feature, NM.Ternary.DEFAULT)
When applying with `dhcp4: "no"` or `auto6: "no"`, we get incorrect
change indication even when network connection was not changed.
The root cause is the `NM.SettingIPConfig.clear_dns_options(True)` will
create an empty list which will be discard by ifcfg plugin.
The follow up `NM.Connection.compare()` will show configuration changed
as dns option entry missing.
Fixed by remove dns option completely before appending.
Signed-off-by: Gris Ge <fge@redhat.com>
When applying the same network connections twice, the second apply still
shows `changed: true`.
The root cause:
* When user never asked about ethtool configuration, network-role
will generate an all-default `NM.SettingEthtool` and pass it to
NetworkManager daemon. But NetworkManager discard it when saving to
ifcfg plugin as ifcfg plugin will not keep empty ethtool option.
* During second apply, the `NM.SimpleConnection.compare` will return
False indicating configuration changed because of on-disk connection
has no ethtool setting while pending connection does.
To fix it, we just remove the all-default `NM.SettingEthtool`.
Signed-off-by: Gris Ge <fge@redhat.com>
If enabled, a default route will be configured using the default gateway. If disabled,
the default route will be removed.
If this variable is not specified, the role will use the default behavior of the
`network_provider` selected.
Setting this option to `no` is equivalent to:
- `DEFROUTE = no` in initscripts, or
- `ipv4.never-default/ipv6.never-default yes` in nmcli
Signed-off-by: Jack Adolph <jack.adolph@gmail.com>
`dns_search` and `dns_options` should not be specific to the address
family. Previously, `dns_search` and `dns_options` were only supported
for IPv4 nameservers, so we also need to support `dns_search` and
`dns_options` for IPv6 nameservers.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
ETHTOOL Ring option is not supported by NetworkManager until
NM 1.25.2. Currently, ETHTOOL Ring option is not suppored by
Network role, so enable the support for ETHTOOL Ring option.
Configure ethtool ring option via:
```yaml
network_connections:
- name: testnic1
type: ethernet
state: up
ip:
dhcp4: no
auto6: no
ethtool:
ring:
rx: 128
rx_jumbo: 128
rx_mini: 128
tx: 128
```
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
There was recently an upgrade to python black which made function
documentation checking stricter. This caused network tox CI to
break. The fix is to format the function doc text in the manner
expected by black.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Automation Hub, and possibly Galaxy in the future, require the
collection to be screened with `ansible-test sanity` among other
checks. The role had a number of issues:
* Use `AssertionError` instead of `assert`
* Use of `logging` module not in accordance with standards, but these
are ok and the errors were suppressed
* Several import errors which are ok because they are checked
elsewhere
* __init__.py in the module_utils directories must be empty, so a
new file myerror.py was added to move the code from __init__.py
* NOTE: network_lsr/nm/__init__.py is not empty
* The documentation block in the module was not properly constructed
or formatted.
* shellcheck issues, including removing unused files
* use `unused` instead of `_` (underscore) for variables that are
unused
add WARNING to module docs - collection users should not use directly
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Use the correct parameter names for declaring static IPV6 connections
for the initscripts provider. Also, add integration and unit tests to
cover this.
Signed-off-by: Jack Adolph <jack.adolph@gmail.com>
Signed-off-by: Till Maas <opensource@till.name>
In order to promote a diverse and inclusive environment we are replacing
all the reference to "slave" for "port".
Test case added.
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
In order to promote a diverse and inclusive environment we are replacing
all the reference to "master" for "controller".
Test case added.
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Refactor the volatilize action of nm provider:
* Move code to `module_utils/network_lsr/nm`
* The `module_utils/network_lsr/nm` only volatilize profile by given UUID
instead of guess. The `library/network_connections.py` is responsible
on choosing UUID.
Signed-off-by: Gris Ge <fge@redhat.com>
The details of the issue is described in this ansible issue:
https://github.com/ansible/ansible/issues/68361
The workaround contains 2 changes.
1) Advice from @sivel:
replacing, e.g.,
from ansible.module_utils.network_lsr.nm.provider import NetworkManagerProvider
with
from ansible.module_utils.network_lsr.nm import provider
and then use provider.NetworkManagerProvider
2) In the later module_utils path finding path, gi.require_version("NM", "1.0")
in module_utils/network_lsr/nm/client.py fails with "ValueError: Namespace
NM not available" on the control node. By ignoring the exception, the failure
is worked around. Please note that the missing package issue never occurs
on the managed nodes since in case of "nm", the NetworkManager package is
installed in the network role.
Signed-off-by: Noriko Hosoi <nhosoi@redhat.com>
The line was too long, and needed to be wrapped in a way that was
compatible with python black formatting.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
When deactivating a profile in libNM, we should:
* Check `NM.ActionConnection` existence
* Check `NM.ActionConnection.props.state` not DEACTIVATED
* Use signal `state-changed` of `NM.ActionConnection`.
* Only invoke `NM.Client.deactivate_connection_async()` if not
in DEACTIVATING state.
* Ignore `NM.ManagerError.CONNECTIONNOTACTIVE` error.
This patch also introduced a new class `NetworkManagerProvider`
in `module_utils/network_lsr/nm`:
* Independent from Ansible but need to use absolute import due to
limitation of ansible 2.8.
* Provide sync function wrapping async calls of libNM.
* Use stable logging method of python.
* Only load this module when provider is nm.
This patch also changed how logging is handling in
`Cmd_nm.run_action_down()` as initial step on isolate ansible log
mechanism from provider module.
By moving provider codes to `module_utils` folder, we can eventually
simplify the bloated `library/network_connections.py`.
Signed-off-by: Gris Ge <fge@redhat.com>
The task 56586 is for adding tests against the collection converted
format to the tox/travis CI to capture a problem before merging the
pr, if any. It'd be helpful to find out bugs in the conversion tool
lsr_role2collection.py, as well. The source of this commit is located
in linux-system-roles/template. They are synced by auto-maintenance/
sync-template.sh, then manually adjusted to the network role.
.travis/runcollection.sh is the test script. tox.ini is modified to run
it in the tox/travis CI. The script downloads lsr_role2collection.py,
then converts the network role into the conversion format in the working
directory .tox. In the collection, it runs a set of tests black, flake8,
yamllint, py38 to check the converted result.
tests/integration/test_ethernet.py is a script capable of using the network
module without executing it from Ansible and using Pytest. The example test
sets an ip in a test interface. The changes in tox.ini adapt the testing to the
new script. The __init__.py files were added to allow python2.7 compatibility.
Signed-off-by: Elvira García Ruiz <elviragr@riseup.net>
When a profile is specified as absent, ignore state requests if the
profile is already removed or not completely specified to improve
idempotence.
Also restructure the states test. This introduces a clear structure for
the individual test steps, properly assigns tags for each test from the
file and provides a clear error message with a description of the test
that failed in case of errors. Support for tests that expect a failure
is still missing.
Since `invocation` is an Ansible special value that is set for
triple verbosity, it is now visible for smaller verbosity. Therefore
rename it to `_invocation`, which seems to work with less verbosity.
Also adjust the content to match the regular `invocation` style.
To reduce problems with profile specification order and to support
creating and activating bond profiles in one run with initscripts,
create all profiles first.
WPA-PSK and WPA-EAP are supported. Uses existing 802.1x features of the role.
Added extra functionality to ArgValidatorStr to enforce a min and max length.
