If enabled, a default route will be configured using the default gateway. If disabled,
the default route will be removed.
If this variable is not specified, the role will use the default behavior of the
`network_provider` selected.
Setting this option to `no` is equivalent to:
- `DEFROUTE = no` in initscripts, or
- `ipv4.never-default/ipv6.never-default yes` in nmcli
Signed-off-by: Jack Adolph <jack.adolph@gmail.com>
`ArgValidatorNum` would normalize boolean into int when
`self.numeric_type` is int, then `self.numeric_type(False)` is 0 and
`self.numeric_type(True)` is 1. Therefore, we need to fix
`ArgValidatorNum()` to reject boolean values when integer values are
expected for the setting. This bug fix potentially breaks previously
"working" playbooks (but realistically, they were not working, because
setting 0 or 1 was unlikely intended).
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
In python, bool is a subclass of int. Thus,
isinstance(value, self.numeric_type) would be True, with value being a
bool and numeric_type an int.
ArgValidatorNum should normalize the input values to be of type
self.numeric_type, except the default_value, which might be None (or
anything really).
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
`dns_search` and `dns_options` should not be specific to the address
family. Previously, `dns_search` and `dns_options` were only supported
for IPv4 nameservers, so we also need to support `dns_search` and
`dns_options` for IPv6 nameservers.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Enable WPA3 OWE support via:
```yaml
network_connections:
- name: wlan0
type: wireless
wireless:
ssid: "WIFI_SSID"
key_mgmt: "owe"
```
Integration test case was included for Fedora and CentOS. ( Failed in setting up the
mock wifi on RHEL, so skipped the integration test on RHEL)
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
ETHTOOL Ring option is not supported by NetworkManager until
NM 1.25.2. Currently, ETHTOOL Ring option is not suppored by
Network role, so enable the support for ETHTOOL Ring option.
Configure ethtool ring option via:
```yaml
network_connections:
- name: testnic1
type: ethernet
state: up
ip:
dhcp4: no
auto6: no
ethtool:
ring:
rx: 128
rx_jumbo: 128
rx_mini: 128
tx: 128
```
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
There was recently an upgrade to python black which made function
documentation checking stricter. This caused network tox CI to
break. The fix is to format the function doc text in the manner
expected by black.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Previously, we would catch any kind of exception. We only want
to suppress an error if the default value is not a callable
(but instead a plain value).
Usually, in python they say it's easier to ask for forgiveness
than permission. However, that is often not true (the code here
this case becomes simpler, not more complicated). But more important,
in this case we only get a TypeError, which doesn't exactly tell
us what is wrong. We want to only suppress the error, if the
instance is not callable.
Signed-off-by: Thomas Haller <thaller@redhat.com>
- split the "if" block in two. It's easier to read to only
have one condition and to think about them independently.
- check "self.all_missing_during_validate" before getting the
default value.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Automation Hub, and possibly Galaxy in the future, require the
collection to be screened with `ansible-test sanity` among other
checks. The role had a number of issues:
* Use `AssertionError` instead of `assert`
* Use of `logging` module not in accordance with standards, but these
are ok and the errors were suppressed
* Several import errors which are ok because they are checked
elsewhere
* __init__.py in the module_utils directories must be empty, so a
new file myerror.py was added to move the code from __init__.py
* NOTE: network_lsr/nm/__init__.py is not empty
* The documentation block in the module was not properly constructed
or formatted.
* shellcheck issues, including removing unused files
* use `unused` instead of `_` (underscore) for variables that are
unused
add WARNING to module docs - collection users should not use directly
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
In order to promote a diverse and inclusive environment we are replacing
all the reference to "slave" for "port".
Test case added.
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
In order to promote a diverse and inclusive environment we are replacing
all the reference to "master" for "controller".
Test case added.
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Refactor the volatilize action of nm provider:
* Move code to `module_utils/network_lsr/nm`
* The `module_utils/network_lsr/nm` only volatilize profile by given UUID
instead of guess. The `library/network_connections.py` is responsible
on choosing UUID.
Signed-off-by: Gris Ge <fge@redhat.com>
The details of the issue is described in this ansible issue:
https://github.com/ansible/ansible/issues/68361
The workaround contains 2 changes.
1) Advice from @sivel:
replacing, e.g.,
from ansible.module_utils.network_lsr.nm.provider import NetworkManagerProvider
with
from ansible.module_utils.network_lsr.nm import provider
and then use provider.NetworkManagerProvider
2) In the later module_utils path finding path, gi.require_version("NM", "1.0")
in module_utils/network_lsr/nm/client.py fails with "ValueError: Namespace
NM not available" on the control node. By ignoring the exception, the failure
is worked around. Please note that the missing package issue never occurs
on the managed nodes since in case of "nm", the NetworkManager package is
installed in the network role.
Signed-off-by: Noriko Hosoi <nhosoi@redhat.com>
When deactivating a profile in libNM, we should:
* Check `NM.ActionConnection` existence
* Check `NM.ActionConnection.props.state` not DEACTIVATED
* Use signal `state-changed` of `NM.ActionConnection`.
* Only invoke `NM.Client.deactivate_connection_async()` if not
in DEACTIVATING state.
* Ignore `NM.ManagerError.CONNECTIONNOTACTIVE` error.
This patch also introduced a new class `NetworkManagerProvider`
in `module_utils/network_lsr/nm`:
* Independent from Ansible but need to use absolute import due to
limitation of ansible 2.8.
* Provide sync function wrapping async calls of libNM.
* Use stable logging method of python.
* Only load this module when provider is nm.
This patch also changed how logging is handling in
`Cmd_nm.run_action_down()` as initial step on isolate ansible log
mechanism from provider module.
By moving provider codes to `module_utils` folder, we can eventually
simplify the bloated `library/network_connections.py`.
Signed-off-by: Gris Ge <fge@redhat.com>
The task 56586 is for adding tests against the collection converted
format to the tox/travis CI to capture a problem before merging the
pr, if any. It'd be helpful to find out bugs in the conversion tool
lsr_role2collection.py, as well. The source of this commit is located
in linux-system-roles/template. They are synced by auto-maintenance/
sync-template.sh, then manually adjusted to the network role.
.travis/runcollection.sh is the test script. tox.ini is modified to run
it in the tox/travis CI. The script downloads lsr_role2collection.py,
then converts the network role into the conversion format in the working
directory .tox. In the collection, it runs a set of tests black, flake8,
yamllint, py38 to check the converted result.
tests/integration/test_ethernet.py is a script capable of using the network
module without executing it from Ansible and using Pytest. The example test
sets an ip in a test interface. The changes in tox.ini adapt the testing to the
new script. The __init__.py files were added to allow python2.7 compatibility.
Signed-off-by: Elvira García Ruiz <elviragr@riseup.net>
Since the order of the actions list does not matter anymore because the
role iterates over all actions in a defined order, simplify the
handling for persistent states.
When a profile is specified as absent, ignore state requests if the
profile is already removed or not completely specified to improve
idempotence.
Also restructure the states test. This introduces a clear structure for
the individual test steps, properly assigns tags for each test from the
file and provides a clear error message with a description of the test
that failed in case of errors. Support for tests that expect a failure
is still missing.
When persistent_state is present and state is set to present or absent, a
ValidationError raises. A unit test validating this has been added. The
test_802_1x.yml test was updated so as to follow this rule.
Signed-off-by: Elvira Garcia Ruiz <elviragr@riseup.net>
WPA-PSK and WPA-EAP are supported. Uses existing 802.1x features of the role.
Added extra functionality to ArgValidatorStr to enforce a min and max length.
Ethtool features should use underscores instead of dashes. A
warning shows in case dashes used, and it fails if underscore and dashes are
mixed. Unit tests and integration tests have been added. Since nm already
needed underscores, the string processing that was made in nm_provider is now
unneeded and therefore removed.
This patch implements the ETHTOOL_GPERMADDR command in order to retrieve
the permanent address from ethtool instead using command line tool.
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
According to PEP8 [1], the import are always put at the top of the file,
just after any module comments and docstrings, and before module globals
and constants.
[1] https://www.python.org/dev/peps/pep-0008/#imports
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Role now supports validating the domain name of the EAP server certificate.
Regenerated the CA certificate as the private key for the original CA has been lost.
Updated test certificates to include a domain name in the CN so the domain-suffix-match
feature can be tested.
It was rather confusing whether the boolean return value meant
that the timeout was reached or the opposite.
Rename the internal variable, I think now it's quite clear.
The name is actually not ever used, because
ArgValidator_DictConnection() is never validated directly.
Instead, it is always nested inside ArgValidator_ListConnections()
which passes "connections[$IDX]" as name to self.nested._validate().
Anyway, still when looking at the name of a ArgValidator_DictConnection
instance, it makes slightly more sense to call it just "connection".
The "name" argument is an implementation detail, that is used
by ArgValidatorDict and ArgValidatorList to pass a complex (nested)
name of what is currently parsed.
Callers are not supposed to see or use this argument.
Hide it, by adding an internal helper method _validate().
- persistent_state represents whether a profile is stored on disk
- persistent_state defaults to 'present'
- When there is no type specified for the profile, it is enough for a
profile with the same name to be stored on the target's systems file
system. Otherwise the role will fail
- state now represents the runtime state and can be up, down or
unspecified
- translate the state definitions into actions that will be performed.
The actions correspond to the previous states.
- add the possibility to write unit tests to only verify parts of the
resulting connection dictionary to only check for the expected changes
instead of the full connection that can also contain unrelated defaults
