If the `p_key` is specified, then ipoib (IP over Infiniband) connection
will be created. In this case, the interface name must be unset.
NM only allows the user to set the interface name to a fixed value
based on the interface name of the parent and the value of the `p_key`,
for example, if the interface name of the parent is `ib0` and the
`p_key` is `0x000a`, then the `interface_name` for the ipoib connection
must be `ib0.000a` or unset. But this kind of validation in NM is
pointless because it is not useful at all to have the interface name for
the ipoib connection, NM should has also rejected setting the interface
name for the ipoib connection initially.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
In order to enable the user using the policy routing (e.g. source
routing) or instructing the system which table to look up to determine
the correct route, add support for routing rules.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Some address family values (e.g. "ipv4" or "ipv6") should not be
considered as bogus value if they can be normalized into
`socket.AF_INET` or `socket.AF_INET6`, it is more tolerant but also
still preserving the capability for rejecting the utterly bogus address
family values.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
In NM, the property `NM_SETTING_IP6_CONFIG_METHOD_DISABLED` is only
supported since NM 1.20, therefore, the role should reject configuring
`ipv6 disabled` if `NM_SETTING_IP6_CONFIG_METHOD_DISABLED` is not
supported by the running version of NM.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
In order to enable user to flexibly control the network transmission
over the bonded interface, support all the bond options which are
currently supported by NetworkManager.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Problem:
After `tests_bridge_initscripts.yml` passed, the `tests_bridge_nm.yml`
will fail with NetworkManager 1.18.
Root cause:
1. The `absent` and `down` action of initscript provider will not
remove the bridge interface which fail the assertion in
`tests_bridge_nm.yml`.
2. In initscript mode, network role will create ifcfg file with
`NM_CONTROLLED=no` instructing NetworkManager to mark the bridge as
unmanaged. The follow up `down` and `absent` action of initscript
provider will not change the NetworkManager's understanding on
unmanaged state of this interface.
Fixes:
1. We cannot change existing behaviour of initscript on not deleting
interface in `down` and `absent` action. So we change the test
function `tests/playbooks/down_profile.yml` to delete the interface
manually via `ip link del <ifname>` command.
2. Use `NM.Client.reload_connections_async()` to reload the
configuration for nm provider on NetworkManager 1.18.
Previous test infrastructure is running each test file in a brand new VM
or container which cause this problem not been found before.
Dedicate test case `tests/tests_switch_provider.yml` included.
Signed-off-by: Gris Ge <fge@redhat.com>
The users want to use the policy routing (e.g. source routing), so
that they can forward the packet based on the other criteria except for
the destination address in the packet. In such scenario, the routing
tables have to be supported beforehand in static routes, so that the
users can define policy routing rules later to instruct the system
which table to use to determine the correct route.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
NetworkManager only allows to configure the DNS options for each IP
family, when they are enabled. Therefore, reject DNS settings in
ArgValidator if no IP family is enabled.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
NetworkManager only allows to configure the IPv6 nameservers if the
IPv6 family is enabled. Therefore, reject the IPv6 nameservers setting
in ArgValidator if the IPv6 family is not enabled.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Use the new tox-lsr that uses ansible-core 2.12.
Use ansible-plugin-scan in CI.
Fix pylint errors found by new ansible-test pylinter.
CI test with py39
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Users can easily configure or update network connection via matching
physical device path of the interface, which add certain flexibilty of
user experience.
Update connection profile via matching `path` setting:
```yaml
- name: eth0
type: ethernet
autoconnect: yes
# For PCI devices, the path has the form "pci-$domain:$bus:$device.$function"
# It will only update the interface with the path "pci-0000:00:03.0"
match:
path:
- pci-0000:00:03.0
```
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Users might want to use jinja2 templates to set properties. As such,
it's convenient to accept None as an alias for an empty dictionary.
For exmaple, setting like `"match": None` will be allowed by the role:
e.g.
network_connections:
- name: enp0s8
type: ethernet
persistent_state: present
state: up
match:
ip:
route_metric4: 10
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Users might want to use jinja2 templates to set properties. As such,
it's convenient to accept None as an alias for an empty list.
For exmaple, setting like `"match": {"path": None}` will be allowed by
the role:
network_connections:
- name: enp0s8
type: ethernet
persistent_state: present
state: up
match:
path:
ip:
route_metric4: 10
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The most used default value for ArgValidatorDict is
ArgValidator.DEFAULT, which means to generate the default value
based on the nested validators.
ArgValidator.DEFAULT is also a better default for the default_value.
Otherwise, it's a bit odd to have (and honor) ArgValidator.DEFAULT, if
that is not in fact the default default_value.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Some dictionaries may wish to have a default value that is a dictionary
with the default of all keys.
Add a method to generate this.
This returns a callable instead of a plain dictionary. In practice, the
generated default value should always be the same. However, we also
expect that ArgValidator validation gives a result that is owned by the
caller. In case of mutable values (like a dictionary), we want a deep
clone.
Signed-off-by: Thomas Haller <thaller@redhat.com>
ArgValidatorDeprecated is used as a nested validator, it also should
subtype ArgValidator base class. Technially, in python you can do duck
typing and get away with a different class that merely behaves
sufficiently similar. But why?
That way, we also can set default_value=ArgValidator.MISSING.
As a result, we no longer need to special case ArgValidatorDeprecated
at various places, because the default value will indicate that
it should not be present.
Co-authored-by: Till Maas <opensource@till.name>
Signed-off-by: Thomas Haller <thaller@redhat.com>
"validator.deprecated_by" is user configuration of the validator. It depends on the
setup of the current ArgValidatorDict instance. It would be a bug if the user
references a non-existing validator.
Thus, use dictionary lookup instead of get() and fail early.
The previous code of course also didn't work, because the
returned None value would have led to an exception shortly after.
Signed-off-by: Thomas Haller <thaller@redhat.com>
self._default_value might be a callable, to get the actual default
value, self.get_default_value() must be called.
Signed-off-by: Thomas Haller <thaller@redhat.com>
The name "default_value" is also used as parameter name, which
means that searching the source for the term gives unrelated
results. Rename to give a unique name.
Also, the field is really private and should usually not be called
directly. Instead get_default_value() should be called.
Signed-off-by: Thomas Haller <thaller@redhat.com>
To be consistent with ArgValidator.MISSING, which serves a similar
purpose.
Also, replace the if-else python ternary, which I find hard to read.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Enable WPA3 SAE support via:
```yaml
network_connections:
- name: wlan0
type: wireless
wireless:
ssid: "WIFI_SSID"
key_mgmt: "sae"
password: "p@55w0rD"
```
Integration test case was included for Fedora and CentOS. ( Failed in setting up the
mock wifi on RHEL, so skipped the integration test on RHEL)
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
If enabled, a default route will be configured using the default gateway. If disabled,
the default route will be removed.
If this variable is not specified, the role will use the default behavior of the
`network_provider` selected.
Setting this option to `no` is equivalent to:
- `DEFROUTE = no` in initscripts, or
- `ipv4.never-default/ipv6.never-default yes` in nmcli
Signed-off-by: Jack Adolph <jack.adolph@gmail.com>
`ArgValidatorNum` would normalize boolean into int when
`self.numeric_type` is int, then `self.numeric_type(False)` is 0 and
`self.numeric_type(True)` is 1. Therefore, we need to fix
`ArgValidatorNum()` to reject boolean values when integer values are
expected for the setting. This bug fix potentially breaks previously
"working" playbooks (but realistically, they were not working, because
setting 0 or 1 was unlikely intended).
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
In python, bool is a subclass of int. Thus,
isinstance(value, self.numeric_type) would be True, with value being a
bool and numeric_type an int.
ArgValidatorNum should normalize the input values to be of type
self.numeric_type, except the default_value, which might be None (or
anything really).
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
`dns_search` and `dns_options` should not be specific to the address
family. Previously, `dns_search` and `dns_options` were only supported
for IPv4 nameservers, so we also need to support `dns_search` and
`dns_options` for IPv6 nameservers.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Enable WPA3 OWE support via:
```yaml
network_connections:
- name: wlan0
type: wireless
wireless:
ssid: "WIFI_SSID"
key_mgmt: "owe"
```
Integration test case was included for Fedora and CentOS. ( Failed in setting up the
mock wifi on RHEL, so skipped the integration test on RHEL)
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
ETHTOOL Ring option is not supported by NetworkManager until
NM 1.25.2. Currently, ETHTOOL Ring option is not suppored by
Network role, so enable the support for ETHTOOL Ring option.
Configure ethtool ring option via:
```yaml
network_connections:
- name: testnic1
type: ethernet
state: up
ip:
dhcp4: no
auto6: no
ethtool:
ring:
rx: 128
rx_jumbo: 128
rx_mini: 128
tx: 128
```
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
There was recently an upgrade to python black which made function
documentation checking stricter. This caused network tox CI to
break. The fix is to format the function doc text in the manner
expected by black.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Previously, we would catch any kind of exception. We only want
to suppress an error if the default value is not a callable
(but instead a plain value).
Usually, in python they say it's easier to ask for forgiveness
than permission. However, that is often not true (the code here
this case becomes simpler, not more complicated). But more important,
in this case we only get a TypeError, which doesn't exactly tell
us what is wrong. We want to only suppress the error, if the
instance is not callable.
Signed-off-by: Thomas Haller <thaller@redhat.com>
- split the "if" block in two. It's easier to read to only
have one condition and to think about them independently.
- check "self.all_missing_during_validate" before getting the
default value.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Automation Hub, and possibly Galaxy in the future, require the
collection to be screened with `ansible-test sanity` among other
checks. The role had a number of issues:
* Use `AssertionError` instead of `assert`
* Use of `logging` module not in accordance with standards, but these
are ok and the errors were suppressed
* Several import errors which are ok because they are checked
elsewhere
* __init__.py in the module_utils directories must be empty, so a
new file myerror.py was added to move the code from __init__.py
* NOTE: network_lsr/nm/__init__.py is not empty
* The documentation block in the module was not properly constructed
or formatted.
* shellcheck issues, including removing unused files
* use `unused` instead of `_` (underscore) for variables that are
unused
add WARNING to module docs - collection users should not use directly
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
In order to promote a diverse and inclusive environment we are replacing
all the reference to "slave" for "port".
Test case added.
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
In order to promote a diverse and inclusive environment we are replacing
all the reference to "master" for "controller".
Test case added.
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Refactor the volatilize action of nm provider:
* Move code to `module_utils/network_lsr/nm`
* The `module_utils/network_lsr/nm` only volatilize profile by given UUID
instead of guess. The `library/network_connections.py` is responsible
on choosing UUID.
Signed-off-by: Gris Ge <fge@redhat.com>
The details of the issue is described in this ansible issue:
https://github.com/ansible/ansible/issues/68361
The workaround contains 2 changes.
1) Advice from @sivel:
replacing, e.g.,
from ansible.module_utils.network_lsr.nm.provider import NetworkManagerProvider
with
from ansible.module_utils.network_lsr.nm import provider
and then use provider.NetworkManagerProvider
2) In the later module_utils path finding path, gi.require_version("NM", "1.0")
in module_utils/network_lsr/nm/client.py fails with "ValueError: Namespace
NM not available" on the control node. By ignoring the exception, the failure
is worked around. Please note that the missing package issue never occurs
on the managed nodes since in case of "nm", the NetworkManager package is
installed in the network role.
Signed-off-by: Noriko Hosoi <nhosoi@redhat.com>
When deactivating a profile in libNM, we should:
* Check `NM.ActionConnection` existence
* Check `NM.ActionConnection.props.state` not DEACTIVATED
* Use signal `state-changed` of `NM.ActionConnection`.
* Only invoke `NM.Client.deactivate_connection_async()` if not
in DEACTIVATING state.
* Ignore `NM.ManagerError.CONNECTIONNOTACTIVE` error.
This patch also introduced a new class `NetworkManagerProvider`
in `module_utils/network_lsr/nm`:
* Independent from Ansible but need to use absolute import due to
limitation of ansible 2.8.
* Provide sync function wrapping async calls of libNM.
* Use stable logging method of python.
* Only load this module when provider is nm.
This patch also changed how logging is handling in
`Cmd_nm.run_action_down()` as initial step on isolate ansible log
mechanism from provider module.
By moving provider codes to `module_utils` folder, we can eventually
simplify the bloated `library/network_connections.py`.
Signed-off-by: Gris Ge <fge@redhat.com>
The task 56586 is for adding tests against the collection converted
format to the tox/travis CI to capture a problem before merging the
pr, if any. It'd be helpful to find out bugs in the conversion tool
lsr_role2collection.py, as well. The source of this commit is located
in linux-system-roles/template. They are synced by auto-maintenance/
sync-template.sh, then manually adjusted to the network role.
.travis/runcollection.sh is the test script. tox.ini is modified to run
it in the tox/travis CI. The script downloads lsr_role2collection.py,
then converts the network role into the conversion format in the working
directory .tox. In the collection, it runs a set of tests black, flake8,
yamllint, py38 to check the converted result.
tests/integration/test_ethernet.py is a script capable of using the network
module without executing it from Ansible and using Pytest. The example test
sets an ip in a test interface. The changes in tox.ini adapt the testing to the
new script. The __init__.py files were added to allow python2.7 compatibility.
Signed-off-by: Elvira García Ruiz <elviragr@riseup.net>
Since the order of the actions list does not matter anymore because the
role iterates over all actions in a defined order, simplify the
handling for persistent states.
