reason: The administrator wants to suppress the AAAA queries made by
the stub resolver, including AAAA lookups triggered by NSS-based
interfaces such as getaddrinfo. Only the DNS lookups are affected.
result: The administrator is able to suppress AAAA queries made by the
stub resolver.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
reason: The user wants to ignore automatically configured name servers and
search domains (e.g. dns record from DHCP), and only use the name
servers and search domains specified in the `dns` and `dns_search`
properties.
result: The user is able to ignore automatically configured name servers
and search domains.
Notice that there are two settings here distinguished by the address
families, which aims to be compatible with NetworkManager
(`ipv4.ignore-auto-dns` and `ipv6.ignore-auto-dns`)and Nmstate (setting
`auto-dns` on `ipv4` or `ipv6` section). Also, the users can get auto
DNS from DHCPv4, DHCPv6, modem etc, and they may want to ignore auto
DNS on Ipv4 but not on IPv6, in this case, it is better to have two
settings distinguished by the address families.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Rather than having to maintain .yamllint.yml with a list of files
exempt from yamllint line-length checking, either fix the code
to abide by the line length restriction, or put the yamllint
exceptions in-line in the code.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Use standard Ansible spacing for braces and brackets. This
allows us to remove those rule exceptions from .yamllint.yml
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
The test `tests_switch_provider.yml` fails to run with
`ANSIBLE_GATHERING=explicit` with the error described below. Therefore,
include the task 'el_repo_setup.yml' before running the test which
supports gathering the minimum subset of facts required.
```
TASK [set fact to use initscripts network_provider]
task path: /tmp/tmp.Q6nP8W4iPS/rhel_system_roles/tests/network/playbooks/tests_switch_provider.yml:8
fatal: [/tmp/tmp.Q6nP8W4iPS/RHEL_8_8_TESTING.qcow2]: FAILED! => {}
MSG:
The conditional check 'ansible_distribution in ['CentOS', 'RedHat'] and
ansible_distribution_major_version in ['7', '8']' failed. The error
was: error while evaluating conditional (ansible_distribution in
['CentOS', 'RedHat'] and ansible_distribution_major_version in
['7', '8']): 'ansible_distribution' is undefined.
```
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
More name[casing] warnings are discovered by ansible-lint,
this may be due to the upgrade of ansible-lint.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
ansible-lint is confused by the use of `when:` with `lsr_assert_when`.
It thinks the `when` string should be evaluated as a Jinja expression
but it is really just a plain string. To make this more friendly to
ansible-lint, use `condition:` instead of `when:` with
`lsr_assert_when`.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
In some test playbooks, the `ignore_errors: true` can not be replaced
by `changed_when: false`, because `changed_when` is not a valid
attribute for a IncludeRole.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Jinja templates should only be at the end of 'name'. This helps with
the identification of tasks inside the source code when they fail.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Without an explicit output device, the kernel might use a different
output device than intended by the user. Therefore, use the interface
name of connections to specify it if it is available. Otherwise,
educate the user about this potential problem with a warning. This
aligns the behavior with NetworkManager which configures the output
device in routes when activating profiles on devices.
Fixes: https://bugzilla.redhat.com/2168735
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Simplify the parsing of route table IDs to avoid unnecessary exception
handling that makes the code harder to understand and triggers CodeQL
warnings. Also re-organize the unit tests and add a missing test for
table IDs higher than 0xFFFF_FFFF to achieve full test coverage.
Signed-off-by: Till Maas <opensource@till.name>
The bond tests fail regularly in our single host downstream testing,
so mark them as `expfail` (expect to fail) so that these failures
do not clutter up our test results.
We have tried to fix this in the past - several times over the past
three years, at a cost of many man weeks of effort - and the fixes just
don't seem to "take". We have reached the point where we need to cut
our losses and just skip these tests. Perhaps at some point in the
future we can revisit this issue.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Almost all the network role tests fail with fact gathering disabled.
Therefore, in order to support the tests running with
ANSIBLE_GATHERING=explicit, gather the minimum subset of facts
required.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The users want to create the bonding interface with the MAC address
specified by themselves or specify the strategy (e.g. random, preserve)
to get the default MAC for the bonding interface. Thus, add support for
the cloned MAC address.
Signed-off-by: Sylvain <35niavlys@gmail.com>
ansible-core 2.14 is now the current version of Ansible. This version
does not support `args: warn: false` so we have to remove it from the
network role. Users will need to use `COMMAND_WARNINGS` in their
Ansible configuration in order to suppress the warning in older versions
of Ansible such as 2.9, 2.11.
In addition, the gating tests are getting stricter about using new best
practices, such as using `true`, `false` for booleans instead of `yes`,
`no`; use of spaces in Jinja expressions; etc. These issues were
addressed.
The `tests/` directory contains far too many cases of non-recommended
practices, so this directory has been exempted.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
On BaseOS CI systems, `yum install` for the epel7 rpm does not work.
Instead, use `rpm -i` which should work on any system. We should not
need to use `yum install` here because the epel7 setup rpm does not have
additional dependencies.
In addition, the rpm download sometimes returns 403 - I think it is because
multiple tests run in parallel in BaseOS CI, resulting in too many
download attempts in too short a period of time - so introduce a retry
to mitigate the situation.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
When creating a bond, the bond also creates a default route with a
default metric of 0. This causes test failures on CI systems as
it overrides the system default route. Use the new `ip.route_metric4`
parameter to set a high metric value so as not to override the
default system route.
Some systems cannot use a metric value of 32 bit unsigned int max value. To ensure
the broadest possible support, use a metric value of 16 bit signed int max value,
which should be high enough to ensure the routes always have the lowest priority.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
For initscripts provider, the metric for the default route defaults to
0, as a result, the default route can take precedence or blindly ingore
other routes. Adding a higher route metric value to honor other routes
during the route selection.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
When ports are not attached, the bonding connection may risk not in fully
connected state, e.g. connecting (getting IP configuration). Therefore,
attach ports for the bonding connection.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Kernel allows to set `arp_all_targets` when `arp_interval` is disabled
(disable ARP monitoring). But `arp_all_targets` specifies the quantity
of `arp_ip_targets` that must be reachable in order for the ARP monitor
to consider a slave as being up. It makes more sense to only set the
`arp_all_targets` while enabling the `arp_interval`.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The user may need to define the named route table in the routing rule
besides the table id, add support for that.
The commit fixes
https://github.com/linux-system-roles/network/issues/506.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Accept any whitespace sequence, according to Python's `rb"\s"` class.
This way, tabs are also accepted. This is also what iproute2 does.
Use just one regex for this.
Also add a unit test for the default iproute2 file.
Signed-off-by: Thomas Haller <thaller@redhat.com>
The users want to apply the nmstate network state configuration to the
interface directly through the role, which necessitates the less
complexity of the network configuration and allows the partial
configuration on the network.
To warrant that the users are capable to apply the nmstate network state
configuration, add the support for the `network_state` variable.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The current default `p_key` value is `-1`, which is only useful for the
recognizability with NetworkManager API. NetworkManager chooses the
`-1` as the default pkey value only because the connection should be
created on the physical infiniband interface by default and the
positive pkey value would make the connection created on the virtual
infiniband partition. But NetworkManager should also have represented
the default value as not specifying the pkey property initially.
Therefore, change the default value of `p_key` into `None`.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
When testing the infiniband ports in active backup mode, certainly the
physical infiniband device is required to be present upfront. Because
the last commit fixes the bug of wrongly checking the existence of
virtual infiniband device and only checks the presence of the infiniband
device when pkey is not explicitly set, the test which testing
infiniband ports in active backup bonding mode will definitely fail
now. To address the issue, remove the testing code now as it is not
significant for testing the bond options, probably the testing code
will be added back to the dedicated infiniband test playbook for
completeness.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
If the `p_key` is specified, then ipoib (IP over Infiniband) connection
will be created. In this case, the interface name must be unset.
NM only allows the user to set the interface name to a fixed value
based on the interface name of the parent and the value of the `p_key`,
for example, if the interface name of the parent is `ib0` and the
`p_key` is `0x000a`, then the `interface_name` for the ipoib connection
must be `ib0.000a` or unset. But this kind of validation in NM is
pointless because it is not useful at all to have the interface name for
the ipoib connection, NM should has also rejected setting the interface
name for the ipoib connection initially.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
DHCP server certainly needs the IP address configured in order to lease
the address to the client. There is a bug in NM which wrongly removes
all addresses on the unmanaged interface while it should not. To
guarantee the IP address indeed configured for DHCP server, rescue it
via adding conditional loop for configuring IP address to DHCP server.
Notice that this workaround will be removed eventually when NM fixes
the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2079642
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
When running CI tests, test performance can be improved by creating a
snapshot image to use for the test, pre-installed with packages used by
the role tests. The CI system can use tests/setup-snapshot.yml to
prepare the snapshot image. Rather than having a list of packages to
install in multiple places, the code which ensures the facts and
variables is moved to a separate tasks/set_facts.yml so that the setup
playbook can use `tasks_from: set_facts.yml` to get the list of network
packages to install. NOTE: The network role developers should add
additional packages to setup-snapshot.yml for other packages installed
by other tests.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Some users prefer to use `gather_facts: false` in their playbooks.
However, the network role requires certain ansible_facts to be set. If
the user wants to use the network role with `gather_facts: false`, the
role will gather the minimum subset of facts required. If the user does
not want the role to gather facts, the user can either not use the
network role, or ensure that all required facts are in the facts cache.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
