Running the pytest with nm provider failed in the downstream testing
because the "NM_CONTROLLED=no" appeared in
`/etc/sysconfig/network-scripts/ifcfg-testeth` which caused the veth
`testeth` strictly unmanaged by NetworkManager. To fix it, clean up
such a connection profile at the end when running the pytest.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The tests are giving failures that are unfortunately being ignored.
One of which is that pidof is not available by default on all platforms,
and on some platforms is not available at all (el7). Same with sysctl.
There are a couple of fixes:
* run the large embedded test `shell` with `set -euo pipefail` to
trigger script errors to be handled.
* install the procps or procps-ng package which provides the tools
such as pgrep, pkill, sysctl, etc.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
bz#2044640
The network role create an ifcfg file for initscripts. The file
used to append a comment "# this file was created by ansible".
This patch replaces the proprietary string with the ansible
standard {{ ansible_managed }} to adjust to the other system
roles.
For the implementation, it borrowed the method from kernel_settings,
getting the ansible managed comment using the get_ansible_managed.j2
template and pass the comment to network_connections which is added
to the ifcfg file.
In case network_provider is nm, the comment is not added to the
ifcfg file as the file is not managed by Ansible.
Note: the required parameter name to pass the ansible managed comment
to the network_connection module is "__header".
Do not use get_ansible_managed.j2 in the test scripts, but use a
hardcoded ansible managed comment to simplify the tests.
tests/tasks/get_profile_stat.yml: replace the '=' style with the YAML
notation in set_fact.
Signed-off-by: Noriko Hosoi <nhosoi@redhat.com>
The hostapd package was moved from EPEL to CentOS Stream and therefore
is not available anymore on EPEL, which made the installation failed.
To fix it, install the hostapd via CentOS Stream in order to run
managed host testing in RHEL-8.5.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
In order to enable user to flexibly control the network transmission
over the bonded interface, support all the bond options which are
currently supported by NetworkManager.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The initscripts provider tests are unstable on Fedora and users are not
using the initscripts on Fedora, therefore, disable all initscripts
provider tests on Fedora.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The files must be named so that it explain what happens. In addition,
`down_profile+delete_interface` must use `changed_when` to match the
content of `delete_interface`.
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Problem:
After `tests_bridge_initscripts.yml` passed, the `tests_bridge_nm.yml`
will fail with NetworkManager 1.18.
Root cause:
1. The `absent` and `down` action of initscript provider will not
remove the bridge interface which fail the assertion in
`tests_bridge_nm.yml`.
2. In initscript mode, network role will create ifcfg file with
`NM_CONTROLLED=no` instructing NetworkManager to mark the bridge as
unmanaged. The follow up `down` and `absent` action of initscript
provider will not change the NetworkManager's understanding on
unmanaged state of this interface.
Fixes:
1. We cannot change existing behaviour of initscript on not deleting
interface in `down` and `absent` action. So we change the test
function `tests/playbooks/down_profile.yml` to delete the interface
manually via `ip link del <ifname>` command.
2. Use `NM.Client.reload_connections_async()` to reload the
configuration for nm provider on NetworkManager 1.18.
Previous test infrastructure is running each test file in a brand new VM
or container which cause this problem not been found before.
Dedicate test case `tests/tests_switch_provider.yml` included.
Signed-off-by: Gris Ge <fge@redhat.com>
The users want to use the policy routing (e.g. source routing), so
that they can forward the packet based on the other criteria except for
the destination address in the packet. In such scenario, the routing
tables have to be supported beforehand in static routes, so that the
users can define policy routing rules later to instruct the system
which table to use to determine the correct route.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
NetworkManager requires to configure DNS options (such as the search
setting) for each IP family even though it does not matter in the
system's DNS configuration. Also, NetworkManager only allows to
configure the DNS options for each IP family, when they are enabled. In
the network_connections dictionary, the DNS options are configured
without considering the IP family. Therefore, configure ipv4.dns-search
or ipv6.dns-search only if the IP family is enabled.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
NetworkManager only allows to configure the DNS options for each IP
family, when they are enabled. Therefore, reject DNS settings in
ArgValidator if no IP family is enabled.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
NetworkManager only allows to configure the IPv6 nameservers if the
IPv6 family is enabled. Therefore, reject the IPv6 nameservers setting
in ArgValidator if the IPv6 family is not enabled.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
When static IPv6 is configured, configuring IPv6 DNS will not raise any
validation error. Add unit test to verify that.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Introduce Python26CompatTestCase to fix Python 2.6 support for unit
tests:
- Use TestCase.assertRaises on Python 2.6 because it does not support
TestCase.assertRaisesRegexp
- Use TestCase.assertRaisesRegex on Python 3.2 and newer because it
deprecates TestCase.assertRaisesRegexp
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Fix ensure_provider_tests.py so that the tests are correctly generated.
Because the generated tests have not been checked in a while, there was
some drift between the actual tests and what should have been generated,
so the new generated tests have also been included.
When `ensure_provider_tests.py` detects differences, it will now show
the diffs using a unified diff format.
Added a new tox testenv `ensure_provider_tests` - use
`tox -e ensure_provider_tests` to run - to pass arguments, use
`tox -e ensure_provider_tests -- generate`
Added `ensure_provider_tests` as one of the tox testenvs to run for
github tox CI.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Add support for using latest ansible-lint and ansible-test with
ansible-core 2.11. There are a few new warnings that need to
be addressed or suppressed.
One of the changes is to add `# noqa ignore-errors` to the places in
the role where `ignore_errors: true` is used. In general, it is not
a good idea to use `ignore_errors: true` - instead, it is better to
capture the result of the command using a `register`, then use
`failed_when`. Or, if that is not possible, use a `block`/`rescue`
for more complex error handling. However, in the case where the network
role is using `ignore_errors: true` in test code, it is acceptable.
see https://ansible-lint.readthedocs.io/en/latest/default_rules.html#ignore-errors
Another change is to have all tasks have a valid `name:`. This
is explained at https://ansible-lint.readthedocs.io/en/latest/default_rules.html#unnamed-task
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Users can easily configure or update network connection via matching
physical device path of the interface, which add certain flexibilty of
user experience.
Update connection profile via matching `path` setting:
```yaml
- name: eth0
type: ethernet
autoconnect: yes
# For PCI devices, the path has the form "pci-$domain:$bus:$device.$function"
# It will only update the interface with the path "pci-0000:00:03.0"
match:
path:
- pci-0000:00:03.0
```
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Users might want to use jinja2 templates to set properties. As such,
it's convenient to accept None as an alias for an empty dictionary.
For exmaple, setting like `"match": None` will be allowed by the role:
e.g.
network_connections:
- name: enp0s8
type: ethernet
persistent_state: present
state: up
match:
ip:
route_metric4: 10
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Users might want to use jinja2 templates to set properties. As such,
it's convenient to accept None as an alias for an empty list.
For exmaple, setting like `"match": {"path": None}` will be allowed by
the role:
network_connections:
- name: enp0s8
type: ethernet
persistent_state: present
state: up
match:
path:
ip:
route_metric4: 10
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
When IPv6 is disabled, it is conflicting with enabling `auto6`
or configuring static IPv6 or configuring `gateway6` or
configuring `route_metric6`. Add unit tests to check if
this is properly handled in Argvalidator.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
For ansible-core 2.11 compatability, replace the use of `ini_file`
with the yum/dnf config-manager command
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Enable WPA3 SAE support via:
```yaml
network_connections:
- name: wlan0
type: wireless
wireless:
ssid: "WIFI_SSID"
key_mgmt: "sae"
password: "p@55w0rD"
```
Integration test case was included for Fedora and CentOS. ( Failed in setting up the
mock wifi on RHEL, so skipped the integration test on RHEL)
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Since network-scripts package will be dropped in rhel-9, disable all
the initscripts tests in rhel-9.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
To warrant the integration tests succeed when running with initscripts
provider, include task 'el_repo_setup.yml' to enable the base repo
support.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Because ethtool features tests also support initscripts provider, move
ethtool features tests into NM_CONDITIONAL_TESTS.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The `tests_bond_initscripts.yml` will leave the VM holding the testing
DNS entry (nameserver 192.0.2.1) which break network connection.
The root cause is initscript will use dhcp-client for bond DHCP testing
which override the /etc/resolv.conf file. After test bond interface been
removed, the initscript will not restore the DNS settings.
The fix is backup the /etc/resolv.conf and restore it on clean up for
initscript provider.
Signed-off-by: Gris Ge <fge@redhat.com>
The commit b4584c88a8 to skip
tests that use hostapd also removed the epel repo setup. This
breaks other platforms that require epel.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
The `tests_bond_nm.yml` test fails at 50% rate due to bond interface
failed to retrieve IP address from DHCP server.
The root cause of this is NetworkManager by default create default
connections for new managed interface which place the DHCP server
interfaces into IPv4.auto method which then prevent DHCP server running
on these ports.
The fix is mark DHCP server ports(veth endpoint and bridge) as
unmanaged before link up.
Signed-off-by: Gris Ge <fge@redhat.com>
The tests expect there is a hostapd package for doing wireless testing,
and that this package comes from EPEL on EL platforms. Since there
is no EPEL9, skip tests that require hostapd.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Previously when we run `tests_integration_pytest.yml` in RHEL 8, device
becoming unmanaged and NM `ifup` command failed to bring up the
connection when running pytest with initscripts, because network scripts
are deprecated in RHEL8 and they are no longer provided by default.
To fix that, install `network-scripts` package to utilize the legacy
`ifup` command.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
In tests/tasks/enable_epel.yml, if /etc/yum.repos.d/epel.repo exists
and it is not enabled, it's left disabled. Without the epel enabled,
it fails to install necessary modules such as python-mock, which
makes tests_unit.yml and tests_wireless_nm.yml fail.
This patch adds a task calling ini_file to ensure the repo is always
enabled. See also bz1980439
Signed-off-by: Noriko Hosoi <nhosoi@redhat.com>
When applying with `dhcp4: "no"` or `auto6: "no"`, we get incorrect
change indication even when network connection was not changed.
The root cause is the `NM.SettingIPConfig.clear_dns_options(True)` will
create an empty list which will be discard by ifcfg plugin.
The follow up `NM.Connection.compare()` will show configuration changed
as dns option entry missing.
Fixed by remove dns option completely before appending.
Signed-off-by: Gris Ge <fge@redhat.com>
When applying the same network connections twice, the second apply still
shows `changed: true`.
The root cause:
* When user never asked about ethtool configuration, network-role
will generate an all-default `NM.SettingEthtool` and pass it to
NetworkManager daemon. But NetworkManager discard it when saving to
ifcfg plugin as ifcfg plugin will not keep empty ethtool option.
* During second apply, the `NM.SimpleConnection.compare` will return
False indicating configuration changed because of on-disk connection
has no ethtool setting while pending connection does.
To fix it, we just remove the all-default `NM.SettingEthtool`.
Signed-off-by: Gris Ge <fge@redhat.com>
Running `tests_bond_deprecated_initscripts.yml` and
`tests_bond_initscripts.yml` consecutively will fail in the downstream
testing with error "Determining IP information for nm-bond...dhclient is already running - exiting.".
Because the two tests have the same controller device name and dhclient
will keep running for the controller device `nm-bond`.
A workaround for this bug is to change the controller device name
associated with `tests_bond_deprecated_initscripts.yml`.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
If enabled, a default route will be configured using the default gateway. If disabled,
the default route will be removed.
If this variable is not specified, the role will use the default behavior of the
`network_provider` selected.
Setting this option to `no` is equivalent to:
- `DEFROUTE = no` in initscripts, or
- `ipv4.never-default/ipv6.never-default yes` in nmcli
Signed-off-by: Jack Adolph <jack.adolph@gmail.com>
`ArgValidatorNum` would normalize boolean into int when
`self.numeric_type` is int, then `self.numeric_type(False)` is 0 and
`self.numeric_type(True)` is 1. Therefore, we need to fix
`ArgValidatorNum()` to reject boolean values when integer values are
expected for the setting. This bug fix potentially breaks previously
"working" playbooks (but realistically, they were not working, because
setting 0 or 1 was unlikely intended).
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
`dns_search` and `dns_options` should not be specific to the address
family. Previously, `dns_search` and `dns_options` were only supported
for IPv4 nameservers, so we also need to support `dns_search` and
`dns_options` for IPv6 nameservers.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Enable WPA3 OWE support via:
```yaml
network_connections:
- name: wlan0
type: wireless
wireless:
ssid: "WIFI_SSID"
key_mgmt: "owe"
```
Integration test case was included for Fedora and CentOS. ( Failed in setting up the
mock wifi on RHEL, so skipped the integration test on RHEL)
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
ETHTOOL Ring option is not supported by NetworkManager until
NM 1.25.2. Currently, ETHTOOL Ring option is not suppored by
Network role, so enable the support for ETHTOOL Ring option.
Configure ethtool ring option via:
```yaml
network_connections:
- name: testnic1
type: ethernet
state: up
ip:
dhcp4: no
auto6: no
ethtool:
ring:
rx: 128
rx_jumbo: 128
rx_mini: 128
tx: 128
```
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
- To properly run tests for features that are supported both in
initscripts and NM but require a specific NM version or other
condition, add a new test category for these tests.
- Use the new test category to enable testing coalesce support with
initscripts
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
To fix the CI failure - "Error: testnic1 - no such connection profile",
when testing ethtool coalesce setting with initscripts provider, bring
up the connection when the connection was created.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
To clearly explain to user why minimum version or extra running
condition is needed for certain "NM_ONLY_TESTS", include additional
comment support.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
There was recently an upgrade to python black which made function
documentation checking stricter. This caused network tox CI to
break. The fix is to format the function doc text in the manner
expected by black.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
That is the following errors are fixed.
'206' # Variables should have spaces before and after: {{ var_name }}
'208' # File permissions unset or incorrect
'301' # Commands should not change things if nothing needs doing
'305' # Use shell only when shell functionality is required
'502' # All tasks should be named
'601' # Don't compare to literal True/False
'602' # Don't compare to empty string
RHELPLAN-73471
Signed-off-by: Noriko Hosoi <nhosoi@redhat.com>
Automation Hub, and possibly Galaxy in the future, require the
collection to be screened with `ansible-test sanity` among other
checks. The role had a number of issues:
* Use `AssertionError` instead of `assert`
* Use of `logging` module not in accordance with standards, but these
are ok and the errors were suppressed
* Several import errors which are ok because they are checked
elsewhere
* __init__.py in the module_utils directories must be empty, so a
new file myerror.py was added to move the code from __init__.py
* NOTE: network_lsr/nm/__init__.py is not empty
* The documentation block in the module was not properly constructed
or formatted.
* shellcheck issues, including removing unused files
* use `unused` instead of `_` (underscore) for variables that are
unused
add WARNING to module docs - collection users should not use directly
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Use the correct parameter names for declaring static IPV6 connections
for the initscripts provider. Also, add integration and unit tests to
cover this.
Signed-off-by: Jack Adolph <jack.adolph@gmail.com>
Signed-off-by: Till Maas <opensource@till.name>
