Add support for the `wait_ip` property, the system will consider
connection activated only when specific IP stack is configured.
This enables flexibility in scenarios such as
IPv6-only networks, where the overall network configuration can still
succeed when IPv4 configuration fails but IPv6 completes successfully.
The `wait_ip` can be configured with the following possible values:
* "any": System will consider interface activated when any IP stack is
configured.
* "ipv4": System will wait IPv4 been configured.
* "ipv6": System will wait IPv6 been configured.
* "ipv4+ipv6": System will wait both IPv4 and IPv6 been configured.
Resolves: https://issues.redhat.com/browse/RHEL-63026
Signed-off-by: Wen Liang <wenliang@redhat.com>
There is no fine-grained control over the number of retries for
automatically reconnecting a network connection in the role. This
limitation can be problematic for certain use cases where extending the
retry process is critical, particularly in environments with unstable
networks. Introduce support for the `autoconnect_retries` property in nm
provider of `network_connections` variable. This feature allows users to
configure how many times NetworkManager will attempt to reconnect a
connection after a autoconnect failure, providing more control over
network stability and performance.
Resolves: https://issues.redhat.com/browse/RHEL-61599
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Enhancement: Add the optional route source parameter for the nm provider
Reason: In a scenario where you have a machine with multiple public IP
addresses, typically due to a multi-WAN setup, the src parameter in the
context of routes allows you to specify which source IP address should
be used when sending packets via a specific route. This is crucial when
you want to ensure that outbound traffic uses a specific IP address tied
to a particular network interface, especially when dealing with multiple
WAN connections.
Result: Adding support for the src parameter in routes results in a
more powerful and flexible network configuration capability, especially
important in environments with multiple network interfaces or multiple
IP addresses, it provides better control over traffic routing.
Resolves: https://issues.redhat.com/browse/RHEL-3252
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
It is useful and common practice to configure the routes with blackhole,
prohibit, and unreachable route types when users have BGP routing
setups.
Notice that this feature is only for nm provider using
`network_connections` variable. Configuring blackhole, prohibit, and
unreachable route types is also supported by using `network_state` since
nmstate version 2.2.20 (the setting name is `route-type`).
Resolves: https://issues.redhat.com/browse/RHEL-19579
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Some variables used in the module code are not meaningful at all, which
might be hard to read and understand. Therefore, replace them with
meaningful variables.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
`from 0.0.0.0/0` means from all IPv4 addresses, `from ::/0` means from
all IPv6 addresses. In NM, if `from` property is not specified in a
routing rule, NM still appends `from 0.0.0.0/0` or `from ::/0` to the
rule. NM also allows to specify `to 0.0.0.0/0` or `to ::/0` in a
routing rule, but the connection profiles will only show the `from`
setting for the rule.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
reason: The administrator wants to suppress the AAAA queries made by
the stub resolver, including AAAA lookups triggered by NSS-based
interfaces such as getaddrinfo. Only the DNS lookups are affected.
result: The administrator is able to suppress AAAA queries made by the
stub resolver.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
reason: The user wants to ignore automatically configured name servers and
search domains (e.g. dns record from DHCP), and only use the name
servers and search domains specified in the `dns` and `dns_search`
properties.
result: The user is able to ignore automatically configured name servers
and search domains.
Notice that there are two settings here distinguished by the address
families, which aims to be compatible with NetworkManager
(`ipv4.ignore-auto-dns` and `ipv6.ignore-auto-dns`)and Nmstate (setting
`auto-dns` on `ipv4` or `ipv6` section). Also, the users can get auto
DNS from DHCPv4, DHCPv6, modem etc, and they may want to ignore auto
DNS on Ipv4 but not on IPv6, in this case, it is better to have two
settings distinguished by the address families.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Without an explicit output device, the kernel might use a different
output device than intended by the user. Therefore, use the interface
name of connections to specify it if it is available. Otherwise,
educate the user about this potential problem with a warning. This
aligns the behavior with NetworkManager which configures the output
device in routes when activating profiles on devices.
Fixes: https://bugzilla.redhat.com/2168735
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Simplify the parsing of route table IDs to avoid unnecessary exception
handling that makes the code harder to understand and triggers CodeQL
warnings. Also re-organize the unit tests and add a missing test for
table IDs higher than 0xFFFF_FFFF to achieve full test coverage.
Signed-off-by: Till Maas <opensource@till.name>
The users want to create the bonding interface with the MAC address
specified by themselves or specify the strategy (e.g. random, preserve)
to get the default MAC for the bonding interface. Thus, add support for
the cloned MAC address.
Signed-off-by: Sylvain <35niavlys@gmail.com>
The user may need to define the named route table in the routing rule
besides the table id, add support for that.
The commit fixes
https://github.com/linux-system-roles/network/issues/506.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Accept any whitespace sequence, according to Python's `rb"\s"` class.
This way, tabs are also accepted. This is also what iproute2 does.
Use just one regex for this.
Also add a unit test for the default iproute2 file.
Signed-off-by: Thomas Haller <thaller@redhat.com>
The current default `p_key` value is `-1`, which is only useful for the
recognizability with NetworkManager API. NetworkManager chooses the
`-1` as the default pkey value only because the connection should be
created on the physical infiniband interface by default and the
positive pkey value would make the connection created on the virtual
infiniband partition. But NetworkManager should also have represented
the default value as not specifying the pkey property initially.
Therefore, change the default value of `p_key` into `None`.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
If the `p_key` is specified, then ipoib (IP over Infiniband) connection
will be created. In this case, the interface name must be unset.
NM only allows the user to set the interface name to a fixed value
based on the interface name of the parent and the value of the `p_key`,
for example, if the interface name of the parent is `ib0` and the
`p_key` is `0x000a`, then the `interface_name` for the ipoib connection
must be `ib0.000a` or unset. But this kind of validation in NM is
pointless because it is not useful at all to have the interface name for
the ipoib connection, NM should has also rejected setting the interface
name for the ipoib connection initially.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
In order to enable the user using the policy routing (e.g. source
routing) or instructing the system which table to look up to determine
the correct route, add support for routing rules.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
In NM, the property `NM_SETTING_IP6_CONFIG_METHOD_DISABLED` is only
supported since NM 1.20, therefore, the role should reject configuring
`ipv6 disabled` if `NM_SETTING_IP6_CONFIG_METHOD_DISABLED` is not
supported by the running version of NM.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Extract the version of Python interpreter using the `sys.version` will
break the Python26CompatTestCase class when the Python version is 3.11.
Rather the correct way to compare the Python version is using the
`sys.version_info` or the `platform` module as suggested in Python
official doc, https://docs.python.org/3/library/sys.html#sys.version.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
In order to enable user to flexibly control the network transmission
over the bonded interface, support all the bond options which are
currently supported by NetworkManager.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
The users want to use the policy routing (e.g. source routing), so
that they can forward the packet based on the other criteria except for
the destination address in the packet. In such scenario, the routing
tables have to be supported beforehand in static routes, so that the
users can define policy routing rules later to instruct the system
which table to use to determine the correct route.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
NetworkManager only allows to configure the DNS options for each IP
family, when they are enabled. Therefore, reject DNS settings in
ArgValidator if no IP family is enabled.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
NetworkManager only allows to configure the IPv6 nameservers if the
IPv6 family is enabled. Therefore, reject the IPv6 nameservers setting
in ArgValidator if the IPv6 family is not enabled.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
When static IPv6 is configured, configuring IPv6 DNS will not raise any
validation error. Add unit test to verify that.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Introduce Python26CompatTestCase to fix Python 2.6 support for unit
tests:
- Use TestCase.assertRaises on Python 2.6 because it does not support
TestCase.assertRaisesRegexp
- Use TestCase.assertRaisesRegex on Python 3.2 and newer because it
deprecates TestCase.assertRaisesRegexp
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Users can easily configure or update network connection via matching
physical device path of the interface, which add certain flexibilty of
user experience.
Update connection profile via matching `path` setting:
```yaml
- name: eth0
type: ethernet
autoconnect: yes
# For PCI devices, the path has the form "pci-$domain:$bus:$device.$function"
# It will only update the interface with the path "pci-0000:00:03.0"
match:
path:
- pci-0000:00:03.0
```
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Users might want to use jinja2 templates to set properties. As such,
it's convenient to accept None as an alias for an empty dictionary.
For exmaple, setting like `"match": None` will be allowed by the role:
e.g.
network_connections:
- name: enp0s8
type: ethernet
persistent_state: present
state: up
match:
ip:
route_metric4: 10
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
Users might want to use jinja2 templates to set properties. As such,
it's convenient to accept None as an alias for an empty list.
For exmaple, setting like `"match": {"path": None}` will be allowed by
the role:
network_connections:
- name: enp0s8
type: ethernet
persistent_state: present
state: up
match:
path:
ip:
route_metric4: 10
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
When IPv6 is disabled, it is conflicting with enabling `auto6`
or configuring static IPv6 or configuring `gateway6` or
configuring `route_metric6`. Add unit tests to check if
this is properly handled in Argvalidator.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
If enabled, a default route will be configured using the default gateway. If disabled,
the default route will be removed.
If this variable is not specified, the role will use the default behavior of the
`network_provider` selected.
Setting this option to `no` is equivalent to:
- `DEFROUTE = no` in initscripts, or
- `ipv4.never-default/ipv6.never-default yes` in nmcli
Signed-off-by: Jack Adolph <jack.adolph@gmail.com>
`ArgValidatorNum` would normalize boolean into int when
`self.numeric_type` is int, then `self.numeric_type(False)` is 0 and
`self.numeric_type(True)` is 1. Therefore, we need to fix
`ArgValidatorNum()` to reject boolean values when integer values are
expected for the setting. This bug fix potentially breaks previously
"working" playbooks (but realistically, they were not working, because
setting 0 or 1 was unlikely intended).
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
`dns_search` and `dns_options` should not be specific to the address
family. Previously, `dns_search` and `dns_options` were only supported
for IPv4 nameservers, so we also need to support `dns_search` and
`dns_options` for IPv6 nameservers.
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
ETHTOOL Ring option is not supported by NetworkManager until
NM 1.25.2. Currently, ETHTOOL Ring option is not suppored by
Network role, so enable the support for ETHTOOL Ring option.
Configure ethtool ring option via:
```yaml
network_connections:
- name: testnic1
type: ethernet
state: up
ip:
dhcp4: no
auto6: no
ethtool:
ring:
rx: 128
rx_jumbo: 128
rx_mini: 128
tx: 128
```
Signed-off-by: Wen Liang <liangwen12year@gmail.com>
There was recently an upgrade to python black which made function
documentation checking stricter. This caused network tox CI to
break. The fix is to format the function doc text in the manner
expected by black.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Use the correct parameter names for declaring static IPV6 connections
for the initscripts provider. Also, add integration and unit tests to
cover this.
Signed-off-by: Jack Adolph <jack.adolph@gmail.com>
Signed-off-by: Till Maas <opensource@till.name>
In order to promote a diverse and inclusive environment we are replacing
all the reference to "slave" for "port".
Test case added.
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
In order to promote a diverse and inclusive environment we are replacing
all the reference to "master" for "controller".
Test case added.
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
The unit tests that are run during integration test did not
work for the role converted to collection format. The tests need to
get the paths from the environment then set up the runtime environment
to look like the real Ansible runtime environment.
Signed-off-by: Rich Megginson <rmeggins@redhat.com>
Since the order of the actions list does not matter anymore because the
role iterates over all actions in a defined order, simplify the
handling for persistent states.
When a profile is specified as absent, ignore state requests if the
profile is already removed or not completely specified to improve
idempotence.
Also restructure the states test. This introduces a clear structure for
the individual test steps, properly assigns tags for each test from the
file and provides a clear error message with a description of the test
that failed in case of errors. Support for tests that expect a failure
is still missing.
