Role - edpm_network_config

Usage

This Ansible role does the following tasks:

  • Read the configured edpm_network_config_tool The following choices can be used to configure the host network: - nmstate, i.e based on systemroles.network - os-net-config, i.e based on custom tasks os-net-config is the default tool for this role

  • For os-net-config option, this role prepares the host by - creating necessary folders and files for rendering network templates and NIC mappings (optional) - Checks for the presence of required RPMS - Uses “provider” ifcfg/nmstate based on flag “edpm_network_config_nmstate”

Note: * With nmstate-provider as the default for os-net-config,

using “edpm_network_config_nonconfigured_cleanup” is not recommended. Instead, enabling flag “edpm_network_config_remove_config” with appropriate remove_config section added in “edpm_network_config_template” is the supported option

  • “edpm_network_config_nonconfigured_cleanup” SHOULD NOT be set for update/adoption usecase

Here is an example playbook to run os-net-config tool:

- name: Apply network_config
  block:
    - name: Configure host network with edpm-ansible
      include_role:
        name: edpm_network_config
      vars:
        edpm_network_config_template: "{{ nic_config_file }}"
---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Apply network configuration with os-net-config.

- name: Apply os-net-config configuration
  become: true
  block:
    - name: Set nic_config_file fact
      ansible.builtin.set_fact:
        nic_config_file: "/etc/os-net-config/config.yaml"

    - name: Render network_config from template
      no_log: "{{ edpm_network_config_hide_sensitive_logs | bool }}"
      ansible.builtin.copy:
        content: "{{ edpm_network_config_template }}"
        dest: "{{ nic_config_file }}"
        mode: '0644'
        backup: true

    - name: Retrieve and output nic_config_file contents for debug before applying
      when: edpm_network_config_debug|bool
      block:
        - name: Retrieve content of nic_config_file before applying
          ansible.builtin.slurp:
            path: "{{ nic_config_file }}"
          register: os_net_config_config
        - name: Debug print nic_config_file contents
          ansible.builtin.debug:
            msg: "{{ os_net_config_config['content'] | b64decode | trim }}"

    - name: Run edpm_os_net_config_module with network_config
      edpm_os_net_config:
        cleanup: "{{ edpm_network_config_nonconfigured_cleanup }}"
        config_file: "{{ nic_config_file }}"
        debug: "{{ edpm_network_config_debug | bool }}"
        detailed_exit_codes: true
        safe_defaults: "{{ edpm_network_config_safe_defaults | bool }}"
        use_nmstate: "{{ edpm_network_config_nmstate | bool }}"
        remove_config: "{{ edpm_network_config_remove_config | bool }}"
      async: "{{ edpm_network_config_async_timeout }}"
      poll: "{{ edpm_network_config_async_poll }}"
      register: network_config_result
      when: not ansible_check_mode

Here is an example playbook to run os-net-config tool with –remove_config section:

- name: Cleanup and apply network configuration only
  include_role:
    name: edpm_network_config
  vars:
    edpm_network_config_template:
      "{{ nic_config_file }}"
    edpm_network_config:
      remove_config: true

An example of using remove_config is available in:

---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- name: Converge
  hosts: all
  gather_facts: false
  vars:
    edpm_network_config_template: |
      ---
      remove_config:
      - remove_type: vlan
        remove_name: vlan200
      network_config:
        - type: vlan
          vlan_id: 100
          device: dummy0
          use_dhcp: false
          use_dhcpv6: false
          addresses:
          - ip_netmask: 192.168.180.2/24
          routes:
            - ip_netmask: 192.168.180.0/24
              next_hop: 192.168.180.1
    edpm_network_config_nonconfigured_cleanup: false
    edpm_network_config_nmstate: false
    edpm_network_config_hide_sensitive_logs: false
    edpm_network_config_update: false
    edpm_network_config_remove_config: true
    edpm_bootstrap_network_resolvconf_update: false
    edpm_network_config_debug: true
  pre_tasks:
    - name: Gather user fact
      ansible.builtin.setup:
        gather_subset:
          - "!all"
          - "!min"
          - "user"

    - name: set basic user fact
      ansible.builtin.set_fact:
        ansible_user: "{{ ansible_user_id | default(lookup('env', 'USER')) }}"
      when:
        - ansible_user is undefined
  roles:
    - role: "osp.edpm.edpm_network_config"

- name: Verify os-net-config rpm version and interface creation
  hosts: all
  gather_facts: false
  tasks:
    - name: Print os-net-config version
      ansible.builtin.command: rpm -q os-net-config
      register: onc_ver
      changed_when: false

    - name: Display version
      ansible.builtin.debug:
        msg: "{{ onc_ver.stdout }}"

    - name: List /etc/sysconfig/network-scripts
      ansible.builtin.command: ls -l /etc/sysconfig/network-scripts
      register: netscripts_list
      changed_when: false

    - name: Debug listing of /etc/sysconfig/network-scripts
      ansible.builtin.debug:
        var: netscripts_list.stdout_lines

    - name: List all NetworkManager connections
      ansible.builtin.command: nmcli -t -f NAME,TYPE,DEVICE connection show
      register: nmcli_conns
      changed_when: false

    - name: Debug NM connections
      ansible.builtin.debug:
        var: nmcli_conns.stdout_lines

    - name: Show ip addr state
      ansible.builtin.command: ip addr show
      register: ip_addr
      changed_when: false

    - name: Verify vlan200 was removed by "remove_config" flag
      ansible.builtin.assert:
        that:
          - "'vlan200' not in ip_addr.stdout"
        fail_msg: "FAILED: vlan200 interface still exists in ip addr output"
        success_msg: "SUCCESS: vlan200 interface was removed"

    - name: Debug ip link state
      ansible.builtin.debug:
        var: ip_addr.stdout_lines