Version information
This version is compatible with:
- Puppet Enterprise 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
- Puppet >= 3.0.0 < 5.0.0
Start using this module
Add this module to your Puppetfile:
mod 'crayfishx-network_config', '1.2.0'Learn more about managing modules with a PuppetfileDocumentation
network_config
Table of Contents
Introduction
This module takes a rather complex set of hiera data to manage network infrastructures on Network Manager based systems (eg: RHEL7). It supports:
- A type and provider to manage network interfaces
- A type and provider to manage IP allocations
- A type and provider to manage statuc IP routes
- Set of Puppet classes to manage network infrastructures from hiera data
This module manages the interface configuration files in /etc/sysconfig/network-scripts, as well as starting and stopping interfaces.
You can choose just to use the Types and providers that this module exposes, network_interface and ip_allocation and wrap these into your own module. Or the puppet module can be used to define complex network infrastructures in Hiera.
OS Support
The only officially supported OS for this module right now is RedHat/CentOS 7.0 - support for RHEL6 is limited and not very well tested at this time.
Types and providers
network_interface
Example
network_interface { 'ens33':
ensure => 'present',
bootproto => 'static',
device => 'ens33',
ipv6init => 'yes',
netboot => 'yes',
onboot => 'yes',
type => 'Ethernet',
}
Description and parameters
This type takes an interface name as a title and configures the interface in /etc/sysconfig/network-scripts/ifcfg-<name> See the configuration parameter reference for a complete list of configurable parameters that this type accepts.
ip_allocation
Example
ip_allocation { '192.168.193.3':
ensure => 'present',
gateway => '192.168.193.100',
interface => 'ens33',
prefix => '24',
}
Description and parameters
This type takes an IP address as the resource title. Supported parameters are:
| Parameter | Description |
|---|---|
ensure |
present or absent |
interface |
The interface name this allocation is assigned to |
prefix |
The prefix (CIDR notation) of the IP address |
netmask |
The netmask of the IP address (eg: 255.255.255.0) |
gateway |
The gateway for this IP allocation |
Note that only one of prefix or netmask should be used.
Multiple IP addresses bound to the same interface will be configured with their numerical identifier (eg: IPADDR0, PREFIX0, IPADDR1, PREFIX1, IPADDR2, PREFIX2...etc). The provider also ensures that when removing an IP allocation for an interface that all the numerican identifiers are re-sorted if there are gaps in the sequence, since Network Manager will not read beyond the first gap.
IP addresses are considered unique, therefore changing the interface parameter will have the effect of moving the IP allocation from one interface to another
Network_config::Ifconfig[ens99]/Ip_allocation[10.7.6.10]/interface: interface changed 'ens39' to 'ens99'
ip_route
Example
ip_route { '10.72.1.0/24':
ensure => 'present',
gateway => '10.72.1.1',
interface => 'ens33',
}
Description and parameters
This type takes an CIDR address as the resource title. Supported parameters are:
| Parameter | Description |
|---|---|
ensure |
present or absent |
interface |
The interface name this route is assigned to |
gateway |
The gateway for the static route |
|
There are two optional parameters which are the resources namevars, netmask and address - if these two attributes are not set then the CIDR range from the resource title is used to populate the netmask and address.
Purging
Both network_interface and ip_allocation are purgable resources, meaning they support the instances() method. We recommend using the crayfishx/purge module as it offers more finite control over purging, for example, to purge all unmanaged IP allocations, except the loopback interface, you could do something like
purge { 'ip_allocation':
unless => [ 'interface', '==', 'lo' ],
}
For purging all interfaces and ip_allocations you can also set the purge_interfaces and purge_ip_allocations options on the network_config class. When using these options, any interfaces with a name or device matching an entry in exclude_if, plus any IP allocations with an interface matching an entry in exclude_if will not be purged. (NOTE: make sure you are running crayfishx/purge >= 1.1.0). As a further precaution, an ip_allocation of 127.0.0.1 will never be purged by the class.
Configuring the network_config module
Contents
Usage
The module is designed to get most of it's configuration from data lookups. To invoke the module, simply include it
class { 'network_config': }
Parameters
| Parameter | Description | Default |
|---|---|---|
interfaces |
Interfaces to configure | interfaces fact |
interface_names |
Mapping of interfaces to type names | n/a |
defaults |
Defaults for each interface type | n/a |
vlans |
VLAN specific configuration | n/a |
ifconfig |
Host specific interface configuration | n/a |
bonds |
Bond interfaces and specific configuration | {} |
bond_defaults |
Optional hash of default configuration for bond configuration | {} |
exclude_if |
List of interfaces to exclude from management, even if interfaces has them |
lo |
networkmanager |
True or false, is NetworkManager enabled (to be deprecated) | RHEL7 true, RHEL6 false |
purge_interfaces |
True or false, whether or not to purge non managed interfaes (this will completely remove the ifcfg- file for interfaces not being managed by Puppet. Any interface matching a device name of lo or a name of loopback will not be purged |
false |
purge_ip_allocations |
True or false, whether or not to purge unmanaged IP addresses, an IP address matching 127.0.0.1 or with the interface lo will not be purged |
false |
restart_service* |
Whether or not to restart the network service on change | true |
restart_interface* |
Whether or not to restart the affected network interface on change | false |
* only one of restart_interface or restart_service can be defined
Configuration using hiera
network_config::interfaces
This setting is a list of interfaces that we want to configure on the system. If it is not set then the module will use the output of the interfaces fact. To override this, we can give a comma separated list of the interfaces that we want to manage. Eg:
network_config::interfaces: eth0,eth1,eth2
Note that this is a comma separated string, with no spaces. Not an array.
network_config::interface_names
The first thing that should be configured are interface names. We define interface configuration parameters against interface types, that is, instead of saying eth0, eth1...etc, we assign friendly names to these interfaces and refer to them by the type of interface they are, eg: management. For each interface we want to manage we assign it a type, eg:
network_config::interface_names:
eth0: management
eth1: application
eth2: backup
network_config::defaults
Now that we have our interface type names deifined in interface_names we can add some global defaults to each of these interface types. We have the opportunity to override these in specific circumstances, but things that are generally global such as domain, can be configured as defaults. Eg:
network_config::defaults:
management:
bootproto: "none"
defroute: "no"
dns1: 10.0.8.2
dns2: 10.0.8.3
dns3: 10.0.8.4
domain: enviatics.com
onboot: "yes"
backup:
bootproto: "none"
defroute: "no"
dns1: 10.0.0.2
dns2: 10.0.0.3
dns3: 10.0.0.4
domain: enviatics.com
interface_type: "Ethernet"
onboot: "yes"
application:
bootproto: "none"
defroute: "no"
dns1: 10.0.6.2
dns2: 10.0.6.3
dns3: 10.0.6.4
domain: app.enviatics.com
onboot: "yes"
See the configuration parameter appendix for a list of supported parameters.
network_config::vlans
This setting gives us specific control to add configuration or override defaults for different vlans. Eg:
network_config::vlans:
100:
prefix: 24
gateway: 10.0.8.1
200:
prefix: 32
gateway: 10.0.0.1
300:
prefix: 24
gateway: 10.0.6.3
Note that any configuration parameter can be overriden here for a specific vhost, eg:
network_config::vlans:
100:
prefix: 24
gateway: 10.0.8.1
domain: vlan_100.enviatics.com
network_config::ifconfig
The ifconfig setting would normally be configured at the host level in your lookup hierarchy, and it's this parameter which ties together and inherits all of the above default settings. ifconfig is a hash of interface types and configuration parameters, it accepts any configuration parameter as a host specific override, as well as vlan to inherit configuration parameters from the VLAN is belongs to. A simple example would be:
network_config::ifconfig:
application:
ipaddr: 10.0.8.101
vlan: 100
The above configuration will get all the default configuration for a management interface type, the gateway and prefix parameters inherited from the assigned VLAN and we are specifying the IP address specific to this host.
Like the other options, you can override any configuration parameter at this level and it will take priority, eg:
network_config::ifconfig:
application:
ipaddr: 10.0.8.101
vlan: 100
gateway: 10.0.8.254
This will override the VLAN default and set the gateway to .254
The ipaddr parameter can also take an array
network_config::ifconfig:
applciation:
ipaddr:
- 10.0.8.101
- 10.0.8.102
vlan: 100
In the above example we will end up with a configuration file that contains
IPADDR0=10.0.8.101
GATEWAY0=10.0.8.1
PREFIX0=24
IPADDR1=10.0.8.102
GATEWAY1=10.0.8.1
PREFIX1=24
Note that the PREFIX and GATEWAY in this example were automatically worked out, as they are inherited from the VLAN that the interface has been assigned to.
Override priorities
When evaluating the configuration, the module will prioritise duplicate settings top down in the following order (first has highest priority/win)
network_config::ifconfignetwork_config::vlans(if supplied tonetwork_config::ifconfig)network_config::bonds(see below)network_config::defaultsfor the specific type of interface being configured.
Bonding
If you need to bond multiple interfaces for a particular interface type you can follow much of the same procedure... firstly we create an additional network interface type for bond interface defaults, the name does not matter. Eg:
network_config::defaults
...
bond_interface:
bootproto: "none"
defroute: "no"
onboot: "yes"
Next we assign two interfaces that we want to be the bound interface slaves. We also define a new interface that will be our bond0 and we can give it an interface type like we did earlier, eg:
network_config::interface_names:
...
eth3: bond_interface
eth4: bond_interface
bond0: application
This will configure bond0 as an application interface inheriting all of our defaults from that type. We also have eth3 and eth3 configured with general bonding defaults.
The final step is to define which real interfaces are slaves of which bond interfaces, we do this with the bonds parameter.
network_config::bonds:
bond0:
interfaces:
- eth3
- eth4
The above will make sure that eth3 and eth4 interfaces are configured as slaves of bond0 with
NAME=ens51
MASTER=bond0
SLAVE=yes
... aswell as all the inherited configuration from the bond_interface type.
The bonds hash can also contain other bond specific configuration to apply to the bond interface (bond0 in our example). Eg:
network_config::bonds:
bond0:
bonding_opts: 'miimon=100 mode=1'
interfaces:
- eth3
- eth4
Shared configuration common to all bond interfaces maybe defined in the bond_defaults hash
network_config::bond_defaults
bonding_opts: 'miimon=100 mode=1'
network_config::bonds:
bond0:
interfaces:
- eth3
- eth4
both configure in bond0
BONDING_OPTS=miimon=100 mode=1
Configuration parameter reference
| Parameter | NM configured option | |
|---|---|---|
| netmask | NETMASK | |
| bootproto | BOOTPROTO | |
| defroute | DEFROUTE | |
| ipv4_failure_fatal | IPV4_FAILURE_FATAL | |
| ipv6init | IPV6INIT | |
| ipv6_autoconf | IPV6_AUTOCONF | |
| ipv6_defroute | IPV6_DEFROUTE | |
| ipv6_failure_fatal | IPV6_FAILURE_FATAL | |
| uuid | UUID | |
| onboot | ONBOOT | |
| dns1 | DNS1 | |
| dns2 | DNS2 | |
| dns3 | DNS3 | |
| domain | DOMAIN | |
| hwaddr | HWADDR | |
| ipv6_peerdns | IPV6_PEERDNS | |
| ipv6_peerroutes | IPV6_PEERROUTES | |
| zone | ZONE | |
| type | TYPE | network_interface type param only |
| interface_type | TYPE | Hiera config only |
| device | DEVICE | |
| bonding_opts | BONDING_OPTS | |
| bonding_master | BONDING_MASTER | |
| master | MASTER | |
| slave | SLAVE | |
| netboot | NETBOOT | |
| nm_controlled | NM_CONTROLLED | |
| peerdns | PEERDNS | |
| gateway | GATEWAY |
Author
- Written and maintained by Craig Dunn craig@craigdunn.org @crayfishx
- Sponsered by Baloise Group http://baloise.github.io
Types in this module release
1.2.0
- Use interfaces gateway as the default gateway for associated ip routes (https://github.com/crayfishx/network_config/pull/32)
1.1.0
- Added
dns3option
1.0.1
- Use the Puppet Type API to force loading of a ini_setting provider. Fixes an issue in Puppet 4 where
puppet/util/ini_filecannot be loaded.
1.0.0
- Puppet 4 compatibility - 1.x will not work with Puppet 4.x
- Bugfix: Removed inline template code for evaluating bonds that fails on Puppet 4
0.13.3
- Fix: Dont purge ip_allocations in non-managed interfaces if
purge_interfacesis set to false
0.13.2: N/A no change
0.13.1
- Bugfixes, fix clashes between GATEWAY= and GATEWAY0,1,2= settings when on NM controlled systems
0.13.0
- Internal refactoring of provider code to centralize functionality into a shared provider
- Added
ip_routetype and provider for managing static interface routes - Added
routesoption to theifconfighash for configuring static routes
0.12.0
- Added gateway attribute to
network_interfacetype
0.11.1
- Bugfix: When prefetching interfaces, if an interface is found with no
NAME=parameter, it is simply ignored and doesnt cause en exception.
0.11.0
- Fixed:
nm_controlledattribute was not being managed bynetwork::interface - Added
peerdnsattribute
0.10.0
- Added
bond_defaultsoption
0.9.1
- Fixed unquoted hash key which fails to compile on Puppet 3
0.9.0
- Purging will exclude interfaces listed in $exclude_if
0.8.1
- fixed forge dependencies
0.8.0
- Added purging feature for ip_allocations and network_interfaces
0.7.0
- Improved handling of service or interface restarts
- Fix for Puppet 3.6 parser
- Added destroy feature for network_interface
0.6.0
- Changed how interface services detect if an interface is up or down
0.5.0
- Initial public release
Dependencies
- puppetlabs-stdlib (>= 1.0.0 < 5.0.0)
- puppetlabs-inifile (>= 1.0.0 < 2.0.0)
- crayfishx-purge (>= 1.1.0 < 2.0.0)
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright 2016 Craig Dunn <craig@craigdunn.org>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.