Forge Home

cumulus_interface_policy

Module for enforcing allowed interfaces on Cumulus Linux

12,451 downloads

12,143 latest version

4.6 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 1.0.3 (latest)
  • 1.0.2 (deleted)
  • 1.0.1 (deleted)
  • 1.0.0 (deleted)
released Apr 9th 2015
This version is compatible with:
  • CumulusLinux
This module has been deprecated by its author since May 15th 2020.

Start using this module

Documentation

cumuluslinux/cumulus_interface_policy — version 1.0.3 Apr 9th 2015

cumulus_interface_policy

Table of Contents

  1. Overview
  2. Module Description
  3. Setup
  4. Usage
  5. Reference
  6. Limitations
  7. Development

Overview

This module provides a way to enforce what interfaces are configured on Cumulus Linux.

Module Description

You configure interfaces in Cumulus Linux using ifupdown2, which has the ability to place each interface configuration in a separate file. This module assumes that the switch has an /etc/network/interfaces file that looks like this:

# Managed by Puppet
source /etc/network/interfaces.d/*

You can find a switch's interface configuration in files located in /etc/network/interfaces.d.

For example:

cumulus# tree /etc/network/interfaces.d
/etc/network/interfaces.d
├── bond0
├── eth0
├── lo
├── swp1
└── swp2

Given an allowed list, this module will delete any interface that is not mentioned in the allowed list. This ensures that only approved interfaces will exist on the system when service networking reloaded is activated at the end of each interface configuration check.

service networking reload will remove the configuration of any interface from the kernel that was not defined using ifupdown2.

Setup

What cumulus_interface_policy affects

This module affects the configuration files located in the interfaces folder and used by ifupdown2.

By default this is /etc/network/interfaces.d. To activate the changes, run /sbin/ifreload -a.

NOTE: Reloading an interface configuration is not disruptive if the configuration wasn't changed.

Usage

The module accepts two parameters:

  • allowed (required)
  • location (optional)

The output below states that the loopback, management (eth0), and swp5 through swp48 can be configured. If swp1 is defined, this interface will be removed from the ifupdown2 interfaces directory.

node default {
  cumulus_interface_policy { 'policy':
    allowed => ['lo', 'eth0', 'swp5-48']
  }
}

Reference

Parameters

allowed

Required. This option must be an array. It lists all the interfaces that can be configured on the switch. Ranges are allowed.

allowed => ['lo', eth0', 'swp1-30', 'bond0-20']

location

Optional. This defines where interface files are stored. By default, this is /etc/network/interfaces.d.

You must configure /etc/network/interfaces with the following line:

source /etc/network/interfaces.d/*

Limitations

This module only works on Cumulus Linux.

Include lo and eth0 in the interface allowed list to ensure that these interfaces are not deleted. If using in-band management communication, eth0 can be left out of the list.

The command puppet resource cumulus_interface_policy does not currently produce any output.

Development

  1. Fork it.
  2. Create your feature branch (git checkout -b my-new-feature).
  3. Commit your changes (git commit -am 'Add some feature').
  4. Push to the branch (git push origin my-new-feature).
  5. Create new Pull Request.

Cumulus Linux

Cumulus icon

Cumulus Linux is a software distribution that runs on top of industry standard networking hardware. It enables the latest Linux applications and automation tools on networking gear while delivering new levels of innovation and flexibility to the data center.

For further details please see: cumulusnetworks.com