Version information
This version is compatible with:
- Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
- Puppet >= 3.0.0 <7.0.0
- , , , , , , , ,
Start using this module
Add this module to your Puppetfile:
mod 'odivlad-network', '3.5.3'
Learn more about managing modules with a PuppetfileDocumentation
network
This repository is a fork of deprecated https://github.com/example42/puppet-network repo.
Table of Contents
Overview
This module configures networking on Linux and Solaris. It manages network parameters, interfaces, routes, rules and routing tables.
Module Description
Main class is used as entrypoint for general variables.
It manages hostname configuration and has hiera hash lookups to generate the following, provided, resources:
- network::interface - Define to manage network interfaces
- network::route - Define to manage network routes
- network::mroute - Define to manage network routes - Alternative with easier management of multiple routes per interface
- network::routing_table - Define to manage iproute2 routing tables
- network::rule - Define to manage network rules
Setup
Setup Requirements
- PuppetLabs stdlib module
- PuppetLabs concat module
- Puppet version >= 3.0.0 < 7.0.0
- Facter version >= 1.6.2
Beginning with module network
The main class arguments can be provided either via Hiera (from Puppet 3.x) or direct parameters:
class { 'network':
parameter => value,
}
The module provides a generic network::conf define to manage any file in the config_dir_path which is:
On 'Debian' osfamily: '/etc/network',
On 'Redhat' osfamily: '/etc/sysconfig/network-scripts',
On 'Suse' osfamily: '/etc/sysconfig/network',
network::conf { 'if-up.d/my_script':
template => 'site/network/my_script',
}
The module provides a cross OS compliant define to manage single interfaces: network::interface
IMPORTANT NOTICE: On Debian if you use network::interface once you must provide ALL the network::interface defines for all your interfaces. It requires separate declarations for each IP stack on each interface. Please keep in mind Debian and RedHat do not share the same approach in IPv4 / IPv6 management and thus require different hash structures.
To configure a dhcp interface
network::interface { 'eth0':
enable_dhcp => true,
}
To configure a static interface with basic parameters
network::interface { 'eth1':
ipaddress => '10.42.42.50',
netmask => '255.255.255.0',
}
Generic interface parameters configation examples
You have different possible approaches in the usage of this module. Use the one you prefer.
-
Just use the network::interface defines:
network::interface { 'eth0': enable_dhcp => true, } network::interface { 'eth1': ipaddress => '10.42.42.50', netmask => '255.255.255.0', }
-
Use the main network class and the interfaces_hash to configure all the interfaces
class { 'network': interfaces_hash => { 'eth0' => { enable_dhcp => true, }, 'eth1' => { ipaddress => '10.42.42.50', netmask => '255.255.255.0', }, }, }
Same information as Hiera data in yaml format:
network::interfaces_hash:
eth0:
enable_dhcp: true
eth1:
ipaddress: '10.42.42.50'
netmask: '255.255.255.0'
-
Use the main network class and the usual stdmod parameters to manage the (main) network configuration file
On 'Debian' osfamily: '/etc/network/interfaces',
On 'Redhat' osfamily: '/etc/sysconfig/network-scripts/ifcfg-eth0' # Yes, quite opinionated, you can change it with config_file_path.
On 'Suse' osfamily: '/etc/sysconfig/network/ifcfg-eth0'
class { 'network': config_file_template => 'site/network/network.conf.erb', }
-
Manage the whole configuration directory
class { 'network': config_dir_source => 'puppet:///modules/site/network/conf/', }
-
DO NOT automatically restart the network service after configuration changes (either via the main network class or via network::interfaces)
class { 'network': config_file_notify => '', }
-
The network::interface exposes, and uses in the default templates, network configuration parameters available on Debian (most), RedHat (some), Suse (most) so it's flexible, easily expandable and should adapt to any need, but you may still want to provide a custom template with:
network::interface { 'eth0': enable_dhcp => true, template => "site/network/interface/${::osfamily}.erb", }
Network routes management examples
-
The network::route can be used to define static routes on Debian and RedHat systems. The following example manages a static route on eth0
network::route { 'eth0': ipaddress => [ '192.168.17.0', ], netmask => [ '255.255.255.0', ], gateway => [ '192.168.17.250', ], }
On 'Debian' osfamily: it will create 2 files: '/etc/network/if-up.d/z90-route-eth0' and '/etc/network/if-down.d/z90-route-eth0',
On 'RedHat' osfamily: it will create the file '/etc/sysconfig/network-scripts/route-eth0'
You can provide to the main network class the routes_hash parameter to manage all your routes via a hash.
-
This example add 2 static routes on the interface bond2
network::route { 'bond2': ipaddress => [ '192.168.2.0', '10.0.0.0', ], netmask => [ '255.255.255.0', '255.0.0.0', ], gateway => [ '192.168.1.1', '10.0.0.1', ], }
-
To configure the default route on Suse, use the routes_hash parameter, like in the following example:
class { 'network': routes_hash => { 'eth0' => { ipaddress => [ 'default', ], gateway => [ '192.168.0.1', ], netmask => [ '-', ], interface => 'eth0', } } }
-
An alternative way to manage routes is using the network::mroute define, which expects a hash of one or more routes where you specify the network and the gateway (either as ip or device name):
network::mroute { 'bond2': routes => { '192.168.2.0/24' => '192.168.1.1', '10.0.0.0/8' => '10.0.0.1', '80.81.82.0/16' => 'bond0', } }
-
The network::routing_table and network::rule classes can be used to configure ip rules and routing tables. Make sure to define a routing table before using it, like in this example:
network::routing_table { 'vlan22': table_id => '200', } network::rule { 'eth0': iprule => ['from 192.168.22.0/24 lookup vlan22', ], }
You can then add routes to this routing table:
network::route { 'eth1':
ipaddress => [ '192.168.22.0', ],
netmask => [ '255.255.255.0', ],
gateway => [ '192.168.22.1', ],
table => [ 'vlan22' ],
}
If adding routes to a routing table on an interface with multiple routes, it is necessary to specify false or 'main' for the table on the other routes. The 'main' routing table is where routes are added by default. E.g. this:
network::route { 'bond0':
ipaddress => [ '192.168.2.0', '10.0.0.0', ]
netmask => [ '255.255.255.0', '255.0.0.0', ],
gateway => [ '192.168.1.1', '10.0.0.1', ],
}
network::route { 'bond0':
ipaddress => [ '192.168.3.0', ],
netmask => [ '255.255.255.0', ],
gateway => [ '192.168.3.1', ],
table => [ 'vlan22' ],
}
would need to become:
network::route { 'bond0':
ipaddress => [ '192.168.2.0', '10.0.0.0', '192.168.3.0', ]
netmask => [ '255.255.255.0', '255.0.0.0', '255.255.255.0', ],
gateway => [ '192.168.1.1', '10.0.0.1', '192.168.3.1', ],
table => [ false, false, 'vlan22' ],
}
The same applies if adding scope, source or gateway, i.e. false needs to be specified for those routes without values for those parameters, if defining multiple routes for the same interface.
The following definition:
network::route { 'bond2':
ipaddress => [ '0.0.0.0', '192.168.3.0' ]
netmask => [ '0.0.0.0', '255.255.255.0' ],
gateway => [ '192.168.3.1', false ],
scope => [ false, 'link', ],
source => [ false, '192.168.3.10', ],
table => [ 'vlan22' 'vlan22', ],
}
yields the following routes in table vlan22:
# ip route show table vlan22
default via 192.168.3.1 dev bond2
192.168.3.0/255.255.255.0 dev bond2 scope link src 192.168.3.10
Normally the link level routing (192.168.3.0/255.255.255.0) is added automatically by the kernel when an interface is brought up. When using routing rules and routing tables, this does not happen, so this route must be added manually.
Hiera examples
Here are some examples of usage via Hiera (with yaml backend).
Main class settings:
network::hostname: 'web01'
network::gateway: 192.168.0.1 # Default gateway (on RHEL systems)
network::hiera_merge: true # Use hiera_hash() instead of hiera() to resolve the values for the following hashes
Configuration of interfaces (check network::interface
for all the available params.
Single interface via dhcp:
network::interfaces_hash:
eth0:
enable_dhcp: true
Bond interface:
eth0:
method: manual
bond_master: 'bond3'
allow_hotplug: 'eth0'
manage_order: '08'
eth1:
method: manual
bond_master: 'bond3'
allow_hotplug: 'eth1'
manage_order: '08'
bond3:
ipaddress: "10.0.28.10"
netmask: '255.255.248.0'
gateway: "10.0.24.1"
dns_nameservers: "8.8.8.8 8.8.4.4"
dns_search: 'my.domain'
bond_mode: 'balance-alb'
bond_miimon: '100'
bond_slaves: []
Debian/Ubuntu IPv4/IPv6 management example for basic IP config, IP aliaseconfig and VLAN config :
'eth0:0v4':
'enable': 'true'
'bootproto': 'none'
'peerdns': 'no'
'userctl': 'no'
'restart_all_nic': 'false'
'accept_ra': '1'
'type': 'Ethernet'
'mtu': '1500'
'interface': 'eth0:0'
'ipaddress': 'X.X.X.X/22'
'family': 'inet'
'eth0:0v6':
'enable': 'true'
'bootproto': 'none'
'peerdns': 'no'
'userctl': 'no'
'restart_all_nic': 'false'
'accept_ra': '1'
'autoconf': '0'
'type': 'Ethernet'
'mtu': '1500'
'interface': 'eth0:0'
'ipaddress': 'X.X.X.1::85/64'
'family': 'inet6'
'eth1v4':
'enable': 'true'
'bootproto': 'none'
'peerdns': 'no'
'userctl': 'no'
'restart_all_nic': 'false'
'accept_ra': '0'
'type': 'Ethernet'
'mtu': '1500'
'interface': 'eth1'
'ipaddress': 'X.X.X.1/29'
'family': 'inet'
'eth1v6':
'enable': 'true'
'bootproto': 'none'
'peerdns': 'no'
'userctl': 'no'
'restart_all_nic': 'false'
'accept_ra': '0'
'type': 'Ethernet'
'mtu': '1500'
'interface': 'eth1'
'ipaddress': 'X.X.X.1:bb:43::2/64'
'family': 'inet6'
'eth1.12v4':
'enable': 'true'
'bootproto': 'none'
'peerdns': 'no'
'userctl': 'no'
'restart_all_nic': 'false'
'accept_ra': '1'
'type': 'Ethernet'
'mtu': '1500'
'vlan': 'yes'
'interface': 'eth1.12'
'ipaddress': 'X.X.X.1/29'
'family': 'inet'
'eth1.12v6':
'enable': 'true'
'bootproto': 'none'
'peerdns': 'no'
'userctl': 'no'
'restart_all_nic': 'false'
'accept_ra': '1'
'autoconf': '0'
'type': 'Ethernet'
'mtu': '1500'
'vlan': 'yes'
'interface': 'eth1.12'
'ipaddress': 'X.X.X.1:dd:3::2/64'
'family': 'inet6'
'eth0v4':
'enable': 'true'
'bootproto': 'none'
'peerdns': 'no'
'userctl': 'no'
'restart_all_nic': 'false'
'accept_ra': '1'
'type': 'Ethernet'
'mtu': '1500'
'dns_nameservers': 'X.X.X.1 X.X.X.1 X.X.X.1'
'interface': 'eth0'
'ipaddress': 'X.X.X.X/22'
'gateway': 'X.X.X.1'
'family': 'inet'
'eth0v6':
'enable': 'true'
'bootproto': 'none'
'peerdns': 'no'
'userctl': 'no'
'restart_all_nic': 'false'
'accept_ra': '1'
'autoconf': '0'
'type': 'Ethernet'
'mtu': '1500'
'interface': 'eth0'
'ipaddress': 'X.X.X.1::85/64'
'gateway': 'X.X.X.1::1'
'family': 'inet6'
Configuration of multiple static routes (using the network::route
define, when more than one route is added the elements of the arrays have to be ordered coherently):
network::routes_hash:
eth0:
ipaddress:
- 99.99.228.0
- 100.100.244.0
netmask:
- 255.255.255.0
- 255.255.252.0
gateway:
- 192.168.0.1
- 174.136.107.1
Configuration of multiple static routes (using the newer network::mroute
define) you can specify as gateway either a device or an IP or also add a table reference:
network::mroutes_hash:
eth0:
routes:
99.99.228.0/24: eth0
100.100.244.0/22: 174.136.107.1
101.99.228.0/24: 'eth0 table 1'
Operating Systems Support
This is tested on these OS:
- RedHat
- 5
- 6
- 7
- Debian
- 6
- 7
- 8
- Ubuntu
- 10.04
- 12.04
- 14.04
- partly verified on Ubuntu 16.04
- Suse (ifrule files are only supported on Suse with wicked >= 0.6.33)
- OpenSuse 12
- SLES 11SP3
- SLES 12SP1
- SLES 15
Development
Pull requests (PR) and bug reports via GitHub are welcomed.
When submitting PR please follow these quidelines:
- Provide puppet-lint compliant code
- If possible provide rspec tests
- Follow the module style and stdmod naming standards
When submitting bug report please include or link:
- The Puppet code that triggers the error
- The output of facter on the system where you try it
- All the relevant error logs
- Any other information useful to understand the context
2019-12-24 Release 3.5.3
- Added support for Rhel 8 #292 #296 (olifre FcoCalero)
- Fixed forge package with .git dir #298 (a3li)
- Fixed network::conf resource relationship managemeng #290 and #289 (findmyname666)
- Added table support on mroute for RedHat (odivlad)
2019-10-11 Release 3.5.2
- Fixed gateway management on RedHat interfaces with multiple IP #176
- Fixed 'string compared wit an integer' on Suse (pseiler)
- Feature/hash policy (benibr)
- Added all bonding opts to redhat template (benibr)
- Deploy rule6 on RedHat - Fixes #279 (peterverraedt)
- Ubuntu/Debian route up/down fix #278 (elmobp)
2019-04-05 Release 3.5.1
- Added support for add support for InfiniBand interface type on RHEL based Systems (odivlad)
- Removing incorrect network prefix format from yaml example (jimmyt86)
- Added support for Add support for PREFIX parameter as an alternative to NETMASK on RHEL based systems #263 (mrolli)
- Added support for up to 3 DNS Servers in resolve.conf #258 (juztas)
2018-10-01 Release 3.5.0
- Use _cidr variable to generate routing config on EL #250 (stdietrich)
- Added support for routes with multiple GWs for RedHat and Debian #244 (odvlad)
- Added support for Ubuntu 1804 (legacy networking without netplan) #203
- Added missing IPv6 parameters on RedHat systems #242 (NiklausHofer)
2019-06-15 Release 3.4.5
- Fixed incorrect variable names for extra_options #239 (beergeek)
2018-06-11 Release 3.4.4
- Added extraoptions$family params to network::interface
- Added vid option to network::interface #237 (kobybr)
- Added support for IPV6ADDR_SECONDARIES on Red Hat systems (tjikkun)
- Add new mtu parameter to routes (tt-mtc)
- Added per family extra_options param to network::interface
- Added VID parameter to RedHat template (kobybr)
2018-05-05 Release 3.4.3
- Fixed support for Debian 9 #206 (dakr@solute.de)
2018-04-28 Release 3.4.2
- Added ipv6 support for RedHat routes #213 (tor.ledre@gmail.com)
- Added ipv6 support for ip rule #213 (i.garnizov@gmail.com)
2018-04-01 Release 3.4.1
- Fix for Hostname isn't set without gateway #208
- Fix for Debian version comparison
- Documentation improvements (i.garnizov@gmail.com)
2018-03-31 Release 3.4.0
- Added nm_name parameter for RedHat interfaces #184
- Added option to customise route up template in network::mroute #121
- Fix for vlan package on Debian 9 #205
- Added VRF support for Cumulus Linux
- Support for Suse pre/post scripts
- Add IPv6 support for Debian in network::interface
- Add OVS support for Debian in network::interface
2015-12-30 Release 3.2.0
- Added network::mroute define
- Smaller fixes and enhancements
2013-11-18 Release 3.0.1
- Basic module based on stdmod/puppet-skeleton-standard
- Added network::interfaces define
Dependencies
- puppetlabs/stdlib (>= 2.0.1 <7.0.0)
- puppetlabs/concat (>= 1.0.0 <7.0.0)
Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.