Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F3743973
D2581.id6597.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
19 KB
Referenced Files
None
Subscribers
None
D2581.id6597.diff
View Options
diff --git a/_modules/node.py b/_modules/node.py
--- a/_modules/node.py
+++ b/_modules/node.py
@@ -11,6 +11,7 @@
from salt.exceptions import CommandExecutionError, SaltCloudConfigError
+from salt._compat import ipaddress
def _get_all_nodes():
@@ -218,3 +219,43 @@
ipv6 = __grains__.get("ipv6")
return " ".join(["[" + ip + "]" for ip in ipv6])
+
+
+def resolve_network():
+ """
+ A function to determine canonical properties of networks
+ from the nodes pillar.
+
+ CLI Example:
+ salt * node.resolve_network
+ """
+ network = {
+ "ipv4_address": "",
+ "ipv4_gateway": "",
+ }
+ private_network = network.copy()
+
+ interfaces = _get_property("network:interfaces", __grains__["id"], {})
+ for interface_name, interface in interfaces.items():
+ if "ipv4" not in interface:
+ continue
+
+ ipv4 = interface["ipv4"]["address"]
+ if ipaddress.ip_address(ipv4).is_private:
+ target = private_network
+ else:
+ target = network
+
+ if target["ipv4_address"] != "":
+ continue
+
+ target["ipv4_address"] = ipv4
+ try:
+ target["ipv4_gateway"] = interface["ipv4"]["gateway"]
+ except KeyError:
+ pass
+
+ if network["ipv4_address"] == "":
+ return private_network
+
+ return network
diff --git a/_tests/data/forests.yaml b/_tests/data/forests.yaml
--- a/_tests/data/forests.yaml
+++ b/_tests/data/forests.yaml
@@ -9,11 +9,28 @@
hostname: egladil.lothlorien.forest
roles:
- treecity
+ network:
+ interfaces:
+ net01:
+ ipv4:
+ address: 1.2.3.4 #public
+ gateway: 1.2.3.254
+ net02:
+ ipv4:
+ address: 10.100.0.4 #private
+ gateway: 10.100.0.1
+
entwash:
forest: fangorn
hostname: entwash.node
roles:
- border
+ network:
+ interfaces:
+ net02:
+ ipv4:
+ address: 10.100.0.5 #private
+ gateway: 10.100.0.1
items_by_role:
treecity:
diff --git a/_tests/modules/test_node.py b/_tests/modules/test_node.py
--- a/_tests/modules/test_node.py
+++ b/_tests/modules/test_node.py
@@ -1,6 +1,7 @@
#!/usr/bin/env python3
from importlib.machinery import SourceFileLoader
+from unittest_data_provider import data_provider
import unittest
@@ -104,6 +105,52 @@
node.get_ipv6_list(),
)
+ resolved_networks = lambda: (
+ (
+ "egladil",
+ {
+ "ipv4_address": "1.2.3.4",
+ "ipv4_gateway": "1.2.3.254",
+ },
+ ),
+ (
+ "entwash",
+ {
+ "ipv4_address": "10.100.0.5",
+ "ipv4_gateway": "10.100.0.1",
+ },
+ ),
+ )
+
+ @data_provider(resolved_networks)
+ def test_resolve_network(self, id, expected):
+ self.grains["id"] = id
+ self.assertEqual(expected, node.resolve_network())
+
+ def test_resolve_network_without_gateway(self):
+ expected = {
+ "ipv4_address": "10.100.0.5",
+ "ipv4_gateway": "",
+ }
+
+ self.grains["id"] = "entwash"
+ del self.pillar["nodes"]["entwash"]["network"]["interfaces"]["net02"]["ipv4"][
+ "gateway"
+ ]
+
+ self.assertEqual(expected, node.resolve_network())
+
+ def test_resolve_network_without_any_network(self):
+ expected = {
+ "ipv4_address": "",
+ "ipv4_gateway": "",
+ }
+
+ self.grains["id"] = "entwash"
+ del self.pillar["nodes"]["entwash"]["network"]
+
+ self.assertEqual(expected, node.resolve_network())
+
if __name__ == "__main__":
unittest.main()
diff --git a/pillar/nodes/nodes.sls b/pillar/nodes/nodes.sls
--- a/pillar/nodes/nodes.sls
+++ b/pillar/nodes/nodes.sls
@@ -19,18 +19,23 @@
roles:
- opensearch
network:
- ipv4_interface: eno1
- ipv4_address: 188.165.200.229
- ipv4_gateway: 188.165.200.254
-
- ipv6_interface: eno1
- ipv6_address: fe80::ec4:7aff:fe6a:36e8
- ipv6_gateway: fe80::ee30:91ff:fee0:df80
- ipv6_prefix: 64
ipv6_native: True
-
ipv6_tunnel: False
+ canonical_public_ipv4: 188.165.200.229
+
+ interfaces:
+ eno1:
+ device: eno1
+ ipv4:
+ address: 188.165.200.229
+ gateway: 188.165.200.254
+ ipv6:
+ address: fe80::ec4:7aff:fe6a:36e8
+ prefix: 64
+ gateway: fe80::ee30:91ff:fee0:df80
+
+
dwellers:
forest: nasqueron-infra
hostname: dwellers.nasqueron.org
@@ -41,16 +46,25 @@
flags:
install_docker_devel_tools: True
network:
- ipv4_address: 51.255.124.11
- ipv4_gateway: 91.121.86.254
+ ipv6_tunnel: True
- private_interface:
- uuid: 8e8ca793-b2eb-46d8-9266-125aba6d06c4
- device: ens224
- address: 172.27.27.4
- netmask: 255.255.255.0
+ canonical_public_ipv4: 51.255.124.11
- ipv6_tunnel: True
+ interfaces:
+ ens192:
+ device: ens192
+ uuid: 6e05ebea-f2fd-4ca1-a21f-78a778664d8c
+ ipv4:
+ address: 51.255.124.11
+ gateway: 91.121.86.254
+
+ ens224:
+ device: ens224
+ uuid: 8e8ca793-b2eb-46d8-9266-125aba6d06c4
+ ipv4:
+ address: 172.27.27.4
+ netmask: &drake_netmask 255.255.255.0
+ gateway: 172.27.27.1
docker-001:
forest: nasqueron-infra
@@ -58,16 +72,25 @@
roles:
- paas-docker
network:
- ipv4_address: 51.255.124.9
- ipv4_gateway: 91.121.86.254
+ ipv6_tunnel: False
- private_interface:
- uuid: 3fd0b9f8-ecc3-400d-bc61-3ba21d0b6337
- device: ens224
- address: 172.27.27.6
- netmask: 255.255.255.0
+ canonical_public_ipv4: 51.255.124.9
- ipv6_tunnel: False
+ interfaces:
+ ens192:
+ device: ens192
+ uuid: ef7370c5-5060-4d89-82bb-dbeabf4a35f6
+ ipv4:
+ address: 51.255.124.9
+ gateway: 91.121.86.254
+
+ ens224:
+ device: ens224
+ uuid: 3fd0b9f8-ecc3-400d-bc61-3ba21d0b6337
+ ipv4:
+ address: 172.27.27.6
+ netmask: *drake_netmask
+ gateway: 172.27.27.1
router-001:
forest: nasqueron-infra
@@ -75,18 +98,24 @@
roles:
- router
network:
- ipv4_interface: vmx0
- ipv4_address: 51.255.124.8
- ipv4_netmask: 255.255.255.255
- ipv4_gateway: 91.121.86.254
ipv4_ovh_failover: True
+ ipv6_tunnel: False
- private_interface:
- device: vmx1
- address: 172.27.27.1
- netmask: 255.255.255.0
+ canonical_public_ipv4: 51.255.124.8
- ipv6_tunnel: False
+ interfaces:
+ vmx0:
+ device: vmx0
+ ipv4:
+ address: 51.255.124.8
+ netmask: 255.255.255.255
+ gateway: 91.121.86.254
+
+ vmx1:
+ device: vmx1
+ ipv4:
+ address: 172.27.27.1
+ netmask: &intranought_netmask 255.255.255.240
ysul:
forest: nasqueron-dev
@@ -99,15 +128,20 @@
zfs:
pool: arcology
network:
- ipv4_interface: igb0
- ipv4_address: 163.172.49.16
- ipv4_gateway: 163.172.49.1
- ipv4_aliases:
- - 212.83.187.132
-
ipv6_tunnel: True
ipv6_gateway: 2001:470:1f12:9e1::1
+ canonical_public_ipv4: 212.83.187.132
+
+ interfaces:
+ igb0:
+ device: igb0
+ ipv4:
+ address: 163.172.49.16
+ gateway: 163.172.49.1
+ aliases:
+ - 212.83.187.132
+
windriver:
forest: nasqueron-dev
hostname: windriver.nasqueron.org
@@ -119,18 +153,22 @@
zfs:
pool: arcology
network:
- ipv4_interface: igb0
- ipv4_address: 51.159.18.59
- ipv4_gateway: 51.159.18.1
-
- ipv6_interface: igb0
- ipv6_address: 2001:0bc8:6005:0005:aa1e:84ff:fef3:5d9c
- ipv6_gateway: fe80::a293:51ff:feb7:5073
- ipv6_prefix: 128
ipv6_native: True
-
ipv6_tunnel: False
+ canonical_public_ipv4: 51.159.18.59
+
+ interfaces:
+ igb0:
+ device: igb0
+ ipv4:
+ address: 51.159.18.59
+ gateway: 51.159.18.1
+ ipv6:
+ address: 2001:0bc8:6005:0005:aa1e:84ff:fef3:5d9c
+ gateway: fe80::a293:51ff:feb7:5073
+ prefix: 128
+
##
## Forest: Eglide
## Semantic field: ? (P27 used for "Eglide" too)
@@ -145,10 +183,19 @@
roles:
- shellserver
network:
- ipv4_interface: ens2
- ipv4_address: 51.159.150.221
- ipv4_gateway: ""
-
ipv6_tunnel: True
+
+ canonical_public_ipv4: 51.159.150.221
+
+ interfaces:
+ ens2:
+ device: ens2
+ ipv4:
+ address: 51.159.150.221
+ gateway: ""
+ flags:
+ # This interface is configured by cloud-init
+ - skip_interface_configuration
+
fixes:
rsyslog_xconsole: True
diff --git a/roles/core/motd/init.sls b/roles/core/motd/init.sls
--- a/roles/core/motd/init.sls
+++ b/roles/core/motd/init.sls
@@ -7,7 +7,7 @@
# -------------------------------------------------------------
{% set motd_path = salt['motd.get_path']() %}
-{% set network = salt['node.get']('network') %}
+{% set network = salt['node.resolve_network()'] %}
motd:
file.managed:
diff --git a/roles/core/network/files/FreeBSD/netif_ipv4.rc b/roles/core/network/files/Debian/10-net.jinja
copy from roles/core/network/files/FreeBSD/netif_ipv4.rc
copy to roles/core/network/files/Debian/10-net.jinja
--- a/roles/core/network/files/FreeBSD/netif_ipv4.rc
+++ b/roles/core/network/files/Debian/10-net.jinja
@@ -1,9 +1,9 @@
# -------------------------------------------------------------
-# Network — rc configuration
+# Network — interfaces configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
-# Source file: roles/core/network/files/FreeBSD/netif_ipv4.rc
+# Source file: roles/core/network/files/Debian/10-net.jinja
# -------------------------------------------------------------
#
# <auto-generated>
@@ -13,7 +13,10 @@
# and will be lost if the state is redeployed.
# </auto-generated>
-ifconfig_{{ interface }}="inet {{ ipv4_address }} netmask {{ ipv4_netmask }}"
-{%- for ip in ipv4_aliases %}
-ifconfig_{{ interface }}_alias{{ loop.index0 }}="inet {{ ip }} netmask 255.255.255.255"
-{% endfor -%}
+auto {{ interface.device }}
+iface {{ interface.device }} inet static
+ address {{ interface.ipv4.address }}
+ netmask {{ interface.ipv4.netmask }}
+ {% if "gateway" in interface.ipv4 %}
+ gateway {{ interface.ipv4.gateway }}
+ {% endif %}
diff --git a/roles/core/network/files/FreeBSD/netif_ipv4.rc b/roles/core/network/files/FreeBSD/netif_ipv4.rc
--- a/roles/core/network/files/FreeBSD/netif_ipv4.rc
+++ b/roles/core/network/files/FreeBSD/netif_ipv4.rc
@@ -13,7 +13,7 @@
# and will be lost if the state is redeployed.
# </auto-generated>
-ifconfig_{{ interface }}="inet {{ ipv4_address }} netmask {{ ipv4_netmask }}"
-{%- for ip in ipv4_aliases %}
-ifconfig_{{ interface }}_alias{{ loop.index0 }}="inet {{ ip }} netmask 255.255.255.255"
+ifconfig_{{ interface.device }}="inet {{ interface.address }} netmask {{ interface.netmask }}"
+{%- for ip in interface.get("aliases", []) %}
+ifconfig_{{ interface.device }}_alias{{ loop.index0 }}="inet {{ ip }} netmask 255.255.255.255"
{% endfor -%}
diff --git a/roles/core/network/files/RedHat/ifcfg-private b/roles/core/network/files/RedHat/ifcfg
rename from roles/core/network/files/RedHat/ifcfg-private
rename to roles/core/network/files/RedHat/ifcfg
--- a/roles/core/network/files/RedHat/ifcfg-private
+++ b/roles/core/network/files/RedHat/ifcfg
@@ -3,7 +3,7 @@
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
-# Source file: roles/core/network/files/RedHat/ifcfg-private
+# Source file: roles/core/network/files/RedHat/ifcfg
# -------------------------------------------------------------
#
# <auto-generated>
@@ -18,7 +18,7 @@
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
-IPV4_FAILURE_FATAL=no
+IPV4_FAILURE_FATAL=yes
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
@@ -28,5 +28,5 @@
UUID={{ interface.uuid }}
DEVICE={{ interface.device }}
ONBOOT=yes
+IPADDR={{ interface.ipv4.address }}
PREFIX={{ prefix }}
-IPADDR={{ interface.address }}
diff --git a/roles/core/network/init.sls b/roles/core/network/init.sls
--- a/roles/core/network/init.sls
+++ b/roles/core/network/init.sls
@@ -9,12 +9,11 @@
include:
- .ipv4
- .ipv6
- - .private
- .gre
# Drake can be configured as:
#
-# - private (e.g. IntraNought network cards on EXSi hypervisor VMs)
+# - ipv4 (e.g. IntraNought network cards on EXSi hypervisor VMs)
# - gre (e.g. isolated servers needing a tunnel)
#
# Both are needed for servers with router role.
diff --git a/roles/core/network/ipv4.sls b/roles/core/network/ipv4.sls
--- a/roles/core/network/ipv4.sls
+++ b/roles/core/network/ipv4.sls
@@ -6,24 +6,34 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
+{% from "roles/core/network/map.jinja" import interface_config with context %}
{% set network = salt['node.get']('network') %}
# -------------------------------------------------------------
# Interface
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os'] == 'FreeBSD' %}
-/etc/rc.conf.d/netif/ipv4_{{ network['ipv4_interface'] }}:
+{% for interface_name, interface in network["interfaces"] %}
+
+{% if "skip_interface_configuration" not in interface.get("flags", []) %}
+network_ipv4_{{ interface_name }}:
file.managed:
- - source: salt://roles/core/network/files/FreeBSD/netif_ipv4.rc
+ {% if interface_config["suffix"] == "interface" %}
+ - name : {{ interface_config["config_path"] }}{{ interface_name }}
+ {% else %}
+ - name : {{ interface_config["config_path"] }}{{ interface["device"] }}
+ {% endif %}
+ - source: salt://roles/core/network/files/{{ interface_config["source_path"] }}
- makedirs: True
- template: jinja
- - context:
- interface: {{ network['ipv4_interface'] }}
- ipv4_address: {{ network['ipv4_address'] }}
- ipv4_netmask: {{ network['ipv4_netmask'] | default('255.255.255.0') }}
- ipv4_aliases: {{ salt['node.get_list']('network:ipv4_aliases') }}
+ - defaults:
+ interface: {{ interface }}
+{% if grains['os_family'] == 'RedHat' %}
+ prefix: {{ salt['network_utils.netmask_to_cidr_prefix'](interface['netmask']) }}
{% endif %}
+{% endif %}
+
+{% endfor %}
# -------------------------------------------------------------
# Routes
diff --git a/roles/core/network/ipv6.sls b/roles/core/network/ipv6.sls
--- a/roles/core/network/ipv6.sls
+++ b/roles/core/network/ipv6.sls
@@ -26,19 +26,27 @@
{% if salt['node.has']('network:ipv6_native') %}
+{% for interface_name, interface in network["interfaces"] %}
+
+{% if "gateway" in interface["ipv6"] %}
+{% set ipv6_gateway = interface["ipv6"]["gateway"] %}
+{% endif %}
+
{% if grains['os'] == 'FreeBSD' %}
-/etc/rc.conf.d/netif/ipv6_{{ network['ipv6_interface'] }}:
+/etc/rc.conf.d/netif/ipv6_{{ interface['device'] }}:
file.managed:
- source: salt://roles/core/network/files/FreeBSD/netif_ipv6.rc
- makedirs: True
- template: jinja
- context:
- interface: {{ network['ipv6_interface'] }}
- ipv6_address: {{ network['ipv6_address'] }}
- ipv6_prefix: {{ network['ipv6_prefix'] | default(64) }}
+ interface: {{ interface['device'] }}
+ ipv6_address: {{ interface['ipv6']['address'] }}
+ ipv6_prefix: {{ interface['ipv6']['prefix'] | default(64) }}
has_native_ipv6: True
{% endif %}
+{% endfor %}
+
{% endif %}
# -------------------------------------------------------------
@@ -67,7 +75,7 @@
- makedirs: True
- template: jinja
- context:
- ipv6_gateway: {{ network['ipv6_gateway'] }}
+ ipv6_gateway: {{ ipv6_gateway }}
{% endif %}
{% endif %}
diff --git a/roles/core/network/map.jinja b/roles/core/network/map.jinja
new file mode 100644
--- /dev/null
+++ b/roles/core/network/map.jinja
@@ -0,0 +1,34 @@
+# -------------------------------------------------------------
+# Salt — Network
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# Interface configuration by OS/distro
+#
+# config_path: the configuration file to write in OS
+# source_path: in this repo, roles/core/network/files/<source_path>
+#
+# Don't set default value, so we MUST define them
+# for EACH os/distro.
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{% set interface_config = salt['grains.filter_by']({
+ 'FreeBSD': {
+ "config_path": "/etc/rc.conf.d/netif/ipv4_",
+ "source_path": "FreeBSD/netif_ipv4.rc",
+ "suffix": "interface",
+ },
+ 'RedHat': {
+ "config_path": "/etc/sysconfig/network-scripts/ifcfg-",
+ "source_path": "RedHat/ifcfg",
+ "suffix": "device",
+ },
+ 'Debian': {
+ "config_path": "/etc/network/interfaces.d/10-net-",
+ "source_path": "Debian/10-net.jinja",
+ "suffix": "device",
+ },
+}) %}
diff --git a/roles/core/network/private.sls b/roles/core/network/private.sls
deleted file mode 100644
--- a/roles/core/network/private.sls
+++ /dev/null
@@ -1,41 +0,0 @@
-# -------------------------------------------------------------
-# Salt — Network
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Nasqueron
-# Created: 2020-09-24
-# License: Trivial work, not eligible to copyright
-# -------------------------------------------------------------
-
-{% set network = salt['node.get']('network') %}
-
-# -------------------------------------------------------------
-# Interface
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-{% if salt['node.has']('network:private_interface') %}
-{% set interface = network['private_interface'] %}
-
-{% if grains['os'] == 'FreeBSD' %}
-/etc/rc.conf.d/netif/ipv4_{{ network['private_interface'] }}:
- file.managed:
- - source: salt://roles/core/network/files/FreeBSD/netif_ipv4.rc
- - makedirs: True
- - template: jinja
- - context:
- interface: {{ interface['device'] }}
- ipv4_address: {{ interface['address'] }}
- ipv4_netmask: {{ interface['netmask'] | default('255.255.255.0') }}
- ipv4_aliases: {{ salt['node.get_list']('network:private_interface:aliases') }}
-{% endif %}
-
-{% if grains['os_family'] == 'RedHat' %}
-/etc/sysconfig/network-scripts/ifcfg-{{ interface['device'] }}:
- file.managed:
- - source: salt://roles/core/network/files/RedHat/ifcfg-private
- - template: jinja
- - context:
- interface: {{ interface }}
- prefix: {{ salt['network_utils.netmask_to_cidr_prefix'](interface['netmask']) }}
-{% endif %}
-
-{% endif %}
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sat, Nov 16, 02:10 (21 h, 22 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2246986
Default Alt Text
D2581.id6597.diff (19 KB)
Attached To
Mode
D2581: Simplify network configuration
Attached
Detach File
Event Timeline
Log In to Comment