Saltstack Official Linux Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

interface.sls 15KB

Network resolf.conf handling (#220) * Update file.sls add replace * Update file.sls update replace * Update job.sls Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign. https://docs.saltstack.com/en/master/ref/states/all/salt.states.cron.html * Update README.rst Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign. * Update README.rst * fix(deprecation): update to new method (#214) Signed-off-by: Felipe Zipitria <fzipitria@perceptyx.com> * Allow swap to be completely disabled * sort repos so they do not change order every run * allow use of new state syntax for module.run The new syntax has been supported since ~2017. From the docs, in case they change: ! New Style test.random_hash: module.run: - test.random_hash: - size: 42 - hash_type: sha256 ! Legacy Style test.random_hash: module.run: - size: 42 - hash_type: sha256 * Update map.jinja Add support fpr Ubuntu Focal. * Update file.sls added possibility to delete files * Network resolf.conf handling the handling as the Resolv.conf is generated and adapted, adapted. previously the Resolv.conf was created and then through Overwrite "network.system" in the interface.sls again. With two search servers that should actually be included. "search example.com. sudomain.example.com" but it always became that search ['example.com.', 'sudomain.example.com'] The resolv.conf was first created correctly but then overwritten again in the interface.sls. The problem only arises if you don't want to have a "Domain:" in resov.conf Co-authored-by: Felipe Zipitría <fzipi@fing.edu.uy> Co-authored-by: Kyle Gullion <kgullion@gmail.com> Co-authored-by: Matthew Thode <thode@fsi.io> Co-authored-by: Matthew Thode <mthode@mthode.org>
4 anni fa
Network resolf.conf handling (#220) * Update file.sls add replace * Update file.sls update replace * Update job.sls Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign. https://docs.saltstack.com/en/master/ref/states/all/salt.states.cron.html * Update README.rst Added the opportunity to set a job with a special keyword like '@reboot' or '@hourly'. Quotes must be used, otherwise PyYAML will strip the '@' sign. * Update README.rst * fix(deprecation): update to new method (#214) Signed-off-by: Felipe Zipitria <fzipitria@perceptyx.com> * Allow swap to be completely disabled * sort repos so they do not change order every run * allow use of new state syntax for module.run The new syntax has been supported since ~2017. From the docs, in case they change: ! New Style test.random_hash: module.run: - test.random_hash: - size: 42 - hash_type: sha256 ! Legacy Style test.random_hash: module.run: - size: 42 - hash_type: sha256 * Update map.jinja Add support fpr Ubuntu Focal. * Update file.sls added possibility to delete files * Network resolf.conf handling the handling as the Resolv.conf is generated and adapted, adapted. previously the Resolv.conf was created and then through Overwrite "network.system" in the interface.sls again. With two search servers that should actually be included. "search example.com. sudomain.example.com" but it always became that search ['example.com.', 'sudomain.example.com'] The resolv.conf was first created correctly but then overwritten again in the interface.sls. The problem only arises if you don't want to have a "Domain:" in resov.conf Co-authored-by: Felipe Zipitría <fzipi@fing.edu.uy> Co-authored-by: Kyle Gullion <kgullion@gmail.com> Co-authored-by: Matthew Thode <thode@fsi.io> Co-authored-by: Matthew Thode <mthode@mthode.org>
4 anni fa
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514
  1. {%- from "linux/map.jinja" import network with context %}
  2. {%- from "linux/map.jinja" import system with context %}
  3. {%- if network.enabled %}
  4. {%- set dpdk_enabled = network.get('dpdk', {}).get('enabled', False) %}
  5. {%- if dpdk_enabled %}
  6. include:
  7. - linux.network.dpdk
  8. {%- endif %}
  9. {%- macro set_param(param_name, param_dict) -%}
  10. {%- if param_dict.get(param_name, False) -%}
  11. - {{ param_name }}: {{ param_dict[param_name] }}
  12. {%- endif -%}
  13. {%- endmacro -%}
  14. {%- if network.bridge != 'none' %}
  15. linux_network_bridge_pkgs:
  16. pkg.installed:
  17. {%- if network.bridge == 'openvswitch' %}
  18. - pkgs: {{ network.ovs_pkgs | json }}
  19. {%- else %}
  20. - pkgs: {{ network.bridge_pkgs | json }}
  21. {%- endif %}
  22. {%- endif %}
  23. {%- for f in network.get('concat_iface_files', []) %}
  24. {%- if salt['file.file_exists'](f.src) %}
  25. append_{{ f.src }}_{{ f.dst }}:
  26. file.append:
  27. - name: {{ f.dst }}
  28. - source: {{ f.src }}
  29. remove_appended_{{ f.src }}:
  30. file.absent:
  31. - name: {{ f.src }}
  32. {%- endif %}
  33. {%- endfor %}
  34. {%- for f in network.get('remove_iface_files', []) %}
  35. remove_iface_file_{{ f }}:
  36. file.absent:
  37. - name: {{ f }}
  38. {%- endfor %}
  39. {%- if network.interface is defined %}
  40. remove_cloud_init_file:
  41. file.absent:
  42. - name: /etc/network/interfaces.d/50-cloud-init.cfg
  43. {%- endif %}
  44. {%- for interface_name, interface in network.interface.items() %}
  45. {%- set interface_name = interface.get('name', interface_name) %}
  46. {# add linux network interface into OVS dpdk bridge #}
  47. {%- if interface.type == 'dpdk_ovs_bridge' %}
  48. {%- for int_name, int in network.interface.items() %}
  49. {%- set int_name = int.get('name', int_name) %}
  50. {%- if int.ovs_bridge is defined and interface_name == int.ovs_bridge %}
  51. add_int_{{ int_name }}_to_ovs_dpdk_bridge_{{ interface_name }}:
  52. cmd.run:
  53. - unless: ovs-vsctl show | grep -w {{ int_name }}
  54. - name: ovs-vsctl{%- if network.ovs_nowait %} --no-wait{%- endif %} add-port {{ interface_name }} {{ int_name }}
  55. {%- endif %}
  56. {%- endfor %}
  57. linux_interfaces_include_{{ interface_name }}:
  58. file.prepend:
  59. - name: /etc/network/interfaces
  60. - text: |
  61. source /etc/network/interfaces.d/*
  62. # Workaround for Upstream-Bug: https://github.com/saltstack/salt/issues/40262
  63. source /etc/network/interfaces.u/*
  64. {# create override for openvswitch dependency for dpdk br-prv #}
  65. /etc/systemd/system/ifup@{{ interface_name }}.service.d/override.conf:
  66. file.managed:
  67. - makedirs: true
  68. - require:
  69. - cmd: linux_network_dpdk_bridge_interface_{{ interface_name }}
  70. - contents: |
  71. [Unit]
  72. Requires=openvswitch-switch.service
  73. After=openvswitch-switch.service
  74. dpdk_ovs_bridge_{{ interface_name }}:
  75. file.managed:
  76. - name: /etc/network/interfaces.u/ifcfg-{{ interface_name }}
  77. - makedirs: True
  78. - source: salt://linux/files/ovs_bridge
  79. - defaults:
  80. bridge: {{ interface|yaml }}
  81. bridge_name: {{ interface_name }}
  82. - template: jinja
  83. dpdk_ovs_bridge_up_{{ interface_name }}:
  84. cmd.run:
  85. - name: ifup {{ interface_name }}
  86. - require:
  87. - file: dpdk_ovs_bridge_{{ interface_name }}
  88. - file: linux_interfaces_final_include
  89. {%- endif %}
  90. {# it is not used for any interface with type preffix dpdk,eg. dpdk_ovs_port #}
  91. {%- if interface.get('managed', True) and not 'dpdk' in interface.type %}
  92. {%- if grains.os_family in ['RedHat', 'Debian'] %}
  93. {%- if interface.type == 'ovs_bridge' %}
  94. ovs_bridge_{{ interface_name }}_present:
  95. openvswitch_bridge.present:
  96. - name: {{ interface_name }}
  97. {# add linux network interface into OVS bridge #}
  98. {%- for int_name, int in network.interface.items() %}
  99. {%- set int_name = int.get('name', int_name) %}
  100. {%- if int.ovs_bridge is defined and interface_name == int.ovs_bridge %}
  101. add_int_{{ int_name }}_to_ovs_bridge_{{ interface_name }}:
  102. cmd.run:
  103. - unless: ovs-vsctl show | grep {{ int_name }}
  104. - name: ovs-vsctl{%- if network.ovs_nowait %} --no-wait{%- endif %} add-port {{ interface_name }} {{ int_name }}
  105. {%- endif %}
  106. {%- endfor %}
  107. linux_interfaces_include_{{ interface_name }}:
  108. file.prepend:
  109. - name: /etc/network/interfaces
  110. - text: |
  111. source /etc/network/interfaces.d/*
  112. # Workaround for Upstream-Bug: https://github.com/saltstack/salt/issues/40262
  113. source /etc/network/interfaces.u/*
  114. ovs_bridge_{{ interface_name }}:
  115. file.managed:
  116. - name: /etc/network/interfaces.u/ifcfg-{{ interface_name }}
  117. - makedirs: True
  118. - source: salt://linux/files/ovs_bridge
  119. - defaults:
  120. bridge: {{ interface|yaml }}
  121. bridge_name: {{ interface_name }}
  122. - template: jinja
  123. ovs_bridge_up_{{ interface_name }}:
  124. cmd.run:
  125. - name: ifup {{ interface_name }}
  126. - require:
  127. - file: ovs_bridge_{{ interface_name }}
  128. - file: linux_interfaces_final_include
  129. {%- elif interface.type == 'ovs_bond' %}
  130. ovs_bond_{{ interface_name }}:
  131. cmd.run:
  132. - name: ovs-vsctl add-bond {{ interface.bridge }} {{ interface_name }} {{ interface.slaves }} bond_mode={{ interface.mode }}
  133. - unless: ovs-vsctl show | grep -A 2 'Port.*{{ interface_name }}.'
  134. - require:
  135. - ovs_bridge_{{ interface.bridge }}_present
  136. {%- elif interface.type == 'ovs_port' %}
  137. {%- if interface.get('port_type','internal') == 'patch' %}
  138. ovs_port_{{ interface_name }}_present:
  139. openvswitch_port.present:
  140. - name: {{ interface_name }}
  141. - bridge: {{ interface.bridge }}
  142. - require:
  143. {%- if dpdk_enabled and network.interface.get(interface.bridge, {}).get('type', 'ovs_bridge') == 'dpdk_ovs_bridge' %}
  144. - cmd: linux_network_dpdk_bridge_interface_{{ interface.bridge }}
  145. {%- else %}
  146. - openvswitch_bridge: ovs_bridge_{{ interface.bridge }}_present
  147. {%- endif %}
  148. ovs_port_set_type_{{ interface_name }}:
  149. cmd.run:
  150. - name: ovs-vsctl{%- if network.ovs_nowait %} --no-wait{%- endif %} set interface {{ interface_name }} type=patch
  151. - unless: ovs-vsctl show | grep -A 1 'Interface {{ interface_name }}' | grep patch
  152. ovs_port_set_peer_{{ interface_name }}:
  153. cmd.run:
  154. - name: ovs-vsctl{%- if network.ovs_nowait %} --no-wait{%- endif %} set interface {{ interface_name }} options:peer={{ interface.peer }}
  155. - unless: ovs-vsctl show | grep -A 2 'Interface {{ interface_name }}' | grep {{ interface.peer }}
  156. {% if interface.tag is defined %}
  157. ovs_port_set_tag_{{ interface_name }}:
  158. cmd.run:
  159. - name: ovs-vsctl{%- if network.ovs_nowait %} --no-wait{%- endif %} set port {{ interface_name }} tag={{ interface.tag }}
  160. - unless: ovs-vsctl get Port {{ interface_name }} tag | grep -Fx {{ interface.tag }}
  161. {%- endif %}
  162. {%- else %}
  163. linux_interfaces_include_{{ interface_name }}:
  164. file.prepend:
  165. - name: /etc/network/interfaces
  166. - text: |
  167. source /etc/network/interfaces.d/*
  168. # Workaround for Upstream-Bug: https://github.com/saltstack/salt/issues/40262
  169. source /etc/network/interfaces.u/*
  170. ovs_port_{{ interface_name }}:
  171. file.managed:
  172. - name: /etc/network/interfaces.u/ifcfg-{{ interface_name }}
  173. - makedirs: True
  174. - source: salt://linux/files/ovs_port
  175. - defaults:
  176. port: {{ interface|yaml }}
  177. port_name: {{ interface_name }}
  178. auto: ""
  179. iface_inet: ""
  180. - template: jinja
  181. ovs_port_up_{{ interface_name }}:
  182. cmd.run:
  183. - name: ifup {{ interface_name }}
  184. - require:
  185. - file: ovs_port_{{ interface_name }}
  186. - openvswitch_bridge: ovs_bridge_{{ interface.bridge }}_present
  187. - file: linux_interfaces_final_include
  188. {%- endif %}
  189. {%- else %}
  190. linux_interface_{{ interface_name }}:
  191. network.managed:
  192. - enabled: {{ interface.enabled }}
  193. - name: {{ interface_name }}
  194. - type: {{ interface.type }}
  195. {%- if interface.address is defined %}
  196. {%- if grains.os_family == 'Debian' %}
  197. - proto: {{ interface.get('proto', 'static') }}
  198. {% endif %}
  199. {%- if grains.os_family == 'RedHat' %}
  200. {%- if interface.get('proto', 'none') == 'manual' %}
  201. - proto: 'none'
  202. {%- else %}
  203. - proto: {{ interface.get('proto', 'none') }}
  204. {%- endif %}
  205. {% endif %}
  206. - ipaddr: {{ interface.address }}
  207. - netmask: {{ interface.netmask }}
  208. {%- else %}
  209. - proto: {{ interface.get('proto', 'dhcp') }}
  210. {%- endif %}
  211. {%- if interface.type == 'slave' %}
  212. - master: {{ interface.master }}
  213. {%- endif %}
  214. {%- if interface.name_servers is defined %}
  215. - dns: {{ interface.name_servers }}
  216. {%- endif %}
  217. {%- if interface.wireless is defined and grains.os_family == 'Debian' %}
  218. {%- if interface.wireless.security == "wpa" %}
  219. - wpa-ssid: {{ interface.wireless.essid }}
  220. - wpa-psk: {{ interface.wireless.key }}
  221. {%- else %}
  222. - wireless-ssid: {{ interface.wireless.essid }}
  223. - wireless-psk: {{ interface.wireless.key }}
  224. {%- endif %}
  225. {%- endif %}
  226. {%- if pillar.linux.network.noifupdown is defined %}
  227. - noifupdown: {{ pillar.linux.network.noifupdown }}
  228. {%- endif %}
  229. {%- for param in network.interface_params %}
  230. {{ set_param(param, interface) }}
  231. {%- endfor %}
  232. {%- if interface.require_interfaces is defined %}
  233. - require:
  234. {%- for netif in interface.get('require_interfaces', []) %}
  235. - network: linux_interface_{{ netif }}
  236. {%- endfor %}
  237. {%- for network in interface.get('use_ovs_ports', []) %}
  238. - cmd: ovs_port_up_{{ network }}
  239. {%- endfor %}
  240. {%- endif %}
  241. {%- if interface.type == 'bridge' %}
  242. - bridge: {{ interface_name }}
  243. - delay: 0
  244. - bypassfirewall: True
  245. - use:
  246. {%- for network in interface.use_interfaces %}
  247. - network: linux_interface_{{ network }}
  248. {%- endfor %}
  249. - ports: {% for network in interface.get('use_interfaces', []) %}{{ network }} {% endfor %}{% for network in interface.get('use_ovs_ports', []) %}{{ network }} {% endfor %}
  250. - require:
  251. {%- for network in interface.get('use_interfaces', []) %}
  252. - network: linux_interface_{{ network }}
  253. {%- endfor %}
  254. {%- for network in interface.get('use_ovs_ports', []) %}
  255. - cmd: ovs_port_up_{{ network }}
  256. {%- endfor %}
  257. {%- endif %}
  258. {%- if interface.type == 'bond' %}
  259. - slaves: {{ interface.slaves }}
  260. - mode: {{ interface.mode }}
  261. {%- endif %}
  262. {%- if salt['grains.get']('saltversion') < '2017.7' %}
  263. # TODO(ddmitriev): Remove this 'if .. endif' block completely when
  264. # switched to salt version 2017.7 that has the same functionality.
  265. {%- if interface.type == 'bond' and interface.enabled == True %}
  266. linux_bond_interface_{{ interface_name }}:
  267. cmd.run:
  268. - name: ifenslave {{ interface_name }} {{ interface.slaves }}
  269. - require:
  270. - network: linux_interface_{{ interface_name }}
  271. - onchanges:
  272. - network: linux_interface_{{ interface_name }}
  273. {%- for network in interface.slaves.split() %}
  274. - network: linux_interface_{{ network }}
  275. {%- endfor %}
  276. {%- endif %}
  277. {%- endif %}
  278. {%- for network in interface.get('use_ovs_ports', []) %}
  279. remove_interface_{{ network }}_line1:
  280. file.replace:
  281. - name: /etc/network/interfaces
  282. - pattern: auto {{ network }}$
  283. - repl: ""
  284. remove_interface_{{ network }}_line2:
  285. file.replace:
  286. - name: /etc/network/interfaces
  287. - pattern: iface {{ network }} inet manual
  288. - repl: ""
  289. {%- endfor %}
  290. {%- if interface.gateway is defined and network.resolv is not defined %}
  291. linux_system_network:
  292. network.system:
  293. - enabled: {{ interface.enabled }}
  294. - hostname: {{ network.fqdn }}
  295. {%- if interface.gateway is defined %}
  296. - gateway: {{ interface.gateway }}
  297. - gatewaydev: {{ interface_name }}
  298. {%- endif %}
  299. - nozeroconf: True
  300. - nisdomain: {{ system.domain }}
  301. - require_reboot: True
  302. {%- endif %}
  303. {%- endif %}
  304. {%- endif %}
  305. {%- if interface.wireless is defined %}
  306. {%- if grains.os_family == 'Arch' %}
  307. linux_network_packages:
  308. pkg.installed:
  309. - pkgs: {{ network.pkgs | json }}
  310. /etc/netctl/network_{{ interface.wireless.essid }}:
  311. file.managed:
  312. - source: salt://linux/files/wireless
  313. - mode: 755
  314. - template: jinja
  315. - require:
  316. - pkg: linux_network_packages
  317. - defaults:
  318. interface_name: {{ interface_name }}
  319. switch_profile_{{ interface.wireless.essid }}:
  320. cmd.run:
  321. - name: netctl switch-to network_{{ interface.wireless.essid }}
  322. - cwd: /root
  323. - unless: "iwconfig {{ interface_name }} | grep -e 'ESSID:\"{{ interface.wireless.essid }}\"'"
  324. - require:
  325. - file: /etc/netctl/network_{{ interface.wireless.essid }}
  326. enable_profile_{{ interface.wireless.essid }}:
  327. cmd.run:
  328. - name: netctl enable network_{{ interface.wireless.essid }}
  329. - cwd: /root
  330. - unless: test -e /etc/systemd/system/multi-user.target.wants/netctl@network_{{ interface.wireless.essid }}.service
  331. - require:
  332. - file: /etc/netctl/network_{{ interface.wireless.essid }}
  333. {%- endif %}
  334. {%- endif %}
  335. {%- endif %}
  336. {%- if interface.route is defined %}
  337. linux_network_{{ interface_name }}_routes:
  338. network.routes:
  339. - name: {{ interface_name }}
  340. - routes:
  341. {%- for route_name, route in interface.route.items() %}
  342. - name: {{ route_name }}
  343. ipaddr: {{ route.address }}
  344. netmask: {{ route.netmask }}
  345. {%- if route.gateway is defined %}
  346. gateway: {{ route.gateway }}
  347. {%- endif %}
  348. {%- endfor %}
  349. {%- if interface.noifupdown is defined %}
  350. - require_reboot: {{ interface.noifupdown }}
  351. {%- endif %}
  352. {%- endif %}
  353. {%- if interface.type in ('eth','ovs_port') %}
  354. {%- if interface.get('ipflush_onchange', False) %}
  355. linux_interface_ipflush_onchange_{{ interface_name }}:
  356. cmd.run:
  357. - name: "/sbin/ip address flush dev {{ interface_name }}"
  358. {%- if interface.type == 'eth' %}
  359. - onchanges:
  360. - network: linux_interface_{{ interface_name }}
  361. {%- elif interface.type == 'ovs_port' %}
  362. - onchanges:
  363. - file: ovs_port_{{ interface_name }}
  364. {%- endif %}
  365. {%- if interface.get('restart_on_ipflush', False) %}
  366. linux_interface_restart_on_ipflush_{{ interface_name }}:
  367. cmd.run:
  368. - name: "ifdown {{ interface_name }}; ifup {{ interface_name }};"
  369. - onchanges:
  370. - cmd: linux_interface_ipflush_onchange_{{ interface_name }}
  371. {%- endif %}
  372. {%- endif %}
  373. {%- endif %}
  374. {%- endfor %}
  375. {%- if network.bridge != 'none' %}
  376. linux_interfaces_final_include:
  377. file.prepend:
  378. - name: /etc/network/interfaces
  379. - text: |
  380. source /etc/network/interfaces.d/*
  381. # Workaround for Upstream-Bug: https://github.com/saltstack/salt/issues/40262
  382. source /etc/network/interfaces.u/*
  383. linux_interfaces_final_include_no_requisite:
  384. file.prepend:
  385. - name: /etc/network/interfaces
  386. - text: |
  387. source /etc/network/interfaces.d/*
  388. # Workaround for Upstream-Bug: https://github.com/saltstack/salt/issues/40262
  389. source /etc/network/interfaces.u/*
  390. {%- endif %}
  391. {%- endif %}
  392. {%- if network.network_manager.disable is defined and network.network_manager.disable == True %}
  393. NetworkManager:
  394. service.dead:
  395. - enable: false
  396. {%- endif %}
  397. {%- if network.tap_custom_txqueuelen is defined %}
  398. /etc/udev/rules.d/60-net-txqueue.rules:
  399. file.managed:
  400. - source: salt://linux/files/60-net-txqueue.rules
  401. - mode: 755
  402. - template: jinja
  403. - defaults:
  404. tap_custom_txqueuelen: {{ network.tap_custom_txqueuelen }}
  405. udev_reload_rules:
  406. cmd.run:
  407. - name: "/bin/udevadm control --reload-rules"
  408. - onchanges:
  409. - file: /etc/udev/rules.d/60-net-txqueue.rules
  410. udev_retrigger:
  411. cmd.run:
  412. - name: "/bin/udevadm trigger --attr-match=subsystem=net"
  413. - onchanges:
  414. - udev_reload_rules
  415. {%- endif %}