Introducing NetworkManager/system-connections

EL9 (almalinux,centos,rhel,rocky) have changed where the default storage of network-configuration files. And also the format, from old network-scripts to NetworkManager keyfiles. These new templates implement (atleast partial) functionality of network-scripts in NetworkManager keyfile style. https://www.redhat.com/en/blog/rhel-9-networking-say-goodbye-ifcfg-files-and-hello-keyfiles
michaelrigart · Dec 10, 2022 · e26d36f · e26d36f
1 parent ac286fe
commit e26d36f
Show file tree

Hide file tree

Showing 11 changed files with 289 additions and 18 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,5 +1,6 @@
 ---
 interfaces_use_networkmanager: "{{ ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version | int >= 9 }}"
+interfaces_use_nmconnection: "{{ ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version | int >= 9 }}"
 
 interfaces_pkg_state: present
 interfaces_route_tables: []

diff --git a/tasks/bond_configuration.yml b/tasks/bond_configuration.yml
@@ -15,8 +15,9 @@
 - name: Create the network configuration file for bond devices
   become: true
   template:
-    src: 'bond_{{ ansible_facts.os_family }}.j2'
-    dest: '{{ interfaces_net_path }}/ifcfg-{{ item.device }}'
+    src: "bond_{{ interfaces_use_nmconnection | ternary('nmconnection', ansible_facts.os_family) }}.j2"
+    dest: "{{ interfaces_net_path }}/{{ interfaces_use_nmconnection | ternary(item.device ~ '.nmconnection', 'ifcfg-' ~ item.device) }}"
+    mode: "{{ interfaces_use_nmconnection | ternary('0600', omit) }}"
   with_items: '{{ interfaces_bond_interfaces }}'
   register: bond_result
   notify:
@@ -35,6 +36,7 @@
   when:
     - item.route is defined
     - ansible_facts.os_family == 'RedHat'
+    - not interfaces_use_nmconnection
   register: bond_route_add_result
   notify:
     - Bounce network devices
@@ -46,7 +48,7 @@
     state: absent
   with_items: '{{ interfaces_bond_interfaces }}'
   when:
-    - item.route is not defined
+    - item.route is not defined or interfaces_use_nmconnection
     - ansible_facts.os_family == 'RedHat'
   register: bond_route_del_result
   notify:
@@ -61,6 +63,7 @@
   when:
     - item.rules is defined
     - ansible_facts.os_family == 'RedHat'
+    - not interfaces_use_nmconnection
   register: bond_rule_add_result
   notify:
     - Bounce network devices
@@ -72,7 +75,7 @@
     state: absent
   with_items: '{{ interfaces_bond_interfaces }}'
   when:
-    - item.rules is not defined
+    - item.rules is not defined or interfaces_use_nmconnection
     - ansible_facts.os_family == 'RedHat'
   register: bond_rule_del_result
   notify:
@@ -81,8 +84,9 @@
 - name: Create the network configuration file for slave in the bond devices
   become: true
   template:
-    src: 'bond_slave_{{ ansible_facts.os_family }}.j2'
-    dest: '{{ interfaces_net_path }}/ifcfg-{{ item.1 }}'
+    src: "bond_slave_{{ interfaces_use_nmconnection | ternary('nmconnection', ansible_facts.os_family) }}.j2"
+    dest: "{{ interfaces_net_path }}/{{ interfaces_use_nmconnection | ternary(item.1 ~ '.nmconnection', 'ifcfg-' ~ item.1) }}"
+    mode: "{{ interfaces_use_nmconnection | ternary('0600', omit) }}"
   with_subelements:
     - "{{ interfaces_bond_interfaces }}"
     - bond_slaves

diff --git a/tasks/bridge_configuration.yml b/tasks/bridge_configuration.yml
@@ -15,8 +15,9 @@
 - name: Create the network configuration file for bridge devices
   become: true
   template:
-    src: 'bridge_{{ ansible_facts.os_family }}.j2'
-    dest: '{{ interfaces_net_path }}/ifcfg-{{ item.device }}'
+    src: "bridge_{{ interfaces_use_nmconnection | ternary('nmconnection', ansible_facts.os_family) }}.j2"
+    dest: "{{ interfaces_net_path }}/{{ interfaces_use_nmconnection | ternary(item.device ~ '.nmconnection', 'ifcfg-' ~ item.device) }}"
+    mode: "{{ interfaces_use_nmconnection | ternary('0600', omit) }}"
   with_items: '{{ interfaces_bridge_interfaces }}'
   register: bridge_result
   notify:
@@ -31,6 +32,7 @@
   when:
     - item.route is defined
     - ansible_facts.os_family == 'RedHat'
+    - not interfaces_use_nmconnection
   register: bridge_route_add_result
   notify:
     - Bounce network devices
@@ -42,7 +44,7 @@
     state: absent
   with_items: '{{ interfaces_bridge_interfaces }}'
   when:
-    - item.route is not defined
+    - item.route is not defined or interfaces_use_nmconnection
     - ansible_facts.os_family == 'RedHat'
   register: bridge_route_del_result
   notify:
@@ -57,6 +59,7 @@
   when:
     - item.rules is defined
     - ansible_facts.os_family == 'RedHat'
+    - not interfaces_use_nmconnection
   register: bridge_rule_add_result
   notify:
     - Bounce network devices
@@ -68,7 +71,7 @@
     state: absent
   with_items: '{{ interfaces_bridge_interfaces }}'
   when:
-    - item.rules is not defined
+    - item.rules is not defined or interfaces_use_nmconnection
     - ansible_facts.os_family == 'RedHat'
   register: bridge_rule_del_result
   notify:
@@ -77,8 +80,9 @@
 - name: Create the network configuration file for port on the bridge devices
   become: true
   template:
-    src: 'bridge_port_{{ ansible_facts.os_family }}.j2'
-    dest: '{{ interfaces_net_path }}/ifcfg-{{ item.1 }}'
+    src: "bridge_port_{{ interfaces_use_nmconnection | ternary('nmconnection', ansible_facts.os_family) }}.j2"
+    dest: "{{ interfaces_net_path }}/{{ interfaces_use_nmconnection | ternary(item.1 ~ '.nmconnection', 'ifcfg-' ~ item.1) }}"
+    mode: "{{ interfaces_use_nmconnection | ternary('0600', omit) }}"
   with_subelements:
     - "{{ interfaces_bridge_interfaces }}"
     - ports

diff --git a/tasks/ethernet_configuration.yml b/tasks/ethernet_configuration.yml
@@ -15,8 +15,9 @@
 - name: Create the network configuration file for ethernet devices
   become: true
   template:
-    src: 'ethernet_{{ ansible_facts.os_family }}.j2'
-    dest: '{{ interfaces_net_path }}/ifcfg-{{ item.device }}'
+    src: "ethernet_{{ interfaces_use_nmconnection | ternary('nmconnection', ansible_facts.os_family) }}.j2"
+    dest: "{{ interfaces_net_path }}/{{ interfaces_use_nmconnection | ternary(item.device ~ '.nmconnection', 'ifcfg-' ~ item.device) }}"
+    mode: "{{ interfaces_use_nmconnection | ternary('0600', omit) }}"
   with_items: '{{ interfaces_ether_interfaces }}'
   register: ether_result
   notify:
@@ -31,6 +32,7 @@
   when:
     - item.route is defined
     - ansible_facts.os_family == 'RedHat'
+    - not interfaces_use_nmconnection
   register: ether_route_add_result
   notify:
     - Bounce network devices
@@ -45,6 +47,7 @@
     - item.ip6 is defined
     - item.ip6.route is defined
     - ansible_facts.os_family == 'RedHat'
+    - not interfaces_use_nmconnection
   register: ether_route6_add_result
   notify:
     - Bounce network devices
@@ -56,7 +59,7 @@
     state: absent
   with_items: '{{ interfaces_ether_interfaces }}'
   when:
-    - item.route is not defined
+    - item.route is not defined or interfaces_use_nmconnection
     - ansible_facts.os_family == 'RedHat'
   register: ether_route_del_result
   notify:
@@ -69,7 +72,7 @@
     state: absent
   with_items: '{{ interfaces_ether_interfaces }}'
   when:
-    - item.ip6 is not defined
+    - item.ip6 is not defined or interfaces_use_nmconnection
     - ansible_facts.os_family == 'RedHat'
   register: ether_route6_del_result
   notify:
@@ -84,6 +87,7 @@
   when:
     - item.rules is defined
     - ansible_facts.os_family == 'RedHat'
+    - not interfaces_use_nmconnection
   register: ether_rule_add_result
   notify:
     - Bounce network devices
@@ -95,7 +99,7 @@
     state: absent
   with_items: '{{ interfaces_ether_interfaces }}'
   when:
-    - item.rules is not defined
+    - item.rules is not defined or interfaces_use_nmconnection
     - ansible_facts.os_family == 'RedHat'
   register: ether_rule_del_result
   notify:

diff --git a/templates/bond_nmconnection.j2 b/templates/bond_nmconnection.j2
@@ -0,0 +1,89 @@
+# {{ ansible_managed }}
+
+[connection]
+id={{ item.device }}
+type=bond
+interface-name={{ item.device }}
+{% if item.zone is defined %}
+zone={{ item.zone }}
+{% endif %}
+
+{% for bridge in interfaces_bridge_interfaces %}
+{%   if item.device in bridge.ports %}
+master={{ bridge.device }}
+slave-type=bridge
+{%   endif %}
+{% endfor %}
+
+{% if item.mtu is defined %}
+[ethernet]
+mtu={{ item.mtu }}
+{% endif %}
+
+[bond]
+{% if item.bond_ad_select is defined %}
+ad_select={{ item.bond_ad_select }}
+{% endif %}
+{% if item.bond_downdelay is defined %}
+downdelay={{ item.bond_downdelay }}
+{% endif %}
+{% if item.bond_lacp_rate is defined %}
+lacp_rate={{ item.bond_lacp_rate }}
+{% endif %}
+miimon={{ item.bond_miimon | default(100) }}
+{% if item.bond_mode is defined %}
+mode={{ item.bond_mode }}
+{% endif %}
+{% if item.bond_updelay is defined %}
+updelay={{ item.bond_updelay }}
+{% endif %}
+{% if item.bond_xmit_hash_policy is defined %}
+xmit_hash_policy={{ item.bond_xmit_hash_policy }}
+{% endif %}
+
+[ipv4]
+{% if item.bootproto == 'dhcp' %}
+method=auto
+{% elif item.bootproto == 'static' and item.address is defined and item.address | length %}
+method=manual
+{%   if item.netmask is defined %}
+address1={{ (item.address ~'/'~ item.netmask) | ipaddr('host/prefix') }}
+{%   endif %}
+{%   if item.gateway is defined and item.gateway | length %}
+gateway={{ item.gateway }}
+{%   endif %}
+{% else %}
+method=disabled
+{% endif %}
+{% if item.route is defined %}
+{%   for i in item.route %}
+{%     if 'gateway' in i %}
+route{{ loop.index }}={{ (i.network ~'/'~ i.netmask) | ipaddr('network/prefix') }},{{ i.gateway }}
+{%     endif %}
+{#     TODO: dev, table, options #}
+{%   endfor %}
+{% endif %}
+{% if item.dnsnameservers is defined %}
+dns={{ item.dnsnameservers | join(',') }}
+{% endif %}
+
+[ipv6]
+{% if item.ip6 is defined %}
+method={{ (item.bootproto == 'static') | ternary('manual', 'auto') }}
+{%   if item.ip6.address is defined and item.ip6.netmask is defined %}
+address1={{ (item.ip6.address ~'/'~ item.ip6.netmask) | ipaddr('host/prefix') }}
+{%   endif %}
+{%   if item.ip6.gateway is defined %}
+gateway={{ item.ip6.gateway }}
+{%   endif %}
+{%   if item.ip6.route is defined %}
+{%     for i in item.ip6.route %}
+{%       if 'gateway' in i %}
+route{{ loop.index }}={{ (i.network ~'/'~ i.netmask) | ipaddr('network/prefix') }},{{ i.gateway }}
+{%       endif %}
+{#       TODO: dev, table, options #}
+{%     endfor %}
+{%   endif %}
+{% else %}
+method=disabled
+{% endif %}
diff --git a/templates/bond_slave_nmconnection.j2 b/templates/bond_slave_nmconnection.j2
@@ -0,0 +1,9 @@
+# {{ ansible_managed }}
+
+[connection]
+id={{ item.1 }}
+type=ethernet
+interface-name={{ item.1 }}
+
+master={{ item.0.device }}
+slave-type=bond
diff --git a/templates/bridge_nmconnection.j2 b/templates/bridge_nmconnection.j2
@@ -0,0 +1,67 @@
+# {{ ansible_managed }}
+
+[connection]
+id={{ item.device }}
+type=bridge
+interface-name={{ item.device }}
+{% if item.zone is defined %}
+zone={{ item.zone }}
+{% endif %}
+
+{% if item.mtu is defined %}
+[ethernet]
+mtu={{ item.mtu }}
+{% endif %}
+
+[bridge]
+interface-name={{ item.device }}
+{% if item.stp is defined %}
+stp={{ item.stp }}
+{% endif %}
+
+[ipv4]
+{% if item.bootproto == 'dhcp' %}
+method=auto
+{% elif item.bootproto == 'static' and item.address is defined and item.address | length %}
+method=manual
+{%   if item.netmask is defined %}
+address1={{ (item.address ~'/'~ item.netmask) | ipaddr('host/prefix') }}
+{%   endif %}
+{%   if item.gateway is defined and item.gateway | length %}
+gateway={{ item.gateway }}
+{%   endif %}
+{% else %}
+method=disabled
+{% endif %}
+{% if item.route is defined %}
+{%   for i in item.route %}
+{%     if 'gateway' in i %}
+route{{ loop.index }}={{ (i.network ~'/'~ i.netmask) | ipaddr('network/prefix') }},{{ i.gateway }}
+{%     endif %}
+{#     TODO: dev, table, options #}
+{%   endfor %}
+{% endif %}
+{% if item.dnsnameservers is defined %}
+dns={{ item.dnsnameservers | join(',') }}
+{% endif %}
+
+[ipv6]
+{% if item.ip6 is defined %}
+method={{ (item.bootproto == 'static') | ternary('manual', 'auto') }}
+{%   if item.ip6.address is defined and item.ip6.netmask is defined %}
+address1={{ (item.ip6.address ~'/'~ item.ip6.netmask) | ipaddr('host/prefix') }}
+{%   endif %}
+{%   if item.ip6.gateway is defined %}
+gateway={{ item.ip6.gateway }}
+{%   endif %}
+{%   if item.ip6.route is defined %}
+{%     for i in item.ip6.route %}
+{%       if 'gateway' in i %}
+route{{ loop.index }}={{ (i.network ~'/'~ i.netmask) | ipaddr('network/prefix') }},{{ i.gateway }}
+{%       endif %}
+{#       TODO: dev, table, options #}
+{%     endfor %}
+{%   endif %}
+{% else %}
+method=disabled
+{% endif %}
diff --git a/templates/bridge_port_nmconnection.j2 b/templates/bridge_port_nmconnection.j2
@@ -0,0 +1,21 @@
+# {{ ansible_managed }}
+
+[connection]
+id={{ item.1 }}
+type={{ (item.1 is match(vlan_interface_regex)) | ternary('vlan', 'ethernet') }}
+interface-name={{ item.1 }}
+
+master={{ item.0.device }}
+slave-type=bridge
+
+{% if item.0.mtu is defined %}
+[ethernet]
+mtu={{ item.0.mtu }}
+{% endif %}
+
+{% if item.1 is match(vlan_interface_regex) %}
+[vlan]
+interface-name={{ item.1 }}
+parent={{ item.1 | regex_replace(vlan_interface_regex, '\g<interface>') }}
+id={{ item.1 | regex_replace(vlan_interface_regex, '\g<vlan_id>') }}
+{% endif %}