Networkmanager

defaults/main.yml

@@ -1,27 +1,7 @@
 ---
+interfaces_use_networkmanager: "{{ ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version | int >= 9 }}"
+interfaces_use_nmconnection: "{{ ansible_facts.os_family == 'RedHat' and ansible_facts.distribution_major_version | int >= 9 }}"
 
-interfaces_pkgs:
-  debian:
-    - python{% if ansible_facts.python.version.major >= 3 %}3{% endif %}-selinux
-    - bridge-utils
-    - ifenslave
-    - ifupdown
-    - iproute2
-    - resolvconf
-  redhat:
-    '7':
-      - libselinux-python
-      - bridge-utils
-      - iproute
-      - iputils
-    '8':
-      - dhcp-client
-      - iproute
-      - iputils
-      - network-scripts
-interfaces_net_path:
-  debian: /etc/network/interfaces.d
-  redhat: /etc/sysconfig/network-scripts
 interfaces_pkg_state: present
 interfaces_route_tables: []
 interfaces_ether_interfaces: []

handlers/main.yml

@@ -106,6 +106,88 @@
 # argument to "ifup/ifdown" will only be effective for interfaces marked with
 # "auto". Interfaces marked with "allow-hotplug" will simply be ignored then.
 #
+# Note on Network Manager Bounce mechanism:
+#
+# 'nmcli connection up' works asynchronously so we need to check if interfaces
+# are truly up, as gathering facts in next step would fail due to inactive
+# state. Running another loop to check that.
+# Dummy interfaces can have UNKNOWN state.
+
+- name: Bounce networkmanager devices
+  become: true
+  command: >
+    nohup bash -c "
+    nmcli connection reload;
+
+    returncode=0
+    {% for interface in all_interfaces_changed | reverse %}
+    nmcli connection down {{ interface }};
+    {% endfor %}
+
+    {% for interface in all_interfaces_changed %}
+    if ! nmcli connection up {{ interface }}; then
+      echo \"Failed to bring up interface {{ interface }}\";
+      returncode=1
+    fi;
+    {% endfor %}
+
+    echo 'Waiting for interfaces to become active and have a connected carrier';
+    for i in {1..20}; do
+      all_connected=true
+      {% for interface in all_interfaces_changed %}
+      if [[ '{{ interface }}' == *dummy* ]]; then
+        allowed_states='UNKNOWN|UP'
+      else
+        allowed_states='UP'
+      fi
+
+      if ! (nmcli -t -f DEVICE,STATE device status | grep -q -w '{{ interface }}:connected' && ip link show '{{ interface }}' | grep -q -E 'state ('$allowed_states')'); then
+        all_connected=false
+        if [ $i -eq 20 ]; then
+          echo 'Interface {{ interface }} failed to become active and have a connected carrier';
+          returncode=1
+        fi
+      fi;
+      {% endfor %}
+
+      if $all_connected; then
+        break;
+      fi
+      sleep 2;
+    done
+
+    exit $returncode"
+  vars:
+    ether_vlan_interfaces_changed: >
+      {{ ether_interfaces_changed | select('match', vlan_interface_regex) | list}}
+    ether_non_vlan_interfaces_changed: >
+      {{ ether_interfaces_changed | reject('match', vlan_interface_regex) | list }}
+    bridge_port_vlan_interfaces_changed: >
+      {{ bridge_port_interfaces_changed | select('match', vlan_interface_regex) | list}}
+    bridge_port_non_vlan_interfaces_changed: >
+      {{ bridge_port_interfaces_changed | reject('match', vlan_interface_regex) | list }}
+    all_interfaces_changed: >
+        {{ ether_non_vlan_interfaces_changed +
+           bridge_interfaces_changed +
+           bond_master_interfaces_changed +
+           bridge_port_interfaces_changed +
+           bond_slave_interfaces_changed +
+           ether_vlan_interfaces_changed }}
+  listen: Bounce network devices
+  when: interfaces_use_networkmanager
+  notify:
+    - Gather facts
+    - Check active Ethernet interface state
+    - Check active bond interface state
+    - Check active bridge interface state
+
+# The order handlers execute are based on the order they're arranged here.
+# We want to do a controlled bounce of interfaces before we do any restart.
+- name: Restart NetworkManager
+  become: true
+  service:
+    name: NetworkManager
+    state: restarted
 
 - name: Bounce network devices
   become: true
@@ -153,6 +235,7 @@
            ether_vlan_interfaces_changed +
            bond_master_interfaces_changed }}
     all_interfaces_changed: "{{ all_interfaces_changed_map[ansible_facts.os_family] }}"
+  when: not interfaces_use_networkmanager
   notify:
     - Pause to wait for interfaces to become active
     - Gather facts

tasks/bond_configuration.yml

@@ -1,5 +1,4 @@
 ---
-
 - name: Check active bond interface state
   debug:
     msg: >
@@ -16,8 +15,9 @@
 - name: Create the network configuration file for bond devices
   become: true
   template:
-    src: 'bond_{{ ansible_facts.os_family }}.j2'
-    dest: '{{ interfaces_net_path[ansible_facts.os_family|lower] }}/ifcfg-{{ item.device }}'
+    src: "bond_{{ interfaces_use_nmconnection | ternary('nmconnection', ansible_facts.os_family) }}.j2"
+    dest: "{{ interfaces_net_path }}/{{ interfaces_use_nmconnection | ternary(item.device ~ '.nmconnection', 'ifcfg-' ~ item.device) }}"
+    mode: "{{ interfaces_use_nmconnection | ternary('0600', omit) }}"
   with_items: '{{ interfaces_bond_interfaces }}'
   register: bond_result
   notify:
@@ -31,20 +31,25 @@
   become: true
   template:
     src: 'route_{{ ansible_facts.os_family }}.j2'
-    dest: '{{ interfaces_net_path[ansible_facts.os_family|lower] }}/route-{{ item.device }}'
+    dest: '{{ interfaces_net_path }}/route-{{ item.device }}'
   with_items: '{{ interfaces_bond_interfaces }}'
-  when: item.route is defined and ansible_facts.os_family == 'RedHat'
+  when:
+    - item.route is defined
+    - ansible_facts.os_family == 'RedHat'
+    - not interfaces_use_nmconnection
   register: bond_route_add_result
   notify:
     - Bounce network devices
 
 - name: RedHat | Remove configuration files for rhel route configuration
   become: true
   file:
-    path: '{{ interfaces_net_path[ansible_facts.os_family|lower] }}/route-{{ item.device }}'
+    path: '/etc/sysconfig/network-scripts/route-{{ item.device }}'
     state: absent
   with_items: '{{ interfaces_bond_interfaces }}'
-  when: item.route is not defined and ansible_facts.os_family == 'RedHat'
+  when:
+    - item.route is not defined or interfaces_use_nmconnection
+    - ansible_facts.os_family == 'RedHat'
   register: bond_route_del_result
   notify:
     - Bounce network devices
@@ -53,33 +58,40 @@
   become: true
   template:
     src: 'rule_{{ ansible_facts.os_family }}.j2'
-    dest: '{{ interfaces_net_path[ansible_facts.os_family|lower] }}/rule-{{ item.device }}'
+    dest: '{{ interfaces_net_path }}/rule-{{ item.device }}'
   with_items: '{{ interfaces_bond_interfaces }}'
-  when: item.rules is defined and ansible_facts.os_family == 'RedHat'
+  when:
+    - item.rules is defined
+    - ansible_facts.os_family == 'RedHat'
+    - not interfaces_use_nmconnection
   register: bond_rule_add_result
   notify:
     - Bounce network devices
 
 - name: RedHat | Remove configuration files for rhel rule configuration
   become: true
   file:
-    path: '{{ interfaces_net_path[ansible_facts.os_family|lower] }}/rule-{{ item.device }}'
+    path: '/etc/sysconfig/network-scripts/rule-{{ item.device }}'
     state: absent
   with_items: '{{ interfaces_bond_interfaces }}'
-  when: item.rules is not defined and ansible_facts.os_family == 'RedHat'
+  when:
+    - item.rules is not defined or interfaces_use_nmconnection
+    - ansible_facts.os_family == 'RedHat'
   register: bond_rule_del_result
   notify:
     - Bounce network devices
 
 - name: Create the network configuration file for slave in the bond devices
   become: true
   template:
-    src: 'bond_slave_{{ ansible_facts.os_family }}.j2'
-    dest: '{{ interfaces_net_path[ansible_facts.os_family|lower] }}/ifcfg-{{ item.1 }}'
+    src: "bond_slave_{{ interfaces_use_nmconnection | ternary('nmconnection', ansible_facts.os_family) }}.j2"
+    dest: "{{ interfaces_net_path }}/{{ interfaces_use_nmconnection | ternary(item.1 ~ '.nmconnection', 'ifcfg-' ~ item.1) }}"
+    mode: "{{ interfaces_use_nmconnection | ternary('0600', omit) }}"
   with_subelements:
     - "{{ interfaces_bond_interfaces }}"
     - bond_slaves
-  when: interfaces_bond_setup_slaves
+  when:
+    - interfaces_bond_setup_slaves
   register: bond_slave_result
   notify:
     - Bounce network devices

tasks/bridge_configuration.yml

@@ -15,8 +15,9 @@
 - name: Create the network configuration file for bridge devices
   become: true
   template:
-    src: 'bridge_{{ ansible_facts.os_family }}.j2'
-    dest: '{{ interfaces_net_path[ansible_facts.os_family|lower] }}/ifcfg-{{ item.device }}'
+    src: "bridge_{{ interfaces_use_nmconnection | ternary('nmconnection', ansible_facts.os_family) }}.j2"
+    dest: "{{ interfaces_net_path }}/{{ interfaces_use_nmconnection | ternary(item.device ~ '.nmconnection', 'ifcfg-' ~ item.device) }}"
+    mode: "{{ interfaces_use_nmconnection | ternary('0600', omit) }}"
   with_items: '{{ interfaces_bridge_interfaces }}'
   register: bridge_result
   notify:
@@ -26,20 +27,25 @@
   become: true
   template:
     src: 'route_{{ ansible_facts.os_family }}.j2'
-    dest: '{{ interfaces_net_path[ansible_facts.os_family|lower] }}/route-{{ item.device }}'
+    dest: '{{ interfaces_net_path }}/route-{{ item.device }}'
   with_items: '{{ interfaces_bridge_interfaces }}'
-  when: item.route is defined and ansible_facts.os_family == 'RedHat'
+  when:
+    - item.route is defined
+    - ansible_facts.os_family == 'RedHat'
+    - not interfaces_use_nmconnection
   register: bridge_route_add_result
   notify:
     - Bounce network devices
 
 - name: RedHat | Remove configuration files for rhel route configuration
   become: true
   file:
-    path: '{{ interfaces_net_path[ansible_facts.os_family|lower] }}/route-{{ item.device }}'
+    path: '/etc/sysconfig/network-scripts/route-{{ item.device }}'
     state: absent
   with_items: '{{ interfaces_bridge_interfaces }}'
-  when: item.route is not defined and ansible_facts.os_family == 'RedHat'
+  when:
+    - item.route is not defined or interfaces_use_nmconnection
+    - ansible_facts.os_family == 'RedHat'
   register: bridge_route_del_result
   notify:
     - Bounce network devices
@@ -48,35 +54,42 @@
   become: true
   template:
     src: 'rule_{{ ansible_facts.os_family }}.j2'
-    dest: '{{ interfaces_net_path[ansible_facts.os_family|lower] }}/rule-{{ item.device }}'
+    dest: '{{ interfaces_net_path }}/rule-{{ item.device }}'
   with_items: '{{ interfaces_bridge_interfaces }}'
-  when: item.rules is defined and ansible_facts.os_family == 'RedHat'
+  when:
+    - item.rules is defined
+    - ansible_facts.os_family == 'RedHat'
+    - not interfaces_use_nmconnection
   register: bridge_rule_add_result
   notify:
     - Bounce network devices
 
 - name: RedHat | Remove configuration files for rhel rule configuration
   become: true
   file:
-    path: '{{ interfaces_net_path[ansible_facts.os_family|lower] }}/rule-{{ item.device }}'
+    path: '/etc/sysconfig/network-scripts/rule-{{ item.device }}'
     state: absent
   with_items: '{{ interfaces_bridge_interfaces }}'
-  when: item.rules is not defined and ansible_facts.os_family == 'RedHat'
+  when:
+    - item.rules is not defined or interfaces_use_nmconnection
+    - ansible_facts.os_family == 'RedHat'
   register: bridge_rule_del_result
   notify:
     - Bounce network devices
 
 - name: Create the network configuration file for port on the bridge devices
   become: true
   template:
-    src: 'bridge_port_{{ ansible_facts.os_family }}.j2'
-    dest: '{{ interfaces_net_path[ansible_facts.os_family|lower] }}/ifcfg-{{ item.1 }}'
+    src: "bridge_port_{{ interfaces_use_nmconnection | ternary('nmconnection', ansible_facts.os_family) }}.j2"
+    dest: "{{ interfaces_net_path }}/{{ interfaces_use_nmconnection | ternary(item.1 ~ '.nmconnection', 'ifcfg-' ~ item.1) }}"
+    mode: "{{ interfaces_use_nmconnection | ternary('0600', omit) }}"
   with_subelements:
     - "{{ interfaces_bridge_interfaces }}"
     - ports
   # Don't configure bridge ports that are bonds here - they will have been
   # configured by the bond tasks.
-  when: item.1 not in interfaces_bond_interfaces | map(attribute='device') | list
+  when:
+    - item.1 not in interfaces_bond_interfaces | map(attribute='device') | list
   register: bridge_port_result
   notify:
     - Bounce network devices

tasks/debian.yml

@@ -1,7 +1,7 @@
 ---
 - name: Debian | install current/latest network packages versions
   apt:
-    pkg: '{{ interfaces_pkgs["debian"]  }}'
+    pkg: '{{ interfaces_pkgs }}'
     state: '{{ interfaces_pkg_state }}'
     update_cache: yes
     cache_valid_time: 3600
@@ -46,7 +46,7 @@
 - name: Debian | Create the directory for interface cfg files
   become: true
   file:
-    path: '{{ interfaces_net_path[ansible_facts.os_family|lower] }}'
+    path: '{{ interfaces_net_path }}'
     state: directory
   tags: configuration