RH294 - ch09s09

Bookmark this page

Managing Network Configuration

Objectives

Configure network settings and name resolution on managed hosts, and collect network-related Ansible facts.

Configuring Networking with the Network System Role

The redhat.rhel_system_roles.network system role provides a way to automate the configuration of network interfaces and network-related settings on Red Hat Enterprise Linux managed hosts.

This role supports the configuration of Ethernet interfaces, bridge interfaces, bonded interfaces, VLAN interfaces, MACVLAN interfaces, InfiniBand interfaces, and wireless interfaces.

The role is configured by using two variables: network_provider and network_connections.

---
network_provider: nm
network_connections:
  - name: ens4
    type: ethernet
    ip:
      address:
        - 172.25.250.30/24

The network_provider variable configures the back-end provider, either nm (NetworkManager) or initscripts. On Red Hat Enterprise Linux 7 and later, use nm as the default networking provider.

If you still have Red Hat Enterprise Linux 6 systems in Extended Lifecycle Support (ELS), you must use the initscripts provider for those managed hosts. That provider requires that the legacy network service is available on the managed hosts.

The network_connections variable configures the different connections. It takes as a value a list of dictionaries, each of which represents settings for a specific connection. Use the interface name as the connection name.

The following table lists the options for the network_connections variable.

Table 9.9. Selected Options for the network_connections Variable

Option name	Description
`name`	For NetworkManager, identifies the connection profile (the `connection.id` option). For `initscripts`, identifies the configuration file name (`/etc/sysconfig/network-scripts/ifcfg-name`).
`state`	The runtime state of a connection profile. Either `up`, if the connection profile is active, or `down` if it is not.
`persistent_state`	Identifies if a connection profile is persistent. Either `present` if the connection profile is persistent (the default), or `absent` if it is not.
`type`	Identifies the connection type. Valid values are `ethernet`, `bridge`, `bond`, `team`, `vlan`, `macvlan`, `infiniband`, and `wireless`.
`autoconnect`	Determines if the connection automatically starts. Set to `yes` by default.
`mac`	Restricts the connection to be used on devices with this specific MAC address.
`interface_name`	Restricts the connection profile to be used by a specific interface.
`zone`	Configures the `firewalld` zone for the interface.
`ip`	Determines the IP configuration for the connection. Supports the options `address` to specify a list of static IPv4 or IPv6 addresses on the interface, `gateway4` or `gateway6` to specify the IPv4 or IPv6 default router, and `dns` to configure a list of DNS servers.

The ip variable in turn takes a dictionary of variables for its settings. Not all of these need to be used. A connection might just have an address setting with a single IPv4 address, or it might skip the address setting and have dhcp4: yes set to enable DHCPv4 addressing.

Table 9.10. Selected Options for the ip Variable

Option name	Description
`address`	A list of static IPv4 or IPv6 addresses and netmask prefixes for the connection.
`gateway4`	Sets a static address of the default IPv4 router.
`gateway6`	Sets a static address of the default IPv6 router.
`dns`	A list of DNS name servers for the connection.
`dhcp4`	Use DHCPv4 to configure the interface.
`auto6`	Use IPv6 autoconfiguration to configure the interface.

This is a minimal example network_connections variable to configure and immediately activate a static IPv4 address for the enp1s0 interface:

network_connections:
- name: enp1s0
  type: ethernet
  ip:
    address:
      - 192.0.2.25/24
    state: up

If you were dynamically configuring the interface using DHCP and SLAAC, you might use the following settings instead:

network_connections:
- name: enp1s0
  type: ethernet
  ip:
    dhcp4: true
    auto6: true
  state: up

The next example temporarily deactivates an existing network interface:

network_connections:
- name: enp1s0
  type: ethernet
  state: down

To delete the configuration for enp1s0 entirely, you would write the variable as follows:

network_connections:
- name: enp1s0
  type: ethernet
  state: down
  persistent_state: absent

The following example uses some of these options to set up the interface eth0 with a static IPv4 address, set a static DNS name server, and place the interface in the external zone for firewalld:

network_connections:
- name: eth0 
    persistent_state: present  
    type: ethernet  
    autoconnect: yes  
    mac: 00:00:5e:00:53:5d  
    ip:
      address:
        - 172.25.250.40/24  
      dns:
        - 8.8.8.8 
    zone: external

	Use `eth0` as the connection name.
	Make the connection persistent. This is the default value.
	Set the connection type to `ethernet`.
	Automatically start the connection at boot. This is the default value.
	Restrict the connection so that it can only be used on a device with that MAC address.
	Configure the `172.25.250.40/24` IP address for the connection.
	Configure `8.8.8.8` as the DNS name server for the connection.
	Configure the `external` zone as the `firewalld` zone of the connection.

The following example play sets network_connections as a play variable and then calls the redhat.rhel_system_roles.network role:

- name: NIC Configuration
  hosts: webservers
  vars:
    network_connections:
      - name: ens4
        type: ethernet
        ip:
          address:
            - 172.25.250.30/24
  roles:
    - redhat.rhel_system_roles.network

You can specify variables for the network role with the vars clause, as in the previous example, as role variables. Alternatively, you can create a YAML file with those variables under the group_vars or host_vars directories, depending on your use case.

You can use this role to set up 802.11 wireless connections, VLANs, bridges, and other more complex network configurations. See the role's documentation for more details and examples.

Configuring Networking with Modules

In addition to the redhat.rhel_system_roles.network system role, Ansible includes modules that support the configuration of the hostname and firewall on a system.

The ansible.builtin.hostname module sets the hostname for a managed host without modifying the /etc/hosts file. This module uses the name parameter to specify the new hostname, as in the following task:

- name: Change hostname
  ansible.builtin.hostname:
    name: managedhost1

The ansible.posix.firewalld module supports the management of firewalld on managed hosts.

This module supports the configuration of firewalld rules for services and ports. It also supports the zone management, including the association or network interfaces and rules to a specific zone.

The following task shows how to create a firewalld rule for the http service on the default zone (public). The following task configures the rule as permanent, and makes sure it is active:

- name: Enabling http rule
  ansible.posix.firewalld:
    service: http
    permanent: yes
    state: enabled

This following task configures the eth0 in the external firewalld zone:

- name: Moving eth0 to external
  ansible.posix.firewalld:
    zone: external
    interface: eth0
    permanent: yes
    state: enabled

The following table lists some parameters for the ansible.posix.firewalld module.

Parameter name	Description
`interface`	Interface name to manage with `firewalld`.
`port`	Port or port range. Uses the port/protocol or port-port/protocol format.
`rich_rule`	Rich rule for `firewalld`.
`service`	Service name to manage with `firewalld`.
`source`	Source network to manage with `firewalld`.
`zone`	`firewalld` zone.
`state`	Enable or disable a `firewalld` configuration.
`type`	Type of device or network connection.
`permanent`	Change persists across reboots.
`immediate`	If the changes are set to `permanent`, then apply them immediately.

Ansible Facts for Network Configuration

Ansible collects a number of facts that are related to each managed host's network configuration. For example, a list of the network interfaces on a managed host are available in the ansible_facts['interfaces'] fact.

The following playbook gathers and displays the available interfaces for a host:

---
- name: Obtain interface facts
  hosts: host.lab.example.com

  tasks:
    - name: Display interface facts
      ansible.builtin.debug:
        var: ansible_facts['interfaces']

The preceding playbook produces the following list of the network interfaces:

PLAY [Obtain interface facts] **************************************************

TASK [Gathering Facts] *********************************************************
ok: [host.lab.example.com]

TASK [Display interface facts] *************************************************
ok: [host.lab.example.com] => {
    "ansible_facts['interfaces']": [
        "eth2",
        "eth1",
        "eth0",
        "lo"
    ]
}

PLAY RECAP *********************************************************************
host.lab.example.com    : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

The output in the previous example shows that four network interfaces are available on the host.lab.example.com managed host: lo, eth2, eth1, and eth0.

You can retrieve additional information about the configuration for a specific network interface from the ansible_facts['NIC_name'] fact. For example, the following play displays the configuration for the eth0 network interface by printing the value of the ansible_facts['eth0'] fact.

- name: Obtain eth0 facts
  hosts: host.lab.example.com

  tasks:
    - name: Display eth0 facts
      ansible.builtin.debug:
        var: ansible_facts['eth0']

The preceding playbook produces the following output:

PLAY [Obtain eth0 facts] *******************************************************

TASK [Gathering Facts] *********************************************************
ok: [host.lab.example.com]

TASK [Display eth0 facts] ******************************************************
ok: [host.lab.example.com] => {
    "ansible_facts['eth0']": {
        "active": true,
        "device": "eth0",
        "features": {
...output omitted...
        },
        "hw_timestamp_filters": [],
        "ipv4": {
            "address": "172.25.250.10",
            "broadcast": "172.25.250.255",
            "netmask": "255.255.255.0",
            "network": "172.25.250.0",
            "prefix": "24"
        },
        "ipv6": [
            {
                "address": "fe80::82a0:2335:d88a:d08f",
                "prefix": "64",
                "scope": "link"
            }
        ],
        "macaddress": "52:54:00:00:fa:0a",
        "module": "virtio_net",
        "mtu": 1500,
        "pciid": "virtio0",
        "promisc": false,
        "speed": -1,
        "timestamping": [],
        "type": "ether"
    }
}

PLAY RECAP *********************************************************************
host.lab.example.com    : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

The preceding output displays additional configuration details, such as the IP address configuration both for IPv4 and IPv6, the associated device, and the type of interface.

Important

Different managed hosts might have different network interface names, depending on their hardware and software configuration. Ansible facts can help you identify differences between systems so that you can address or mitigate them in your automation.

The following table lists some other useful network-related facts.

Fact name	Description
`ansible_facts['dns']`	A list of the DNS name server IP addresses and the search domains.
`ansible_facts['domain']`	The subdomain for the managed host.
`ansible_facts['all_ipv4_addresses']`	All the IPv4 addresses configured on the managed host.
`ansible_facts['all_ipv6_addresses']`	All the IPv6 addresses configured on the managed host.
`ansible_facts['fqdn']`	The fully qualified domain name (FQDN) of the managed host.
`ansible_facts['hostname']`	The unqualified hostname (the part of the hostname before the first period in the FQDN).
`ansible_facts['nodename']`	The hostname of the managed host as reported by the system.

Note

Ansible also provides the inventory_hostname "magic variable" which includes the hostname as configured in the Ansible inventory file.

References

Knowledgebase: Red Hat Enterprise Linux (RHEL) System Roles

Linux System Roles

linux-system-roles/network at GitHub

ansible.builtin.hostname Module Documentation

ansible.posix.firewalld Module Documentation

Discuss Red Hat Enterprise Linux Automation with Ansible

Go to community

Red Hat Linux Automation with Ansible (RH294)

Haley_Ruccio

24 lip 2023

Learn how to automate Linux system administration tasks with Red Hat Ansible Automation PlatformRed Hat Enterprise Linux Automation with Ansible (RH294) is designed for Linux administrators and developers who need to automate repeatable and error-prone steps for system provisioning, configuration, application deployment, and orchestration. This course is based on Red Hat® Enterprise Linux® 9 and Red Hat Ansible Automation Platform 2.2.Course content summaryInstall Red Hat Ansible Automation Platform on control nodes.Create and update inventories of managed hosts and manage connections to them.Automate administration tasks with Ansible Playbooks and ad hoc commands.Write effective playbooks at scale.Protect sensitive data used by Ansible Automation Platform with Ansible Vault.Reuse code and simplify playbook development with Ansible Roles and Ansible Content Collections.Audience for this courseThis course is geared toward Linux system administrators, DevOps engineers, infrastructure automation engineers, and systems design engineers who are responsible for these tasks:Automating configuration managementEnsuring consistent and repeatable application deploymentProvisioning and deployment of development, testing, and production serversIntegrating with DevOps continuous integration/continuous delivery workflowsPrerequisites for this coursePass the Red Hat Certified System Administrator (RHCSA) exam (EX200), or demonstrate equivalent Red Hat Enterprise Linux knowledge and experience.Take our free assessment to gauge whether this offering is the best fit for your skills.

980

curl finds no route to host?

TPeters

23 lip 2023

I am doing the self-paced course RH294 . With two exercises (Ch.3 final Lab and Ch.4 lab exercise 2) I ran into this problem:after installing and starting a web service, from the classroom web termicaI I cannot reach servera.lab.example.com with curl: "No route to host". This despite the fact that I can ping it, open a shell to it, and install the package on it with Ansible.Anyone else have the same problem?What might be the cause?

1702

Welcome to the Red Hat Linux Automation with Ansible (RH294) group in the Red Hat Learning Community

cschunke

18 lip 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Linux Automation with Ansible! To gain the most value from this group - click the "Join Group" button in the upper right hand corner.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH294.Read more about Red Hat Linux Automation with Ansible here.

351

Revision: rh294-9.0-c95c7de