diff --git a/LICENSE b/LICENSE index 83deee05..745210f3 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,5 @@ Copyright (C) 2011 Mike Arnold +Copyright (C) 2013 Garrett Honeycutt Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/TODO.md b/TODO.md index 4ee07062..5e0d488c 100644 --- a/TODO.md +++ b/TODO.md @@ -1,7 +1,7 @@ TODO ==== -1. Change definition network_if_base $ensure to also take "absent" as a +1. Change definition network::if::base $ensure to also take "absent" as a parameter. This should remove all traces of the ifconfig file from the system and remove the interface. diff --git a/manifests/bond/alias.pp b/manifests/bond/alias.pp index 432a05d6..00b12b8a 100644 --- a/manifests/bond/alias.pp +++ b/manifests/bond/alias.pp @@ -30,7 +30,7 @@ # Validate our data if ! is_ip_address($ipaddress) { fail("${ipaddress} is not an IP address.") } - network_if_base { $title: + network::if::base { $title: ensure => $ensure, ipaddress => $ipaddress, netmask => $netmask, diff --git a/manifests/bond/dynamic.pp b/manifests/bond/dynamic.pp index 681ec6ee..26d1c420 100644 --- a/manifests/bond/dynamic.pp +++ b/manifests/bond/dynamic.pp @@ -30,7 +30,7 @@ $states = [ '^up$', '^down$' ] validate_re($ensure, $states, '$ensure must be either "up" or "down".') - network_if_base { $title: + network::if::base { $title: ensure => $ensure, ipaddress => '', netmask => '', diff --git a/manifests/bond/slave.pp b/manifests/bond/slave.pp index 1a182c90..cc354611 100644 --- a/manifests/bond/slave.pp +++ b/manifests/bond/slave.pp @@ -21,10 +21,13 @@ define network::bond::slave ( $macaddress, $master, - $ethtool_opts = '' + $ethtool_opts = '', ) { + # Validate our data - if ! is_mac_address($macaddress) { fail("${macaddress} is not a MAC address.") } + if ! is_mac_address($macaddress) { + fail("${macaddress} is not a MAC address.") + } $interface = $name @@ -39,4 +42,4 @@ # TODO: need to know $ensure since one of these execs is not defined. #notify => [ Exec["ifup-${master}"], Exec["ifdown-${master}"], ], } -} # define network::bond::slave +} diff --git a/manifests/bond/static.pp b/manifests/bond/static.pp index 5f1144e6..350ba661 100644 --- a/manifests/bond/static.pp +++ b/manifests/bond/static.pp @@ -39,12 +39,15 @@ $domain = '' ) { # Validate our regular expressions - $states = [ '^up$', '^down$' ] - validate_re($ensure, $states, '$ensure must be either "up" or "down".') + $states_re = [ '^up$', '^down$' ] + validate_re($ensure, $states_re, "network::bond::static::${name} ensure is <${ensure}> and must be either \'up\' or \'down\'.") + # Validate our data - if ! is_ip_address($ipaddress) { fail("${ipaddress} is not an IP address.") } + if ! is_ip_address($ipaddress) { + fail("${ipaddress} is not an IP address.") + } - network_if_base { $title: + network::if::base { $title: ensure => $ensure, ipaddress => $ipaddress, netmask => $netmask, @@ -76,4 +79,4 @@ #onlyif => 'match */modulename[. = 'bonding'] size == 0', before => $ifstate } -} # define network::bond::static +} diff --git a/manifests/if/alias.pp b/manifests/if/alias.pp index 95464ab3..6b523988 100644 --- a/manifests/if/alias.pp +++ b/manifests/if/alias.pp @@ -33,12 +33,13 @@ $peerdns = false, # TODO: strip this out like in network::bond::alias? $dns1 = '', $dns2 = '', - $domain = '' + $domain = '', ) { + # Validate our data if ! is_ip_address($ipaddress) { fail("${ipaddress} is not an IP address.") } - network_if_base { $title: + network::if::base { $title: ensure => $ensure, ipaddress => $ipaddress, netmask => $netmask, @@ -54,4 +55,4 @@ dns2 => $dns2, domain => $domain, } -} # define network::if::alias +} diff --git a/manifests/if/base.pp b/manifests/if/base.pp new file mode 100644 index 00000000..02ae1608 --- /dev/null +++ b/manifests/if/base.pp @@ -0,0 +1,131 @@ +# == Definition: network::if::base +# +# This definition is private, i.e. it is not intended to be called directly +# by users. It can be used to write out the following device files: +# /etc/sysconfig/networking-scripts/ifcfg-eth +# /etc/sysconfig/networking-scripts/ifcfg-eth:alias +# /etc/sysconfig/networking-scripts/ifcfg-bond(master) +# +# Parameters: +# $ensure - required - up|down +# $ipaddress - required +# $netmask - required +# $macaddress - required +# $gateway - optional +# $bootproto - optional +# $mtu - optional +# $ethtool_opts - optional +# $bonding_opts - optional +# $isalias - optional +# $peerdns - optional +# $dns1 - optional +# $dns2 - optional +# $domain - optional +# +# Actions: +# Performs 'ifup/ifdown $name' after any changes to the ifcfg file. +# +# Requires: +# +# Sample Usage: +# +# TODO: +# METRIC= +# HOTPLUG=yes|no +# USERCTL=yes|no +# WINDOW= +# SCOPE= +# SRCADDR= +# NOZEROCONF=yes +# PERSISTENT_DHCLIENT=yes|no|1|0 +# DHCPRELEASE=yes|no|1|0 +# DHCLIENT_IGNORE_GATEWAY=yes|no|1|0 +# LINKDELAY= +# REORDER_HDR=yes|no +# +define network::if::base ( + $ensure, + $ipaddress, + $netmask, + $macaddress, + $gateway = '', + $bootproto = 'none', + $mtu = '', + $ethtool_opts = '', + $bonding_opts = '', + $isalias = false, + $peerdns = false, + $dns1 = '', + $dns2 = '', + $domain = '', +) { + + # Validate our booleans + validate_bool($isalias) + validate_bool($peerdns) + # Validate our regular expressions + $states = [ '^up$', '^down$' ] + validate_re($ensure, $states, '$ensure must be either "up" or "down".') + + $interface = $name + + # Deal with the case where $dns2 is non-empty and $dns1 is empty. + if $dns2 != '' { + if $dns1 == '' { + $dns1_real = $dns2 + $dns2_real = '' + } else { + $dns1_real = $dns1 + $dns2_real = $dns2 + } + } else { + $dns1_real = $dns1 + $dns2_real = $dns2 + } + + if $isalias { + $onparent = $ensure ? { + 'up' => 'yes', + 'down' => 'no', + default => undef, + } + $iftemplate = template('network/ifcfg-alias.erb') + } else { + $onboot = $ensure ? { + 'up' => 'yes', + 'down' => 'no', + default => undef, + } + $iftemplate = template('network/ifcfg-eth.erb') + } + + file { "ifcfg-${interface}": + ensure => 'present', + mode => '0644', + owner => 'root', + group => 'root', + path => "/etc/sysconfig/network-scripts/ifcfg-${interface}", + content => $iftemplate, + } + + case $ensure { + 'up': { + exec { "ifup-${interface}": + command => "/sbin/ifdown ${interface}; /sbin/ifup ${interface}", + subscribe => File["ifcfg-${interface}"], + refreshonly => true, + } + } + + 'down': { + exec { "ifdown-${interface}": + command => "/sbin/ifdown ${interface}", + subscribe => File["ifcfg-${interface}"], + refreshonly => true, + } + } + default: { + fail("network::if::base::${name}::ensure is <${ensure}> and must be \'up\' or \'down\'.") + } + } +} diff --git a/manifests/if/dynamic.pp b/manifests/if/dynamic.pp index 3d12c71c..db0e5e7f 100644 --- a/manifests/if/dynamic.pp +++ b/manifests/if/dynamic.pp @@ -32,8 +32,9 @@ $macaddress = '', $bootproto = 'dhcp', $mtu = '', - $ethtool_opts = '' + $ethtool_opts = '', ) { + # Validate our regular expressions $states = [ '^up$', '^down$' ] validate_re($ensure, $states, '$ensure must be either "up" or "down".') @@ -44,7 +45,7 @@ $macaddy = $macaddress } - network_if_base { $title: + network::if::base { $title: ensure => $ensure, ipaddress => '', netmask => '', @@ -55,4 +56,4 @@ ethtool_opts => $ethtool_opts, bonding_opts => '', } -} # define network::if::dynamic +} diff --git a/manifests/if/static.pp b/manifests/if/static.pp index 76346fb8..dab0fb8a 100644 --- a/manifests/if/static.pp +++ b/manifests/if/static.pp @@ -31,6 +31,7 @@ # define network::if::static ( $ensure, + $bootproto = 'static', $ipaddress, $netmask, $gateway = '', @@ -40,10 +41,13 @@ $peerdns = false, $dns1 = '', $dns2 = '', - $domain = '' + $domain = '', ) { + # Validate our data - if ! is_ip_address($ipaddress) { fail("${ipaddress} is not an IP address.") } + if ! is_ip_address($ipaddress) { + fail("${ipaddress} is not an IP address.") + } if ! is_mac_address($macaddress) { $macaddy = getvar("::macaddress_${title}") @@ -51,13 +55,13 @@ $macaddy = $macaddress } - network_if_base { $title: + network::if::base { $title: ensure => $ensure, ipaddress => $ipaddress, netmask => $netmask, gateway => $gateway, macaddress => $macaddy, - bootproto => 'none', + bootproto => $bootproto, mtu => $mtu, ethtool_opts => $ethtool_opts, bonding_opts => '', @@ -66,4 +70,4 @@ dns2 => $dns2, domain => $domain, } -} # define network::if::static +} diff --git a/manifests/init.pp b/manifests/init.pp index e32bdea1..34a26226 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -2,142 +2,89 @@ # # This module manages Red Hat/Fedora network configuration. # -class network { +class network ( + $hostname = $::fqdn, + $gateway = undef, + $gatewaydev = undef, + $vlan = undef, + $nozeroconf = undef, + $ipv6_support = 'no', + $peerdns = 'no', + $peerntp = 'no', + $nisdomain = undef, +) { + # Only run on RedHat derived systems. case $::osfamily { - 'RedHat': { } - default: { - fail('This network module only supports RedHat-based systems.') - } - } -} # class network + 'RedHat': { -# Definition: network_if_base -# -# This definition is private, i.e. it is not intended to be called directly -# by users. It can be used to write out the following device files: -# /etc/sysconfig/networking-scripts/ifcfg-eth -# /etc/sysconfig/networking-scripts/ifcfg-eth:alias -# /etc/sysconfig/networking-scripts/ifcfg-bond(master) -# -# Parameters: -# $ensure - required - up|down -# $ipaddress - required -# $netmask - required -# $macaddress - required -# $gateway - optional -# $bootproto - optional -# $mtu - optional -# $ethtool_opts - optional -# $bonding_opts - optional -# $isalias - optional -# $peerdns - optional -# $dns1 - optional -# $dns2 - optional -# $domain - optional -# -# Actions: -# Performs 'ifup/ifdown $name' after any changes to the ifcfg file. -# -# Requires: -# -# Sample Usage: -# -# TODO: -# METRIC= -# HOTPLUG=yes|no -# USERCTL=yes|no -# WINDOW= -# SCOPE= -# SRCADDR= -# NOZEROCONF=yes -# PERSISTENT_DHCLIENT=yes|no|1|0 -# DHCPRELEASE=yes|no|1|0 -# DHCLIENT_IGNORE_GATEWAY=yes|no|1|0 -# LINKDELAY= -# REORDER_HDR=yes|no -# -define network_if_base ( - $ensure, - $ipaddress, - $netmask, - $macaddress, - $gateway = '', - $bootproto = 'none', - $mtu = '', - $ethtool_opts = '', - $bonding_opts = '', - $isalias = false, - $peerdns = false, - $dns1 = '', - $dns2 = '', - $domain = '' -) { - # Validate our booleans - validate_bool($isalias) - validate_bool($peerdns) - # Validate our regular expressions - $states = [ '^up$', '^down$' ] - validate_re($ensure, $states, '$ensure must be either "up" or "down".') + # interface static + $network_if_statics = hiera_hash('network::if::static',undef) + if $network_if_statics != undef { + create_resources('network::if::static', $network_if_statics) + } - $interface = $name + # interface dhcp + $network_if_dynamics = hiera_hash('network::if::dynamic',undef) + if $network_if_dynamics != undef { + create_resources('network::if::dynamic', $network_if_dynamics) + } - # Deal with the case where $dns2 is non-empty and $dns1 is empty. - if $dns2 != '' { - if $dns1 == '' { - $dns1_real = $dns2 - $dns2_real = '' - } else { - $dns1_real = $dns1 - $dns2_real = $dns2 - } - } else { - $dns1_real = $dns1 - $dns2_real = $dns2 - } + # interface aliases + $network_if_aliases = hiera_hash('network::if::alias',undef) + if $network_if_aliases != undef { + create_resources('network::if::alias', $network_if_aliases) + } - if $isalias { - $onparent = $ensure ? { - 'up' => 'yes', - 'down' => 'no', - default => undef, - } - $iftemplate = template('network/ifcfg-alias.erb') - } else { - $onboot = $ensure ? { - 'up' => 'yes', - 'down' => 'no', - default => undef, - } - $iftemplate = template('network/ifcfg-eth.erb') - } + # bond static + $network_bond_statics = hiera_hash('network::bond::static',undef) + if $network_bond_statics != undef { + create_resources('network::bond::static', $network_bond_statics) + } - file { "ifcfg-${interface}": - ensure => 'present', - mode => '0644', - owner => 'root', - group => 'root', - path => "/etc/sysconfig/network-scripts/ifcfg-${interface}", - content => $iftemplate, - } + # bond dhcp + $network_bond_dynamics = hiera_hash('network::bond::dynamic',undef) + if $network_bond_dynamics != undef { + create_resources('network::bond::dynamic', $network_bond_dynamics) + } - case $ensure { - 'up': { - exec { "ifup-${interface}": - command => "/sbin/ifdown ${interface}; /sbin/ifup ${interface}", - subscribe => File["ifcfg-${interface}"], - refreshonly => true, + # bond slaves + $network_bond_slaves = hiera_hash('network::bond::slave',undef) + if $network_bond_slaves != undef { + create_resources('network::bond::slave', $network_bond_slaves) } - } - 'down': { - exec { "ifdown-${interface}": - command => "/sbin/ifdown ${interface}", - subscribe => File["ifcfg-${interface}"], - refreshonly => true, + # bond aliases + $network_bond_aliases = hiera_hash('network::bond::alias',undef) + if $network_bond_aliases != undef { + create_resources('network::bond::alias', $network_bond_aliases) } + + # routes + $network_routes = hiera_hash('network::route',undef) + if $network_routes != undef { + create_resources('network::route', $network_routes) + } + + file { 'network_sysconfig': + ensure => 'present', + mode => '0644', + owner => 'root', + group => 'root', + path => '/etc/sysconfig/network', + content => template('network/network.erb'), + notify => Service['network'], + } + + service { 'network': + ensure => 'running', + enable => true, + hasrestart => true, + hasstatus => true, + } + } + default: { + fail("osfamily is <${::osfamily}> and network module only supports RedHat based systems.") } - default: {} } - -} # define network_if_base +} diff --git a/manifests/route.pp b/manifests/route.pp index 867d8db3..1f081a64 100644 --- a/manifests/route.pp +++ b/manifests/route.pp @@ -23,8 +23,9 @@ define network::route ( $address, $netmask, - $gateway + $gateway, ) { + $interface = $name file { "route-${interface}": @@ -45,4 +46,4 @@ #exec { "ifup-routes-${interface}": # command => "/etc/sysconfig/network-scripts/ifup-routes ${interface}", #} -} # define network::route +} diff --git a/templates/ifcfg-alias.erb b/templates/ifcfg-alias.erb index 0d90a2ae..e131cb4e 100644 --- a/templates/ifcfg-alias.erb +++ b/templates/ifcfg-alias.erb @@ -1,6 +1,6 @@ -### -### File managed by Puppet -### +# This file is being maintained by Puppet. +# DO NOT EDIT +# DEVICE=<%= interface %> BOOTPROTO=<%= bootproto %> ONPARENT=<%= onparent %> diff --git a/templates/ifcfg-bond.erb b/templates/ifcfg-bond.erb index 026479b8..45b63385 100644 --- a/templates/ifcfg-bond.erb +++ b/templates/ifcfg-bond.erb @@ -1,11 +1,11 @@ -### -### File managed by Puppet -### +# This file is being maintained by Puppet. +# DO NOT EDIT +# DEVICE=<%= interface %> HWADDR=<%= macaddress %> MASTER=<%= master %> SLAVE=yes TYPE=Ethernet -<% if !ethtool_opts.empty? %>ETHTOOL_OPTS="<%= ethtool_opts %>" +<% if @ethtool_opts %>ETHTOOL_OPTS="<%= ethtool_opts %>" <% end -%> NM_CONTROLLED=no diff --git a/templates/ifcfg-eth.erb b/templates/ifcfg-eth.erb index 38ba716c..90b3d8d5 100644 --- a/templates/ifcfg-eth.erb +++ b/templates/ifcfg-eth.erb @@ -1,32 +1,29 @@ -### -### File managed by Puppet -### +# This file is being maintained by Puppet. +# DO NOT EDIT +# DEVICE=<%= interface %> BOOTPROTO=<%= bootproto %> -<% if !macaddress.empty? %>HWADDR=<%= macaddress %> +<% if @macaddress != '' %>HWADDR=<%= macaddress %> <% end -%> ONBOOT=<%= onboot %> HOTPLUG=<%= onboot %> TYPE=Ethernet -<% if !ipaddress.empty? %>IPADDR=<%= ipaddress %> +IPADDR=<%= ipaddress %> +NETMASK=<%= netmask %> +<% if @gateway != '' %>GATEWAY=<%= gateway %> <% end -%> -<% if !netmask.empty? %>NETMASK=<%= netmask %> +<% if @mtu != '' %>MTU=<%= mtu %> <% end -%> -<% if !gateway.empty? %>GATEWAY=<%= gateway %> +<% if @bonding_opts != '' %>BONDING_OPTS="<%= bonding_opts %>" <% end -%> -<% if !mtu.empty? %>MTU=<%= mtu %> +<% if @ethtool_opts != '' %>ETHTOOL_OPTS="<%= ethtool_opts %>" <% end -%> -<% if !bonding_opts.empty? %>BONDING_OPTS="<%= bonding_opts %>" +<% if @peerdns == true %>PEERDNS=yes<% else %>PEERDNS=no +<% if @dns1_real != '' %>DNS1=<%= dns1_real %> <% end -%> -<% if !ethtool_opts.empty? %>ETHTOOL_OPTS="<%= ethtool_opts %>" +<% if @dns2_real != '' %>DNS2=<%= dns2_real %> <% end -%> -<% if !peerdns %>PEERDNS=no -<% else %>PEERDNS=yes -<% if !dns1_real.empty? %>DNS1=<%= dns1_real %> -<% end -%> -<% if !dns2_real.empty? %>DNS2=<%= dns2_real %> -<% end -%> -<% if !domain.empty? %>DOMAIN="<%= domain %>" +<% if @domain != '' %>DOMAIN="<%= domain %>" <% end -%> <% end -%> NM_CONTROLLED=no diff --git a/templates/network.erb b/templates/network.erb index 8363b202..077f0a06 100644 --- a/templates/network.erb +++ b/templates/network.erb @@ -1,18 +1,18 @@ -### -### File managed by Puppet -### +# This file is being maintained by Puppet. +# DO NOT EDIT +# NETWORKING=yes -NETWORKING_IPV6=no -<% if !hostname.empty? %>HOSTNAME=<%= hostname %> -<% else %>HOSTNAME=<%= fqdn %> +NETWORKING_IPV6=<%= @ipv6_support %> +HOSTNAME=<%= @hostname %> +<% if @gateway %>GATEWAY=<%= @gateway %> <% end -%> -<% if !gateway.empty? %>GATEWAY=<%= gateway %> +<% if @gatewaydev %>GATEWAYDEV=<%= @gatewaydev %> <% end -%> -<% if !gatewaydev.empty? %>GATEWAYDEV=<%= gatewaydev %> +<% if @nisdomain %>NISDOMAIN=<%= @nisdomain %> <% end -%> -<% if !nisdomain.empty? %>NISDOMAIN=<%= nisdomain %> +<% if @vlan %>VLAN=<%= @vlan %> <% end -%> -<% if !vlan.empty? %>VLAN=<%= vlan %> -<% end -%> -<% if !nozeroconf.empty? %>NOZEROCONF=<%= nozeroconf %> +<% if @nozeroconf %>NOZEROCONF=<%= @nozeroconf %> <% end -%> +PEERDNS=<%= @peerdns %> +PEERNTP=<%= @peerntp %> diff --git a/templates/route-eth.erb b/templates/route-eth.erb index 63648ed0..7fd6b1fb 100644 --- a/templates/route-eth.erb +++ b/templates/route-eth.erb @@ -1,6 +1,6 @@ -### -### File managed by Puppet -### +# This file is being maintained by Puppet. +# DO NOT EDIT +# <% num = 0; address.each do |addr| -%> ADDRESS<%= num %>=<%= addr %> <% num += 1; end -%>