How to configure network settings with Ansible system roles

This is the second article in series using Ansible system roles. In the previous article, I introduced you to Ansible and system roles and provided some examples. System roles help you manage OS-level tasks like SELinux, managing network settings, NTP, etc. In that article, you saw an example where you changed SELinux mode using system.role-selinux role. In this article, I look at the network role in detail so that you can modify the remote machine network connections with a single playbook.

NetworkManager manages network settings such as configuring the network interface as well as the connection. Basically, it's a daemon that monitors and manages network settings. It uses a file in /etc/sysconfig/network-scripts to store them. nmcli is the utility that's used to create and edit connections files from a shell prompt. To list the connections of your local machine use:

$ nmcli dev status

DEVICE		TYPE		STATE			CONNECTION
eno0		ethernet	connected		eno0
eno1		ethernet	disconnected		---
virbr0		bridge		connected		virbr0

In the above output, you can see various columns. The first column, DEVICE, indicates the network interface. The TYPE column shows which type of connection is this. The STATE column indicates the status of the connection, and the last one, CONNECTION, is a collection of settings that can be configured for a device. Each connection has a name or ID that identifies it.

To display a list of all connections, you can use:

$ nmcli con show

Using the nmcli utility, you can add network connections and assign IPv4 or IPv6 addresses to create network connections. However, as you know, you want to automate manual tasks that you would normally do with nmcli. You want to manage network nodes by using an Ansible playbook.

In Ansible, you have three important modules that help you manage nodes: Service, daemon, and system settings. You can also use these modules to manage networks. In the previous article, I discussed Ansible system-roles. In system-roles, you have the rhel-system-roles.network role, which is the easiest way to configure and manage network settings on managed nodes.

Begin by using this network system role to configure network settings on a managed node.

Here you have the server1.example.com managed machine. I already created the entry of the managed node in the inventory file.

Note: Be sure your managed node has two ethernet connections because it adds a new connection. That second network interface must be available.

Before doing any operation, confirm that the NetworkManager service is started and enabled on your managed node. Do this using a playbook. For this task, use the service module in the service.yml file.

---
- name: playbook for starting and enabling the NetworkManager
  hosts: server1.example.com
  tasks:
  -    Name: start the service
       service:
         name: NetworkManager
         state: started
         enabled: true

Run this playbook:

$ ansible-playbook service.yml

If the playbook runs successfully without any errors, the service is started and enabled on the managed node machine.

The secondary interface's name is eno1 so you can find the MAC address of this interface. Because you're using this MAC address, your playbook will find out the secondary interface. Display the MAC address of eno1 using:

$ ip a

The MAC address of server1.example.com is 52:54:00:fe:2f:b8. Use this in the playbook.

Now, after the service task, install system-roles on the controller:

$ yum install rhel-system-roles

This command will install all system roles in the role's default directory.

Now write a playbook to add a new connection on the managed node:

---
- name: playbook for configuring second interface
  hosts: server1.example.com
  vars:
     target_mac: “52:54:00:fe:2f:b8”
     network_connection:
          -  name: static-network
             type: ethernet
             mac: “{{ target_mac }}”
             state: up
             ip :
               dhcp: no
               address:
                    -  192.168.0.5/24
  roles:
   -    rhel-system-roles.network

This is a complete playbook. I'll explain each parameter step by step for you:

target_mac - This is the MAC address of the second ethernet interface. This will help to find out the correct interface on a managed node.

network_connection - This variable contains information for new connections:

• name: name of the new connection
• type: new connection type
• mac: the target_mac variable
• state: activate the connection by using the up option
• ip: disable the DHCP option and assign an IP address using this parameter

I used variables that are required to execute the network system role. Now run this playbook:

$ ansible-playbook networkconfiguration.yml

This playbook will configure a static-network connection with a static IP address.

To check the settings, log in to server1.example.com and confirm the newly-added connection:

$ nmcli connection show

NAME		UUID		TYPE		DEVICE
eno0		adc52c70-…	ethernet	eno0   
static-network	1be30687-…	ethernet	eno1   
virbr0		0a9de672-…	bridge		virbr0

Try to ping the IP address of the static-network connection, and if it succeeds, then you successfully added the new network connection.

Check whether a new connection is added successfully or not using the ad hoc commands from the controller machine:

$ ansible server1.example.com  -m shell -a 'nmcli con show'

This command will show you the same output as shown in the previous steps.

Wrap up

This article shows that you can configure network connections using Ansible system roles. This small playbook reduces manual tasks and configures the network connection of many machines at once just by creating a group of hosts. These system network roles check many parameters while executing the playbook, confirm that NetworkManager is running, and test connectivity in the playbook itself. This is a great example of how you can use system roles to automate configurations on your systems.