Dealing with many network interfaces during host check-ins

This article was originally published on the Red Hat Customer Portal. The information may no longer be current.

Satellite 6 comes with powerful host importing capabilities as part of its inventory feature. When a host checks-in via Puppet or subscription-manager, all incoming data, which we call "facts", are parsed. This mechanism is called "fact import".

By default Satellite 6 extracts networking information such as NICs, MAC and IP addresses making necessary changes to reflect the new state in the inventory database. When an IP address of a registered host changes for example, the same change is applied in Satellite 6 database during fact import.

This can be problem for hosts with frequently changing interfaces, typically virtualization hypervisors or container hosts. The default behavior in Satellite 6 is safe; new interfaces are added but missing interfaces are never removed. This stems from Puppet behavior when disabled interfaces are not reported via facter which could lead to mis-deletions in the Satellite 6 inventory.

In these workloads, Satellite 6 will be adding new network interfaces to hosts indefinitely leading to slow performance of host check-ins for both Puppet and subscription-manager. We've seen hosts with thousands of records of invalid network interface inventory data. There are two configuration options to solve this situation.

First, fact import for NICs can be completely disabled via Ignore Puppet facts for provisioning global setting. When this option is turned on, the IP or MAC address of existing host is never updated automatically. Although the name of this setting implies this only affects Puppet, it also affects subscription-manager import code as well. We will rename this option in the future to match its real meaning.

This will essentially completely turn off Puppet fact parsing which cannot be used in case hosts are being registered via Puppet and network interfaces are needed, for example to remotely execute scripts. For this case, there is an alternative method to filter out some interfaces from being added or updated in the Satellite 6 inventory via Ignore interfaces with matching identifier global option. By default it is set to:

'lo', 'usb*', 'vnet*', 'macvtap*', '_vdsmdummy_'

For example to filter out docker network interfaces, 'veth*' would be added to the list. Interface naming conventions are different for virtualization or container technologies like libvirt, vdsm, xen or lxc. What is usually common is some prefix or suffix that can be easily matched using a wildcard syntax. Note the syntax is not a regular expression, but a simple wildcard.

Satellite 6.2.9 introduced two new settings called Ignore facts for operating system and Ignore facts for subnet which work in a similar way, but are not related to network interfaces.