How to configure network settings with Ansible system roles
This is the second article in series using Ansible system roles. In the previous article, I introduced you to Ansible and system roles and provided some examples. System roles help you manage OS-level tasks like SELinux, managing network settings, NTP, etc. In that article, you saw an example where you changed SELinux mode using system.role-selinux
role. In this article, I look at the network role in detail so that you can modify the remote machine network connections with a single playbook.
NetworkManager manages network settings such as configuring the network interface as well as the connection. Basically, it's a daemon that monitors and manages network settings. It uses a file in /etc/sysconfig/network-scripts
to store them. nmcli
is the utility that's used to create and edit connections files from a shell prompt. To list the connections of your local machine use:
$ nmcli dev status
DEVICE TYPE STATE CONNECTION
eno0 ethernet connected eno0
eno1 ethernet disconnected ---
virbr0 bridge connected virbr0
In the above output, you can see various columns. The first column, DEVICE, indicates the network interface. The TYPE column shows which type of connection is this. The STATE column indicates the status of the connection, and the last one, CONNECTION, is a collection of settings that can be configured for a device. Each connection has a name or ID that identifies it.
To display a list of all connections, you can use:
$ nmcli con show
Using the nmcli
utility, you can add network connections and assign IPv4 or IPv6 addresses to create network connections. However, as you know, you want to automate manual tasks that you would normally do with nmcli
. You want to manage network nodes by using an Ansible playbook.
In Ansible, you have three important modules that help you manage nodes: Service, daemon, and system settings. You can also use these modules to manage networks. In the previous article, I discussed Ansible system-roles. In system-roles, you have the rhel-system-roles.network
role, which is the easiest way to configure and manage network settings on managed nodes.
Begin by using this network system role to configure network settings on a managed node.
Here you have the server1.example.com
managed machine. I already created the entry of the managed node in the inventory file.
Note: Be sure your managed node has two ethernet connections because it adds a new connection. That second network interface must be available.
Before doing any operation, confirm that the NetworkManager service is started and enabled on your managed node. Do this using a playbook. For this task, use the service module in the service.yml
file.
---
- name: playbook for starting and enabling the NetworkManager
hosts: server1.example.com
tasks:
- Name: start the service
service:
name: NetworkManager
state: started
enabled: true
Run this playbook:
$ ansible-playbook service.yml
If the playbook runs successfully without any errors, the service is started and enabled on the managed node machine.
The secondary interface's name is eno1 so you can find the MAC address of this interface. Because you're using this MAC address, your playbook will find out the secondary interface. Display the MAC address of eno1 using:
$ ip a
The MAC address of server1.example.com
is 52:54:00:fe:2f:b8. Use this in the playbook.
Now, after the service task, install system-roles
on the controller:
$ yum install rhel-system-roles
This command will install all system roles in the role's default directory.
Now write a playbook to add a new connection on the managed node:
---
- name: playbook for configuring second interface
hosts: server1.example.com
vars:
target_mac: “52:54:00:fe:2f:b8”
network_connection:
- name: static-network
type: ethernet
mac: “{{ target_mac }}”
state: up
ip :
dhcp: no
address:
- 192.168.0.5/24
roles:
- rhel-system-roles.network
This is a complete playbook. I'll explain each parameter step by step for you:
target_mac - This is the MAC address of the second ethernet interface. This will help to find out the correct interface on a managed node.
network_connection - This variable contains information for new connections:
- name: name of the new connection
- type: new connection type
- mac: the target_mac variable
- state: activate the connection by using the
up
option - ip: disable the DHCP option and assign an IP address using this parameter
I used variables that are required to execute the network system role. Now run this playbook:
$ ansible-playbook networkconfiguration.yml
This playbook will configure a static-network connection with a static IP address.
To check the settings, log in to server1.example.com
and confirm the newly-added connection:
$ nmcli connection show
NAME UUID TYPE DEVICE
eno0 adc52c70-… ethernet eno0
static-network 1be30687-… ethernet eno1
virbr0 0a9de672-… bridge virbr0
Try to ping
the IP address of the static-network connection, and if it succeeds, then you successfully added the new network connection.
Check whether a new connection is added successfully or not using the ad hoc commands from the controller machine:
$ ansible server1.example.com -m shell -a 'nmcli con show'
This command will show you the same output as shown in the previous steps.
Wrap up
This article shows that you can configure network connections using Ansible system roles. This small playbook reduces manual tasks and configures the network connection of many machines at once just by creating a group of hosts. These system network roles check many parameters while executing the playbook, confirm that NetworkManager is running, and test connectivity in the playbook itself. This is a great example of how you can use system roles to automate configurations on your systems.
Shiwani Biradar
Shiwani Biradar is an Associate Technical support Engineer in Red Hat. She loves contributing to open source projects and communities. Shiwani never stops exploring new technologies. If you don't find her exploring technologies then you will find her exploring food. More about me