D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
opt
/
saltstack
/
salt
/
lib
/
python3.10
/
site-packages
/
salt
/
modules
/
Filename :
rh_ip.py
back
Copy
""" The networking module for RHEL/Fedora based distros """ import logging import os import jinja2 import jinja2.exceptions import salt.utils.files import salt.utils.json import salt.utils.stringutils import salt.utils.templates import salt.utils.validate.net from salt.exceptions import CommandExecutionError # Set up logging log = logging.getLogger(__name__) # Set up template environment JINJA = jinja2.Environment( loader=jinja2.FileSystemLoader( os.path.join(salt.utils.templates.TEMPLATE_DIRNAME, "rh_ip") ) ) # Define the module's virtual name __virtualname__ = "ip" # Default values for bonding _BOND_DEFAULTS = { # 803.ad aggregation selection logic # 0 for stable (default) # 1 for bandwidth # 2 for count "ad_select": "0", # Max number of transmit queues (default = 16) "tx_queues": "16", # lacp_rate 0: Slow - every 30 seconds # lacp_rate 1: Fast - every 1 second "lacp_rate": "0", # Max bonds for this driver "max_bonds": "1", # Used with miimon. # On: driver sends mii # Off: ethtool sends mii "use_carrier": "0", # Default. Don't change unless you know what you are doing. "xmit_hash_policy": "layer2", } _RH_NETWORK_SCRIPT_DIR = "/etc/sysconfig/network-scripts" _RH_NETWORK_FILE = "/etc/sysconfig/network" _CONFIG_TRUE = ("yes", "on", "true", "1", True) _CONFIG_FALSE = ("no", "off", "false", "0", False) _IFACE_TYPES = ( "eth", "bond", "team", "alias", "clone", "ipsec", "dialup", "bridge", "slave", "teamport", "vlan", "ipip", "ib", ) def __virtual__(): """ Confine this module to RHEL/Fedora based distros """ if __grains__["os_family"] == "RedHat": if __grains__["os"] == "Amazon": if __grains__["osmajorrelease"] >= 2: return __virtualname__ else: return __virtualname__ return ( False, "The rh_ip execution module cannot be loaded: this module is only available on" " RHEL/Fedora based distributions.", ) def _error_msg_iface(iface, option, expected): """ Build an appropriate error message from a given option and a list of expected values. """ if isinstance(expected, str): expected = (expected,) msg = "Invalid option -- Interface: {0}, Option: {1}, Expected: [{2}]" return msg.format(iface, option, "|".join(str(e) for e in expected)) def _error_msg_routes(iface, option, expected): """ Build an appropriate error message from a given option and a list of expected values. """ msg = "Invalid option -- Route interface: {0}, Option: {1}, Expected: [{2}]" return msg.format(iface, option, expected) def _log_default_iface(iface, opt, value): log.info( "Using default option -- Interface: %s Option: %s Value: %s", iface, opt, value ) def _error_msg_network(option, expected): """ Build an appropriate error message from a given option and a list of expected values. """ if isinstance(expected, str): expected = (expected,) msg = "Invalid network setting -- Setting: {0}, Expected: [{1}]" return msg.format(option, "|".join(str(e) for e in expected)) def _log_default_network(opt, value): log.info("Using existing setting -- Setting: %s Value: %s", opt, value) def _parse_rh_config(path): rh_config = _read_file(path) cv_rh_config = {} if rh_config: for line in rh_config: line = line.strip() if not line or line.startswith("!") or line.startswith("#"): continue pair = [p.rstrip() for p in line.split("=", 1)] if len(pair) != 2: continue name, value = pair cv_rh_config[name.upper()] = value return cv_rh_config def _parse_ethtool_opts(opts, iface): """ Filters given options and outputs valid settings for ETHTOOLS_OPTS If an option has a value that is not expected, this function will log what the Interface, Setting and what it was expecting. """ config = {} if "autoneg" in opts: if opts["autoneg"] in _CONFIG_TRUE: config.update({"autoneg": "on"}) elif opts["autoneg"] in _CONFIG_FALSE: config.update({"autoneg": "off"}) else: _raise_error_iface(iface, "autoneg", _CONFIG_TRUE + _CONFIG_FALSE) if "duplex" in opts: valid = ["full", "half"] if opts["duplex"] in valid: config.update({"duplex": opts["duplex"]}) else: _raise_error_iface(iface, "duplex", valid) if "speed" in opts: valid = ["10", "100", "1000", "10000"] if str(opts["speed"]) in valid: config.update({"speed": opts["speed"]}) else: _raise_error_iface(iface, opts["speed"], valid) if "advertise" in opts: valid = [ "0x001", "0x002", "0x004", "0x008", "0x010", "0x020", "0x20000", "0x8000", "0x1000", "0x40000", "0x80000", "0x200000", "0x400000", "0x800000", "0x1000000", "0x2000000", "0x4000000", ] if str(opts["advertise"]) in valid: config.update({"advertise": opts["advertise"]}) else: _raise_error_iface(iface, "advertise", valid) if "channels" in opts: channels_cmd = "-L {}".format(iface.strip()) channels_params = [] for option in ("rx", "tx", "other", "combined"): if option in opts["channels"]: valid = range(1, __grains__["num_cpus"] + 1) if opts["channels"][option] in valid: channels_params.append( "{} {}".format(option, opts["channels"][option]) ) else: _raise_error_iface(iface, opts["channels"][option], valid) if channels_params: config.update({channels_cmd: " ".join(channels_params)}) valid = _CONFIG_TRUE + _CONFIG_FALSE for option in ("rx", "tx", "sg", "tso", "ufo", "gso", "gro", "lro"): if option in opts: if opts[option] in _CONFIG_TRUE: config.update({option: "on"}) elif opts[option] in _CONFIG_FALSE: config.update({option: "off"}) else: _raise_error_iface(iface, option, valid) return config def _parse_settings_bond(opts, iface): """ Filters given options and outputs valid settings for requested operation. If an option has a value that is not expected, this function will log what the Interface, Setting and what it was expecting. """ if opts["mode"] in ("balance-rr", "0"): log.info("Device: %s Bonding Mode: load balancing (round-robin)", iface) return _parse_settings_bond_0(opts, iface) elif opts["mode"] in ("active-backup", "1"): log.info("Device: %s Bonding Mode: fault-tolerance (active-backup)", iface) return _parse_settings_bond_1(opts, iface) elif opts["mode"] in ("balance-xor", "2"): log.info("Device: %s Bonding Mode: load balancing (xor)", iface) return _parse_settings_bond_2(opts, iface) elif opts["mode"] in ("broadcast", "3"): log.info("Device: %s Bonding Mode: fault-tolerance (broadcast)", iface) return _parse_settings_bond_3(opts, iface) elif opts["mode"] in ("802.3ad", "4"): log.info( "Device: %s Bonding Mode: IEEE 802.3ad Dynamic link aggregation", iface ) return _parse_settings_bond_4(opts, iface) elif opts["mode"] in ("balance-tlb", "5"): log.info("Device: %s Bonding Mode: transmit load balancing", iface) return _parse_settings_bond_5(opts, iface) elif opts["mode"] in ("balance-alb", "6"): log.info("Device: %s Bonding Mode: adaptive load balancing", iface) return _parse_settings_bond_6(opts, iface) else: valid = ( "0", "1", "2", "3", "4", "5", "6", "balance-rr", "active-backup", "balance-xor", "broadcast", "802.3ad", "balance-tlb", "balance-alb", ) _raise_error_iface(iface, "mode", valid) def _parse_settings_miimon(opts, iface): """ Add shared settings for miimon support used by balance-rr, balance-xor bonding types. """ ret = {} for binding in ("miimon", "downdelay", "updelay"): if binding in opts: try: int(opts[binding]) ret.update({binding: opts[binding]}) except Exception: # pylint: disable=broad-except _raise_error_iface(iface, binding, "integer") if "miimon" in opts and "downdelay" not in opts: ret["downdelay"] = ret["miimon"] * 2 if "miimon" in opts: if not opts["miimon"]: _raise_error_iface(iface, "miimon", "nonzero integer") for binding in ("downdelay", "updelay"): if binding in ret: if ret[binding] % ret["miimon"]: _raise_error_iface( iface, binding, "0 or a multiple of miimon ({})".format(ret["miimon"]), ) if "use_carrier" in opts: if opts["use_carrier"] in _CONFIG_TRUE: ret.update({"use_carrier": "1"}) elif opts["use_carrier"] in _CONFIG_FALSE: ret.update({"use_carrier": "0"}) else: valid = _CONFIG_TRUE + _CONFIG_FALSE _raise_error_iface(iface, "use_carrier", valid) else: _log_default_iface(iface, "use_carrier", _BOND_DEFAULTS["use_carrier"]) ret.update({"use_carrier": _BOND_DEFAULTS["use_carrier"]}) return ret def _parse_settings_arp(opts, iface): """ Add shared settings for arp used by balance-rr, balance-xor bonding types. """ ret = {} if "arp_interval" in opts: try: int(opts["arp_interval"]) ret.update({"arp_interval": opts["arp_interval"]}) except Exception: # pylint: disable=broad-except _raise_error_iface(iface, "arp_interval", "integer") # ARP targets in n.n.n.n form valid = "list of ips (up to 16)" if "arp_ip_target" in opts: if isinstance(opts["arp_ip_target"], list): if 1 <= len(opts["arp_ip_target"]) <= 16: ret.update({"arp_ip_target": ",".join(opts["arp_ip_target"])}) else: _raise_error_iface(iface, "arp_ip_target", valid) else: _raise_error_iface(iface, "arp_ip_target", valid) else: _raise_error_iface(iface, "arp_ip_target", valid) return ret def _parse_settings_bond_0(opts, iface): """ Filters given options and outputs valid settings for bond0. If an option has a value that is not expected, this function will log what the Interface, Setting and what it was expecting. """ bond = {"mode": "0"} bond.update(_parse_settings_miimon(opts, iface)) bond.update(_parse_settings_arp(opts, iface)) if "miimon" not in opts and "arp_interval" not in opts: _raise_error_iface( iface, "miimon or arp_interval", "at least one of these is required" ) return bond def _parse_settings_bond_1(opts, iface): """ Filters given options and outputs valid settings for bond1. If an option has a value that is not expected, this function will log what the Interface, Setting and what it was expecting. """ bond = {"mode": "1"} bond.update(_parse_settings_miimon(opts, iface)) if "miimon" not in opts: _raise_error_iface(iface, "miimon", "integer") if "primary" in opts: bond.update({"primary": opts["primary"]}) return bond def _parse_settings_bond_2(opts, iface): """ Filters given options and outputs valid settings for bond2. If an option has a value that is not expected, this function will log what the Interface, Setting and what it was expecting. """ bond = {"mode": "2"} bond.update(_parse_settings_miimon(opts, iface)) bond.update(_parse_settings_arp(opts, iface)) if "miimon" not in opts and "arp_interval" not in opts: _raise_error_iface( iface, "miimon or arp_interval", "at least one of these is required" ) if "hashing-algorithm" in opts: valid = ("layer2", "layer2+3", "layer3+4") if opts["hashing-algorithm"] in valid: bond.update({"xmit_hash_policy": opts["hashing-algorithm"]}) else: _raise_error_iface(iface, "hashing-algorithm", valid) return bond def _parse_settings_bond_3(opts, iface): """ Filters given options and outputs valid settings for bond3. If an option has a value that is not expected, this function will log what the Interface, Setting and what it was expecting. """ bond = {"mode": "3"} bond.update(_parse_settings_miimon(opts, iface)) if "miimon" not in opts: _raise_error_iface(iface, "miimon", "integer") return bond def _parse_settings_bond_4(opts, iface): """ Filters given options and outputs valid settings for bond4. If an option has a value that is not expected, this function will log what the Interface, Setting and what it was expecting. """ bond = {"mode": "4"} bond.update(_parse_settings_miimon(opts, iface)) if "miimon" not in opts: _raise_error_iface(iface, "miimon", "integer") for binding in ("lacp_rate", "ad_select"): if binding in opts: if binding == "lacp_rate": valid = ("fast", "1", "slow", "0") if opts[binding] not in valid: _raise_error_iface(iface, binding, valid) if opts[binding] == "fast": opts.update({binding: "1"}) if opts[binding] == "slow": opts.update({binding: "0"}) else: valid = "integer" try: int(opts[binding]) bond.update({binding: opts[binding]}) except Exception: # pylint: disable=broad-except _raise_error_iface(iface, binding, valid) else: _log_default_iface(iface, binding, _BOND_DEFAULTS[binding]) bond.update({binding: _BOND_DEFAULTS[binding]}) if "hashing-algorithm" in opts: if __grains__["os_family"] == "RedHat": # allowing for Amazon 2 based of RHEL/Centos 7 if __grains__["osmajorrelease"] < 8: valid = ("layer2", "layer2+3", "layer3+4", "encap2+3", "encap3+4") else: valid = ( "layer2", "layer2+3", "layer3+4", "encap2+3", "encap3+4", "vlan+srcmac", ) if opts["hashing-algorithm"] in valid: bond.update({"xmit_hash_policy": opts["hashing-algorithm"]}) else: _raise_error_iface(iface, "hashing-algorithm", valid) return bond def _parse_settings_bond_5(opts, iface): """ Filters given options and outputs valid settings for bond5. If an option has a value that is not expected, this function will log what the Interface, Setting and what it was expecting. """ bond = {"mode": "5"} bond.update(_parse_settings_miimon(opts, iface)) if "miimon" not in opts: _raise_error_iface(iface, "miimon", "integer") if "primary" in opts: bond.update({"primary": opts["primary"]}) return bond def _parse_settings_bond_6(opts, iface): """ Filters given options and outputs valid settings for bond6. If an option has a value that is not expected, this function will log what the Interface, Setting and what it was expecting. """ bond = {"mode": "6"} bond.update(_parse_settings_miimon(opts, iface)) if "miimon" not in opts: _raise_error_iface(iface, "miimon", "integer") if "primary" in opts: bond.update({"primary": opts["primary"]}) return bond def _parse_settings_vlan(opts, iface): """ Filters given options and outputs valid settings for a vlan """ vlan = {} if "reorder_hdr" in opts: if opts["reorder_hdr"] in _CONFIG_TRUE + _CONFIG_FALSE: vlan.update({"reorder_hdr": opts["reorder_hdr"]}) else: valid = _CONFIG_TRUE + _CONFIG_FALSE _raise_error_iface(iface, "reorder_hdr", valid) if "vlan_id" in opts: if opts["vlan_id"] > 0: vlan.update({"vlan_id": opts["vlan_id"]}) else: _raise_error_iface(iface, "vlan_id", "Positive integer") if "phys_dev" in opts: if opts["phys_dev"]: vlan.update({"phys_dev": opts["phys_dev"]}) else: _raise_error_iface(iface, "phys_dev", "Non-empty string") return vlan def _parse_settings_eth(opts, iface_type, enabled, iface): """ Filters given options and outputs valid settings for a network interface. """ result = {"name": iface} if "proto" in opts: valid = ["none", "bootp", "dhcp"] if opts["proto"] in valid: result["proto"] = opts["proto"] else: _raise_error_iface(iface, opts["proto"], valid) if "dns" in opts: result["dns"] = opts["dns"] result["peerdns"] = "yes" if "mtu" in opts: try: result["mtu"] = int(opts["mtu"]) except ValueError: _raise_error_iface(iface, "mtu", ["integer"]) if "hwaddr" in opts and "macaddr" in opts: msg = "Cannot pass both hwaddr and macaddr. Must use either hwaddr or macaddr" log.error(msg) raise AttributeError(msg) if iface_type not in ("bridge",): ethtool = _parse_ethtool_opts(opts, iface) if ethtool: result["ethtool"] = " ".join( ["{} {}".format(x, y) for x, y in ethtool.items()] ) if iface_type == "slave": result["proto"] = "none" if iface_type == "team": result["devicetype"] = "Team" if "team_config" in opts: result["team_config"] = salt.utils.json.dumps(opts["team_config"]) if iface_type == "teamport": result["devicetype"] = "TeamPort" result["team_master"] = opts["team_master"] if "team_port_config" in opts: result["team_port_config"] = salt.utils.json.dumps(opts["team_port_config"]) if iface_type == "bond": if "mode" not in opts: msg = "Missing required option 'mode'" log.error("%s for bond interface '%s'", msg, iface) raise AttributeError(msg) bonding = _parse_settings_bond(opts, iface) if bonding: result["bonding"] = " ".join( ["{}={}".format(x, y) for x, y in bonding.items()] ) result["devtype"] = "Bond" if iface_type == "vlan": vlan = _parse_settings_vlan(opts, iface) if vlan: result["devtype"] = "Vlan" for opt in vlan: result[opt] = opts[opt] if iface_type not in ("bond", "team", "vlan", "bridge", "ipip"): auto_addr = False if "hwaddr" in opts: if salt.utils.validate.net.mac(opts["hwaddr"]): result["hwaddr"] = opts["hwaddr"] elif opts["hwaddr"] == "auto": auto_addr = True elif opts["hwaddr"] != "none": _raise_error_iface( iface, opts["hwaddr"], ("AA:BB:CC:DD:EE:FF", "auto", "none") ) else: auto_addr = True if auto_addr: # If interface type is slave for bond, not setting hwaddr if iface_type != "slave": ifaces = __salt__["network.interfaces"]() if iface in ifaces and "hwaddr" in ifaces[iface]: result["hwaddr"] = ifaces[iface]["hwaddr"] if iface_type == "eth": result["devtype"] = "Ethernet" if iface_type == "bridge": result["devtype"] = "Bridge" bypassfirewall = True valid = _CONFIG_TRUE + _CONFIG_FALSE for opt in ("bypassfirewall",): if opt in opts: if opts[opt] in _CONFIG_TRUE: bypassfirewall = True elif opts[opt] in _CONFIG_FALSE: bypassfirewall = False else: _raise_error_iface(iface, opts[opt], valid) bridgectls = [ "net.bridge.bridge-nf-call-ip6tables", "net.bridge.bridge-nf-call-iptables", "net.bridge.bridge-nf-call-arptables", ] if bypassfirewall: sysctl_value = 0 else: sysctl_value = 1 for sysctl in bridgectls: try: __salt__["sysctl.persist"](sysctl, sysctl_value) except CommandExecutionError: log.warning("Failed to set sysctl: %s", sysctl) else: if "bridge" in opts: result["bridge"] = opts["bridge"] if iface_type == "ipip": result["devtype"] = "IPIP" for opt in ("my_inner_ipaddr", "my_outer_ipaddr"): if opt not in opts: _raise_error_iface(iface, opt, "1.2.3.4") else: result[opt] = opts[opt] if iface_type == "ib": result["devtype"] = "InfiniBand" if "prefix" in opts: if "netmask" in opts: msg = "Cannot use prefix and netmask together" log.error(msg) raise AttributeError(msg) result["prefix"] = opts["prefix"] elif "netmask" in opts: result["netmask"] = opts["netmask"] for opt in ( "ipaddr", "master", "srcaddr", "delay", "domain", "gateway", "uuid", "nickname", "zone", ): if opt in opts: result[opt] = opts[opt] for opt in ("ipv6addr", "ipv6gateway"): if opt in opts: result[opt] = opts[opt] if "ipaddrs" in opts: result["ipaddrs"] = [] for opt in opts["ipaddrs"]: if salt.utils.validate.net.ipv4_addr(opt): ip, prefix = (i.strip() for i in opt.split("/")) result["ipaddrs"].append({"ipaddr": ip, "prefix": prefix}) else: msg = "ipv4 CIDR is invalid" log.error(msg) raise AttributeError(msg) if "ipv6addrs" in opts: for opt in opts["ipv6addrs"]: if not salt.utils.validate.net.ipv6_addr(opt): msg = "ipv6 CIDR is invalid" log.error(msg) raise AttributeError(msg) result["ipv6addrs"] = opts["ipv6addrs"] if "enable_ipv6" in opts: result["enable_ipv6"] = opts["enable_ipv6"] valid = _CONFIG_TRUE + _CONFIG_FALSE for opt in ( "onparent", "peerdns", "peerroutes", "slave", "vlan", "defroute", "stp", "ipv6_peerdns", "ipv6_defroute", "ipv6_peerroutes", "ipv6_autoconf", "ipv4_failure_fatal", "dhcpv6c", ): if opt in opts: if opts[opt] in _CONFIG_TRUE: result[opt] = "yes" elif opts[opt] in _CONFIG_FALSE: result[opt] = "no" else: _raise_error_iface(iface, opts[opt], valid) if "onboot" in opts: log.warning( "The 'onboot' option is controlled by the 'enabled' option. " "Interface: %s Enabled: %s", iface, enabled, ) if enabled: result["onboot"] = "yes" else: result["onboot"] = "no" # If the interface is defined then we want to always take # control away from non-root users; unless the administrator # wants to allow non-root users to control the device. if "userctl" in opts: if opts["userctl"] in _CONFIG_TRUE: result["userctl"] = "yes" elif opts["userctl"] in _CONFIG_FALSE: result["userctl"] = "no" else: _raise_error_iface(iface, opts["userctl"], valid) else: result["userctl"] = "no" # This vlan is in opts, and should be only used in range interface # will affect jinja template for interface generating if "vlan" in opts: if opts["vlan"] in _CONFIG_TRUE: result["vlan"] = "yes" elif opts["vlan"] in _CONFIG_FALSE: result["vlan"] = "no" else: _raise_error_iface(iface, opts["vlan"], valid) if "arpcheck" in opts: if opts["arpcheck"] in _CONFIG_FALSE: result["arpcheck"] = "no" if "ipaddr_start" in opts: result["ipaddr_start"] = opts["ipaddr_start"] if "ipaddr_end" in opts: result["ipaddr_end"] = opts["ipaddr_end"] if "clonenum_start" in opts: result["clonenum_start"] = opts["clonenum_start"] if "hwaddr" in opts: result["hwaddr"] = opts["hwaddr"] if "macaddr" in opts: result["macaddr"] = opts["macaddr"] # If NetworkManager is available, we can control whether we use # it or not if "nm_controlled" in opts: if opts["nm_controlled"] in _CONFIG_TRUE: result["nm_controlled"] = "yes" elif opts["nm_controlled"] in _CONFIG_FALSE: result["nm_controlled"] = "no" else: _raise_error_iface(iface, opts["nm_controlled"], valid) else: result["nm_controlled"] = "no" return result def _parse_routes(iface, opts): """ Filters given options and outputs valid settings for the route settings file. """ # Normalize keys opts = {k.lower(): v for (k, v) in opts.items()} result = {} if "routes" not in opts: _raise_error_routes(iface, "routes", "List of routes") for opt in opts: result[opt] = opts[opt] return result def _parse_network_settings(opts, current): """ Filters given options and outputs valid settings for the global network settings file. """ # Normalize keys opts = {k.lower(): v for (k, v) in opts.items()} current = {k.lower(): v for (k, v) in current.items()} # Check for supported parameters retain_settings = opts.get("retain_settings", False) result = current if retain_settings else {} # Default quote type is an empty string, which will not quote values quote_type = "" valid = _CONFIG_TRUE + _CONFIG_FALSE if "enabled" not in opts: try: opts["networking"] = current["networking"] # If networking option is quoted, use its quote type quote_type = salt.utils.stringutils.is_quoted(opts["networking"]) _log_default_network("networking", current["networking"]) except ValueError: _raise_error_network("networking", valid) else: opts["networking"] = opts["enabled"] true_val = "{0}yes{0}".format(quote_type) false_val = "{0}no{0}".format(quote_type) networking = salt.utils.stringutils.dequote(opts["networking"]) if networking in valid: if networking in _CONFIG_TRUE: result["networking"] = true_val elif networking in _CONFIG_FALSE: result["networking"] = false_val else: _raise_error_network("networking", valid) if "hostname" not in opts: try: opts["hostname"] = current["hostname"] _log_default_network("hostname", current["hostname"]) except Exception: # pylint: disable=broad-except _raise_error_network("hostname", ["server1.example.com"]) if opts["hostname"]: result["hostname"] = "{1}{0}{1}".format( salt.utils.stringutils.dequote(opts["hostname"]), quote_type ) else: _raise_error_network("hostname", ["server1.example.com"]) if "nozeroconf" in opts: nozeroconf = salt.utils.stringutils.dequote(opts["nozeroconf"]) if nozeroconf in valid: if nozeroconf in _CONFIG_TRUE: result["nozeroconf"] = true_val elif nozeroconf in _CONFIG_FALSE: result["nozeroconf"] = false_val else: _raise_error_network("nozeroconf", valid) for opt in opts: if opt not in ("networking", "hostname", "nozeroconf"): result[opt] = "{1}{0}{1}".format( salt.utils.stringutils.dequote(opts[opt]), quote_type ) return result def _raise_error_iface(iface, option, expected): """ Log and raise an error with a logical formatted message. """ msg = _error_msg_iface(iface, option, expected) log.error(msg) raise AttributeError(msg) def _raise_error_network(option, expected): """ Log and raise an error with a logical formatted message. """ msg = _error_msg_network(option, expected) log.error(msg) raise AttributeError(msg) def _raise_error_routes(iface, option, expected): """ Log and raise an error with a logical formatted message. """ msg = _error_msg_routes(iface, option, expected) log.error(msg) raise AttributeError(msg) def _read_file(path): """ Reads and returns the contents of a file """ try: with salt.utils.files.fopen(path, "rb") as rfh: lines = salt.utils.stringutils.to_unicode(rfh.read()).splitlines() try: lines.remove("") except ValueError: pass return lines except Exception: # pylint: disable=broad-except return [] # Return empty list for type consistency def _write_file_iface(iface, data, folder, pattern): """ Writes a file to disk """ filename = os.path.join(folder, pattern.format(iface)) if not os.path.exists(folder): msg = "{0} cannot be written. {1} does not exist" msg = msg.format(filename, folder) log.error(msg) raise AttributeError(msg) with salt.utils.files.fopen(filename, "w") as fp_: fp_.write(salt.utils.stringutils.to_str(data)) def _write_file_network(data, filename): """ Writes a file to disk """ with salt.utils.files.fopen(filename, "w") as fp_: fp_.write(salt.utils.stringutils.to_str(data)) def _read_temp(data): lines = data.splitlines() try: # Discard newlines if they exist lines.remove("") except ValueError: pass return lines def build_interface(iface, iface_type, enabled, **settings): """ Build an interface script for a network interface. CLI Example: .. code-block:: bash salt '*' ip.build_interface eth0 eth <settings> """ if __grains__["os"] == "Fedora": if __grains__["osmajorrelease"] >= 28: rh_major = "8" else: rh_major = "7" elif __grains__["os"] == "Amazon": rh_major = "7" else: rh_major = __grains__["osrelease"][:1] iface_type = iface_type.lower() if iface_type not in _IFACE_TYPES: _raise_error_iface(iface, iface_type, _IFACE_TYPES) if iface_type == "slave": settings["slave"] = "yes" if "master" not in settings: msg = "master is a required setting for slave interfaces" log.error(msg) raise AttributeError(msg) if iface_type == "bond": if "mode" not in settings: msg = "mode is required for bond interfaces" log.error(msg) raise AttributeError(msg) settings["mode"] = str(settings["mode"]) if iface_type == "teamport": # Validate that either a master or team_master is defined if "master" not in settings and "team_master" not in settings: msg = "master or team_master is a required setting for teamport interfaces" log.error(msg) raise AttributeError(msg) elif "master" in settings and "team_master" in settings: log.warning( "Both team_master (%s) and master (%s) were configured " "for teamport interface %s. Ignoring master in favor of " "team_master.", settings["team_master"], settings["master"], iface, ) del settings["master"] elif "master" in settings: settings["team_master"] = settings.pop("master") if iface_type == "vlan": settings["vlan"] = "yes" if iface_type == "bridge" and not __salt__["pkg.version"]("bridge-utils"): __salt__["pkg.install"]("bridge-utils") if iface_type == "team" and not __salt__["pkg.version"]("teamd"): __salt__["pkg.install"]("teamd") if iface_type in ( "eth", "bond", "team", "teamport", "bridge", "slave", "vlan", "ipip", "ib", "alias", ): opts = _parse_settings_eth(settings, iface_type, enabled, iface) try: template = JINJA.get_template("rh{}_eth.jinja".format(rh_major)) except jinja2.exceptions.TemplateNotFound: log.error("Could not load template rh%s_eth.jinja", rh_major) return "" ifcfg = template.render(opts) if settings.get("test"): return _read_temp(ifcfg) _write_file_iface(iface, ifcfg, _RH_NETWORK_SCRIPT_DIR, "ifcfg-{0}") path = os.path.join(_RH_NETWORK_SCRIPT_DIR, "ifcfg-{}".format(iface)) return _read_file(path) def build_routes(iface, **settings): """ Build a route script for a network interface. CLI Example: .. code-block:: bash salt '*' ip.build_routes eth0 <settings> """ template = "rh6_route_eth.jinja" try: if int(__grains__["osrelease"][0]) < 6: template = "route_eth.jinja" except ValueError: pass log.debug("Template name: %s", template) opts = _parse_routes(iface, settings) log.debug("Opts: \n %s", opts) try: template = JINJA.get_template(template) except jinja2.exceptions.TemplateNotFound: log.error("Could not load template %s", template) return "" opts6 = [] opts4 = [] for route in opts["routes"]: ipaddr = route["ipaddr"] if salt.utils.validate.net.ipv6_addr(ipaddr): opts6.append(route) else: opts4.append(route) log.debug("IPv4 routes:\n%s", opts4) log.debug("IPv6 routes:\n%s", opts6) routecfg = template.render(routes=opts4, iface=iface) routecfg6 = template.render(routes=opts6, iface=iface) if settings["test"]: routes = _read_temp(routecfg) routes.extend(_read_temp(routecfg6)) return routes _write_file_iface(iface, routecfg, _RH_NETWORK_SCRIPT_DIR, "route-{0}") _write_file_iface(iface, routecfg6, _RH_NETWORK_SCRIPT_DIR, "route6-{0}") path = os.path.join(_RH_NETWORK_SCRIPT_DIR, "route-{}".format(iface)) path6 = os.path.join(_RH_NETWORK_SCRIPT_DIR, "route6-{}".format(iface)) routes = _read_file(path) routes.extend(_read_file(path6)) return routes def down(iface, iface_type): """ Shutdown a network interface CLI Example: .. code-block:: bash salt '*' ip.down eth0 """ # Slave devices are controlled by the master. if iface_type.lower() not in ("slave", "teamport"): return __salt__["cmd.run"]("ifdown {}".format(iface)) return None def get_interface(iface): """ Return the contents of an interface script CLI Example: .. code-block:: bash salt '*' ip.get_interface eth0 """ path = os.path.join(_RH_NETWORK_SCRIPT_DIR, "ifcfg-{}".format(iface)) return _read_file(path) def up(iface, iface_type): # pylint: disable=C0103 """ Start up a network interface CLI Example: .. code-block:: bash salt '*' ip.up eth0 """ # Slave devices are controlled by the master. if iface_type.lower() not in ("slave", "teamport"): return __salt__["cmd.run"]("ifup {}".format(iface)) return None def get_routes(iface): """ Return the contents of the interface routes script. CLI Example: .. code-block:: bash salt '*' ip.get_routes eth0 """ path = os.path.join(_RH_NETWORK_SCRIPT_DIR, "route-{}".format(iface)) path6 = os.path.join(_RH_NETWORK_SCRIPT_DIR, "route6-{}".format(iface)) routes = _read_file(path) routes.extend(_read_file(path6)) return routes def get_network_settings(): """ Return the contents of the global network script. CLI Example: .. code-block:: bash salt '*' ip.get_network_settings """ return _read_file(_RH_NETWORK_FILE) def apply_network_settings(**settings): """ Apply global network configuration. CLI Example: .. code-block:: bash salt '*' ip.apply_network_settings """ if "require_reboot" not in settings: settings["require_reboot"] = False if "apply_hostname" not in settings: settings["apply_hostname"] = False hostname_res = True if settings["apply_hostname"] in _CONFIG_TRUE: if "hostname" in settings: hostname_res = __salt__["network.mod_hostname"](settings["hostname"]) else: log.warning( "The network state sls is trying to apply hostname " "changes but no hostname is defined." ) hostname_res = False res = True if settings["require_reboot"] in _CONFIG_TRUE: log.warning( "The network state sls is requiring a reboot of the system to " "properly apply network configuration." ) res = True else: if __grains__["osmajorrelease"] >= 8: res = __salt__["service.restart"]("NetworkManager") else: res = __salt__["service.restart"]("network") return hostname_res and res def build_network_settings(**settings): """ Build the global network script. CLI Example: .. code-block:: bash salt '*' ip.build_network_settings <settings> """ # Read current configuration and store default values current_network_settings = _parse_rh_config(_RH_NETWORK_FILE) # Build settings opts = _parse_network_settings(settings, current_network_settings) try: template = JINJA.get_template("network.jinja") except jinja2.exceptions.TemplateNotFound: log.error("Could not load template network.jinja") return "" network = template.render(opts) if settings["test"]: return _read_temp(network) # Write settings _write_file_network(network, _RH_NETWORK_FILE) return _read_file(_RH_NETWORK_FILE)