CentOS Advanced Network Configuration with Ansible


I had some odd errors with my multi-homed CentOS servers.  I was finally able to fix them with the help of this blog post. Apparently basic multi-homed networking in CentOS is broken and you need to use the advanced configuration option. If you want to manually configure your servers then I follow the steps in the blog post I linked to above. In this post I will describe how to automate this configuration with Ansible.

The Problem

Properly configure networking in CentOS 6.x using only Ansible variables. This configuration must work with any combination of physical NICs and VLANs.

The Solution

Create a separate Ansible role for networking called network. Define your networks in group_vars/all and host specific network configurations in host_vars/host.example.com. See the role code on my github repository.

The Details

The networking role will set all the network related configuration files including the advanced settings. The advanced settings add the following files:

  1. /etc/iproute2/rt_tables
  2. /etc/sysconfig/network-scripts/route-ethX
  3. /etc/sysconfig/network-scripts/rule-ethX

These will configure a multi-homed server properly and also work fine for single-homed hosts.

As you will be able to see from the Ansible source code files, this requires many variable and some complex logic. Some of the complex is due to the way the Jinja2 templating engine handles variables.  It isn’t possible to take a purely DRY approach.

If the defaults in ifcfg-eth.j2 work for you then all you have to do is describe your networks in group_vars/all and then add the host specific variables.

Examples

Assume you have three networks: dev, staging, and production. In this case your all file would contain this:

subnets:
 - name: dev
   address: 192.168.11.0
   prefix: 24
   netmask: 255.255.255.0
   gateway: 192.168.11.1
   vlan_id: 11
   xen_uuid: 66eee33d-c564-2249-fdff-b1544250f342

 - name: staging
   address: 192.168.12.0
   prefix: 24
   netmask: 255.255.255.0
   gateway: 192.168.12.1
   vlan_id: 12
   xen_uuid: c0f140f4-02ba-45c3-3105-c73bea861c44

 - name: production
   address: 192.168.13.0
   prefix: 24
   netmask: 255.255.255.0
   gateway: 192.168.13.1
   vlan_id: 13
   xen_uuid: 0f14ef4d-1fa9-b0a1-7310-92e8c66f1494

You need a vlan_id even if you don’t use VLANs because rt_tables requires a numeric id. The xen_uuid is for Xen VMs. You can omit if you don’t use Xen.

For a single-homed server running as a Xen VM the host_vars file should follow this pattern (delete the Xen line if unneeded):

networks:
    - device_id: 0
      network_uuid: "{{dev_vlan11_network_uuid}}"
      boot_protocol: none
      ip_address: 192.168.11.5
      subnet_name: dev
      prefix: 24
      is_vlan: false
      vlan_id: ""
      configure_advanced_networking: true

For a host that uses two tagged  VLANs on Eth0 it would follow this pattern:

networks:
    - device_id: 0
      boot_protocol: none
      is_vlan: false
      configure_advanced_networking: false

    - device_id: 0
      boot_protocol: none
      ip_address: 192.168.13.13
      subnet_name: production
      vlan_id: .13
      prefix: 24
      is_vlan: true
      configure_advanced_networking: true

    - device_id: 0
      boot_protocol: none
      subnet_name: dev
      ip_address: 192.168.11.12
      vlan_id: .11
      prefix: 24
      is_vlan: true
      configure_advanced_networking: true

This creates a dummy eth0 configuration and an eth0.12 and eth0.13 file. The “.” in front of the vlan_id must be there for the code to work. For a untagged interfaces simply change is_vlan to false and set the vlan_id to "". This latter is needed to work around Jinja2 idiosyncrasies as is all the redundancy between all and the host files.



Categories: DevOps

Tags: , ,

Share Your Ideas

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: