Support dict format IP routing rules on CentOS/Rocky
This support is now available in the MichaelRigart.interfaces role. The host configuration CI test has been updated to test policy-based routing routes and rules on CentOS Stream and Rocky Linux. It also now tests both the string and dict rule formats on CentOS and Rocky. Change-Id: Ie77530c38ab426dcbaa442776bcf048d7bbc0f01
This commit is contained in:
		 Mark Goddard
					Mark Goddard
				
			
				
					committed by
					
						 Pierre Riteau
						Pierre Riteau
					
				
			
			
				
	
			
			
			 Pierre Riteau
						Pierre Riteau
					
				
			
						parent
						
							6f59b49ab8
						
					
				
				
					commit
					9053183fe7
				
			| @@ -271,32 +271,16 @@ Configuring IP Routing Policy Rules | |||||||
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | ||||||
|  |  | ||||||
| IP routing policy rules may be configured by setting the ``rules`` attribute | IP routing policy rules may be configured by setting the ``rules`` attribute | ||||||
| for a network to a list of rules. The format of each rule currently differs | for a network to a list of rules. Two formats are supported for defining rules: | ||||||
| between CentOS/Rocky and Ubuntu. | string format and dict format. String format rules are only supported on | ||||||
|  | CentOS Stream and Rocky Linux systems. | ||||||
|  |  | ||||||
| CentOS/Rocky | Dict format rules | ||||||
| """""""""""" | """"""""""""""""" | ||||||
|  |  | ||||||
| The format of a rule is the string which would be appended to ``ip rule | The dict format of a rule is a dictionary with optional items ``from``, ``to``, | ||||||
| <add|del>`` to create or delete the rule. | ``priority``, and ``table``. ``table`` should be the name of a route table | ||||||
|  | defined in ``network_route_tables``. | ||||||
| To configure a network called ``example`` with an IP routing policy rule to |  | ||||||
| handle traffic from the subnet ``10.1.0.0/24`` using the routing table |  | ||||||
| ``exampleroutetable``: |  | ||||||
|  |  | ||||||
| .. code-block:: yaml |  | ||||||
|    :caption: ``networks.yml`` |  | ||||||
|  |  | ||||||
|    example_rules: |  | ||||||
|      - from 10.1.0.0/24 table exampleroutetable |  | ||||||
|  |  | ||||||
| These rules will be configured on all hosts to which the network is mapped. |  | ||||||
|  |  | ||||||
| Ubuntu |  | ||||||
| """""" |  | ||||||
|  |  | ||||||
| The format of a rule is a dictionary with optional items ``from``, ``to``, |  | ||||||
| ``priority``, and ``table``. |  | ||||||
|  |  | ||||||
| To configure a network called ``example`` with an IP routing policy rule to | To configure a network called ``example`` with an IP routing policy rule to | ||||||
| handle traffic from the subnet ``10.1.0.0/24`` using the routing table | handle traffic from the subnet ``10.1.0.0/24`` using the routing table | ||||||
| @@ -311,6 +295,26 @@ handle traffic from the subnet ``10.1.0.0/24`` using the routing table | |||||||
|  |  | ||||||
| These rules will be configured on all hosts to which the network is mapped. | These rules will be configured on all hosts to which the network is mapped. | ||||||
|  |  | ||||||
|  | String format rules (CentOS Stream/Rocky Linux only) | ||||||
|  | """""""""""""""""""""""""""""""""""""""""""""""""""" | ||||||
|  |  | ||||||
|  | The string format of a rule is the string which would be appended to ``ip rule | ||||||
|  | <add|del>`` to create or delete the rule. Note that when using NetworkManager | ||||||
|  | (the default since Zed and in Yoga when using Rocky Linux 9) the table must be | ||||||
|  | specified by ID. | ||||||
|  |  | ||||||
|  | To configure a network called ``example`` with an IP routing policy rule to | ||||||
|  | handle traffic from the subnet ``10.1.0.0/24`` using the routing table with ID | ||||||
|  | 1: | ||||||
|  |  | ||||||
|  | .. code-block:: yaml | ||||||
|  |    :caption: ``networks.yml`` | ||||||
|  |  | ||||||
|  |    example_rules: | ||||||
|  |      - from 10.1.0.0/24 table 1 | ||||||
|  |  | ||||||
|  | These rules will be configured on all hosts to which the network is mapped. | ||||||
|  |  | ||||||
| Configuring IP Routes on Specific Tables | Configuring IP Routes on Specific Tables | ||||||
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | ||||||
|  |  | ||||||
|   | |||||||
| @@ -367,10 +367,10 @@ def _validate_rules(rules): | |||||||
|     :raises: AnsibleFilterError if any rule is invalid. |     :raises: AnsibleFilterError if any rule is invalid. | ||||||
|     """ |     """ | ||||||
|     for rule in rules or []: |     for rule in rules or []: | ||||||
|         if not isinstance(rule, str): |         if not isinstance(rule, str) and not isinstance(rule, dict): | ||||||
|             raise errors.AnsibleFilterError( |             raise errors.AnsibleFilterError( | ||||||
|                 "Routing policy rules must be defined in string format " |                 "Routing policy rules must be defined in string or dict " | ||||||
|                 "for CentOS") |                 "format for CentOS Stream and Rocky Linux") | ||||||
|  |  | ||||||
|  |  | ||||||
| @jinja2.pass_context | @jinja2.pass_context | ||||||
|   | |||||||
| @@ -45,10 +45,14 @@ test_net_eth_vlan_routes: | |||||||
|     table: kayobe-test-route-table |     table: kayobe-test-route-table | ||||||
| test_net_eth_vlan_rules: | test_net_eth_vlan_rules: | ||||||
| {% if ansible_facts.os_family == 'RedHat' %} | {% if ansible_facts.os_family == 'RedHat' %} | ||||||
|   - from 192.168.35.0/24 table kayobe-test-route-table |   - from 192.168.35.0/24 table 2 | ||||||
|  |   - to: 192.168.35.0/24 | ||||||
|  |     table: kayobe-test-route-table | ||||||
| {% else %} | {% else %} | ||||||
|   - from: 192.168.35.0/24 |   - from: 192.168.35.0/24 | ||||||
|     table: kayobe-test-route-table |     table: kayobe-test-route-table | ||||||
|  |   - to: 192.168.35.0/24 | ||||||
|  |     table: kayobe-test-route-table | ||||||
| {% endif %} | {% endif %} | ||||||
| test_net_eth_vlan_zone: test-zone1 | test_net_eth_vlan_zone: test-zone1 | ||||||
|  |  | ||||||
|   | |||||||
| @@ -39,17 +39,15 @@ def test_network_ethernet_vlan(host): | |||||||
|     assert interface.exists |     assert interface.exists | ||||||
|     assert '192.168.35.1' in interface.addresses |     assert '192.168.35.1' in interface.addresses | ||||||
|     assert host.file('/sys/class/net/dummy2.42/lower_dummy2').exists |     assert host.file('/sys/class/net/dummy2.42/lower_dummy2').exists | ||||||
|     # FIXME(bbezak): remove following IF after ansible-role-interfaces |     routes = host.check_output( | ||||||
|     # receive support for custom routes in NetworkManager |         '/sbin/ip route show dev dummy2.42 table kayobe-test-route-table') | ||||||
|     if not ('centos' in host.system_info.distribution.lower() or |     assert '192.168.40.0/24 via 192.168.35.254' in routes | ||||||
|             'rocky' in host.system_info.distribution.lower()): |     rules = host.check_output( | ||||||
|        routes = host.check_output( |         '/sbin/ip rule show table kayobe-test-route-table') | ||||||
|            '/sbin/ip route show dev dummy2.42 table kayobe-test-route-table') |     expected_from = 'from 192.168.35.0/24 lookup kayobe-test-route-table' | ||||||
|        assert '192.168.40.0/24 via 192.168.35.254' in routes |     expected_to = 'to 192.168.35.0/24 lookup kayobe-test-route-table' | ||||||
|        rules = host.check_output( |     assert expected_from in rules | ||||||
|            '/sbin/ip rule show table kayobe-test-route-table') |     assert expected_to in rules | ||||||
|        expected = 'from 192.168.35.0/24 lookup kayobe-test-route-table' |  | ||||||
|        assert expected in rules |  | ||||||
|  |  | ||||||
|  |  | ||||||
| def test_network_bridge(host): | def test_network_bridge(host): | ||||||
|   | |||||||
							
								
								
									
										11
									
								
								releasenotes/notes/nm-rules-3f1f2c2a9e8f6ce3.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										11
									
								
								releasenotes/notes/nm-rules-3f1f2c2a9e8f6ce3.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,11 @@ | |||||||
|  | --- | ||||||
|  | features: | ||||||
|  |   - | | ||||||
|  |     Adds support for specifying IP policy-based routing rules using the | ||||||
|  |     dict-based format on CentOS Stream and Rocky Linux systems. The | ||||||
|  |     string-based format is still supported on these systems. | ||||||
|  | other: | ||||||
|  |   - | | ||||||
|  |     Kayobe networking documentation for IP rules on CentOS Stream/Rocky Linux | ||||||
|  |     systems has been updated to reflect that routing tables must be specified | ||||||
|  |     by ID rather than by name. | ||||||
		Reference in New Issue
	
	Block a user