Support dict format IP routing rules on CentOS/Rocky
This support is now available in the MichaelRigart.interfaces role. The host configuration CI test has been updated to test policy-based routing routes and rules on CentOS Stream and Rocky Linux. It also now tests both the string and dict rule formats on CentOS and Rocky. Change-Id: Ie77530c38ab426dcbaa442776bcf048d7bbc0f01
This commit is contained in:
parent
6f59b49ab8
commit
9053183fe7
@ -271,32 +271,16 @@ Configuring IP Routing Policy Rules
|
|||||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||||
|
|
||||||
IP routing policy rules may be configured by setting the ``rules`` attribute
|
IP routing policy rules may be configured by setting the ``rules`` attribute
|
||||||
for a network to a list of rules. The format of each rule currently differs
|
for a network to a list of rules. Two formats are supported for defining rules:
|
||||||
between CentOS/Rocky and Ubuntu.
|
string format and dict format. String format rules are only supported on
|
||||||
|
CentOS Stream and Rocky Linux systems.
|
||||||
|
|
||||||
CentOS/Rocky
|
Dict format rules
|
||||||
""""""""""""
|
"""""""""""""""""
|
||||||
|
|
||||||
The format of a rule is the string which would be appended to ``ip rule
|
The dict format of a rule is a dictionary with optional items ``from``, ``to``,
|
||||||
<add|del>`` to create or delete the rule.
|
``priority``, and ``table``. ``table`` should be the name of a route table
|
||||||
|
defined in ``network_route_tables``.
|
||||||
To configure a network called ``example`` with an IP routing policy rule to
|
|
||||||
handle traffic from the subnet ``10.1.0.0/24`` using the routing table
|
|
||||||
``exampleroutetable``:
|
|
||||||
|
|
||||||
.. code-block:: yaml
|
|
||||||
:caption: ``networks.yml``
|
|
||||||
|
|
||||||
example_rules:
|
|
||||||
- from 10.1.0.0/24 table exampleroutetable
|
|
||||||
|
|
||||||
These rules will be configured on all hosts to which the network is mapped.
|
|
||||||
|
|
||||||
Ubuntu
|
|
||||||
""""""
|
|
||||||
|
|
||||||
The format of a rule is a dictionary with optional items ``from``, ``to``,
|
|
||||||
``priority``, and ``table``.
|
|
||||||
|
|
||||||
To configure a network called ``example`` with an IP routing policy rule to
|
To configure a network called ``example`` with an IP routing policy rule to
|
||||||
handle traffic from the subnet ``10.1.0.0/24`` using the routing table
|
handle traffic from the subnet ``10.1.0.0/24`` using the routing table
|
||||||
@ -311,6 +295,26 @@ handle traffic from the subnet ``10.1.0.0/24`` using the routing table
|
|||||||
|
|
||||||
These rules will be configured on all hosts to which the network is mapped.
|
These rules will be configured on all hosts to which the network is mapped.
|
||||||
|
|
||||||
|
String format rules (CentOS Stream/Rocky Linux only)
|
||||||
|
""""""""""""""""""""""""""""""""""""""""""""""""""""
|
||||||
|
|
||||||
|
The string format of a rule is the string which would be appended to ``ip rule
|
||||||
|
<add|del>`` to create or delete the rule. Note that when using NetworkManager
|
||||||
|
(the default since Zed and in Yoga when using Rocky Linux 9) the table must be
|
||||||
|
specified by ID.
|
||||||
|
|
||||||
|
To configure a network called ``example`` with an IP routing policy rule to
|
||||||
|
handle traffic from the subnet ``10.1.0.0/24`` using the routing table with ID
|
||||||
|
1:
|
||||||
|
|
||||||
|
.. code-block:: yaml
|
||||||
|
:caption: ``networks.yml``
|
||||||
|
|
||||||
|
example_rules:
|
||||||
|
- from 10.1.0.0/24 table 1
|
||||||
|
|
||||||
|
These rules will be configured on all hosts to which the network is mapped.
|
||||||
|
|
||||||
Configuring IP Routes on Specific Tables
|
Configuring IP Routes on Specific Tables
|
||||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||||
|
|
||||||
|
@ -367,10 +367,10 @@ def _validate_rules(rules):
|
|||||||
:raises: AnsibleFilterError if any rule is invalid.
|
:raises: AnsibleFilterError if any rule is invalid.
|
||||||
"""
|
"""
|
||||||
for rule in rules or []:
|
for rule in rules or []:
|
||||||
if not isinstance(rule, str):
|
if not isinstance(rule, str) and not isinstance(rule, dict):
|
||||||
raise errors.AnsibleFilterError(
|
raise errors.AnsibleFilterError(
|
||||||
"Routing policy rules must be defined in string format "
|
"Routing policy rules must be defined in string or dict "
|
||||||
"for CentOS")
|
"format for CentOS Stream and Rocky Linux")
|
||||||
|
|
||||||
|
|
||||||
@jinja2.pass_context
|
@jinja2.pass_context
|
||||||
|
@ -45,10 +45,14 @@ test_net_eth_vlan_routes:
|
|||||||
table: kayobe-test-route-table
|
table: kayobe-test-route-table
|
||||||
test_net_eth_vlan_rules:
|
test_net_eth_vlan_rules:
|
||||||
{% if ansible_facts.os_family == 'RedHat' %}
|
{% if ansible_facts.os_family == 'RedHat' %}
|
||||||
- from 192.168.35.0/24 table kayobe-test-route-table
|
- from 192.168.35.0/24 table 2
|
||||||
|
- to: 192.168.35.0/24
|
||||||
|
table: kayobe-test-route-table
|
||||||
{% else %}
|
{% else %}
|
||||||
- from: 192.168.35.0/24
|
- from: 192.168.35.0/24
|
||||||
table: kayobe-test-route-table
|
table: kayobe-test-route-table
|
||||||
|
- to: 192.168.35.0/24
|
||||||
|
table: kayobe-test-route-table
|
||||||
{% endif %}
|
{% endif %}
|
||||||
test_net_eth_vlan_zone: test-zone1
|
test_net_eth_vlan_zone: test-zone1
|
||||||
|
|
||||||
|
@ -39,17 +39,15 @@ def test_network_ethernet_vlan(host):
|
|||||||
assert interface.exists
|
assert interface.exists
|
||||||
assert '192.168.35.1' in interface.addresses
|
assert '192.168.35.1' in interface.addresses
|
||||||
assert host.file('/sys/class/net/dummy2.42/lower_dummy2').exists
|
assert host.file('/sys/class/net/dummy2.42/lower_dummy2').exists
|
||||||
# FIXME(bbezak): remove following IF after ansible-role-interfaces
|
|
||||||
# receive support for custom routes in NetworkManager
|
|
||||||
if not ('centos' in host.system_info.distribution.lower() or
|
|
||||||
'rocky' in host.system_info.distribution.lower()):
|
|
||||||
routes = host.check_output(
|
routes = host.check_output(
|
||||||
'/sbin/ip route show dev dummy2.42 table kayobe-test-route-table')
|
'/sbin/ip route show dev dummy2.42 table kayobe-test-route-table')
|
||||||
assert '192.168.40.0/24 via 192.168.35.254' in routes
|
assert '192.168.40.0/24 via 192.168.35.254' in routes
|
||||||
rules = host.check_output(
|
rules = host.check_output(
|
||||||
'/sbin/ip rule show table kayobe-test-route-table')
|
'/sbin/ip rule show table kayobe-test-route-table')
|
||||||
expected = 'from 192.168.35.0/24 lookup kayobe-test-route-table'
|
expected_from = 'from 192.168.35.0/24 lookup kayobe-test-route-table'
|
||||||
assert expected in rules
|
expected_to = 'to 192.168.35.0/24 lookup kayobe-test-route-table'
|
||||||
|
assert expected_from in rules
|
||||||
|
assert expected_to in rules
|
||||||
|
|
||||||
|
|
||||||
def test_network_bridge(host):
|
def test_network_bridge(host):
|
||||||
|
11
releasenotes/notes/nm-rules-3f1f2c2a9e8f6ce3.yaml
Normal file
11
releasenotes/notes/nm-rules-3f1f2c2a9e8f6ce3.yaml
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
Adds support for specifying IP policy-based routing rules using the
|
||||||
|
dict-based format on CentOS Stream and Rocky Linux systems. The
|
||||||
|
string-based format is still supported on these systems.
|
||||||
|
other:
|
||||||
|
- |
|
||||||
|
Kayobe networking documentation for IP rules on CentOS Stream/Rocky Linux
|
||||||
|
systems has been updated to reflect that routing tables must be specified
|
||||||
|
by ID rather than by name.
|
Loading…
Reference in New Issue
Block a user