deleted file /etc/network/interfaces.d/old-interfaces

[le9i0nx]

https://github.com/debops/ansible-ifupdown/blob/master/defaults/main.yml#L76 https://github.com/debops/ansible-ifupdown/blob/master/templates/usr/local/lib/ifupdown-reconfigure-interfaces.j2#L137 no safe use lost configure network interfaces

[drybjed]

debops.ifupdown uses the following "initialization procedure" to switch from /etc/network/interfaces to /etc/network/interfaces.d/ safely:

• /etc/network/interfaces is diverted to /etc/network/interfaces.dpkg-divert for safekeeping.
• new /etc/network/interfaces file is generated, which reads configuration from /etc/network/interfaces.d/ directory.
• new directory, /etc/network/interfaces.config.d/ is created, it will be used as "staging" directory for new configuration.
• at this point in time network configuration is unknown, so Ansible copies the old configuration from /etc/network/interfaces.dpkg-divert file to /etc/network/interfaces.d/old-interfaces. If this file is present, that means that the network configuration is in the initialization stage, and all network interfaces will be disconnected.
• then, new network configuration is generated in /etc/network/interfaces.config.d/ directory.
• reconfiguration script detects that old network configuration file is present and shuts down networking completely using old configuration data.
• when network is down, it is safe to update the configuration files, so reconfiguration script replaces /etc/network/interfaces.d/ with contents of /etc/network/interfaces.config.d/. Old configuration is deleted to not interfere with the new one.
• reconfiguration script starts only the network interfaces, which were generated, that is not all networking at once, but specific interfaces like br0, eth0, etc.

When the above steps are complete, debops.ifupdown assumes that the state of network configuration is known and acts accordingly. Further changes to network configuration will only shut down / start specific interfaces, not whole networking.

As for your question, can you describe your environment? Do you use static configuration, or DHCP? Is the host a hardware host, OpenVZ, LXC, KVM? Are POSIX capabilities active? Also, do you use the main DebOps playbook, or only specific DebOps roles with your own playbook?

[le9i0nx]

OpenVZ I use https://github.com/debops/ansible-tinc dependencies

# This configuration file is auto-generated.
#
# WARNING: Do not edit this file, your changes will be lost.
# Please create/edit /etc/network/interfaces.head and
# /etc/network/interfaces.tail instead, their contents will be
# inserted at the beginning and at the end of this file, respectively.
#
# NOTE: it is NOT guaranteed that the contents of /etc/network/interfaces.tail
# will be at the very end of this file.
#

# Auto generated lo interface
auto lo
iface lo inet loopback

# Auto generated venet0 interface
auto venet0
iface venet0 inet manual
    up ifconfig venet0 up
    up ifconfig venet0 127.0.0.2
    up route add default dev venet0
    down route del default dev venet0
    down ifconfig venet0 down

iface venet0 inet6 manual
    up route -A inet6 add default dev venet0
    down route -A inet6 del default dev venet0

auto venet0:0
iface venet0:0 inet static
    address 8.8.8.8
    netmask 255.255.255.255

I think it's safe:

1. parse the file /etc/network/interfaces.dpkg-divert interfaces and put them in /etc/network/interfaces.config.d/
2. superimpose data from debops.ifupdown
3. To check the efficiency of a new

[drybjed]

In case of OpenVZ, debops.ifupdown avoids messing with /etc/network/iterfaces altogether, since it's generated by the parent host. I haven't checked, but I think that even as a role dependency, debops.ifupdown shouldn't mess with network since you have "static" string in /etc/network/interfaces.

I'm not sure if tinc even works inside OpenVZ container, probably it could work if you have set up veth device, but I haven't tested that.

[le9i0nx]

in this case, all right all the necessary interfaces are created.

I think is not safe to remove the configuration interfaces are not specified in the settings debops.ifupdown

[drybjed]

First, on OpenVZ debops.ifupdown shouldn't even mess with /etc/network/interfaces, unless you forced it. In that case, don't complain that it did what it is supposed to do. :-)

As for removing old interface configuration... Usually on Debian you have eth0 enabled by default to get IP address from DHCP, like this:

auto eth0
iface eth0 inet dhcp

Now, imagine that debops.ifupdown comes along, and generates new configuration in /etc/network/interfaces.d/:

auto br0
iface br0 inet dhcp
    bridge_ports eth0

What will happen in this case? System sees that br0 should get the IP address from DHCP, so it starts dhclient. But then it sees that eth0 should get an IP address from DHCP, so it starts another dhclient. Both clients compete for an IP address. If only 1 IP address is reserved for that host, I don't know, probably either it will jump back and forth, or dhclient instances will negotiate which one gets an IP address? I'm not sure.

Anyway, if old network configuration is not removed, networking is broken. So it needs to be removed in a controlled manner, and that's what debops.ifupdown is designed to do. Recall what I wrote in comments for ifupdown_ignore_static - you can force debops.ifupdown to ignore "static" configuration in /etc/network/interfaces, but don't expect networking to work properly afterwards.

[le9i0nx]

forget about the past discussion on the other node(74ru)

use Case state before any action 1) /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp

ifconfig -a

eth0      Link encap:Ethernet  HWaddr 1c:6f:65:cd:7d:e3  
          inet addr:192.168.204.122  Bcast:192.168.204.255  Mask:255.255.255.0
          inet6 addr: fe80::1e6f:65ff:fecd:7de3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:31859 errors:0 dropped:0 overruns:0 frame:0
          TX packets:19276 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:33588555 (32.0 MiB)  TX bytes:3711710 (3.5 MiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:1896 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1896 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:154656 (151.0 KiB)  TX bytes:154656 (151.0 KiB)

2) uses a Playback Achieved https://github.com/debops/debops-playbooks/blob/master/playbooks/root.yml /etc/ansible/test.tinc.yml

---
- hosts: homes
  user: ansicon
  sudo: yes
  roles: 
    - debops.tinc

/etc/ansible/hosts

[homes]
74ru ansible_ssh_host=74ru
en ansible_ssh_host=en
lenovo ansible_ssh_host=lenovo

[all:children]
homes

/etc/ansible/group_vars/homes.yml

---
#tinc
tinc_inventory_hosts: '{{ groups.homes }}'
tinc_connection_type: 'static'
tinc_interface: '{{ tinc_network }}'
tinc_ifupdown_interface:
  - iface: '{{ tinc_interface }}'
    type: 'interface'
    weight: '75'
    inet: '{{ tinc_connection_type }}'
    auto: '{{ tinc_interface_auto }}'
    force: True
    addresses: '{{ tinc_host_addr }}'
    options: |
      tinc-net {{ tinc_network }}
      tinc-chroot yes
      tinc-mlock yes
      tinc-user {{ tinc_user }}

## vim: foldmethod=marker:tabstop=2:shiftwidth=2:softtabstop=2

/etc/ansible/host_vars/en.yml

---
tinc_host_addr: [ '172.16.35.1/24' ]

/etc/ansible/host_vars/74ru.yml

---
tinc_host_addr: [ '172.16.35.10/24' ]

/etc/ansible/host_vars/lenovo.yml

---
tinc_host_addr: [ '172.16.35.2/24' ]

3) the result of ansible-playbook /etc/ansible/root.yml ansible-playbook /etc/ansible/test.tinc.yml (74ru)$ reboot (74ru)$ ifconfig -a

eth0      Link encap:Ethernet  HWaddr 1c:6f:65:cd:7d:e3  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:1496 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1496 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:122032 (119.1 KiB)  TX bytes:122032 (119.1 KiB)

mesh0     Link encap:Ethernet  HWaddr c2:3a:ea:b3:53:45  
          inet addr:172.16.35.10  Bcast:172.16.35.255  Mask:255.255.255.0
          inet6 addr: fe80::c03a:eaff:feb3:5345/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:0 (0.0 B)  TX bytes:2484 (2.4 KiB)

/etc/network/interfaces

# This file is managed by Ansible, all changes will be lost

auto lo
iface lo inet loopback

# Read files from configuration directory
source /etc/network/interfaces.d/*

/etc/network/interfaces.d/75_interface_mesh0_ipv4

# Ansible managed: /home/le9i0nx/crypt/ansible/roles/debops.ifupdown/templates/etc/network/interfaces.d/interface.j2 modified on 2015-06-12 16:11:35 by le9i0nx on itregion-gavrilov

# Configuration for mesh0 interface
allow-auto mesh0
allow-hotplug mesh0
iface mesh0 inet static
        address      172.16.35.10
        network      172.16.35.0
        netmask      255.255.255.0
        broadcast    172.16.35.255
        tinc-net mesh0
        tinc-chroot yes
        tinc-mlock yes
        tinc-user tinc-vpn

ls -la /etc/network/interfaces.d/

итого 12
drwxr-xr-x 2 root root 4096 июн 17 13:30 .
drwxr-xr-x 8 root root 4096 июн 16 14:12 ..
-rw-r--r-- 1 root root  514 июн 16 16:54 75_interface_mesh0_ipv4

eventually host loses access to the Internet

[drybjed]

Ah, ok. I see it now. You want debops.ifupdown to skip management of /etc/network/interfaces entirely and only manage additional interfaces. Yeah, I probably need to add that option. I'll look into it.

[le9i0nx]

1. Create a file in /etc/network/interfaces.config.d/ (example /etc/network/interfaces.config.d/75_interface_mesh0_ipv4)
2. analyze /etc/network/interfaces.dpkg-divert
3. create an extra file for network interfaces that are not configured /etc/network/interfaces.config.d/old-interfaces
4. Check the settings

example 1) network interfaces to configure /etc/network/interfaces

eth0 - static
lo
eth1 - dhcp
mesh0 - static

2) network settings debops.ifupdown

mesh0 - dhcp
eth1 - static

3) after applying debops.ifupdown file /etc/network/interfaces.config.d/old-interfaces

eth0 - static

file /etc/network/interfaces

lo
source /etc/network/interfaces.d/*

file /etc/network/interfaces.config.d/75_interface_mesh0_ipv4

mesh0 - dhcp

file /etc/network/interfaces.config.d/75_interface_eth1_ipv4

eth1 - static

[drybjed]

Ah yes, the "analyze" part should be a breeze. :-) I'll probably do it slightly differently, by trying to figure out if the role is used as standalone or from role dependencies. Will be tricky, we'll see how it goes.

[le9i0nx]

I have prepared something which code https://github.com/le9i0nx/ansible-ifupdown/tree/bug-delete-old-interfaces

[drybjed]

I've looked at all of that extra code. All it currently accomplishes, is removal of loopback interface entry from old-interfaces file. This doesn't help one bit, because now you have 2 sources of truth for the interfaces:

• debops.ifupdown autogenerated config file / Ansible inventory
• data from old /etc/network/interfaces present prior to the configuration

Without merging these intelligently, perhaps overwriting the old interface configuration using the data from autoconfiguration / inventory (not blunt replacement but some kind of intelligent merging), you still will end up with double set of interfaces pretty quickly.

But back to the issue at hand. I've looked at your other example again, and I see that you switched from OpenVZ to some other host. Your default /etc/network/interfaces looks like this:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp

This is perfectly fine configuration, in fact it's the same configuration that my Debian servers end up with before I reconfigure them with DebOps.

The problem you experience is caused by debops.ifupdown not being run at least once by itself before debops.tinc is run by the playbook. What happens is:

• debops.tinc role calls debops.ifupdown role via role dependency
• debops.ifupdown finds that there is no /etc/network/interfaces.dpkg-divert file (OMG initial configuration! Let's bludgeon default interfaces in the head and generate new ones! WCGW?)
• debops.ifupdown resets interfaces and generates new ones. The problem is, it has interface definition from debops.tinc, which defines only its own tap2 interface, not the default ones. Without the defaults, network configuration breaks down

debops.tinc was designed in a way, that it is assumed that new network configuration is already defined and present (ie. common.yml playbook was executed). When that happens, it works correctly.

I bet that if you change your playbook to this one:

---
- hosts: homes
  user: ansicon
  sudo: yes
  roles:
    - debops.ifupdown 
    - debops.tinc

you will have working network configuration.

[le9i0nx]

yes as a compromise suits me