Closed le9i0nx closed 9 years ago
debops.ifupdown
uses the following "initialization procedure" to switch from /etc/network/interfaces
to /etc/network/interfaces.d/
safely:
/etc/network/interfaces
is diverted to /etc/network/interfaces.dpkg-divert
for safekeeping./etc/network/interfaces
file is generated, which reads configuration from /etc/network/interfaces.d/
directory./etc/network/interfaces.config.d/
is created, it will be used as "staging" directory for new configuration./etc/network/interfaces.dpkg-divert
file to /etc/network/interfaces.d/old-interfaces
. If this file is present, that means that the network configuration is in the initialization stage, and all network interfaces will be disconnected./etc/network/interfaces.config.d/
directory./etc/network/interfaces.d/
with contents of /etc/network/interfaces.config.d/
. Old configuration is deleted to not interfere with the new one.br0
, eth0
, etc.When the above steps are complete, debops.ifupdown
assumes that the state of network configuration is known and acts accordingly. Further changes to network configuration will only shut down / start specific interfaces, not whole networking.
As for your question, can you describe your environment? Do you use static configuration, or DHCP? Is the host a hardware host, OpenVZ, LXC, KVM? Are POSIX capabilities active? Also, do you use the main DebOps playbook, or only specific DebOps roles with your own playbook?
OpenVZ I use https://github.com/debops/ansible-tinc dependencies
# This configuration file is auto-generated.
#
# WARNING: Do not edit this file, your changes will be lost.
# Please create/edit /etc/network/interfaces.head and
# /etc/network/interfaces.tail instead, their contents will be
# inserted at the beginning and at the end of this file, respectively.
#
# NOTE: it is NOT guaranteed that the contents of /etc/network/interfaces.tail
# will be at the very end of this file.
#
# Auto generated lo interface
auto lo
iface lo inet loopback
# Auto generated venet0 interface
auto venet0
iface venet0 inet manual
up ifconfig venet0 up
up ifconfig venet0 127.0.0.2
up route add default dev venet0
down route del default dev venet0
down ifconfig venet0 down
iface venet0 inet6 manual
up route -A inet6 add default dev venet0
down route -A inet6 del default dev venet0
auto venet0:0
iface venet0:0 inet static
address 8.8.8.8
netmask 255.255.255.255
I think it's safe:
In case of OpenVZ, debops.ifupdown
avoids messing with /etc/network/iterfaces
altogether, since it's generated by the parent host. I haven't checked, but I think that even as a role dependency, debops.ifupdown
shouldn't mess with network since you have "static" string in /etc/network/interfaces
.
I'm not sure if tinc
even works inside OpenVZ container, probably it could work if you have set up veth
device, but I haven't tested that.
in this case, all right all the necessary interfaces are created.
I think is not safe to remove the configuration interfaces are not specified in the settings debops.ifupdown
First, on OpenVZ debops.ifupdown
shouldn't even mess with /etc/network/interfaces
, unless you forced it. In that case, don't complain that it did what it is supposed to do. :-)
As for removing old interface configuration... Usually on Debian you have eth0
enabled by default to get IP address from DHCP, like this:
auto eth0
iface eth0 inet dhcp
Now, imagine that debops.ifupdown
comes along, and generates new configuration in /etc/network/interfaces.d/
:
auto br0
iface br0 inet dhcp
bridge_ports eth0
What will happen in this case? System sees that br0
should get the IP address from DHCP, so it starts dhclient
. But then it sees that eth0
should get an IP address from DHCP, so it starts another dhclient
. Both clients compete for an IP address. If only 1 IP address is reserved for that host, I don't know, probably either it will jump back and forth, or dhclient
instances will negotiate which one gets an IP address? I'm not sure.
Anyway, if old network configuration is not removed, networking is broken. So it needs to be removed in a controlled manner, and that's what debops.ifupdown
is designed to do. Recall what I wrote in comments for ifupdown_ignore_static - you can force debops.ifupdown
to ignore "static" configuration in /etc/network/interfaces
, but don't expect networking to work properly afterwards.
forget about the past discussion on the other node(74ru)
use Case state before any action 1) /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp
ifconfig -a
eth0 Link encap:Ethernet HWaddr 1c:6f:65:cd:7d:e3
inet addr:192.168.204.122 Bcast:192.168.204.255 Mask:255.255.255.0
inet6 addr: fe80::1e6f:65ff:fecd:7de3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:31859 errors:0 dropped:0 overruns:0 frame:0
TX packets:19276 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:33588555 (32.0 MiB) TX bytes:3711710 (3.5 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1896 errors:0 dropped:0 overruns:0 frame:0
TX packets:1896 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:154656 (151.0 KiB) TX bytes:154656 (151.0 KiB)
2) uses a Playback Achieved https://github.com/debops/debops-playbooks/blob/master/playbooks/root.yml /etc/ansible/test.tinc.yml
---
- hosts: homes
user: ansicon
sudo: yes
roles:
- debops.tinc
/etc/ansible/hosts
[homes]
74ru ansible_ssh_host=74ru
en ansible_ssh_host=en
lenovo ansible_ssh_host=lenovo
[all:children]
homes
/etc/ansible/group_vars/homes.yml
---
#tinc
tinc_inventory_hosts: '{{ groups.homes }}'
tinc_connection_type: 'static'
tinc_interface: '{{ tinc_network }}'
tinc_ifupdown_interface:
- iface: '{{ tinc_interface }}'
type: 'interface'
weight: '75'
inet: '{{ tinc_connection_type }}'
auto: '{{ tinc_interface_auto }}'
force: True
addresses: '{{ tinc_host_addr }}'
options: |
tinc-net {{ tinc_network }}
tinc-chroot yes
tinc-mlock yes
tinc-user {{ tinc_user }}
## vim: foldmethod=marker:tabstop=2:shiftwidth=2:softtabstop=2
/etc/ansible/host_vars/en.yml
---
tinc_host_addr: [ '172.16.35.1/24' ]
/etc/ansible/host_vars/74ru.yml
---
tinc_host_addr: [ '172.16.35.10/24' ]
/etc/ansible/host_vars/lenovo.yml
---
tinc_host_addr: [ '172.16.35.2/24' ]
3) the result of ansible-playbook /etc/ansible/root.yml ansible-playbook /etc/ansible/test.tinc.yml (74ru)$ reboot (74ru)$ ifconfig -a
eth0 Link encap:Ethernet HWaddr 1c:6f:65:cd:7d:e3
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1496 errors:0 dropped:0 overruns:0 frame:0
TX packets:1496 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:122032 (119.1 KiB) TX bytes:122032 (119.1 KiB)
mesh0 Link encap:Ethernet HWaddr c2:3a:ea:b3:53:45
inet addr:172.16.35.10 Bcast:172.16.35.255 Mask:255.255.255.0
inet6 addr: fe80::c03a:eaff:feb3:5345/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 B) TX bytes:2484 (2.4 KiB)
/etc/network/interfaces
# This file is managed by Ansible, all changes will be lost
auto lo
iface lo inet loopback
# Read files from configuration directory
source /etc/network/interfaces.d/*
/etc/network/interfaces.d/75_interface_mesh0_ipv4
# Ansible managed: /home/le9i0nx/crypt/ansible/roles/debops.ifupdown/templates/etc/network/interfaces.d/interface.j2 modified on 2015-06-12 16:11:35 by le9i0nx on itregion-gavrilov
# Configuration for mesh0 interface
allow-auto mesh0
allow-hotplug mesh0
iface mesh0 inet static
address 172.16.35.10
network 172.16.35.0
netmask 255.255.255.0
broadcast 172.16.35.255
tinc-net mesh0
tinc-chroot yes
tinc-mlock yes
tinc-user tinc-vpn
ls -la /etc/network/interfaces.d/
итого 12
drwxr-xr-x 2 root root 4096 июн 17 13:30 .
drwxr-xr-x 8 root root 4096 июн 16 14:12 ..
-rw-r--r-- 1 root root 514 июн 16 16:54 75_interface_mesh0_ipv4
eventually host loses access to the Internet
Ah, ok. I see it now. You want debops.ifupdown
to skip management of /etc/network/interfaces
entirely and only manage additional interfaces. Yeah, I probably need to add that option. I'll look into it.
example 1) network interfaces to configure /etc/network/interfaces
eth0 - static
lo
eth1 - dhcp
mesh0 - static
2) network settings debops.ifupdown
mesh0 - dhcp
eth1 - static
3) after applying debops.ifupdown
file /etc/network/interfaces.config.d/old-interfaces
eth0 - static
file /etc/network/interfaces
lo
source /etc/network/interfaces.d/*
file /etc/network/interfaces.config.d/75_interface_mesh0_ipv4
mesh0 - dhcp
file /etc/network/interfaces.config.d/75_interface_eth1_ipv4
eth1 - static
Ah yes, the "analyze" part should be a breeze. :-) I'll probably do it slightly differently, by trying to figure out if the role is used as standalone or from role dependencies. Will be tricky, we'll see how it goes.
I have prepared something which code https://github.com/le9i0nx/ansible-ifupdown/tree/bug-delete-old-interfaces
I've looked at all of that extra code. All it currently accomplishes, is removal of loopback interface entry from old-interfaces
file. This doesn't help one bit, because now you have 2 sources of truth for the interfaces:
debops.ifupdown
autogenerated config file / Ansible inventory/etc/network/interfaces
present prior to the configurationWithout merging these intelligently, perhaps overwriting the old interface configuration using the data from autoconfiguration / inventory (not blunt replacement but some kind of intelligent merging), you still will end up with double set of interfaces pretty quickly.
But back to the issue at hand. I've looked at your other example again, and I see that you switched from OpenVZ to some other host. Your default /etc/network/interfaces
looks like this:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp
This is perfectly fine configuration, in fact it's the same configuration that my Debian servers end up with before I reconfigure them with DebOps.
The problem you experience is caused by debops.ifupdown
not being run at least once by itself before debops.tinc
is run by the playbook. What happens is:
debops.tinc
role calls debops.ifupdown
role via role dependencydebops.ifupdown
finds that there is no /etc/network/interfaces.dpkg-divert
file (OMG initial configuration! Let's bludgeon default interfaces in the head and generate new ones! WCGW?)debops.ifupdown
resets interfaces and generates new ones. The problem is, it has interface definition from debops.tinc
, which defines only its own tap2
interface, not the default ones. Without the defaults, network configuration breaks downdebops.tinc
was designed in a way, that it is assumed that new network configuration is already defined and present (ie. common.yml
playbook was executed). When that happens, it works correctly.
I bet that if you change your playbook to this one:
---
- hosts: homes
user: ansicon
sudo: yes
roles:
- debops.ifupdown
- debops.tinc
you will have working network configuration.
yes as a compromise suits me
https://github.com/debops/ansible-ifupdown/blob/master/defaults/main.yml#L76 https://github.com/debops/ansible-ifupdown/blob/master/templates/usr/local/lib/ifupdown-reconfigure-interfaces.j2#L137 no safe use lost configure network interfaces