Skip to content
Snippets Groups Projects
Commit 4421c300 authored by Thomas Bellman's avatar Thomas Bellman
Browse files

rh_interface: Purge interfaces better on ensure=>absent.

Some improvements on removing interface configuration (i.e. setting
the ensure parameter to 'absent').

First, the grep(1) pattern for checking if the interface was up, did
not catch all cases.  In particular, it only checked for "state UP";
it did not check for "UP" in the flags.  Fix that.

Second, make sure to remove all IP addresses from the interface.  Just
taking down the link retains the addresses on the interface, which can
cause clashes.

Third, if the interface was a bridge interface, delete the bridge using
'brctl delbr'.  Else, the interfaces connected to the bridge as ports
will not be usable as IP interfaces.

Fourth, if it was a VLAN interface, remove it from the VLAN config
using 'ip link del ... type vlan'.

And finally, ensure the order between removing sysconfig files, taking
down the interface, and restarting the network service.  Otherwise, we
could get to the situation that the interface was taken down, then the
network service would bring it up again because the sysconfig files
were still there, and only after that would the files be removed.

This should lead to more reliable operations when removing interfaces.
However, in the time between taking down the interface, and restarting
the network service, the network on the node may be broken.  If Puppet
tries to evaluate other resources in that period, something that is
very likely with any non-trivial set of manifests, they might fail.
But at least now we should have a working network at the end of the
Puppet run; that was not the case before these changes.

This was originally commit 99a546cafc06 in nsc-puppet-utils.
parent ea095c2e
Branches
No related tags found
No related merge requests found
......@@ -119,6 +119,11 @@
* alias interface can remove the IPv6 addresses set on the main
* interface. If possible (see above), set multiple IP addresses on
* the main interface instead.
*
* - When setting an interface to absent, it will be unconfigured
* separately from other interfaces. The network on the node may
* break for a while during the Puppet run, if addresses or routes
* are moved from this interface to another.
*/
define rh_interface($bootproto='static',# 'static', 'dhcp' or 'unconfigured'
......@@ -199,18 +204,36 @@ define rh_interface($bootproto='static',# 'static', 'dhcp' or 'unconfigured'
"/etc/sysconfig/network-scripts/route-${name}",
"/etc/sysconfig/network-scripts/route6-${name}",
]:
ensure => absent;
ensure => absent,
before => Exec["rh_interface::absent::${name}"];
}
$isup = shellquote('<(.*,|)UP(|,.*)>| state UP( |$)|^ *inet6? ')
$checkcmd = [
"{ ip addr show ${qname} | egrep ${isup}; }",
"[ -d /sys/class/net/${qname}/bridge ]",
"[ -f /proc/net/vlan/${qname} ]",
]
$downcmd = [
"ip addr flush dev ${qname}",
"ip link set dev ${qname} down",
"if [ -d /sys/class/net/${qname}/bridge ]",
" then brctl delbr ${qname}; fi",
"if [ -f /proc/net/vlan/${qname} ]",
" then ip link del dev ${qname} type vlan; fi",
]
exec {
# This case will not be handled by 'service network restart',
# as we have removed the sysconfig files for the interface.
# The network service will not touch interfaces without any
# sysconfig files
# sysconfig files. However, we will not get the atomicity
# that 'service network restart' gives us.
"rh_interface::absent::${name}":
command => "ip link set dev ${qname} down",
onlyif => "ip link show ${qname} | egrep ' state UP( |\$)'",
provider => shell, # Since we use a pipeline
path => '/bin:/usr/bin:/sbin:/usr/sbin';
command => inline_template('<%= @downcmd.join "; " %>'),
onlyif => inline_template('<%= @checkcmd.join " || " %>'),
provider => shell,
path => '/bin:/usr/bin:/sbin:/usr/sbin',
notify => Class[rh_interface::network_service];
}
}
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment