greglarkin/networking.pp Secret

## networking.pp
class profile::base::linux::networking {

  # Configure the node's network devices according to its Hiera data
  $interfaces = hiera('interfaces', undef)

  if $interfaces != undef {
    # Get the names of the network interfaces for some error checking
    # below when bridged or bonded interfaces are configured.
    $ifnames = keys($interfaces)

    $interfaces.each |String $ifname, $ifdata| {
      # Extract the configuration for this interface
      $origtype = $ifdata['type']

      # We need the type to be defined, but if it isn't, we'll
      # default to 'ethernet'
      $type = $origtype ? {
        undef   => 'ethernet',
        default => $origtype,
      }

      $ip = $ifdata['ip']
      $gateway = $ifdata['gateway']
      $netmask = $ifdata['netmask']
      $membertype = $ifdata['membertype'] ? {
        undef   => '',
        default => $ifdata['membertype'],
      }
      $memberof = $ifdata['memberof'] ? {
        undef   => '',
        default => $ifdata['memberof'],
      }
      $vlan = $ifdata['vlan']

      # Check if any of the interfaces are type "Bond", and if so, set
      # up the additional resources required to get bonding working. Since
      # we're inside an iterator and there could be multiple bonded
      # interfaces, these resources have to be protected from multiple
      # declaration.
      if $type =~ /^(?i:bond)$/ {
        # Bonded interface module configuration
        $modprobeconf = '/etc/modprobe.d/bonding.conf'
        $kernel_mod_load_title = 'Load bonding kernel module'

        # If we're processing a bond interface, then some extra
        # configuration is required. However, we only want these
        # resources to be included once in the catalog (required by
        # Puppet anyway!), and the easiest place to do it is here. Just
        # wrap it in a check to see if the resources have already been
        # added and skip if they have.
        if !defined(Exec[$kernel_mod_load_title]) {
          file { $modprobeconf:
            ensure => file,
            owner  => 'root',
            group  => 'root',
            mode   => '0755',
          }

          exec { $kernel_mod_load_title:
            path => '/bin:/usr/bin:/sbin',
            command => 'modprobe bonding',
            unless  => 'lsmod | grep -qw ^bonding 2>/dev/null',
          }
        }

        # These resources have to be declared once for each bonded
        # interface, so their titles are parameterized, as well as
        # the lines that they are adding to the bonding.conf file.
        file_line { "Configure bonding module for ${ifname} - step 1":
          ensure  => present,
          path    => $modprobeconf,
          line    => "alias ${ifname} bonding",
          require => File[$modprobeconf],
          before  => Exec[$kernel_mod_load_title],
        }

        file_line { "Configure bonding module for ${ifname} - step 2":
          ensure  => present,
          path    => $modprobeconf,
          line    => "options ${ifname} mode=active-backup miimon=100 downdelay=200 updelay=200",
          require => File_line["Configure bonding module for ${ifname} - step 1"],
          before  => Exec[$kernel_mod_load_title],
        }
      }

      # Check for the known interface types
      if $type !~ /^(?i:bridge|bond|ethernet)$/ {
        fail("*** ERROR: Unknown interface type \"$type\" for interface \"$ifname\"")
      }

      # If we're setting up a bonded interface, then the
      # network::interface declaration below needs a
      # dependency on the previously-declared bonding kernel
      # module exec, otherwise we can omit the dependency, since
      # the exec resource will not be in the catalog.
      $requirement = ($type =~ /^(?i:bond)$/) ? {
        true    => Exec[$kernel_mod_load_title],
        default => undef,
      }

      # Set up the resource parameters for interfaces that are members
      # of bridged or bonded interfaces. If neither of these branches
      # is followed, then the variables will be undef, and that will
      # indicate a plain Ethernet interface to the ::network::interface
      # resource.
      if $membertype =~ /^(?i:bridge)$/ {
        $bridge = $memberof
      } elsif $membertype =~ /^(?i:bond)$/ {
        $master = $memberof
        $slave = 'yes'
      }

      # Configure the resource attribute value for VLAN support
      $enablevlan = str2bool($vlan) ? {
        true    => 'yes',
        false   => undef,
        default => undef,
      }

      # At minimum, we need an interface name. The IP address will be
      # undef for an bridge member interface.
      if $ifname != undef {
        ::network::interface { $ifname:
          ipaddr        => $ip,
          netmask       => $netmask,
          gateway       => $gateway,
          # The type should always be a capitalized string value,
          # according to the way the CentOS network configuration
          # works.
          type          => capitalize(downcase($type)),
          bridge        => $bridge,
          master        => $master,
          slave         => $slave,
          bootproto     => 'none',
          nm_controlled => 'no',
          vlan          => $enablevlan,
          # This is a custom template that simply adds
          # the DELAY=0 line to the bridged interface's
          # ifcfg file. The file was copied from the
          # one that is included in the example42/network
          # module.
          template      => 'profile/base/RedHat-network-ifcfg.erb',
          require       => $requirement,
        }
      }
    }
  }

}

## sample.yaml
'interfaces':
  'br0':
    'type': 'bridge'
    'ip': '172.16.0.249'
    'gateway': '172.16.0.3'
    'netmask': '255.255.240.0'
  'bond0':
    'type': 'bond'
    'membertype': 'bridge'
    'memberof': 'br0'
  'eth1':
    'type': 'ethernet'
    'membertype': 'bond'
    'memberof': 'bond0'
  'eth2':
    'type': 'ethernet'
    'membertype': 'bond'
    'memberof': 'bond0'
  'eth3':
    'type': 'ethernet'
    'ip': '172.18.0.250'
    'gateway': '172.16.0.3'
    'netmask': '255.255.240.0'
	class profile::base::linux::networking {

	# Configure the node's network devices according to its Hiera data
	$interfaces = hiera('interfaces', undef)

	if $interfaces != undef {
	# Get the names of the network interfaces for some error checking
	# below when bridged or bonded interfaces are configured.
	$ifnames = keys($interfaces)

	$interfaces.each \|String $ifname, $ifdata\| {
	# Extract the configuration for this interface
	$origtype = $ifdata['type']

	# We need the type to be defined, but if it isn't, we'll
	# default to 'ethernet'
	$type = $origtype ? {
	undef => 'ethernet',
	default => $origtype,
	}

	$ip = $ifdata['ip']
	$gateway = $ifdata['gateway']
	$netmask = $ifdata['netmask']
	$membertype = $ifdata['membertype'] ? {
	undef => '',
	default => $ifdata['membertype'],
	}
	$memberof = $ifdata['memberof'] ? {
	undef => '',
	default => $ifdata['memberof'],
	}
	$vlan = $ifdata['vlan']

	# Check if any of the interfaces are type "Bond", and if so, set
	# up the additional resources required to get bonding working. Since
	# we're inside an iterator and there could be multiple bonded
	# interfaces, these resources have to be protected from multiple
	# declaration.
	if $type =~ /^(?i:bond)$/ {
	# Bonded interface module configuration
	$modprobeconf = '/etc/modprobe.d/bonding.conf'
	$kernel_mod_load_title = 'Load bonding kernel module'

	# If we're processing a bond interface, then some extra
	# configuration is required. However, we only want these
	# resources to be included once in the catalog (required by
	# Puppet anyway!), and the easiest place to do it is here. Just
	# wrap it in a check to see if the resources have already been
	# added and skip if they have.
	if !defined(Exec[$kernel_mod_load_title]) {
	file { $modprobeconf:
	ensure => file,
	owner => 'root',
	group => 'root',
	mode => '0755',
	}

	exec { $kernel_mod_load_title:
	path => '/bin:/usr/bin:/sbin',
	command => 'modprobe bonding',
	unless => 'lsmod \| grep -qw ^bonding 2>/dev/null',
	}
	}

	# These resources have to be declared once for each bonded
	# interface, so their titles are parameterized, as well as
	# the lines that they are adding to the bonding.conf file.
	file_line { "Configure bonding module for ${ifname} - step 1":
	ensure => present,
	path => $modprobeconf,
	line => "alias ${ifname} bonding",
	require => File[$modprobeconf],
	before => Exec[$kernel_mod_load_title],
	}

	file_line { "Configure bonding module for ${ifname} - step 2":
	ensure => present,
	path => $modprobeconf,
	line => "options ${ifname} mode=active-backup miimon=100 downdelay=200 updelay=200",
	require => File_line["Configure bonding module for ${ifname} - step 1"],
	before => Exec[$kernel_mod_load_title],
	}
	}

	# Check for the known interface types
	if $type !~ /^(?i:bridge\|bond\|ethernet)$/ {
	fail("*** ERROR: Unknown interface type \"$type\" for interface \"$ifname\"")
	}

	# If we're setting up a bonded interface, then the
	# network::interface declaration below needs a
	# dependency on the previously-declared bonding kernel
	# module exec, otherwise we can omit the dependency, since
	# the exec resource will not be in the catalog.
	$requirement = ($type =~ /^(?i:bond)$/) ? {
	true => Exec[$kernel_mod_load_title],
	default => undef,
	}

	# Set up the resource parameters for interfaces that are members
	# of bridged or bonded interfaces. If neither of these branches
	# is followed, then the variables will be undef, and that will
	# indicate a plain Ethernet interface to the ::network::interface
	# resource.
	if $membertype =~ /^(?i:bridge)$/ {
	$bridge = $memberof
	} elsif $membertype =~ /^(?i:bond)$/ {
	$master = $memberof
	$slave = 'yes'
	}

	# Configure the resource attribute value for VLAN support
	$enablevlan = str2bool($vlan) ? {
	true => 'yes',
	false => undef,
	default => undef,
	}

	# At minimum, we need an interface name. The IP address will be
	# undef for an bridge member interface.
	if $ifname != undef {
	::network::interface { $ifname:
	ipaddr => $ip,
	netmask => $netmask,
	gateway => $gateway,
	# The type should always be a capitalized string value,
	# according to the way the CentOS network configuration
	# works.
	type => capitalize(downcase($type)),
	bridge => $bridge,
	master => $master,
	slave => $slave,
	bootproto => 'none',
	nm_controlled => 'no',
	vlan => $enablevlan,
	# This is a custom template that simply adds
	# the DELAY=0 line to the bridged interface's
	# ifcfg file. The file was copied from the
	# one that is included in the example42/network
	# module.
	template => 'profile/base/RedHat-network-ifcfg.erb',
	require => $requirement,
	}
	}
	}
	}

	}
	'interfaces':
	'br0':
	'type': 'bridge'
	'ip': '172.16.0.249'
	'gateway': '172.16.0.3'
	'netmask': '255.255.240.0'
	'bond0':
	'type': 'bond'
	'membertype': 'bridge'
	'memberof': 'br0'
	'eth1':
	'type': 'ethernet'
	'membertype': 'bond'
	'memberof': 'bond0'
	'eth2':
	'type': 'ethernet'
	'membertype': 'bond'
	'memberof': 'bond0'
	'eth3':
	'type': 'ethernet'
	'ip': '172.18.0.250'
	'gateway': '172.16.0.3'
	'netmask': '255.255.240.0'