Network Management With Ansible

In this lesson, you will learn how to use the Ansible nmcli module and other network-related modules to manage networking in Linux

Let’s start with how to use the Ansible nmcli module to manage network.

Using The Ansible nmcli Module With Examples

The nmcli module is used to manage the network on the managed hosts. This module supports the management of network connections and devices. The nmcli module can also be used to configure network teaming and bonding.

One can use the command, “ansible-doc nmcli” to check the manual page of this module. The manual page, of course, shows many other things the nmcli module can be used for as well as examples.

The playbook below show an example of how the nmcli module can be used.

---
- name: network configuration
  hosts: hqsdev1.tekneed.com
  tasks:
     - name: configure NIC
       nmcli:
          conn_name: ens38
          ifname: ens38
          ip4: 192.168.72.73/24
          gw4: 192.168.72.2
          dns4:
             - 192.168.72.2
             - 8.8.8.8
          state: present
          autoconnect: yes
          type: ethernet

The nmcli module will configure the network interface along with the options. The options will do the following:

*conn_name: This option represents the connection name. A random default connection name will be generated if a name is not specified.

*ifname: This option represents the NIC that will be attached to the connection. In this case, the ens38 NIC will be attached to the connection, or rather, the connection will be attached to the ens38 NIC.

*ipv4: This option represents the ipv4 address for the interface. Use the format `192.168.72.3/24′. In this case, the interface IP address will be set to 192.168.72.73/24.

*gw4: This option represents the ipv4 gateway for the interface. In this case, the gateway address is 192.168.72.2

*dns4: This option represents the dns address for ipv4. Up to 3 DNS addresses can be set.

*state: This option enables or disables the network interface. The state value can be ‘absent’ or ‘present’.

*autoconnect: This option allows the connection to be persistent if set to yes, i.e, to automatically start when the system is up. In this case, it is set to yes. Hence, the connection will start on boot.

*type: This option represents the type of network connection.

Moving forward, let’s see how the firewalld module can be used with examples.

Using The Ansible firewalld Module With Examples

The firewalld module is used to manage firewalld firewall. To check the manual for the firewalld module, use the command, ‘ansible-doc firewalld’.

The tasks below is an extract from the Ansible firewalld module manual page which shows examples of how the firewalld module is used.

- firewalld:
    service: https
    permanent: yes
    state: enabled

- firewalld:
    port: 8081/tcp
    permanent: yes
    state: disabled

- firewalld:
    port: 161-162/udp
    permanent: yes
    state: enabled

- firewalld:
    zone: dmz
    service: http
    permanent: yes
    state: enabled

- firewalld:
    rich_rule: rule service name="ftp" audit limit value="1/m" accept
    permanent: yes
    state: enabled

- firewalld:
    source: 192.0.2.0/24
    zone: internal
    state: enabled

- firewalld:
    zone: trusted
    interface: eth2
    permanent: yes
    state: enabled

- firewalld:
    masquerade: yes
    state: enabled
    permanent: yes
    zone: dmz

- firewalld:
    zone: custom
    state: present
    permanent: yes

- firewalld:
    zone: drop
    state: present
    permanent: yes
    icmp_block_inversion: yes

- firewalld:
:
    permanent: yes
    state: enabled

- firewalld:
    source: 192.0.2.0/24
    zone: internal
    state: enabled

- firewalld:
    zone: trusted
    interface: eth2
    permanent: yes
    state: enabled

- firewalld:
    masquerade: yes
    state: enabled
    permanent: yes
    zone: dmz

- firewalld:
    zone: custom
    state: present
    permanent: yes

Using The Ansible hostname Module With Examples

The Ansible hostname module is used to set the system hostname.

The task below show an example of how this module can be used.

- name: configure hostname
  hostname:
      name: hqsdev1.tekneed.com
ansible nmcli module

Going forward, one of the best ways to configure a network with Ansible is to use the system roles.

Let’s see how the system roles can be used.

Configuring The Network with Network System Roles

The network system roles can be used to configure networking on the managed hosts.

The network system roles are;

– linux-system-roles.network, and – rhel-system-roles.network are soft linked to each other and any of them can be used to configure networking.

Two variables are configured with these network system roles. The variables are; network_provider, and network_connection.

---
network_provider: nm
network_connections:
 - name: ens38
 type: ethernet
 ip:
 address:
 - 172.25.250.30/24

Just as we learnt about roles, these roles are highly parameterized. All we need to do to be able to use this role is to allocate values to these variables.

The network_provider variable configures the back end provider, either nm (NetworkManager) or initscripts will be used. For RHEL 7 and above, the nm is used by default, and for rhel 6 below, the initscript is used.

The following parameters can be used for the network_connection variable.

*name: this parameter indicates the network connection name

*state: this parameter indicates the runtime state of the connection.

*type: This parameter indicates the connection type. The connection type can be ethernet, bond, team, vlan, bridge, and so on.

*ip: This parameter indicates ip for the connection. Other options are address to configure a static IP address. or DNS to configure a DNS server

*zone: This parameter indicates the firewalld zone.

The playbook below shows an example of how network system roles is used to configure a network.

- name: network Configuration
  hosts: hqsdev1.tekneed.com
    vars:
       network_connections:
         - name: ens38
           type: ethernet
           ip:
              address:
                  - 192.168.72.123/24
    roles:
        - rhel-system-roles.network

The system network role will use the variables in the vars section to parse and configure networking based on the information provided.

RHCE Exam Practice Question On Using Ansible nmcli & Others To Configure Network

Ansible nmcli module


Ansible Basics – Video

Your feedback is welcomed. If you love others, you will share with others.

Be the first to comment

Leave a Reply

Your email address will not be published.


*