Network interfaces role

[privateip]

Proposal: network_interfaces role

Author: Peter Sprygada <@privateip>

Date: 2018-10-08

• Status: New
• Proposal type: role
• Targeted release: new
• Associated PR: none
• Estimated time to implement: 1 day

Motivation

The interface manager role provides a platform agnostic implementation to declaratively manage the aggregate set of network interfaces on a remote device. This role is designed to effectively replace the net_interface module that is currently part of Ansible core.

Problems

The current module is difficult to update and maintain across a wide spectrum of platforms. By moving the functionality into a role, platform specific implementations will be easier.

Solution proposal

Functions

• main.yaml
  noop by default
• configure.yaml
  Perform all configuration activities
• validate.yaml
  Perform all validation activites

Model

interfaces:
  operation: { default: merge, choices: [merge, replace, override] }
  config:
    "{{ name }}":
      description: { type: str }
      enable: { type: bool }
      speed: { type: str }
      mtu: { type: str }
      duplex: { type: str, choices: [full, half, auto] }
      state: { default: present, choices: [present, absent] }
      extensions:
        "{{ ansible_network_os }}":
          key: value  
  state:
    "{{ interface_name }}":
      status: { choices: [up, down] }
      tx_rate: { type: int }
      rx_rate: { type: int }
      neighbors: 
        - host: { type: str }
          port: { type: str}
      extensions:
        "{{ ansible_network_os }}":
          key: value

[caphrim007]

@privateip is the model you have there the existing model? or the proposed new model?

[privateip]

@caphrim007 I lifted this almost verbatim off `net_interface'. I re-arranged a couple of things such as organizing config and state into separate keys.

[caphrim007]

@privateip ok thanks!

[ganeshrn]

Instead of purge option, we can have something similar to netconf operation.

operation: The operation to be performed on target resource.
choices: ['merge', 'replace', 'override']
default: 'merge'

1. operation=merge

Current:

interface Loopback888
 description test for ansible
 no ip address

Expected:

interface Loopback888
 description test for loopback interface
 shutdown

Final:

interface Loopback888
  description test for loopback interface
  no ip address
  shutdown

2. operation=replace

Current:

interface Loopback888
 description test for ansible
 no ip address

Expected:

interface Loopback888
 description test for loopback interface
 shutdown

Final:

interface Loopback888
 description test for loopback interface
 shutdown

3. operation=override
   This is same as purge which will delete all the existing interface config and push the given input interface config.

[privateip]

@ganeshrn overall i like the idea... not sure i understand the difference between override and replace ... seems to me they would do the same thing... am i missing something?

[ganeshrn]

@privateip In case of replace if the resource already exists it will replace it with the one in the input configuration, if not already on the device, it will create it. This option won't impact another resource in the same hierarchy.
In the case of override it will delete all the resources in same hierarchy present on the device and replace it with the input configuration.

Example:

1. operation=replace

Current Config on device:

interface Loopback888
 description test for ansible
 no ip address

interface Loopback999
 description configured in ansible 
 shutdown

Expected (Input config):

interface Loopback888
 description test for loopback interface
 shutdown

Final config on deivce: (Loopback888 interface is replaced and Loopback999 is not changed)

interface Loopback888
 description test for loopback interface
 shutdown

interface Loopback999
 description configured in ansible 
 shutdown

2. operation=override

Current Config on device:

interface Loopback888
 description test for ansible
 no ip address

interface Loopback999
 description configured in ansible 
 shutdown

Expected (Input config):

interface Loopback888
 description test for loopback interface
 shutdown

Final interface config on device: (interface Loopback999 will be deleted and Loopback888 is replaced)

interface Loopback888
 description test for loopback interface
 shutdown

[privateip]

Ok, updated the mode to reflect the following changes:

• replace purge option with operation as discussed above
• added status option to state to include up, down

[caphrim007]

How might vendor specific extensions be added to the role? There was some talk/demo of this at contributor summit, but is that decided for all network roles that are proposed? For example, F5 interfaces support settings that are not general across the breadth of network vendors.

[privateip]

more changes to the overall data model to pass into the role. This shows how the model could be extended with platform specific key/value pairs. It also properly positions operation as a top level key within the collection in line with config and state

Here is an example playbook:

---
- hosts: all
  
  tasks:
    - name: configure network interfaces
      include_role:
        name: ansible-network.network_interfaces
        tasks_from: configure
      vars:
        interfaces:
          operation: replace
           config:
             GigabitEthernet1/1:
               enabled: yes
               description: test interface

[privateip]

@caphrim007 would be interested to get your take on the extensions key proposed in the model

[caphrim007]

@privateip +1

as I understood from contributor summit, the ansible_network_os variable can be dropped in a host_vars to make it work. The various keys under it are then just passed through to the underlying provider module. That works for me.

+2 if we adopt the pattern for all network roles going forward. I'm mostly impartial to the method. Much more concerned with the consistency across the portfolio. Thanks!

[privateip]

@caphrim007 correct

[cidrblock]

Interface management will be covered in a series of resource modules. closing this.