Skip to content

Instantly share code, notes, and snippets.

@akarasulu

akarasulu/DebOps_ifupdown.md

Last active November 6, 2021 20:44
Show Gist options
  • Save akarasulu/8cfaf8f9d0349df0e6a7eeca7e7bb971 to your computer and use it in GitHub Desktop.
Save akarasulu/8cfaf8f9d0349df0e6a7eeca7e7bb971 to your computer and use it in GitHub Desktop.
Download ZIP
DebOps ifupdown Role
Raw
DebOps_ifupdown.md

Experiences

You might be surprised to see ifupdown creating a staging area for interfaces in /etc/network/interfaces.config.d. The interface definitions there following the Debian interfaces file format are then carried into the sourced /etc/network/interfaces.d/ directory. It even creates a dpkg diversion on the /etc/network/interfaces file to prevent changes on updates.

I venture to guess this approach is necessary to override existing configurations providing the connectivity. It's a delicate matter changing interfaces while connected to then reset networking without staging configurations.

Anyway this can get confusing for new users. Understanding how it works helps. Here's an issue post that explains the process a bit.

Mind the Playbooks and Roles

WARNING: Do not run the net/ifupdown PB or you'll bork the setup. Use the service/ifupdown playbook instead like so:

debops -l <server> --tags "role::ifupdown" service/ifupdown

This is required on the first run which sets up interfaces by phasing out what was already configured before by the debian installer or an administrator. It uses other roles to setup a few things required to get the interfaces setup up properly. After the initial setup minor interface modifications can be made rapidly to facilitate incremental testing like so:

debops service/ifupdown -t "role::ifupdown"

Ducking Bridges

The DebOps ifupdown role makes a few opinionated presumptions. According to @drybjed, when you have more than one network interface it presumes you'll be creating bridges to them to network virtual machines or containers. For performance and visibility (host to guest) we use macvlan in bridge mode and have machines tapping into it. Overriding the ifupdown__interfaces variable did not cut it. The bridges were created anyway.

Thanks to @drybjed marking the interfaces as absent did the trick:

---
# DHCP reservations on labnet: 10.1.1.{10..$vms_count}
ifupdown__interfaces:

  - iface: 'eno1'
    comment: 'Motherboard 1Gbps NIC: Lab Primary'
    auto: True
    type: 'ether'
    inet: 'dhcp'

  # Rather opinionated DebOps creates these bridges automatically
  # Without removing them the networking gets borked: thanks @drybjed
  - iface: 'br0'
    state: 'absent'

  - iface: 'br1'
    state: 'absent'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment