Hi,

With the below config, I'm getting an error that I cannot figure out
`package { 'ipaddress':
ensure => 'present',
provider => 'gem',
}

class { 'bsd::network':
v4gateway => '1.2.3.4'
}`

The error:
puppet agent --test --noop Info: Using configured environment 'production' Info: Retrieving pluginfacts Info: Retrieving plugin Info: Retrieving locales Info: Loading facts Warning: Found multiple default providers for sysctl: parsed, augeas; using parsed Error: Failed to apply catalog: no parameter named 'value'

The puppet node is an OpenBSD 6.3 amd64 bare-metal with ruby-2.4.3p0 and ipaddress version 0.8.3.

Can this issue be fixed?

Hi,

Using puppet4 it does not seem to work when using gre interfaces;

For example I have this code in my node manifest :

bsd::network::interface { 'gre2':
ensure => 'up',
description => "Tunnel interface ${hostname} to XXX",
parents => [ 'vtnet0' ],
raw_values => [ "${tunneladdress_gre2} netmask 255.255.255.252 tunnel ${ipaddresses_v4} ${tunnel_destination_gre2} up" ],
}

If the cloned_interfaces= already exists in rc.conf it doesn't do anything. If the gre2 interface is not available there yet, it will get added. The code also creates gre2, but there is no rc.conf information for it, so the interface remains empty..

How can I investigate what is going on and see what I am doing wrong? :-)

Thanks for all your hard work though, I do really appreciate it and I am leveraging it more and more!

The end result is the same, but 'present' interfaces are still brought into 'up' state. Down physical interfaces are attempted to be brought to 'absent'. This logic needs worked out and tests need covering.

Placing all of the options on a single line for /etc/hostname.if does not work. We need to set the interface addresses on separate lines.

Removing trunk or vlan interfaces requires some amount of params that the define would expect to receive when creating. This should not be required during removal of an interface.

There is currently no documentation for setting the MTU of an interface. Fix bugs if necessary.

On initial provision, there is no order guaranteed for interface creation.

i.e. you have physical interfaces, trunks on top, vlans on top of trunks, and maybe carp interfaces on the vlan interfaces, etc.
When puppet runs, it may create and start carp interfaces before the vlan interfaces are configured, and so on.

For the interface types in network/interface/*.pp, they all have parameters specifying the parents, i.e. trunk.pp has the 'interface' parameter, vlan.pp and carp.pp have the 'device' parameter.

How about, adding a parameter to bsd::network::interface called parent (should be an array), defaulting to 'undef'.
When configuring a trunk, vlan or carp interface, the given interface or respective device parameters are handed over to the 'parent' parameter of bsd::network::interface when it is called.

Further down the road, add a 'parent' parameter to bsd_interface native type, and hand over the parents if given. Then in bsd_interface, when ensure = 'up' or 'present', there could be an
autorequire to the parent interface(s)

Do you think that sounds sane and would be feasible?
Other ideas? I'd like to look into that to get something along the lines working.

cheers,
Sebastian

Hello,

is there any possibility to add to module functions for managing /etc/login.conf entries?

We're currently handling cloned interfaces in types we manage, but other interfaces like lo would be useful. To make this more generic, perhaps a fact for the platforms cloned interfaces and then a check to determine when we need to manage the rc.conf entry would be good.

Hello,

I'm trying to set a static IP and default route on a FreeBSD 11.1 machine with:

class { 'bsd::network':
v4gateway => '192.168.0.1'
}
bsd::network::interface { 'em0':
description => 'Primary Interface',
addresses => [ '192.168.0.37/24' ]
}

on a machine the previously received and IP over DHCP.

The interesting thing that happens is that the default route gets removed but not added back again by the puppet agent run. This in turn leaves the server not accessible.

From what I can gather, it's because the routing service on FreeBSD has no "status" command and also does not need to be running. As can be seen from below, the restart is never issued.

Debug: Executing: '/etc/rc.d/routing onestatus'
Debug: /Stage[main]/Bsd::Network/Service[routing]: Skipping restart; service is not running

Am I missing some option in my node definition?

It sets 0 in the config.

While playing with the module, to create a CARP interface, I figured, it doesn't handle the configuration of passwords for carp traffic authentication.

I have a patch ready that does that ;)
Just waiting for the future parser patch to get accepted.
OR I could stuff it into the future parser patch.

Sebastian

Actually, the module is great, configuring network interfaces.
The one interface type I'm missing, for my IPv6 via IPv4 tunnel is a gif interface.

Would be really nice, if the module could support gif tunnel interfaces,
in addition to gre tunnel interfaces ;)

cheers,
Sebastian

This doesn't seem to be available through this module.

At the moment you cannot use something like this:

bsd::network::interface::trunk:
  lagg0:
      interface:
        - igb0
        - igb1
      address:
        - 10.0.0.1/24
        - 10.0.1.1/24

Hi,

for my rented root server, I had up to now my default gateway defined as: fe80::1%re0

due to the failing test:

puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Loading facts
Could not retrieve fact='apache_version', resolution='<anonymous>': undefined method `[]' for nil:NilClass
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: {"message":"Server Error: Evaluation Error: Error while evaluating a Function Call, Class[Bsd::Network]: parameter 'v6gateway' expects a match for Variant[IP::Address::V6::Full = Pattern[/\\A[[:xdigit:]]{1,4}(:[[:xdigit:]]{1,4}){7}(\\/(1([01][0-9]|[2][0-8])|[1-9][0-9]|[1-9]))?\\z/], IP::Address::V6::Compressed = Pattern[/\\A:(:|(:[[:xdigit:]]{1,4}){1,7})(\\/(1([01][0-9]|[2][0-8])|[1-9][0-9]|[1-9]))?\\z/, /\\A([[:xdigit:]]{1,4}:){1}(:|(:[[:xdigit:]]{1,4}){1,6})(\\/(1([01][0-9]|[2][0-8])|[1-9][0-9]|[1-9]))?\\z/, /\\A([[:xdigit:]]{1,4}:){2}(:|(:[[:xdigit:]]{1,4}){1,5})(\\/(1([01][0-9]|[2][0-8])|[1-9][0-9]|[1-9]))?\\z/, /\\A([[:xdigit:]]{1,4}:){3}(:|(:[[:xdigit:]]{1,4}){1,4})(\\/(1([01][0-9]|[2][0-8])|[1-9][0-9]|[1-9]))?\\z/, /\\A([[:xdigit:]]{1,4}:){4}(:|(:[[:xdigit:]]{1,4}){1,3})(\\/(1([01][0-9]|[2][0-8])|[1-9][0-9]|[1-9]))?\\z/, /\\A([[:xdigit:]]{1,4}:){5}(:|(:[[:xdigit:]]{1,4}){1,2})(\\/(1([01][0-9]|[2][0-8])|[1-9][0-9]|[1-9]))?\\z/, /\\A([[:xdigit:]]{1,4}:){6}(:|(:[[:xdigit:]]{1,4}){1,1})(\\/(1([01][0-9]|[2][0-8])|[1-9][0-9]|[1-9]))?\\z/, /\\A([[:xdigit:]]{1,4}:){7}:(\\/(1([01][0-9]|[2][0-8])|[1-9][0-9]|[1-9]))?\\z/], IP::Address::V6::Alternative = Pattern[/\\A([[:xdigit:]]{1,4}:){6}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}(\\/(1([01][0-9]|[2][0-8])|[1-9][0-9]|[1-9]))?\\z/, /\\A([[:xdigit:]]{1,4}:){5}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}(\\/(1([01][0-9]|[2][0-8])|[1-9][0-9]|[1-9]))?\\z/, /\\A([[:xdigit:]]{1,4}:){4}(:[[:xdigit:]]{1,4}){0,1}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}(\\/(1([01][0-9]|[2][0-8])|[1-9][0-9]|[1-9]))?\\z/, /\\A([[:xdigit:]]{1,4}:){3}(:[[:xdigit:]]{1,4}){0,2}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}(\\/(1([01][0-9]|[2][0-8])|[1-9][0-9]|[1-9]))?\\z/, /\\A([[:xdigit:]]{1,4}:){2}(:[[:xdigit:]]{1,4}){0,3}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}(\\/(1([01][0-9]|[2][0-8])|[1-9][0-9]|[1-9]))?\\z/, /\\A([[:xdigit:]]{1,4}:){1}(:[[:xdigit:]]{1,4}){0,4}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}(\\/(1([01][0-9]|[2][0-8])|[1-9][0-9]|[1-9]))?\\z/, /\\A:(:[[:xdigit:]]{1,4}){0,5}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}(\\/(1([01][0-9]|[2][0-8])|[1-9][0-9]|[1-9]))?\\z/], IP::Address::V6::NoSubnet::Full = Pattern[/\\A[[:xdigit:]]{1,4}(:[[:xdigit:]]{1,4}){7}\\z/], IP::Address::V6::NoSubnet::Compressed = Pattern[/\\A:(:|(:[[:xdigit:]]{1,4}){1,7})\\z/, /\\A([[:xdigit:]]{1,4}:){1}(:|(:[[:xdigit:]]{1,4}){1,6})\\z/, /\\A([[:xdigit:]]{1,4}:){2}(:|(:[[:xdigit:]]{1,4}){1,5})\\z/, /\\A([[:xdigit:]]{1,4}:){3}(:|(:[[:xdigit:]]{1,4}){1,4})\\z/, /\\A([[:xdigit:]]{1,4}:){4}(:|(:[[:xdigit:]]{1,4}){1,3})\\z/, /\\A([[:xdigit:]]{1,4}:){5}(:|(:[[:xdigit:]]{1,4}){1,2})\\z/, /\\A([[:xdigit:]]{1,4}:){6}(:|(:[[:xdigit:]]{1,4}){1,1})\\z/, /\\A([[:xdigit:]]{1,4}:){7}:\\z/], IP::Address::V6::NoSubnet::Alternative = Pattern[/\\A([[:xdigit:]]{1,4}:){6}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}\\z/, /\\A([[:xdigit:]]{1,4}:){5}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}\\z/, /\\A([[:xdigit:]]{1,4}:){4}(:[[:xdigit:]]{1,4}){0,1}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}\\z/, /\\A([[:xdigit:]]{1,4}:){3}(:[[:xdigit:]]{1,4}){0,2}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}\\z/, /\\A([[:xdigit:]]{1,4}:){2}(:[[:xdigit:]]{1,4}){0,3}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}\\z/, /\\A([[:xdigit:]]{1,4}:){1}(:[[:xdigit:]]{1,4}){0,4}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}\\z/, /\\A:(:[[:xdigit:]]{1,4}){0,5}:([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}\\z/]], got 'fe80::1%re0' at /etc/puppetlabs/code/environments/production/modules/profile/manifests/network.pp:16:7 on node deepspace.l00-bugdead-prods.de","issue_kind":"RUNTIME_ERROR"}
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

just to let you know, haven't checked if there is something in thrnio/ip that might match 'fe80::1%re0' and the bsd module has to be updated, or if the thrnio/ip module should get an update to match addresses like this.

A new provider for each platform should inherit from the parrent bsd_interface provider, but implement each own #refresh method to avoid exec-ing. This will clean up some of the code and allow a notify or subscribe on an interface. This should end up just doing the correct thing.

Support for creating and setting interface trunk types would be good to have in the future.

Since I run all my moudles from upstream git, and update daily, I
kind of quickly ran into this issue here ;)

I have duritong/sysctl installed in parallel to hercules/augeasproviders_sysctl
and I get with latest git:

puppet agent --test

Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Loading facts
Info: Loading facts
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid parameter value on Sysctl[net.inet.ip.forwarding] at /etc/puppet/environments/production/modules/bsd/manifests/network.pp:31 on node MYNODE
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run

git reset --hard 39d22ef

then I at least only get:

puppet agent --test

Info: Retrieving pluginfacts
Info: Retrieving plugin
Notice: /File[/var/puppet/lib/puppet/provider/sysctl/augeas.rb]/ensure: defined content as '{md5}227da37dd9052c3bbb4bc53f69936afb'
Info: Loading facts
Info: Loading facts
Info: Caching catalog for MYNODE
Warning: Found multiple default providers for sysctl: augeas, parsed; using augeas
Info: Applying configuration version '1466582508'

luckily I use duritong/sysctl only in my own
modules and can fix that, but others might run into similar dependency issues.

Hi,

the wifi interface only has parameter network_key, which "magically" maps to wpakey.

How about changing the wifi interface the following way:

keep network_key as is, but add a deprecation warning.
add wpa_key and wep_key parameters, where both behave as the name suggests ;)

the following configuration:

 bsd::network::interface::trunk { 'lagg10':
    interface => [ 'vtnet1', 'vtnet2' ],
    address   => [ '10.0.0.1/24' ],
  }

creates /etc/rc.conf entry:

ifconfig_lagg10="inet 10.0.0.1/24 laggproto lacp laggport vtnet1 laggport vtnet2"

but doesn't set

cloned_interface=".. lagg10 .."

However, if I try to manage cloned_interface via puppet-bsd module:

 bsd::network::interface::cloned { 'lagg10':
    ensure => present,
  }

I get the following result:

Evaluation Error: Error while evaluating a Resource Statement, Duplicate declaration: Bsd::Network::Interface::Cloned[lagg10] is already declared at (file: /etc/puppetlabs/code/environments/production/modules/mymodule/manifests/init.pp, line: 8); cannot redeclare (file: /etc/puppetlabs/code/environments/production/modules/bsd/manifests/network/interface.pp, line: 123) (file: /etc/puppetlabs/code/environments/production/modules/bsd/manifests/network/interface.pp, line: 123, column: 7) (file: /etc/puppetlabs/code/environments/production/modules/bsd/manifests/network/interface/trunk.pp, line: 41) on node XXX

I suppose that * bsd::network::interface::trunk* should manage cloned_interfase as well

Loading an unloading modules, both at boot time and during run seems like something this module could handle for the variety of BSD situations. I'm not aware of a module interface that handles this work, and I will soon have a need.

Currently the vlan support for FreeBSD appears to be broken when going to instantiate the standard interface class for two reasons.

1. How the values array is treated.

In lib/puppet/parser/functions/get_freebsd_rc_conf_shellconfig.rb line 12:

 c[:address] = config["values"] if config["values"]

And in lib/puppet_x/bsd/rc_conf.rb the address array is explicitly treated as an array of addresses and process_addresses() is called on each of the array items, which includes vlan id and vlandev values.

This results in the following error:

Error: addr is vlan 1 of class String: Invalid IP "vlan 1" at /etc/puppet/modules/bsd/manifests/network/interface.pp:93 on node xxxxxxxxx
/var/lib/puppet/lib/puppet_x/bsd/rc_conf.rb:189:in `rescue in block in process_addresses'
/var/lib/puppet/lib/puppet_x/bsd/rc_conf.rb:174:in `block in process_addresses'
/var/lib/puppet/lib/puppet_x/bsd/rc_conf.rb:170:in `each'
/var/lib/puppet/lib/puppet_x/bsd/rc_conf.rb:170:in `process_addresses'
/var/lib/puppet/lib/puppet_x/bsd/rc_conf.rb:127:in `load_hash'
/var/lib/puppet/lib/puppet_x/bsd/rc_conf.rb:16:in `initialize'
/etc/puppet/modules/bsd/lib/puppet/parser/functions/get_freebsd_rc_conf_shellconfig.rb:15:in `new'

A potential solution is to pass $vlan_values to options and $address to values in vlan.pp.

2. No cloned_interfaces in rc.conf

In order for the VLAN interface to function, there needs to be a cloned_interfaces line in rc.conf as per http://people.freebsd.org/~arved/vlan/vlan_en.html

For example:

cloned_interfaces="vlan101"
ifconfig_vlan101="inet 10.0.5.1/24 vlan 1 vlandev em0"

I imagine at least the first issue may affect other interface types, but I have not tested any of them yet.

Once the interface has been delete, ifconfig vlan0 for example will raise an error in puppet since the command exits a non-zero status. We should capture the exit status to avoid raising it to puppet, while still being able to use the mechanism to determine if an interface exists.

For many years, Puppet has been the core of my infrastructure needs. That has changed in the last 9 months, and I've begun a new path that I hope will carry me as long as Puppet has.

For those that may still benefit from any of this code, you all deserve maintainers that will give it the attention required, and that is no longer me. And if I'm being honest, it hasn't been me for longer than I'm ready to admit.

So, for those few, I request that if anyone wants this to persist, fork it and make a new. I plan to archive all of the Puppet repos under my name in the coming month and collapse all of my puppet related infrastructure. Expect no more releases from me. Any coordination/communication of forks should happen quickly.

Thank you for all the collaboration over the years. It has been a real privilege.

Hi,

i need to create alias IP addresses on carp interfaces, as well as add some static routes to hostname.carpXXX files.

Looking at the code in manifests/network/interface/carp.pp I see only 'address' as paramter.
address is usually the main IP address given as a string, but I tried to give it an array of multiple addresses, which it actually takes, but the outcome is:

cat /etc/hostname.carp100
inet 172.16.0.5 255.255.255.0 NONE inet alias 172.16.0.55 255.255.255.0 NONE vhid 4 carpdev vlan100
up

sh /etc/netstart carp100
ifconfig: inet: bad value

haven't tried, but looking at the code, it seems that other interface configuration i.e. vlan will face the same issue.

how about adding 'values' parameter, an array, to at least vlan, carp and trunk interfaces, that can contain statements for alias IP addresses and route entries?

Those 'values' then to be merged into the value given to the values parameter of bsd::network::interface before that gets called, usually at the end?

Sebastian

Without this, addressing does not persist a reboot, and will rely on Puppet running to bring the interfaces back into the desired state. We simply need to figure out what interfaces we are managing, and add them to rc.conf.

hostname.if(5) allows for commands to be run as part of the interface configuration. We should support this as part of the interface management.

present, absent, up, down.

Hi,

just figured, that the 'rtsol' paramter on OpenBSD -current is 'gone'.
Now it's 'inet6 autoconf' to enable the same functionality.

Sebastian

I'm running dual-stack @home, so I have IPv4 and IPv6 to configure on my AP. With this, I specify two static IPs:

I have this in Hiera defined:
bsd::network::interface::wifi:
"%{hiera('node::odo::ds9::wifi_if_name')}":
network_name: "%{hiera('network::wifi::network_name')}"
address:
- "%{hiera('node::odo::ds9::wifi_if_inet')}%{hiera('network::wifi::inet_cidr_netmask')}"
- "%{hiera('node::odo::ds9::wifi_if_inet6')}/%{hiera('network::wifi::inet6_prefix')}"
description: 'Access Point'
options:
- 'chan 1'
- 'media OFDM54'
- 'mode 11g'
- 'mediaopt hostap'

which produces this result when run:

inet 10.23.4.56 255.255.0.0 NONE inet6 2001:471:4336:ff::1 64 nwid brb.freifunk.net chan 1 media OFDM54 mode 11g mediaopt hostap description "Access Point"
up

which ends up in:

sh /etc/netstart ral0
ifconfig: inet6: bad value

The module should be better splitting up the lines like:
inet 10.23.4.56 255.255.0.0 NONE
inet6 2001:471:4336:ff::1 64
nwid brb.freifunk.net chan 1 media OFDM54 mode 11g mediaopt hostap description "Access Point"
up