salt.states.network

Configuration of network interfaces

The network module is used to create and manage network settings, interfaces can be set as either managed or ignored. By default all interfaces are ignored unless specified.

Note

RedHat-based systems (RHEL, CentOS, Scientific, etc.) have been supported since version 2014.1.0.

Debian-based systems (Debian, Ubuntu, etc.) have been supported since version 2017.7.0. The following options are not supported: ipaddr_start, and ipaddr_end.

Other platforms are not yet supported.

Note

On Debian-based systems, networking configuration can be specified in /etc/network/interfaces or via included files such as (by default) /etc/network/interfaces.d/*. This can be problematic for configuration management. It is recommended to use either file.managed or network.managed.

If using network.managed, it can be useful to ensure interfaces.d/ is empty. This can be done using:

/etc/network/interfaces.d:
file.directory:
  • clean: True

system:
  network.system:
    - enabled: True
    - hostname: server1.example.com
    - gateway: 192.168.0.1
    - gatewaydev: eth0
    - nozeroconf: True
    - nisdomain: example.com
    - require_reboot: True

eth0:
  network.managed:
    - enabled: True
    - type: eth
    - proto: static
    - ipaddr: 10.1.0.7
    - netmask: 255.255.255.0
    - gateway: 10.1.0.1
    - enable_ipv6: true
    - ipv6proto: static
    - ipv6ipaddrs:
      - 2001:db8:dead:beef::3/64
      - 2001:db8:dead:beef::7/64
    - ipv6gateway: 2001:db8:dead:beef::1
    - ipv6netmask: 64
    - dns:
      - 8.8.8.8
      - 8.8.4.4

eth0-range0:
  network.managed:
    - type: eth
    - ipaddr_start: 192.168.1.1
    - ipaddr_end: 192.168.1.10
    - clonenum_start: 10
    - mtu: 9000

bond0-range0:
  network.managed:
    - type: eth
    - ipaddr_start: 192.168.1.1
    - ipaddr_end: 192.168.1.10
    - clonenum_start: 10
    - mtu: 9000

eth1.0-range0:
  network.managed:
    - type: eth
    - ipaddr_start: 192.168.1.1
    - ipaddr_end: 192.168.1.10
    - clonenum_start: 10
    - vlan: True
    - mtu: 9000

bond0.1-range0:
  network.managed:
    - type: eth
    - ipaddr_start: 192.168.1.1
    - ipaddr_end: 192.168.1.10
    - clonenum_start: 10
    - vlan: True
    - mtu: 9000

.. note::
    add support of ranged interfaces (vlan, bond and eth) for redhat system,
    Important:type must be eth.

routes:
  network.routes:
    - name: eth0
    - routes:
      - name: secure_network
        ipaddr: 10.2.0.0
        netmask: 255.255.255.0
        gateway: 10.1.0.3
      - name: HQ_network
        ipaddr: 10.100.0.0
        netmask: 255.255.0.0
        gateway: 10.1.0.10

eth2:
  network.managed:
    - enabled: True
    - type: slave
    - master: bond0

eth3:
  network.managed:
    - enabled: True
    - type: slave
    - master: bond0

eth4:
  network.managed:
    - enabled: True
    - type: eth
    - proto: dhcp
    - bridge: br0

eth5:
  network.managed:
    - enabled: True
    - type: eth
    - proto: dhcp
    - noifupdown: True  # Do not restart the interface
                        # you need to reboot/reconfigure manually

bond0:
  network.managed:
    - type: bond
    - ipaddr: 10.1.0.1
    - netmask: 255.255.255.0
    - mode: gre
    - proto: static
    - dns:
      - 8.8.8.8
      - 8.8.4.4
    - enabled: False
    - slaves: eth2 eth3
    - require:
      - network: eth2
      - network: eth3
    - miimon: 100
    - arp_interval: 250
    - downdelay: 200
    - lacp_rate: fast
    - max_bonds: 1
    - updelay: 0
    - use_carrier: on
    - hashing-algorithm: layer2
    - mtu: 9000
    - autoneg: on
    - speed: 1000
    - duplex: full
    - rx: on
    - tx: off
    - sg: on
    - tso: off
    - ufo: off
    - gso: off
    - gro: off
    - lro: off

bond0.2:
  network.managed:
    - type: vlan
    - ipaddr: 10.1.0.2
    - use:
      - network: bond0
    - require:
      - network: bond0

bond0.3:
  network.managed:
    - type: vlan
    - ipaddr: 10.1.0.3
    - use:
      - network: bond0
    - require:
      - network: bond0

bond0.10:
  network.managed:
    - type: vlan
    - ipaddr: 10.1.0.4
    - use:
      - network: bond0
    - require:
      - network: bond0

bond0.12:
  network.managed:
    - type: vlan
    - ipaddr: 10.1.0.5
    - use:
      - network: bond0
    - require:
      - network: bond0
br0:
  network.managed:
    - enabled: True
    - type: bridge
    - proto: dhcp
    - bridge: br0
    - delay: 0
    - ports: eth4
    - bypassfirewall: True
    - use:
      - network: eth4
    - require:
      - network: eth4

eth6:
  network.managed:
    - type: eth
    - noifupdown: True

    # IPv4
    - proto: static
    - ipaddr: 192.168.4.9
    - netmask: 255.255.255.0
    - gateway: 192.168.4.1
    - enable_ipv6: True

    # IPv6
    - ipv6proto: static
    - ipv6ipaddr: 2001:db8:dead:c0::3
    - ipv6netmask: 64
    - ipv6gateway: 2001:db8:dead:c0::1
    # override shared; makes those options v4-only
    - ipv6ttl: 15

    # Shared
    - mtu: 1480
    - ttl: 18
    - dns:
      - 8.8.8.8
      - 8.8.4.4

eth7:
    - type: eth
    - proto: static
    - ipaddr: 10.1.0.7
    - netmask: 255.255.255.0
    - gateway: 10.1.0.1
    - enable_ipv6: True
    - ipv6proto: static
    - ipv6ipaddr: 2001:db8:dead:beef::3
    - ipv6netmask: 64
    - ipv6gateway: 2001:db8:dead:beef::1
    - noifupdown: True

eth8:
  network.managed:
    - enabled: True
    - type: eth
    - proto: static
    - enable_ipv6: true
    - ipv6proto: static
    - ipv6ipaddrs:
      - 2001:db8:dead:beef::3/64
      - 2001:db8:dead:beef::7/64
    - ipv6gateway: 2001:db8:dead:beef::1
    - ipv6netmask: 64
    - dns:
      - 8.8.8.8
      - 8.8.4.4

system:
  network.system:
    - enabled: True
    - hostname: server1.example.com
    - gateway: 192.168.0.1
    - gatewaydev: eth0
    - nozeroconf: True
    - nisdomain: example.com
    - require_reboot: True
    - apply_hostname: True

lo:
  network.managed:
    - name: lo
    - type: eth
    - proto: loopback
    - onboot: yes
    - userctl: no
    - ipv6_autoconf: no
    - enable_ipv6: true

.. note::
    Apply changes to hostname immediately.

.. versionadded:: 2015.5.0

system:
  network.system:
    - hostname: server2.example.com
    - apply_hostname: True
    - retain_settings: True

.. note::
    Use `retain_settings` to retain current network settings that are not
    otherwise specified in the state. Particularly useful if only setting
    the hostname. Default behavior is to delete unspecified network
    settings.

.. versionadded:: 2016.11.0

Note

When managing bridged interfaces on a Debian or Ubuntu based system, the ports argument is required. Red Hat systems will ignore the argument.

salt.states.network.managed(name, type, enabled=True, **kwargs)

Ensure that the named interface is configured properly.

name

The name of the interface to manage

type

Type of interface and configuration.

enabled

Designates the state of this interface.

kwargs

The IP parameters for this interface.

salt.states.network.routes(name, **kwargs)

Manage network interface static routes.

name

Interface name to apply the route to.

kwargs

Named routes

salt.states.network.system(name, **kwargs)

Ensure that global network settings are configured properly.

name

Custom name to represent this configuration change.

kwargs

The global parameters for the system.