Managing /etc/network/interfaces with puppet and augeas

First blog post for a long time, let’s try post interesting stuffs I find during my work as GNU/Linux system administrator at Inuits.

I was looking for a clean and easy way to manage network interface configuration on Debian-like system (the /etc/network/interfaces file) using Puppet.

Puppet currently doesn’t have a resource type to handle network interfaces and unlike Redhat-like systems where the network configuration is split in a different file per interface, the ”interfaces” configuration file under Debian is monolithic making it difficult to manage.

So here comes Augeas to the rescue. Augeas is a configuration file parser that map a configuration file into a tree. Puppet provides a native Resource type you can work with it in your puppet recipes.

Let’s say you want to generate the following stanza in ”/etc/network/interfaces” (this create a bond interface):

auto bond0
iface bond0 inet static
    address 192.168.110.42
    netmask 255.255.255.0
    network 192.168.110.0
    gateway 192.168.110.240
    slaves eth0 eth1
    bound_mode active-backup
    bond_miimon 100
    bond_downdelay 200
    bond_updelay 200

You can define the following ressource:

augeas{ "bond_interface" :
    context => "/files/etc/network/interfaces",
    changes => [
        "set auto[child::1 = 'bond0']/1 bond0",
        "set iface[. = 'bond0'] bond0",
        "set iface[. = 'bond0']/family inet",
        "set iface[. = 'bond0']/method static",
        "set iface[. = 'bond0']/address 192.168.110.42",
        "set iface[. = 'bond0']/netmask 255.255.255.0",
        "set iface[. = 'bond0']/network 192.168.110.0",
        "set iface[. = 'bond0']/gateway 192.168.110.240",
        "set iface[. = 'bond0']/slaves 'eth0 eth1'",
        "set iface[. = 'bond0']/bound_mode active-backup",
        "set iface[. = 'bond0']/bond_miimon 100",
        "set iface[. = 'bond0']/bond_downdelay 200",
        "set iface[. = 'bond0']/bond_updelay 200",
    ],
}

and Puppet will take care of creating the resource and updating it. Be aware that the interfaces and options not managed by puppet are left untouched.