RHV 4.2: Using rhv-log-collector-analyzer to assess your virtualization environment

RHV 4.2 includes a tool that allows to quickly analyze your RHV environment. It bases its analysis in either a logcollector report (sosreport and others), or it can connect live to you environment and generate some nice JSON or HTML output.

You'll find it already installed in RHV 4.2 , and gathering a report is as easy as:

# rhv-log-collector-analyzer --live
Generating reports:
===================
Generated analyzer_report.html

If you need to assess an existing logcollector report on a new system that never had a running RHV-Manager, things get a bit more complicated:

root@localhost # yum install -y ovirt-engine
root@localhost # su - postgres
postgres@localhost ~ # source scl_source enable rh-postgresql95
postgres@localhost ~ # cd /tmp
postgres@localhost /tmp # time rhv-log-collector-analyzer  /tmp/sosreport-LogCollector-20181106134555.tar.xz

Preparing environment:
======================
Temporary working directory is /tmp/tmp.do6qohRDhN
Unpacking postgres data. This can take up to several minutes.
sos-report extracted into: /tmp/tmp.do6qohRDhN/unpacked_sosreport
pgdump extracted into: /tmp/tmp.do6qohRDhN/pg_dump_dir
Welcome to unpackHostsSosReports script!
Extracting sosreport from hypervisor HYPERVISOR1 in /tmp/ovirt-log-collector-analyzer-hosts/HYPERVISOR1
Extracting sosreport from hypervisor HYPERVISOR2 in /tmp/ovirt-log-collector-analyzer-hosts/HYPERVISOR2
Extracting sosreport from hypervisor HYPERVISOR3 in /tmp/ovirt-log-collector-analyzer-hosts/HYPERVISOR3
Extracting sosreport from hypervisor HYPERVISOR4 in /tmp/ovirt-log-collector-analyzer-hosts/HYPERVISOR4

Creating a temporary database in /tmp/tmp.do6qohRDhN/postgresDb/pgdata. Log of initdb is in /tmp/tmp.do6qohRDhN/initdb.log

WARNING: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the option -A, or
--auth-local and --auth-host, the next time you run initdb.
LOG:  redirecting log output to logging collector process
HINT:  Future log output will appear in directory "pg_log".
Importing the dump into a temporary database. Log of the restore process is in /tmp/tmp.do6qohRDhN/db-restore.log

Generating reports:
===================
Generated analyzer_report.html

Cleaning up:
============
Stopping temporary database
Removing temporary directory /tmp/tmp.do6qohRDhN

You'll find a analyzer_report.html file in your current working directory. It can be reviews with a text-only browser such as lynx/links , or opened with a proper full-blown browser.

Bonus track

Sometimes it can also be helpful to check the database dump that is included in the logcollector report. In order to do that, you can do something like:

Review pg_dump_dir in the log above: /tmp/tmp.do6qohRDhN/pg_dump_dir .

Initiate a new postgres instance as follows :

postgres@localhost $ source scl_source enable rh-postgresql95
postgres@localhost $ export PGDATA=/tmp/foo
postgres@localhost $ initdb -D ${PGDATA} 
postgres@localhost $ /opt/rh/rh-postgresql95/root/usr/libexec/postgresql-ctl start -D ${PGDATA} -s -w -t 30 &
postgres@localhost $ psql -c "create database testengine"
postgres@localhost $ psql -c "create schema testengine"
postgres@localhost $ psql testengine < /tmp/tmp.*/pg_dump_dir/restore.sql

Happy hacking!

Satellite 6: Upgrading to Satellite 6.3

We have a new and shiny Satellite 6.3.0 available as of now, so I just bit the bullet and upgraded my lab's Satellite.

The first thing to know if you now have the foreman-maintain tool to do some pre-flight checks, as well as drive the upgrade. You'll need to enable the repository (included as a part of RHEL product) :

subscription-manager repos --disable="*" --enable rhel-7-server-rpms --enable rhel-7-server-satellite-6.3-rpms --enable rhel-server-rhscl-7-rpms --enable rhel-7-server-satellite-maintenance-6-rpms

yum install -y rubygem-foreman_maintain

Check your Satellite health with :

# foreman-maintain health check
Running ForemanMaintain::Scenario::FilteredScenario
================================================================================
Check for verifying syntax for ISP DHCP configurations:               [FAIL]
undefined method `strip' for nil:NilClass
--------------------------------------------------------------------------------
Check for paused tasks:                                               [OK]
--------------------------------------------------------------------------------
Check whether all services are running using hammer ping:             [OK]
--------------------------------------------------------------------------------
Scenario [ForemanMaintain::Scenario::FilteredScenario] failed.

The following steps ended up in failing state:

  [foreman-proxy-verify-dhcp-config-syntax]

Resolve the failed steps and rerun
the command. In case the failures are false positives,
use --whitelist="foreman-proxy-verify-dhcp-config-syntax"

And finally perform the upgrade with :

# foreman-maintain upgrade  run  --target-version 6.3 --whitelist="foreman-proxy-verify-dhcp-config-syntax,disk-performance,repositories-setup"                          

Running Checks before upgrading to Satellite 6.3
================================================================================
Skipping pre_upgrade_checks phase as it was already run before.
To enforce to run the phase, use `upgrade run --phase pre_upgrade_checks`

Scenario [Checks before upgrading to Satellite 6.3] failed.

The following steps ended up in failing state:

 [foreman-proxy-verify-dhcp-config-syntax]

Resolve the failed steps and rerun
the command. In case the failures are false positives,
use --whitelist="foreman-proxy-verify-dhcp-config-syntax"



Running Procedures before migrating to Satellite 6.3
================================================================================
Skipping pre_migrations phase as it was already run before.
To enforce to run the phase, use `upgrade run --phase pre_migrations`


Running Migration scripts to Satellite 6.3
================================================================================
Setup repositories: 
- Configuring repositories for 6.3                                    [FAIL]    
Failed executing subscription-manager repos --enable=rhel-7-server-rpms --enable=rhel-server-rhscl-7-rpms --enable=rhel-7-server-satellite-maintenance-6-rpms --enable=rhel-7-server-satellite-tools-6.3-rpms --enable=rhel-7-server-satellite-6.3-rpms, exit status 1:
Error: 'rhel-7-server-satellite-6.3-rpms' does not match a valid repository ID. Use "subscription-manager repos --list" to see valid repositories.
Repository 'rhel-7-server-rpms' is enabled for this system.
Repository 'rhel-7-server-satellite-maintenance-6-rpms' is enabled for this system.
Repository 'rhel-7-server-satellite-tools-6.3-rpms' is enabled for this system.
Repository 'rhel-server-rhscl-7-rpms' is enabled for this system.
-------------------------------------------------------------------------------
Update package(s) : 
  (yum stuff)

                                                                        [OK]
 --------------------------------------------------------------------------------
Procedures::Installer::Upgrade: 
Upgrading, to monitor the progress on all related services, please do:
  foreman-tail | tee upgrade-$(date +%Y-%m-%d-%H%M).log
Upgrade Step: stop_services...
Upgrade Step: start_databases...
Upgrade Step: update_http_conf...
Upgrade Step: migrate_pulp...
Upgrade Step: mark_qpid_cert_for_update...
Marking certificate /root/ssl-build/satmaster.rhci.local/satmaster.rhci.local-qpid-broker for update
Upgrade Step: migrate_candlepin...
Upgrade Step: migrate_foreman...
Upgrade Step: Running installer...
Installing             Done                                               [100%] [............................................]
  The full log is at /var/log/foreman-installer/satellite.log
Upgrade Step: restart_services...
Upgrade Step: db_seed...
Upgrade Step: correct_repositories (this may take a while) ...
Upgrade Step: correct_puppet_environments (this may take a while) ...
Upgrade Step: clean_backend_objects (this may take a while) ...
Upgrade Step: remove_unused_products (this may take a while) ...
Upgrade Step: create_host_subscription_associations (this may take a while) ...
Upgrade Step: reindex_docker_tags (this may take a while) ...
Upgrade Step: republish_file_repos (this may take a while) ...
Upgrade completed!
                                                     [OK]
--------------------------------------------------------------------------------


Running Procedures after migrating to Satellite 6.3
================================================================================
katello-service start: 
- No katello service to start                                         [OK]      
--------------------------------------------------------------------------------
Turn off maintenance mode:                                            [OK]
--------------------------------------------------------------------------------
re-enable sync plans: 
- Total 4 sync plans are now enabled.                                 [OK]      
--------------------------------------------------------------------------------

Running Checks after upgrading to Satellite 6.3
================================================================================
Check for verifying syntax for ISP DHCP configurations:               [FAIL]
undefined method `strip' for nil:NilClass
--------------------------------------------------------------------------------
Check for paused tasks:                                               [OK]
--------------------------------------------------------------------------------
Check whether all services are running using hammer ping:             [OK]
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
Upgrade finished.

Happy hacking!

Configuring Cisco UCS fencing in RHV Manager

Just a quick postit on how to configure fencing of Cisco UCS servers in RHV. Since the fencing agent requires the full path to the Service Profile in UCS, it needs to be carefully specified as:

  • Slot: MyServer
  • Options: suborg=org-CLOUD/org-CLOUD-HYPERVISORS/org-AZ1,ssl_insecure=1

The path to the Service Profile can be checked by inspecting the UCS 'Events' tab, which will show entries similar to:

<eventRecord
affected="org-root/org-CLOUD/org-CLOUD-HYPERVISORS/org-AZ1/ls-MyServer"
cause="transition"
changeSet=""
code="E4196007"
created="2018-02-21T12:44:16Z"
descr="[FSM:BEGIN]: Configuring Service Profile CFS1PHY03(FSM:sam:dme:LsServerConfigure)"
id="2586840"
ind="state-transition"
sessionId="internal"
severity="info"
trig="special"
txId="1209150"
user="ucsCentral"
dn="event-log/2586840"
status="created"
sacl="addchild,del,mod">
</eventRecord>

Happy hacking!

Satellite 6: Managing physical and virt-who subscriptions

Virtual Datacenter subscriptions allow customers to subscribe all VMs running in a certain hypervisor. For that to work, Satellite generates a pool of derived subscriptions that are to be latter mapped to the running VMs. This mapping (assignment) only occurs if the virt-who daemon is properly configured to query the virtualization infrastructure to understand in which hypervisor a certain VM is running.

There is a very nice document (Subscription-manager for the former Red Hat Network User: Part 9 - A Case Study with activation keys) that covers in far more detail all options available; however I want to comment on a case that is prevalent if you are managing Red Hat products as well as internal products / repositories.

Imagine you:

  • Need to provision physical servers that will consume a physical RHCI subscription.
  • Need to provision virtual machines that will consume a derived/virt-who RHCI subscription.
  • Need that all systems above access the same custom Products repositories.

For that you will need 3 activation keys :

  • "ak-rhel7-physical-rhci"
    • Autoattach: yes
    • Subscriptions added: the pool(s) of RHCI subscriptions
    • Product content: Enable the repositories from Red Hat products as required.
  • "ak-rhel7-virtual-rhci"
    • Autoattach: No
    • Subscriptions none
    • Product content: Enable the repositories from Red Hat products as required.
  • "ak-custom-products"
    • Subscriptions: All of your required custom products
    • Product content: Enable the repositories of your required products.

When provisioning and/or registering a system, just ensure you use both AKs simultaneously to ensure systems get access to their required software, for example:

subscription-manager register --org="Default_Organization" --activationkey=ak-rhel7-physical-rhci,ak-custom-products

If you are using Host Groups, edit each host group to use both activation keys so the provisioning will also use these.

Note that the first AK you specify will be used to set the Content View, Enviroment (Library, ...), Service Level, etc of your content host. Also this does not mean multiple content views can be used; the only CV used by content hosts is the specified in your first AK.

This also solves the problem of virt-who not sending the VM-to-host mapping while provisioning. With no subscriptions associated to the AK for virtual systems, Satellite will generate a temporary 1day/1week subscription with access to all available Red Hat products within Satellite. This gives virt-who plenty of time to generate and assign the derived VDC subscriptions.

tl;dr Don't try to do everything at once in a single AK, just use multiple AKs and ensure each one does it part well.

Happy hacking!

Satellite 6: Native integration with Red Hat IDM (FreeIPA)

Integrating Satellite and IDM/FreeIPA

These are some quick notes on integrating Satellite 6.2 with the FreeIPA single-sign-on solution.

Documentation reference:

Satellite integration

Register Satellite server into IDM as per usual process (ipa-client-install)

Create an IPA service:

(ipa-server)#  ipa service-add HTTP/satellite.fqdn

Optionally, fetch keytab from Satellite system. Otherwise, satellite-installer will try to fetch it:

(satellite)#  ipa-getkeytab -p HTTP/satellite.fqdn -k /etc/foreman-proxy/freeipa.keytab -e aes256-cts

Note that the HTTP in HTTP/satellite.fqdn MUST be uppercase, otherwise the setup will fail.

Satellite configuration

Run satellite-installer to enable IPA integration:

% satellite-installer --scenario satellite --foreman-ipa-authentication true

Create a Satellite user group. It will be mapped into the External group. Assign roles and admin status as required.

(satellite)# hammer user-group create --name SatelliteGroup
User group [automate] created

(satellite)# hammer user-group external create --name IDM-Group --user-group SatelliteGroup --auth-source-id 3
External user group created

IDM-Group is the group created within FreeIPA. SatelliteGroup is the group created withing Satellite (they don't need to match).

Unfortunatelly auth-source-id needs to be fetched from the Database until BZ 1336236 is addressed.

The ID can be gathered as follows (identified with the External name):

foreman=# select id,type,name from auth_sources;
 id |        type        |      name      
----+--------------------+----------------
  1 | AuthSourceInternal | Internal
  2 | AuthSourceHidden   | Hidden
  3 | AuthSourceExternal | External
  4 | AuthSourceLdap     | ldaptest.rhci.local

Role assignment:

% hammer user-group update --name SatelliteGroup --admin true

% hammer user-group update --name SatelliteGroup --roles Manager
User group [SatelliteGroup] updated

Testing

Log into Satellite WebUI with IDM username.

Note that hammer cannot be used with external autentication. Satellite 6.3 will provide API and hammer integration for external users.

Happy hacking!

Fixing yum incomplete transactions

I just found an issue with a server that wouldn't let me install any additional software with yum because it complained of an incomplete transaction. Plus checking the list of installed RPMs with rpm -qa showed that many of them where duplicated (old and new versions at the same time).

I used the following commands to get out that mess, and worked beautifully :

package-cleanup --dupes | grep -v Loaded | awk 'NR % 2 == 0' | xargs -n1 rpm -e --nodeps --justdb --noscripts
yum update
yum-complete-transaction
yum -y reinstall kernel

The first command is the meaty part; get a list of duplicate RPMs and, with the awk command get one out of two lines. Then pipe that list to rpm so we can mark the RPM as removed without running their removal scripts, or actually removing the files from disk !

After that, running yum update will take care of ensuring we didn't remove any dependency and finally yum-complete-transaction will replay the last failed command.

The last command is optional but apparently is a common problem to end up with a borked kernel and/or initrd, so reinstalling it for good measure.

As a sample of what yum and yum-complete-transaction where complaining about, here's a small excerpt of what was going on at the time of the issue:

--> Restarting Dependency Resolution with new changes. 
--> Running transaction check 
--> Finished Dependency Resolution 
Error: Trying to remove "systemd", which is protected 
Error: Trying to remove "yum", which is protected  
 You could try using --skip-broken to work around the problem   
** Found 43 pre-existing rpmdb problem(s), 'yum check' output follows: 
audit-libs-2.7.6-3.el7.i686 is a duplicate with audit-libs-2.6.5-3.el7.x86_64   
32:bind-license-9.9.4-50.el7.noarch is a duplicate with 32:bind-license-9.9.4-37.el7.noarch
7:device-mapper-1.02.140-8.el7.x86_64 is a duplicate with 7:device-mapper-1.02.135-1.el7.x86_64
7:device-mapper-libs-1.02.140-8.el7.x86_64 is a duplicate with 7:device-mapper-libs-1.02.135-1.el7.x86_64  
dracut-033-502.el7.x86_64 is a duplicate with dracut-033-463.el7.x86_64
e2fsprogs-libs-1.42.9-10.el7.x86_64 is a duplicate with e2fsprogs-libs-1.42.9-9.el7.x86_64  
fipscheck-lib-1.4.1-6.el7.x86_64 is a duplicate with fipscheck-lib-1.4.1-5.el7.x86_64  
glib2-2.50.3-3.el7.x86_64 is a duplicate with glib2-2.46.2-4.el7.x86_64
glibc-2.17-196.el7.i686 is a duplicate with glibc-2.17-157.el7.x86_64  
glibc-common-2.17-196.el7.x86_64 is a duplicate with glibc-common-2.17-157.el7.x86_64  
gobject-introspection-1.50.0-1.el7.x86_64 is a duplicate with gobject-introspection-1.42.0-1.el7.x86_64
kbd-misc-1.15.5-13.el7.noarch is a duplicate with kbd-misc-1.15.5-12.el7.noarch
kernel-tools-libs-3.10.0-693.el7.x86_64 is a duplicate with kernel-tools-libs-3.10.0-514.el7.x86_64
krb5-libs-1.15.1-8.el7.x86_64 is a duplicate with krb5-libs-1.14.1-26.el7.x86_64   
libblkid-2.23.2-43.el7.x86_64 is a duplicate with libblkid-2.23.2-33.el7.x86_64
libcap-2.22-9.el7.i686 is a duplicate with libcap-2.22-8.el7.x86_64
libcom_err-1.42.9-10.el7.x86_64 is a duplicate with libcom_err-1.42.9-9.el7.x86_64  
libcurl-7.29.0-42.el7.x86_64 is a duplicate with libcurl-7.29.0-35.el7.x86_64  
libdb-5.3.21-20.el7.i686 is a duplicate with libdb-5.3.21-19.el7.x86_64
libgcc-4.8.5-16.el7.i686 is a duplicate with libgcc-4.8.5-11.el7.x86_64   

Happy hacking!

Configuring proxy settings in lftp

I sometimes need to upload data to Red Hat's dropbox service, and most of the times I need to go through a proxy of some sort. Here's a quick note on how to configure lftp to use such a proxy.

# lftp
lftp :~> set ftp:proxy http://USER:password@yourproxy:8080
lftp :~> open 209.132.183.100
lftp 209.132.183.100:~> user anonymous
Password: 
lftp anonymous@209.132.183.100:~> cd /incoming
cd ok, cwd=/incoming
lftp anonymous@209.132.183.100:/incoming> put yourfile.tar.gz -o YOURCASENUMBER-yourfile.tar.gz

As you can see:

  • I used the set ftp:proxy command to configure the proxy.
  • Then I used 209.132.183.100 rather than dropbox.redhat.com . Some proxies do not work if using the DNS hostname, for some reason.
  • After that, I blindy changed into /incoming . It's the only directory with allowed wrting permissions
  • Finally I used put -o to specify the destination filename.

Happy hacking!

Satellite 6 Maintenance tools

Almost missed this release. A few days ago, the Satellite 6 Maintenance tools were released. These are tools that will ease the migration to Satellite 6.3 once is released, as well as one of my favourite BZs for Satellite: BZ 1480346 Tool to change Satellite hostname

They can be installed with :

subscription-manager repos --enable rhel-7-server-satellite-maintenance-6-rpms
yum install rubygem-foreman_maintain satellite-clone

Note the repository above is part of RHEL 7, not Satellite product.

Also bear in mind this is a very first iteration of these tools; I'd expect they will be further enhanced before the Satellite 6.3 GA release. At the moment they are in a BETA state :-)

You can read the official notes here:

Happy hacking!

Gerrit for dummies and Software Factory

Last Thursday I attended a great presentation by Javier Peña, an introduction to Gerrit. In no particular order, this are the things that catched my eye:

  • Gerrit is a code review system. It sits between your source code repository (Git) and your developers, so any proposed change can be better discussed and reviewed. In parallel, Gerrit can be instructed to launch integration tests to ensure the proposed change doesn't break anything. If the CI integration tests are successfull, the patch can be merged with the code. Otherwise, further changes can be done by the submitter with git commit --amend until the patch is succesfully merged (or discarded).
  • It is better than Github's review workflow because:
    • It's not propietary ;-)
    • Can work in a disconnected fashion with Gertty
    • Reviewing dozens of commits for a single PR can get confusing fast, specially with large patches.
    • As mentioned earlier, Gerrit can be easily integrated with several CI systems.
  • Important opensource projects such as Openstack and oVirt are using it, although it started at Google.

There is project that is integrating Git, Gerrit, Zuul, Nodepool and a bunch of other tools to make development easier. It's called Software Factory and you can find additional info in their documentation: https://softwarefactory-project.io/docs/.

Software Factory logo

Happy hacking!

Satellite 6: Configuring vlan tagging and bonding deployments

One of the features provided by Satellite 6 is both provisioning of hosts (via PXE or other methods), and automated network configuration. We can use Satellite to automatically configure our bonds and vlan tagging for us.

Let's review how this all is done using the Satellite web UI. My suggestion is to configure these details one by one, and examine how the generated kickstart changes in each step. This will help us identifies issues and mistakes before starting a lenghty trial and error process provisioning physical servers :-)

The kickstart rendered template is available under https://SATELLITE/unattended/provision?hostname=your.host.name .

VLAN tagging

This is the simplest scenario; we just want to configure vlan tagging in an existing interface.

Imagine we want to configure the following interfaces:

eth0: PXE (no specific configuration mentioned here)
eth1: Base NIC for vlan tagging
eth1.666 : 192.168.0.10/24 , using vlan 666.

We need to ensure that:

  • We have configured a domain.
  • We have configured a subnet, and is attached to that domain.
  • The network is configured to use Static boot mode (this is a personal preference of mine -- I'd prefer all my interfaces to become up regardless the availabity of a DHCP capsule).

Once we perform that, we can perform a server discovery and start editing the network interfaces with the relevant info.

So we'd configure the following interfaces in Satellite :

  • eth0:
    • Mac address: <autodiscovered>
    • Device identifier: eth0
    • DNS name: <none>
    • Domain: your.domain
    • Subnet: your-subnet-with-Static-bootproto
    • IP Address: <blank>
    • Managed: true
  • eth0.666:
    • Mac address: <blank>
    • Device identifier: eth0.666
    • DNS name: <none>
    • Domain: your.domain
    • Subnet: your-subnet-with-Static-bootproto
    • IP Address: 192.168.0.10
    • Managed: true
    • Virtual: true
    • Attached device: eth0
    • Tag: 666

It's important that you configure the eth0 interface itself; otherwise when eth0.666 is enabled, it'll fail because the parent device isn't ready.

All in all, your generated configuration should look like :

####### parent device #######
# eth0 interface
real=`ip -o link | grep 00:50:56:04:1a:8a | awk '{print $2;}' | sed s/:$//`

# ifcfg files are ignored by NM if their name contains colons so we convert colons to underscore
sanitized_real=$real

cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$sanitized_real
BOOTPROTO="none"
IPADDR=""
NETMASK="255.255.255.0"
GATEWAY="172.16.16.1"
DEVICE=$real
HWADDR="00:50:56:04:1a:8a"
ONBOOT=yes
PEERDNS=no
PEERROUTES=no
EOF


###### vlan tagging #######
# eth0.666 interface
real=`ip -o link | grep 00:50:56:04:1a:8a | awk '{print $2;}' | sed s/:$//`
  real=`echo eth0.666 | sed s/eth0/$real/`

# ifcfg files are ignored by NM if their name contains colons so we convert colons to underscore
sanitized_real=$real

cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$sanitized_real
BOOTPROTO="none"
IPADDR="192.168.0.10"
NETMASK="255.255.255.0"
GATEWAY="192.168.0.1"
DEVICE=$real
ONBOOT=yes
PEERDNS=no
PEERROUTES=no
VLAN=yes
EOF

Bonding

In the same way as before, we need to configure the underlying interfaces before we configure the bonded one.

eth0: PXE (no specific configuration mentioned here)
eth1: Bond slave
eth2: Bond slave
bond0: Active-Passive bond enslaving eth1 and eth2

For this example we'll be configuring eth1 and eth2 as a slaves of bond0, that will have an IP assigned to it. It is very important you configure both bond slaves first, then the bond interface. Otherwise the bond won't be properly linked to the slaves and the template won't properly generate the kickstart.

  • eth1:
    • Mac address: <autodiscovered>
    • Device identifier: eth1
    • DNS name: <none>
    • Domain: your.domain
    • Subnet: your-subnet-with-Static-bootproto
    • IP Address: <blank>
    • Managed: true
  • eth2:
    • Mac address: <autodiscovered>
    • Device identifier: eth2
    • DNS name: <none>
    • Domain: your.domain
    • Subnet: your-subnet-with-Static-bootproto
    • IP Address: <blank>
    • Managed: true
  • bond0:
    • Type: bond0
    • Mac address: <none>
    • Device identifier: bond0
    • DNS name: <none>
    • Domain: your.domain
    • Subnet: your-subnet-with-Static-bootproto
    • IP Address: 192.168.0.11
    • Managed: true
    • Bond configuration:
      • Mode: Active-Backup
      • Attached devices: eth0,eth1
      • Bond options: ""

The generated config looks like :

# bond0 interface
real="bond0"
cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$real
BOOTPROTO="none"
IPADDR="172.16.16.230"
NETMASK="255.255.255.0"
GATEWAY="172.16.16.1"
DEVICE=$real
ONBOOT=yes
PEERDNS=no
PEERROUTES=no
DEFROUTE="no"
TYPE=Bond
BONDING_OPTS=" mode=active-backup"
BONDING_MASTER=yes
NM_CONTROLLED=no
EOF



# eth1 interface
real=`ip -o link | grep 00:50:56:04:1a:8f | awk '{print $2;}' | sed s/:$//`

# ifcfg files are ignored by NM if their name contains colons so we convert colons to underscore
sanitized_real=$real

cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$sanitized_real
BOOTPROTO="none"
DEVICE=$real
HWADDR="00:50:56:04:1a:8f"
ONBOOT=yes
PEERDNS=no
PEERROUTES=no
NM_CONTROLLED=no
MASTER=bond0
SLAVE=yes
EOF



# eth2 interface
real=`ip -o link | grep 00:50:56:04:1a:90 | awk '{print $2;}' | sed s/:$//`

# ifcfg files are ignored by NM if their name contains colons so we convert colons to underscore
sanitized_real=$real

cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$sanitized_real
BOOTPROTO="none"
DEVICE=$real
HWADDR="00:50:56:04:1a:90"
ONBOOT=yes
PEERDNS=no
PEERROUTES=no
NM_CONTROLLED=no
MASTER=bond0
SLAVE=yes
EOF

Bonding + VLAN tagging

In this final example we want to configure a bond and add different vlan-tagged interfaces to it :

eth0: PXE (no specific configuration mentioned here)
eth1: Bond slave
eth2: Bond slave
bond0: Active-Passive bond enslaving eth1 and eth2
bond0.666: Interface in vlan 666 (192.168.6.6/24)
bond0.777: Interface in vlan 777 (192.168.7.7/24)
  • eth1:
    • Mac address: <autodiscovered>
    • Device identifier: eth1
    • DNS name: <none>
    • Domain: your.domain
    • Subnet: your-subnet-with-Static-bootproto
    • IP Address: <blank>
    • Managed: true
  • eth2:
    • Mac address: <autodiscovered>
    • Device identifier: eth2
    • DNS name: <none>
    • Domain: your.domain
    • Subnet: your-subnet-with-Static-bootproto
    • IP Address: <blank>
    • Managed: true
  • bond0:
    • Type: Bond
    • Mac address: <none>
    • Device identifier: bond0
    • DNS name: <none>
    • Domain: your.domain
    • Subnet: your-subnet-with-Static-bootproto
    • IP Address: 192.168.0.11
    • Managed: true
    • Bond configuration:
      • Mode: Active-Backup
      • Attached devices: eth0,eth1
      • Bond options: ""
  • bond0.666:
    • Type: interface
    • Mac address: <blank>
    • Device identifier: bond0.666
    • DNS name: <none>
    • Domain: your.domain
    • Subnet: your-subnet-with-Static-bootproto
    • IP Address: 192.168.6.6
    • Managed: true
    • Virtual: true
    • Attached device: eth0
    • Tag: 666
  • bond0.777:
    • Type: interface
    • Mac address: <blank>
    • Device identifier: bond0.777
    • DNS name: <none>
    • Domain: your.domain
    • Subnet: your-subnet-with-Static-bootproto
    • IP Address: 192.168.7.7
    • Managed: true
    • Virtual: true
    • Attached device: eth0
    • Tag: 777

Happy hacking!