On Tue, 2021-03-23 at 15:28 +0100, Jan Hutař via networkmanager-list wrote:
Hello.
Hopefully this is good place to ask. If not, please suggest something
else.
For quite some time I'm trying to figure out how to create a bridge
using main network interface (the only one which is routable to the
host).
I have tried these Ansible tasks:
- name: "Get {{ public_nic }} connection name"
shell: nmcli --terse device | grep "^{{ public_nic }}:" | cut -d
':' -f 4
register: public_connection_cmd
- name: "Extract {{ public_nic }} connection name"
set_fact:
public_connection: "{{
public_connection_cmd.stdout_lines|first|trim }}"
- name: "Create brpublic bridge connection"
nmcli:
conn_name: brpublic
ifname: brpublic
type: bridge
stp: no
state: present
- name: "Put {{ public_nic }} device into brpublic"
nmcli:
conn_name: brpublic-slave
ifname: "{{ public_nic }}"
type: bridge-slave
master: brpublic
state: present
- name: "Remove old {{ public_nic }} connection"
nmcli:
conn_name: "{{ public_connection }}"
state: absent
when: "public_connection != '' and public_connection !=
'brpublic-slave'"
This is the ansible module "nmcli". I am not familiar with that, it might be fine though. FYI, there is also https://galaxy.ansible.com/linux-system-roles/network
but this breaks the network on the last task.
I have also tried these two ways via "shell":
set -xe
old_connection=$( nmcli --terse device | grep "^{{ public_nic }}:"
| cut -d ':' -f 4 )
while not a big difference, I'd do:
old_connection="$(nmcli -g DEVICE,CON-UUID device | sed -n 's/^{{ public_nic }}://p')"
nmcli con add type bridge con-name brpublic ifname brpublic
###nmcli con add type bridge-slave con-name brpublic-slave ifname
"{{ public_nic }}" master brpublic
nmcli connection modify "$old_connection" master brpublic
nmcli connection modify uuid "$old_connection" master brpublic
###if [ -n "$old_connection" -a "$old_connection" != 'brpublic- slave' ]; then ### nmcli c delete "$old_connection" ###fi nmcli con up brpublic
if the port profile "$old_connection" was already activated, then this script does not change anything about that. Your script modifies "$old_connection", but modifying a profile only does that. If the profile is currently active, then those changes only take effect after activating the profile again (with `nmcli connection up uuid "$old_connection"`).
but this fails as well (script works, but at the end according to `ip a` IP is still on the main interface, not on "brpublic"). Mine end goal is to have VM on that bridge that can be accessible from outside network. What is the right way to do that remotely?
That sounds doable. But I'd suggest to test the script under circumstances where you can easily recover from looking connections.
Thank you in advance, Jan
Attachment:
signature.asc
Description: This is a digitally signed message part