Skip to main content

Automate VLAN tagging on KVM using Ansible

 This blogpost will provide details and steps for automating VLAN-tagged bridge setup on a KVM host using Ansible, and then optionally connect it to OLVM if needed.

Use Ansible to:

  1. Create a VLAN sub-interface on a physical NIC.

  2. Create a Linux bridge attached to that VLAN interface.

  3. Ensure the bridge is ready to be used by VMs or OLVM.


Prerequisites

  • Ansible installed on a control node.

  • SSH access to the KVM host(s).

  • nmcli or network role availability (for Red Hat-based distros).


Ansible Playbook Example

Directory Structure:

vlan-bridge-setup/
├── inventory
└── vlan_bridge.yml

inventory:

[kvmhosts]
192.168.125.100 ansible_user=root

vlan_bridge.yml:


- name: Configure VLAN tagged bridge on KVM host
  hosts: kvmhosts
  become: yes
  tasks:
    - name: Create VLAN interface eth0.100
      nmcli:
        conn_name: vlan100
        ifname: eth0
        type: vlan
        vlan_id: 100
        state: present
        autoconnect: yes

    - name: Create bridge br-vlan100
      nmcli:
        conn_name: br-vlan100
        ifname: br-vlan100
        type: bridge
        state: present
        autoconnect: yes

    - name: Add VLAN interface to the bridge
      nmcli:
        conn_name: br-vlan100-slave
        ifname: vlan100
        type: bridge-slave
        master: br-vlan100
        state: present
        autoconnect: yes

    - name: Bring up all interfaces
      command: nmcli connection up "{{ item }}"
      loop:
        - vlan100
        - br-vlan100
        - br-vlan100-slave

After Playbook Execution

  • Bridge br-vlan100 is ready on VLAN 100.

  • In OLVM, go to:

    • Network > Networks → Add a new logical network with VLAN ID 100.

    • Map it to the host and bind it to br-vlan100.


Use in VM

For VMs outside of OLVM using virt-install or virsh:

virt-install --name test-dbvm --ram 2048 --disk size=10 \

  --vcpus 2 --os-type linux --os-variant OEL7.0 \

  --network bridge=br-vlan100,model=virtio \

  --cdrom /path/to/iso


Automating VLAN tagging offers significant benefits, especially in complex or large-scale virtualized environments. It ensures consistency across hosts by applying standardized configurations, reducing the risk of human error that can lead to misconfigured networks or security gaps. Automation accelerates deployment by eliminating repetitive manual tasks, enabling rapid provisioning of VLAN-tagged interfaces and bridges for virtual machines. It also enhances scalability, making it easier to manage changes across many servers or clusters. Furthermore, automated VLAN configuration improves compliance and auditing by maintaining predictable, version-controlled network setups that can be tracked and rolled back if needed.

Thanks for reading :)

regards,
Syed Zaheer


Comments

Popular posts from this blog

Disable Firewall on Oracle Linux 8

In this blogpost we will see how we can stop/disable the firewall on Oracle Linux 8, the firewall command is same in both linux 7 an linux 8. The below listed is the procedure for stopping and disabling the  firewall on Oracle Linux 8. - Here we can see the firewall deamon in active state - Here when we stop the firewall in previous command, now the firewall daemon is dead - For permanent disabling the firewall on server, we can use "disable" option The following commands will be helpful: #systemctl status firewalld #systemctl stop firewalld #systemctl disable firewalld #systemctl enable firewalld #systemctl start firewalld Hope it helps !! Thanks for reading :) regards, X A H E E R

Enable Desktop on Oracle Solaris 11.4

Oracle Solaris 11 installation has multiple options to choose for installation of an Operating Environment, but mostly Oracle Solaris text install media is used and this installation media doesn't offer the GUI Desktop Environment by default after the installation. This blog post will explain how we can enable the desktop for Oracle Solaris 11.4 operating system, after the completion of installation. We have to install "solaris-desktop" package and reboot the machine and GUI desktop will be enabled for the Operating System. In this blog post my virtual machine is connected to the internet and hence I am able to use available pupblic repository for package installation, if in case internet is not available for the server/machine then we have configure the local/Server  repository for the installation. Follow the below steps for desktop package installation: After installation of dekstop package we are now able to login with GUI desktop environment...

Oracle AVDF Installation and Setup Document

This blogpost will provide you detailed information about Oracle Audit Vault and Database Firewall (Oracle AVDF) setup. Oracle AVDF is a comprehensive Database Activity Monitoring (DAM) solution that integrates with native audit data. Environment Setup: [oracrp@ebs-dev2-db01 ~]$ mkdir -pv /oradb/oracle/avcli mkdir: created directory ‘/oradb/oracle/avcli’ [oracrp@ebs-dev2-db01 ~]$ mkdir -pv /oradb/oracle/avagent mkdir: created directory ‘/oradb/oracle/avagent’ [oracrp@ebs-dev2-db01 ~]$ - Add these variables to the environment file vi DEV2CDB.env # AVS export AVCLI_HOME="/oradb/oracle/avcli" export AV_HOME="/oradb/oracle/avagent" export PATH="$PATH:$AV_HOME/bin" Download the JAR files:   AVDF installation requires one network interface card on respective hosts. IP assigned to AV server NIC will communicate with target databases and IP assigned to DF server will connect to AV Download - Agent jar file:   Login to AV console as avadmin user   - Go t...