feat: Implement interface monitoring setup and cleanup

[keeganwhite]

• Added tasks for setting up an interface monitoring system, including creating necessary directories, scripts, and systemd service/timer files.
• Implemented cleanup tasks to stop and remove the interface monitor service, timer, and associated files.
• Enhanced the main task file to include the new interface monitoring setup.

Summary by CodeRabbit

• New Features

  • Added automatic interface monitoring that runs periodically, manages interface states, and rotates logs.

• Bug Fixes

  • Improved port status detection with more robust parsing and handling of missing or ambiguous interfaces.

• Chores

  • Updated default backend Docker image tag for deployments.
  • Added cleanup steps to remove monitoring artifacts when uninstalled.

[coderabbitai]

Walkthrough

Adds an interface-monitoring feature (script, systemd units, timer, logrotate), corresponding cleanup tasks, extensive debug logging in port sync/status parsing, and updates default Docker image tag in .env and docker-compose for celery_beat.

Changes

Cohort / File(s)	Summary
Docker configuration backend/control_center/.env.example, backend/control_center/docker-compose.yml	Changes default Docker image from sdn-launch-control-backend:latest to taurinetech/sdn-launch-control-backend:1.0.0-beta for deployments and the celery_beat service
Ansible: interface monitoring setup backend/control_center/ansible/roles/ovs-port-setup/tasks/main.yml, backend/control_center/ansible/roles/ovs-port-setup/tasks/setup_interface_monitoring.yml	Adds "Setup interface monitoring" task; deploys /mnt/interface-monitor/monitor_interfaces.sh, creates interface-monitor.service and interface-monitor.timer (30s boot delay, 30s interval, persistent), creates log file and logrotate config, reloads systemd and enables/starts timer
Ansible: cleanup tasks backend/control_center/ansible/roles/ovs-cleanup-port-setup/tasks/cleanup_port_setup.yml	Adds tasks to stop/disable timer, delete systemd unit files and logrotate config, remove /mnt/interface-monitor and logs, and reload systemd; tasks use ignore_errors where applied
Backend: port sync logging backend/control_center/general/views.py	Introduces detailed runtime logging in Port.sync: start, device validation, playbook selection, execution results, parsing steps, parsed values vs DB, and field update logs (old→new)
Backend: port status parsing backend/control_center/utils/ansible_formtter.py	Enhances get_port_status_from_results with extensive debug logging, explicit NOT_FOUND detection (returns False), flag-aware parsing of ip link output (handles NO-CARRIER, LOWER_UP, UP/DOWN), secondary inference pass, and fallback to None when undecidable
Frontend: minor logging change ui/ui/src/components/devices/AddBridgeDialog.tsx	Comments out a console.log in GetControllers flow (silences runtime output)

Sequence Diagram(s)

sequenceDiagram
    participant Timer as systemd Timer
    participant Service as interface-monitor.service
    participant Script as monitor_interfaces.sh
    participant Log as /var/log/interface_monitor.log

    Timer->>Service: Trigger (OnBootSec=30s, OnUnitActiveSec=30s)
    Service->>Script: ExecStart (oneshot)
    Script->>Script: Acquire lock file
    Note right of Script: Iterate INTERFACES array\nCheck each with `ip link`
    alt Interface DOWN
        Script->>Script: Attempt ip link set dev <if> up
        Script->>Log: Log action/result with timestamp
    else Interface UP
        Script->>Log: Log already UP
    end
    Script->>Log: Emit summary (# brought up)
    Script->>Script: Release lock, handle signals
    Script-->>Service: Exit (oneshot)

Loading

sequenceDiagram
    participant Parser as get_port_status_from_results
    participant Output as ip link output (raw)
    participant Logic as Parsing logic
    participant Result as Returned status

    Parser->>Output: Receive raw command output
    Parser->>Logic: Check NOT_FOUND indicators (various strings, empty)
    alt NOT_FOUND detected
        Logic->>Result: Return False
    else Output present
        Logic->>Logic: Extract state lines and flags (e.g., <NO-CARRIER>, <LOWER_UP>)
        alt State == UP and NO-CARRIER present
            Logic->>Result: Return False
        else State == UP and no NO-CARRIER
            Logic->>Result: Return True
        else State == DOWN
            Logic->>Result: Return False
        else No explicit state
            Logic->>Logic: Secondary pass on flags (NO-CARRIER → False, LOWER_UP → True)
            alt Determined
                Logic->>Result: Return True/False
            else
                Logic->>Result: Return None
            end
        end
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

• Files needing careful review:
  • backend/control_center/utils/ansible_formtter.py — multi-branch parsing logic, NOT_FOUND heuristics, flag precedence (NO-CARRIER vs LOWER_UP)
  • backend/control_center/ansible/roles/ovs-port-setup/tasks/setup_interface_monitoring.yml — shell script lock/signal handling, interface bring-up behavior, unit timer semantics, permissions and security
  • backend/control_center/ansible/roles/ovs-cleanup-port-setup/tasks/cleanup_port_setup.yml — ensure correct disable/stop ordering and daemon-reload placement; verify ignore_errors usage doesn't mask issues
  • backend/control_center/general/views.py — validate new logging doesn't expose sensitive data and that playbook/extra_vars logging is appropriate

Possibly related PRs

• (fix) Reducing Logs to help with RAM #40 — Related changes to logging/parsing in general/views.py and utils/ansible_formtter.py; likely overlaps in port-sync diagnostics.
• refactor: enhance logging configuration across multiple modules #42 — Related to Ansible monitoring/role adjustments and monitoring setup configuration.

Poem

🐇 I hop through systemd at dawn’s first gleam,

I wake each port from its sleepy dream,
With logs and timers I softly tread,
Bringing links alive where once they fled—
A tidy cleanup and a debugged stream.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately describes the main changes: implementing interface monitoring setup and cleanup across Ansible tasks and related supporting changes.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (7)

ui/ui/src/components/devices/AddBridgeDialog.tsx (1)

167-173: Clean up commented-out debug log

The commented console.log is no longer used; consider removing it (or switching to a structured logging mechanism) to avoid accumulating dead debug code in the component.

backend/control_center/.env.example (1)

49-53: DOCKER_IMAGE default looks good; add trailing newline for linter

Setting DOCKER_IMAGE=taurinetech/sdn-launch-control-backend:latest aligns the example with the published image; that part looks fine.
To satisfy dotenv-linter’s EndingBlankLine warning, add a blank newline at the end of the file.

backend/control_center/ansible/roles/ovs-cleanup-port-setup/tasks/cleanup_port_setup.yml (1)

19-69: Cleanup flow is consistent; consider optional hardening

The interface-monitor cleanup sequence (stop/disable timer → remove unit files/logrotate → remove directory and logs → daemon_reload) is coherent and mirrors the setup role nicely. Two optional tweaks you might consider:

• Also stop the interface-monitor.service explicitly, in case a run is in progress during cleanup.
• Narrow ignore_errors if you ever want to surface genuine failures (e.g., permission issues) rather than swallowing all errors.

These are not blockers given this is best-effort cleanup logic.

backend/control_center/utils/ansible_formtter.py (1)

230-347: Port-status parsing is much more robust; address small lint and clarify semantics

The expanded logging and flag/state parsing in get_port_status_from_results looks solid and should make diagnosing weird ip link outputs much easier. A few small follow-ups:

1. Ruff F541 (f-string without placeholders)
   At line 313 you have an f-string with no interpolation:

   logger.debug(f"[PORT_STATUS] No explicit state found in output, checking flags in angle brackets")

   This can just be a plain string:

   - logger.debug(f"[PORT_STATUS] No explicit state found in output, checking flags in angle brackets")
   + logger.debug("[PORT_STATUS] No explicit state found in output, checking flags in angle brackets")

2. Non-existent ports now return False instead of None
   For the not_found_conditions branch you now return False, meaning “down”. That’s reasonable, but it is a behavior change from “unknown” (None). It’d be good to confirm all call sites (e.g., PortViewSet.sync) indeed want missing interfaces to be treated as down, and perhaps mention this explicitly in the docstring (e.g., “False if down or interface not found”).

3. Assumption about ip link output scope (optional)
   The parsing walks all output_lines without checking that a line belongs to port_name. This is fine as long as the underlying Ansible task runs ip link show dev {{ port_name }} (or similar) so only one interface is present. If that task is ever broadened to show multiple interfaces, you’ll want to filter lines by the interface name before interpreting state/flags.

backend/control_center/general/views.py (1)

691-763: Port.sync logging is much clearer; dedupe one error log line

The additional [PORT_SYNC] debug logs around playbook execution, parsed results, and DB updates significantly improve traceability of port sync behavior.

One small cleanup: on failure you log the same error twice—

logger.error(f"[PORT_SYNC] Failed to sync port {port.name}: {error_msg}")
logger.error(f"Failed to sync port {port.name}: {error_msg}")

You can safely drop the second line (or change its level if you want both a structured and a human-friendly variant) to avoid duplicate error entries. Optionally, you might also standardize on the [PORT_SYNC] prefix for all related log messages.

backend/control_center/ansible/roles/ovs-port-setup/tasks/setup_interface_monitoring.yml (2)

71-82: Add validation for PID read from lock file.

Line 73 reads the PID without validating its format. If the lock file contains invalid data, line 74 (kill -0 "$pid") may behave unexpectedly. Add a quick sanity check.

       # Function to check if script is already running
       check_lock() {
           if [ -f "$LOCK_FILE" ]; then
-              local pid=$(cat "$LOCK_FILE")
+              local pid=$(cat "$LOCK_FILE" 2>/dev/null)
+              [[ $pid =~ ^[0-9]+$ ]] || { log_message "ERROR: Invalid PID in lock file"; return 1; }
               if kill -0 "$pid" 2>/dev/null; then
                   log_message "WARNING: Monitor script already running (PID: $pid)"
                   exit 1
               else
                   # Lock file exists but process is dead, remove it
                   rm -f "$LOCK_FILE"
               fi
           fi
       }

---

36-44: Minor: Consider more robust interface status parsing.

Line 39 uses grep -q "state UP" to detect active interfaces. While this works for typical interface names, it could theoretically match interface names containing that string. For better reliability, consider using word boundaries or awk-based parsing.

       # Function to check if interface is up
       is_interface_up() {
           local interface="$1"
           # Check if interface exists and is UP
-          if ip link show "$interface" 2>/dev/null | grep -q "state UP"; then
+          if ip link show "$interface" 2>/dev/null | grep -qE '^\s+state UP'; then
               return 0  # Interface is up
           else
               return 1  # Interface is down
           fi
       }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1efa2c5 and 282502d.

📒 Files selected for processing (7)

• backend/control_center/.env.example (1 hunks)
• backend/control_center/ansible/roles/ovs-cleanup-port-setup/tasks/cleanup_port_setup.yml (1 hunks)
• backend/control_center/ansible/roles/ovs-port-setup/tasks/main.yml (1 hunks)
• backend/control_center/ansible/roles/ovs-port-setup/tasks/setup_interface_monitoring.yml (1 hunks)
• backend/control_center/general/views.py (3 hunks)
• backend/control_center/utils/ansible_formtter.py (2 hunks)
• ui/ui/src/components/devices/AddBridgeDialog.tsx (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

backend/control_center/general/views.py (2)

backend/control_center/utils/ansible_formtter.py (2)

• get_single_port_speed_from_results (187-215)
• get_port_status_from_results (218-348)

backend/control_center/general/serializers.py (1)

• save (55-72)

🪛 dotenv-linter (4.0.0)

backend/control_center/.env.example

[warning] 53-53: [EndingBlankLine] No blank line at the end of the file

(EndingBlankLine)

🪛 Ruff (0.14.4)

backend/control_center/utils/ansible_formtter.py

313-313: f-string without any placeholders

Remove extraneous f prefix

(F541)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Docker Build Validation

🔇 Additional comments (7)

backend/control_center/ansible/roles/ovs-port-setup/tasks/main.yml (1)

8-12: Clean task integration.

The new "Setup interface monitoring" task follows established patterns and integrates logically after port setup. The import structure is correct.

backend/control_center/ansible/roles/ovs-port-setup/tasks/setup_interface_monitoring.yml (6)

2-6: LGTM: Directory creation is straightforward.

Mode 0755 is appropriate for the monitor directory.

---

8-14: LGTM: Log file creation with correct permissions.

File is set to 0644 with root ownership, appropriate for a log file that will be rotated by logrotate.

---

134-152: LGTM: Systemd service configuration is sound.

Type=oneshot is correct for a script that runs once per invocation. Running as root is necessary for ip link commands. Journald logging is appropriate and integrates well with system monitoring.

---

154-169: LGTM: Systemd timer is well-configured.

The 30-second boot delay and 30-second repeat interval are reasonable for interface monitoring. The Persistent=true setting ensures missed timer runs are executed on system resume, which is valuable for embedded/laptop scenarios. The Requires dependency correctly links to the service.

---

171-185: LGTM: Logrotate configuration is well-balanced.

The daily rotation with 7-day retention, compression, and 3MB size limit provides reasonable log management for a periodic monitoring script. The delaycompress and notifempty settings follow best practices.

---

187-195: LGTM: Systemd daemon reload and timer activation are correctly sequenced.

The daemon_reload is properly placed before enabling/starting the timer. The timer will persist across reboots and start automatically on boot with the 30-second delay.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify the interfaces Jinja variable is available in playbook context.

Line 26 uses {{ interfaces | map('quote') | join(' ') }} to populate the INTERFACES bash array. This variable must be provided by the calling playbook or role defaults. If not defined, the array will be malformed.

Confirm that:

1. The interfaces variable is passed to this task (e.g., as a role variable or task var)
2. The variable is properly documented in role defaults or README
3. The map('quote') filter correctly escapes interface names with special characters

To verify this, check if the interfaces variable is defined by searching the playbook context:

---

🏁 Script executed:

#!/bin/bash
# Search for where `interfaces` variable is defined or passed in Ansible files

# Look for variable definitions in defaults, vars, or task invocations
find backend/control_center/ansible -name "*.yml" -o -name "*.yaml" | xargs rg -n "interfaces:" -A 2 -B 2

Length of output: 0

---

🏁 Script executed:

#!/bin/bash

# 1. Verify the monitoring task file exists
echo "=== Checking if monitoring task file exists ==="
ls -la backend/control_center/ansible/roles/ovs-port-setup/tasks/setup_interface_monitoring.yml 2>&1

# 2. Search for "interfaces" more broadly (without colon requirement)
echo -e "\n=== Searching for 'interfaces' pattern in Ansible files ==="
find backend/control_center/ansible -type f \( -name "*.yml" -o -name "*.yaml" \) -exec rg -l "interfaces" {} \;

# 3. Check role structure for defaults and vars
echo -e "\n=== Role defaults/main.yml content ==="
if [ -f "backend/control_center/ansible/roles/ovs-port-setup/defaults/main.yml" ]; then
  cat backend/control_center/ansible/roles/ovs-port-setup/defaults/main.yml
else
  echo "File not found"
fi

echo -e "\n=== Role vars/main.yml content ==="
if [ -f "backend/control_center/ansible/roles/ovs-port-setup/vars/main.yml" ]; then
  cat backend/control_center/ansible/roles/ovs-port-setup/vars/main.yml
else
  echo "File not found"
fi

# 4. Search for playbooks that might call this role
echo -e "\n=== Searching for playbook files that call ovs-port-setup role ==="
find backend/control_center/ansible -type f -name "*.yml" -o -name "*.yaml" | xargs rg -l "ovs-port-setup" | head -10

Length of output: 1173

---

🏁 Script executed:

#!/bin/bash

# 1. Read the main playbook to understand how the role is invoked
echo "=== Main playbook: ovs-port-setup.yml ==="
cat backend/control_center/ansible/playbooks/ovs-port-setup.yml

# 2. Check role's tasks/main.yml if it exists
echo -e "\n=== Role tasks/main.yml ==="
if [ -f "backend/control_center/ansible/roles/ovs-port-setup/tasks/main.yml" ]; then
  cat backend/control_center/ansible/roles/ovs-port-setup/tasks/main.yml
else
  echo "File not found"
fi

# 3. Check add_ports.yml to see how it references interfaces
echo -e "\n=== Role add_ports.yml (first 50 lines) ==="
head -50 backend/control_center/ansible/roles/ovs-port-setup/tasks/add_ports.yml

# 4. Check the full setup_interface_monitoring.yml to see context of interfaces usage
echo -e "\n=== Full setup_interface_monitoring.yml ==="
cat backend/control_center/ansible/roles/ovs-port-setup/tasks/setup_interface_monitoring.yml

Length of output: 6571

---

🏁 Script executed:

#!/bin/bash

# Check for group_vars and host_vars directories
echo "=== Searching for group_vars and host_vars ==="
find backend/control_center/ansible -type d -name "group_vars" -o -type d -name "host_vars"

echo -e "\n=== Content of group_vars directories ==="
find backend/control_center/ansible -path "*group_vars*" -type f | head -20

echo -e "\n=== Content of host_vars directories ==="
find backend/control_center/ansible -path "*host_vars*" -type f | head -20

echo -e "\n=== Searching for interfaces variable definition in all yml/yaml files ==="
rg -n "^\s*interfaces\s*:" backend/control_center/ansible --type yaml -C 3 | head -100

echo -e "\n=== Check inventory files ==="
find backend/control_center/ansible -name "inventory*" -o -name "hosts*" | head -10

Length of output: 238

---

The interfaces variable is undefined throughout the codebase and must be defined before this role executes.

Verification found that {{ interfaces }} is used in both setup_interface_monitoring.yml (lines 24, 26) and add_ports.yml, but the variable is never defined in:

• The playbook (ovs-port-setup.yml)
• Role defaults or vars files (do not exist)
• Group vars or host vars (do not exist)
• Any other YAML configuration file

Without this variable, the Jinja template will produce an empty or malformed INTERFACES array, and the monitoring script will be non-functional. The with_items: {{ interfaces }} in add_ports.yml will also fail.

Required action: Define interfaces as a list variable (either in playbook vars, role defaults/main.yml, or pass via command line with -e interfaces=[...]).

🤖 Prompt for AI Agents

In
backend/control_center/ansible/roles/ovs-port-setup/tasks/setup_interface_monitoring.yml
around lines 16 to 26, the Jinja variable {{ interfaces }} is undefined and must
be declared as a list before this role runs; add a list variable named
interfaces (e.g., interfaces: ['ethX', 'ethY']) either in the role's
defaults/main.yml, in the playbook vars of ovs-port-setup.yml, or pass via -e on
the command line so both setup_interface_monitoring.yml and add_ports.yml can
iterate it; ensure it is a YAML list (not a string), contains the correct
interface names, and is available to the role scope.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 282502d and b972962.

📒 Files selected for processing (2)

• backend/control_center/.env.example (1 hunks)
• backend/control_center/docker-compose.yml (1 hunks)

🧰 Additional context used

🪛 dotenv-linter (4.0.0)

backend/control_center/.env.example

[warning] 53-53: [EndingBlankLine] No blank line at the end of the file

(EndingBlankLine)

🔇 Additional comments (2)

backend/control_center/docker-compose.yml (1)

77-90: Service image tag inconsistency: celery_beat pinned to 1.0.0-beta while sibling services default to latest.

Line 80 updates the celery_beat service to use sdn-launch-control-backend:1.0.0-beta as the fallback, while the django service (line 33) and celery service (line 65) retain latest as their fallbacks. This creates an inconsistency where celery_beat and other services may run different image versions when DOCKER_IMAGE is not explicitly set in .env.

Verify this is intentional. If all services should use the same version, consider updating line 65 (celery service) and line 33 (django service) to also reference 1.0.0-beta, or update line 80 back to latest to maintain consistency.

backend/control_center/.env.example (1)

49-53: Verify pre-release Docker image exists and confirm intent to default to beta version.

Line 53 sets an active, concrete DOCKER_IMAGE value pointing to taurinetech/sdn-launch-control-backend:1.0.0-beta. This represents a shift from the earlier example (lines 44-47) that showed a placeholder. Two concerns:

1. Image availability: Confirm that the taurinetech/sdn-launch-control-backend:1.0.0-beta image exists and is publicly accessible on Docker Hub. If this is a pre-release or internal build, new deployments using .env.example will fail unless the image is available.

2. Default version policy: Using a pre-release (beta) version as the default in .env.example may not be appropriate for production deployments or new users. Consider whether the stable release version should be the default, with beta as an opt-in option via comments or documentation.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Add blank line at end of file.

Missing blank line at end of file. POSIX convention and most linters expect files to end with a newline character.

Apply this diff:

-DOCKER_IMAGE=taurinetech/sdn-launch-control-backend:1.0.0-beta
+DOCKER_IMAGE=taurinetech/sdn-launch-control-backend:1.0.0-beta
+

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	DOCKER_IMAGE=taurinetech/sdn-launch-control-backend:1.0.0-beta
	DOCKER_IMAGE=taurinetech/sdn-launch-control-backend:1.0.0-beta

🧰 Tools

🪛 dotenv-linter (4.0.0)

[warning] 53-53: [EndingBlankLine] No blank line at the end of the file

(EndingBlankLine)

🤖 Prompt for AI Agents

In backend/control_center/.env.example around line 53, the file is missing a
trailing newline (POSIX convention and linters expect a newline at EOF); fix by
adding a single blank line/newline character at the end of the file so the file
ends with a newline.