Hello, I have Rocky 9.1 and am having major issues w NM
I am storing all configs in flat files in /etc/NetworkManager/system-connections/iface name.conf
- on reboot, my network is breaking, for example my em1 iface
[connection]
id=em1
uuid=4d48c8f4-66b2-4a70-ab6a-f82a16ccb7b4
type=ethernet
interface-name=em1
timestamp=1683175095
[ethernet]
[ipv4]
address1=192.168.38.84/28,192.168.38.81
may-fail=false
method=manual
[ipv6]
addr-gen-mode=default
method=ignore
[proxy]
If i go to nmtui, it regenerates the UUID constantly and creates a new config file, ie, em1-NEW-UUID.conf
is there any way to pin config files to physical MAC address instead of UUID?
- I created a new bonded connection using nmtui,
[connection]
id=bond0
uuid=cc943f81-6f8a-4b9a-995a-003615b9bcfc
type=bond
interface-name=bond0
connection.stable-id=mac
[ethernet]
[bond]
downdelay=0
miimon=100
mode=broadcast
updelay=0
[ipv4]
address1=192.168.38.71/28
may-fail=false
method=manual
never-default=true
route1=xxxxx/24,192.168.38.65,100
[ipv6]
addr-gen-mode=default
method=disabled
[proxy]
on reboot, this connection doesnt even show up with nmcli c show
restarting NM and reloading connections doesnt help.
compared to network-scripts, NM is a nightmare to manage.
additionally, I am unable to install the legacy scripts, are they completely gone for this Rocky version?
dnf install network-scripts
Last metadata expiration check: 1:57:21 ago on Wed May 3 22:07:31 2023.
No match for argument: network-scripts
Error: Unable to find a match: network-scripts
thanks
network-scripts
is long gone in Rocky Linux 9.
You may want the configuration named em1.nmconnection
- .conf
is not what is used for network manager connections.
If this does not work, I highly recommend starting from scratch with nmcli con del em1
and nmcli con del bond0
, ensure that all references of them are gone from /etc/NetworkManager/system-connections
, and create a new connections with nmcli con add
or nmtui
.
From there you can use nmcli con mod
or nmtui
to configure the rest of your settings. You can also manage them manually if you prefer. See nmcli con show <interface>
and it’ll show you all possible options with what they are set to (whether by default or by you).
man nmcli-examples
has some semi-useful details.
Yes. Note: NetworkManager does not talk about files. It has devices and connections.
(One can define multiple connections for same device – just not use them simultaneously.)
The installer defines (Ethernet) connections that are bound to devices by MAC.
The nmcli
requires ifname
and not the MAC, but that can be changed:
nmcli con mod my-con connection.interface-name "" 802-3-ethernet.mac-address 11:22.33:44:55:66
After that the my-con
is for device that has MAC 11:22.33:44:55:66 no matter what the name of the device is.
is there way to put this into static cfg file? I want a persistence on reboot and we control all iface+network settings via Salt cfg management
I added this to the iface.nmconnection file,
[connection]
id=con-p1p1
uuid=66bf6495-ab85-30b4-9834-72906aed9ff9
type=ethernet
autoconnect-priority=-999
interface-name=p1p1
connection.stable-id=mac <<<<
not sure if thats the same functionality as what you posted
is there any way to limit # of connection profiles per device to 1?
I dont understand why theres an option to create multip Connections per Device? whats the point?
if I have a physical NIC connected (device), I want a simple 1:1 configuration for this NIC, ie
MAC: 123456ABC
name: em1
ip: 192.168.1.1
NM keeps creating new connection profiles with new UUIDs every time I go into nmtui and edit a connection.
My guess is NM is designed for all kinds of machines, not just rack servers, ie laptops with wifi networks, so each time you connect to new wifi channel, thats a new Connectioin profile running on the wireless NIC, is this correct?
but these are rack servers, the requirements are totally different from other machines like laptops + iOT devices, just need a simple network config tool that is persistent on reboots
Have you tried the suggestion of making sure the files in /etc/NetworkManager/system-connections are .nmconnection
and not .conf
?
On server you probably do want package NetworkManager-config-server
, like its description says.
I have not had nmtui create additional connections. Then again, I do use nmcli most of the time.
The nmcli does write changes to files, so the settings you make with it ougth to be “persistent”.
(FirewallD, which you probably don’t want in server either, does have separate “runtime” and “permanent” commands. The nftables.service
is more the “drop in correct files” solution.)
Red Hat’s alternative supports Ansible and there is rhel-system-roles.network
for iface+network settings. It can’t do all the tricks yet, but Ansible collections do have a nmcli
role that covers some more cases.
That cfg management is able to use NetworkManager as a backend, so the user does not care about “nmconnection files”. Is Salt limited to “files directly” approach?
yes, all the config files have .nmconnection extension
ll /etc/NetworkManager/system-connections/
total 28K
-rw------- 1 root root 5.5K May 4 10:45 con-bond0.nmconnection
-rw------- 1 root root 507 May 4 10:45 con-em1.nmconnection
-rw------- 1 root root 520 May 4 10:45 con-p1p1.nmconnection
-rw------- 1 root root 480 May 4 10:45 con-p1p2.nmconnection
-rw------- 1 root root 520 May 4 10:45 con-p2p1.nmconnection
-rw------- 1 root root 480 May 4 12:23 con-p2p2.nmconnection
I also pinned each iface conn with a MAC address,
cat /etc/NetworkManager/system-connections/con-em1.nmconnection
[connection]
id=con-em1
uuid=3ea747d7-017f-4576-ab32-e34de3b4d9b4
type=ethernet
interface-name=em1
connection.stable-id=mac
[ethernet]
mac-address=C8:BB:B6:8C:93:36
[ipv4]
address1=192.168.38.84/28,192.168.38.81
may-fail=false
method=manual
[ipv6]
addr-gen-mode=default
method=disabled
[proxy]
yes, salt doesnt have full support for NM yet, Im managing iface configs + routes in Salt via jinja templates which translate to flat config files on the target
FirewallD, which you probably don’t want in server either, does have separate “runtime” and “permanent” commands. The nftables.service
is more the “drop in correct files” solution.
Sorry if this is not related to the thread, but could you clarify more on this point? As far as I know, nftables is the backend of firewalld. Is it recommended to disable firewalld and just use nftables directly? I find it much more flexible to use it that way.
The kernel in el8 anh el9 has nf_tables, so yes the firewald.service
does use nftables backend.
Red Hat writes in Configuring firewalls and packet filters Red Hat Enterprise Linux 9 | Red Hat Customer Portal
-
firewalld
: Use the firewalld
utility for simple firewall use cases. The utility is easy to use and covers the typical use cases for these scenarios.
-
nftables
: Use the nftables
utility to set up complex and performance-critical firewalls, such as for a whole network.
That wording has changed over time. It used to hint more that FirewallD is not for “real work”.
Before 8.7/9.1 the FirewallD in EL did not support routers properly.
You can configure FirewallD by dropping files under `/etc/firewalld/ but on server
you typically have rather static ruleset (no changes due to interfaces going up or down)
and – for those, who know what they do™ – well-crafted ruleset is probably “lean and mean”.