Hello, I have Rocky 9.1 and am having major issues w NM
I am storing all configs in flat files in /etc/NetworkManager/system-connections/iface name.conf
- on reboot, my network is breaking, for example my em1 iface
If i go to nmtui, it regenerates the UUID constantly and creates a new config file, ie, em1-NEW-UUID.conf
is there any way to pin config files to physical MAC address instead of UUID?
- I created a new bonded connection using nmtui,
on reboot, this connection doesnt even show up with nmcli c show
restarting NM and reloading connections doesnt help.
compared to network-scripts, NM is a nightmare to manage.
additionally, I am unable to install the legacy scripts, are they completely gone for this Rocky version?
dnf install network-scripts
Last metadata expiration check: 1:57:21 ago on Wed May 3 22:07:31 2023.
No match for argument: network-scripts
Error: Unable to find a match: network-scripts
network-scripts is long gone in Rocky Linux 9.
You may want the configuration named
.conf is not what is used for network manager connections.
If this does not work, I highly recommend starting from scratch with
nmcli con del em1 and
nmcli con del bond0, ensure that all references of them are gone from
/etc/NetworkManager/system-connections, and create a new connections with
nmcli con add or
From there you can use
nmcli con mod or
nmtui to configure the rest of your settings. You can also manage them manually if you prefer. See
nmcli con show <interface> and it’ll show you all possible options with what they are set to (whether by default or by you).
man nmcli-examples has some semi-useful details.
Yes. Note: NetworkManager does not talk about files. It has devices and connections.
(One can define multiple connections for same device – just not use them simultaneously.)
The installer defines (Ethernet) connections that are bound to devices by MAC.
ifname and not the MAC, but that can be changed:
nmcli con mod my-con connection.interface-name "" 802-3-ethernet.mac-address 11:22.33:44:55:66
After that the
my-con is for device that has MAC 11:22.33:44:55:66 no matter what the name of the device is.
is there way to put this into static cfg file? I want a persistence on reboot and we control all iface+network settings via Salt cfg management
I added this to the iface.nmconnection file,
not sure if thats the same functionality as what you posted
is there any way to limit # of connection profiles per device to 1?
I dont understand why theres an option to create multip Connections per Device? whats the point?
if I have a physical NIC connected (device), I want a simple 1:1 configuration for this NIC, ie
NM keeps creating new connection profiles with new UUIDs every time I go into nmtui and edit a connection.
My guess is NM is designed for all kinds of machines, not just rack servers, ie laptops with wifi networks, so each time you connect to new wifi channel, thats a new Connectioin profile running on the wireless NIC, is this correct?
but these are rack servers, the requirements are totally different from other machines like laptops + iOT devices, just need a simple network config tool that is persistent on reboots
Have you tried the suggestion of making sure the files in /etc/NetworkManager/system-connections are
.nmconnection and not
On server you probably do want package
NetworkManager-config-server, like its description says.
I have not had nmtui create additional connections. Then again, I do use nmcli most of the time.
The nmcli does write changes to files, so the settings you make with it ougth to be “persistent”.
(FirewallD, which you probably don’t want in server either, does have separate “runtime” and “permanent” commands. The
nftables.service is more the “drop in correct files” solution.)
Red Hat’s alternative supports Ansible and there is
rhel-system-roles.network for iface+network settings. It can’t do all the tricks yet, but Ansible collections do have a
nmcli role that covers some more cases.
That cfg management is able to use NetworkManager as a backend, so the user does not care about “nmconnection files”. Is Salt limited to “files directly” approach?
yes, all the config files have .nmconnection extension
-rw------- 1 root root 5.5K May 4 10:45 con-bond0.nmconnection
-rw------- 1 root root 507 May 4 10:45 con-em1.nmconnection
-rw------- 1 root root 520 May 4 10:45 con-p1p1.nmconnection
-rw------- 1 root root 480 May 4 10:45 con-p1p2.nmconnection
-rw------- 1 root root 520 May 4 10:45 con-p2p1.nmconnection
-rw------- 1 root root 480 May 4 12:23 con-p2p2.nmconnection
I also pinned each iface conn with a MAC address,
yes, salt doesnt have full support for NM yet, Im managing iface configs + routes in Salt via jinja templates which translate to flat config files on the target
FirewallD, which you probably don’t want in server either, does have separate “runtime” and “permanent” commands. The
nftables.service is more the “drop in correct files” solution.
Sorry if this is not related to the thread, but could you clarify more on this point? As far as I know, nftables is the backend of firewalld. Is it recommended to disable firewalld and just use nftables directly? I find it much more flexible to use it that way.
The kernel in el8 anh el9 has nf_tables, so yes the
firewald.service does use nftables backend.
Red Hat writes in Configuring firewalls and packet filters Red Hat Enterprise Linux 9 | Red Hat Customer Portal
firewalld: Use the
firewalld utility for simple firewall use cases. The utility is easy to use and covers the typical use cases for these scenarios.
nftables: Use the
nftables utility to set up complex and performance-critical firewalls, such as for a whole network.
That wording has changed over time. It used to hint more that FirewallD is not for “real work”.
Before 8.7/9.1 the FirewallD in EL did not support routers properly.
You can configure FirewallD by dropping files under `/etc/firewalld/ but on server
you typically have rather static ruleset (no changes due to interfaces going up or down)
and – for those, who know what they do™ – well-crafted ruleset is probably “lean and mean”.