In ages past, when you wanted to configure a network interface eth0 with MAC CC:00:FF:EE:12:34 with static IP 128.227.3.20 and using uranus (128.227.3.1) as the gateway in Red Hat Linux or its derivatives, you could have something like this
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << 'EOF' DEVICE="eth0" BOOTPROTO="static" HWADDR="CC:00:FF:EE:12:34" NM_CONTROLLED="no" ONBOOT="yes" TYPE="Ethernet" DHCP_HOSTNAME=vmhost IPADDR=128.227.3.20 NETMASK=255.255.255.0 GATEWAY=128.227.3.1 EOF
in your notes and cut-n-paste it as needed. The same would work for a vlan trunk (think 802.1q), where the interface using 128.227.3.20 is now associated to tagged vlan 3; all we needed is 3 files.
- Define the base interface (we could have used uuid instead of MAC address)
cat /etc/sysconfig/network-scripts/ifcfg-eno1 << 'EOF' TYPE=Ethernet NAME="eno1" DEVICE="eno1" HWADDR="CC:00:FF:EE:12:34" BOOTPROTO="none" ONBOOT=yes
- Define the tagged vlan 3, and which bridge it is associated with
cat /etc/sysconfig/network-scripts/ifcfg-eno1.3 << 'EOF' DEVICE="eno1.3" BOOTPROTO="none" NM_CONTROLLED="no" ONBOOT="yes" VLAN=yes BRIDGE=dmzbr EOF
- Define the bridge with static IP
cat /etc/sysconfig/network-scripts/ifcfg-dmzbr << 'EOF' DEVICE=dmzbr TYPE=Bridge BOOTPROTO="static" NM_CONTROLLED="no" ONBOOT="yes" TYPE="Ethernet" DHCP_HOSTNAME=vmhost IPADDR=128.227.3.20 NETMASK=255.255.255.0 GATEWAY=128.227.3.1 EOF
- Define the tagged vlan 3, and which bridge it is associated with
We could get away with two but the 3rd one is there because I like to use bridges. The awake reader will have noticed I switched from eth0 to eno1; I will leave that to the reader but the point here is the above applies to whatever networking naming convention you have to deal with.
As some (those who do not fall asleep reading these posts) know, I like automation and one of my tools of choice is ansible. Creating the above files for a given host from network declarations in its host_vars/host is very convenient using ansible.
But, there is Network Manager. Until recently -- CentOS 8, Rocky 8, Alma 8 -- you could still tell Network Manager to leave these interfaces alone (the NM_CONTROLLED entry), but now I am building a rocky 9 host, I am being forced to use nmcli instead. And what would it take to nmcli all of that? Let's find out (I think I missed a step here, so don't trust this):
nmcli con add ifname dmzbr type bridge con-name dmzbr nmcli con modify dmzbr ipv6.method disabled nmcli connection modify dmzbr ipv4.address 192.168.3.20/24 nmcli connection modify dmzbr ipv4.gateway 192.168.3.1 nmcli connection modify dmzbr ipv4.dns 192.168.3.1 nmcli connection add type vlan con-name eno1.3 ifname eno1.3 dev eno1 id 3 nmcli connection modify eno1.3 master dmzbr slave-type bridge nmcli connection up eno1.3 nmcli connection up dmzbr
And this should end up with something like this
[root@testbox ~]# nmcli con show NAME UUID TYPE DEVICE DMZ 6a97eddf-ac72-45d9-ba29-d12c7d59b511 vlan eno1.3 dmzBridge ccffabb8-0c8a-47d8-a2d6-15cab0e9b53b bridge dmzbr eno1 9b1b155f-8197-3a7a-a9cc-79cab8b92da1 ethernet eno1 lo 2dd22561-0fd3-436a-9da0-a53c61d63848 loopback lo [root@testbox ~]#
Before you get excited, that UUID is not set in stone. If you are going to do this in Ansible, take a look at the official docs on the nmcli_module. Short version is you are doing all those nmcli commands I did before, which I know I need to check since I know I missed something (I changed the bridge name later). And that is the proper official way to do the deed.
And then there is you
Yep, there is me. I know I will make a mistake. So, let's take a look on this network manager thing. No matter what, the configuration of all of these network interfaces have to go somewhere? If I am unlucky, some kind of binary-only database like Microsoft. If I am lucky, a text file. Well, it turned out my luck still holds: the files are hidden in /etc/NetworkManager/system-connections/:
[root@testbox ~]# ls /etc/NetworkManager/system-connections/ dmzbr.nmconnection eno1.nmconnection DMZ.nmconnection [root@testbox ~]#
Let's take a look at eno1:
[root@testbox ~]# cat /etc/NetworkManager/system-connections/eno1.nmconnection [connection] id=eno1 uuid=9b1b155f-8197-3a7a-a9cc-79cab8b92da1 type=ethernet interface-name=eno1 timestamp=1711852227 [ethernet] [ipv4] method=disabled [ipv6] addr-gen-mode=eui64 method=disabled [proxy] [root@testbox ~]#
admit it, it may have a different, more grandiose format than /etc/sysconfig/network-scripts/ifcfg-eno1 but it describes the same thing. What would it take to make my own files? Long story short. not much:
[root@testbox ~]# more /etc/NetworkManager/system-connections/dmzbr.nmconnection /etc/NetworkManager/system-connections/DMZ.nmconnection :::::::::::::: /etc/NetworkManager/system-connections/dmzbr.nmconnection :::::::::::::: [connection] id=dmzBridge type=bridge interface-name=dmzbr [ethernet] [bridge] [ipv4] method=disabled [ipv6] addr-gen-mode=default method=disabled [proxy] :::::::::::::: /etc/NetworkManager/system-connections/DMZ.nmconnection :::::::::::::: [connection] id=DMZ type=vlan interface-name=eno1.3 master=dmzbr slave-type=bridge [ethernet] [vlan] flags=1 id=3 parent=eno1 [bridge-port] [root@testbox ~]#
Note I did not even bother to declare the timestamp or uuid; the later can be created on the fly as the interface comes online. What does that mean? I can keep a copy of these files in a safe place, In fact, I have the following file (that is the filename, I swear)
[root@testbox ~]# cat NICs/eno1-oh_shit.nmconnection [connection] id=eno1 uuid=9b1b155f-8197-3a7a-a9cc-79cab8b92da1 type=ethernet autoconnect-priority=-999 interface-name=eno1 [ethernet] [ipv4] method=auto [ipv6] addr-gen-mode=eui64 method=auto [proxy] [root@testbox ~]#
The idea of this file is if I screw the network up and need to get it back quickly, I copy that to /etc/NetworkManager/system-connections/eno1.nmconnection, make sure it is connected to an untagged vlan switchport, and then restart network manager. That will then get a dhcp IP address and off it goes.
What about Ansible?
The same way I created /etc/sysconfig/network-scripts/ifcfg-eno1.3 I can create these files; the template looks a bit different but everything else is similar. Heretic? Surely, but that is how I roll.
