Sunday, August 3, 2014

Introduction to Oracle Linux 7 Network

Oracle Linux 7, like RHEL7 and CentOS7, comes with some drastic changes in the network management stack. The former network service is gone and NetworkManager replaces it for real. Commands, we've been using for years like ifconfig, route or netstat are deprecated... The main benefit from those changes is that the network management is now unified. Besides, nmcli and firewall-cmd enable to modify and persist most configurations directly from the command line. This ease automation and changes...

We'll have to learn a lot! We'll need to forget a lot too... and that is probably more difficult considering most of us will have to maintain release 7 with other releases for a while. This blog post helps starting with Oracle Linux 7 network. It also helps moving back and forth between Oracle Linux releases...

Making the change...

Oracle Linux 7 continues to provide the deprecated management tools: ifconfig, netstat or route as part of the net-tools package. It could help for some of the scripts you may inherit from legacy software. However, unless absolutely necessary you might not want to install that package. You would, by far, prefer to learn the new tools and adapt:
# yum info net-tools
Available Packages
Name        : net-tools
Arch        : x86_64
Version     : 2.0
Release     : 0.17.20131004git.el7
Size        : 303 k
Repo        : ol7_latest
Summary     : Basic networking tools
URL         : http://sourceforge.net/projects/net-tools/
License     : GPLv2+
Description : The net-tools package contains basic networking tools,
            : including ifconfig, netstat, route, and others.
            : Most of them are obsolete. For replacement check iproute package.
Another important change is the use of predictable network interface names for network devices instead of the generic eth0, eth1... ethN default naming convention used before. Here again you can switch back [1] to the previous settings by creating an empty file named 80-net-name-slot.rules in /etc/udev/rules.d and rebooting:
ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
reboot
However, there are good reasons for that change as you can read from Predictable Network Interface Names [2]. You won't want to switch back either!

Getting help from the assistants

If you are in a hurry and still want things to get done properly, you may want to get a little help from the Network Manager assistants:

  • the nmtui command, from the NetworkManager-tui RPM, is the Network Manager text interface. It provides a simple way to perform the setup without paying attention to detailed configuration files.
  • the nm-connection-editor command, from the nm-connection-editor RPM, is the Network Manager graphical interface. You can get it directly from the Gnome desktop or from the Control Panel. If you have an X server configured, type nm-connection-editor to get access to it.

Learning...

To make it short, you'll find below the commands you'll use (iproute) to replace Oracle Linux 5 and 6 commands (net-tools). For a very nice and complete cheat sheet, check out Deprecated Linux networking commands and their replacements [3]:
net-tools
iproute
arpip neighbor/neighbour
ifconfigip link or ip addr
netstatss, ip route or ip maddr
routeip route
nameifip link

And even more important, read Red Hat Enterprise Linux 7 - Networking Guide [4] and the man pages for: ip(8) ip-address(8), ip-addrlabel(8), ip-l2tp(8), ip-link(8), ip-maddress(8), ip-monitor(8), ip-mroute(8), ip-neighbour(8), ip-netns(8), ip-ntable(8), ip-route(8), ip-rule(8), ip-tcp_metrics(8), ip-tunnel(8), ip-xfrm(8), ss(8), ifcfg(8), ifup(8), ifdown(8) and ifenslave(8).

Using nmcli

What is very cool about NetworkManager is the addition of nmcli. It allows to perform changes without editing any of the /etc/sysconfig/network-scripts files directly. It helps avoiding errors and speeds up settings.

Setting a hostname

The script below changes the server hostname for green:
nmcli general hostname green.resetlogs.com
hostname
green.resetlogs.com

Adding an address to a network interface

Assuming you've added a network card to your server that shows up as the enp0s3 device, adding a static (manual) connection with an IP address, looks like the script below:
nmcli device status
DEVICE  TYPE      STATE        CONNECTION 
enp0s3  ethernet  disconnected --
lo      loopback  unmanaged    --

nmcli connection add type 802-3-ethernet \
                      ifname enp0s3      \
                      con-name enp0s3    \
                      autoconnect yes

nmcli connection modify enp0s3 \
      ipv4.method manual       \
      ipv4.addresses "192.168.56.5/24 192.168.56.1" \
      ipv4.never-default yes

nmcli connection up enp0s3

ip addr s enp0s3
2: enp0s3:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:55:c6:07 brd ff:ff:ff:ff:ff:ff
    inet 192.168.56.5/24 brd 192.168.56.255 scope global enp0s3
    inet6 fe80::a00:27ff:fe55:c607/64 scope link 
       valid_lft forever preferred_lft forever

nmcli device status
DEVICE  TYPE      STATE     CONNECTION 
enp0s3  ethernet  connected enp0s3
lo      loopback  unmanaged --
Note:
The ipv4.never-default property set to yes is equivalent to setting DEFROUTE to no in ifcfg-enp0s3; it prevents the gateway from being used as the default in the routing table.

Adding and removing IP addresses

Another common use of nmcli consists in adding and removing IP addresses from an interface in order to manage virtual IPs; VIP are those connections we used to name ethX:M like eth0:0 or eth0:1. The "+" sign in front of the property means the new value should be appended to the previous values; the "-" sign is used to remove only the part that is defined:
nmcli connection modify enp0s3 \
      +ipv4.addresses "192.168.56.11/24 192.168.56.1"

nmcli connection up enp0s3

ip addr s enp0s3
2: enp0s3:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:55:c6:07 brd ff:ff:ff:ff:ff:ff
    inet 192.168.56.5/24 brd 192.168.56.255 scope global enp0s3
    inet 192.168.56.11/24 brd 192.168.56.255 scope global secondary enp0s3
    inet6 fe80::a00:27ff:fe55:c607/64 scope link 
       valid_lft forever preferred_lft forever

nmcli connection modify enp0s3 \
      -ipv4.addresses "192.168.56.11/24 192.168.56.1"

nmcli connection up enp0s3

ip addr s enp0s3
2: enp0s3:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:55:c6:07 brd ff:ff:ff:ff:ff:ff
    inet 192.168.56.5/24 brd 192.168.56.255 scope global enp0s3
    inet6 fe80::a00:27ff:fe55:c607/64 scope link 
       valid_lft forever preferred_lft forever

Adding a DNS

nmcli can also be used to define a DNS address:
nmcli connection modify enp0s3 \
      ipv4.dns 192.168.1.1

Changing other properties

nmcli should be used in many more situations, including setting up bond or team, bridges, Infiniband, Wifi or Vlan. For more informations about nmcli, refer to the man pages for nmcli(1), nmcli-examples(5) and nm-settings(5).

Learning more...

This concludes this short introduction to Oracle Linux 7 network changes. There is way more to learn, including the use of the new firewalld service. There might also be a lot to learn that already used to exist with Oracle Linux 6 and might be useful with container and cloud technologies. Some I can think of are traffic control (tc), network namespaces (ip netns), udev, dig and the many configuration files. They all are great opportunities for more posts...

Bibliography:
To know more about this post, read those articles:
[1] Red Hat Enterprise Linux 7 - Disabling consistent network device naming
[2] Predictable Network Interface Names, by Freedesktop.org
[3] Deprecated Linux networking commands and their replacements, by Doug Vitale
[4] Red Hat Enterprise Linux 7 - Networking Guide

1 comment: