diff --git a/_toc.yml b/_toc.yml index 68778bf3..0161a3ad 100644 --- a/_toc.yml +++ b/_toc.yml @@ -44,8 +44,8 @@ chapters: - file: admin-guide/configuration/mount - file: admin-guide/configuration/distribute_files - file: admin-guide/configuration/vgroot + - file: admin-guide/configuration/networking - file: admin-guide/configuration/xrdp - - file: admin-guide/configuration/custom_nameservers - file: admin-guide/configuration/puppet_agent - file: admin-guide/configuration/central_logging_elastic - file: admin-guide/configuration/metrics_telegraf diff --git a/admin-guide/configuration.md b/admin-guide/configuration.md index c0f9f060..16063e74 100644 --- a/admin-guide/configuration.md +++ b/admin-guide/configuration.md @@ -14,9 +14,9 @@ Here starts a so far small collections of configuration guides for sysadmins of ## Basic Setup - [Mounting Volumes](configuration/mount) - [Distribute Files](configuration/distribute_files) -- [RDP Remote Access with XRDP](configuration/xrdp) - [Resize System Volumes (volume group `vg_root`)](configuration/vgroot) -- [Custom Nameservers](configuration/custom_nameservers) +- [Network Configuration](configuration/networking) +- [RDP Remote Access with XRDP](configuration/xrdp) - [Puppent Agent run frequency](configuration/puppet_agent) - [Custom sudo Rules](configuration/sudo) diff --git a/admin-guide/configuration/custom_nameservers.md b/admin-guide/configuration/custom_nameservers.md deleted file mode 100644 index ab509ad4..00000000 --- a/admin-guide/configuration/custom_nameservers.md +++ /dev/null @@ -1,12 +0,0 @@ -# Custom Nameservers - -The internal nameservers are configured according to the network zone by Puppet. - -If for some reason that is unsuitable, you might set your own in Hiera: - -``` -networking::nameservers_override: - - 192.33.120.5 - - 192.33.121.5 -``` - diff --git a/admin-guide/configuration/networking.md b/admin-guide/configuration/networking.md new file mode 100644 index 00000000..d9b41cff --- /dev/null +++ b/admin-guide/configuration/networking.md @@ -0,0 +1,128 @@ +# Network Configuration + +Our Puppet configuration management supports four types of network configuration: +- **auto**: NetworkManager does automatic configuration while respecting local user managed configuration +- **managed**: NetworkManger is fully managed via Hiera/Puppet +- **unmanaged**: network configuration (incl. DNS) is not touched by Puppet +- **legacy**: Puppet keeps network configuration untouched except for DNS configuration and applying `network::*` Hiera settings + +Not all types are supported by all RedHat versions: + +| Type | RHEL7 | RHEL8 | RHEL9 | +|-----------|---------|---------|---------| +| auto | \- | ✓ | Default | +| managed | \- | ✓ | ✓ | +| unmanaged | \- | ✓ | ✓ | +| legacy | Default | Default | \- | + +## Automatic Network Configuration + +The automatic network configuration will just let NetworkManager do the work as it does it by default. + +In Hiera you can select this option with + +``` +networking::setup: auto +``` + +And what does NetworkManager actually do by default? It attemps automatic configuration on all interfaces (DHCP, SLAAC). Additionally the user may add desired connections. This might be Wifi, VPN, but also normal Ethernet. Automatic configuration is only attempted if there is no such specific configuration. + +DNS configuration as such is learned by autoconfiguration/manual connection configuration and will not be managed by Puppet. + +Note that when changing to `auto` all legacy `ifcfg` files for network configuration are removed. + +## Managed Network Configuration + +The network configuration can be fully and fine-grained be managed from Hiera with + +``` +networking::setup: managed +``` + +and the configuration for the individual connections: + +``` +networking::connections: + - psi_network + - management_network + +networking::connection::psi_network: + interface_name: 'eno0' + ipv4_method: 'manual' + ipv4_address: '129.129.241.66/24' + ipv4_gateway: '129.129.241.1' + ipv6_method: 'disabled' + +networking::connection::management_network: + interface_name: 'eno1' + ipv4_method: 'manual' + ipv4_address: '192.168.71.10/24' + ipv6_method: 'disabled' +``` + +So there is the list `networking::connections` which selects the network connections which should be configured. + +Then for each connection name listed there needs to be a hash in Hiera named `networking::connection::$CONNECTION_NAME`. + +### Ethernet Connection Definition + +The default connection type is `ethernet` (alias for `802-3-ethernet`). +The network connection hash needs to specify the NIC for the connection either by name with the key `interface_name` or by MAC address with the key `mac_address`. + +Next you need to specify how IPv4 configuration should be done. The key `ipv4_method` supports the values `auto`, `dhcp`, `manual`, `disabled`, `link-local`. All except `manual` do not need further configuation. For `manual` the `ipv4_address` in the CIDR format "IP/network mask bits". For the default router has to be set with the key `ipv4_gateway`. + +We did not look into IPv6 configuration yet and usualy it is best to switch it off by setting `ipv6_method` to `disabled`. + +To keep an interface down the setting `state` can be set to `down` (default is `up`). + +### Other Connection Types + +NetworkManager also supports other types like `infiniband`, `wifi`, `vpn`, `bridge`, `vlan`, etc. Note that other types than `ethernet` have so far not been tested. Please contact us if you managed to set up some other network type or need help to do so. + +### DNS Override + +The internal nameservers are configured according to the network zone by Puppet. + +If for some reason that is unsuitable, you might set your own in Hiera: +``` +networking::nameservers_override: + - 192.33.120.5 + - 192.33.121.5 +``` + +### No Automatic Migration to Legacy Configuration + +Note that when changing to `managed` all legacy `ifcfg` files and all NetworkManager connections not reflected in Hiera are removed. So if you want to be able to go back to legacy mode you need to backup these files first. + +## Unmanaged Network Configuration + +Here Puppet keeps the fingers off any network related configuration like interface configuration, DNS or routing. + +In Hiera you can select this option with + +``` +networking::setup: unmanaged +``` + +When you change to unmanaged network configuration, the configuration on the node will stay as is. + +## Legacy Network Configuration + +The legacy mode Puppet does not do configuration of network addresses and interfaces. This usually is done by the Kickstart file during OS installation and then not touched any more. Or with manual changes. + +Additionally the `network` Puppet module can be used for more complex setups. But as this module is not maintained any more, we phase it out with RHEL9 and suggest to migrate away from it on RHEL8. + +The legacy mode is selected by not setting `networking::setup` in Hiera. + +### Custom Nameservers + +The internal nameservers are configured according to the network zone by Puppet. + +If for some reason that is unsuitable, you might set your own in Hiera: + +``` +networking::nameservers_override: + - 192.33.120.5 + - 192.33.121.5 +``` + diff --git a/rhel9/index.md b/rhel9/index.md index 589b9fa5..780e342e 100644 --- a/rhel9/index.md +++ b/rhel9/index.md @@ -8,14 +8,17 @@ Bugs and issues can be reported in the [Linux project in JIRA](https://jira.psi. Additional ressource [Considerations in adopting RHEL 9](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/considerations_in_adopting_rhel_9/index#doc-wrapper) + ## Changes for Base Installation -### Workstation Package Groups -Changed the ammount of packages installed by default on workstation installation. See the comparison below: +### No Support for AFS +The future support model for AFS or the service and functionality it provides is currently under consideration. Consequently it has been decided not to support AFS in the PSI RHEL9 distribution at the time being. -| RHEL 7&8 | RHEL 9 | -| --- | --- | -| | | + +### Network Configuration +By default the network configuration is handed over to NetworkManager which does automatic configuation. + +If you wish different behaviour, e.g. for static IP addresses, please check out the [Network Configuration guide](../admin-guide/configuration/networking). ### Disk Layout @@ -31,12 +34,19 @@ Provided disk size is 64GB for virtual machines. | boot | /boot | 1GB | ext4 | no | | swap | - | 4GB | swap | no | -### No Support for AFS -The future support model for AFS or the service and functionality it provides is currently under consideration. Consequently it has been decided not to support AFS in the PSI RH9 distribution at the time being. + +### Workstation Package Groups +Changed the ammount of packages installed by default on workstation installation. See the comparison below: + +| RHEL 7&8 | RHEL 9 | +| --- | --- | +| | | + ### Tracking Epic https://jira.psi.ch/browse/PSILINUX-287 + ## Caveats ### Missing or Replaced Packages