Controls/gitea-pages
0
2
Fork 0
Code Pull Requests Actions Activity
Files
40bcbbb1d3de7287cb700a5baf6800d2ece24efd
gitea-pages/admin-guide/configuration/basic/networking.md

278 lines
10 KiB
Markdown
Raw Blame History

# Network Configuration
Our Puppet configuration management supports five types of network configuration:
- **auto**: NetworkManager does automatic configuration while respecting local user managed configuration
- **auto_static_ip**: static NetworkManager connection with IP from DNS and network information from DHCP
- **managed**: NetworkManger is fully managed via Hiera/Puppet
- **unmanaged**: network configuration (incl. DNS) is not touched by Puppet
- **legacy**: Puppet keeps network configuration untouched except for DNS configuration and applying `network::*` Hiera settings
Not all types are supported by all RedHat versions:
| Type | RHEL7 | RHEL8 | RHEL9 |
|----------------|---------|---------|---------|
| auto | \- | ✓ | Default |
| auto_static_ip | \- | ✓ | ✓ |
| managed | \- | ✓ | ✓ |
| unmanaged | \- | ✓ | ✓ |
| legacy | Default | Default | \- |
## Automatic Network Configuration
The automatic network configuration will just let NetworkManager do the work as it does it by default.
In Hiera you can select this option with
```
networking::setup: auto
```
And what does NetworkManager actually do by default? It attemps automatic configuration on all interfaces (DHCP, SLAAC). Additionally the user may add desired connections. This might be Wifi, VPN, but also normal Ethernet. Automatic configuration is only attempted if there is no such specific configuration.
DNS configuration as such is learned by autoconfiguration/manual connection configuration and will not be managed by Puppet.
Note that when changing to `auto` all legacy `ifcfg` files for network configuration are removed.
## Automatic Network Configuration with Static IP Address
In a setup where there is just one static IP address which can be resolved via DNS, Puppet can configure a static connection with
```
networking::setup: auto_static_ip
```
Note this only works if there is a DHCP server in that network which provides the network mask and the default gateway IP address.
## Managed Network Configuration
The network configuration can be fully and fine-grained be managed from Hiera with
```
networking::setup: managed
```
and the configuration for the individual connections:
```
networking::connections:
- psi_network
- management_network
networking::connection::psi_network:
interface_name: 'eno0'
ipv4_method: 'manual'
ipv4_address: '129.129.241.66/24'
ipv4_gateway: '129.129.241.1'
ipv6_method: 'disabled'
networking::connection::management_network:
interface_name: 'eno1'
ipv4_method: 'manual'
ipv4_address: '192.168.71.10/24'
ipv6_method: 'disabled'
```
So there is the list `networking::connections` which selects the network connections which should be configured.
Then for each connection name listed there needs to be a hash in Hiera named `networking::connection::$CONNECTION_NAME`.
If you have a fixed IP address which is in the DNS, you might also interpolate the `ipv4_by_dns` or the `ipv6_by_dns` variable:
```
networking::connection::psi_network:
mac_address: '00:50:56:9d:bb:ad'
ipv4_method: 'manual'
ipv4_address: '%{ipv4_by_dns}/24'
ipv4_gateway: '129.129.187.1'
ipv6_method: 'manual'
ipv6_address: '%{ipv6_by_dns}'
ipv6_gateway: 'abcd:1234::1'
```
```{note}
The default value (if not specified) for `ipv6_method` is _disabled_.
```
### Ethernet Connection Definition
The default connection type is `ethernet` (alias for `802-3-ethernet`).
The network connection hash needs to specify the NIC for the connection either by name with the key `interface_name` or by MAC address with the key `mac_address`.
Next you need to specify how IPv4 configuration should be done. The key `ipv4_method` supports the values `auto`, `dhcp`, `manual`, `disabled`, `link-local`. All except `manual` do not need further configuation. For `manual` the `ipv4_address` in the CIDR format "IP/network mask bits". For the default router has to be set with the key `ipv4_gateway`.
We did not look into IPv6 configuration yet and usualy it is best to switch it off by setting `ipv6_method` to `disabled`.
To keep an interface down the setting `state` can be set to `down` (default is `up`).
You may also add additional configuration like size of the ring buffer:
```
networking::connection::psi_network:
...
additional_config:
ethtool:
ring-rx: 8192
ring-tx: 8192
```
The first key level is the section in the NetworkManager configuration file (on the command line usually the first part before the dot), the second key level is the name of the value to be set.
### Infiniband Connection Definition
For infiniband connections the configuration is similar to ethernet. Additionally there is there is the `type: 'infiniband` setting accompanied by an `additional_config` key holding an `infiniband` key with the infinibad specific optioins, as you see in below example:
```
networking::connection::ipoib_network:
interface_name: 'ib0'
ipv4_method: 'manual'
ipv4_address: '192.168.1.16/24'
ipv4_gateway: '192.168.1.1'
ipv6_method: 'disabled'
type: 'infiniband'
additional_config:
infiniband:
mtu: 65520
transport-mode: 'connected'
```
### Other Connection Types
NetworkManager also supports other types like `wifi`, `vpn`, `bridge`, `vlan`, etc. Note that other types than `ethernet` and `ethernet` have so far not been tested. Please contact us if you managed to set up some other network type or need help to do so.
### Interface Bonding
For a bonded interfaces there is an own list named `networking::bondings` which defines which configuration defined in `networking::bonding::$NAME` hashes should be appled:
```
networking::bondings:
- bond0
networking::bonding::bond0:
ipv4_method: 'manual'
ipv4_address: '%{ipv4_by_dns}/24'
ipv4_gateway: '129.129.86.1'
ipv6_method: 'ignore'
slaves:
- 'eno5'
- 'eno6'
bond:
mode: '802.3ad'
xmit_hash_policy: 'layer2+3'
miimon: '100'
# optional
additional_config:
ethernet:
mtu: 9000
```
Feel free to extend the documentation here or provide a link for detailed explanation of the bond options.
By default the connection name is automatically used name of the bonding interface, Still, you can use speaking names instead for the connection if you specifiy the interface name explicitely:
```
networking::bondings:
- psi_network
networking::bonding::psi_network:
ifc_name: 'bond0'
ipv4_method: 'manual'
...
```
### Static Routes
Static routes can be added with the `additional_config` key in the connection settings.
Depending on the IP version there is a `ipv4` or `ipv6` subkey which then can contain many `routes` + number keys. So the first route is `routes1`, the second `routes2`, etc.
The minimal entry for `routesX` is the network and then, separated with a comma, the next hop IP. The optional third entry is the metric.
For each route you may also add a option key `routesX_options`, where multiple options in the form `name=value` can be added, again comma separated.
An example:
```
networking::connection::management_network:
interface_name: 'eno1'
ipv4_method: 'manual'
ipv4_address: '192.168.71.10/24'
ipv6_method: 'disabled'
additional_config:
ipv4:
routes1: '10.255.254.0/24,192.168.71.1'
routes2: '10.255.255.0/24,192.168.71.1,100'
routes2_options: 'lock-cwnd=false,lock-mtu=false'
```
All routing options can be found in the Red Hat NetworkManager documentation ([RHEL8](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/configuring-static-routes_configuring-and-managing-networking#how-to-use-the-nmcli-command-to-configure-a-static-route_configuring-static-routes), [RHEL9](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/configuring_and_managing_networking/configuring-static-routes_configuring-and-managing-networking#how-to-use-the-nmcli-command-to-configure-a-static-route_configuring-static-routes)).
### Removing a Connection
A connection does **not get removed** when its configuration has been removed in Hiera and was applied on the node.
To remove it you may do it manually or reboot.
Manual removal is done with `nmcli connection down $ID/$CONNECTION_NAME`:
```
[root@lx-test-dmz-01 ~]# nmcli connection
NAME UUID TYPE DEVICE
dmz_network f77611ac-b6e2-5a08-841e-8a1023eefaed ethernet ens33
ens35 f3ba4a81-8c9b-4aec-88ee-ddffd32f67fa ethernet ens35
[root@lx-test-dmz-01 ~]# nmcli connection down f3ba4a81-8c9b-4aec-88ee-ddffd32f67fa
Connection 'ens35' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
[root@lmu-user-dmz-01 ~]# nmcli connection
NAME UUID TYPE DEVICE
dmz_network f77611ac-b6e2-5a08-841e-8a1023eefaed ethernet ens33
[root@lx-test-dmz-01 ~]#
```
### DNS Override
The internal nameservers are configured according to the network zone by Puppet.
If for some reason that is unsuitable, you might set your own in Hiera:
```
networking::nameservers_override:
- 192.33.120.5
- 192.33.121.5
```
### No Automatic Migration to Legacy Configuration
Note that when changing to `managed` all legacy `ifcfg` files and all NetworkManager connections not reflected in Hiera are removed. So if you want to be able to go back to legacy mode you need to backup these files first.
## Unmanaged Network Configuration
Here Puppet keeps the fingers off any network related configuration like interface configuration, DNS or routing.
In Hiera you can select this option with
```
networking::setup: unmanaged
```
When you change to unmanaged network configuration, the configuration on the node will stay as is.
## Legacy Network Configuration
The legacy mode Puppet does not do configuration of network addresses and interfaces. This usually is done by the Kickstart file during OS installation and then not touched any more. Or with manual changes.
Additionally the `network` Puppet module can be used for more complex setups. But as this module is not maintained any more, we phase it out with RHEL9 and suggest to migrate away from it on RHEL8.
The legacy mode is selected by not setting `networking::setup` in Hiera.
### Custom Nameservers
The internal nameservers are configured according to the network zone by Puppet.
If for some reason that is unsuitable, you might set your own in Hiera:
```
networking::nameservers_override:
- 192.33.120.5
- 192.33.121.5
```
## Disable DNS Caching
Except for the `unmanaged` setup mode you may disable DNS caching with
```
networking::enable_dns_caching: false
```
View Git Blame Copy Permalink