Files
Controls-docs/admin-guide/configuration/networking.md
T

129 lines
5.0 KiB
Markdown

# Network Configuration
Our Puppet configuration management supports four types of network configuration:
- **auto**: NetworkManager does automatic configuration while respecting local user managed configuration
- **managed**: NetworkManger is fully managed via Hiera/Puppet
- **unmanaged**: network configuration (incl. DNS) is not touched by Puppet
- **legacy**: Puppet keeps network configuration untouched except for DNS configuration and applying `network::*` Hiera settings
Not all types are supported by all RedHat versions:
| Type | RHEL7 | RHEL8 | RHEL9 |
|-----------|---------|---------|---------|
| auto | \- | ✓ | Default |
| managed | \- | ✓ | ✓ |
| unmanaged | \- | ✓ | ✓ |
| legacy | Default | Default | \- |
## Automatic Network Configuration
The automatic network configuration will just let NetworkManager do the work as it does it by default.
In Hiera you can select this option with
```
networking::setup: auto
```
And what does NetworkManager actually do by default? It attemps automatic configuration on all interfaces (DHCP, SLAAC). Additionally the user may add desired connections. This might be Wifi, VPN, but also normal Ethernet. Automatic configuration is only attempted if there is no such specific configuration.
DNS configuration as such is learned by autoconfiguration/manual connection configuration and will not be managed by Puppet.
Note that when changing to `auto` all legacy `ifcfg` files for network configuration are removed.
## Managed Network Configuration
The network configuration can be fully and fine-grained be managed from Hiera with
```
networking::setup: managed
```
and the configuration for the individual connections:
```
networking::connections:
- psi_network
- management_network
networking::connection::psi_network:
interface_name: 'eno0'
ipv4_method: 'manual'
ipv4_address: '129.129.241.66/24'
ipv4_gateway: '129.129.241.1'
ipv6_method: 'disabled'
networking::connection::management_network:
interface_name: 'eno1'
ipv4_method: 'manual'
ipv4_address: '192.168.71.10/24'
ipv6_method: 'disabled'
```
So there is the list `networking::connections` which selects the network connections which should be configured.
Then for each connection name listed there needs to be a hash in Hiera named `networking::connection::$CONNECTION_NAME`.
### Ethernet Connection Definition
The default connection type is `ethernet` (alias for `802-3-ethernet`).
The network connection hash needs to specify the NIC for the connection either by name with the key `interface_name` or by MAC address with the key `mac_address`.
Next you need to specify how IPv4 configuration should be done. The key `ipv4_method` supports the values `auto`, `dhcp`, `manual`, `disabled`, `link-local`. All except `manual` do not need further configuation. For `manual` the `ipv4_address` in the CIDR format "IP/network mask bits". For the default router has to be set with the key `ipv4_gateway`.
We did not look into IPv6 configuration yet and usualy it is best to switch it off by setting `ipv6_method` to `disabled`.
To keep an interface down the setting `state` can be set to `down` (default is `up`).
### Other Connection Types
NetworkManager also supports other types like `infiniband`, `wifi`, `vpn`, `bridge`, `vlan`, etc. Note that other types than `ethernet` have so far not been tested. Please contact us if you managed to set up some other network type or need help to do so.
### DNS Override
The internal nameservers are configured according to the network zone by Puppet.
If for some reason that is unsuitable, you might set your own in Hiera:
```
networking::nameservers_override:
- 192.33.120.5
- 192.33.121.5
```
### No Automatic Migration to Legacy Configuration
Note that when changing to `managed` all legacy `ifcfg` files and all NetworkManager connections not reflected in Hiera are removed. So if you want to be able to go back to legacy mode you need to backup these files first.
## Unmanaged Network Configuration
Here Puppet keeps the fingers off any network related configuration like interface configuration, DNS or routing.
In Hiera you can select this option with
```
networking::setup: unmanaged
```
When you change to unmanaged network configuration, the configuration on the node will stay as is.
## Legacy Network Configuration
The legacy mode Puppet does not do configuration of network addresses and interfaces. This usually is done by the Kickstart file during OS installation and then not touched any more. Or with manual changes.
Additionally the `network` Puppet module can be used for more complex setups. But as this module is not maintained any more, we phase it out with RHEL9 and suggest to migrate away from it on RHEL8.
The legacy mode is selected by not setting `networking::setup` in Hiera.
### Custom Nameservers
The internal nameservers are configured according to the network zone by Puppet.
If for some reason that is unsuitable, you might set your own in Hiera:
```
networking::nameservers_override:
- 192.33.120.5
- 192.33.121.5
```