Configuração de rede do host

Opções de configuração de rede do host

Base

Unless otherwise configured, Fedora CoreOS (FCOS) will attempt DHCP on every interface with a cable plugged in. However, if you need to use static addressing or more complex networking (vlans, bonds, bridges, teams, etc..), you can do so in a number of ways which are summarized below. Regardless of the way you choose to configure networking it all ends up as configuration for NetworkManager, which takes the form of NetworkManager keyfiles. More information on the keyfile format can be found here. More information on the subsection options for keyfiles can be found here.

Opções de configuração

Máquinas FCOS são primariamente configuradas via Ignition, que executa pelo initramfs na primeira inicialização da máquina. Dependendo da plataforma, a máquina precisará de acesso à rede para obter recursos remotos; seja a configuração Ignition em si, ou recursos remotos especificados dentro da configuração do Ignition.

A rede somente será iniciada no initramfs se determinado com sendo necessário, ou se for explicitamente requisitado pelo usuário com: rd.neednet=1.

Se uma máquina precisa de rede no initramfs pode ditar como um usuário irá configurar a rede para a máquina. As opções para configurar a rede para uma máquina é:

  • via argumentos de kernel

    • Esses são processados por módulos do dracut no initramfs durante a primeira inicialização

  • via live image customization

    • by embedding network configuration in the live ISO or PXE image

  • via coreos-installer install --copy-network

    • by propagating the installation environment networking configuration

  • via Afterburn

    • aplicando a configuração de rede, injetada por várias plataformas

  • via Ignition

    • entregando arquivos que o NetworkManager então usará na inicialização

Se você precisar de conectividade com a rede para obter sua configuração Ignition, ou se seu Ignition possui referências remotas, você não será capaz de prover sua configuração de rede via Ignition.
Se você fornecer configuração de rede de várias maneiras (ou seja, por meio de argumentos do kernel e via Ignition), então a configuração fornecida via Ignition vencerá e será aplicada à raiz real da máquina. Não há suporte para fornecer meia configuração por meio de argumentos do kernel e outra metade por meio do Ignition.

Vamos cobrir cada uma dessas opções agora.

via argumentos de kernel

Na primeira inicialização de uma máquina, um usuário pode fornecer argumentos de kernel que definem a configuração de rede. Esses argumentos do kernel são definidos principalmente na página do manual dracut.cmdline. Existem algumas maneiras diferentes de aplicar esses argumentos do kernel na primeira inicialização.

  1. Na forma mais genérica, você pode parar uma instância no prompt do GRUB na primeira inicialização (inicialização do Ignition) e adicioná-los ao conjunto existente de argumentos do kernel.

  2. For a bare metal install where you automate the installation via kernel arguments added, (i.e., coreos.inst.install_dev=), you can also append networking arguments there and they will apply to the install boot and also the first boot (Ignition boot) of the installed machine.

  3. Para uma inicialização PXE, você pode adicionar argumentos de kernel de rede ao seu conjunto existente de argumentos de kernel em sua configuração PXE.

An example set of kernel arguments for statically configuring an IP address for ens2 looks like:

ip=10.10.10.10::10.10.10.1:255.255.255.0:meunomedehost:ens2:none:8.8.8.8

A sintaxe é um pouco difícil de trabalhar. Uma maneira fácil de trabalhar com isso é escrever um pequeno script que preencherá os itens para você. Para o exemplo acima, algo assim deve funcionar:

ip='10.10.10.10'
gateway='10.10.10.1'
netmask='255.255.255.0'
hostname='meunomedehost'
interface='ens2'
nameserver='8.8.8.8'
echo "ip=${ip}::${gateway}:${netmask}:${hostname}:${interface}:none:${nameserver}"

via live image customization

coreos-installer allows you to embed NetworkManager keyfiles directly in a live ISO or PXE image by using the --network-keyfile option to coreos-installer iso customize or coreos-installer pxe customize. The configuration is applied in the initramfs before Ignition runs. If you also use the --installer-config option or any of the --dest-* options to configure automatic installation, or the --copy-network option when installing manually, the network configuration will be forwarded to the installed system.

For more details on embedding network configuration in a live image, see the live ISO/PXE image reference.

via coreos-installer install --copy-network

Para fluxos de trabalho de instalação manual em máquina física, pode não ser preferível usar os argumentos do kernel dracut para configurar a rede:

  • the syntax is not very user-friendly

  • manipular os argumentos do kernel pegando o prompt do GRUB pode ser um desafio

The --copy-network option to coreos-installer install will copy the files from /etc/NetworkManager/system-connections/ directory into the installed system. For an interactive install this allows the user to populate networking configuration in a variety of ways before doing the installation:

  • usando o comando nmcli

  • usando a interface de texto nmtui

  • escrevendo arquivos diretamente

  • usando outra ferramenta de escolha

It also allows the user to do hardware discovery on the node (i.e. "what are my interface names?"). For an example of this workflow see this demo which shows it in detail.

via Afterburn

Em certas plataformas, o Afterburn injetará configuração de rede, configurada pelo usuário ou pela plataforma, durante o initramfs.

Currently, this is only utilized on VMWare. The implementation there allows for users to specify networking configuration in the form of dracut networking arguments without having to stop the boot of the machine and manually inject those arguments themselves.

See the Afterburn documentation for more information.

via Ignition

Se você precisa de rede para obter a configuração do Ignition e seu ambiente requer uma rede mais complexa do que o padrão do DHCP para obter a configuração do Ignition, você precisará usar outro método diferente do Ignition para configurar a rede.

Networking configuration can be performed by writing out files described in an Ignition config. These are NetworkManager keyfiles that are written to /etc/NetworkManager/system-connections/ that tell NetworkManager what to do.

Qualquer configuração fornecida através do Ignition será considerada com uma prioridade mais alta do que qualquer outro método de configuração da rede para uma instância do Fedora CoreOS. Se você especificar a configuração de rede por meio do Ignition, tente não usar outros mecanismos para configurar a rede.

An example Butane config for the same static networking example that we showed above is:

variant: fcos
version: 1.6.0
storage:
  files:
    - path: /etc/NetworkManager/system-connections/ens2.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=ens2
          type=ethernet
          interface-name=ens2
          [ipv4]
          address1=10.10.10.10/24,10.10.10.1
          dns=8.8.8.8;
          dns-search=
          may-fail=false
          method=manual

Exemplos de configuração de rede do host

In this section we’ll go through common examples of setting up different types of networking devices using both dracut kernel arguments as well as NetworkManager keyfiles via Ignition/Butane.

Os exemplos nesta seção que usam um IP estático presumirão esses valores, a menos que indicado de outra forma:

ip='10.10.10.10'
gateway='10.10.10.1'
netmask='255.255.255.0'
prefix='24'
hostname='meunomedehost'
interface='ens2'
nameserver='8.8.8.8'
bondname='bond0'
teamname='team0'
bridgename='br0'
subnic1='ens2'
subnic2='ens3'
vlanid='100'
FCOS usa nomes de interfaces predizíveis por padrão. Tome cuidado para usar o nome de interface correto para o seu hardware.

Gerando arquivos-chave do NetworkManager usando nm-initrd-generator

NetworkManager ships a tool, nm-initrd-generator, that can generate keyfiles from dracut kernel argument syntax. This might be a good way to either convert from kernel arguments to keyfiles or to just quickly generate some keyfiles giving a small amount of input and then tweak some more detailed settings.

Aqui está um exemplo de geração de arquivos-chave para um bond via nm-initrd-generator:

$ kargs="ip=bond0:dhcp bond=bond0:ens2,ens3:mode=active-backup,miimon=100 nameserver=8.8.8.8"
$ /usr/libexec/nm-initrd-generator -s -- $kargs

*** Conexão "bond0" ***

[connection]
id=bond0
uuid=643c17b5-b364-4137-b273-33f450a45476
type=bond
interface-name=bond0
multi-connect=1
permissions=

[ethernet]
mac-address-blacklist=

[bond]
miimon=100
mode=active-backup

[ipv4]
dns=8.8.8.8;
dns-search=
may-fail=false
method=auto

[ipv6]
addr-gen-mode=eui64
dns-search=
method=auto

[proxy]

*** Conexão "ens3" ***

[connection]
id=ens3
uuid=b42cc917-fd87-47df-9ac2-34622ecddd8c
type=ethernet
interface-name=ens3
master=643c17b5-b364-4137-b273-33f450a45476
multi-connect=1
permissions=
slave-type=bond

[ethernet]
mac-address-blacklist=

*** Conexão "ens2" ***

[connection]
id=ens2
uuid=e111bb4e-3ee3-4612-afc2-1d2dfff97671
type=ethernet
interface-name=ens2
master=643c17b5-b364-4137-b273-33f450a45476
multi-connect=1
permissions=
slave-type=bond

[ethernet]
mac-address-blacklist=

Esta execução gera três arquivos-chave. Um para bond0, um para ens3 e um para ens2. Você pode pegar a saída gerada, adicionar mais configurações ou ajustar as configurações existentes e, em seguida, entregar os arquivos por meio do Ignition.

Configurando um IP estático

Argumentos de kernel do dracut

Modelo
ip=${ip}::${gateway}:${netmask}:${hostname}:${interface}:none:${nameserver}
Renderizado
ip=10.10.10.10::10.10.10.1:255.255.255.0:meunomedehost:ens2:none:8.8.8.8

Butane config

Modelo
variant: fcos
version: 1.6.0
storage:
  files:
    - path: /etc/NetworkManager/system-connections/${interface}.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=${interface}
          type=ethernet
          interface-name=${interface}
          [ipv4]
          address1=${ip}/${prefix},${gateway}
          dhcp-hostname=${hostname}
          dns=${nameserver};
          dns-search=
          may-fail=false
          method=manual
Renderizado
variant: fcos
version: 1.6.0
storage:
  files:
    - path: /etc/NetworkManager/system-connections/ens2.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=ens2
          type=ethernet
          interface-name=ens2
          [ipv4]
          address1=10.10.10.10/24,10.10.10.1
          dhcp-hostname=myhostname
          dns=8.8.8.8;
          dns-search=
          may-fail=false
          method=manual

Configurando um bond (IP estático)

Argumentos de kernel do dracut

Modelo
ip=${ip}::${gateway}:${netmask}:${hostname}:${bondname}:none:${nameserver}
bond=${bondname}:${subnic1},${subnic2}:mode=active-backup,miimon=100
Renderizado
ip=10.10.10.10::10.10.10.1:255.255.255.0:meunomedehost:bond0:none:8.8.8.8
bond=bond0:ens2,ens3:mode=active-backup,miimon=100

Butane config

Modelo
variant: fcos
version: 1.6.0
storage:
  files:
    - path: /etc/NetworkManager/system-connections/${bondname}.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=${bondname}
          type=bond
          interface-name=${bondname}
          [bond]
          miimon=100
          mode=active-backup
          [ipv4]
          address1=${ip}/${prefix},${gateway}
          dhcp-hostname=${hostname}
          dns=${nameserver};
          dns-search=
          may-fail=false
          method=manual
    - path: /etc/NetworkManager/system-connections/${bondname}-slave-${subnic1}.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=${bondname}-slave-${subnic1}
          type=ethernet
          interface-name=${subnic1}
          master=${bondname}
          slave-type=bond
    - path: /etc/NetworkManager/system-connections/${bondname}-slave-${subnic2}.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=${bondname}-slave-${subnic2}
          type=ethernet
          interface-name=${subnic2}
          master=${bondname}
          slave-type=bond
Renderizado
variant: fcos
version: 1.6.0
storage:
  files:
    - path: /etc/NetworkManager/system-connections/bond0.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=bond0
          type=bond
          interface-name=bond0
          [bond]
          miimon=100
          mode=active-backup
          [ipv4]
          address1=10.10.10.10/24,10.10.10.1
          dhcp-hostname=myhostname
          dns=8.8.8.8;
          dns-search=
          may-fail=false
          method=manual
    - path: /etc/NetworkManager/system-connections/bond0-slave-ens2.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=bond0-slave-ens2
          type=ethernet
          interface-name=ens2
          master=bond0
          slave-type=bond
    - path: /etc/NetworkManager/system-connections/bond0-slave-ens3.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=bond0-slave-ens3
          type=ethernet
          interface-name=ens3
          master=bond0
          slave-type=bond

Configurando uma ponte (DHCP)

Argumentos de kernel do dracut

Modelo
ip=${bridgename}:dhcp
bridge=${bridgename}:${subnic1},${subnic2}
Renderizado
ip=br0:dhcp
bridge=br0:ens2,ens3

Butane config

Modelo
variant: fcos
version: 1.6.0
storage:
  files:
    - path: /etc/NetworkManager/system-connections/${bridgename}.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=${bridgename}
          type=bridge
          interface-name=${bridgename}
          [bridge]
          [ipv4]
          dns-search=
          may-fail=false
          method=auto
    - path: /etc/NetworkManager/system-connections/${bridgename}-slave-${subnic1}.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=${bridgename}-slave-${subnic1}
          type=ethernet
          interface-name=${subnic1}
          master=${bridgename}
          slave-type=bridge
          [bridge-port]
    - path: /etc/NetworkManager/system-connections/${bridgename}-slave-${subnic2}.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=${bridgename}-slave-${subnic2}
          type=ethernet
          interface-name=${subnic2}
          master=${bridgename}
          slave-type=bridge
          [bridge-port]
Renderizado
variant: fcos
version: 1.6.0
storage:
  files:
    - path: /etc/NetworkManager/system-connections/br0.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=br0
          type=bridge
          interface-name=br0
          [bridge]
          [ipv4]
          dns-search=
          may-fail=false
          method=auto
    - path: /etc/NetworkManager/system-connections/br0-slave-ens2.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=br0-slave-ens2
          type=ethernet
          interface-name=ens2
          master=br0
          slave-type=bridge
          [bridge-port]
    - path: /etc/NetworkManager/system-connections/br0-slave-ens3.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=br0-slave-ens3
          type=ethernet
          interface-name=ens3
          master=br0
          slave-type=bridge
          [bridge-port]

Configurando um Team (DHCP)

Argumentos de kernel do dracut

Modelo
ip=${teamname}:dhcp
team=${teamname}:${subnic1},${subnic2}
Renderizado
ip=team0:dhcp
team=team0:ens2,ens3

Butane config

Modelo
variant: fcos
version: 1.6.0
storage:
  files:
    - path: /etc/NetworkManager/system-connections/${teamname}.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=${teamname}
          type=team
          interface-name=${teamname}
          [team]
          config={"runner": {"name": "activebackup"}, "link_watch": {"name": "ethtool"}}
          [ipv4]
          dns-search=
          may-fail=false
          method=auto
    - path: /etc/NetworkManager/system-connections/${teamname}-slave-${subnic1}.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=${teamname}-slave-${subnic1}
          type=ethernet
          interface-name=${subnic1}
          master=${teamname}
          slave-type=team
          [team-port]
          config={"prio": 100}
    - path: /etc/NetworkManager/system-connections/${teamname}-slave-${subnic2}.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=${teamname}-slave-${subnic2}
          type=ethernet
          interface-name=${subnic2}
          master=${teamname}
          slave-type=team
          [team-port]
          config={"prio": 100}
Renderizado
variant: fcos
version: 1.6.0
storage:
  files:
    - path: /etc/NetworkManager/system-connections/team0.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=team0
          type=team
          interface-name=team0
          [team]
          config={"runner": {"name": "activebackup"}, "link_watch": {"name": "ethtool"}}
          [ipv4]
          dns-search=
          may-fail=false
          method=auto
    - path: /etc/NetworkManager/system-connections/team0-slave-ens2.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=team0-slave-ens2
          type=ethernet
          interface-name=ens2
          master=team0
          slave-type=team
          [team-port]
          config={"prio": 100}
    - path: /etc/NetworkManager/system-connections/team0-slave-ens3.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=team0-slave-ens3
          type=ethernet
          interface-name=ens3
          master=team0
          slave-type=team
          [team-port]
          config={"prio": 100}

Configurando uma VLAN (IP estático)

Argumentos de kernel do dracut

Modelo
ip=${ip}::${gateway}:${netmask}:${hostname}:${interface}.${vlanid}:none:${nameserver}
vlan=${interface}.${vlanid}:${interface}
Renderizado
ip=10.10.10.10::10.10.10.1:255.255.255.0:myhostname:ens2.100:none:8.8.8.8
vlan=ens2.100:ens2

Butane config

Modelo
variant: fcos
version: 1.6.0
storage:
  files:
    - path: /etc/NetworkManager/system-connections/${interface}.${vlanid}.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=${interface}.${vlanid}
          type=vlan
          interface-name=${interface}.${vlanid}
          [vlan]
          egress-priority-map=
          flags=1
          id=${vlanid}
          ingress-priority-map=
          parent=${interface}
          [ipv4]
          address1=${ip}/${prefix},${gateway}
          dhcp-hostname=${hostname}
          dns=${nameserver};
          dns-search=
          may-fail=false
          method=manual
    - path: /etc/NetworkManager/system-connections/${interface}.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=${interface}
          type=ethernet
          interface-name=${interface}
          [ipv4]
          dns-search=
          method=disabled
          [ipv6]
          addr-gen-mode=eui64
          dns-search=
          method=disabled
Renderizado
variant: fcos
version: 1.6.0
storage:
  files:
    - path: /etc/NetworkManager/system-connections/ens2.100.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=ens2.100
          type=vlan
          interface-name=ens2.100
          [vlan]
          egress-priority-map=
          flags=1
          id=100
          ingress-priority-map=
          parent=ens2
          [ipv4]
          address1=10.10.10.10/24,10.10.10.1
          dhcp-hostname=myhostname
          dns=8.8.8.8;
          dns-search=
          may-fail=false
          method=manual
    - path: /etc/NetworkManager/system-connections/ens2.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=ens2
          type=ethernet
          interface-name=ens2
          [ipv4]
          dns-search=
          method=disabled
          [ipv6]
          addr-gen-mode=eui64
          dns-search=
          method=disabled

Configurando uma VLAN em um Bond (DHCP)

Argumentos de kernel do dracut

Modelo
ip=${bondname}.${vlanid}:dhcp
bond=${bondname}:${subnic1},${subnic2}:mode=active-backup,miimon=100
vlan=${bondname}.${vlanid}:${bondname}
Renderizado
ip=bond0.100:dhcp
bond=bond0:ens2,ens3:mode=active-backup,miimon=100
vlan=bond0.100:bond0

Butane config

Modelo
variant: fcos
version: 1.6.0
storage:
  files:
    - path: /etc/NetworkManager/system-connections/${bondname}.${vlanid}.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=${bondname}.${vlanid}
          type=vlan
          interface-name=${bondname}.${vlanid}
          [vlan]
          egress-priority-map=
          flags=1
          id=${vlanid}
          ingress-priority-map=
          parent=${bondname}
          [ipv4]
          dns-search=
          may-fail=false
          method=auto
    - path: /etc/NetworkManager/system-connections/${bondname}.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=${bondname}
          type=bond
          interface-name=${bondname}
          [bond]
          miimon=100
          mode=active-backup
          [ipv4]
          method=disabled
          [ipv6]
          method=disabled
    - path: /etc/NetworkManager/system-connections/${bondname}-slave-${subnic1}.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=${bondname}-slave-${subnic1}
          type=ethernet
          interface-name=${subnic1}
          master=${bondname}
          slave-type=bond
    - path: /etc/NetworkManager/system-connections/${bondname}-slave-${subnic2}.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=${bondname}-slave-${subnic2}
          type=ethernet
          interface-name=${subnic2}
          master=${bondname}
          slave-type=bond
Renderizado
variant: fcos
version: 1.6.0
storage:
  files:
    - path: /etc/NetworkManager/system-connections/bond0.100.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=bond0.100
          type=vlan
          interface-name=bond0.100
          [vlan]
          egress-priority-map=
          flags=1
          id=100
          ingress-priority-map=
          parent=bond0
          [ipv4]
          dns-search=
          may-fail=false
          method=auto
    - path: /etc/NetworkManager/system-connections/bond0.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=bond0
          type=bond
          interface-name=bond0
          [bond]
          miimon=100
          mode=active-backup
          [ipv4]
          method=disabled
          [ipv6]
          method=disabled
    - path: /etc/NetworkManager/system-connections/bond0-slave-ens2.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=bond0-slave-ens2
          type=ethernet
          interface-name=ens2
          master=bond0
          slave-type=bond
    - path: /etc/NetworkManager/system-connections/bond0-slave-ens3.nmconnection
      mode: 0600
      contents:
        inline: |
          [connection]
          id=bond0-slave-ens3
          type=ethernet
          interface-name=ens3
          master=bond0
          slave-type=bond

Disabling Automatic Configuration of Ethernet Devices

By default, FCOS will attempt to autoconfigure (DHCP/SLAAC) on every interface with a cable plugged in. In some network environments this may not be desirable. It’s possible to change this behavior of NetworkManager with a configuration file dropin:

Disable NetworkManager autoconfiguration of ethernet devices
variant: fcos
version: 1.6.0
storage:
  files:
    - path: /etc/NetworkManager/conf.d/noauto.conf
      mode: 0644
      contents:
        inline: |
          [main]
          # Do not do automatic (DHCP/SLAAC) configuration on ethernet devices
          # with no other matching connections.
          no-auto-default=*
If NetworkManager autoconfiguration of ethernet devices is disabled and no other network configuration is provided the system will boot without network access.