Configuração de rede do host
Opções de configuração de rede do host
Base
Unless otherwise configured, Fedora CoreOS (FCOS) will attempt DHCP on every interface with a cable plugged in. However, if you need to use static addressing or more complex networking (vlans, bonds, bridges, teams, etc..), you can do so in a number of ways which are summarized below. Regardless of the way you choose to configure networking it all ends up as configuration for NetworkManager, which takes the form of NetworkManager keyfiles. More information on the keyfile format can be found here. More information on the subsection options for keyfiles can be found here.
Opções de configuração
Máquinas FCOS são primariamente configuradas via Ignition, que executa pelo initramfs na primeira inicialização da máquina. Dependendo da plataforma, a máquina precisará de acesso à rede para obter recursos remotos; seja a configuração Ignition em si, ou recursos remotos especificados dentro da configuração do Ignition.
A rede somente será iniciada no initramfs se determinado com sendo necessário, ou se for explicitamente requisitado pelo usuário com: rd.neednet=1 .
|
Se uma máquina precisa de rede no initramfs pode ditar como um usuário irá configurar a rede para a máquina. As opções para configurar a rede para uma máquina é:
-
via argumentos de kernel
-
Esses são processados por módulos do dracut no initramfs durante a primeira inicialização
-
-
via live image customization
-
by embedding network configuration in the live ISO or PXE image
-
-
via
coreos-installer install --copy-network
-
by propagating the installation environment networking configuration
-
-
via Afterburn
-
aplicando a configuração de rede, injetada por várias plataformas
-
-
via Ignition
-
entregando arquivos que o NetworkManager então usará na inicialização
-
Se você precisar de conectividade com a rede para obter sua configuração Ignition, ou se seu Ignition possui referências remotas, você não será capaz de prover sua configuração de rede via Ignition. |
Se você fornecer configuração de rede de várias maneiras (ou seja, por meio de argumentos do kernel e via Ignition), então a configuração fornecida via Ignition vencerá e será aplicada à raiz real da máquina. Não há suporte para fornecer meia configuração por meio de argumentos do kernel e outra metade por meio do Ignition. |
Vamos cobrir cada uma dessas opções agora.
via argumentos de kernel
Na primeira inicialização de uma máquina, um usuário pode fornecer argumentos de kernel que definem a configuração de rede. Esses argumentos do kernel são definidos principalmente na página do manual dracut.cmdline. Existem algumas maneiras diferentes de aplicar esses argumentos do kernel na primeira inicialização.
-
Na forma mais genérica, você pode parar uma instância no prompt do GRUB na primeira inicialização (inicialização do Ignition) e adicioná-los ao conjunto existente de argumentos do kernel.
-
For a bare metal install where you automate the installation via kernel arguments added, (i.e.,
coreos.inst.install_dev=
), you can also append networking arguments there and they will apply to the install boot and also the first boot (Ignition boot) of the installed machine. -
Para uma inicialização PXE, você pode adicionar argumentos de kernel de rede ao seu conjunto existente de argumentos de kernel em sua configuração PXE.
An example set of kernel arguments for statically configuring an IP address for ens2
looks like:
ip=10.10.10.10::10.10.10.1:255.255.255.0:meunomedehost:ens2:none:8.8.8.8
A sintaxe é um pouco difícil de trabalhar. Uma maneira fácil de trabalhar com isso é escrever um pequeno script que preencherá os itens para você. Para o exemplo acima, algo assim deve funcionar:
ip='10.10.10.10'
gateway='10.10.10.1'
netmask='255.255.255.0'
hostname='meunomedehost'
interface='ens2'
nameserver='8.8.8.8'
echo "ip=${ip}::${gateway}:${netmask}:${hostname}:${interface}:none:${nameserver}"
via live image customization
coreos-installer allows you to embed NetworkManager keyfiles directly in a live ISO or PXE image by using the --network-keyfile
option to coreos-installer iso customize
or coreos-installer pxe customize
. The configuration is applied in the initramfs before Ignition runs. If you also use the --installer-config
option or any of the --dest-*
options to configure automatic installation, or the --copy-network
option when installing manually, the network configuration will be forwarded to the installed system.
For more details on embedding network configuration in a live image, see the live ISO/PXE image reference.
via coreos-installer install --copy-network
Para fluxos de trabalho de instalação manual em máquina física, pode não ser preferível usar os argumentos do kernel dracut para configurar a rede:
-
the syntax is not very user-friendly
-
manipular os argumentos do kernel pegando o prompt do GRUB pode ser um desafio
The --copy-network
option to coreos-installer install
will copy the files from /etc/NetworkManager/system-connections/
directory into the installed system. For an interactive install this allows the user to populate networking configuration in a variety of ways before doing the installation:
-
usando o comando
nmcli
-
usando a interface de texto
nmtui
-
escrevendo arquivos diretamente
-
usando outra ferramenta de escolha
It also allows the user to do hardware discovery on the node (i.e. "what are my interface names?"). For an example of this workflow see this demo which shows it in detail.
via Afterburn
Em certas plataformas, o Afterburn injetará configuração de rede, configurada pelo usuário ou pela plataforma, durante o initramfs.
Currently, this is only utilized on VMWare. The implementation there allows for users to specify networking configuration in the form of dracut networking arguments without having to stop the boot of the machine and manually inject those arguments themselves.
See the Afterburn documentation for more information.
via Ignition
Se você precisa de rede para obter a configuração do Ignition e seu ambiente requer uma rede mais complexa do que o padrão do DHCP para obter a configuração do Ignition, você precisará usar outro método diferente do Ignition para configurar a rede. |
Networking configuration can be performed by writing out files described in an Ignition config. These are NetworkManager keyfiles that are written to /etc/NetworkManager/system-connections/
that tell NetworkManager what to do.
Qualquer configuração fornecida através do Ignition será considerada com uma prioridade mais alta do que qualquer outro método de configuração da rede para uma instância do Fedora CoreOS. Se você especificar a configuração de rede por meio do Ignition, tente não usar outros mecanismos para configurar a rede.
An example Butane config for the same static networking example that we showed above is:
variant: fcos
version: 1.6.0
storage:
files:
- path: /etc/NetworkManager/system-connections/ens2.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=ens2
type=ethernet
interface-name=ens2
[ipv4]
address1=10.10.10.10/24,10.10.10.1
dns=8.8.8.8;
dns-search=
may-fail=false
method=manual
Exemplos de configuração de rede do host
In this section we’ll go through common examples of setting up different types of networking devices using both dracut kernel arguments as well as NetworkManager keyfiles via Ignition/Butane.
Os exemplos nesta seção que usam um IP estático presumirão esses valores, a menos que indicado de outra forma:
ip='10.10.10.10'
gateway='10.10.10.1'
netmask='255.255.255.0'
prefix='24'
hostname='meunomedehost'
interface='ens2'
nameserver='8.8.8.8'
bondname='bond0'
teamname='team0'
bridgename='br0'
subnic1='ens2'
subnic2='ens3'
vlanid='100'
FCOS usa nomes de interfaces predizíveis por padrão. Tome cuidado para usar o nome de interface correto para o seu hardware. |
Gerando arquivos-chave do NetworkManager usando nm-initrd-generator
NetworkManager ships a tool, nm-initrd-generator, that can generate keyfiles from dracut kernel argument syntax. This might be a good way to either convert from kernel arguments to keyfiles or to just quickly generate some keyfiles giving a small amount of input and then tweak some more detailed settings.
Aqui está um exemplo de geração de arquivos-chave para um bond via nm-initrd-generator
:
$ kargs="ip=bond0:dhcp bond=bond0:ens2,ens3:mode=active-backup,miimon=100 nameserver=8.8.8.8"
$ /usr/libexec/nm-initrd-generator -s -- $kargs
*** Conexão "bond0" ***
[connection]
id=bond0
uuid=643c17b5-b364-4137-b273-33f450a45476
type=bond
interface-name=bond0
multi-connect=1
permissions=
[ethernet]
mac-address-blacklist=
[bond]
miimon=100
mode=active-backup
[ipv4]
dns=8.8.8.8;
dns-search=
may-fail=false
method=auto
[ipv6]
addr-gen-mode=eui64
dns-search=
method=auto
[proxy]
*** Conexão "ens3" ***
[connection]
id=ens3
uuid=b42cc917-fd87-47df-9ac2-34622ecddd8c
type=ethernet
interface-name=ens3
master=643c17b5-b364-4137-b273-33f450a45476
multi-connect=1
permissions=
slave-type=bond
[ethernet]
mac-address-blacklist=
*** Conexão "ens2" ***
[connection]
id=ens2
uuid=e111bb4e-3ee3-4612-afc2-1d2dfff97671
type=ethernet
interface-name=ens2
master=643c17b5-b364-4137-b273-33f450a45476
multi-connect=1
permissions=
slave-type=bond
[ethernet]
mac-address-blacklist=
Esta execução gera três arquivos-chave. Um para bond0
, um para ens3
e um para ens2
. Você pode pegar a saída gerada, adicionar mais configurações ou ajustar as configurações existentes e, em seguida, entregar os arquivos por meio do Ignition.
Configurando um IP estático
Argumentos de kernel do dracut
ip=${ip}::${gateway}:${netmask}:${hostname}:${interface}:none:${nameserver}
ip=10.10.10.10::10.10.10.1:255.255.255.0:meunomedehost:ens2:none:8.8.8.8
Butane config
variant: fcos
version: 1.6.0
storage:
files:
- path: /etc/NetworkManager/system-connections/${interface}.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=${interface}
type=ethernet
interface-name=${interface}
[ipv4]
address1=${ip}/${prefix},${gateway}
dhcp-hostname=${hostname}
dns=${nameserver};
dns-search=
may-fail=false
method=manual
variant: fcos
version: 1.6.0
storage:
files:
- path: /etc/NetworkManager/system-connections/ens2.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=ens2
type=ethernet
interface-name=ens2
[ipv4]
address1=10.10.10.10/24,10.10.10.1
dhcp-hostname=myhostname
dns=8.8.8.8;
dns-search=
may-fail=false
method=manual
Configurando um bond (IP estático)
Argumentos de kernel do dracut
ip=${ip}::${gateway}:${netmask}:${hostname}:${bondname}:none:${nameserver}
bond=${bondname}:${subnic1},${subnic2}:mode=active-backup,miimon=100
ip=10.10.10.10::10.10.10.1:255.255.255.0:meunomedehost:bond0:none:8.8.8.8
bond=bond0:ens2,ens3:mode=active-backup,miimon=100
Butane config
variant: fcos
version: 1.6.0
storage:
files:
- path: /etc/NetworkManager/system-connections/${bondname}.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=${bondname}
type=bond
interface-name=${bondname}
[bond]
miimon=100
mode=active-backup
[ipv4]
address1=${ip}/${prefix},${gateway}
dhcp-hostname=${hostname}
dns=${nameserver};
dns-search=
may-fail=false
method=manual
- path: /etc/NetworkManager/system-connections/${bondname}-slave-${subnic1}.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=${bondname}-slave-${subnic1}
type=ethernet
interface-name=${subnic1}
master=${bondname}
slave-type=bond
- path: /etc/NetworkManager/system-connections/${bondname}-slave-${subnic2}.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=${bondname}-slave-${subnic2}
type=ethernet
interface-name=${subnic2}
master=${bondname}
slave-type=bond
variant: fcos
version: 1.6.0
storage:
files:
- path: /etc/NetworkManager/system-connections/bond0.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=bond0
type=bond
interface-name=bond0
[bond]
miimon=100
mode=active-backup
[ipv4]
address1=10.10.10.10/24,10.10.10.1
dhcp-hostname=myhostname
dns=8.8.8.8;
dns-search=
may-fail=false
method=manual
- path: /etc/NetworkManager/system-connections/bond0-slave-ens2.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=bond0-slave-ens2
type=ethernet
interface-name=ens2
master=bond0
slave-type=bond
- path: /etc/NetworkManager/system-connections/bond0-slave-ens3.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=bond0-slave-ens3
type=ethernet
interface-name=ens3
master=bond0
slave-type=bond
Configurando uma ponte (DHCP)
Argumentos de kernel do dracut
ip=${bridgename}:dhcp
bridge=${bridgename}:${subnic1},${subnic2}
ip=br0:dhcp
bridge=br0:ens2,ens3
Butane config
variant: fcos
version: 1.6.0
storage:
files:
- path: /etc/NetworkManager/system-connections/${bridgename}.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=${bridgename}
type=bridge
interface-name=${bridgename}
[bridge]
[ipv4]
dns-search=
may-fail=false
method=auto
- path: /etc/NetworkManager/system-connections/${bridgename}-slave-${subnic1}.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=${bridgename}-slave-${subnic1}
type=ethernet
interface-name=${subnic1}
master=${bridgename}
slave-type=bridge
[bridge-port]
- path: /etc/NetworkManager/system-connections/${bridgename}-slave-${subnic2}.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=${bridgename}-slave-${subnic2}
type=ethernet
interface-name=${subnic2}
master=${bridgename}
slave-type=bridge
[bridge-port]
variant: fcos
version: 1.6.0
storage:
files:
- path: /etc/NetworkManager/system-connections/br0.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=br0
type=bridge
interface-name=br0
[bridge]
[ipv4]
dns-search=
may-fail=false
method=auto
- path: /etc/NetworkManager/system-connections/br0-slave-ens2.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=br0-slave-ens2
type=ethernet
interface-name=ens2
master=br0
slave-type=bridge
[bridge-port]
- path: /etc/NetworkManager/system-connections/br0-slave-ens3.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=br0-slave-ens3
type=ethernet
interface-name=ens3
master=br0
slave-type=bridge
[bridge-port]
Configurando um Team (DHCP)
Argumentos de kernel do dracut
ip=${teamname}:dhcp
team=${teamname}:${subnic1},${subnic2}
ip=team0:dhcp
team=team0:ens2,ens3
Butane config
variant: fcos
version: 1.6.0
storage:
files:
- path: /etc/NetworkManager/system-connections/${teamname}.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=${teamname}
type=team
interface-name=${teamname}
[team]
config={"runner": {"name": "activebackup"}, "link_watch": {"name": "ethtool"}}
[ipv4]
dns-search=
may-fail=false
method=auto
- path: /etc/NetworkManager/system-connections/${teamname}-slave-${subnic1}.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=${teamname}-slave-${subnic1}
type=ethernet
interface-name=${subnic1}
master=${teamname}
slave-type=team
[team-port]
config={"prio": 100}
- path: /etc/NetworkManager/system-connections/${teamname}-slave-${subnic2}.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=${teamname}-slave-${subnic2}
type=ethernet
interface-name=${subnic2}
master=${teamname}
slave-type=team
[team-port]
config={"prio": 100}
variant: fcos
version: 1.6.0
storage:
files:
- path: /etc/NetworkManager/system-connections/team0.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=team0
type=team
interface-name=team0
[team]
config={"runner": {"name": "activebackup"}, "link_watch": {"name": "ethtool"}}
[ipv4]
dns-search=
may-fail=false
method=auto
- path: /etc/NetworkManager/system-connections/team0-slave-ens2.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=team0-slave-ens2
type=ethernet
interface-name=ens2
master=team0
slave-type=team
[team-port]
config={"prio": 100}
- path: /etc/NetworkManager/system-connections/team0-slave-ens3.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=team0-slave-ens3
type=ethernet
interface-name=ens3
master=team0
slave-type=team
[team-port]
config={"prio": 100}
Configurando uma VLAN (IP estático)
Argumentos de kernel do dracut
ip=${ip}::${gateway}:${netmask}:${hostname}:${interface}.${vlanid}:none:${nameserver}
vlan=${interface}.${vlanid}:${interface}
ip=10.10.10.10::10.10.10.1:255.255.255.0:myhostname:ens2.100:none:8.8.8.8
vlan=ens2.100:ens2
Butane config
variant: fcos
version: 1.6.0
storage:
files:
- path: /etc/NetworkManager/system-connections/${interface}.${vlanid}.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=${interface}.${vlanid}
type=vlan
interface-name=${interface}.${vlanid}
[vlan]
egress-priority-map=
flags=1
id=${vlanid}
ingress-priority-map=
parent=${interface}
[ipv4]
address1=${ip}/${prefix},${gateway}
dhcp-hostname=${hostname}
dns=${nameserver};
dns-search=
may-fail=false
method=manual
- path: /etc/NetworkManager/system-connections/${interface}.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=${interface}
type=ethernet
interface-name=${interface}
[ipv4]
dns-search=
method=disabled
[ipv6]
addr-gen-mode=eui64
dns-search=
method=disabled
variant: fcos
version: 1.6.0
storage:
files:
- path: /etc/NetworkManager/system-connections/ens2.100.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=ens2.100
type=vlan
interface-name=ens2.100
[vlan]
egress-priority-map=
flags=1
id=100
ingress-priority-map=
parent=ens2
[ipv4]
address1=10.10.10.10/24,10.10.10.1
dhcp-hostname=myhostname
dns=8.8.8.8;
dns-search=
may-fail=false
method=manual
- path: /etc/NetworkManager/system-connections/ens2.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=ens2
type=ethernet
interface-name=ens2
[ipv4]
dns-search=
method=disabled
[ipv6]
addr-gen-mode=eui64
dns-search=
method=disabled
Configurando uma VLAN em um Bond (DHCP)
Argumentos de kernel do dracut
ip=${bondname}.${vlanid}:dhcp
bond=${bondname}:${subnic1},${subnic2}:mode=active-backup,miimon=100
vlan=${bondname}.${vlanid}:${bondname}
ip=bond0.100:dhcp
bond=bond0:ens2,ens3:mode=active-backup,miimon=100
vlan=bond0.100:bond0
Butane config
variant: fcos
version: 1.6.0
storage:
files:
- path: /etc/NetworkManager/system-connections/${bondname}.${vlanid}.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=${bondname}.${vlanid}
type=vlan
interface-name=${bondname}.${vlanid}
[vlan]
egress-priority-map=
flags=1
id=${vlanid}
ingress-priority-map=
parent=${bondname}
[ipv4]
dns-search=
may-fail=false
method=auto
- path: /etc/NetworkManager/system-connections/${bondname}.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=${bondname}
type=bond
interface-name=${bondname}
[bond]
miimon=100
mode=active-backup
[ipv4]
method=disabled
[ipv6]
method=disabled
- path: /etc/NetworkManager/system-connections/${bondname}-slave-${subnic1}.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=${bondname}-slave-${subnic1}
type=ethernet
interface-name=${subnic1}
master=${bondname}
slave-type=bond
- path: /etc/NetworkManager/system-connections/${bondname}-slave-${subnic2}.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=${bondname}-slave-${subnic2}
type=ethernet
interface-name=${subnic2}
master=${bondname}
slave-type=bond
variant: fcos
version: 1.6.0
storage:
files:
- path: /etc/NetworkManager/system-connections/bond0.100.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=bond0.100
type=vlan
interface-name=bond0.100
[vlan]
egress-priority-map=
flags=1
id=100
ingress-priority-map=
parent=bond0
[ipv4]
dns-search=
may-fail=false
method=auto
- path: /etc/NetworkManager/system-connections/bond0.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=bond0
type=bond
interface-name=bond0
[bond]
miimon=100
mode=active-backup
[ipv4]
method=disabled
[ipv6]
method=disabled
- path: /etc/NetworkManager/system-connections/bond0-slave-ens2.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=bond0-slave-ens2
type=ethernet
interface-name=ens2
master=bond0
slave-type=bond
- path: /etc/NetworkManager/system-connections/bond0-slave-ens3.nmconnection
mode: 0600
contents:
inline: |
[connection]
id=bond0-slave-ens3
type=ethernet
interface-name=ens3
master=bond0
slave-type=bond
Disabling Automatic Configuration of Ethernet Devices
By default, FCOS will attempt to autoconfigure (DHCP/SLAAC) on every interface with a cable plugged in. In some network environments this may not be desirable. It’s possible to change this behavior of NetworkManager with a configuration file dropin:
variant: fcos
version: 1.6.0
storage:
files:
- path: /etc/NetworkManager/conf.d/noauto.conf
mode: 0644
contents:
inline: |
[main]
# Do not do automatic (DHCP/SLAAC) configuration on ethernet devices
# with no other matching connections.
no-auto-default=*
If NetworkManager autoconfiguration of ethernet devices is disabled and no other network configuration is provided the system will boot without network access. |
Want to help? Learn how to contribute to Fedora Docs ›