Red Hat Summit Red Hat SummitApoyoConsolaDesarrolladoresIniciar una pruebaContacto

Este contenido no está disponible en el idioma seleccionado.

Chapter 38. NetworkManager connection profiles in keyfile format

By default, NetworkManager in Red Hat Enterprise Linux 9 and later stores connection profiles in keyfile format. Unlike the deprecated ifcfg format, the keyfile format supports all connection settings that NetworkManager provides.

38.1. The keyfile format of NetworkManager profiles
Copiar enlace

The keyfile format is an INI-like configuration for network connections.

For example, the following is an Ethernet connection profile in keyfile format: 

[connection]
id=example_connection
uuid=82c6272d-1ff7-4d56-9c7c-0eb27c300029
type=ethernet
autoconnect=true

[ipv4]
method=auto

[ipv6]
method=auto

[ethernet]
mac-address=00:53:00:8f:fa:66
Copy to Clipboard Toggle word wrap
Warning

Typos or incorrect placements of parameters can lead to unexpected behavior. Therefore, do not manually edit or create NetworkManager profiles.

Use the nmcli utility, the network RHEL system role, or the nmstate API to manage NetworkManager connections. For example, you can use the nmcli utility in offline mode to create connection profiles.

Each section corresponds to a NetworkManager setting name as described in the nm-settings(5) man page. Each key-value-pair in a section is one of the properties listed in the settings specification of the man page.

Most variables in NetworkManager keyfiles have a one-to-one mapping. This means that a NetworkManager property is stored in the keyfile as a variable of the same name and in the same format. However, there are exceptions, mainly to make the keyfile syntax easier to read. For a list of these exceptions, see the nm-settings-keyfile(5) man page on your system.

Important

For security reasons, because connection profiles can contain sensitive information, such as private keys and passphrases, NetworkManager uses only configuration files owned by the root user and that are only readable and writable by root.

Save the connection profile with a .nmconnection suffix in the /etc/NetworkManager/system-connections/ directory. This directrory contains persistent profiles. If you modify a persistent profile by using the NetworkManager API, NetworkManager writes and overwrites files in this directory.

NetworkManager does not automatically reload profiles from disk. When you create or update a connection profile in keyfile format, use the nmcli connection reload command to inform NetworkManager about the changes.

You can use the nmcli utility in offline mode to create and manage NetworkManager connection profiles. In this mode, nmcli operates without the NetworkManager service to produce keyfile connection profiles through standard output.

This feature can be useful in the following scenarios:

  • You want to create your connection profiles that need to be pre-deployed somewhere. For example in a container image, or as an RPM package.
  • You want to create your connection profiles in an environment where the NetworkManager service is not available, for example, when you want to use the chroot utility. Alternatively, when you want to create or modify the network configuration of the RHEL system to be installed through the Kickstart %post script.

Procedure

  1. Create a new connection profile in the keyfile format. For example, for a connection profile of an Ethernet device that does not use DHCP, run a similar nmcli command: 

    # nmcli --offline connection add type ethernet con-name Example-Connection ipv4.addresses 192.0.2.1/24 ipv4.dns 192.0.2.200 ipv4.method manual > /etc/NetworkManager/system-connections/example.nmconnection
    Copy to Clipboard Toggle word wrap
    Note

    The connection name you specified with the con-name key is saved into the id variable of the generated profile. When you use the nmcli command to manage this connection later, specify the connection as follows:

    • When the id variable is not omitted, use the connection name, for example Example-Connection.
    • When the id variable is omitted, use the file name without the .nmconnection suffix, for example output.

  2. Set permissions to the configuration file so that only the root user can read and update it: 

    # chmod 600 /etc/NetworkManager/system-connections/example.nmconnection
# chown root:root /etc/NetworkManager/system-connections/example.nmconnection
    Copy to Clipboard Toggle word wrap

  3. Start the NetworkManager service: 

    # systemctl start NetworkManager.service
    Copy to Clipboard Toggle word wrap

  4. If you set the autoconnect variable in the profile to false, activate the connection: 

    # nmcli connection up Example-Connection
    Copy to Clipboard Toggle word wrap

Verification

  1. Verify that the NetworkManager service is running: 

    # systemctl status NetworkManager.service
● NetworkManager.service - Network Manager
   Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2022-08-03 13:08:32 CEST; 1min 40s ago
...
    Copy to Clipboard Toggle word wrap

  2. Verify that NetworkManager can read the profile from the configuration file: 

    # nmcli -f TYPE,FILENAME,NAME connection
TYPE      FILENAME                                                     NAME
ethernet /etc/NetworkManager/system-connections/examaple.nmconnection Example-Connection
ethernet  /etc/sysconfig/network-scripts/ifcfg-enp1s0                  enp1s0
...
    Copy to Clipboard Toggle word wrap

    If the output does not show the newly created connection, verify that the keyfile permissions and the syntax you used are correct.

  3. Display the connection profile: 

    # nmcli connection show Example-Connection
connection.id:                          Example-Connection
connection.uuid:                        232290ce-5225-422a-9228-cb83b22056b4
connection.stable-id:                   --
connection.type:                        802-3-ethernet
connection.interface-name:              --
connection.autoconnect:                 yes
...
    Copy to Clipboard Toggle word wrap

38.3. Manually creating a NetworkManager profile in keyfile format
Copiar enlace

You can manually create a NetworkManager connection profile in keyfile format. For example, this can be required if an external application generates the profiles.

Warning

Manually creating or updating the configuration files can result in an unexpected or non-functional network configuration. As an alternative, you can use nmcli in offline mode. See Using nmcli to create keyfile connection profiles in offline mode

Procedure

  1. Create a connection profile. For example, for a connection profile for the enp1s0 Ethernet device that uses DHCP, create the /etc/NetworkManager/system-connections/example.nmconnection file with the following content: 

    [connection]
id=Example-Connection
type=ethernet
autoconnect=true
interface-name=enp1s0

[ipv4]
method=auto

[ipv6]
method=auto
    Copy to Clipboard Toggle word wrap
    Note

    You can use any file name with a .nmconnection suffix. However, when you later use nmcli commands to manage the connection, you must use the connection name set in the id variable when you refer to this connection. When you omit the id variable, use the file name without the .nmconnection to refer to this connection.

  2. Set permissions on the configuration file so that only the root user can read and update it: 

    # chown root:root /etc/NetworkManager/system-connections/example.nmconnection
# chmod 600 /etc/NetworkManager/system-connections/example.nmconnection
    Copy to Clipboard Toggle word wrap

  3. Reload the connection profiles: 

    # nmcli connection reload
    Copy to Clipboard Toggle word wrap

  4. Verify that NetworkManager read the profile from the configuration file: 

    # nmcli -f NAME,UUID,FILENAME connection
NAME                UUID                                  FILENAME
Example-Connection  86da2486-068d-4d05-9ac7-957ec118afba  /etc/NetworkManager/system-connections/example.nmconnection
...
    Copy to Clipboard Toggle word wrap

    If the command does not show the newly added connection, verify that the file permissions and the syntax you used in the file are correct.

  5. If you set the autoconnect variable in the profile to false, activate the connection: 

    # nmcli connection up example_connection
    Copy to Clipboard Toggle word wrap

Verification

  • Display the connection profile: 

    # nmcli connection show example_connection
    Copy to Clipboard Toggle word wrap

You can define custom network interface names, such as lan to make interface names more descriptive. In this case, the udev service renames the interfaces. The renaming process works differently depending on whether you use connection profiles in ifcfg or keyfile format.

The interface renaming process when using a profile in ifcfg format
  1. The udev rule file /usr/lib/udev/rules.d/60-net.rules calls the /lib/udev/rename_device helper utility.
  2. The helper utility searches for the HWADDR parameter in /etc/sysconfig/network-scripts/ifcfg-* files.
  3. If the value set in the variable matches the MAC address of an interface, the helper utility renames the interface to the name set in the DEVICE parameter of the file.
The interface renaming process when using a profile in keyfile format
  1. Create a systemd link file or a udev rule to rename an interface.
  2. Use the custom interface name in the interface-name property of a NetworkManager connection profile.

38.5. Migrating NetworkManager profiles from ifcfg to keyfile format
Copiar enlace

If you still use connection profiles in the deprecated ifcfg format, you can convert them to the keyfile format.

Note

If an ifcfg file contains the NM_CONTROLLED=no setting, NetworkManager does not control this profile and, consequently the migration process ignores it.

Prerequisites

  • You have connection profiles in ifcfg format in the /etc/sysconfig/network-scripts/ directory.
  • If the connection profiles contain a DEVICE variable that is set to a custom device name, such as provider or lan, you created a systemd link file or a udev rule for each of the custom device names.

Procedure

  • Migrate the connection profiles: 

    # nmcli connection migrate
Connection 'enp1s0' (43ed18ab-f0c4-4934-af3d-2b3333948e45) successfully migrated.
Connection 'enp2s0' (883333e8-1b87-4947-8ceb-1f8812a80a9b) successfully migrated.
...
    Copy to Clipboard Toggle word wrap

Verification

  • Optionally, you can verify that you successfully migrated all your connection profiles: 

    # nmcli -f TYPE,FILENAME,NAME connection
TYPE      FILENAME                                                           NAME
ethernet  /etc/NetworkManager/system-connections/enp1s0.nmconnection         enp1s0
ethernet  /etc/NetworkManager/system-connections/enp2s0.nmconnection         enp2s0
...
    Copy to Clipboard Toggle word wrap
Volver arriba
Red Hat logoGithubredditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar. Explore nuestras recientes actualizaciones.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

Theme

© 2025 Red Hat