Red Hat Summit16.3. Network configuration
The default images include the NetworkManager dynamic network control and configuration system, and bootc attempts to connect by using DHCP on every interface with a cable plugged in. You can apply a temporary network configuration, by setting up the /run/NetworkManager/conf.d directory.
However, if you need to use static addressing or more complex networking such as VLANs, bonds, bridges, teams, among others, you can use different ways. Regardless of the way you choose to configure networking, it results as a configuration for NetworkManager, which takes the form of NetworkManager keyfiles.
- Host Network Configuration options
- Complex networking configuration often also requires per-machine state. You can generate machine-specific container images that have, for example, static IP addressing included. You can also include code to generate network configuration from inside the image by inspecting the MAC address of the host.
- Network configuration options available
The following are the available options for configuring static IP, and how the configuration should be done:
By using a Containerfile: Create a container image with static IP or include code to generate network configuration from inside the image based on MAC address.
- Use the configuration specified in Device List Format to match the MAC address or other addresses.
-
To configure a network, you can use the
nmcli connection addsimilarly to what you do to a booted system. However, during build time, you must use the command combined with an explicit--offlineargument. See Configuring an Ethernet connection by using nmcli for more details. Ensure to add the following command before the
nmclicommand in the ContainerFile:RUN nmcli --offline connection add
-
By using Anaconda: You can use an Anaconda Kickstart to configure networking, including Wi-Fi, for bare-metal installations. The configuration is stored by default in the
/etc/NetworkManager/system-connections/file, and is inherently per-machine state. -
By using kernel arguments: Add kernel parameters on first boot to define networking configuration. On the first boot of a machine, enter kernel arguments that define networking configuration. The kernel arguments are mostly defined in the
dracut.cmdlineman page. You can apply these kernel arguments on first boot by using different methods. When usingbootc install, you can also set per-machine kernel arguments by using--karg. -
By using NetworkManager key files:
nmcliornm-initrd-generator
Generating a NetworkManager keyfiles by using nmcli
The nmcli NetworkManager command line tool provides an offline mode that does not communicate with the NetworkManager daemon and just writes the keyfile content to standard output.
Run the
nmclitool for each connection profile you want to create:$ nmcli --offline connection add \ type ethernet ifname enp1s0 \ ipv4.method manual ipv4.addresses 192.0.0.1/24 \ ipv6.method disabled [connection] id=ethernet-enp1s0 uuid=ff242096-f803-425f-9a77-4c3ec92686bd type=ethernet interface-name=enp1s0 [ethernet] [ipv4] address1=192.0.0.1/24 method=manual [ipv6] addr-gen-mode=default method=disabled [proxy]
See the settings man page for a list of the properties that can be specified by using nmcli. Bash autocompletion is available.
Generating NetworkManager Keyfiles by using nm-initrd-generator
NetworkManager contains the nm-initrd-generator tool, that can generate keyfiles from dracut kernel argument syntax. You can use the tool to either convert from kernel arguments to keyfiles or to just quickly generate some keyfiles giving a small amount of input and then modify some more detailed settings.
Generate keyfiles for a bond by using
nm-initrd-generator:$ podman run --rm -ti quay.io/<namespace>/<image>:<tag> /usr/libexec/nm-initrd-generator -s -- "ip=bond0:dhcp" "bond=bond0:ens2,ens3:mode=active-backup,miimon=100" "nameserver=8.8.8.8" * Connection 'bond0' * [connection] id=bond0 uuid=643c17b5-b364-4137-b273-33f450a45476 type=bond interface-name=bond0 multi-connect=1 permissions= [ethernet] mac-address-blacklist= [bond] miimon=100 mode=active-backup [ipv4] dns=8.8.8.8; dns-search= may-fail=false method=auto [ipv6] addr-gen-mode=eui64 dns-search= method=auto [proxy] * Connection 'ens3' * [connection] id=ens3 uuid=b42cc917-fd87-47df-9ac2-34622ecddd8c type=ethernet interface-name=ens3 master=643c17b5-b364-4137-b273-33f450a45476 multi-connect=1 permissions= slave-type=bond [ethernet] mac-address-blacklist= * Connection 'ens2' * [connection] id=ens2 uuid=e111bb4e-3ee3-4612-afc2-1d2dfff97671 type=ethernet interface-name=ens2 master=643c17b5-b364-4137-b273-33f450a45476 multi-connect=1 permissions= slave-type=bond [ethernet] mac-address-blacklist=
The command generates three keyfiles for each interface: bond0, ens3, and ens2. You can use the generated output, add more settings or modify existing settings, and then commit the files into a container image.
Configuring a Static IP
You can use the following
dracutkernel arguments:Template:
ip=${ip}::${gateway}:${netmask}:${hostname}:${interface}:none:${nameserver}Example:
ip=10.10.10.10::10.10.10.1:255.255.255.0:myhostname:ens2:none:8.8.8.8Writing configuration embedded in container images
Store the NetworkManager configuration embedded in container images in /usr/lib/NetworkManager/system-connections/ because this form is part of the immutable image state. You can also write configuration to /etc/NetworkManager/system-connections/ as part of the container image. The default OSTree 3-way merge, that is, using the old default configuration, the active /etc system, and the new default configuration, applies with any machine-specific configuration.
The keyfiles must have the 600 root-only access permissions, otherwise NetworkManager ignores them.
Disabling automatic configuration of Ethernet devices
By default, NetworkManager attempts to autoconfigure by using the DHCP or SLAAC addresses on every interface with a cable plugged in. In some network environments this might not be desirable. For that, it is possible to change the NetworkManager behavior by adding a configuration file, such as /usr/lib/NetworkManager/conf.d/noauto.conf.
Disable the
NetworkManagerautoconfiguration of Ethernet devices[main] # Do not do automatic (DHCP or SLAAC) configuration on ethernet devices # with no other matching connections. no-auto-default=*
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}