Este conteúdo não está disponível no idioma selecionado.
Chapter 53. Automatically configuring network interfaces in public clouds using nm-cloud-setup
Usually, a virtual machine (VM) has only one interface that is configurable by DHCP. However, DHCP cannot configure VMs with multiple network entities, such as interfaces, IP subnets, and IP addresses. Additionally, you cannot apply settings when the VM instance is running. To solve this runtime configuration issue, the nm-cloud-setup
utility automatically retrieves configuration information from the metadata server of the cloud service provider and updates the network configuration of the host. The utility automatically picks up multiple network interfaces, multiple IP addresses, or IP subnets on one interface and helps to reconfigure the network of the running VM instance.
53.1. Configuring and pre-deploying nm-cloud-setup
To enable and configure network interfaces in public clouds, run nm-cloud-setup
as a timer and service.
On Red Hat Enterprise Linux On Demand and AWS golden images, nm-cloud-setup
is already enabled and no action is required.
Prerequisite
- A network connection exists.
The connection uses DHCP.
By default, NetworkManager creates a connection profile which uses DHCP. If no profile was created because you set the
no-auto-default
parameter in/etc/NetworkManager/NetworkManager.conf
, create this initial connection manually.
Procedure
Install the
nm-cloud-setup
package:# yum install NetworkManager-cloud-setup
Create and run the snap-in file for the
nm-cloud-setup
service:Use the following command to start editing the snap-in file:
# systemctl edit nm-cloud-setup.service
It is important to either start the service explicitly or reboot the system to make configuration settings effective.
Use the
systemd
snap-in file to configure the cloud provider innm-cloud-setup
. For example, to use Amazon EC2, enter:[Service] Environment=NM_CLOUD_SETUP_EC2=yes
You can set the following environment variables to enable the cloud provide you use:
-
NM_CLOUD_SETUP_AZURE
for Microsoft Azure -
NM_CLOUD_SETUP_EC2
for Amazon EC2 (AWS) -
NM_CLOUD_SETUP_GCP
for Google Cloud Platform(GCP) -
NM_CLOUD_SETUP_ALIYUN
for Alibaba Cloud (Aliyun)
-
- Save the file and quit the editor.
Reload the
systemd
configuration:# systemctl daemon-reload
Enable and start the
nm-cloud-setup
service:# systemctl enable --now nm-cloud-setup.service
Enable and start the
nm-cloud-setup
timer:# systemctl enable --now nm-cloud-setup.timer
Additional resources
-
nm-cloud-setup(8)
man page on your system - Configuring an Ethernet connection
53.2. Understanding the role of IMDSv2 and nm-cloud-setup in the RHEL EC2 instance
The instance metadata service (IMDS) in Amazon EC2 allows you to manage permissions to access instance metadata of a running Red Hat Enterprise Linux (RHEL) EC2 instance. The RHEL EC2 instance uses IMDS version 2 (IMDSv2), a session-oriented method. By using the nm-cloud-setup
utility, administrators can reconfigure the network and automatically update the configuration of running RHEL EC2 instances. The nm-cloud-setup
utility handles IMDSv2 API calls by using IMDSv2 tokens without any user intervention.
-
IMDS runs on a link-local address
169.254.169.254
for providing access to native applications on a RHEL EC2 instance. - After you have specified and configured IMDSv2 for each RHEL EC2 instance for applications and users, you can no longer access IMDSv1.
- By using IMDSv2, the RHEL EC2 instance maintains metadata without using the IAM role while remaining accessible through the IAM role.
-
When the RHEL EC2 instance boots, the
nm-cloud-setup
utility automatically runs to fetch the EC2 instance API access token for using the RHEL EC2 instance API.
Use the IMDSv2 token as an HTTP header to check the details of the EC2 environment.
Additional resources
-
nm-cloud-setup(8)
man page on your system