Red Hat SummitEste conteúdo não está disponível no idioma selecionado.
Chapter 50. Automatically configuring network interfaces in public clouds using nm-cloud-setup
Usually, a virtual machine (VM) has only one interface that is configurable by DHCP. However, DHCP cannot configure VMs with multiple network entities, such as interfaces, IP subnets, and IP addresses. Additionally, you cannot apply settings when the VM instance is running. To solve this runtime configuration issue, the nm-cloud-setup utility automatically retrieves configuration information from the metadata server of the cloud service provider and updates the network configuration of the host. The utility automatically picks up multiple network interfaces, multiple IP addresses, or IP subnets on one interface and helps to reconfigure the network of the running VM instance.
50.1. Configuring and pre-deploying nm-cloud-setup
To enable and configure network interfaces in public clouds, run nm-cloud-setup as a timer and service.
On Red Hat Enterprise Linux On Demand and AWS golden images, nm-cloud-setup is already enabled and no action is required.
Prerequisites
- A network connection exists.
The connection uses DHCP.
By default, NetworkManager creates a connection profile which uses DHCP. If no profile was created because you set the
no-auto-defaultparameter in/etc/NetworkManager/NetworkManager.conf, create this initial connection manually.
Procedure
Install the
nm-cloud-setuppackage:dnf install NetworkManager-cloud-setup
# dnf install NetworkManager-cloud-setupCopy to Clipboard Copied! Toggle word wrap Toggle overflow Create and run the snap-in file for the
nm-cloud-setupservice:Use the following command to start editing the snap-in file:
systemctl edit nm-cloud-setup.service
# systemctl edit nm-cloud-setup.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow It is important to either start the service explicitly or reboot the system to make configuration settings effective.
Use the
systemdsnap-in file to configure the cloud provider innm-cloud-setup. For example, to use Amazon EC2, enter:[Service] Environment=NM_CLOUD_SETUP_EC2=yes
[Service] Environment=NM_CLOUD_SETUP_EC2=yesCopy to Clipboard Copied! Toggle word wrap Toggle overflow You can set the following environment variables to enable the cloud provide you use:
-
NM_CLOUD_SETUP_ALIYUNfor Alibaba Cloud (Aliyun) -
NM_CLOUD_SETUP_AZUREfor Microsoft Azure -
NM_CLOUD_SETUP_EC2for Amazon EC2 (AWS) -
NM_CLOUD_SETUP_GCPfor Google Cloud Platform(GCP) -
NM_CLOUD_SETUP_OCIfor Oracle Cloud Infrastructure (OCI)
-
- Save the file and quit the editor.
Reload the
systemdconfiguration:systemctl daemon-reload
# systemctl daemon-reloadCopy to Clipboard Copied! Toggle word wrap Toggle overflow Enable and start the
nm-cloud-setupservice:systemctl enable --now nm-cloud-setup.service
# systemctl enable --now nm-cloud-setup.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow Enable and start the
nm-cloud-setuptimer:systemctl enable --now nm-cloud-setup.timer
# systemctl enable --now nm-cloud-setup.timerCopy to Clipboard Copied! Toggle word wrap Toggle overflow
50.2. Understanding the role of IMDSv2 and nm-cloud-setup in the RHEL EC2 instance
The instance metadata service (IMDS) in Amazon EC2 allows you to manage permissions to access instance metadata of a running Red Hat Enterprise Linux (RHEL) EC2 instance. The RHEL EC2 instance uses IMDS version 2 (IMDSv2), a session-oriented method. By using the nm-cloud-setup utility, administrators can reconfigure the network and automatically update the configuration of running RHEL EC2 instances. The nm-cloud-setup utility handles IMDSv2 API calls by using IMDSv2 tokens without any user intervention.
-
IMDS runs on a link-local address
169.254.169.254for providing access to native applications on a RHEL EC2 instance. - After you have specified and configured IMDSv2 for each RHEL EC2 instance for applications and users, you can no longer access IMDSv1.
- By using IMDSv2, the RHEL EC2 instance maintains metadata without using the IAM role while remaining accessible through the IAM role.
-
When the RHEL EC2 instance boots, the
nm-cloud-setuputility automatically runs to fetch the EC2 instance API access token for using the RHEL EC2 instance API.
Use the IMDSv2 token as an HTTP header to check the details of the EC2 environment.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}