Bug 1361145
Summary: | [RFE] support offline mode (server-less) for nmcli to edit connection files | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Amar Huchchanavar <ahuchcha> | |
Component: | NetworkManager | Assignee: | Lubomir Rintel <lrintel> | |
Status: | CLOSED ERRATA | QA Contact: | Desktop QE <desktop-qa-list> | |
Severity: | medium | Docs Contact: | Jaroslav Klech <jklech> | |
Priority: | medium | |||
Version: | 8.3 | CC: | b.bellec, bgalvani, cww, djasa, ferferna, fge, jklech, jmaxwell, lrintel, mleitner, pasik, philipp, rkhan, rvykydal, sukulkar, thaller, till, vbenes, wenliang | |
Target Milestone: | rc | Keywords: | FutureFeature, Reopened, Triaged | |
Target Release: | --- | |||
Hardware: | x86_64 | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | NetworkManager-1.39.2-1.el8 | Doc Type: | Enhancement | |
Doc Text: |
.The `nmcli` utility now supports creating key file connection profiles in offline mode
Typically, `nmcli` would communicate with the NetworkManager service to add or modify connection profiles. With this enhancement, users can create connection profiles in the key file format in an offline mode. In the offline mode, `nmcli` works without NetworkManager. The `connection add` and `connection modify` commands accept and produce key file connection profiles through standard input or output:
----
# nmcli --offline connection add type ethernet con-name ens3 ipv4.dns 192.168.1.1 > _output.nmconnection_
# nmcli --offline connection modify ens3 ipv4.dns 192.168.1.2 < _input.nmconnection_ > _output.nmconnection_
----
For more details, see the `nmcli(1)`, and nm-settings-keyfile(5) manual pages.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1400121 (view as bug list) | Environment: | ||
Last Closed: | 2022-11-08 10:07:31 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 1813334 | |||
Bug Blocks: | 909181, 1298243, 1420851 |
Description
Amar Huchchanavar
2016-07-28 11:59:43 UTC
NetworkManager that is called via dbus by nmcli or nmtui from chrooted %post script is not running in chroot, so ifcfg scripts in installer (and NetworkManager) root are actually changed [1]. To workaround this it could be possible to use another --nochroot %post script that would copy modified ifcfg scripts from installer environment (/etc/sysconfig/network-scripts/ifcfg-*) to target system root (/mnt/sysimage/etc/sysconfig/network-scripts/). [1] They are copied to chroot (/mnt/sysimage) at the end of installation before the %post scripts are run (In reply to Radek Vykydal from comment #1) > NetworkManager that is called via dbus by nmcli or nmtui from chrooted %post > script is not running in chroot, so ifcfg scripts in installer (and > NetworkManager) root are actually changed [1]. To workaround this it could > be possible to use another --nochroot %post script that would copy modified > ifcfg scripts from installer environment > (/etc/sysconfig/network-scripts/ifcfg-*) to target system root > (/mnt/sysimage/etc/sysconfig/network-scripts/). Other option would be to run the whole script as %post --nochroot but that would work only with nmcli which is present in installer image (NetworkManager-tui is not). It would be nice to have offline mode for modifying connections with nmcli (eg in installer %post scripts in chroot). Reassigning for consideration to NM. Yes, such a feature makes sense, and similar ideas already float around. Rename bug. (In reply to Radek Vykydal from comment #5) > It would be nice to have offline mode for modifying connections with nmcli > (eg in installer %post scripts in chroot). Reassigning for consideration to > NM. Actually, we take a standard USB image, squirt it into a loopback device, mount it, and then a customization script inside chroot. The one thing we've not figured out how to do is make offline config changes via nmcli inside the chroot. Seems nmcli wants to talk to the host's NetworkManager over DBus, and that ends up reconfiguring the host... not the chroot'd image. Hi Amar, The nmstate shipping in RHEL 8.4 provides a function allowing you to generate NetworkManager config files without access to the NetworkManager daemon. Could you take a look on below links to see whether it fix your needs? https://github.com/nmstate/nmstate/pull/1424 Thank you! Do we need the ability to modify connections or would it be enough to create connections without NM running? Thomas, Beniamino: A patch to allow something like nmcli con add --stdout con-name ens32 ifname ens32 type ethernet ip4 $NIC_IP/24 gw4 $NIC_GW > new_profile.nmconnection # this would be adding a --stdout option that uses the library to write a keyfile instead of using dbus to create the new profile. using the recently added library to write profiles as keyfiles seems to me to be low to medium effort, what do you think? What would be the use case to modify existing connections? (In reply to Till Maas from comment #18) > Do we need the ability to modify connections or would it be enough to create > connections without NM running? > > Thomas, Beniamino: A patch to allow something like > > nmcli con add --stdout con-name ens32 ifname ens32 type ethernet ip4 > $NIC_IP/24 gw4 $NIC_GW > new_profile.nmconnection > # this would be adding a --stdout option that uses the library to write a > keyfile instead of using dbus to create the new profile. I like the idea, but I would change the '--stdout' option to something indicating that nmcli doesn't connect to NM like '--offline', '--no-dbus'. '--stdout' gives the impression that only the output mode changes. Maybe there should be also a '--file' option instead of always writing to stdout. > using the recently added library to write profiles as keyfiles seems to me > to be low to medium effort, what do you think? I agree. > What would be the use case to modify existing connections? I don't know exactly, but maybe during installation there could be a template connection that gets customized. The modify command could be implemented using stdin and stdout, or a --file option: nmcli --offline connection modify ens3 ipv4.dns 192.168.1.1 < input.nmconnection > output.nmconnection nmcli --offline connection modify ens3 ipv4.dns 192.168.1.1 --file my.nmconnection Closing as no reply from reporter to get this bug moving forward. Please reopen. Hi Philip Prindeville, Could you state the use case required for this feature? Thank you! (In reply to Gris Ge from comment #23) > Hi Philip Prindeville, > > Could you state the use case required for this feature? > > Thank you! I have a need for building images in a chroot with the image mounted on a loopback device, and I want to preconfigure VPN and WiFi profiles into that image... but without affecting the host that's doing the image building. Hi Philip, Could you try `nmstatectl gc` command[1] which generate the NetworkManager configuration files without host network access. [1]: https://nmstate.io/features/gen_conf.html This would be useful to help with a possible migration to allow getting current ifcfg profiles as keyfiles: nmcli con show --keyfile $UUID moving to POST. A first feature was added with https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1183 . While we probably want do expand on this topic further, it's not clear when or how exactly. Also, it warrants a new bug to discuss what exactly to do about future improvements, and to have the issue better scoped. Please try this new feature, and open a new bug with discussion about what is missing or what should be improved (if anything). Thanks. I manually tested latest `main` (using copr build). I did not find any issues. Also the manual page lgtm. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (NetworkManager bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:7680 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days |