RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1361145 - [RFE] support offline mode (server-less) for nmcli to edit connection files
Summary: [RFE] support offline mode (server-less) for nmcli to edit connection files
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: NetworkManager
Version: 8.3
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Lubomir Rintel
QA Contact: Desktop QE
Jaroslav Klech
URL:
Whiteboard:
Depends On: 1813334
Blocks: 909181 1298243 1420851
TreeView+ depends on / blocked
 
Reported: 2016-07-28 11:59 UTC by Amar Huchchanavar
Modified: 2023-10-06 17:33 UTC (History)
19 users (show)

Fixed In Version: NetworkManager-1.39.2-1.el8
Doc Type: Enhancement
Doc Text:
.The `nmcli` utility now supports creating key file connection profiles in offline mode Typically, `nmcli` would communicate with the NetworkManager service to add or modify connection profiles. With this enhancement, users can create connection profiles in the key file format in an offline mode. In the offline mode, `nmcli` works without NetworkManager. The `connection add` and `connection modify` commands accept and produce key file connection profiles through standard input or output: ---- # nmcli --offline connection add type ethernet con-name ens3 ipv4.dns 192.168.1.1 > _output.nmconnection_ # nmcli --offline connection modify ens3 ipv4.dns 192.168.1.2 < _input.nmconnection_ > _output.nmconnection_ ---- For more details, see the `nmcli(1)`, and nm-settings-keyfile(5) manual pages.
Clone Of:
: 1400121 (view as bug list)
Environment:
Last Closed: 2022-11-08 10:07:31 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:7680 0 None None None 2022-11-08 10:08:04 UTC
freedesktop.org Gitlab NetworkManager NetworkManager-ci merge_requests 1043 0 None opened general: add scenario for --offline connection add/modify 2022-05-10 08:26:03 UTC
freedesktop.org Gitlab NetworkManager NetworkManager merge_requests 1183 0 None opened nmcli: add --offline to "conn add" and "conn modify" 2022-04-11 08:54:24 UTC

Description Amar Huchchanavar 2016-07-28 11:59:43 UTC 
Description of problem:
If we mention  nmtui/nmcli in ks profile for static IP configuration, system does take inputs however it doesn't commit to the required files.

Eg: 

~~~
post --log /root/ks-post.log.2
iotty=`tty`
exec > $iotty 2>&1
{
yum install -y NetworkManager-tui
/bin/nmtui

###################################
# Set the hostname of the server
###################################
echo -n "Enter the location of this server (MN or DE) : "
read LOC
echo -n "Enter the domain this server will be a member of : "
read DOM
echo -n "Enter the server name  (w/out domain) : "
read NAME
#echo -n "Enter the IP address : "
#read NIC_IP
#echo -n "Enter the IP Gateway : "
#read NIC_GW

#/bin/nmcli con add con-name ens32 ifname ens32 type ethernet ip4 $NIC_IP/24 gw4 $NIC_GW

#/bin/nmcli con mod ens32 ipv4.addresses $NIC_IP/24
#/bin/nmcli con mod ens32 ipv4.gateway $NIC_GW
#/bin/nmcli con mod ens32 ipv4.method manual
~~~

 

Version-Release number of selected component (if applicable):
Red Hat Enterprise Linux 7.2 

How reproducible:
Always

Steps to Reproduce:
1. Create a simple ks profile and /bin/nmtui or nmcli as mentioned in the above.
2. Boot the system with newly created ks.


Actual results:
No issues in execution, it does ask for the input but it never commits to the files.

Expected results:
It should perform the changes in ifcfg files.

Additional info:
None of the option works provided by nmtui.
Comment 1 Radek Vykydal 2016-07-28 13:18:19 UTC 
NetworkManager that is called via dbus by nmcli or nmtui from chrooted %post script is not running in chroot, so ifcfg scripts in installer (and NetworkManager) root are actually changed [1]. To workaround this it could be possible to use another --nochroot %post script that would copy modified ifcfg scripts from installer environment (/etc/sysconfig/network-scripts/ifcfg-*) to target system root (/mnt/sysimage/etc/sysconfig/network-scripts/).

[1] They are copied to chroot (/mnt/sysimage) at the end of installation before the %post scripts are run
Comment 4 Radek Vykydal 2016-11-18 13:45:59 UTC 
(In reply to Radek Vykydal from comment #1)
> NetworkManager that is called via dbus by nmcli or nmtui from chrooted %post
> script is not running in chroot, so ifcfg scripts in installer (and
> NetworkManager) root are actually changed [1]. To workaround this it could
> be possible to use another --nochroot %post script that would copy modified
> ifcfg scripts from installer environment
> (/etc/sysconfig/network-scripts/ifcfg-*) to target system root
> (/mnt/sysimage/etc/sysconfig/network-scripts/).
 
Other option would be to run the whole script as %post --nochroot but that would work only with nmcli which is present in installer image (NetworkManager-tui is not).
Comment 5 Radek Vykydal 2016-11-30 13:55:28 UTC 
It would be nice to have offline mode for modifying connections with nmcli (eg in installer %post scripts in chroot). Reassigning for consideration to NM.
Comment 6 Thomas Haller 2017-02-17 13:10:13 UTC 
Yes, such a feature makes sense, and similar ideas already float around.

Rename bug.
Comment 7 Thomas Haller 2019-03-12 07:44:00 UTC 
See also: https://bugzilla.redhat.com/show_bug.cgi?id=1164677#c12
Comment 9 Philip Prindeville 2020-09-04 17:44:25 UTC 
(In reply to Radek Vykydal from comment #5)
> It would be nice to have offline mode for modifying connections with nmcli
> (eg in installer %post scripts in chroot). Reassigning for consideration to
> NM.

Actually, we take a standard USB image, squirt it into a loopback device, mount it, and then a customization script inside chroot.

The one thing we've not figured out how to do is make offline config changes via nmcli inside the chroot.

Seems nmcli wants to talk to the host's NetworkManager over DBus, and that ends up reconfiguring the host...  not the chroot'd image.
Comment 15 Gris Ge 2021-03-03 02:28:10 UTC 
Hi Amar,

The nmstate shipping in RHEL 8.4 provides a function allowing you to generate NetworkManager config files without access to the NetworkManager daemon.

Could you take a look on below links to see whether it fix your needs?
https://github.com/nmstate/nmstate/pull/1424


Thank you!
Comment 18 Till Maas 2021-07-07 18:43:37 UTC 
Do we need the ability to modify connections or would it be enough to create connections without NM running?

Thomas, Beniamino: A patch to allow something like

nmcli con add --stdout con-name ens32 ifname ens32 type ethernet ip4 $NIC_IP/24 gw4 $NIC_GW > new_profile.nmconnection
# this would be adding a --stdout option that uses the library to write a keyfile instead of using dbus to create the new profile.

using the recently added library to write profiles as keyfiles seems to me to be low to medium effort, what do you think?

What would be the use case to modify existing connections?
Comment 19 Beniamino Galvani 2021-07-14 04:24:56 UTC 
(In reply to Till Maas from comment #18)
> Do we need the ability to modify connections or would it be enough to create
> connections without NM running?
> 
> Thomas, Beniamino: A patch to allow something like
> 
> nmcli con add --stdout con-name ens32 ifname ens32 type ethernet ip4
> $NIC_IP/24 gw4 $NIC_GW > new_profile.nmconnection
> # this would be adding a --stdout option that uses the library to write a
> keyfile instead of using dbus to create the new profile.

I like the idea, but I would change the '--stdout' option to something indicating that nmcli doesn't connect to NM like '--offline', '--no-dbus'.
'--stdout' gives the impression that only the output mode changes.

Maybe there should be also a '--file' option instead of always writing to stdout.

> using the recently added library to write profiles as keyfiles seems to me
> to be low to medium effort, what do you think?

I agree.

> What would be the use case to modify existing connections?

I don't know exactly, but maybe during installation there could be a template connection that gets customized. The modify command could be implemented using stdin and stdout, or a --file option:

  nmcli --offline connection modify ens3 ipv4.dns 192.168.1.1 < input.nmconnection > output.nmconnection
  nmcli --offline connection modify ens3 ipv4.dns 192.168.1.1 --file my.nmconnection
Comment 21 Gris Ge 2021-09-13 12:53:23 UTC 
Closing as no reply from reporter to get this bug moving forward.
Comment 22 Philip Prindeville 2021-10-18 04:04:48 UTC 
Please reopen.
Comment 23 Gris Ge 2021-10-26 08:37:15 UTC 
Hi Philip Prindeville,

Could you state the use case required for this feature?

Thank you!
Comment 25 Philip Prindeville 2021-10-26 14:40:34 UTC 
(In reply to Gris Ge from comment #23)
> Hi Philip Prindeville,
> 
> Could you state the use case required for this feature?
> 
> Thank you!

I have a need for building images in a chroot with the image mounted on a loopback device, and I want to preconfigure VPN and WiFi profiles into that image... but without affecting the host that's doing the image building.
Comment 26 Gris Ge 2021-11-03 12:33:11 UTC 
Hi Philip,

Could you try `nmstatectl gc` command[1] which generate the NetworkManager configuration files without host network access.


[1]: https://nmstate.io/features/gen_conf.html
Comment 27 Till Maas 2022-01-11 10:44:16 UTC 
This would be useful to help with a possible migration to allow getting current ifcfg profiles as keyfiles:

nmcli con show --keyfile $UUID
Comment 29 Thomas Haller 2022-04-20 19:44:04 UTC 
moving to POST.

A first feature was added with https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1183 .
While we probably want do expand on this topic further, it's not clear when or how exactly.
Also, it warrants a new bug to discuss what exactly to do about future improvements, and to have the issue better scoped.

Please try this new feature, and open a new bug with discussion about what is missing or what should be improved (if anything). Thanks.
Comment 32 Thomas Haller 2022-04-21 08:48:41 UTC 
I manually tested latest `main` (using copr build).
I did not find any issues. Also the manual page lgtm.
Comment 39 errata-xmlrpc 2022-11-08 10:07:31 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (NetworkManager bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:7680
Comment 40 Red Hat Bugzilla 2023-09-18 00:12:07 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days
Note You need to log in before you can comment on or make changes to this bug.