CentOS Stream 9 Network Management

It is difficult to envisage a CentOS Stream 9 system that does not have at least one network connection, and harder still to imagine how such an isolated system could be of much practical use. However, the simple fact is that CentOS 9 is designed to provide enterprise-level services over network and internet connections. Therefore, a crucial part of learning how to administer a CentOS 9 system involves learning how to configure and manage the network interfaces installed on the system.

This chapter provides an overview of network management on CentOS 9, including the NetworkManager service and tools and some other useful utilities.

An Introduction to NetworkManager

NetworkManager is a service and set of tools designed specifically to make it easier to manage the networking configuration on Linux systems. It is the default network management service on CentOS 9.

In addition to a service that runs in the background, NetworkManager also includes the following tools:

  • nmcli – A tool for working with NetworkManager via the command line. This tool is useful when access to a graphical environment is unavailable and can also be used within scripts to make network configuration changes.
  • nmtui – A basic text-based user interface for managing NetworkManager. This tool can be run within any terminal window and allows changes to be made by making menu selections and entering data. While helpful in performing basic tasks, nmtui lacks many of the features provided by the nmcli tool.
  • nm-connection-editor – A complete graphical management tool providing access to most NetworkManager configuration options.
  • GNOME Settings – The Network screen of the GNOME desktop Settings application allows basic network management tasks to be performed.
  • Cockpit Network Settings – The Network screen of the Cockpit web interface allows a range of network management tasks to be performed.

Although several ways exist to manage the network environment on a CentOS Stream 9 system, this chapter will focus on the nmcli command. While the graphical tools are helpful when you have access to a desktop environment or Cockpit has been enabled, understanding the command-line interface is essential for situations where a command prompt is all that is available. Also, the graphical tools (Cockpit included) only include some of the capabilities of the nmcli tool. Finally, once you are familiar with NetworkManager and nmcli, those skills will translate easily when using the more intuitive tool options. The same cannot be said of the graphical tool options. It is harder to use nmcli if, for example, you have only ever used nm-connection-editor.

 

You are reading a sample chapter from CentOS Stream 9 Essentials. Buy the full book now in eBook or Print format.

Full book includes 34 chapters and 290 pages. Learn more.

Preview  Buy eBook Buy Print

 

Installing and Enabling NetworkManager

NetworkManager should be installed by default for most CentOS Stream 9 installations. Use the rpm command to find out if it needs to be installed:

# rpm -q NetworkManager
NetworkManager-1.14.0-14.el8.x86_64Code language: plaintext (plaintext)

If necessary, install the package as follows:

# dnf install NetworkManagerCode language: plaintext (plaintext)

Once the package is installed, the NetworkManager daemon will need to be enabled so that it starts each time the system boots:

# systemctl enable NetworkManagerCode language: plaintext (plaintext)

Finally, start the service running and check the status to verify that the launch was successful:

# systemctl start NetworkManager
# systemctl status NetworkManager
● NetworkManager.service - Network Manager
   Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; vendor >
  Drop-In: /usr/lib/systemd/system/NetworkManager.service.d
           └─NetworkManager-ovs.conf
   Active: active (running) since Tue 2019-04-09 10:07:22 EDT; 2h 48min ago
.
.Code language: plaintext (plaintext)

Basic nmcli Commands

The nmcli tool will have been installed as part of the NetworkManager package and can be executed from the command line using the following syntax:

 

You are reading a sample chapter from CentOS Stream 9 Essentials. Buy the full book now in eBook or Print format.

Full book includes 34 chapters and 290 pages. Learn more.

Preview  Buy eBook Buy Print

 

# nmcli [Options] Object {Command | help}Code language: plaintext (plaintext)

In the above syntax, Object will be one of general, networking, radio, connection, monitor, device, or agent, which can be abbreviated to a few letters of the word (for example, con, or even just the letter c, for connection). For example, all of the following commands will output help information relating to the device object:

# nmcli device help
# nmcli dev help
# nmcli d helpCode language: plaintext (plaintext)

To check the overall status of NetworkManager on the system, use the following command:

# nmcli general status
STATE      CONNECTIVITY  WIFI-HW  WIFI     WWAN-HW  WWAN    
connected  full          enabled  enabled  enabled  enabledCode language: plaintext (plaintext)

To check the status of the devices installed on a system, the following command can be used:

# nmcli dev status
DEVICE       TYPE      STATE      CONNECTION 
eno1         ethernet  connected  eno1       
wlp0s26u1u2  wifi       connected  zoneone  
virbr0       bridge    connected  virbr0     
lo           loopback  unmanaged  --         
virbr0-nic   tun       unmanaged  --Code language: plaintext (plaintext)

The output may also be modified by using the -p (pretty) option to make the output more human-friendly:

# nmcli -p dev status
=====================
  Status of devices
=====================
DEVICE       TYPE      STATE      CONNECTION 
-------------------------------------------------------------------
eno1         ethernet  connected  eno1       
wlp0s26u1u2  wifi       connected  zoneone  
virbr0       bridge    connected  virbr0     
lo           loopback  unmanaged  --         
virbr0-nic   tun       unmanaged  --Code language: plaintext (plaintext)

Conversely, the -t option may be used to make the output more terse and suitable for automated processing:

 

You are reading a sample chapter from CentOS Stream 9 Essentials. Buy the full book now in eBook or Print format.

Full book includes 34 chapters and 290 pages. Learn more.

Preview  Buy eBook Buy Print

 

# nmcli -t dev status
eno1:ethernet:connected:eno1
wlp0s26u1u2:wifi:connected:emilyzone
virbr0:bridge:connected:virbr0
lo:loopback:unmanaged:
virbr0-nic:tun:unmanaged:
Code language: plaintext (plaintext)

The status output shows that the system has two physical devices installed, one Ethernet and the other a WiFi device.

The bridge (virbr) entries are virtual devices used to provide networking for virtual machines (the topic of virtualization will be covered starting with the chapter entitled “An Overview of Virtualization Techniques”). Finally, the loopback interface is a special virtual device that allows the system to communicate with itself and is typically used to perform network diagnostics.

When working with NetworkManager, it is essential to understand the difference between a device and a connection. As described above, a device is either a physical or virtual network device, while a connection is a network configuration that the device connects to.

The following command displays information about the connections configured on the system:

# nmcli con show
NAME          UUID                                  TYPE      DEVICE      
zoneone       2abecafa-4ea2-47f6-b20f-4fb0c0fd5e94  wifi       wlp0s26u1u2 
eno1          99d40009-6bb1-4182-baad-a103941c90ff  ethernet  eno1        
virbr0        e13e9552-1765-42d1-b739-ff981668fbee  bridge    virbr0      
zonetwo       f940a2d1-8c18-4a9e-bf29-817702429b8a  wifi       --          
zonethree     fd65c5e5-3e92-4e9e-b924-1b0b07b70032  wifi       --
Code language: plaintext (plaintext)

The above output shows that the WiFi device (wlp0s26u1u2) is connected to a wireless network named zoneone while the Ethernet device (eno1) is connected to a connection named eno1. In addition to zoneone, NetworkManager has also listed two other WiFi connections named zonetwo and zonethree, neither of which currently has a device connected.

 

You are reading a sample chapter from CentOS Stream 9 Essentials. Buy the full book now in eBook or Print format.

Full book includes 34 chapters and 290 pages. Learn more.

Preview  Buy eBook Buy Print

 

To find out the IP address allocated to a connection, the ip tool can be used with the address option:

# ip addressCode language: Shell Session (shell)

The above command can also be abbreviated:

# ip a
.
.
3: wlp0s26u1u2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 74:da:38:ee:be:50 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.121/24 brd 192.168.1.255 scope global dynamic noprefixroute wlp0s26u1u2
       valid_lft 57584sec preferred_lft 57584sec
.
.
Code language: plaintext (plaintext)

The ip command will output information for all the devices detected on the system. For example, the above output shows that the WiFi device has been assigned an IP address of 192.168.1.121. If we only wanted to list active connections, the nmcli command could have been used with the -a option:

# nmcli con show -a
NAME       UUID                                  TYPE      DEVICE      
zoneone    2abecafa-4ea2-47f6-b20f-4fb0c0fd5e94  wifi      wlp0s26u1u2 
eno1       99d40009-6bb1-4182-baad-a103941c90ff  ethernet  eno1        
virbr0     e13e9552-1765-42d1-b739-ff981668fbee  bridge    virbr0Code language: plaintext (plaintext)

To switch the WiFi device connection from zoneone to zonetwo, we can run the following command:

# nmcli device wifi connect zonetwo -ask 
Password:Code language: plaintext (plaintext)

The -ask flag causes nmcli to prompt the user to enter the password for the WiFi network. To include the WiFi password on the command line (handy if the command is being executed in a script), use the password option:

 

You are reading a sample chapter from CentOS Stream 9 Essentials. Buy the full book now in eBook or Print format.

Full book includes 34 chapters and 290 pages. Learn more.

Preview  Buy eBook Buy Print

 

# nmcli device wifi connect zonetwo password <password here>Code language: plaintext (plaintext)

The nmcli tool may also be used to scan for available WiFi networks as follows:

# nmcli device wifi list
IN-USE  SSID        MODE   CHAN  RATE        SIGNAL  BARS  SECURITY  
        zoneone     Infra  6     195 Mbit/s  80            WPA2      
*       zonetwo     Infra  11    130 Mbit/s  74            WPA1 WPA2Code language: plaintext (plaintext)

A currently active connection can be deactivated as follows:

# nmcli con down <connection name>Code language: plaintext (plaintext)

Similarly, an inactive connection can be brought back up at any time:

# nmcli con up <connection name>Code language: plaintext (plaintext)

When a connection is brought down, NetworkManager automatically searches for another connection, activates it, and assigns it to the device to which the previous connection was established. To prevent a connection from being used in this situation, disable the autoconnect option as follows:

# nmcli con mod <connection name> connection.autoconnect noCode language: plaintext (plaintext)

The following command may be used to obtain additional information about a specific connection. This includes the current values for all the connection properties:

 

You are reading a sample chapter from CentOS Stream 9 Essentials. Buy the full book now in eBook or Print format.

Full book includes 34 chapters and 290 pages. Learn more.

Preview  Buy eBook Buy Print

 

# nmcli con show eno1
connection.id:                          eno1
connection.uuid:                        99d40009-6bb1-4182-baad-a103941c90ff
connection.stable-id:                   --
connection.type:                        802-3-ethernet
connection.interface-name:              eno1
connection.autoconnect:                 yes
connection.autoconnect-priority:        0
connection.autoconnect-retries:         -1 (default)
connection.multi-connect:               0 (default)
connection.auth-retries:                -1
connection.timestamp:                   1554833695
connection.read-only:                   no
connection.permissions:                 --
connection.zone:                        --
connection.master:                      --
connection.slave-type:                  --
connection.autoconnect-slaves:          -1 (default)
.
.Code language: plaintext (plaintext)

All of these properties can be modified using nmcli with the modify option using the following syntax:

# nmcli con mod <connection name> connection.<property name> <setting>Code language: plaintext (plaintext)

Working with Connection Profiles

So far, we have explored using connections without explaining how a connection is configured. The configuration of a connection is referred to as a connection profile and is stored in a file located in the /etc/NetworkManager/system-connections directory, the contents of which might read as follows:

# ls /etc/NetworkManager/system-connections
zoneone.nmconnection    eno1.nmconnection       
zonethree.nmconnection  zonetwo.nmconnectionCode language: plaintext (plaintext)

Consider, for example, the contents of the eno1.nmconnection file:

id=eno1
uuid=efc69a99-17a3-3636-b68f-bfcc56a73844
type=ethernet
autoconnect-priority=-999
interface-name=eno1
timestamp=1679678184

[ethernet]

[ipv4]
method=auto

[ipv6]
addr-gen-mode=eui64
method=auto

[proxy]Code language: plaintext (plaintext)

The file contains basic information about the connection, including the type (Ethernet) of the device to which it is currently assigned (eno1) and the fact that the connection is to be automatically activated on system boot with an IP address obtained using DHCP (auto). Changes to the connection profile can be implemented by modifying this file and instructing nmcli to reload the connection configuration files:

# nmcli con reloadCode language: Shell Session (shell)

New connection profiles can also be created manually or generated automatically by nmcli. For example, assume a new network device has been installed on the system. When this happens, the NetworkManager service will detect and create a device for the new hardware. In the example below, the new device has been assigned the name eno2:

 

You are reading a sample chapter from CentOS Stream 9 Essentials. Buy the full book now in eBook or Print format.

Full book includes 34 chapters and 290 pages. Learn more.

Preview  Buy eBook Buy Print

 

# nmcli dev status
DEVICE      TYPE      STATE         CONNECTION 
en01        ethernet  connected     eno1         
eno2        ethernet  connected     Wired connection 1Code language: plaintext (plaintext)

NetworkManager automatically detected the device, activated it, and assigned it to a connection named “Wired connection 1”. This is a default connection over which we have no configuration control because there is no interface configuration file for it in /etc/NetworkManager/systemconnections. Therefore, the following steps are to delete the “Wired connection 1” connection and use nmcli to create a new connection and assign it to the device. The command to delete a connection is as follows:

# nmcli con delete "Wired connection 1"Code language: Shell Session (shell)

Next, nmcli can create a new connection profile configured with a static IP address or a dynamic IP address obtained from a DHCP server. For example, to create a dynamic connection profile named dyn_ip, the following command would be used:

# nmcli connection add type ethernet con-name dyn_ip ifname eno2
Connection 'dyn_ip' (160d9e10-bbc8-439a-9c47-a2ec52990472) successfully added.Code language: plaintext (plaintext)

To create a new connection profile without locking it to a specific device, omit the ifname option in the command:

# nmcli connection add type ethernet con-name dyn_ipCode language: plaintext (plaintext)

After creating the connection, a file named dyn_ip.nmconnection will be added to the /etc/ NetworkManager/system-connections directory.

Alternatively, to create a connection named static_ip assigned a static IP address (in this case 192.168.1.200), the following command would be used:

 

You are reading a sample chapter from CentOS Stream 9 Essentials. Buy the full book now in eBook or Print format.

Full book includes 34 chapters and 290 pages. Learn more.

Preview  Buy eBook Buy Print

 

# nmcli con add type ethernet con-name static_ip ifname eno0 ip4 192.168.1.200/24 gw4 192.168.1.1
Connection 'static_ip' (3fccafb3-e761-4271-b310-ad0f28ee8606) successfully added.Code language: plaintext (plaintext)

The corresponding static_ip.nmconnection file will read as follows:

[connection]
id=static_ip
uuid=41eca181-381c-4d12-b6c9-30446d4e29d1
type=ethernet
interface-name=eno0

[ethernet]

[ipv4]
address1=192.168.1.200/24,192.168.1.1
method=manual

[ipv6]
addr-gen-mode=default
method=auto

[proxy]Code language: plaintext (plaintext)

The command to add a new connection may be altered slightly to assign both IPv4 and IPv6 static addresses:

# nmcli con add type ethernet con-name static_ip ifname eno0 ip4 192.168.1.200/24 gw4 192.168.1.1 gw4 192.168.1.1 ip6 cabf::4532 gw6 2010:dfa::1Code language: plaintext (plaintext)

Interactive Editing

In addition to using nmcli with command-line options, the tool also includes an interactive mode that can be used to create and modify connection profiles. The following transcript, for example, shows interactive mode being used to create a new Ethernet connection named demo_con:

# nmcli con edit
Valid connection types: 6lowpan, 802-11-olpc-mesh (olpc-mesh), 802-11-wireless (wifi), 802-3-ethernet (ethernet), adsl, bluetooth, bond, bridge, cdma, dummy, generic, gsm, infiniband, ip-tunnel, macsec, macvlan, ovs-bridge, ovs-interface, ovs-port, pppoe, team, tun, vlan, vpn, vxlan, wimax, wpan, bond-slave, bridge-slave, team-slave
Enter connection type: ethernet
 
===| nmcli interactive connection editor |===
 
Adding a new '802-3-ethernet' connection
 
Type 'help' or '?' for available commands.
Type 'print' to show all the connection properties.
Type 'describe [<setting>.<prop>]' for detailed property description.
 
You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, dcb, sriov, ethtool, match, ipv4, ipv6, tc, proxy
nmcli> set connection.id demo_con
nmcli> set connection.interface eno1
nmcli> set connection.autoconnect yes
nmcli> set ipv4.method auto 
nmcli> set 802-3-ethernet.mtu auto
nmcli> set ipv6.method auto
nmcli> save
Saving the connection with 'autoconnect=yes'. That might result in an immediate activation of the connection.
Do you still want to save? (yes/no) [yes] yes
Connection 'demo_con' (cb837408-6c6f-4572-9548-4932f88b9275) successfully saved.
nmcli> quitCode language: plaintext (plaintext)

The following transcript, on the other hand, modifies the previously created static_ip connection profile to use a different static IP address than the one specified initially:

# nmcli con edit static_ip
 
===| nmcli interactive connection editor |===
 
Editing existing '802-3-ethernet' connection: 'static_ip'
 
Type 'help' or '?' for available commands.
Type 'print' to show all the connection properties.
Type 'describe [<setting>.<prop>]' for detailed property description.
 
You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, dcb, sriov, ethtool, match, ipv4, ipv6, tc, proxy
nmcli> print ipv4.addresses
ipv4.addresses: 192.168.1.200/24
nmcli> set ipv4.addresses 192.168.1.201/24
nmcli> save
Connection 'static_ip' (3fccafb3-e761-4271-b310-ad0f28ee8606) successfully updated.
nmcli> quitCode language: plaintext (plaintext)

After modifying an existing connection, remember to instruct NetworkManager to reload the configuration profiles:

 

You are reading a sample chapter from CentOS Stream 9 Essentials. Buy the full book now in eBook or Print format.

Full book includes 34 chapters and 290 pages. Learn more.

Preview  Buy eBook Buy Print

 

# nmcli con reloadCode language: Shell Session (shell)

When using interactive mode, it is useful to know that an extensive built-in help system is available to learn how to use the tool. The help topics can be accessed by typing help or ? at the nmcli > prompt:

nmcli> ?
------------------------------------------------------------------------------
---[ Main menu ]---
goto     [<setting> | <prop>]        :: go to a setting or property
remove   <setting>[.<prop>] | <prop> :: remove setting or reset property value
set      [<setting>.<prop> <value>]  :: set property value
describe [<setting>.<prop>]          :: describe property
print    [all | <setting>[.<prop>]]  :: print the connection
verify   [all | fix]                  :: verify the connection
save     [persistent|temporary]      :: save the connection
activate [<ifname>] [/<ap>|<nsp>]    :: activate the connection
back                                 :: go one level up (back)
help/?   [<command>]                 :: print this help
nmcli    <conf-option> <value>       :: nmcli configuration
quit                                 :: exit nmcli
------------------------------------------------------------------------------Code language: plaintext (plaintext)

Configuring NetworkManager Permissions

In addition to making it easier to manage networks on CentOS 9, NetworkManager also allows permissions to be specified for connections. The following command, for example, restricts a connection profile to root and user accounts named john and caitlyn:

# nmcli con mod static_ip connection.permissions user:root,john,caitlynCode language: Shell Session (shell)

Once NetworkManager has reloaded the connection profiles, the static_ip connection will only be active and accessible to other users when at least one designated user is logged in to an active session on the system. As soon as the last of these users logs out, the connection will go down and remain inactive until one of the users signs back in. In addition, only users with permission can change the connection status or configuration.

Summary

The NetworkManager service handles network management on CentOS Stream 9. NetworkManager views a network as consisting of network interface devices and connections. A network device can be a physical Ethernet or WiFi device or a virtual device used by a virtual machine guest. Connections represent the network to which the devices connect and are configured by connection profiles. A configuration profile will, among other settings, define whether the connection has a static or dynamic IP address, the IP address of any gateway used by the network, and whether or not the connection should be established automatically each time the system starts up.

NetworkManager can be administered using several tools, including the nmcli and nmtui command-line tools, the nm-connection-editor graphical tool, and the network settings section of the Cockpit web interface. In general, the nmcli command-line tool provides the most features and flexibility.

 

You are reading a sample chapter from CentOS Stream 9 Essentials. Buy the full book now in eBook or Print format.

Full book includes 34 chapters and 290 pages. Learn more.

Preview  Buy eBook Buy Print