EL7 network management:

Title:

Enterprise Linux ver 7 network management

Author:

Douglas O’Leary <dkoleary@olearycomputers.com>

Description:

Commands, examples, sorted tidbits about network mgmt in EL7

Disclaimer:

Standard: Use the information that follows at your own risk. If you screw up a system, don’t blame it on me…

Created:

12/14/17

Updated:

ip command:

ifconfig is apparently a dying animal - in fact, not even installed by default in a minimal install. It is available in net-tools, however, for those (like me) that refuse to give up perfectly good tools….

Enter the ip command. I’ve been getting used to using it for display purposes; apparently, there’s quite a bit more to it.

General information retrieval:

ip addr show [ ${int} ]

Display information on all or the listed interface. Add a ‘-[46]’ to filter output to the desired protocol version. Also note that you don’t have to spell the options out:

# ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:72:63:35 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.218/24 brd 192.168.122.255 scope global dynamic eth0
       valid_lft 3246sec preferred_lft 3246sec
    inet6 fe80::5054:ff:fe72:6335/64 scope link
       valid_lft forever preferred_lft forever
# ip -4 a s eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
  inet 192.168.122.218/24 brd 192.168.122.255 scope global dynamic eth0
       valid_lft 2982sec preferred_lft 2982sec

Statistics:

Add -s to cli to get interface statistics. Addr or link; doesn’t seem to matter:

# ip -4 -s addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    inet 192.168.12.9/24 brd 192.168.12.255 scope global eth0
       valid_lft forever preferred_lft forever
    RX: bytes  packets  errors  dropped overrun mcast
    50202937221 35838510 0       2355    0       1498
    TX: bytes  packets  errors  dropped carrier collsns
    7313634075 9826186  0       0       0       0

# ip -4 -s link show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT qlen 1000
    link/ether 00:25:90:84:e2:60 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped overrun mcast
    50202942693 35838570 0       2355    0       1498
    TX: bytes  packets  errors  dropped carrier collsns
    7313710305 9826269  0       0       0       0

Arp cache management:

ip neighbor show

Basically, the same as arp -a:

# ip n
192.168.12.10 dev eth0  FAILED
192.168.122.188 dev virbr0 lladdr 52:54:00:b9:97:39 STALE
192.168.122.236 dev virbr0  FAILED
192.168.12.7 dev eth0 lladdr 00:13:72:1c:e7:da REACHABLE
192.168.122.88 dev virbr0 lladdr 52:54:00:61:59:6d STALE
192.168.12.108 dev eth0 lladdr 4c:34:88:74:48:57 STALE
192.168.122.218 dev virbr0 lladdr 52:54:00:72:63:35 STALE
192.168.122.47 dev virbr0  FAILED
192.168.122.10 dev virbr0 lladdr 52:54:00:61:59:6d STALE
192.168.12.146 dev eth0 lladdr 38:60:77:11:ae:ca STALE
192.168.122.11 dev virbr0 lladdr 52:54:00:9d:02:d2 STALE
192.168.12.1 dev eth0 lladdr 00:14:d1:26:79:2f STALE

ip n s nud failed | stale

Displays arps that are in failed state:

# ip n s nud stale
192.168.122.188 dev virbr0 lladdr 52:54:00:b9:97:39 STALE
192.168.122.88 dev virbr0 lladdr 52:54:00:61:59:6d STALE
192.168.12.108 dev eth0 lladdr 4c:34:88:74:48:57 STALE
192.168.122.218 dev virbr0 lladdr 52:54:00:72:63:35 STALE
192.168.122.10 dev virbr0 lladdr 52:54:00:61:59:6d STALE
192.168.12.146 dev eth0 lladdr 38:60:77:11:ae:ca STALE
192.168.122.11 dev virbr0 lladdr 52:54:00:9d:02:d2 STALE
192.168.12.1 dev eth0 lladdr 00:14:d1:26:79:2f STALE

ip n d ${ip} dev ${int}

Deletes a specific arp cache entry.

ip n f dev ${int}

Flushes the arp cache.

Manual ip assignment:

The equivalent of ifconfig “${int}:${num}”. I can’t imagine this will play well with network manager.

Format: ip addr add ${cidr} dev ${int}:

# ip -4 a s eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    inet 192.168.122.218/24 brd 192.168.122.255 scope global dynamic eth0
       valid_lft 2706sec preferred_lft 2706sec

# ip addr add 192.168.122.12/24 dev eth0

# ip -4 a s eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    inet 192.168.122.218/24 brd 192.168.122.255 scope global dynamic eth0
       valid_lft 2676sec preferred_lft 2676sec
    inet 192.168.122.12/24 scope global secondary eth0
       valid_lft forever preferred_lft forever

To delete:

# ip addr del 192.168.122.12/24 dev eth0
# ip -4 a s eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    inet 192.168.122.218/24 brd 192.168.122.255 scope global dynamic eth0
       valid_lft 2611sec preferred_lft 2611sec

hostnamectl

‘cause editing /etc/hosts is just too difficult… <sigh> To be fair, this doesn’t actually edit /etc/hosts. It replaces the host entries in /etc/sysconfig/network and /etc/sysconfig/network-scripts/ifcfg-*

Files:

• /etc/hostname

• /etc/machine-id

Display informmation:

# hostnamectl
   Static hostname: localhost.localdomain
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 4f9b8539de994478b143dea9b9007b7f
           Boot ID: 1d028ed9090f4485b18b9fdea3288a3a
    Virtualization: kvm
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 3.10.0-693.el7.x86_64
      Architecture: x86-64

Set hostname:

# hostnamectl set-hostname beta.olearycomputers.com
# hostnamectl
   Static hostname: beta.olearycomputers.com
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 4f9b8539de994478b143dea9b9007b7f
           Boot ID: 1d028ed9090f4485b18b9fdea3288a3a
    Virtualization: kvm
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 3.10.0-693.el7.x86_64
      Architecture: x86-64

NetworkManager:

Interface options:

• gnome interface (search for control network, if needed). Useful on desktops, laptops, etc.

• nmtui: text user interface. Think norton commander.

• nmcli

Process:

Create and activate a new connection:

1. Create a new connection. Two examples:

   # nmcli con add con-name static type ethernet ifname eth0 \
   ip4 192.168.122.11/24 gw4 192.168.122.1
   
   # nmcli con add con-name dhcp type ethernet ifname eth1
   
   # nmcli c s
   NAME    UUID                                  TYPE            DEVICE
   dhcp    86abcab1-1d73-4032-a0f7-08d2360ca6a6  802-3-ethernet  eth1
   eth0    ad7e4f01-33cf-4b66-8dc9-f6ff5c41391a  802-3-ethernet  eth0
   static  06460184-e76f-4158-8e94-31caa266c7a5  802-3-ethernet  --
   

   You can’t see it in text, but dhcp is automatically activated. If no IP is specified, apparently defaults to dhcp.

   You can specify the parameter ipv4.method to either auto or manual. Which means which should be self explanatory. If using manual, command will error out if you don’t supply an ip.

   So, if you supply an IP, ipv4.method automatically gets set to manual; if you don’t, it’s automatically set to auto.

   NOTE: the arg is ipv4.method if identifying the method but ip4 if specifying an ip address… no ‘v’. Consistency is a wonderful thing.

2. Update DNS information:

   # nmcli c mod static ipv4.dns 192.168.122.1,192.168.12.7 \
       ipv4.dns-search olearycomputers.com,hsd1.il.comcast.net
   # nmcli c s static | grep dns
   ipv4.dns:                               192.168.122.1,192.168.12.7
   ipv4.dns-search:                        olearycomputers.com,hsd1.il.comcast.net
   ipv4.dns-options:                       (default)
   ipv4.dns-priority:                      0
   ipv4.ignore-auto-dns:                   no
   ipv6.dns:                               --
   ipv6.dns-search:                        --
   ipv6.dns-options:                       (default)
   ipv6.dns-priority:                      0
   ipv6.ignore-auto-dns:                   no
   

3. Activate the new connection: nmcli con up static

Disable a connection:

• Down the link: nmcli c down eth0

• Set autocnnect = no to ensure the link does not come back on a reboot:

  nmcli c mod eth0 autoconnect no
  

Delete a connection:

nmcli c del eth0

Rename a connection:

A lot simpler than I expected. Simply change connection.id. To wit:

# nmcli c s
NAME    UUID                                  TYPE            DEVICE
dhcp    86abcab1-1d73-4032-a0f7-08d2360ca6a6  802-3-ethernet  eth1
static  06460184-e76f-4158-8e94-31caa266c7a5  802-3-ethernet  eth0
# nmcli c s static | grep static
connection.id:                          static
GENERAL.NAME:                           static
# nmcli c mod static connection.id eth0
# nmcli c mod dhcp connection.id eth1
# nmcli c s
NAME  UUID                                  TYPE            DEVICE
eth0  06460184-e76f-4158-8e94-31caa266c7a5  802-3-ethernet  eth0
eth1  86abcab1-1d73-4032-a0f7-08d2360ca6a6  802-3-ethernet  eth1

Command:

nmcli device wifi list

Displays wifi networks, ssids, strength, etc. Should be possible to scan for other types of network as well but ethernet, for instance, doesn’t work.

nmcli general permissions

Displays the permissions set via polkit.

nmcli con show [ –active ]

Displays information on the available connections.

nmcli dev status

Displays information the available devices. Reverse ‘con show’, if you will.

nmcli con add con-name ${name} type ethernet ifname ${int} …

Add a new connection. See discusion above for more details.

nmcli con mod ${con} ${key} ${value}…

Modify connection information.

nmcli con del ${conn}

Delete a connection

Network time protocol:

And I quote:

The provision of NTP on RHEL 7 can be done via the chronyd or ntpd daemon
itself.  The chronyd daemon is enabled by default; however, this is
really designed for desktops and machines that are often disconnected from
networks.  Synchronizationof tiem with chronyd is much quicker than ntpd
and is therefore suitable for mahcines that are booted frequently or often
suspended.  The ntpd daemmon is still preferred for servers because it
supports more authentication optionns and can brodcast time over a
network.

commands:

systemctl status chronyd:

daemon status

chronyc tracking

Displays synchronization data including current server:

# chronyc tracking
Reference ID    : D8E50031 (eterna.binary.net)
Stratum         : 3
Ref time (UTC)  : Fri Dec 15 05:49:41 2017
System time     : 0.000597588 seconds fast of NTP time
Last offset     : +0.000220011 seconds
RMS offset      : 0.001000840 seconds
Frequency       : 11.023 ppm fast
Residual freq   : +0.002 ppm
Skew            : 0.043 ppm
Root delay      : 0.047105689 seconds
Root dispersion : 0.016731955 seconds
Update interval : 1028.3 seconds
Leap status     : Normal

chronyc sources [ -v ]

Displays the list of available servers. Add a -v arg to have chronyc describe the columns:

# chronyc sources
210 Number of sources = 4
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* eterna.binary.net             2  10   377    95  -2226us[-2168us] +/-   40ms
^+ static-96-244-96-19.bltm>     2  10   377   726   +292us[ +347us] +/-   52ms
^+ clocka.ntpjs.org              2  10   377   163  -1912us[-1854us] +/-   58ms
^+ mail.coldnorthadmin.com       2  10   377   28m  +5631us[+5896us] +/-   69ms