Friday, September 8, 2017

Network Configuration in RHEL 7 or CentOS 7

Network Interface names


Traditional network interfacin Linux are named as eth0,eth1,eth2..
This is changed in RHEL 7 . RHEL 7 assign fixed names based on firmware, device topology and device type.

Initial 2 character

Ether interface begins with en
WLAN interface begins with wl
WWAN interface begins with ww

The next character(s) represent the type of adapter

On-board - o
Hotplug slot - s
PCI Geographical locations - p
Incorporate a MAC address - x

Finally, a Number N is used to represent an index, ID , or port.

Examples
eno1 - First embedded on-board network interface 
enp2s0 - PCI card network interfcae 

If the fixed name cannot determined then the tradition name such as ethN will be used.

Network Manager

                  In RHEL7 , Configuration of network interface is managed by a system daemon called Network Manager. 

                  For Network Manager
                  device - A device is network interface
                  connection - A connection is a collection of setting that can be configured for a device

  • Only one connection can be active for any one device at a time.
  • The persistent configuration are stored in /etc/sysconfig/netowork-script/ifcfg-name
  • nmcli command can be used to create and edit connection files from the shell prompt

Viewing network information 

The command nmcli dev status will show the status of all network devices.


[root@rhel7-server1 ~]# nmcli dev status
DEVICE      TYPE      STATE      CONNECTION
virbr0      bridge    connected  virbr0
enp0s3      ethernet  connected  enp0s3
lo          loopback  unmanaged  --
virbr0-nic  tun       unmanaged  --

The command nmcli con show will show a list of all connections.
  
[root@rhel7-server1 ~]# nmcli connection show
NAME     UUID                                  TYPE            DEVICE
enp0s3   b66164cd-6dac-4f5c-af32-f742fe090608  802-3-ethernet  enp0s3
virbr0   a35a0cdf-b10c-41e6-aec3-ec8de78e1b79  bridge          virbr0
default  48b8ebda-6e50-4b20-affe-a7afc91e8136  802-3-ethernet  --


The command nmcli con show --active will show a list of active connections.

[root@rhel7-server1 ~]# nmcli connection show --active
NAME    UUID                                  TYPE            DEVICE
enp0s3  b66164cd-6dac-4f5c-af32-f742fe090608  802-3-ethernet  enp0s3
virbr0  a35a0cdf-b10c-41e6-aec3-ec8de78e1b79  bridge          virbr0


The see the details of the connection specify the connection ID (name)

 
[root@rhel7-server1 ~]# nmcli  connection show "enp0s3"
...
ipv4.method:                            auto
ipv4.dns:
ipv4.dns-search:
ipv4.dns-options:                       (default)
ipv4.dns-priority:                      0
ipv4.addresses:
ipv4.gateway:                           --
ipv4.routes:
ipv4.route-metric:                      -1
ipv4.ignore-auto-routes:                no
ipv4.ignore-auto-dns:                   no
ipv4.dhcp-client-id:                    --

Command to show device details
[root@rhel7-server1 ~]# nmcli dev show enp0s3
GENERAL.DEVICE:                         enp0s3
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         08:00:27:78:58:3D
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     enp0s3
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/0
WIRED-PROPERTIES.CARRIER:               on
IP4.ADDRESS[1]:                         192.168.18.10/24
IP4.GATEWAY:                            192.168.18.1
IP4.DNS[1]:                             192.168.18.1
IP6.ADDRESS[1]:                         fe80::a00:27ff:fe78:583d/64
IP6.GATEWAY:

Creating Network connections with nmcli


When creating new connection with nmcli , the order of the argument is important..
The command argument comes first and must include type and interface.
Next specify type specific argument and finally specify IP address,prefix and gateway.
Addition setting such as DNS Server are set as modifications once the connection exists.

Define a new connection name "default" which will auto connect as an Ethernet connection on the enp0s3 device using DHCP.

[root@rhel7-server1 ~]# nmcli con add con-name "default" type ethernet ifname enp0s3
Connection 'default' (48b8ebda-6e50-4b20-affe-a7afc91e8136) successfully added.

Create new network connection name "static" and specify the IP address and gateway. Do not autoconnect
[root@rhel7-server1 ~]# nmcli con add con-name "static" type ethernet ifname enp0s3 \
autoconnect no ip4 192.168.18.100 gw4 192.168.18.1
Connection 'static' (547ba59d-6378-492b-9456-617c44f94136) successfully added.

Use the below command to change to "static" connection. 

[root@rhel7-server1 ~]# nmcli connection up "static"
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@rhel7-server1 ~]# nmcli dev status
DEVICE      TYPE      STATE      CONNECTION
virbr0      bridge    connected  virbr0
enp0s3      ethernet  connected  static
lo          loopback  unmanaged  --
virbr0-nic  tun       unmanaged  --


Below command to change it back to DHCP connection

[root@rhel7-server1 ~]# nmcli connection up "default"
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/8)
[root@rhel7-server1 ~]# nmcli device status
DEVICE      TYPE      STATE      CONNECTION
virbr0      bridge    connected  virbr0
enp0s3      ethernet  connected  default
lo          loopback  unmanaged  --
virbr0-nic  tun       unmanaged  --
We can get some help using the below command

[root@rhel7-server1 ~]# nmcli connection add help
Usage: nmcli connection add { ARGUMENTS | help }

ARGUMENTS := COMMON_OPTIONS TYPE_SPECIFIC_OPTIONS SLAVE_OPTIONS IP_OPTIONS [-- ([+|-]. )+]

  COMMON_OPTIONS:
                  type 
                  ifname  | "*"
                  [con-name ]
                  [autoconnect yes|no]
                  [save yes|no]
                  [master ]
                  [slave-type ]

  TYPE_SPECIFIC_OPTIONS:
    ethernet:     [mac ]
                  [cloned-mac ]
                  [mtu ]


Modifying Network connections with nmcli


nmcli con mod argument used to modify connection setting

Comparison of nm-setting and ifcfg-* directives.
nmcli con mod
Ifcfg-* file
Effect
ipv4.method manual
BOOTPROTO=none
IPv4 address configured statically
ipv4.method auto
BOOTPROTO=dhcp
Will look for configuration from DHCPv4 server.If static address also set , will not bring those up until we have information from DHCPv4
Ipv4.addresses “192.0.2.1/24 192.0.2.254”
IPADDR0=192.0.2.1
PREFIX0=24
GATEWAY0=192.0.2.254
Sts static IPv4 address,Network Prefix and default gateway.
Ipv4.dns 8.8.8.8
DNS0=8.8.8.8
Modify /etc/resolv.conf to use this nameserver
Ipv4.dns-search example.com
DOMAIN=example.com
Modify /etc/resolv.conf to use this domain in the search directive.
Ipv4.ignore-auto-dns true
PEERDNS=no
Ignore DNS server information from DHCP server
Connection.autoconnect yes
ONBOOT=yes
Automatically activates this connection at boot
Connection.id eth0
NAME=eth0
The name of this connection is eth0
Connection.interface-name eth0
DEVICE=eth0
The connection is bound to the network interface with this name
802-3-ethernet.mac-address …
HWADDR=…
The connection is bound to the network interface with this MAC Address


Examples

Turn off autoconnect
[root@rhel7-server1 ~]#  nmcli connection mod "static" connection.autoconnect no

Specify a DNS server
[root@rhel7-server1 ~]# nmcli con mod "static" ipv4.dns 192.168.18.1 
[root@rhel7-server1 ~]# nmcli connection show static | grep -w ipv4.dns:
ipv4.dns:                               192.168.18.1

Adding a secondary DNS.
We can add or remove by using "+" or "-' in front of the argument.
[root@rhel7-server1 ~]# nmcli con mod "static" +ipv4.dns 8.8.8.8
[root@rhel7-server1 ~]# nmcli connection show static | grep -w ipv4.dns:
ipv4.dns:                               192.168.18.1,8.8.8.8

To modify the IP address and gateway
[root@rhel7-server1 ~]# nmcli con mod "static" ipv4.addresses "192.168.18.101/24" \ 
ipv4.gateway "192.168.18.1"


Adding secondary IP address without gateway
[root@rhel7-server1 ~]# nmcli con mod static +ipv4.addresses 192.168.18.100/24

[root@rhel7-server1 ~]# nmcli con show "static" | grep -w ipv4.addresses:
ipv4.addresses:                         192.168.18.101/24, 192.168.18.100/24


 Summary

Command  Use
nmcli dev status List all devices
nmcli con show List all connections
nmcli con up "ID" Activate a connection
nmcli con down "ID Deactivate a connection .
The connection will restart if autoconnect is yes
nmcli dev dis  DEV Bring down an interface and temp disable autoconnect.
nmcli net off Disable all managed interfaces
nmcli con add Add a new connection
nmcli con mod "ID" … Modify a connection
nmcli con del "ID" Delete a connection



Editing Network configuration files


Network configuration files are place in /etc/sysconfig/network-scripts
[root@rhel7-server1 ~]# ll /etc/sysconfig/network-scripts/ifcfg-*
-rw-r--r--. 1 root root 312 Dec 14 00:12 /etc/sysconfig/network-scripts/ifcfg-default
-rw-r--r--. 1 root root 310 Dec 14 00:12 /etc/sysconfig/network-scripts/ifcfg-enp0s3
-rw-r--r--. 1 root root 254 Sep 12  2016 /etc/sysconfig/network-scripts/ifcfg-lo
-rw-r--r--. 1 root root 437 Dec 14 00:24 /etc/sysconfig/network-scripts/ifcfg-static

 Edit the network configuration files
[root@rhel7-server1 ~]# echo "IPADDR2=192.168.18.200" >> /etc/sysconfig/network-scripts/ifcfg-static
[root@rhel7-server1 ~]# echo "PREFIX2=24" >> /etc/sysconfig/network-scripts/ifcfg-static

Reload the configuration chagnes
[root@rhel7-server1 ~]# nmcli con reload

Restart the connection with new setting
[root@rhel7-server1 ~]# nmcli con up "static"

Check the ip address details
[root@rhel7-server1 ~]# ip addr show enp0s3
2: enp0s3:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:78:58:3d brd ff:ff:ff:ff:ff:ff
    inet 192.168.18.100/24 brd 192.168.18.255 scope global enp0s3
       valid_lft forever preferred_lft forever
    inet 192.168.18.101/24 brd 192.168.18.255 scope global secondary enp0s3
       valid_lft forever preferred_lft forever
    inet 192.168.18.200/24 brd 192.168.18.255 scope global secondary enp0s3
       valid_lft forever preferred_lft forever
    inet6 fe80::455e:6fdd:ed5f:eff4/64 scope link
       valid_lft forever preferred_lft forever


Posted by at No comments:
Labels: , ,

Thursday, September 7, 2017

Reset Root Password in RHEL 7 and CentOS 7


1. Restart the machine using Ctrl + Alt + Del and Interrupt the count down by pressing any key
2. Select the default menu and press “e” to edit the current grub entry.
3. Using the cursor navigate to line “linux16 and add entry “rd.break” at the end. This will break just before control is handed from the intramfs to the actual system.
4. Press “Ctrl+x” to boot using the modified config
5. At the switch_root prompt, remount the /sysroot file system in read-write mode.
    #mount –o remount,rw /sysroot 
6. Using the command “chroot /sysroot” to change the current root directory
7. Change the password using “passwd” command
8. Configure the system to automatically perform a full SElinux relabel after reboot. Since the password command recreated the /etc/shadow file without any SElinux contest.
    #touch /.autorelabel
9. Type “exit” twice and reboot the system in normal mode.
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)