1.
보통 Centos/RHEL으로 어플리케이션을 설치한 후 가장 먼저 작업을 하는 것이 네트워크환경입니다. 일반적으로 인터넷환경인 경우 DHCP을 이용하기 때문에 별도의 설정을 하는 경우는 거의 없습니다. 그렇지만 금융회사 DMA를 통해 운용하는 서버의 경우 고정IP를 설정하여야 운용가능합니다. 보안규정때문입니다. 이 때 Centos나 Redhat의 경우 /etc/sysconfig/network-scripts 밑에 Device별로 관련한 설정파일을 만들어주는 방식으로 작업합니다.
CentOS나 RHES의 경우 네트워크 서비스는 NetworManager를 사용합니다.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
root@as1 ~]# systemctl status NetworkManager ● NetworkManager.service - Network Manager Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2021-11-19 03:20:19 KST; 3 months 23 days ago Docs: man:NetworkManager(8) Main PID: 2727 (NetworkManager) CGroup: /system.slice/NetworkManager.service └─2727 /usr/sbin/NetworkManager --no-daemon Nov 19 03:20:22 as1 NetworkManager[2727]: [1637259622.7073] device (em1): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed') Nov 19 03:20:22 as1 NetworkManager[2727]: [1637259622.7080] device (em1): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'managed') Nov 19 03:20:22 as1 NetworkManager[2727]: [1637259622.7083] device (em1): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'managed') Nov 19 03:20:22 as1 NetworkManager[2727]: [1637259622.7084] device (em1): state change: secondaries -> activated (reason 'none', sys-iface-state: 'managed') Nov 19 03:20:22 as1 NetworkManager[2727]: [1637259622.7086] manager: NetworkManager state is now CONNECTED_LOCAL Nov 19 03:20:22 as1 NetworkManager[2727]: [1637259622.7201] manager: NetworkManager state is now CONNECTED_SITE Nov 19 03:20:22 as1 NetworkManager[2727]: [1637259622.7201] policy: set 'em1' (em1) as default for IPv4 routing and DNS Nov 19 03:20:22 as1 NetworkManager[2727]: [1637259622.7202] device (em1): Activation: successful, device activated. Nov 19 03:20:22 as1 NetworkManager[2727]: [1637259622.7204] manager: NetworkManager state is now CONNECTED_GLOBAL Nov 19 03:20:26 as1 NetworkManager[2727]: [1637259626.8859] manager: startup complete |
nmcli라는 명령어는 NetworkManager의 클라이언트로써 터미날환경에서 네트워크 조회 및 설정을 할 수 있도록 합니다. 예를 들면 아래와 같습니다.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
[root@as1 network-scripts]# nmcli device status DEVICE TYPE STATE CONNECTION em1 ethernet connected em1 p2p1 ethernet connected p2p1 p2p2 ethernet connected p2p2 p6p1 ethernet connected p6p1 em2 ethernet unavailable -- p6p2 ethernet unavailable -- lo loopback unmanaged -- [root@as1 network-scripts]# nmcli connection show NAME UUID TYPE DEVICE em1 1dad842d-1912-ef5a-a43a-bc238fb267e7 ethernet em1 p2p1 b92aa237-1b70-4a2b-9bbb-da15a3f0e599 ethernet p2p1 p2p2 503514cc-b1e4-0356-0bd5-8d320fb659fd ethernet p2p2 p6p1 131a1c02-1aee-2884-a8f2-05cc5cd849d9 ethernet p6p1 Wired connection 1 8442fc54-139a-39b4-8d96-74bf28990ee0 ethernet -- Wired connection 2 0673381b-7997-37df-be42-ce28c0b1e0c1 ethernet -- [root@as1 network-scripts]# ls ifcfg-em1 ifcfg-p6p1 ifdown-ib ifdown-post ifdown-Team ifup-aliases ifup-ippp ifup-plusb ifup-sit ifup-wireless route-p2p1 ifcfg-lo ifdown ifdown-ippp ifdown-ppp ifdown-TeamPort ifup-bnep ifup-ipv6 ifup-post ifup-Team init.ipv6-global ifcfg-p2p1 ifdown-bnep ifdown-ipv6 ifdown-routes ifdown-tunnel ifup-eth ifup-isdn ifup-ppp ifup-TeamPort network-functions ifcfg-p2p2 ifdown-eth ifdown-isdn ifdown-sit ifup ifup-ib ifup-plip ifup-routes ifup-tunnel network-functions-ipv6 |
이중 cfg파일을 보면 다음과 같습니다.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
TYPE=Ethernet PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=none DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=enp0s3 UUID=e81c46b7-441a-4a63-b695-75d8fe633511 DEVICE=enp0s3 ONBOOT=yes IPADDR=192.168.0.110 PREFIX=24 GATEWAY=192.168.0.1 DNS1=8.8.8.8 PEERDNS=no |
문서를 보면 Centos*부터 NetworkManager를 지원하지 않는다고 합니다만 설치를 하면 가능합니다. 또한 network-scripts 패키지를 설치할 경우 Script를 통한 네트워크설정이 가능하다고 하네요. 일반적으로 Linux에서 Network환경을 관리하는 방법은 어떻게 될가요? 크게 세가지로 나눌 수 있습니다.
ifup/down
NetworkManager
systemd-networkd
앞서 network-script로 하는 방식은 ifup/down을 이용한 방식입니다. 아주 오랜 방법입니다. 이와 관련한 자세한 소개는 How exactly are NetworkManager, networkd, netplan, ifupdown2, and iproute2 interacting?에서 확인할 수 있습니다. 글 아래에 관련한 부분을 옮겼습니다.
2.
얼마전 이런저런 시험을 하였던 Clear Linux. 고객과 협의하여 Clear Linux와 Mellanox VMA을 이용한 시스템을 구성하여 고객이 거래하는 증권사에 입고하였습니다. 입고하고 하루가 지난 후 연락이 왔습니다.
“어떻게 네트워크 설정을 하나요?
처음 받은 질문이라 당황하였습니다.Command-Line 설정을 위해 조사를 해보니까 ifup/donw은 지원하지 않고 NetworkManager나 systemd-networkd를 이용한 방식이 가능합니다. 따라서 Centos/RHES와 같은 방식으로 설정하면 될 것으로 예상하면 오산입니다. network-scripts라는 디렉토리가 존재하지 않습니다.
Clear Linux의 문서에 네트워크설정과 관련한 문서가 자세하지 않습니다. Assign a static IP address에 간단히 나와 있습니다. 우선 Systemd-networkd와 NetworkManager중 무엇을 이용하는지에 대한 설명입니다.
New installations of Clear Linux* OS use NetworkManager as the default network interface manager for all network connections
NetworkManager를 이용한다고 합니다만 제가 설치한 서버를 보면 systemd-networkd로 같이 사용을 합니다. 우선 Assign a static IP address릏 따라가겠습니다. 먼저 ‘nmcli device status’를 실행하라고 합니다. 결과값에서 STATE값을 확인하여야 합니다.
If the STATE column for the device shows connected or disconnected, the network configuration is being managed by NetworkManager, then use the instructions for using NetworkManager.
조금더 나아가면 nmcli device managed yes|no 로 NetworkManager가 관리하거나 하지 않을 수 있고 nmcli device connect|disconnect로 State를 변경할 수 있습니다. connected|disconnected로 상태값이 보여진 device에 대하여 IP 주소를 변경하는 방법입니다.
Modify the connection to use a static IP address. Replace the variables in brackets with the appropriate values. Replace [CONNECTION_NAME] with the NAME from the command above.For advanced configurations, the /etc/NetworkManager/system-connections/*.nmconnection. can be edited directly.
sudo nmcli connection modify “[CONNECTION_NAME]” ipv4.method “manual” ipv4.addresses “[IP_ADDRESS]/[CIDR_NETMASK]” ipv4.gateway “[GATEWAY_IP_ADDRESS]” ipv4.dns “[PRIMARY_DNS_IP],[SECONDARY_DNS_IP]”
nmcli의 변수값은 아래와 같은 명령어를 통하여 확인할 수 있습니다. ipv4.method과 같은 값이 변수명이고 modify를 통하여 변경가능합니다.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 |
[root@as1 ~]# nmcli connection show p2p1 connection.id: p2p1 connection.uuid: b92aa237-1b70-4a2b-9bbb-da15a3f0e599 connection.stable-id: -- connection.type: 802-3-ethernet connection.interface-name: p2p1 connection.autoconnect: yes connection.autoconnect-priority: 0 connection.autoconnect-retries: -1 (default) connection.multi-connect: 0 (default) connection.auth-retries: -1 connection.timestamp: 1647155116 connection.read-only: no connection.permissions: -- connection.zone: -- connection.master: -- connection.slave-type: -- connection.autoconnect-slaves: -1 (default) connection.secondaries: -- connection.gateway-ping-timeout: 0 connection.metered: unknown connection.lldp: default connection.mdns: -1 (default) connection.llmnr: -1 (default) 802-3-ethernet.port: -- 802-3-ethernet.speed: 0 802-3-ethernet.duplex: -- 802-3-ethernet.auto-negotiate: no 802-3-ethernet.mac-address: -- 802-3-ethernet.cloned-mac-address: -- 802-3-ethernet.generate-mac-address-mask:-- 802-3-ethernet.mac-address-blacklist: -- 802-3-ethernet.mtu: auto 802-3-ethernet.s390-subchannels: -- 802-3-ethernet.s390-nettype: -- 802-3-ethernet.s390-options: -- 802-3-ethernet.wake-on-lan: default 802-3-ethernet.wake-on-lan-password: -- ipv4.method: manual ipv4.dns: -- ipv4.dns-search: -- ipv4.dns-options: "" ipv4.dns-priority: 0 ipv4.addresses: 10.51.196.110/24 ipv4.gateway: -- ipv4.routes: { ip = 10.51.50.20/24, nh = 10.51.196.1 } ipv4.route-metric: -1 ipv4.route-table: 0 (unspec) ipv4.routing-rules: -- ipv4.ignore-auto-routes: no ipv4.ignore-auto-dns: no ipv4.dhcp-client-id: -- ipv4.dhcp-timeout: 0 (default) ipv4.dhcp-send-hostname: yes ipv4.dhcp-hostname: -- ipv4.dhcp-fqdn: -- ipv4.never-default: no ipv4.may-fail: yes ipv4.dad-timeout: -1 (default) ipv6.method: ignore ipv6.dns: -- ipv6.dns-search: -- ipv6.dns-options: "" ipv6.dns-priority: 0 ipv6.addresses: -- ipv6.gateway: -- ipv6.routes: -- ipv6.route-metric: -1 ipv6.route-table: 0 (unspec) ipv6.routing-rules: -- ipv6.ignore-auto-routes: no ipv6.ignore-auto-dns: no ipv6.never-default: no ipv6.may-fail: yes ipv6.ip6-privacy: -1 (unknown) ipv6.addr-gen-mode: stable-privacy ipv6.dhcp-duid: -- ipv6.dhcp-send-hostname: yes ipv6.dhcp-hostname: -- ipv6.token: -- proxy.method: none proxy.browser-only: no proxy.pac-url: -- proxy.pac-script: -- |
이미 있는 profile의 값중에서 신규로 추가하고자 할 경우 +를 사용합니다.
|
1 |
root@elemenaryos ~# nmcli con mod "ethernet 3" +ipv4.routes "192.168.122.0/24 10.10.11.254" |
3.
다음은 systemd-networkd를 이용하는 경우입니다. 앞서 nmcli 명령어로 상태값을 확인한 내용중 unmanaged로 되어 있는 경우 networkctl list를 실행합니다.
If the SETUP column for the device shows configured, the network configuration is being managed by systemd-networkd, then use the instructions for using systemd-networkd.
왜 networkctl을 실행하라고 할까요? NetworkManager와 nmcli가 짝을 이룬다고 하면 networkd와 networkctl이 짝을 이루기 때문입니다. networkd를 통하여 관리하는 네트워크정보를 networkctl을 통하여 조회할 수 있기때문입니다. 그래서 systemd-networkd가 동작하는 경우와 아닌 경우 값에서 차이가 발생합니다. OPERATIONAL을 보면 다릅니다.
|
1 2 3 4 5 6 7 8 9 10 |
smallake@System-Product-Name-33192aa7:/etc/NetworkManager$ networkctl list WARNING: systemd-networkd is not running, output will be incomplete. IDX LINK TYPE OPERATIONAL SETUP 1 lo loopback n/a unmanaged 2 enp7s0 ether n/a unmanaged 3 virbr0 bridge n/a unmanaged 4 virbr0-nic ether n/a unmanaged 4 links listed. |
|
1 2 3 4 5 6 7 8 9 10 |
$ networkctl list IDX LINK TYPE OPERATIONAL SETUP 1 lo loopback carrier unmanaged 2 enp1s0 ether routable unmanaged 3 wlp2s0 wlan off unmanaged 4 vmnet1 ether routable unmanaged 5 vmnet8 ether routable unmanaged 5 links listed. |
systemd-networkd를 이용하여 고정IP를 설정하는 경우 /etc/systemd/network 아래 .network 파일을 생성하여 설정하라고 합니다. 예를 들면 다음과 같습니다.
|
1 2 3 4 5 6 7 8 9 |
root:>>cat /etc/systemd/network/eth0.network [Match] Name=eth0 [Network] Address=192.168.100.2/24 Gateway=192.168.100.1 DNS=192.168.100.1 |
NetworkManager보다 간편합니다.
이상을 정리해보겠습니다. Network-Script를 이용한 설정은 /etc/sysconfig/network-scripts/ifcfg-* = init scripts still used for legacy, it is processed by systemd anyways을 참고하시고, NetworkManager의 Connection Profile와 관련한 설정은 /etc/NetworkManager/system-connections/*.nmconnection = network manager configuration keyfiles를 참고하시길 바랍니다.
여기서 잠깐 systemd-networkd와 NetworkManager의 차이가 무엇인지 살펴보겠습니다. 저같은 경우 Solaris를 사용하던 때 Ifconfig를 이용하여 네트워크 설정을 하였는데 유닉스와 리눅스의 역사에 네트워크관리가 어떻게 변화해왔는지 잘 몰랐는데 아래를 보면서 이해를 할 수 있었습니다.
How exactly are NetworkManager, networkd, netplan, ifupdown2, and iproute2 interacting?
좀 길지만 옮기겠습니다.
1.The old network interfaces configuration file, and it’s ifup & ifdown commands:
The /etc/network/interfaces network configuration file seems to be fairly old, but is still used by ifup, ifdown and ifquery.
These seem to be the old way to bring network ‘interfaces’ (MAC based links) and ‘connections’ (IP based connections) up and down.
man 8 ifup says:
DESCRIPTION
The ifup and ifdown commands may be used to configure (or, respectively, deconfigure) network interfaces based on interface definitions in the file /etc/network/interfaces.The important implication is this:
if an interface isn’t defined in /etc/network/interfaces, then ifup/ifdown won’t manage that interface.
2.What about the old ifconfig command?The legacy networking package named net-tools on Debian, includes the depreciated: arp, ifconfig, ipmaddr, iptunnel, iwconfig, nameif, netstat, route, and vconfig commands.
Now you want to be using the package named iproute2 instead which includes the newer ip, iw, ss, and ifrename commands.
3.If the ip command can bring an interface up or down, why not use it rather than ifup and ifdown?What ifup/down does, (via the ifupdown package or presumable also the Python rewrite in ifupdown2), that ip does not do, is to run legacy scripts before and after network changes. But note what man ifup says:
NOTES
The program does not configure network interfaces directly; it runs low level utilities such as ip to do its dirty work.
SEE ALSO
interfaces(5), ip(8), ifconfig(8).So it appears that ifup/ifdown has been upgraded from using the depreciated ifconfig back-end, to now using the ip back-end, provided by the newer iproute2 package.
4.What about NetworkManager? (2004)From man 5 NetworkManager,
[IFUPDOWN]
This section contains ifupdown-specific options and thus only has effect when using the ifupdown plugin.
managed
If set to true, then interfaces listed in /etc/network/interfaces are managed by NetworkManager. If set to false, then any interface listed in /etc/network/interfaces will be ignored by NetworkManager. Remember that NetworkManager controls the default route, so because the interface is ignored, NetworkManager may assign the default route to some other interface.
So its unclear if NetworkManager can also run ifup/ifdown scripts, but what is clear, is that NetworkManager can stay clear of legacy interfaces (again “MAC based hardware links”) that ifup/ifdown are still using. In other words, either ifup is using a hardware link, or NetworkManager, or possibly something else, but not both ifup and NetworkManager at the same time.
5.systemd-networkd (2010)This is newer than NetworkManager, and used for wired servers and when a GUI environment is not available.
But it appears that for wireless connections, NetworkManager is the way to go as it is more difficult to manually configure systemd-networkd.
In man 8 systemd-networkd it says,
systemd-networkd will manage network addresses and routes for any link for which it finds a .network file with an appropriate [Match] section, see systemd.network(5) (real network devices). For those links, it will flush existing network addresses and routes when bringing up the device. Any links not matched by one of the .network files will be ignored. It is also possible to explicitly tell systemd-networkd to ignore a link by using Unmanaged=yes option, see systemd.network(5).
Hope I’ve got this all right, but if not please let me know. Thanks.
