Linux Network Management From the Command Line (Network Manager)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

okay so welcome to another fit login in the sky in the ether thanks for joining and today we will talk about how we do networking from the command line meaning if you are managing servers today they're all running Linux we don't really typically install a GUI to have some nice easily click clickety-click stuff to do networking and just talk is about how would you use the command line or even how would you automate setting up networking on punching servers so I really want to speak a lot about myself I've been told enough of fetlock that most of my buyer out there and older presentation but you know I've been part of the fred lock at this generation of fred lark for more than 10 years ever since we started that probably fifteen by now done linux sends way before it was popular so in the old 99 something our days pretty much been using linux our full time for about 15 years professionally so way before my redhead days anyway I am always trying to learn new stuff but as we just talked about to me there's too much to learn I need to narrow my scope a little bit in order to be effective in what I do and you know learning new stuff all the time is fun but if you need to get stuff done it might not be the right way to do it at least not for me so today we will talk a little bit about what it how networking works in Linux in general they will talk about network manager which is the particular all right which is the particular utility we will be talking about in in this talk are the methods out there I now look touch a little bit about what they were an hour when do that and in that sense once i've given an overview of network manager or it's pretty much going to be nothing but commands and we do XY and see I have demo systems and stuff like that I can pull off depending on questions and with that said please do not wait on to the end to ask questions you feel free if you if online a certain topic they do no questions about or becomes absolutely stop and take a chat about it so what did it used to be like oh actually how does Linux actually work underneath the hood so I guess everyone here might be familiar with the expression that everything is a file in Linux and that is pretty much true with the exception of networking so I dare you to find a device file that represents your network interface that's not that's all you can do that with everything else except for networking and that's simply because the way things are built into the kernel does not conduced at device to really look easily as a file because there's so many options that changes the way that device would work it just makes no sense so within the kernel we have definitions of sockets they're filtering them basically our packets comes from the physical electrical signals into a programmable interface where we can actually see the data turn into its invites all to data that our programs can deal with all that is inside the kernel and what we need to do is to manipulate those settings in the kernel in order to networking working and then and that's pretty much been the case since day one but it's it's important to understand that interface into the kernel to do this is not simple and it's quite complex which is why when we go in and I can see what we used to do we used to have a sea of commands and I say used to now some of these commands are still there you can probably still use them but part of what we want to talk about today is how to simplify this world because as you go from distal to disturb you will probably find some of these commands are no more prevalent in one digital versus another and to solve problems you may not actually have to solve it or may not be able to solve it the same same way on a fedora as you do on a Debian because they have a different set of tool sets available now you can solve the problem it's not like it can't be solved in one and but only on but if you are not talking and not asking questions feel free to go unmute that way when phones ringing and all that stuff it doesn't go out to the whole party here so if you are familiar with Linux a little bit I'm pretty sure you've seen the command I have conflict winston's that's still when I do some googling I still see tons of guides talk about that and it's a fun command because it literally been deprecated for more than ten years by the reasons for that is it's very very hard to script anything that is based on that command it can be done but it's all kinds of weird webs and pattern matching because the output is meant for humans to read not computers to read long long time ago that got the product deprecated and replaced by the IP command but for some reason a lot of scripts kept the basis have been only to update because I have confidence still there even though it looks odd and it's hard to maintain we're gonna we're not gonna spend any time converting it to the IP so we literally still have ifconfig out there even though it hasn't been developed hasn't been progressed for a long time but the progress I of confidence it requires all these additional tools around it to be complete where the IP command that replaced it is a single command into the kernels view of what does the network look like so the very big the probably becomes if I'm a developer that wants to add network functionality to my code and I certainly don't want to blow up just develop it for one distro I want it to be for Linux or dinner sisters in general it's definitely not an easy way of coming up with what can do that makes this work on every district there's no consistent API there's no consistent set of commands a way to do it to where to stall reconfigurations everything is sort of like a little bit up in here which is why you found that Winston some des would be easier or actually work sitting up network or the distal wouldn't update but those schools you are dealing with were not updated to fulfill didn't work so that really was one of the reasons behind thinking of network manager and the fun part of this is it didn't really come out of a technical I need to script things it came out of the genome group thing data tired of not making all their plugins work where for networking they needed more consistency how to do that and so network management and you look for the option projects they hold on the big norm project Wow if you done that working on and Linux the files looking like the one on the left here is probably something you've seen before now I know the Debian version of the interfaces is slightly different but it's still the same idea that you have a file trying to finish setting and then you need to remember what needs to go on each line and you know if you do a spelling error or something else you may not even know about it because it's just a variable defined oh if you spill a variable differently it's just ignored this is a very interesting interface that looks very simple and enflamed to begin with but very quickly in large deployments becomes I never ought to do it making sure that what you actually had in your files and set up for networking in black was applied was also not easy you could apply it again and I had systems when I applied that to the main interface the Box station became unavailable until the network came back up again so it wasn't just something you could just do other times it's not a big deal but anyway so I have these files and a dump script to apply them we still we don't have much control and nothing is guaranteeing that the interface of the network settings that you actually have active hasn't been manipulated since that fire was one so during an update someone may have fixed the problem on the live set ups but when you didn't reboot and all of a sudden those updates are lost and you may not remember because that was two months ago but they're being able to manage and understand and control your networking is more than just being able to manage your file somewhere even if you do understand it and I must admit understanding the network files configuration files I still go to the documentation today because I can't remember all the different options I mean I remember the main ones but not how do I set up a bridge how do I set up pretty much anything because all those options are pretty much no in my mind it's changing because I don't use them very often but it wasn't really bad as like as I said you know one of the things that using the files really allowed us to do with some flexibility if you really understood how networking interfaces and devices worked in Linux having a script as the only way to maintain them provide you all the flexibility you need it to pretty much implement whatever network configuration you wanted the only issue becomes good luck in telling someone who's just starting up the lens how it works how to maintain it so we tried it buoys and we ended up with the problem we saw earlier that every every distro had their own way of talking to it and they were very dependent on but how that this girl actually stalled ater applied and everything else was different between each of them and we needed or at least a foreman on perspective they didn't really care whether they were running on Fedora or 1/2 or somewhere else they wanted a simple and unified way of doing networking we've got is a vertical running so this brings me to network manager I want to just stop for a second I asked if there's any questions we have to get into the meat of network manager or comments that's fine I will continue so if you look at network manager and look at the official definition it's a little wordy but what it basically comes down to is it's a demon who's responsible to work with a subsystem called divas inside of almost distorts today Indy buses is a fancy way of talking about how data is passed from one system to another so if you've ever wondered how your computer understands that when you hit the letter on your keyboard it ends up in your focus window it's because everything that you do from moving your mouse usually a keyboard and clicking are all converted into messages that are send on an internal bus and then it's up to each individual component to subscribe to that bus to get whatever messages they're looking for that's how it you just the same keyboard driver and everything else works for every application you have that they don't all have to have the same their own driver and the idea behind network manager becomes utilizing that whole subsystem you communicate back and forth so basically it's a demon that listens to the D bus and it also sends out messages on the D paws to allow applications to talk to and from the network configuration management it's pretty much all of this one of the things that may not be clear is that network manager does not care where are the settings are stored that's literally a plugin and that plugin is definitely different when it comes to distribution so typically what you will find is the East distribution more or less hard curves they're all unplug and or where those initial files are stored but to network manager to the end users they don't care gnome for instance would use gee comp which is the norm configuration files you store the settings when you go and define networking info and then what manager doesn't know any different it's just basically being told to go to that location to read your settings instead of going to another location to talk about so it means it's very pluggable and it's very portable it doesn't really opinionate how the distribution want to do things it just allows things to talk to one another on a consistent interface one of the things that Network manager needs to provide again if you look at those scripts in the past most of those scripts were written to only allow an admin to run meaning they literally need a root access to to manipulate the devices that were all the system level devices however if you take your laptop running Linux and you want to connect to your Wi-Fi at the coffee store once we can go back to the coffee stores you know that that's really not what happens today we don't want to have to log in his room to just connect to a Wi-Fi network but in the end that network is a system level device the one of the things the network manager has to do is to sort of protect or wrap those system devices into something that an end user without the higher privileges and manipulate by proxy and that's one of the advantage of having the API because now I can send a command and I can then use a system of authorization behind it that says do I actually have as a user the right to change this device or the right to look at this device for that for that matter and see what it does so you can take that even further you know you can plug in your USB device with a either Wi-Fi or maybe even be a hot wired network and also as an end user without root access configure that yeah and if you try to have the pure Linux or as it used to be without network manager that would not happen you had to be rude do any of that stuff so behind network manager to control who has access to what it uses Palkia and Paul kid is probably something I think is less well-known I think a lot of people have shown sudo is how you escalate privileges that's pretty much not the case and hasn't been the case for a long long time at least from the GUI perspective everything that controls what you have access to today so we need to put polka so if you've never used it or look at it it's it's well worth a little a diamond to figure out how that works and that's so that's what allows you and GUI to go and to find a printer or networking in this sense or something else that typically would require some system access it's all God guarded by a simple global distant perspective policy setting the decider determines what can you do as an end-user what another thing that network manager needs to be able to deal with is system events so one of the things that your command lines did not do was that if you for instance are let's say you define the Wi-Fi for your home network but you took your laptop to work and then you come back home the problem is that unless you're booting the box it doesn't know that you are in a range of a new network did you have to literally run the command again to either find it or just say connect to it when you got home even though you know without knowing where that network was around with system did sir yeah well system DM network manager sort of like integrated at this point but what happens is that when the device is plot in system D will send it to you they have to network manager to tell it that the new device got connected all when the radio comes on the Wi-Fi radio comes on it will do a scan and if it sees a Wi-Fi that you already have to find its Auto connect it will automatically when it sees it that's one of the things that those system events allows network manager to do is to say when a message comes in from either the kernel or from an AA system the Vincent might be scanning to see what Wi-Fi is available it can take action based on their automatically so as a user once I have to find that when I'm in in this network just do this or when I connect to VPN do this it cannot be set to automatically activate those features without having an end user basically intervening and I think we take a lot of that for granted we roll your cellphone's forever and they all do that so just think back when we look at the simplicity of the old days with running a simple little script like I have that the consequences of that was that there was no automation and because we need automation and that's one of the requirements here if it did require a design change and now pies the last ball here and and then this is something that I think a lot of things get lost when we talk about why we want to have API so things just because then let's say a new version of the kernel defines a new way of dealing with a certain device but we've all been used to that the kernel will hide some of those details but we know that because we have a kernel group that fights to keep what they called use of space intact and not change that my code doesn't necessarily see that change it's just that maybe another call but my existing calls will not change this because that feature of the kernel changed the same is true with network manager in the sense so when we get new features in the network all the old ones are not changing or when an existing visit has more options for an ethernet or that you're using we can still utilize it the old way I don't have to convince or update my clients every time there is a system change anywhere else that allows me to basically develop once and use it on distant if this distribution there are different life cycles of both network manager but other components of the system without really needing to take that into account you of course if you're depending on a specific feature you will have to query does it exist and if it doesn't you tell you sir you can't do that because that feature is not on your system but beyond that it's not a big deal for a anyone who wants to extend how networking works and that could be as simple as your app needs to know whether the network is up and running in order to run your phones do that all the time and so even though you may not be configuring network you need to query the network state and be notified when the network state changes and that's one of many features that nevers manager provide but I couldn't find a diagram out there that someone had already done that explained the components of network manager I put this together based on how I look at network manager not as an engineer that's developed it that tons more components inside of it and then distance this is very simplified to me there are two main components that depends on you dev so everything starts with a device manager and in Linux and I quite frankly don't believe we have any distributions out there that are not based on you dev anymore so I'm very happy to say I'm pretty frankly saying you dev is probably a requirement here to make network manager voice so you dev is what defines what devices it's what talks to the kernel to understand what the kernel sees and it creates the dev file system and a few other things that allows me to interact with devices on the system it also uses d-bus to let everyone know whether the new device is fun and so using that methods network manager defines the devices that you deaths have defined and it devises a representation of something physical in your box however as an end user I can create additional devices that are logical and you'll get into that a little bit later I won't go into many details unless you have questions about them but the point here is that I can delete a system device if there's a piece of hardware behind it I can't remove it it's it's unless I take the hard way out of the box but I can add logical devices of the system and I can of course delete my logical devices but to configure how they are set up how they are connected and how you you settings are done there's what's called connection definition inside a network manager that is tied to one or more devices oh sorry your one device is tied to one or more connection settings so the reason you may have more again go back to Wi-Fi as an example you may have more than one Wi-Fi connection defined you may be at work you may be at home you may go to your family and everyone has different instance IDs well it's the same device but it's different settings every time you go to different places think about like like that and you can apply the same mechanism to your physical interfaces on your box doesn't change so those trees and now I'm more components of never manager but they are really just in addition to I was a global functionality not the specific functionality and I'll cover some of those in a moment but network manager is about managing those two things and never manager then sends and receives data to the D bus and I did like GUI clients I mean clients in general so anything that wants to talk to network managers uses it because you know the less likely to start looking at getting into the network manager command-line interface and how that works so when we do that we need to first think about when you talk about a network device how do they look on the system how do I recognize something as being a network device yes where it may help if you've seen if you have up into a server that has more than just a couple of Nicks in the back do you know the problem which Nick is what interface so I don't want to go too far down this road but I gotta mention because the reason I wrote this up was I spent all that this week and we just came from trying to hunt down a problem of setting up a new hypervisor that had eight NICs in it and I could not get the funding to work he kept airing out turns out after spending much less than hours and point out my hair why would not communicate like with this way that I have misidentified what poets were on in Linux corresponding to what port on the hardware outside so I literally had to keeps plugins with one pause that was because all they had was a sequential number given to me by device and that doesn't tell me when I look at that row of nicks in the back of the server which one is what that's the problem with networking once you get beyond hey I only have one interface in my laptop so why why do I care so we have something called a predictable network interface which should be enabled by default at least I know that that's the case with the door in center where as well as that etc that I did followed we'll do a real 8 installs a day that's just an evil now some people don't like it because it took away the X 0 1 2 & 3 ETH sorry 0 1 2 & 3 and they don't like the new names however I should be used to it the names actually make a lot of sense and in the end you don't mean see the network device that often tape your quick question if I could what what part of what subsystem so when you plug in a USB Wi-Fi device what what system detects that and adds that that network interface to the list of interfaces that are now available to you that's you does everything that I'm going to talk about next couple of start and actually have a couple of examples of how you do that you don't but it's all you devs responsibility is to create and set up those entries to the kernel in the dev file system and that goes we're not working in two phases to so whenever a kernel comes up with hey I have a new device and that could be your plugged in a new hard drive or USB or something else you dev reacts to that and decides what to do and it could be everything from ignoring it through setting it up with specific security rights etc etc you can even spawn processes in response to a device change that answer your question maybe I'm you because I can't hear you oh I'm sorry I'm not at my head up in that yea it does thanks yeah unfortunately took away the video so I can look at my screen here sorry okay so the predictable names are and I will show later this is all coming from you dev but one of the things about the predictive names are that when you have a machine where you change hardware and I must admit it's something I've done a lot because I'm cheap and I buy old hardware so off might have to upgrade or replace the old slow stuff with new just pass the stuff but if you take a machine today that may have let's say to building nicks on the motherboard and then you add Nix as a plugin board if you just use the old ETH one zero one two three and so on there's a good chance that when the system comes up and sees that extra card and those they say for extra mix that you are zero and one is now five and six Mike so be so this is the problem when we don't have predictable names when things change because if the buyers really sees things that stay physically on the bus and it starts enumerate them depending on how it discovered what's on that bus and that's at least for me is an act mr. Specter Brandon depending on how the kernel is set up sorry the buyers is set up on that piece of hardware and where the carts are in their hardware they will be found and discovered at different on different numbers so what the predictable naming literally does is it is guaranteed to stay the same but godless of what you do so if you add more Hardware later that interface name that you configure will still be called the same and I try to sort of indicate that here on the bottom of this slide as so if you look at the interface name today when you you start them up they will start en if it's even and most of us that has a a wide network that's what we'll see and there's something following it that one up in a moment but it can also stop WL wireless or if you're really smart and have a big router and all that it could be w-w-whoa wide area network very nasty connections but I think most of us will see en and WL on our systems and after that can be a bunch of letters and numbers though in my case and that server example I had before because it just used enumeration it was the O and the number that the buyers had found I in my case of all the Knicks were on the motherboard so it wasn't plugged in so I know they won't change unless you change in my board that probably won't happen but I did not know which number or I thought I knew which number you know one was versus no.2 and turned out that my assumptions were wrong so it's very easy when you just have that number you go wrong but you can also when you go to fully predictable instead of saying just a number it actually literally talks about the slot it talks about it the type of function it has so you can have different types of network cards in the box it can have to have an ID that comes from the hardware and they all can become part of the name and when you do that it is becoming predictable because now I don't have it all to generated based on enumeration when I boot it is literally looking at the hardware information on that hard to generate the name and it will not change as I add more hot rod so how does it figure out what to call them well so it goes to any like a priority list or a scheme number here to figure out which one to pick so if it can it will look at you know what the firmware provides if it can do that it will take a look at a PCI Express or something else and if you can't do that it will go and it will basically jump from one to another to another to another to not if it's a how to do this but you can disable each of these levels and you can see number for instance all of a sudden now we have the MAC address that looks awful but it certainly won't change and in the end I don't really care about the device name as long as I my configuration works next time I booted I'm pretty much a happy camper all of this is documented in in plenty of documentation about network manager and you know on if you look at the available documentation all this explaining in severe details of how do you configure each area and why would you choose one or one other and etcetera etcetera but the idea again is it's all consistent it is all done but you don't what I do like is that because it's customizable I mean I do have some control I mean all you have is nothing but files that has the rules it says if you see this device and it has this IDE or whatever to wax and those rules I can write myself now the system comes with a lot of rules out of the box they all then use the live you have something in that sense but I can go write them in Etsy Udo and that's really how you can go in and define your own rules if you don't like the predictable names right when they came out I saw a ton of people complain what happened to the Etsy a eth0 and one and so on and literally all you have to do is add one thing to the current command line when you boot and it disables it so as you can see the net I have names the equals zero is the current version of Braille definition I wrote that and forgotten all about that it used to be different so this morning I added in the bio step name which is the old way of doing it and I'm still finding systems even in Center where's the use of staff so you may still need to use the old way of doing it that's it it's very simple to add your own rules so you can take the edge CDU dev rules are for instance and create a 70 my net names rules they're warm do whatever you want so if you want to name them numbers or you want to use specific ID that you graph in the hardware something else that make sense to you you can set that up fairly easily and then you can add the nickname slot rules which is where the dimag address and all that stuff comes from I'm solve that so in case you don't hit it with your rules and they will default using the MAC address that it will still be persistent so it doesn't have to follow the rules that we'll set up initially and I think we had was a pretty big driver behind the initial naming working with the hybrid vendors that all certified on well-defined a way of making this persistence when you have ten mixed and observer or more that it's easy to figure out this Nick that I'm talking to in my code exactly corresponding to that part in the back of the server so with that in mind I have not seen a Linux installation for many many years that did not come with network manager my best googling is telling me that that's also the case in Ubuntu and if quite a few other distributions that you really it's not an option you can remove it it doesn't have to be there for networking to work but it looks like just like I'm fedora then when you do a basic installation of it or network managers install as part of that if you don't have it just install network manager the only trick remember to capitalize the end and them I don't know why but that always gets me anyway and even if you're not in a GUI so network exercise network manager was initially started but ignore module because they had a very concrete need to make it easy for end-users to define it for them that said even the server's can benefit from at least the automation of what to do when a device comes online and offline but there's a lot more and the last part if you don't have pass complete enable it with network manager it really saves a lot of typing as you go on because it will enumerate devices connections and all that in the right places so you don't have to remember all the exact typings and a lot of typos and all that so we have two commands that you've got optional years with network manager we had n MCI which is the command-line tool that we're going to be talking about today the nmcli is pretty much everything that you can do in a GUI and a lot more so it is as pure as it gets as to being able to deal with all features of network manager now in curses is a nice little tools that you can use on character screenings to make menus and almost clickable interfaces and for some that when you're just starting out that may be the way to get started at least quickly because it just says well you want to add a nick or go here and click there and fill in this little form and you're done instead of having to deal with commands I rarely use it because I can automate it I can automate nmcli or either using bash or it's all City interface to use ansible but for today that pretty much is what I'm going to be talking about it Wow I can't even hit that anyway so network managers CLI is pretty much what I'm going to talk about just remember there is an additional command dd - atchoo if you want to play around without getting into the deep that you've gotta touch it a little bit about today so the CLI can pretty much as I said - everything did network manager you can do so to display edit delete add remove whatever you want to call any kind of connection that is out there we can look at you can use it to look at the status of everything on the network side in one go or we can look at it and in these are the two areas in ever manager I use the most I can look at devices or I can look at connections and when I write for my commands I never write the full device every sub-command and i'm gonna talk about that in a second in network manager you can typically use the first letter it's written so you don't have to write before context so once you've used it a couple of times you end up using these short works it works and it's just much faster at the time but MC ID and nmcli c is probably what i type the most when i do this one thing to remember though is just because i have network manager doesn't mean in every manager has to manage everything now to me that is what makes the most sense that said it will consider you can tell a network manager whether device is under its management or not alright so you can basically configure device to say your manager do not touch this and it will not control it you will I listen to it it will not apply configurations to it and whatever you've done the command line or a script somewhere else is what matters once the system boots it's up to you to really neutralize that interface the connection when we say nmcli connection what we talk about there is the connection profile is a configuration of how do we want this network to work there's a few options you can put in front of the object and these are not all of them but these are the ones I thought was the most important the terse is a way of allowing that word man's you spit out a very easily computer possible list of data items instead of writing it so it looks nice it can write them in so you can easily pass them with Perl Python or even even job or if you want to do that the field allows you to customize what data items to actually report back so you don't get a huge long list if all you're looking for is the name or a state or something else or would be as simple as you just want to know the IP address or something but the default is pretty which is the human readable output and it looks pretty damn good on an NC terminal which is the default at least in Fodor and I'll show you some example of those in a second so here are all the main object types and as I said my concentration in most of these are between connection and I will touch a little bit on the general side and maybe talk about radio you guys have questions about it but I can control the device and connection is how I control my networking everything else has about basically the computers or the system's general state and that can be anything from is this device activated meaning is the radio turned on on my Wi-Fi is it even activated does it get power or where do I want to send debug information to all or something else like that those are all very big global settings that you control use either general or business the monitor side the monitor is a very nice little cool thing where you can follow along all those messages being sent over the wire and what's going on so because there's a lot of options here and it's very easy to get help now we all know the main pages and they absolutely have a ton of information but to me the help page that you see here for instance for Connect is pretty self-explanatory but a few exceptions when if you're not used to it though it might be a couple of what's the difference between ID and not a UID but beyond that it's very easy to see that you can you existing connections you can take them up you can take them down you can add modify even crown or etc etc etc to them so this is probably when I initially have an issue I bought to go here I'll do the double tap because I get the same list when I do double tap nmcli examples in a man cage is another good resource to figure out what options do I have because it's full of examples of uh directly reveal and how do I create a static IP how do I create a DHCP blah blah blah and how do I make some special options in those concrete examples of how it's done so I'm other things I'm going to write comes from those examples and of course if you do a man network manager you get the all manual of the expense when it manages so if I do just enter my nmcli and don't give it any commands at all that screen you see on the right is what you see this is from a server virtual server that I created and as you can see it tells me that as one connected interface IP address tells me the local host local house interface which may have to surprise people it's not managed by open sorry by network manager its unmanaged because it's static in the sense of it doesn't change I mean if localhost changes you have severe problems it's supposed to come up once and just stay that way all the time so if you have a ton of knit and every interfaces if you guys are interested I can log on to a server that has interfaces and it looks like there but in essence you get a nice screen with a complete overview of what's on your system to me this is almost what I got out of just wetting ifconfig in the olden days except I am actually looking at what it's supposed to look like as much as I'm looking at the current state and I get more information here like route information and I do what I have configured now if I really want to figure out what's really going on I can say the general status instead and that gives me information about everything that it knows about from a network perspective why is it connected is it working it's the - Wi-Fi enabled and is - when and evil and I still don't understand why those last four i needled because that was done on a VM that doesn't have Wi-Fi on but in general the connectivity pole means that it has e it is validated that in network settings you have a valid so if you have a gateway and get to the gateway you can do it can get to the DNS servers that you define etc etc so it knows that in network is working but that's a very easy way on a server that may not respond correctly to see if our problems without looking at the exact problems that you have to devise some connections ad I try to learn a diagram I might but it to me sometimes a little bit - well why there's two instead of one it's in essence all I have an interface it has an address why do I have two different components and network manager to deal with that and the way I look at it is that the connection is your desired state and the device is the current state now they're typically the same but they don't have to be depending on how you make the changes a particular if you did them without telling me a book manager about them you will see two different things remember in the end the devices are typically a reflection of what's on the kernel side and not really something that you defined slight warning when you go in and do a device and inspect the device it will sometimes have some sections that looks like configuration data presence it will do a I have this MTU I have this address etc etc etc and it was typically being capital letters which is another way of saying slight with a slight hint that this is not a decided this is actually what's going on right now this is the current settings on this device so even though you can do a show of the device and you can get the basic information of for instance an IP address it won't show you all the settings but it will tell you what that car Nick is doing just keep in mind that that is not your decide state that I've made you just be something that the system has automatically changed because of an event faces when they do bonds and other things like that your next state will change depending on what the switch and it has negotiated and that may change depending on what happens on a physical level and you will see those changes in the device show this is one of my favorite things to do whenever manager so everyone is used to going up and in one of the corners and and you look at your wife eyeing and it will tell you when you turn it on it will say well here's all the wife eyes that exist and you can click on it the last before password and all that but I mean you ask you will often find that people won't know that they can do the same thing so in my neighborhood there's probably about thirty or some Wi-Fi signals that most of them are weak but I can see them from my house and this is the kind of picture you get by just basically saying to never manage your numerate the Wi-Fi device though that basically tells it to your skin and you can see some of these are mine but then it gets a lot of stuff and this list is much longer that what this taste is for but I can see all the stuff that I would do in a GUI on this page a nice picture and even to karkos things you saw a indicate is the signal strength of these devices although it has this weird little bath in one side that I typically look at I must admit someone had to point out there was different colors to me so I just look at bars but it's so said that this is one of the cool things about this command without really telling you I get the strongest signals first which is typical the ones are most interested in when you connect to a Wi-Fi it's again very simple I just basically say executive I find connect to and then the other the SSID that I want to connect to in this case here because I didn't tell it what the password should be it prompts me for the password on a terminal I did not put that in here because I didn't want to reveal the password but in essence that's all I have to do to connect but if you really want to do it the hard way as I call it you can look at a command options that after that connect well you can tell that everything from the SSID to what key do you require you can even specify the specific if' name the interface name that you want or etc etc etc so you have a ton of control it doesn't just have to be as simple as that and even better you can create your own house but very simple so if you are I have done this quite a lot you are in with a group of people let's say your hotel you're you're preparing you go on site or the next day but everyone needs to sort of work get online to do some work but the hotel's Wi-Fi sucks so this is one way of sitting off a laptop or something else to be that Hospital one connects to and then you have one connection to deal with its decimal most of us deal with wired networks on a server and wide networks is just as easy all right so if I have a interface called Etsy zero and again they can't exist we don't necessarily see them that often anymore all I have to say is connect to device it will automatically create a connection if it doesn't exist which is set up automated meaning DHCP for settings so if you have a TCP server that's literally all you have to write to get a network interface up in life it's that simple but I don't have the need for static IPS and all kinds of custom configurations that's all I have to write no more no less I can't disconnect just realize I can't connect it I can get status I can delete it except I can do all those other things that typically we do it the once I've done that you can see this is an example for my similarly the server sorry my virtual server it has two devices and it's connected on one of them only in this case I sorry and this may also be an example of this is actually the way predictive interfaces again so this is part one on slot 0 that it's simulator sorry this is a VM but it's getting assimilated PCI card and that's what that PCI card is reporting however not all stuff is using DHCP so here's an example of me adding a connection where I'm from the command line setting up the address right away so again I say connect and in in this case here I'm not defining I'm not in the first place you go back where I told it was to take the device and create a connection in this case here I say take a connection and use this device did a difference and in this case I can cut it allows me to customize the connection so because I'm doing this I say well I want to call this private and again go back here remember I had this down here that was disconnected and not used I'm adding a permanent address to that it has to be is a type II thir net and then I give an address and again in this case here because this network is non-routable I don't need to tell it DNS and all kinds of other stuff I did miss out one thing or I will get back to the other moment that it's not a command line that I should have put in but in essence that did work I just didn't work on Boop I can get into that in a moment but that's literally all I need to suppose again for a simple static IP address that's all I have to tell it now if you look down here in when it's sitting it up it is saying telling is this getting an IP configuration which makes no sense because I wanted to be private the problem is I didn't sell it you stopped using DHCP I just told it that here's a preferred IP address so I needed one more sitting up here to tell it that the method needs to be manual and I will show that later on in a different example how do you do that then once that's been defined I can use the IP command I didn't really expect a plan on showing a lot about IP today as the command but if you have never used it before it's damn powerful I'm sorry to use that kind of language here but I learn how to use it and you can get it will solve or help you solve network problems more often than not and I have conflict does not give you half the data you can get from there but in this case here I get the internet were thought that the IP address our game it of course with the IP a I don't see the route but it has that too but it also enables by default IP v6 so it gets a little building locals ignore in Zen mci does it this nmcli zip fully ipv6 yep absolutely so how do we actually see what's going on so the connections show is the way I would inspect all the settings for in particular connection now it spits out a lot of data actually so much data I couldn't put it on a slide it's a lot of key value pairs leave me I'll show that once I'm all done here we can go into some example like it comes data comes in some different sections there's a connection section that has things like do I automatically connect or under what circumstances should i connect it's basic like global definitions of what that connection is then it has some Ethernet definitions about what type of user name is and does it behave then here's a set of IP 6 and IP 4 settings and a status section a few other things coming up but it's literally like two or three pages of green stuff dump done on your screen for all the options that are in a connection and depending on what it is you're looking at whether it's Ethernet or rich or VLAN you will get different sections so it does follow now you can also use nmcli you just get one piece of mail you can query and not get that whole list but if only one for instance the IP address I can say - gee and IP for tower address and then connection show and what connection is and it will only return the IP address and nothing else so that's an awkward way of reduce crypting and you just need to retrieve something from the command line that's one way of the of of doing that modified I'll use the modify style show and it's all key value pairs so if you know for instance that it's ipv4 dart addresses you can say that I did and now in key it is IP before that addresses and the value would be the new IP address you want to edit I often use the MCI instead and what that does is all alike gives me a subshell where all I can do is in a CLI commands and hence I can do a print and go around and change the settings and all that that's not really scriptable but it allows me to get a quick feedback if I'm typing something wrong places I've had times where hate comments the decimal point in an IP address and it will tell me that I can't do that when I do it from Siena so there's a there's a good way of at least when you come out and you diagnose a server to use the edit version instead of trying to remember everything by heart or when you do to my father and I will show some demo here of how we can do this animal so as I mentioned earlier one of the things that Network manager allows me to do is to decide who on system can do what in particular we don't assume that users can to find out what devices user can p8 connections to Wi-Fi and even the Ethernet without needing root access but we can control or modify if we want to what those rights should be so you may not want those rights on a big server you may not you may offenses want to ensure that the system devices on the server cannot be modified by an unprivileged user and that's what you do with the positivity key action you can go and take a look at what they look like and modify them and ensure that devices that you don't want accessed of Matt and manipulated by others are not accessible another cool little feature is the general locking option but you can tell that what debug level the different domains and we have about 20 different some domains of types of locking so depending on what type of device you have what kind of hardware you have there's a different domain joint so you may not have all of them equally accessible meaning if you don't have fiber channel in your server you know using the fiber channel domain doesn't really help you much but it is there by definition as a poly code but you won't so us out of it but as you can see if I have a problem I want to debug I can literally turn off the undie part level on for instance or they have one in there to form I actually layer three with IP both for standard IP addresses and I can then see what network manager does in details and what it gets back and those numbers in my logs so the next few slides are going to be about little more than events or than just setting up an IP address again I can show us that I can show systems in practical how this is done or because I have all this stuff running on all my servers so I use in every day so if you want to see a practical example how these things look I can show those but let's take a look at bonding so if you are running a server in a big data center you most likely to already know what this is but just in case you did not know what a bond is or what a team is that when we have communication between servers and for instance we want to make sure that we don't suffer an outage just because one thing fails all right so cables can feel which ports can feel any device that every piece of hardware that you have technically can fail a lot of times it fails because the stupid human does something but any device can feel what one of the things we can do is to say well instead of just having one wire between the servers or between the server and switch I want to have two wires and in case one wire no longer works automatically switch over to the other one and that's called active background so what this does if you see on the side is a set up a bond and [Music] that's just basically creating a new interface called wipe on it so this is a new device that is not really physical that I created and then I basically tell it to I've been part of a long long discussion about whether we can call it things masters and slaves so these days but this is a network slave sorry that literally says that this bond consists of these two network interfaces and this protocol tells us which one of these two to use depending on which one is available and that's pretty much as simple as you can this doesn't even require you send us sit up on the switch the new way of doing this upon is the will stuff that I used back and real four and five so it's not that modern anymore it has been preceded by team D team daemon which has a lot more advanced features available I really want this was not a matter of going into details I put what I do this link down here if you want to see the details of what team D can do and how you configure it it's quite advanced as you can see one of the things that people often need is adjacent file that specifies the Advanced Settings of how does this team of Nicks work together what protocols to use on the time house all kinds of stuff you can define in there you cannot do that with bonds so it's by far if you if you're setting up a new server today use team but in essence it does the same thing but in the end it allows you to set up a master I have multiple slaves or needs and now it doesn't have to be a back active backup it can be anything from an AC PD NACP which is a switch protocol that spreads out all sessions or multiple Knicks so you literally have more bandwidth you go out now not per session but if you have a server running lots of VMs and you may not you may have from all the VMS more than one your standard one megabits per second coming true you can spread all that traffic coming out or multiple NICs very easily it does require advanced switches but it allows a better thing all you can do a very simple round-robin on the switch which also requires a managed switch but those are the other cheaper ones VLAN is to me one of the key aspects when you do network Enterprise wise you're most likely going to be supposed to be there so it's a way of dividing a physical switch into smaller switches and even better it's a way of connecting multiple switches together as if they were a lot of smaller switches so they are isolating traffic between them looking like separate network living off of VLAN is one of the simple things doing this the old way always caused me trouble network manager has made that extremely easy so you define a VLAN again just like we did with the team and T name and you basically say that it's pretty know this VLAN is going to dis device its using ID 10 X etc and I can go in and this is how you can modify by script adding an ID and add where is the gateway a DNS and in this case here this is the one I did not have in my example the ipv4 methods to manual because the default is auto and he used the nmcli see edit and you tell it I want to add a manual address it tells you you want auto would you like to change that to manual and you say yes and it's doing it for you if you don't do the edit then you have to manual remember to do it otherwise it will still try to use DHCP and only fall back to your IP address if that feels what would be what you want to do here's an example of one of my servers that are using a lab that uses a VLAN and the way we know why I used the name VLAN to make it simple but I can also see by name out here deduct 20 years didn't give you that idea that I'm using you can actually see that it is built on top of a team that is spread all screen X so I can nest these things together at any level that I want so you start with a physical network teaming together put the mandala and I could then put VPN or something else it doesn't have to be a only one layer on top of it the wpm I'm many years ago this is really what got me I would say excited about network manager because initially I saw Louise and I didn't really care about how they were implemented I must admit because I didn't do it myself I did not know what to develop us from going through and it didn't strike me on self doctor some of them I read about it that they actually did not find it that easy to do but I had a big problem initially when I used the VPN it killed my DNS in my local lab and most of my work involves doing demos or setting up simulated things that I talk to a customer about and I use my lab for that a lot in all of a sudden whenever I connected to the company VPN I lost all access to my lab and that didn't really work so for a long time I you know I would connect to the VPN do my hit the work sites and they know this connected I'd use my my lab it was like back and forth back and forth not fun I then found a sexy option called DNS equals the DNS mask in it word man and now network manager using DNS mask as the implementer literally controls what happens when I connect to the DNS search in my VPN and able then try at the NS resolution first I'm like in the VPN DNS if that doesn't work it will try my local DNS too so all of a sudden now even when I'm on VPN and I can still access my local lab and not mean that saved me so much time and frustration that it just like I went wow this is something I need to learn all about and eight years later or something like that now I'm doing a little talk about it who activate a VPN again if you're in the GUI you most likely gone down hit the little on button on a VPN definition and it comes up maybe asking for password and you you're connected you can do the same thing from the command line by using the ask so basic in this case here that just tells never management you prompt you on terminal for the password and it says Texas connection up that is my VPN definition you define VPN connections now a lot of that has to deal with a lot of data like certificates and stuff like that so typically we have in little file somewhere these usually less than 20 lines but it usually is a file that may have references to other files like service that you can use so in this case here and let's say I downloaded a file from my company that says yes the VPN to old VPN and in order for me to use that whenever manager I just imported into network manager on oh I can do the hard way I can define my connection and give it all the options about money interface two years what permissions to use what type of VPN it is a point-to-point in this case where a gateway is etc and then it will also configure this way II this is a very simple VPN it doesn't have a lot of Accession this would definitely not work in most of the places I've done VPN it's not secure enough but it is possible to do that way to purchase so if you run VMs today on Linux you're using breeches you just don't necessarily know about it or care about it but one of things that I've done on most of my servers that does vitalizes at the very least is to have at least one bridge sometimes more than now and all the bridges basically allowing you to do is to have one device being represented by one or more underlying devices but so it allows me to basically define a way of saying well here my VMs they have their own internal network they think about but it's actually part of this bigger network in the rest of the system so it allows the VMS to see the whole network as if they were plugged into atomically that's what they means by bridging they are pitching that local idea into the bigger one and they're sort of connected that way that allows me to basically take my hypervisor and expose all my beer as if they were standard physical boxes on that network in in most cases if you just have a laptop on VMs it's behind the NAP gateway and it's literally not gonna be part of your bigger Network and that may be on purpose and then you won't use a bridge for that although you can you can all set up the bridge to just use a nap but again use define your bridge and you add again the word slave here I may start changing my slides with some being told a people I need to listen to more that that name use but it's basically just telling your practice interface is a building component of this other interface and you can have more than one interface per bridge no problem there's really not magic network manager I like whether potato saying earlier when it first came out because of all the automation of responding to events and people with servers tended to think very statically that that was the first of all if you can't make it work because it keeps changing your stuff just turn it off I would not do that at least not today now there are situations where some systems have designed with the presumption that this thing does not change I mean the network's can't go up and down unless they have you know another piece of software is doing that not never manage in that case you may end up having a system where network managers not management mix but instead of uninstalling it just make those Nix not manageable find it wouldn't manager that I still allows you to have that commonality interface of code that may need to carry the state of an interface and all that stuff implement me because this not only so much help but if the autotap complete works so much easier to remember what to do because I don't have to remember all the settings or go to manual somewhere to remember that this variable set like this means that but in our context it means something else and the fact that when I plug in a network card sorry and you know if I have a server on the and the plot let's say I I plug in a new and unit it will automatically activate I don't have to do anything I can turn that off if I want to but because it responds to automatically hoc way events it makes dealing with hardware so much easier that's about it trying to keep it within an hour and I'm almost only all about 10 minutes I think um I really wanted I know that wasn't wanted two questions here but I wanted to make sure I had enough room for questions on demos and stuff like that oh so here is yes my demos over good question before I leave Peter so one of my projects that I'm going to be trying to do is try and do set up two Linux boxes and do a tcp/ip / ham radio between two two different boxes I don't know if anyone here has experience with with with tcp/ip / / ham my my father-in-law's a ham but he's not experienced in Linux so it's kind of a project we're doing together but I was thinking about once I get this running but I could maybe demo that you know for the group as to how I set all that up is anyone else have any experience in the area is that something people would be interested in knowing how to do I'll be interested I have no experience yeah it's uh it's quite interesting you know the bandwidth is fairly low so like you know you need to use something like mosh or something like that probably if you wanted to I wanted to work between two boxes but I'll go ahead and uh yeah I'll write you an email or and you were Ted just once I figure out how long it's going to take me to do and we'll set up a time where I could do a demo for everyone yeah we would actually do that in the military using pressed roll radios and we were you'll be honest we would usually use it for a humanitarian Hertz okay and the Pandu tcpip over to rest over a Dios well it's interesting not to get into the weeds but I was doing the reading that I've read this far actually you can actually just do it over your soundcard going into the I guess the ham radio device nowadays you know if you've got an input and output on your computer you don't need fancy cards you know or anything like that but anyway I'm gonna go ahead and dive into that and but once I get that once I've let's I figure I understand it and I'll put together presentation and we can do stuff once but that's it's networking related so be interested to see how that works you know something super where it was video over laser ah I don't have any lasers to use how to how to broadcast eight videos and signal to a very long distance you know set the laser up so that was being received on the receiving end just right but I've never tried it I don't I don't have any lasers that would have been cool the only laser I have I have any experience with was back in the early mid aughts when I was in my early career at the National Science Foundation we were setting up our our network to internet to to connect Internet to and the only way to do that was via point-to-point laser between two buildings because because Verizon wouldn't let us tear up the the ground and and lay down fibers so we had to use a you know like a like an oc-3 you know over laser between two but the problem is when it rained you got a range attenuation and then the connection wasn't that reliable at any rate only heavy rain heavy rain did I gotta go thank you much it would be a fun topic for a talk you know you know the new IP your video over some weird device oh yeah absolutely see you later all right cool have a good weekend know why I bought this demo up just in case there was specific things everyone want to see but here's a command so again this is the demo server that I did some of the examples that I just talked about on so I have to Nixon here why does the connected one that is connected to base it will network and y'all one is a fake network that doesn't go anywhere but it allows me to do demos so here's the command that you saw in the earlier slides that will basically add a connection to this interface and you will tell it it's IP before give it an address giving a gateway now that I have that as you can see it's connected I have addresses and all that and if you want I want to show you the reason that I talked about all the options but I say but go in and say that wasn't correct so it's giving me a hundred and eleven pieces of data that I can reach what required between this is all the data in the network manager is tracking and following on this particular connection that I just said on often what I'm interested in is just a couple of these I understand the idea you can come become very important in the script but the type and all that I obviously for granted the Ethernet I don't really think about too much but auto-connect it is probably the most important to me and make sure that the interface comes up and boot this literally buddy means whenever it sees the device come up not automatically connecting the or connect is not just a boot it is literally also meaning there's someone plucks and they keep in the back and if there's more than one definition of connections on that interface which one comes first give a party but I most of cases I just look for that because I or my hardware I only have one connection most cases it also can tell you about zone 5 wall if I will do you attach to so that is also important other than that I really only concentrate for ipv4 the options that I'll be looking at and that's really the ones I remember so everything from what DNS servers do I want to do in gate again this was a private network so it's not there but if I went to the other one you will see that it actually has oh it's it's TCP so it doesn't show get your DNS here it shows them down here oh it tells it that the DNS server here is that it but this is one of the cool things again if it's capital is usually a derived farm state of where things are coming from so in essence when I want to change something I can do an MCL IC and then I can say private and in this case here it tells me that holy moley you know you can actually do all kinds of things as you saw I have all these different sections if I say crap basically telling me that each of these sections by connection the Ethernet are all are now available to be edited now it's a little bit strange that it thinks certain features are there but I think the code is just basically saying hey each other connection and these are the whole potential type of sections you could see regardless of title so if I want to edit something from in here there's two ways of doing that but basically IP before the speed DNS just with one of it ipv4 we can now see that it added that yes and here comes the the bulk of it when you use edit if you don't save it then it's kind of like just doing a memory that's number one say just saves the state you need to tell network manager to activate to change basically like committed so this allows you to do a lot of changes without having it try to commit it to the network every time you do a line right so why did you say activate in order to make that change active on the system and now I took a while look at my resolve there's that them so that I added from the onion for you so nmcli see edit is a debug tool that I use quite often when I want a script I use all the ansible or I would go in and do the where you add all the crops which like you saw here on the Don command line like that this is the way you could say in a script just create a new connection or add this or add a bridge and all that stuff you read all from a single command and I the simpler way to automate things if I have 10 service to configure I don't need to repeat it manually every time any particular things anyone wants to see around network manager or maybe somebody like the IP command I didn't say that I said I wouldn't really go in details with or something else around networking on the command line did I mean I'll touch on just one a lot of people here so designer on here and that's about it this should other than that was just Indian poor people oh not and Tom and could engage you guys have questions speak up all ice I think we can call it a effort lock day oh stop the recording

Info

Channel: Peter Larsen

Views: 316

Rating: undefined out of 5

Keywords:

Id: DHNXIGKWCps

Channel Id: undefined

Length: 82min 12sec (4932 seconds)

Published: Sun Jun 28 2020