|
Packit Service |
8f75d2 |
'\" t
|
|
Packit Service |
8f75d2 |
.\" Title: nm-cloud-setup
|
|
Packit Service |
8f75d2 |
.\" Author:
|
|
Packit Service |
8f75d2 |
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
|
|
Packit Service |
87a54e |
.\" Date: 01/14/2021
|
|
Packit Service |
8f75d2 |
.\" Manual: Automatic Network Configuration in Cloud with NetworkManager
|
|
Packit Service |
87a54e |
.\" Source: NetworkManager 1.29.8
|
|
Packit Service |
8f75d2 |
.\" Language: English
|
|
Packit Service |
8f75d2 |
.\"
|
|
Packit Service |
87a54e |
.TH "NM\-CLOUD\-SETUP" "8" "" "NetworkManager 1\&.29\&.8" "Automatic Network Configuratio"
|
|
Packit Service |
8f75d2 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
8f75d2 |
.\" * Define some portability stuff
|
|
Packit Service |
8f75d2 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
8f75d2 |
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit Service |
8f75d2 |
.\" http://bugs.debian.org/507673
|
|
Packit Service |
8f75d2 |
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
|
|
Packit Service |
8f75d2 |
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Packit Service |
8f75d2 |
.ie \n(.g .ds Aq \(aq
|
|
Packit Service |
8f75d2 |
.el .ds Aq '
|
|
Packit Service |
8f75d2 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
8f75d2 |
.\" * set default formatting
|
|
Packit Service |
8f75d2 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
8f75d2 |
.\" disable hyphenation
|
|
Packit Service |
8f75d2 |
.nh
|
|
Packit Service |
8f75d2 |
.\" disable justification (adjust text to left margin only)
|
|
Packit Service |
8f75d2 |
.ad l
|
|
Packit Service |
8f75d2 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
8f75d2 |
.\" * MAIN CONTENT STARTS HERE *
|
|
Packit Service |
8f75d2 |
.\" -----------------------------------------------------------------
|
|
Packit Service |
8f75d2 |
.SH "NAME"
|
|
Packit Service |
8f75d2 |
nm-cloud-setup \- Overview of Automatic Network Configuration in Cloud
|
|
Packit Service |
8f75d2 |
.SH "OVERVIEW"
|
|
Packit Service |
8f75d2 |
.PP
|
|
Packit Service |
87a54e |
When running a virtual machine in a public cloud environment, it is desirable to automatically configure the network of that VM\&. In simple setups, the VM only has one network interface and the public cloud supports automatic configuration via DHCP, DHCP6 or IPv6 autoconf\&. However, the virtual machine might have multiple network interfaces, or multiple IP addresses and IP subnets on one interface which cannot be configured via DHCP\&. Also, the administrator may reconfigure the network while the machine is running\&. NetworkManager\*(Aqs nm\-cloud\-setup is a tool that automatically picks up such configuration in cloud environments and updates the network configuration of the host\&.
|
|
Packit Service |
8f75d2 |
.PP
|
|
Packit Service |
8f75d2 |
Multiple cloud providers are supported\&. See
|
|
Packit Service |
8f75d2 |
the section called \(lqSUPPORTED CLOUD PROVIDERS\(rq\&.
|
|
Packit Service |
8f75d2 |
.SH "USE"
|
|
Packit Service |
8f75d2 |
.PP
|
|
Packit Service |
8f75d2 |
The goal of nm\-cloud\-setup is to be configuration\-less and work automatically\&. All you need is to opt\-in to the desired cloud providers (see
|
|
Packit Service |
8f75d2 |
the section called \(lqENVIRONMENT VARIABLES\(rq) and run
|
|
Packit Service |
8f75d2 |
\fB/usr/libexec/nm\-cloud\-setup\fR\&.
|
|
Packit Service |
8f75d2 |
.PP
|
|
Packit Service |
8f75d2 |
Usually this is done by enabling the nm\-cloud\-setup\&.service systemd service and let it run periodically\&. For that there is both a nm\-cloud\-setup\&.timer systemd timer and a NetworkManager dispatcher script\&.
|
|
Packit Service |
8f75d2 |
.SH "DETAILS"
|
|
Packit Service |
8f75d2 |
.PP
|
|
Packit Service |
8f75d2 |
nm\-cloud\-setup configures the network by fetching the configuration from the well\-known meta data server of the cloud provider\&. That means, it already needs the network configured to the point where it can reach the meta data server\&. Commonly that means, that a simple connection profile is activated that possibly uses DHCP to get the primary IP address\&. NetworkManager will create such a profile for ethernet devices automatically if it is not configured otherwise via
|
|
Packit Service |
8f75d2 |
"no\-auto\-default"
|
|
Packit Service |
8f75d2 |
setting in NetworkManager\&.conf\&. One possible alternative may be to create such an initial profile with
|
|
Packit Service |
8f75d2 |
\fBnmcli device connect "$DEVICE"\fR
|
|
Packit Service |
8f75d2 |
or
|
|
Packit Service |
8f75d2 |
\fBnmcli connection add type ethernet \&.\&.\&.\fR\&.
|
|
Packit Service |
8f75d2 |
.PP
|
|
Packit Service |
87a54e |
By setting the user\-data
|
|
Packit Service |
87a54e |
org\&.freedesktop\&.nm\-cloud\-setup\&.skip=yes
|
|
Packit Service |
87a54e |
on the profile, nm\-cloud\-setup will skip the device\&.
|
|
Packit Service |
87a54e |
.PP
|
|
Packit Service |
8f75d2 |
nm\-cloud\-setup modifies the run time configuration akin to
|
|
Packit Service |
8f75d2 |
\fBnmcli device modify\fR\&. With this approach, the configuration is not persisted and only preserved until the device disconnects\&.
|
|
Packit Service |
8f75d2 |
.SS "/usr/libexec/nm\-cloud\-setup"
|
|
Packit Service |
8f75d2 |
.PP
|
|
Packit Service |
8f75d2 |
The binary
|
|
Packit Service |
8f75d2 |
\fB/usr/libexec/nm\-cloud\-setup\fR
|
|
Packit Service |
8f75d2 |
does most of the work\&. It supports no command line arguments but can be configured via environment variables\&. See
|
|
Packit Service |
8f75d2 |
the section called \(lqENVIRONMENT VARIABLES\(rq
|
|
Packit Service |
8f75d2 |
for the supported environment variables\&.
|
|
Packit Service |
8f75d2 |
.PP
|
|
Packit Service |
8f75d2 |
By default, all cloud providers are disabled unless you opt\-in by enabling one or several providers\&. If cloud providers are enabled, the program tries to fetch the host\*(Aqs configuration from a meta data server of the cloud via HTTP\&. If configuration could be not fetched, no cloud provider are detected and the program quits\&. If host configuration is obtained, the corresponding cloud provider is successfully detected\&. Then the network of the host will be configured\&.
|
|
Packit Service |
8f75d2 |
.PP
|
|
Packit Service |
8f75d2 |
It is intended to re\-run nm\-cloud\-setup every time when the configuration (maybe) changes\&. The tool is idempotent, so it should be OK to also run it more often than necessary\&. You could run
|
|
Packit Service |
8f75d2 |
\fB/usr/libexec/nm\-cloud\-setup\fR
|
|
Packit Service |
8f75d2 |
directly\&. However it may be preferable to restart the nm\-cloud\-setup systemd service instead or use the timer or dispatcher script to run it periodically (see below)\&.
|
|
Packit Service |
8f75d2 |
.SS "nm\-cloud\-setup\&.service systemd unit"
|
|
Packit Service |
8f75d2 |
.PP
|
|
Packit Service |
8f75d2 |
Usually
|
|
Packit Service |
8f75d2 |
\fB/usr/libexec/nm\-cloud\-setup\fR
|
|
Packit Service |
8f75d2 |
is not run directly, but only by
|
|
Packit Service |
87a54e |
\fBsystemctl restart nm\-cloud\-setup\&.service\fR\&. This ensures that the tool only runs once at any time\&. It also allows to integrate with the nm\-cloud\-setup systemd timer, and to enable/disable the service via systemd\&.
|
|
Packit Service |
8f75d2 |
.PP
|
|
Packit Service |
8f75d2 |
As you need to set environment variable to configure nm\-cloud\-setup binary, you can do so via systemd override files\&. Try
|
|
Packit Service |
8f75d2 |
\fBsystemctl edit nm\-cloud\-setup\&.service\fR\&.
|
|
Packit Service |
8f75d2 |
.SS "nm\-cloud\-setup\&.timer systemd timer"
|
|
Packit Service |
8f75d2 |
.PP
|
|
Packit Service |
8f75d2 |
\fB/usr/libexec/nm\-cloud\-setup\fR
|
|
Packit Service |
8f75d2 |
is intended to run whenever an update is necessary\&. For example, during boot when when changing the network configuration of the virtual machine via the cloud provider\&.
|
|
Packit Service |
8f75d2 |
.PP
|
|
Packit Service |
8f75d2 |
One way to do this, is by enabling the nm\-cloud\-setup\&.timer systemd timer with
|
|
Packit Service |
8f75d2 |
\fBsystemctl enable \-\-now nm\-cloud\-setup\&.timer\fR\&.
|
|
Packit Service |
8f75d2 |
.SS "/usr/lib/NetworkManager/dispatcher\&.d/90\-nm\-cloud\-setup\&.sh"
|
|
Packit Service |
8f75d2 |
.PP
|
|
Packit Service |
8f75d2 |
There is also a NetworkManager dispatcher script that will run for example when an interface is activated by NetworkManager\&. Together with the nm\-cloud\-setup\&.timer systemd timer this script is to automatically pick up changes to the network\&.
|
|
Packit Service |
8f75d2 |
.PP
|
|
Packit Service |
8f75d2 |
The dispatcher script will do nothing, unless the systemd service is enabled\&. To use the dispatcher script you should therefor run
|
|
Packit Service |
8f75d2 |
\fBsystemctl enable nm\-cloud\-setup\&.service\fR
|
|
Packit Service |
8f75d2 |
once\&.
|
|
Packit Service |
8f75d2 |
.SH "ENVIRONMENT VARIABLES"
|
|
Packit Service |
8f75d2 |
.PP
|
|
Packit Service |
8f75d2 |
The environment variables are used to configure
|
|
Packit Service |
8f75d2 |
\fB/usr/libexec/nm\-cloud\-setup\fR\&. You may want to configure them in the systemd service with
|
|
Packit Service |
8f75d2 |
\fBsystemctl edit nm\-cloud\-setup\&.service\fR\&.
|
|
Packit Service |
8f75d2 |
.sp
|
|
Packit Service |
8f75d2 |
.RS 4
|
|
Packit Service |
8f75d2 |
.ie n \{\
|
|
Packit Service |
8f75d2 |
\h'-04'\(bu\h'+03'\c
|
|
Packit Service |
8f75d2 |
.\}
|
|
Packit Service |
8f75d2 |
.el \{\
|
|
Packit Service |
8f75d2 |
.sp -1
|
|
Packit Service |
8f75d2 |
.IP \(bu 2.3
|
|
Packit Service |
8f75d2 |
.\}
|
|
Packit Service |
87a54e |
NM_CLOUD_SETUP_LOG: control the logging verbosity\&. Set it to one of
|
|
Packit Service |
8f75d2 |
TRACE,
|
|
Packit Service |
8f75d2 |
DEBUG,
|
|
Packit Service |
8f75d2 |
INFO,
|
|
Packit Service |
8f75d2 |
WARN,
|
|
Packit Service |
8f75d2 |
ERR
|
|
Packit Service |
8f75d2 |
or
|
|
Packit Service |
8f75d2 |
OFF\&. The program will print message on stdout and the default level is
|
|
Packit Service |
8f75d2 |
WARN\&.
|
|
Packit Service |
8f75d2 |
.RE
|
|
Packit Service |
8f75d2 |
.sp
|
|
Packit Service |
8f75d2 |
.RS 4
|
|
Packit Service |
8f75d2 |
.ie n \{\
|
|
Packit Service |
8f75d2 |
\h'-04'\(bu\h'+03'\c
|
|
Packit Service |
8f75d2 |
.\}
|
|
Packit Service |
8f75d2 |
.el \{\
|
|
Packit Service |
8f75d2 |
.sp -1
|
|
Packit Service |
8f75d2 |
.IP \(bu 2.3
|
|
Packit Service |
8f75d2 |
.\}
|
|
Packit Service |
8f75d2 |
NM_CLOUD_SETUP_AZURE: boolean, whether Microsoft Azure support is enabled\&. Defaults to
|
|
Packit Service |
8f75d2 |
no\&.
|
|
Packit Service |
8f75d2 |
.RE
|
|
Packit Service |
8f75d2 |
.sp
|
|
Packit Service |
8f75d2 |
.RS 4
|
|
Packit Service |
8f75d2 |
.ie n \{\
|
|
Packit Service |
8f75d2 |
\h'-04'\(bu\h'+03'\c
|
|
Packit Service |
8f75d2 |
.\}
|
|
Packit Service |
8f75d2 |
.el \{\
|
|
Packit Service |
8f75d2 |
.sp -1
|
|
Packit Service |
8f75d2 |
.IP \(bu 2.3
|
|
Packit Service |
8f75d2 |
.\}
|
|
Packit Service |
8f75d2 |
NM_CLOUD_SETUP_EC2: boolean, whether Amazon EC2 (AWS) support is enabled\&. Defaults to
|
|
Packit Service |
8f75d2 |
no\&.
|
|
Packit Service |
8f75d2 |
.RE
|
|
Packit Service |
8f75d2 |
.sp
|
|
Packit Service |
8f75d2 |
.RS 4
|
|
Packit Service |
8f75d2 |
.ie n \{\
|
|
Packit Service |
8f75d2 |
\h'-04'\(bu\h'+03'\c
|
|
Packit Service |
8f75d2 |
.\}
|
|
Packit Service |
8f75d2 |
.el \{\
|
|
Packit Service |
8f75d2 |
.sp -1
|
|
Packit Service |
8f75d2 |
.IP \(bu 2.3
|
|
Packit Service |
8f75d2 |
.\}
|
|
Packit Service |
8f75d2 |
NM_CLOUD_SETUP_GCP: boolean, whether Google GCP support is enabled\&. Defaults to
|
|
Packit Service |
8f75d2 |
no\&.
|
|
Packit Service |
8f75d2 |
.RE
|
|
Packit Service |
8f75d2 |
.SH "SUPPORTED CLOUD PROVIDERS"
|
|
Packit Service |
8f75d2 |
.SS "Amazon EC2 (AWS)"
|
|
Packit Service |
8f75d2 |
.PP
|
|
Packit Service |
87a54e |
For AWS, the tools tries to fetch configuration from
|
|
Packit Service |
8f75d2 |
http://169\&.254\&.169\&.254/\&. Currently, it only configures IPv4 and does nothing about IPv6\&. It will do the following\&.
|
|
Packit Service |
8f75d2 |
.sp
|
|
Packit Service |
8f75d2 |
.RS 4
|
|
Packit Service |
8f75d2 |
.ie n \{\
|
|
Packit Service |
8f75d2 |
\h'-04'\(bu\h'+03'\c
|
|
Packit Service |
8f75d2 |
.\}
|
|
Packit Service |
8f75d2 |
.el \{\
|
|
Packit Service |
8f75d2 |
.sp -1
|
|
Packit Service |
8f75d2 |
.IP \(bu 2.3
|
|
Packit Service |
8f75d2 |
.\}
|
|
Packit Service |
8f75d2 |
First fetch
|
|
Packit Service |
8f75d2 |
http://169\&.254\&.169\&.254/latest/meta\-data/
|
|
Packit Service |
8f75d2 |
to determine whether the expected API is present\&. This determines whether EC2 environment is detected and whether to proceed to configure the host using EC2 meta data\&.
|
|
Packit Service |
8f75d2 |
.RE
|
|
Packit Service |
8f75d2 |
.sp
|
|
Packit Service |
8f75d2 |
.RS 4
|
|
Packit Service |
8f75d2 |
.ie n \{\
|
|
Packit Service |
8f75d2 |
\h'-04'\(bu\h'+03'\c
|
|
Packit Service |
8f75d2 |
.\}
|
|
Packit Service |
8f75d2 |
.el \{\
|
|
Packit Service |
8f75d2 |
.sp -1
|
|
Packit Service |
8f75d2 |
.IP \(bu 2.3
|
|
Packit Service |
8f75d2 |
.\}
|
|
Packit Service |
8f75d2 |
Fetch
|
|
Packit Service |
8f75d2 |
http://169\&.254\&.169\&.254/2018\-09\-24/meta\-data/network/interfaces/macs/
|
|
Packit Service |
8f75d2 |
to get the list of available interface\&. Interfaces are identified by their MAC address\&.
|
|
Packit Service |
8f75d2 |
.RE
|
|
Packit Service |
8f75d2 |
.sp
|
|
Packit Service |
8f75d2 |
.RS 4
|
|
Packit Service |
8f75d2 |
.ie n \{\
|
|
Packit Service |
8f75d2 |
\h'-04'\(bu\h'+03'\c
|
|
Packit Service |
8f75d2 |
.\}
|
|
Packit Service |
8f75d2 |
.el \{\
|
|
Packit Service |
8f75d2 |
.sp -1
|
|
Packit Service |
8f75d2 |
.IP \(bu 2.3
|
|
Packit Service |
8f75d2 |
.\}
|
|
Packit Service |
8f75d2 |
Then for each interface fetch
|
|
Packit Service |
8f75d2 |
http://169\&.254\&.169\&.254/2018\-09\-24/meta\-data/network/interfaces/macs/$MAC/subnet\-ipv4\-cidr\-block
|
|
Packit Service |
8f75d2 |
and
|
|
Packit Service |
8f75d2 |
http://169\&.254\&.169\&.254/2018\-09\-24/meta\-data/network/interfaces/macs/$MAC/local\-ipv4s\&. Thereby we get a list of local IPv4 addresses and one CIDR subnet block\&.
|
|
Packit Service |
8f75d2 |
.RE
|
|
Packit Service |
8f75d2 |
.sp
|
|
Packit Service |
8f75d2 |
.RS 4
|
|
Packit Service |
8f75d2 |
.ie n \{\
|
|
Packit Service |
8f75d2 |
\h'-04'\(bu\h'+03'\c
|
|
Packit Service |
8f75d2 |
.\}
|
|
Packit Service |
8f75d2 |
.el \{\
|
|
Packit Service |
8f75d2 |
.sp -1
|
|
Packit Service |
8f75d2 |
.IP \(bu 2.3
|
|
Packit Service |
8f75d2 |
.\}
|
|
Packit Service |
8f75d2 |
Then nm\-cloud\-setup iterates over all interfaces for which it could fetch IP configuration\&. If no ethernet device for the respective MAC address is found, it is skipped\&. Also, if the device is currently not activated in NetworkManager or if the currently activated profile has a user\-data
|
|
Packit Service |
8f75d2 |
org\&.freedesktop\&.nm\-cloud\-setup\&.skip=yes, it is skipped\&.
|
|
Packit Service |
8f75d2 |
.sp
|
|
Packit Service |
8f75d2 |
Then, the tool will change the runtime configuration of the device\&.
|
|
Packit Service |
8f75d2 |
.sp
|
|
Packit Service |
8f75d2 |
.RS 4
|
|
Packit Service |
8f75d2 |
.ie n \{\
|
|
Packit Service |
8f75d2 |
\h'-04'\(bu\h'+03'\c
|
|
Packit Service |
8f75d2 |
.\}
|
|
Packit Service |
8f75d2 |
.el \{\
|
|
Packit Service |
8f75d2 |
.sp -1
|
|
Packit Service |
8f75d2 |
.IP \(bu 2.3
|
|
Packit Service |
8f75d2 |
.\}
|
|
Packit Service |
8f75d2 |
Add static IPv4 addresses for all the configured addresses from
|
|
Packit Service |
8f75d2 |
local\-ipv4s
|
|
Packit Service |
8f75d2 |
with prefix length according to
|
|
Packit Service |
8f75d2 |
subnet\-ipv4\-cidr\-block\&. For example, we might have here 2 IP addresses like
|
|
Packit Service |
8f75d2 |
"172\&.16\&.5\&.3/24,172\&.16\&.5\&.4/24"\&.
|
|
Packit Service |
8f75d2 |
.RE
|
|
Packit Service |
8f75d2 |
.sp
|
|
Packit Service |
8f75d2 |
.RS 4
|
|
Packit Service |
8f75d2 |
.ie n \{\
|
|
Packit Service |
8f75d2 |
\h'-04'\(bu\h'+03'\c
|
|
Packit Service |
8f75d2 |
.\}
|
|
Packit Service |
8f75d2 |
.el \{\
|
|
Packit Service |
8f75d2 |
.sp -1
|
|
Packit Service |
8f75d2 |
.IP \(bu 2.3
|
|
Packit Service |
8f75d2 |
.\}
|
|
Packit Service |
8f75d2 |
Choose a route table 30400 + the index of the interface and add a default route
|
|
Packit Service |
8f75d2 |
0\&.0\&.0\&.0/0\&. The gateway is the first IP address in the CIDR subnet block\&. For example, we might get a route
|
|
Packit Service |
8f75d2 |
"0\&.0\&.0\&.0/0 172\&.16\&.5\&.1 10 table=30401"\&.
|
|
Packit Service |
8f75d2 |
.RE
|
|
Packit Service |
8f75d2 |
.sp
|
|
Packit Service |
8f75d2 |
.RS 4
|
|
Packit Service |
8f75d2 |
.ie n \{\
|
|
Packit Service |
8f75d2 |
\h'-04'\(bu\h'+03'\c
|
|
Packit Service |
8f75d2 |
.\}
|
|
Packit Service |
8f75d2 |
.el \{\
|
|
Packit Service |
8f75d2 |
.sp -1
|
|
Packit Service |
8f75d2 |
.IP \(bu 2.3
|
|
Packit Service |
8f75d2 |
.\}
|
|
Packit Service |
8f75d2 |
Finally, add a policy routing rule for each address\&. For example
|
|
Packit Service |
8f75d2 |
"priority 30401 from 172\&.16\&.5\&.3/32 table 30401, priority 30401 from 172\&.16\&.5\&.4/32 table 30401"\&.
|
|
Packit Service |
8f75d2 |
.RE
|
|
Packit Service |
8f75d2 |
.sp
|
|
Packit Service |
8f75d2 |
With above example, this roughly corresponds for interface
|
|
Packit Service |
8f75d2 |
eth0
|
|
Packit Service |
8f75d2 |
to
|
|
Packit Service |
87a54e |
\fBnmcli device modify "eth0" ipv4\&.addresses "172\&.16\&.5\&.3/24,172\&.16\&.5\&.4/24" ipv4\&.routes "0\&.0\&.0\&.0/0 172\&.16\&.5\&.1 10 table=30401" ipv4\&.routing\-rules "priority 30401 from 172\&.16\&.5\&.3/32 table 30401, priority 30401 from 172\&.16\&.5\&.4/32 table 30401"\fR\&. Note that this replaces the previous addresses, routes and rules with the new information\&. But also note that this only changes the run time configuration of the device\&. The connection profile on disk is not affected\&.
|
|
Packit Service |
8f75d2 |
.RE
|
|
Packit Service |
8f75d2 |
.SS "Google Cloud Platform (GCP)"
|
|
Packit Service |
8f75d2 |
.PP
|
|
Packit Service |
87a54e |
For GCP, the meta data is fetched from URIs starting with
|
|
Packit Service |
87a54e |
http://metadata\&.google\&.internal/computeMetadata/v1/
|
|
Packit Service |
87a54e |
with a HTTP header
|
|
Packit Service |
87a54e |
"Metadata\-Flavor: Google"\&. Currently, the tool only configures IPv4 and does nothing about IPv6\&. It will do the following\&.
|
|
Packit Service |
87a54e |
.sp
|
|
Packit Service |
87a54e |
.RS 4
|
|
Packit Service |
87a54e |
.ie n \{\
|
|
Packit Service |
87a54e |
\h'-04'\(bu\h'+03'\c
|
|
Packit Service |
87a54e |
.\}
|
|
Packit Service |
87a54e |
.el \{\
|
|
Packit Service |
87a54e |
.sp -1
|
|
Packit Service |
87a54e |
.IP \(bu 2.3
|
|
Packit Service |
87a54e |
.\}
|
|
Packit Service |
87a54e |
First fetch
|
|
Packit Service |
87a54e |
http://metadata\&.google\&.internal/computeMetadata/v1/instance/id
|
|
Packit Service |
87a54e |
to detect whether the tool runs on Google Cloud Platform\&. Only if the platform is detected, it will continue fetching the configuration\&.
|
|
Packit Service |
87a54e |
.RE
|
|
Packit Service |
87a54e |
.sp
|
|
Packit Service |
87a54e |
.RS 4
|
|
Packit Service |
87a54e |
.ie n \{\
|
|
Packit Service |
87a54e |
\h'-04'\(bu\h'+03'\c
|
|
Packit Service |
87a54e |
.\}
|
|
Packit Service |
87a54e |
.el \{\
|
|
Packit Service |
87a54e |
.sp -1
|
|
Packit Service |
87a54e |
.IP \(bu 2.3
|
|
Packit Service |
87a54e |
.\}
|
|
Packit Service |
87a54e |
Fetch
|
|
Packit Service |
87a54e |
http://metadata\&.google\&.internal/computeMetadata/v1/instance/network\-interfaces/
|
|
Packit Service |
87a54e |
to get the list of available interface indexes\&. These indexes can be used for further lookups\&.
|
|
Packit Service |
87a54e |
.RE
|
|
Packit Service |
87a54e |
.sp
|
|
Packit Service |
87a54e |
.RS 4
|
|
Packit Service |
87a54e |
.ie n \{\
|
|
Packit Service |
87a54e |
\h'-04'\(bu\h'+03'\c
|
|
Packit Service |
87a54e |
.\}
|
|
Packit Service |
87a54e |
.el \{\
|
|
Packit Service |
87a54e |
.sp -1
|
|
Packit Service |
87a54e |
.IP \(bu 2.3
|
|
Packit Service |
87a54e |
.\}
|
|
Packit Service |
87a54e |
Then, for each interface fetch
|
|
Packit Service |
87a54e |
http://metadata\&.google\&.internal/computeMetadata/v1/instance/network\-interfaces/$IFACE_INDEX/mac
|
|
Packit Service |
87a54e |
to get the corresponding MAC address of the found interfaces\&. The MAC address is used to identify the device later on\&.
|
|
Packit Service |
87a54e |
.RE
|
|
Packit Service |
87a54e |
.sp
|
|
Packit Service |
87a54e |
.RS 4
|
|
Packit Service |
87a54e |
.ie n \{\
|
|
Packit Service |
87a54e |
\h'-04'\(bu\h'+03'\c
|
|
Packit Service |
87a54e |
.\}
|
|
Packit Service |
87a54e |
.el \{\
|
|
Packit Service |
87a54e |
.sp -1
|
|
Packit Service |
87a54e |
.IP \(bu 2.3
|
|
Packit Service |
87a54e |
.\}
|
|
Packit Service |
87a54e |
Then, for each interface with a MAC address fetch
|
|
Packit Service |
87a54e |
http://metadata\&.google\&.internal/computeMetadata/v1/instance/network\-interfaces/$IFACE_INDEX/forwarded\-ips/
|
|
Packit Service |
87a54e |
and then all the found IP addresses at
|
|
Packit Service |
87a54e |
http://metadata\&.google\&.internal/computeMetadata/v1/instance/network\-interfaces/$IFACE_INDEX/forwarded\-ips/$FIPS_INDEX\&.
|
|
Packit Service |
87a54e |
.RE
|
|
Packit Service |
87a54e |
.sp
|
|
Packit Service |
87a54e |
.RS 4
|
|
Packit Service |
87a54e |
.ie n \{\
|
|
Packit Service |
87a54e |
\h'-04'\(bu\h'+03'\c
|
|
Packit Service |
87a54e |
.\}
|
|
Packit Service |
87a54e |
.el \{\
|
|
Packit Service |
87a54e |
.sp -1
|
|
Packit Service |
87a54e |
.IP \(bu 2.3
|
|
Packit Service |
87a54e |
.\}
|
|
Packit Service |
87a54e |
At this point, we have a list of all interfaces (by MAC address) and their configured IPv4 addresses\&.
|
|
Packit Service |
87a54e |
.sp
|
|
Packit Service |
87a54e |
For each device, we lookup the currently applied connection in NetworkManager\&. That implies, that the device is currently activated in NetworkManager\&. If no such device was in NetworkManager, or if the profile has user\-data
|
|
Packit Service |
87a54e |
org\&.freedesktop\&.nm\-cloud\-setup\&.skip=yes, we skip the device\&. Now for each found IP address we add a static route "$FIPS_ADDR/32 0\&.0\&.0\&.0 100 type=local" and reapply the change\&.
|
|
Packit Service |
87a54e |
.sp
|
|
Packit Service |
87a54e |
The effect is not unlike calling
|
|
Packit Service |
87a54e |
\fBnmcli device modify "$DEVICE" ipv4\&.routes "$FIPS_ADDR/32 0\&.0\&.0\&.0 100 type=local [,\&.\&.\&.]"\fR
|
|
Packit Service |
87a54e |
for all relevant devices and all found addresses\&.
|
|
Packit Service |
87a54e |
.RE
|
|
Packit Service |
8f75d2 |
.SS "Microsoft Azure"
|
|
Packit Service |
8f75d2 |
.PP
|
|
Packit Service |
87a54e |
For Azure, the meta data is fetched from URIs starting with
|
|
Packit Service |
87a54e |
http://169\&.254\&.169\&.254/metadata/instance
|
|
Packit Service |
87a54e |
with a URL parameter
|
|
Packit Service |
87a54e |
"?format=text&api\-version=2017\-04\-02"
|
|
Packit Service |
87a54e |
and a HTTP header
|
|
Packit Service |
87a54e |
"Metadata:true"\&. Currently, the tool only configures IPv4 and does nothing about IPv6\&. It will do the following\&.
|
|
Packit Service |
87a54e |
.sp
|
|
Packit Service |
87a54e |
.RS 4
|
|
Packit Service |
87a54e |
.ie n \{\
|
|
Packit Service |
87a54e |
\h'-04'\(bu\h'+03'\c
|
|
Packit Service |
87a54e |
.\}
|
|
Packit Service |
87a54e |
.el \{\
|
|
Packit Service |
87a54e |
.sp -1
|
|
Packit Service |
87a54e |
.IP \(bu 2.3
|
|
Packit Service |
87a54e |
.\}
|
|
Packit Service |
87a54e |
First fetch
|
|
Packit Service |
87a54e |
http://169\&.254\&.169\&.254/metadata/instance?format=text&api\-version=2017\-04\-02
|
|
Packit Service |
87a54e |
to detect whether the tool runs on Azure Cloud\&. Only if the platform is detected, it will continue fetching the configuration\&.
|
|
Packit Service |
87a54e |
.RE
|
|
Packit Service |
87a54e |
.sp
|
|
Packit Service |
87a54e |
.RS 4
|
|
Packit Service |
87a54e |
.ie n \{\
|
|
Packit Service |
87a54e |
\h'-04'\(bu\h'+03'\c
|
|
Packit Service |
87a54e |
.\}
|
|
Packit Service |
87a54e |
.el \{\
|
|
Packit Service |
87a54e |
.sp -1
|
|
Packit Service |
87a54e |
.IP \(bu 2.3
|
|
Packit Service |
87a54e |
.\}
|
|
Packit Service |
87a54e |
Fetch
|
|
Packit Service |
87a54e |
http://169\&.254\&.169\&.254/metadata/instance/network/interface/?format=text&api\-version=2017\-04\-02
|
|
Packit Service |
87a54e |
to get the list of available interface indexes\&. These indexes can be used for further lookups\&.
|
|
Packit Service |
87a54e |
.RE
|
|
Packit Service |
87a54e |
.sp
|
|
Packit Service |
87a54e |
.RS 4
|
|
Packit Service |
87a54e |
.ie n \{\
|
|
Packit Service |
87a54e |
\h'-04'\(bu\h'+03'\c
|
|
Packit Service |
87a54e |
.\}
|
|
Packit Service |
87a54e |
.el \{\
|
|
Packit Service |
87a54e |
.sp -1
|
|
Packit Service |
87a54e |
.IP \(bu 2.3
|
|
Packit Service |
87a54e |
.\}
|
|
Packit Service |
87a54e |
Then, for each interface fetch
|
|
Packit Service |
87a54e |
http://169\&.254\&.169\&.254/metadata/instance/network/interface/$IFACE_INDEX/macAddress?format=text&api\-version=2017\-04\-02
|
|
Packit Service |
87a54e |
to get the corresponding MAC address of the found interfaces\&. The MAC address is used to identify the device later on\&.
|
|
Packit Service |
87a54e |
.RE
|
|
Packit Service |
87a54e |
.sp
|
|
Packit Service |
87a54e |
.RS 4
|
|
Packit Service |
87a54e |
.ie n \{\
|
|
Packit Service |
87a54e |
\h'-04'\(bu\h'+03'\c
|
|
Packit Service |
87a54e |
.\}
|
|
Packit Service |
87a54e |
.el \{\
|
|
Packit Service |
87a54e |
.sp -1
|
|
Packit Service |
87a54e |
.IP \(bu 2.3
|
|
Packit Service |
87a54e |
.\}
|
|
Packit Service |
87a54e |
Then, for each interface with a MAC address fetch
|
|
Packit Service |
87a54e |
http://169\&.254\&.169\&.254/metadata/instance/network/interface/$IFACE_INDEX/ipv4/ipAddress/?format=text&api\-version=2017\-04\-02
|
|
Packit Service |
87a54e |
to get the list of (indexes of) IP addresses on that interface\&.
|
|
Packit Service |
87a54e |
.RE
|
|
Packit Service |
87a54e |
.sp
|
|
Packit Service |
87a54e |
.RS 4
|
|
Packit Service |
87a54e |
.ie n \{\
|
|
Packit Service |
87a54e |
\h'-04'\(bu\h'+03'\c
|
|
Packit Service |
87a54e |
.\}
|
|
Packit Service |
87a54e |
.el \{\
|
|
Packit Service |
87a54e |
.sp -1
|
|
Packit Service |
87a54e |
.IP \(bu 2.3
|
|
Packit Service |
87a54e |
.\}
|
|
Packit Service |
87a54e |
Then, for each IP address index fetch the address at
|
|
Packit Service |
87a54e |
http://169\&.254\&.169\&.254/metadata/instance/network/interface/$IFACE_INDEX/ipv4/ipAddress/$ADDR_INDEX/privateIpAddress?format=text&api\-version=2017\-04\-02\&. Also fetch the size of the subnet (the netmask) for the interface from
|
|
Packit Service |
87a54e |
http://169\&.254\&.169\&.254/metadata/instance/network/interface/$IFACE_INDEX/ipv4/subnet/0/prefix/?format=text&api\-version=2017\-04\-02\&.
|
|
Packit Service |
87a54e |
.RE
|
|
Packit Service |
87a54e |
.sp
|
|
Packit Service |
87a54e |
.RS 4
|
|
Packit Service |
87a54e |
.ie n \{\
|
|
Packit Service |
87a54e |
\h'-04'\(bu\h'+03'\c
|
|
Packit Service |
87a54e |
.\}
|
|
Packit Service |
87a54e |
.el \{\
|
|
Packit Service |
87a54e |
.sp -1
|
|
Packit Service |
87a54e |
.IP \(bu 2.3
|
|
Packit Service |
87a54e |
.\}
|
|
Packit Service |
87a54e |
At this point, we have a list of all interfaces (by MAC address) and their configured IPv4 addresses\&.
|
|
Packit Service |
87a54e |
.sp
|
|
Packit Service |
87a54e |
For each device, we lookup the currently applied connection in NetworkManager\&. That implies, that the device is currently activated in NetworkManager\&. If no such device was in NetworkManager, or if the profile has user\-data
|
|
Packit Service |
87a54e |
org\&.freedesktop\&.nm\-cloud\-setup\&.skip=yes, we skip the device\&. Now for each found IP address we add a static address "$ADDR/$SUBNET_PREFIX"\&. Also we configure policy routing by adding a static route "$ADDR/$SUBNET_PREFIX $GATEWAY 10, table=$TABLE" where $GATEWAY is the first IP address in the subnet and table is 30400 plus the interface index\&. Also we add a policy routing rule "priority $TABLE from $ADDR/32 table $TABLE"\&.
|
|
Packit Service |
87a54e |
.sp
|
|
Packit Service |
87a54e |
The effect is not unlike calling
|
|
Packit Service |
87a54e |
\fBnmcli device modify "$DEVICE" ipv4\&.addresses "$ADDR/$SUBNET [,\&.\&.\&.]" ipv4\&.routes "$ADDR/32 $GATEWAY 10 table=$TABLE" ipv4\&.routing\-rules "priority $TABLE from $ADDR/32 table $TABLE"\fR
|
|
Packit Service |
87a54e |
for all relevant devices and all found addresses\&.
|
|
Packit Service |
87a54e |
.RE
|
|
Packit Service |
8f75d2 |
.SH "SEE ALSO"
|
|
Packit Service |
8f75d2 |
.PP
|
|
Packit Service |
8f75d2 |
\fBNetworkManager\fR(8)
|
|
Packit Service |
8f75d2 |
\fBnmcli\fR(1)
|