Use nmcli instead of legacy network scripts (openshift-metal3#1631)

YanhuiMa · Feb 22, 2024 · 5f47779 · 5f47779
1 parent c05a3c8
commit 5f47779
Show file tree

Hide file tree

Showing 3 changed files with 102 additions and 47 deletions.
diff --git a/01_install_requirements.sh b/01_install_requirements.sh
@@ -42,7 +42,6 @@ sudo dnf -y upgrade --nobest
 # Install additional repos as needed for each OS version
 # shellcheck disable=SC1091
 source /etc/os-release
-export DISTRO="${ID}${VERSION_ID%.*}"
 
 # NOTE(elfosardo): Hacks required for legacy and missing things due to bump in
 #metal3-dev-env commit hash.

diff --git a/02_configure_host.sh b/02_configure_host.sh
@@ -189,83 +189,125 @@ fi
 
 # shellcheck disable=SC1091
 source /etc/os-release
-export DISTRO="${ID}${VERSION_ID%.*}"
-
-case $DISTRO in
-  "centos8"|"rhel8"|"almalinux8"|"rocky8")
-    NMC="NM_CONTROLLED=no\n"
-    NET_SERVICE="network"
-    ;;
-"centos9"|"rhel9")
-    NMC=""
-    NET_SERVICE="NetworkManager"
-    ;;
-  *)
-    echo "Operating System not supported"
-    exit 1
-esac
 
 if [ "$MANAGE_PRO_BRIDGE" == "y" ]; then
     # Adding an IP address in the libvirt definition for this network results in
     # dnsmasq being run, we don't want that as we have our own dnsmasq, so set
     # the IP address here
-    if [ ! -e /etc/sysconfig/network-scripts/ifcfg-${PROVISIONING_NETWORK_NAME} ]; then
-        if [[ "$(ipversion $PROVISIONING_HOST_IP)" == "6" ]]; then
-            echo -e "DEVICE=${PROVISIONING_NETWORK_NAME}\nTYPE=Bridge\nONBOOT=yes\n${NMC}IPV6_AUTOCONF=no\nIPV6INIT=yes\nIPV6ADDR=${PROVISIONING_HOST_IP}/64${ZONE}" | sudo dd of=/etc/sysconfig/network-scripts/ifcfg-${PROVISIONING_NETWORK_NAME}
+    if [ ! -e /etc/NetworkManager/system-connections/${PROVISIONING_NETWORK_NAME}.nmconnection ]; then
+        if [ "$(ipversion $PROVISIONING_HOST_IP)" == "6" ]; then
+            sudo tee -a /etc/NetworkManager/system-connections/${PROVISIONING_NETWORK_NAME}.nmconnection <<EOF
+[connection]
+id=${PROVISIONING_NETWORK_NAME}
+type=bridge
+interface-name=${PROVISIONING_NETWORK_NAME}
+[bridge]
+stp=false
+[ipv4]
+method=disabled
+[ipv6]
+addr-gen-mode=eui64
+address1=${PROVISIONING_HOST_IP}/64
+method=manual
+EOF
         else
-            echo -e "DEVICE=${PROVISIONING_NETWORK_NAME}\nTYPE=Bridge\nONBOOT=yes\n${NMC}BOOTPROTO=static\nIPADDR=$PROVISIONING_HOST_IP\nNETMASK=$PROVISIONING_NETMASK${ZONE}" | sudo dd of=/etc/sysconfig/network-scripts/ifcfg-${PROVISIONING_NETWORK_NAME}
+            sudo tee -a /etc/NetworkManager/system-connections/${PROVISIONING_NETWORK_NAME}.nmconnection <<EOF
+[connection]
+id=${PROVISIONING_NETWORK_NAME}
+type=bridge
+interface-name=${PROVISIONING_NETWORK_NAME}
+[bridge]
+stp=false
+[ipv4]
+address1=${PROVISIONING_HOST_IP}/$PROVISIONING_NETMASK
+method=manual
+[ipv6]
+addr-gen-mode=eui64
+method=disabled
+EOF
         fi
+        sudo chmod 600 /etc/NetworkManager/system-connections/${PROVISIONING_NETWORK_NAME}.nmconnection
+        sudo nmcli con load /etc/NetworkManager/system-connections/${PROVISIONING_NETWORK_NAME}.nmconnection
     fi
-    sudo ifdown ${PROVISIONING_NETWORK_NAME} || true
-    sudo ifup ${PROVISIONING_NETWORK_NAME}
+    sudo nmcli con up ${PROVISIONING_NETWORK_NAME}
 
     # Need to pass the provision interface for bare metal
     if [ "$PRO_IF" ]; then
-        echo -e "DEVICE=$PRO_IF\nTYPE=Ethernet\nONBOOT=yes\n${NMC}BRIDGE=${PROVISIONING_NETWORK_NAME}" | sudo dd of=/etc/sysconfig/network-scripts/ifcfg-$PRO_IF
-        sudo ifdown $PRO_IF || true
-        sudo ifup $PRO_IF
-        # Need to ifup the provisioning bridge again because ifdown $PRO_IF
-        # will bring down the bridge as well.
-        sudo ifup ${PROVISIONING_NETWORK_NAME}
+        sudo tee -a /etc/NetworkManager/system-connections/${PRO_IF}.nmconnection <<EOF
+[connection]
+id=${PRO_IF}
+type=ethernet
+interface-name=${PRO_IF}
+master=${PROVISIONING_NETWORK_NAME}
+slave-type=bridge
+EOF
+        sudo chmod 600 /etc/NetworkManager/system-connections/${PRO_IF}.nmconnection
+        sudo nmcli con load /etc/NetworkManager/system-connections/${PRO_IF}.nmconnection
+        sudo nmcli con up ${PRO_IF}
     fi
 fi
 
 if [ "$MANAGE_INT_BRIDGE" == "y" ]; then
     # Create the baremetal bridge
-    if [ ! -e /etc/sysconfig/network-scripts/ifcfg-${BAREMETAL_NETWORK_NAME} ] ; then
-        echo -e "DEVICE=${BAREMETAL_NETWORK_NAME}\nTYPE=Bridge\nONBOOT=yes\n${NMC}${ZONE}" | sudo dd of=/etc/sysconfig/network-scripts/ifcfg-${BAREMETAL_NETWORK_NAME}
-    fi
-    sudo ifdown ${BAREMETAL_NETWORK_NAME} || true
-    sudo ifup ${BAREMETAL_NETWORK_NAME}
+    sudo tee /etc/NetworkManager/system-connections/${BAREMETAL_NETWORK_NAME}.nmconnection <<EOF
+[connection]
+id=${BAREMETAL_NETWORK_NAME}
+type=bridge
+interface-name=${BAREMETAL_NETWORK_NAME}
+autoconnect=true
+[bridge]
+stp=false
+[ipv6]
+addr-gen-mode=stable-privacy
+method=ignore
+EOF
+    sudo chmod 600 /etc/NetworkManager/system-connections/${BAREMETAL_NETWORK_NAME}.nmconnection
+    sudo nmcli con load /etc/NetworkManager/system-connections/${BAREMETAL_NETWORK_NAME}.nmconnection
+    sudo nmcli con up ${BAREMETAL_NETWORK_NAME}
+fi
 
     # Add the internal interface to it if requests, this may also be the interface providing
     # external access so we need to make sure we maintain dhcp config if its available
     if [ "$INT_IF" ]; then
-        echo -e "DEVICE=$INT_IF\nTYPE=Ethernet\nONBOOT=yes\n${NMC}BRIDGE=${BAREMETAL_NETWORK_NAME}" | sudo dd of=/etc/sysconfig/network-scripts/ifcfg-$INT_IF
+        sudo tee /etc/NetworkManager/system-connections/${INT_IF}.nmconnection <<EOF
+[connection]
+id=${INT_IF}
+type=ethernet
+interface-name=${INT_IF}
+master=${BAREMETAL_NETWORK_NAME}
+slave-type=bridge
+EOF
+        sudo chmod 600 /etc/NetworkManager/system-connections/${INT_IF}.nmconnection
+        sudo nmcli con load /etc/NetworkManager/system-connections/${INT_IF}.nmconnection
+
         if [[ -n "${EXTERNAL_SUBNET_V6}" ]]; then
-            grep -q BOOTPROTO /etc/sysconfig/network-scripts/ifcfg-${BAREMETAL_NETWORK_NAME} || (echo -e "BOOTPROTO=none\nIPV6INIT=yes\nIPV6_AUTOCONF=yes\nDHCPV6C=yes\nDHCPV6C_OPTIONS='-D LL'\n" | sudo tee -a /etc/sysconfig/network-scripts/ifcfg-${BAREMETAL_NETWORK_NAME})
+            sudo nmcli con mod ${BAREMETAL_NETWORK_NAME} ipv6.addr-gen-mode eui64
+            sudo nmcli con mod ${BAREMETAL_NETWORK_NAME} ipv6.method ignore
         else
-          if sudo nmap --script broadcast-dhcp-discover -e $INT_IF | grep "IP Offered" ; then
-              grep -q BOOTPROTO /etc/sysconfig/network-scripts/ifcfg-${BAREMETAL_NETWORK_NAME} || (echo -e "\nBOOTPROTO=dhcp\n" | sudo tee -a /etc/sysconfig/network-scripts/ifcfg-${BAREMETAL_NETWORK_NAME})
-          fi
+            if sudo nmap --script broadcast-dhcp-discover -e $INT_IF | grep "IP Offered" ; then
+                if [ "$(ipversion $PROVISIONING_HOST_IP)" == "6" ]; then
+                    sudo nmcli con mod ${BAREMETAL_NETWORK_NAME} ipv6.method auto
+                else
+                    sudo nmcli con mod ${BAREMETAL_NETWORK_NAME} ipv4.method auto
+            fi
       fi
-      sudo systemctl restart $NET_SERVICE
+      sudo nmcli con up ${INT_IF}
     fi
 fi
 
-# If there were modifications to the /etc/sysconfig/network-scripts/ifcfg-*
+# If there were modifications to the network configuration
 # files, it is required to enable the network service
 if [ "$MANAGE_INT_BRIDGE" == "y" ] || [ "$MANAGE_PRO_BRIDGE" == "y" ]; then
-  sudo systemctl enable $NET_SERVICE
+  sudo systemctl enable NetworkManager
 fi
 
 # restart the libvirt network so it applies an ip to the bridge
 if [ "$MANAGE_BR_BRIDGE" == "y" ] ; then
     sudo virsh net-destroy ${BAREMETAL_NETWORK_NAME}
-    sudo ifdown ${BAREMETAL_NETWORK_NAME} || true
+    sudo nmcli con del ${BAREMETAL_NETWORK_NAME}
     sudo virsh net-start ${BAREMETAL_NETWORK_NAME}
     if [ "$INT_IF" ]; then #Need to bring UP the NIC after destroying the libvirt network
-        sudo ifup $INT_IF
+        sudo nmcli con up ${INT_IF}
     fi
 fi
 

diff --git a/host_cleanup.sh b/host_cleanup.sh
@@ -41,25 +41,39 @@ else
   sudo systemctl restart NetworkManager
 fi
 
+# handle upgrade from legacy network scripts
+if [ -e /etc/sysconfig/network-scripts/ifcfg-${PROVISIONING_NETWORK_NAME} ]; then
+    sudo rm -f /etc/sysconfig/network-scripts/ifcfg-${PROVISIONING_NETWORK_NAME}
+fi
+if [ -e /etc/sysconfig/network-scripts/ifcfg-${BAREMETAL_NETWORK_NAME} ]; then
+    sudo rm -f /etc/sysconfig/network-scripts/ifcfg-${BAREMETAL_NETWORK_NAME}
+fi
+if [ -e /etc/sysconfig/network-scripts/ifcfg-${PRO_IF} ]; then
+    sudo rm -f /etc/sysconfig/network-scripts/ifcfg-${PRO_IF}
+fi
+if [ -e /etc/sysconfig/network-scripts/ifcfg-${INT_IF} ]; then
+    sudo rm -f /etc/sysconfig/network-scripts/ifcfg-${INT_IF}
+fi
+
 # There was a bug in this file, it may need to be recreated.
 # delete the interface as it can cause issues when not rebooting
 if [ "$MANAGE_PRO_BRIDGE" == "y" ]; then
-    sudo ifdown ${PROVISIONING_NETWORK_NAME} || true
+    sudo nmcli con del ${PROVISIONING_NETWORK_NAME} || true
     sudo ip link delete ${PROVISIONING_NETWORK_NAME} || true
     if [[ -d /sys/class/net/pro-ipv6-dummy ]]; then
        sudo ip link delete pro-ipv6-dummy || true
     fi
-    sudo rm -f /etc/sysconfig/network-scripts/ifcfg-${PROVISIONING_NETWORK_NAME}
+    sudo rm -f /etc/NetworkManager/system-connections/${PROVISIONING_NETWORK_NAME}.nmconnection
 fi
 # Leaving this around causes issues when the host is rebooted
 # delete the interface as it can cause issues when not rebooting
 if [ "$MANAGE_BR_BRIDGE" == "y" ]; then
-    sudo ifdown ${BAREMETAL_NETWORK_NAME} || true
+    sudo nmcli con del ${BAREMETAL_NETWORK_NAME} || true
     sudo ip link delete ${BAREMETAL_NETWORK_NAME} || true
     if [[ -d /sys/class/net/bm-ipv6-dummy ]]; then
        sudo ip link delete bm-ipv6-dummy || true
     fi
-    sudo rm -f /etc/sysconfig/network-scripts/ifcfg-${BAREMETAL_NETWORK_NAME}
+    sudo rm -f /etc/NetworkManager/system-connections/${BAREMETAL_NETWORK_NAME}.nmconnection
 fi
 
 # Drop all ebtables rules