CentOS 7 下網路管理之命令列工具nmcli
阿新 • • 發佈:2019-01-06
在CentOS7中預設使用NetworkManager守護程序來監控和管理網路設定。nmcli是命令列的NetworkManager工具,會自動把配置寫到/etc/sysconfig/network-scripts/目錄下面。
NetworkManager最初由 Redhat 公司開發,現在由 GNOME 管理。
CentOS7之前的網路管理是通過ifcfg檔案配置管理介面(device),而現在是通過NetworkManager服務管理連線(connection)。一個介面(device)可以有多個連線(connection),但是同時只允許一個連線(connection)處於啟用(active)狀態。
簡單理解就是,一個連線就是(connection)就是/etc/sysconfig/network-scripts/目錄下的一個配置檔案,介面(device)是物理裝置,一個物理設定可以擁有多個配置檔案,但只能有一個配置檔案屬於使用(active)狀態;配置檔案的生成與使用狀態均由NetworkManager控制。
當然,依舊支援ifcfg檔案配置管理網路,但不推薦。
命令學習
檢視幫助
[[email protected] ~]# nmcli -h
Usage: nmcli [OPTIONS] OBJECT { COMMAND | help }
OPTIONS
-t[erse] terse output
-p[retty] pretty output
-m[ode] tabular| 有六個OBJECT,常用的有connection,device,general檢視它們的幫助
[[email protected] ~]# nmcli c -h
Usage: nmcli connection { COMMAND | help }
COMMAND := { show | up | down | add | modify | edit | delete | reload | load }
show [--active] [[--show-secrets] [id | uuid | path | apath] <ID>] ...
up [[id | uuid | path] <ID>] [ifname <ifname>] [ap <BSSID>] [passwd-file <file with passwords>]
down [id | uuid | path | apath] <ID> ...
add COMMON_OPTIONS TYPE_SPECIFIC_OPTIONS IP_OPTIONS
modify [--temporary] [id | uuid | path] <ID> ([+|-]<setting>.<property> <value>)+
edit [id | uuid | path] <ID>
edit [type <new_con_type>] [con-name <new_con_name>]
delete [id | uuid | path] <ID>
reload
load <filename> [ <filename>... ]
常用命令
檢視介面裝置資訊
# 簡單資訊
nmcli device status
# 詳細的介面資訊
nmcli device show
# 介面的詳細資訊
nmcli device show interface-name
檢視連線(connection)的資訊
# 簡單資訊
nmcli connection show
# 詳細的連線資訊
nmcli connection show
# 某個連線的詳細資訊
nmcli connection show connection-name
啟動和停止介面
nmcli connection down connection-name
nmcli connection up connection-name
nmcli device disconnect interface-name
nmcli device connect interface-name
建議使用 nmcli dev disconnect interface-name 命令,而不是 nmcli con down connection-name 命令,因為連線斷開可將該介面放到“手動”模式,這樣做使用者讓 NetworkManager 啟動某個連線前,或發生外部事件(比如載波變化、休眠或睡眠)前,不會啟動任何自動連線。
建立連線
nmcli connection add type ethernet con-name connection-name ifname interface-name
nmcli connection add type ethernet con-name connection-name ifname interface-name ip4 address gw4 address
## e.g. 建立一個基於eth1介面的連線
# 建立動態連線,即BOOTPROTO預設為DHCP
[[email protected] ~]# nmcli c add type eth con-name dynamic-eth1 ifname eth1
Connection 'dynamic-eth1' (9c0ad8a9-21f6-40b5-9313-e5c7e4b356f1) successfully added.
# 建立靜態連線
[[email protected] ~]# nmcli connection add type eth con-name static-eth1 ifname eth1 ip4 172.16.60.10/24
# nmcli connection add type eth con-name static-eth1 ifname eth1 ip4 172.16.60.10/24 gw4 192.168.60.1
Connection 'static-eth1' (0640bf7f-9490-44a8-be96-2e710fb650e6) successfully added.
建立連線後,NetworkManager 自動將 connection.autoconnect 設定為 yes。還會將設定儲存到 /etc/sysconfig/network-scripts/ connection-name 檔案中,且自動將 ONBOOT 引數設定為 yes。
啟用連線
nmcli connection up connection-name
## e.g. 啟用eth1介面的static-eth1連線
[[email protected] ~]# nmcli c up static-eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
修改連線的IP地址
# 可修改的屬性可通過以下命令檢視
nmcli c show static-eth1
# 修改命令
nmcli connection modify [--temporary] [id | uuid | path] <ID> ([+|-]<setting>.<property> <value>)+
## e.g. 修改連線static-eth1的ip地址
[[email protected] ~]# ip addr | grep eth1
4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
inet 172.16.60.10/24 brd 172.16.60.255 scope global eth1
[[email protected] ~]# nmcli c mod static-eth1 ipv4.addr 172.16.60.20/24
[[email protected] ~]# nmcli c up static-eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[[email protected] ~]# ip a | grep eth1
4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
inet 172.16.60.20/24 brd 172.16.60.255 scope global eth1
配置連線的DNS
# 設定單個DNS
nmcli connection modify static-eth1 ipv4.dns DNS1
# 設定多個DNS
nmcli connection modify static-eth1 ipv4.dns "DNS1 DNS2"
# 以上命令會替換之前的DNS設定
# 新增某個連線的DNS,需要使用字首“+”
nmcli connection modify static-eth1 +ipv4.dns DNS3
## e.g. 配置static-eth1連線的DNS
[[email protected] ~]# grep DNS /etc/sysconfig/network-scripts/ifcfg-static-eth1
IPV6_PEERDNS=yes
[[email protected] ~]# nmcli c mod static-eth1 ipv4.dns "114.114.114.114 223.5.5.5"
# 修改連線後,需要重新啟用
[[email protected] ~]# nmcli c up static-eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[[email protected] ~]# grep DNS /etc/sysconfig/network-scripts/ifcfg-static-eth1
DNS1=114.114.114.114
DNS2=223.5.5.5
IPV6_PEERDNS=yes
# 新增DNS
[[email protected] ~]# nmcli c mod static-eth1 +ipv4.dns 223.5.5.6
[[email protected] ~]# nmcli c up static-eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
[[email protected] ~]# grep DNS /etc/sysconfig/network-scripts/ifcfg-static-eth1
DNS1=114.114.114.114
DNS2=223.5.5.5
DNS3=223.5.5.6
IPV6_PEERDNS=yes
設定主機名
# 查詢當前主機名
nmcli general hostname
# 更改主機名
nmcli general hostname my-hostname
# 重啟hostnamed服務
systemctl restart systemd-hostnamed
CentOS7下的主機名管理是基於系統服務systemd-hostnamed,服務自身提供了hostnamectl命令用於修改主機名,推薦這種方式進行修改;
使用nmcli命令更改主機名時,systemd-hostnamed服務並不知曉 /etc/hostname 檔案被修改,因此需要重啟服務去讀取配置;
命令互動模式
nmcli con edit
# Valid connection types: generic, 802-3-ethernet (ethernet), pppoe, 802-11-wireless (wifi), wimax, gsm, cdma, infiniband, adsl, bluetooth, vpn, 802-11-olpc-mesh (olpc-mesh), vlan, bond, team, bridge, bond-slave, team-slave, bridge-slave
# 也可以直接指定connection-name進行互動修改
# 還是非互動配置方便
介面繫結(interface bonding)
CentOS7下新增了一種特性team,用於取代bond。
介面繫結步驟是:建立一個組介面(Team interface), 建立一個介面連線,指定網絡卡介面(device)到組接口裡
nmcli connection add type team con-name connection-name ifname interface-name [config JSON]
# JSON 指定所使用的處理器(runner)。JSON語法 '{"runner":{"name":"METHOD"}}'
# METHOD可以是:broadcast、activebackup、roundrobin、loadbalance 或者 lacp
nmcli connection add type team-slave con-name connection-name ifname interface-name master team-name
## e.g. 建立組介面team0,並把eth1和eth2加入其中,網段為192.168.233.0/24
[[email protected] ~]# nmcli d status
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected eth0
eth1 ethernet connected Wired connection 1
eth2 ethernet connected Wired connection 2
lo loopback unmanaged --
[[email protected] ~]# nmcli c show
NAME UUID TYPE DEVICE
Wired connection 2 34494b9d-f056-4f30-841c-7e6fad3b73d0 802-3-ethernet eth2
Wired connection 1 b7ca472c-67f7-4885-ba3b-1b572d3e0d40 802-3-ethernet eth1
eth0 54bd03bd-1300-409b-974f-d98ed3bb8891 802-3-ethernet eth0
[[email protected] ~]# nmcli c del "Wired connection 2"
[[email protected] ~]# nmcli c del "Wired connection 1"
[[email protected] ~]# nmcli c show
NAME UUID TYPE DEVICE
eth0 54bd03bd-1300-409b-974f-d98ed3bb8891 802-3-ethernet eth0
[[email protected] ~]# nmcli d status
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected eth0
eth1 ethernet disconnected --
eth2 ethernet disconnected --
lo loopback unmanaged --
# 建立組介面,並分配ip地址
[[email protected] ~]# nmcli c add type team con-name team0 ifname team0 config '{"runner":{"name":"activebackup"}}' ip4 192.168.233.10/24 gw4 192.168.233.2
Connection 'team0' (4e75c1da-6ce5-4cbc-85fe-da5aa289b7d8) successfully added.
[[email protected] ~]# nmcli c mod team0 ipv4.dns "114.114.114.114 223.5.5.5"
[[email protected] ~]# nmcli c show
NAME UUID TYPE DEVICE
eth0 54bd03bd-1300-409b-974f-d98ed3bb8891 802-3-ethernet eth0
team0 4e75c1da-6ce5-4cbc-85fe-da5aa289b7d8 team team0
# 將網絡卡介面加入到組介面中
[[email protected] ~]# nmcli c add type team-slave ifname eth1 master team0
Connection 'team-slave-eth1' (3ef0011b-6b69-4dfb-998b-13bf3d729c9c) successfully added.
[[email protected] ~]# nmcli c add type team-slave ifname eth2 master team0
Connection 'team-slave-eth2' (fe3fc939-dbff-485e-aef6-9fbf9f807926) successfully added.
# 啟動組介面
[[email protected] ~]# nmcli c up team0
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
# 檢視 team0 當前活動的埠,活動埠基於介面的連線
[[email protected] ~]# teamnl team0 ports
4: eth2: up 1000Mbit FD
3: eth1: up 1000Mbit FD
[[email protected] ~]# nmcli d status
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected eth0
eth1 ethernet connected team-slave-eth1
eth2 ethernet connected team-slave-eth2
team0 team connected team0
lo loopback unmanaged --
[[email protected] ~]# nmcli c show
NAME UUID TYPE DEVICE
eth0 54bd03bd-1300-409b-974f-d98ed3bb8891 802-3-ethernet eth0
team-slave-eth2 fe3fc939-dbff-485e-aef6-9fbf9f807926 802-3-ethernet eth2
team-slave-eth1 3ef0011b-6b69-4dfb-998b-13bf3d729c9c 802-3-ethernet eth1
team0 4e75c1da-6ce5-4cbc-85fe-da5aa289b7d8 team team0
[[email protected] ~]# ip a s team0
5: team0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 00:0c:29:d0:a2:77 brd ff:ff:ff:ff:ff:ff
inet 192.168.233.10/24 brd 192.168.233.255 scope global team0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fed0:a277/64 scope link
valid_lft forever preferred_lft forever
[[email protected] ~]# teamdctl team0 state
setup:
runner: activebackup
ports:
eth2
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
eth1
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
runner:
active port: eth1
[[email protected] ~]# nmcli c show team0
connection.id: team0
connection.uuid: 4e75c1da-6ce5-4cbc-85fe-da5aa289b7d8
connection.interface-name: team0
connection.type: team
connection.autoconnect: yes
connection.autoconnect-priority: 0
connection.timestamp: 1464621245
connection.read-only: no
connection.permissions:
connection.zone: --
connection.master: --
connection.slave-type: --
connection.secondaries:
connection.gateway-ping-timeout: 0
ipv4.method: manual
ipv4.dns: 114.114.114.114,223.5.5.5
ipv4.dns-search:
ipv4.addresses: 192.168.233.10/24
ipv4.gateway: 192.168.233.2
ipv4.routes:
ipv4.route-metric: -1
ipv4.ignore-auto-routes: no
ipv4.ignore-auto-dns: no
ipv4.dhcp-client-id: --
ipv4.dhcp-send-hostname: yes
ipv4.dhcp-hostname: --
ipv4.never-default: no
ipv4.may-fail: yes
ipv6.method: auto
ipv6.dns:
ipv6.dns-search:
ipv6.addresses:
ipv6.gateway: --
ipv6.routes:
ipv6.route-metric: -1
ipv6.ignore-auto-routes: no
ipv6.ignore-auto-dns: no
ipv6.never-default: no
ipv6.may-fail: yes
ipv6.ip6-privacy: -1 (unknown)
ipv6.dhcp-send-hostname: yes
ipv6.dhcp-hostname: --
team.config: {"runner":{"name":"activebackup"}}
GENERAL.NAME: team0
GENERAL.UUID: 4e75c1da-6ce5-4cbc-85fe-da5aa289b7d8
GENERAL.DEVICES: team0
GENERAL.STATE: activated
GENERAL.DEFAULT: no
GENERAL.DEFAULT6: no
GENERAL.VPN: no
GENERAL.ZONE: --
GENERAL.DBUS-PATH: /org/freedesktop/NetworkManager/ActiveConnection/6
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/Settings/3
GENERAL.SPEC-OBJECT: /
GENERAL.MASTER-PATH: --
IP4.ADDRESS[1]: 192.168.233.10/24
IP4.GATEWAY: 192.168.233.2
IP4.DNS[1]: 114.114.114.114
IP4.DNS[2]: 223.5.5.5
IP6.ADDRESS[1]: fe80::20c:29ff:fed0:a277/64
測試的話,可以開個ping視窗持續ping,然後禁用team0組中的eth2;理論上ping包是不會丟失的。
# 關閉eth2網絡卡,看ping狀態
[[email protected] ~]# nmcli d dis eth2
Device 'eth2' successfully disconnected.
[[email protected] ~]# teamdctl team0 state
setup:
runner: activebackup
ports:
eth1
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
runner:
active port: eth1
[[email protected] ~]# nmcli d con eth2
Device 'eth2' successfully activated with 'fe3fc939-dbff-485e-aef6-9fbf9f807926'.
[[email protected] ~]# teamdctl team0 state
setup:
runner: activebackup
ports:
eth1
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
eth2
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
runner:
active port: eth1
[[email protected] ~]# teamnl team0 options
queue_id (port:eth2) 0
priority (port:eth2) 0
user_linkup_enabled (port:eth2) false
user_linkup (port:eth2) true
enabled (port:eth2) false
queue_id (port:eth1) 0
priority (port:eth1) 0
user_linkup_enabled (port:eth1) false
user_linkup (port:eth1) true
enabled (port:eth1) true
activeport 3
mcast_rejoin_interval 0
mcast_rejoin_count 1
notify_peers_interval 0
notify_peers_count 1
mode activebackup