Was looking to set default values for a few network connection configs like connection.permissions, etc, so that when a new connection is generated (at /etc/NetworkManager/system-connections), it’ll inherit said defaults.
Looked at a handful of places for info…
/etc/sysconfig/network/ seems irrelevant for NetworkManager and /etc/sysconfig/network/config particularly says ‘NetworkManager is not using any sysconfig settings’
man netconfig seems to have nothing
man nmcli doesn’t seem relevant
man NetworkManager.conf has a section ‘Specify default values for connections’, which’d seem usable by putting a drop-in into /etc/NetworkManager/conf.d/ However, it explains that only some configs are eligible for default values and none of those ones are pertinent to the task.
Did a web search: The comment at this related post says systemd-networkd can do this on ubuntu. But, it appears absent from a stock tumbleweed system, and would it be necessary to add another network service to accomplish this?
Ok. Looks like you’re talking about the systemd-network package, which provides systemd-networkd service, and systemd.network facility.
There’s relevant documentation at…
man systemd.network systemd-networkd
While this facility handles network interfaces/devices, the intent is to effect network connection items. Ostensibly, configuring an interface will accordingly effect resulting network connection items.
There are three properties to try configuring, which can be shown for a given connection like so…
nmcli --fields connection.permissions,ipv4.ignore-auto-dns,ipv4.dns connection show eth0
From man systemd.network, it seems that creating /etc/systemd/network/10-all.network like this, perhaps configures the second and third properties above…
Does the above seem correct?
To put into effect, it seems just enable systemd-networkd.service and reboot, or perhaps just start it. Anything else?
Anyway, there seems to be no configuration available to effect connection.permissions. Searched man systemd.network for ‘perm’ ‘allow’ ‘user’ and ‘connect’, but found nothing related.
This could be a deal breaker. Is there a way to apply a default value for connection.permissions ?
Right, but the idea here is setting defaults in advance of any new connections, which would be automatically applied whenever new connections are established.
@skosner why not just create a script to generate (as root user), this would use defaults and either inline options or ask the user. As indicated by @arvidjaar it’s just a text file.
Programmatic intervention is under consideration, and will presumably be the solution if such defaults are not supported. But since accomplishing by default configuration would be simpler and easier, it’s much preferred if available.
You are talking about a program, so it will always be some programmatic solution. The question is only, whether it will be inside NetworkManager code or outside. If you believe that your use case is important enough to be inside NetworkManager code, you have to write a patch (or find someone who does it for you), submit to NetworkManager maintainers for review and convince them it is worth to keep and maintain as part of the NetworkManager code.
But so far you did not even describe your use case. This is typical example of substituting goals with means. You decided that to achieve some unknown goal the only possible way is default connection settings and are asking about default connection settings instead of explaining, what you are trying to achieve with them.
While the goal is to set certain consistent dns server addresses for the entire system, prior research indicated that there is no facility to enforce system-wide dns server addresses, and thus dns addresses differ from connection to connection (/etc/NetworkManager/system-connections/*). While /etc/resolv.conf displays the active dns addresses, it does not support their persistent (re)configuration. Also, trying to set this in /etc/sysconfig/network/config seems to have no effect on NetworkManager. Other things were tried too, with no success. Having researched all this already without success, it did not seem necessary to explain such background when posing the question.
So, instead of a central, system-wide facility, was looking for the easiest way to automatically set the same dns addresses for all the connections on the system (/etc/NetworkManager/system-connections/*). This would seem naturally, but hypothetically, to be the capability for applying default settings for NetworkManager connections.
Further, was also needing to set connection permissions for all connections, and explaining the reason for that also seems unnecessary background, and would also be solved simply if NetworkManager connections support default configs.
Ultimately, if you do have advice per this expanded problem description, it’d be great to hear. But if not, it seems the only question remaining is…
Does NetworkManager support setting connection defaults for dns server addresses (and perhaps other connection configs), or is there some other facility to easily configure connection defaults, or must code be written to handle this?
If NetworkManager is managing resolv.conf, then it should be the system wide default.
Of course programs can ignore this and query any DNS server they want unless blocked by a firewall rule.
A default for each dns query event, that can be overridden as you described, sure. But what’s in resolv.conf is in turn subject to the dns server(s) configuration of the active connection, and of course the active connection can change at any time. Thus, the point is to mandate dns server addresses for the system that won’t be subject to such operational whim, albeit still override-able by each dns query.
I suppose NetworkManager has this option, consider using some other resolv manager such as resolvconf or systemd-resolved (what we use at work on Debian servers).
Or if there’s no easy option, just chattr +i the resolv file, hopefully NM would throw an error and not crash.
Of course there is. NetworkManager on SUSE is be default using netconfig to manage /etc/resolv.conf and you can set your own default(s) overriding any per-connection information. This has been discussed more than once on this forum.
What “option” do you mean?
Ok, but looking into and possibly switching resolve manager, doesn’t seem like less work than a script which loops thru the connections and sets accordingly with nmcli. Plus, said script can be written to also set other connection configs.
Since /run/netconfig/resolv.conf is on tmpfs and /etc/resolv.conf is a symlink to it, it seems an approach like this would entail what hcvv suggests below, to replace the symlink with a normal file of custom contents.
Right. Per advice in resolv.conf comments, can do like…
vim /etc/sysconfig/network/config
NETCONFIG_DNS_STATIC_SERVERS="8.8.4.4"
/usr/sbin/netconfig update --force-replace
Had already tried this to no avail. Then noticed that /etc/sysconfig/network/config says ‘…NetworkManager is not using any sysconfig settings’, which seemed to explain it.
If this really does work, can you point to some helpful info?
Hmm. Maybe should also do?..
vim /etc/sysconfig/network/config
NETCONFIG_DNS_POLICY=""
The option to set default DNS servers, I’ve always used the dhclient config to set them on Debian systems and now systemd-resolved. Personally I hate resolvconf, but there are others who vouch for it. systemd-resolved is nice though and dead simple to configure, I’d say even easier than trying to wrangle something like NM into a workable form. That said, I haven’t used it with Suse/Fedora. YMMV.
Ah, this is not always the case as I found out recently while writing zypperoni. On my fresh installation of TW it’s just a normal file and not a symlink:
A very helpful person here (thanks @karlmistelberger ) helped me debug the issue and modify zypperoni’s mount commands to deal with various resolv managers that symlink.