1 手工配置网络
wicked提供了一种新的网络配置框架。自SUSE 12起,SUSE使用了新的网络管理工具wicked,这个是区别与其他常见发行版的。常见的发行版目前大多使用的是NetworkManager服务进行网络管理。
1.1 wicked网络配置
传统网络接口管理面临的挑战之一是网络管理的不同层被混杂成一个脚本,或者最多两个不同的脚本。这些脚本以一种没有明确定义的方式相互交互。这会导致不可预测的问题、模糊的约束和约定等。正在使用的地址配置协议是通过dhcpcd等守护进程实现的,这些守护进程与基础设施的其余部分交互相当差。引入了需要大量udev支持的流行的接口命名方案,以实现接口的持久识别。
wicked的思想是通过几种方式来分解问题。它们都不是完全新颖的,但是尝试将来自不同项目的想法结合在一起有望创造出更好的整体解决方案。
一种方法是使用客户端/服务器模型。这允许wicked为诸如地址配置之类的东西定义标准化的设施,这些设施与整体框架很好地集成在一起。例如,使用特定的地址配置,管理员可能会请求通过DHCP或IPv4 zeroconf配置接口。在这种情况下,地址配置服务只是从其服务器获取租约并将其传递给安装请求的地址和路由。
分解问题的另一种方法是强制分层方面。对于任何类型的网络接口,都可以定义一个dbus服务来配置网络接口的设备层——VLAN、网桥、绑定或半虚拟化设备。通用功能(例如地址配置)由位于这些设备特定服务之上的联合服务实现,而无需专门实现它们。wicked框架通过使用各种dbus服务来实现这两个方面,这些服务根据其类型附加到网络接口上。这是wicked中当前对象层次结构的粗略概述。
每个网络接口都通过/org/opensuse/Network/Interfaces的子对象表示。子对象的名称由其ifindex给出。例如,通常获取ifindex1的环回接口是/org/opensuse/Network/Interfaces/1,注册的第一个以太网接口是/org/opensuse/Network/Interfaces/2。
每个网络接口都有一个与之关联的“类”,用于选择它支持的dbus接口。默认情况下,每个网络接口都属于netif类,wickedd将自动附加所有与此类兼容的接口。在当前的实现中,这包括以下接口:
- org.opensuse.Network.Interface:通用网络接口功能,例如链路的启用或停用,分配MTU等。
- org.opensuse.Network.Addrconf.ipv4.dhcp
- org.opensuse.Network.Addrconf.ipv6.dhcp
- org.opensuse.Network.Addrconf.ipv4.auto:DHCP,IPv4等地址服务的配置。
除此之外,网络接口可能需要或提供特殊的配置机制。例如,对于以太网设备,您应该能够控制链路速度、校验和卸载等。为此,以太网设备有一个自己的类,称为netif-ethernet,它是netif的子类。因此,分配给以太网接口的dbus接口包括上面列出的所有服务,以及仅对属于netif-ethernet类的对象可用的org.opensuse.Network.Ethernet服务。
类似地,存在用于接口类型的类,如网桥、VLAN、绑定或InfiniBand。您如何与需要首先创建的VLAN(实际上是位于以太网设备顶部的虚拟网络接口)之类的接口进行交互?为此,wicked定义了factory接口,例如org.opensuse.Network.VLAN.Factory。这样的factory接口提供了一个单一的功能,可以让您创建所请求类型的接口。这些factory接口附加到/org/opensuse/Network/Interfaces列表节点。
1.1.1 wicked架构和特性
- 用于解析SUSE风格的后端配置文件
/etc/sysconfig/network - 以XML文件形式的后端网络接口配置
- 启动和关闭“正常”网络接口,例如以太网或InfiniBand、VLAN、网桥、绑定、tun、tap、dummy、macvlan、macvtap、hsi、qeth、iucv和无线(目前仅限于一个wpa-psk/eap网络)设备。
- 内建的DHCPv4和DHCPv6客户端
- nanny守护进程(默认启用)有助于在设备可用(接口热插拔)时自动启动已配置的接口,并在检测到链路(运营商)时设置IP配置。
- wicked被部署到集成到systemd的一组DBus服务中。因此通过systemctl可以管理wicked。
1.1.2 使用wicked
在openSUSE Leap上,wicked默认运行在桌面或服务器硬件上。NetworkManager默认运行在移动硬件上。如果要检查当前启用的内容以及它是否正在运行,查看network的状态:
SUSE15:~ # systemctl status network
● NetworkManager.service - Network ManagerLoaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; vendor pre>Drop-In: /usr/lib/systemd/system/NetworkManager.service.d└─NetworkManager-ovs.confActive: active (running) since Wed 2021-08-18 15:08:09 CST; 7h agoDocs: man:NetworkManager(8)Main PID: 1182 (NetworkManager)Tasks: 4 (limit: 2303)CGroup: /system.slice/NetworkManager.service├─1182 /usr/sbin/NetworkManager --no-daemon
lines 1-10...skipping...
...
如果wicked开启了,可以看到wicked管理了网络接口:
SUSE15:~ # systemctl status wicked
● wicked.service - wicked managed network interfacesLoaded: loaded (/usr/lib/systemd/system/wicked.service; enabled; vendor preset: disabled)Active: active (exited) since Wed 2021-08-18 15:22:31 CST; 7h agoProcess: 2425 ExecStart=/usr/sbin/wicked --systemd ifup all (code=exited, status=0/SUCCESS)Main PID: 2425 (code=exited, status=0/SUCCESS)Aug 18 15:22:16 SUSE15 systemd[1]: Starting wicked managed network interfaces...
Aug 18 15:22:31 SUSE15 wicked[2425]: lo up
Aug 18 15:22:31 SUSE15 wicked[2425]: eth0 up
Aug 18 15:22:31 SUSE15 wicked[2425]: eth1 up
Aug 18 15:22:31 SUSE15 systemd[1]: Finished wicked managed network interfaces.
如果正在运行其他的服务(例如,NetworkManager)并且想切换到wicked,首先停止正在运行的服务,然后启用wicked:
SUSE15:~ # systemctl is-active network && systemctl stop network
SUSE15:~ # systemctl enable --force wicked
这两条命令开启了wicked服务,并创建了一个network.service软链接,链接到wicked.service。并且在下次重启时启动network。
开启服务器进程
SUSE15:~ # systemctl start wickedd
启动wickedd(主服务器)和相关的请求:
SUSE15:~ # /usr/lib/wicked/bin/wickedd-auto4 --systemd --foreground
SUSE15:~ # /usr/lib/wicked/bin/wickedd-dhcp4 --systemd --foreground
SUSE15:~ # /usr/lib/wicked/bin/wickedd-dhcp6 --systemd --foreground
SUSE15:~ # /usr/sbin/wickedd --systemd --foreground
SUSE15:~ # /usr/sbin/wickedd-nanny --systemd --foreground
然后启动网络
SUSE15:~ # systemctl start wicked
可以配置wicked的debug信息,在文件/etc/sysconfig/network/config中配置:
#debug所有信息,或者部分信息,下面两行二选一
WICKED_DEBUG="all"WICKED_DEBUG="all,-dbus,-objectmodel,-xpath,-xml"
wicked命令的使用:
- 查看接口信息
SUSE15:~ # wicked show all
lo uplink: #1, state uptype: loopbackconfig: compat:suse:/etc/sysconfig/network/ifcfg-loleases: ipv4 static grantedleases: ipv6 static grantedaddr: ipv4 127.0.0.1/8 [static]addr: ipv6 ::1/128 [static]eth0 uplink: #2, state up, mtu 1500type: ethernet, hwaddr 00:0c:29:76:10:2cconfig: compat:suse:/etc/sysconfig/network/ifcfg-eth0leases: ipv4 dhcp grantedleases: ipv6 dhcp requestingaddr: ipv4 192.168.100.39/24 [dhcp]route: ipv4 default via 192.168.100.1 proto dhcproute: ipv4 default via 192.168.100.1 metric 20101 proto dhcpeth1 uplink: #3, state up, mtu 1500type: ethernet, hwaddr 00:0c:29:76:10:36config: compat:suse:/etc/sysconfig/network/ifcfg-eth1addr: ipv4 192.168.19.145/24route: ipv4 default via 192.168.19.145 metric 20100 proto static
SUSE15:~ # wicked show eth1
eth1 uplink: #3, state up, mtu 1500type: ethernet, hwaddr 00:0c:29:76:10:36config: compat:suse:/etc/sysconfig/network/ifcfg-eth1addr: ipv4 192.168.19.145/24route: ipv4 default via 192.168.19.145 metric 20100 proto static
详细信息和省略信息
SUSE15:~ # wicked show --verbose eth1
eth1 uplink: #3, state up, mtu 1500type: ethernet, hwaddr 00:0c:29:76:10:36control: noneconfig: compat:suse:/etc/sysconfig/network/ifcfg-eth1,uuid: b8e31353-9465-5ba9-a034-7bdca453eb58addr: ipv6 fe80::9159:a10a:57b:ddf4/64 scope link flags noprefixrouteaddr: ipv4 192.168.19.145/24 brd 192.168.19.145 scope universe label eth1route: ipv4 0.0.0.0/0 via 192.168.19.145 dev eth1 type unicast table main scope universe protocol static priority 20100route: ipv4 192.168.19.0/24 type unicast table main scope link protocol kernel pref-src 192.168.19.145 priority 100route: ipv6 fe80::/64 type unicast table main scope universe protocol kernel priority 100
SUSE15:~ # wicked show --brief eth1
eth1 up
- 查看接口信息(xml输出格式)
SUSE15:~ # wicked show-xml eth0
<object path="/org/opensuse/Network/Interface/2"><interface><name>eth0</name><index>2</index><status>ready, device-up, link-up, network-up, arp, broadcast, multicast</status><link-type>ethernet</link-type><mtu>1500</mtu><txqlen>1000</txqlen><client-state><control><persistent>false</persistent><usercontrol>false</usercontrol></control><config><origin>compat:suse:/etc/sysconfig/network/ifcfg-eth0</origin><uuid>37958523-d28f-576c-a241-f6a03f615dbd</uuid><owner-uid>4294967295</owner-uid></config></client-state><addresses><assigned-address><local>fe80::ea3f:de00:414d:7a3/64</local><scope>link</scope><flags>640</flags></assigned-address><assigned-address><local>192.168.100.39/24</local><broadcast>192.168.100.255</broadcast><scope>universe</scope><flags>512</flags><label>eth0</label><cache-info><preferred-lifetime>258665</preferred-lifetime><valid-lifetime>258665</valid-lifetime></cache-info><owner>dhcp</owner></assigned-address></addresses><routes><assigned-route><destination>0.0.0.0/0</destination><nexthop><gateway>192.168.100.1</gateway><device>eth0</device></nexthop><kern><table>main</table><type>unicast</type><scope>universe</scope><protocol>dhcp</protocol></kern><metrics/></assigned-route><assigned-route><destination>0.0.0.0/0</destination><priority>20101</priority><nexthop><gateway>192.168.100.1</gateway><device>eth0</device></nexthop><kern><table>main</table><type>unicast</type><scope>universe</scope><protocol>dhcp</protocol></kern><metrics/></assigned-route><assigned-route><destination>192.168.100.0/24</destination><pref-source>192.168.100.39</pref-source><priority>101</priority><kern><table>main</table><type>unicast</type><scope>link</scope><protocol>kernel</protocol></kern><metrics/></assigned-route><assigned-route><destination>fe80::/64</destination><priority>101</priority><kern><table>main</table><type>unicast</type><scope>universe</scope><protocol>kernel</protocol></kern><metrics/></assigned-route></routes>
...
- 启动或关闭接口
SUSE15:~ # wicked ifdown eth0
eth0 device-ready
SUSE15:~ # wicked ifup eth0
eth0 up
1.1.3 Nanny
Nanny是一个事件和策略驱动的守护进程,负责异步或主动提供的场景,例如热插拔设备。因此,nanny守护进程有助于启动或重新启动延迟或暂时消失的设备。Nanny监控设备和链路的变化,并集成当前策略集定义的新设备。即使ifup由于指定的超时限制已经退出,Nanny也会继续设置。
nanny默认为开启状态,在/etc/wicked/common.xml文件中可以进行定义:
<config>...<use-nanny>true</use-nanny>
</config>
1.1.4 处理增量更改
使用wicked,不需要实际取下接口来重新配置它(除非内核需要它)。例如,将另一个IP地址或路由添加到静态配置网络接口,将IP地址添加到接口定义中,并执行另一个“ifup”操作。服务器仅更新那些已更改的设置。这适用于链路级选项,例如设备MTU或MAC地址,以及网络级设置,例如地址、路由,甚至地址配置模式。
1.1.5 wicked扩展:地址配置
wicked被设计为可使用shell脚本进行扩展。这些扩展可以在config.xml文件中定义。目前支持下面几种扩展:
- 链路配置:这些脚本负责根据客户端提供的配置设置设备的链路层,并再次将其拆除。
- 地址配置:这些脚本负责管理设备的地址配置。通常地址配置和DHCP是通过wicked自身在管理,但可以通过扩展来实现。
- 防火墙扩展:这些脚本负责应用防火墙规则。
防火墙扩展的配置文件是/etc/server.xml:
<dbus-service interface="org.opensuse.Network.Firewall"><action name="firewallUp" command="/etc/wicked/extensions/firewall up"/><action name="firewallDown" command="/etc/wicked/extensions/firewall down"/><!-- default environment for all calls to this extension script --><putenv name="WICKED_OBJECT_PATH" value="$object-path"/><putenv name="WICKED_INTERFACE_NAME" value="$property:name"/><putenv name="WICKED_INTERFACE_INDEX" value="$property:index"/>
</dbus-service>
1.2 IP地址设置
在openSUSE Leap中,永久修改网络配置最直接方式还是直接修改/etc/sysconfig/network中相关接口的配置,然后再通过wicked命令来应用配置。网卡的参数和CentOS有较大的差异,可以参考模板文件ifcfg.template。这里列举最常用的选项:
启用协议
## Type: list(static,dhcp,dhcp4,dhcp6,autoip,dhcp+autoip,6to4,none)
## Default: static
#
# With BOOTPROTO you can choose in which mode the interface will be set up:
# - static: Set up static address(es)
# - dhcp: Start a dhcp client (IPV4 and IPv6) on that interface.
# - dhcp4: Start a dhcp client (IPv4 only) on that interface.
# - dhcp6: Start a dhcp client (IPv6 only) on that interface.
# - autoip: Automatic search for a free address and assign it statically.
# - dhcp+autoip: Try dhcp4 and use autoip if dhcp fails.
# - 6to4: Set up ipv6 over ipv4 tunnel (see man ifcfg-tunnel)
# - none: Do not set up the link or ip, a (bonding) master will do it.
# If you use dhcp or autoip you may additionally specify static address(es).
#
BOOTPROTO=
IP地址及掩码
## Type: string
## Default: ""
#
# If using a static configuration you have to set an IP address and a netmask or prefix length. The following examples are equivalent:
#
# 1) IPADDR=192.168.1.1/24 # NETMASK and PREFIXLEN will be ignored
# 2) IPADDR=192.168.1.1
# PREFIXLEN=24 # NETMASK will be ignored
# 3) IPADDR=192.168.1.1
# NETMASK=255.255.255.0
#
# For multiple addresses use this variable multiple times and extend them with different suffixes. For example IPADDR_1=, IPADDR_2=. See section 'Multiple addresses' in manpage ifcfg).
#
IPADDR=## Type: string
## Default: ""
#
# Set the network mask for the ip address. This variable will be ignored if a prefixlength is set in variable PREFIXLEN in IPADDR.
# For multiple addresses use the same suffixes as with IPADDR.
#
# Note: Deprecated IPv4 only variable.
#
NETMASK=## Type: integer(0,64)
## Default: ""
#
# Set the prefixlength of the ip address. This variable will be ignored if a prefixlength is set in variable IPADDR.
# For multiple addresses use the same suffixes as with IPADDR.
#
PREFIXLEN=
接口名称
## Type: string
## Default: ""
#
# This string is used as description of the device in YaST.
# This variable is not used in ifup and friends.
#
NAME=
接口启动模式
## Type: list(auto,hotplug,ifplugd,nfsroot,manual,off,onboot)
## Default: auto
#
# STARTMODE tells ifup when a interface should be set up. Possible values are:
# - auto: start it as soon as the interface is available. Either when booting or when a device is plugged or initialized at runtime
# - hotplug: alias for auto, only difference is that configurations with that startmode are not considered to be mandatory if list of mandatory devices is derived automatically.
# - ifplugd: interface will be controlled by ifplugd daemon. (If you like to use multiple interfaces mutually exclusive you have to set also IFPLUGD_PRIORITY.)
# - nfsroot: Nearly like 'auto'. But interfaces with this startmode will never be shut down via 'rcnetwork stop'. 'ifdown <iface>' still works. Use this when you have a nfs root filesystem or you connect to an iSCSI / FCoE target.
# - manual: start it only when ifup is called manually
# - off: will not be started at all
# - onboot: alias for auto, deprecated, only for backward compliance
STARTMODE=
网卡配置举例
SUSE15:/etc/sysconfig/network # vim ifcfg-eth1NAME=''
BOOTPROTO='static'
STARTMODE='auto'
IPADDR=192.168.19.145
PREFIXLEN=24
ZONE=''SUSE15:/etc/sysconfig/network # wicked ifreload eth1
eth1 device-ready
eth1 up
1.3 路由设置
从上面的例子中可以看到,在openSUSE中如果手工配置地址,是没有网关选项的,这需要我们手工设置路由,路由的配置同样在/etc/sysconfig/network文件夹中,一个叫ifroute-IFNAME的文件中,格式如下:
# Destination Gateway Netmask Interface Options
配置举例
SUSE15:~ # vim /etc/sysconfig/network/ifroute-eth1192.168.20.0 192.168.19.1 255.255.255.0 eth1SUSE15:~ # systemctl restart wicked
SUSE15:~ # wicked ifstatus eth1
eth1 uplink: #3, state up, mtu 1500type: ethernet, hwaddr 00:0c:29:76:10:36config: compat:suse:/etc/sysconfig/network/ifcfg-eth1leases: ipv4 static grantedaddr: ipv4 192.168.19.145/24 [static]route: ipv4 192.168.20.0/24 via 192.168.19.1 proto boot
另外还有一种配置方法,就是直接指定默认网关:
default 192.168.1.1
1.4 DNS设置
DNS设置在/var/run/netconfig/resolv.conf中,格式如下:
nameserver 8.8.8.8
在这个文件中,可以进行DNS域名解析的配置。主要有如下四个参数:
nameserver #定义DNS服务器的IP地址(必选)
domain #定义本地域名(可选)
search #定义域名的搜索列表(可选)
sortlist #对返回的域名进行排序(可选)
