CentOS 7 下网络管理之命令行工具nmcli

在CentOS7中默认使用NetworkManager守护进程来监控和管理网络设置。nmcli是命令行的NetworkManager工具,会自动把配置写到/etc/sysconfig/network-scripts/目录下面。

NetworkManager最初由 Redhat 公司开发,现在由 GNOME 管理。

CentOS7之前的网络管理是通过ifcfg文件配置管理接口(device),而现在是通过NetworkManager服务管理连接(connection)。一个接口(device)可以有多个连接(connection),但是同时只允许一个连接(connection)处于激活(active)状态。

简单理解就是,一个连接就是(connection)就是/etc/sysconfig/network-scripts/目录下的一个配置文件,接口(device)是物理设备,一个物理设置可以拥有多个配置文件,但只能有一个配置文件属于使用(active)状态;配置文件的生成与使用状态均由NetworkManager控制。

当然,依旧支持ifcfg文件配置管理网络,但不推荐

命令学习


查看帮助


      
      
        
        
        
        
  1. [root@karate ~]# nmcli -h
  2. Usage: nmcli [OPTIONS] OBJECT { COMMAND | help }
  3. OPTIONS
  4. -t[erse] terse output
  5. -p[retty] pretty output
  6. -m[ode] tabular|multiline output mode
  7. -f[ields] |all|common specify fields to output
  8. -e[scape] yes|no escape columns separators in values
  9. -n[ocheck] don't check nmcli and NetworkManager versions
  10. -a[sk] ask for missing parameters
  11. -w[ait] set timeout waiting for finishing operations
  12. -v[ersion] show program version
  13. -h[elp] print this help
  14. OBJECT
  15. g[eneral] NetworkManager's general status and operations
  16. n[etworking] overall networking control
  17. r[adio] NetworkManager radio switches
  18. c[onnection] NetworkManager's connections
  19. d[evice] devices managed by NetworkManager
  20. a[gent] NetworkManager secret agent or polkit agent

有六个OBJECT,常用的有connection,device,general查看它们的帮助


      
      
        
        
        
        
  1. [root@karate ~]# nmcli c -h
  2. Usage: nmcli connection { COMMAND | help }
  3. COMMAND := { show | up | down | add | modify | edit | delete | reload | load }
  4. show [--active] [[--show-secrets] [id | uuid | path | apath] <ID>] ...
  5. up [[id | uuid | path] <ID>] [ifname <ifname>] [ap <BSSID>] [passwd-file <file with passwords>]
  6. down [id | uuid | path | apath] <ID> ...
  7. add COMMON_OPTIONS TYPE_SPECIFIC_OPTIONS IP_OPTIONS
  8. modify [--temporary] [id | uuid | path] <ID> ([+|-] <setting>. <property> <value>)+
  9. edit [id | uuid | path] <ID>
  10. edit [type <new_con_type>] [con-name <new_con_name>]
  11. delete [id | uuid | path] <ID>
  12. reload
  13. load <filename> [ <filename>... ]

常用命令


查看接口设备信息


      
      
        
        
        
        
  1. # 简单信息
  2. nmcli device status
  3. # 详细的接口信息
  4. nmcli device show
  5. # 接口的详细信息
  6. nmcli device show interface-name

查看连接(connection)的信息


      
      
        
        
        
        
  1. # 简单信息
  2. nmcli connection show
  3. # 详细的连接信息
  4. nmcli connection show
  5. # 某个连接的详细信息
  6. nmcli connection show connection-name

启动和停止接口


      
      
        
        
        
        
  1. nmcli connection down connection-name
  2. nmcli connection up connection-name
  3. nmcli device disconnect interface-name
  4. nmcli device connect interface-name

建议使用 nmcli dev disconnect interface-name 命令,而不是 nmcli con down connection-name 命令,因为连接断开可将该接口放到“手动”模式,这样做用户让 NetworkManager 启动某个连接前,或发生外部事件(比如载波变化、休眠或睡眠)前,不会启动任何自动连接。

创建连接


      
      
        
        
        
        
  1. nmcli connection add type ethernet con-name connection-name ifname interface-name
  2. nmcli connection add type ethernet con-name connection-name ifname interface-name ip4 address gw4 address
  3. ## e.g. 创建一个基于eth1接口的连接
  4. # 创建动态连接,即BOOTPROTO默认为DHCP
  5. [root@localhost ~] # nmcli c add type eth con-name dynamic-eth1 ifname eth1
  6. Connection 'dynamic-eth1' (9c0ad8a9-21f6-40b5-9313-e5c7e4b356f1) successfully added.
  7. # 创建静态连接
  8. [root@localhost ~] # nmcli connection add type eth con-name static-eth1 ifname eth1 ip4 172.16.60.10/24
  9. # nmcli connection add type eth con-name static-eth1 ifname eth1 ip4 172.16.60.10/24 gw4 192.168.60.1
  10. Connection 'static-eth1' (0640bf7f-9490-44a8-be96-2e710fb650e6) successfully added.

创建连接后,NetworkManager 自动将 connection.autoconnect 设定为 yes。还会将设置保存到 /etc/sysconfig/network-scripts/ connection-name 文件中,且自动将 ONBOOT 参数设定为 yes。

激活连接


      
      
        
        
        
        
  1. nmcli connection up connection-name
  2. ## e.g. 激活eth1接口的static-eth1连接
  3. [root@localhost ~]# nmcli c up static-eth1
  4. Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)

修改连接的IP地址


      
      
        
        
        
        
  1. # 可修改的属性可通过以下命令查看
  2. nmcli c show static-eth1
  3. # 修改命令
  4. nmcli connection modify [--temporary] [id | uuid | path] ([+|-]. )+
  5. ## e.g. 修改连接static-eth1的ip地址
  6. [root@localhost ~]# ip addr | grep eth1
  7. 4: eth1: mtu 1500 qdisc pfifo_fast state UP qlen 1000
  8. inet 172.16.60.10/24 brd 172.16.60.255 scope global eth1
  9. [root@localhost ~]# nmcli c mod static-eth1 ipv4.addr 172.16.60.20/24
  10. [root@localhost ~]# nmcli c up static-eth1
  11. Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
  12. [root@localhost ~]# ip a | grep eth1
  13. 4: eth1: mtu 1500 qdisc pfifo_fast state UP qlen 1000
  14. inet 172.16.60.20/24 brd 172.16.60.255 scope global eth1

配置连接的DNS


      
      
        
        
        
        
  1. # 设定单个DNS
  2. nmcli connection modify static-eth1 ipv4.dns DNS1
  3. # 设定多个DNS
  4. nmcli connection modify static-eth1 ipv4.dns "DNS1 DNS2"
  5. # 以上命令会替换之前的DNS设置
  6. # 添加某个连接的DNS,需要使用前缀“+”
  7. nmcli connection modify static-eth1 +ipv4.dns DNS3
  8. ## e.g. 配置static-eth1连接的DNS
  9. [root@localhost ~]# grep DNS /etc/sysconfig/network-scripts/ifcfg-static-eth1
  10. IPV6_PEERDNS=yes
  11. [root@localhost ~]# nmcli c mod static-eth1 ipv4.dns "114.114.114.114 223.5.5.5"
  12. # 修改连接后,需要重新激活
  13. [root@localhost ~]# nmcli c up static-eth1
  14. Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
  15. [root@localhost ~]# grep DNS /etc/sysconfig/network-scripts/ifcfg-static-eth1
  16. DNS1=114.114.114.114
  17. DNS2=223.5.5.5
  18. IPV6_PEERDNS=yes
  19. # 新增DNS
  20. [root@localhost ~]# nmcli c mod static-eth1 +ipv4.dns 223.5.5.6
  21. [root@localhost ~]# nmcli c up static-eth1
  22. Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
  23. [root@localhost ~]# grep DNS /etc/sysconfig/network-scripts/ifcfg-static-eth1
  24. DNS1=114.114.114.114
  25. DNS2=223.5.5.5
  26. DNS3=223.5.5.6
  27. IPV6_PEERDNS=yes

设置主机名


      
      
        
        
        
        
  1. # 查询当前主机名
  2. nmcli general hostname
  3. # 更改主机名
  4. nmcli general hostname my-hostname
  5. # 重启hostnamed服务
  6. systemctl restart systemd-hostnamed

CentOS7下的主机名管理是基于系统服务systemd-hostnamed,服务自身提供了hostnamectl命令用于修改主机名,推荐这种方式进行修改
使用nmcli命令更改主机名时,systemd-hostnamed服务并不知晓 /etc/hostname 文件被修改,因此需要重启服务去读取配置;

命令交互模式


      
      
        
        
        
        
  1. nmcli con edit
  2. # Valid connection types: generic, 802-3-ethernet (ethernet), pppoe, 802-11-wireless (wifi), wimax, gsm, cdma, infiniband, adsl, bluetooth, , 802-11-olpc-mesh (olpc-mesh), vlan, bond, team, bridge, bond-slave, team-slave, bridge-slave
  3. # 也可以直接指定connection-name进行交互修改
  4. # 还是非交互配置方便

接口绑定(interface bonding)

CentOS7下新增了一种特性team,用于取代bond。

接口绑定步骤是:创建一个组接口(Team interface), 创建一个接口连接,指定网卡接口(device)到组接口里


      
      
        
        
        
        
  1. nmcli connection add type team con-name connection-name ifname interface-name [config JSON]
  2. # JSON 指定所使用的处理器(runner)。JSON语法 '{"runner":{"name":"METHOD"}}'
  3. # METHOD可以是:broadcast、activebackup、roundrobin、loadbalance 或者 lacp
  4. nmcli connection add type team-slave con-name connection-name ifname interface-name master team-name
  5. ## e.g. 创建组接口team0,并把eth1和eth2加入其中,网段为192.168.233.0/24
  6. [root@localhost ~]# nmcli d status
  7. DEVICE TYPE STATE CONNECTION
  8. eth0 ethernet connected eth0
  9. eth1 ethernet connected Wired connection 1
  10. eth2 ethernet connected Wired connection 2
  11. lo loopback unmanaged --
  12. [root@localhost ~]# nmcli c show
  13. NAME UUID TYPE DEVICE
  14. Wired connection 2 34494b9d-f056-4f30-841c-7e6fad3b73d0 802-3-ethernet eth2
  15. Wired connection 1 b7ca472c-67f7-4885-ba3b-1b572d3e0d40 802-3-ethernet eth1
  16. eth0 54bd03bd-1300-409b-974f-d98ed3bb8891 802-3-ethernet eth0
  17. [root@localhost ~]# nmcli c del "Wired connection 2"
  18. [root@localhost ~]# nmcli c del "Wired connection 1"
  19. [root@localhost ~]# nmcli c show
  20. NAME UUID TYPE DEVICE
  21. eth0 54bd03bd-1300-409b-974f-d98ed3bb8891 802-3-ethernet eth0
  22. [root@localhost ~]# nmcli d status
  23. DEVICE TYPE STATE CONNECTION
  24. eth0 ethernet connected eth0
  25. eth1 ethernet disconnected --
  26. eth2 ethernet disconnected --
  27. lo loopback unmanaged --
  28. # 创建组接口,并分配ip地址
  29. [root@localhost ~]# nmcli c add type team con-name team0 ifname team0 config '{"runner":{"name":"activebackup"}}' ip4 192.168.233.10/24 gw4 192.168.233.2
  30. Connection 'team0' (4e75c1da-6ce5-4cbc-85fe-da5aa289b7d8) successfully added.
  31. [root@localhost ~]# nmcli c mod team0 ipv4.dns "114.114.114.114 223.5.5.5"
  32. [root@localhost ~]# nmcli c show
  33. NAME UUID TYPE DEVICE
  34. eth0 54bd03bd-1300-409b-974f-d98ed3bb8891 802-3-ethernet eth0
  35. team0 4e75c1da-6ce5-4cbc-85fe-da5aa289b7d8 team team0
  36. # 将网卡接口加入到组接口中
  37. [root@localhost ~]# nmcli c add type team-slave ifname eth1 master team0
  38. Connection 'team-slave-eth1' (3ef0011b-6b69-4dfb-998b-13bf3d729c9c) successfully added.
  39. [root@localhost ~]# nmcli c add type team-slave ifname eth2 master team0
  40. Connection 'team-slave-eth2' (fe3fc939-dbff-485e-aef6-9fbf9f807926) successfully added.
  41. # 启动组接口
  42. [root@localhost ~]# nmcli c up team0
  43. Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
  44. # 查看 team0 当前活动的端口,活动端口基于接口的连接
  45. [root@localhost ~]# teamnl team0 ports
  46. 4: eth2: up 1000Mbit FD
  47. 3: eth1: up 1000Mbit FD
  48. [root@localhost ~]# nmcli d status
  49. DEVICE TYPE STATE CONNECTION
  50. eth0 ethernet connected eth0
  51. eth1 ethernet connected team-slave-eth1
  52. eth2 ethernet connected team-slave-eth2
  53. team0 team connected team0
  54. lo loopback unmanaged --
  55. [root@localhost ~]# nmcli c show
  56. NAME UUID TYPE DEVICE
  57. eth0 54bd03bd-1300-409b-974f-d98ed3bb8891 802-3-ethernet eth0
  58. team-slave-eth2 fe3fc939-dbff-485e-aef6-9fbf9f807926 802-3-ethernet eth2
  59. team-slave-eth1 3ef0011b-6b69-4dfb-998b-13bf3d729c9c 802-3-ethernet eth1
  60. team0 4e75c1da-6ce5-4cbc-85fe-da5aa289b7d8 team team0
  61. [root@localhost ~]# ip a s team0
  62. 5: team0: mtu 1500 qdisc noqueue state UP
  63. link/ether 00:0c:29:d0:a2:77 brd ff:ff:ff:ff:ff:ff
  64. inet 192.168.233.10/24 brd 192.168.233.255 scope global team0
  65. valid_lft forever preferred_lft forever
  66. inet6 fe80::20c:29ff:fed0:a277/64 scope link
  67. valid_lft forever preferred_lft forever
  68. [root@localhost ~]# teamdctl team0 state
  69. setup:
  70. runner: activebackup
  71. ports:
  72. eth2
  73. link watches:
  74. link summary: up
  75. instance[link_watch_0]:
  76. name: ethtool
  77. link: up
  78. eth1
  79. link watches:
  80. link summary: up
  81. instance[link_watch_0]:
  82. name: ethtool
  83. link: up
  84. runner:
  85. active port: eth1
  86. [root@localhost ~]# nmcli c show team0
  87. connection.id: team0
  88. connection.uuid: 4e75c1da-6ce5-4cbc-85fe-da5aa289b7d8
  89. connection.interface-name: team0
  90. connection.type: team
  91. connection.autoconnect: yes
  92. connection.autoconnect-priority: 0
  93. connection.timestamp: 1464621245
  94. connection.read-only: no
  95. connection.permissions:
  96. connection.zone: --
  97. connection.master: --
  98. connection.slave-type: --
  99. connection.secondaries:
  100. connection.gateway-ping-timeout: 0
  101. ipv4.method: manual
  102. ipv4.dns: 114.114.114.114,223.5.5.5
  103. ipv4.dns-search:
  104. ipv4.addresses: 192.168.233.10/24
  105. ipv4.gateway: 192.168.233.2
  106. ipv4.routes:
  107. ipv4.route-metric: -1
  108. ipv4.ignore-auto-routes: no
  109. ipv4.ignore-auto-dns: no
  110. ipv4.dhcp-client-id: --
  111. ipv4.dhcp-send-hostname: yes
  112. ipv4.dhcp-hostname: --
  113. ipv4.never-default: no
  114. ipv4.may-fail: yes
  115. ipv6.method: auto
  116. ipv6.dns:
  117. ipv6.dns-search:
  118. ipv6.addresses:
  119. ipv6.gateway: --
  120. ipv6.routes:
  121. ipv6.route-metric: -1
  122. ipv6.ignore-auto-routes: no
  123. ipv6.ignore-auto-dns: no
  124. ipv6.never-default: no
  125. ipv6.may-fail: yes
  126. ipv6.ip6-privacy: -1 (unknown)
  127. ipv6.dhcp-send-hostname: yes
  128. ipv6.dhcp-hostname: --
  129. team.config: {"runner":{"name":"activebackup"}}
  130. GENERAL.NAME: team0
  131. GENERAL.UUID: 4e75c1da-6ce5-4cbc-85fe-da5aa289b7d8
  132. GENERAL.DEVICES: team0
  133. GENERAL.STATE: activated
  134. GENERAL.DEFAULT: no
  135. GENERAL.DEFAULT6: no
  136. GENERAL.VPN: no
  137. GENERAL.ZONE: --
  138. GENERAL.DBUS-PATH: /org/freedesktop/NetworkManager/ActiveConnection/6
  139. GENERAL.CON-PATH: /org/freedesktop/NetworkManager/Settings/3
  140. GENERAL.SPEC-OBJECT: /
  141. GENERAL.MASTER-PATH: --
  142. IP4.ADDRESS[1]: 192.168.233.10/24
  143. IP4.GATEWAY: 192.168.233.2
  144. IP4.DNS[1]: 114.114.114.114
  145. IP4.DNS[2]: 223.5.5.5
  146. IP6.ADDRESS[1]: fe80::20c:29ff:fed0:a277/64

测试的话,可以开个ping窗口持续ping,然后禁用team0组中的eth2;理论上ping包是不会丢失的。


      
      
        
        
        
        
  1. # 关闭eth2网卡,看ping状态
  2. [root@localhost ~]# nmcli d dis eth2
  3. Device 'eth2' successfully disconnected.
  4. [root@localhost ~]# teamdctl team0 state
  5. setup:
  6. runner: activebackup
  7. ports:
  8. eth1
  9. link watches:
  10. link summary: up
  11. instance[link_watch_0]:
  12. name: ethtool
  13. link: up
  14. runner:
  15. active port: eth1
  16. [root@localhost ~]# nmcli d con eth2
  17. Device 'eth2' successfully activated with 'fe3fc939-dbff-485e-aef6-9fbf9f807926'.
  18. [root@localhost ~]# teamdctl team0 state
  19. setup:
  20. runner: activebackup
  21. ports:
  22. eth1
  23. link watches:
  24. link summary: up
  25. instance[link_watch_0]:
  26. name: ethtool
  27. link: up
  28. eth2
  29. link watches:
  30. link summary: up
  31. instance[link_watch_0]:
  32. name: ethtool
  33. link: up
  34. runner:
  35. active port: eth1
  36. [root@localhost ~]# teamnl team0 options
  37. queue_id (port:eth2) 0
  38. priority (port:eth2) 0
  39. user_linkup_enabled (port:eth2) false
  40. user_linkup (port:eth2) true
  41. enabled (port:eth2) false
  42. queue_id (port:eth1) 0
  43. priority (port:eth1) 0
  44. user_linkup_enabled (port:eth1) false
  45. user_linkup (port:eth1) true
  46. enabled (port:eth1) true
  47. activeport 3
  48. mcast_rejoin_interval 0
  49. mcast_rejoin_count 1
  50. notify_peers_interval 0
  51. notify_peers_count 1
  52. mode activebackup


作者:无限小BUG
链接:https://www.jianshu.com/p/5d5560e9e26a
來源:简书
著作权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。

你可能感兴趣的:(Linux,linux,CentOS,nmcli工具)