(Announcing the change proposal) |
(Add trackers) |
||
(3 intermediate revisions by 2 users not shown) | |||
Line 44: | Line 44: | ||
== Current status == | == Current status == | ||
[[Category: | [[Category:ChangeAcceptedF33]] | ||
<!-- When your change proposal page is completed and ready for review and announcement --> | <!-- When your change proposal page is completed and ready for review and announcement --> | ||
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler --> | <!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler --> | ||
Line 62: | Line 62: | ||
CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development | CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development | ||
--> | --> | ||
* FESCo issue: | * FESCo issue: [https://pagure.io/fesco/issue/2432 #2432] | ||
* Tracker bug: | * Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=1857391 #1857391] | ||
* Release notes tracker: | * Release notes tracker: [https://pagure.io/fedora-docs/release-notes/issue/529 #529] | ||
== Detailed Description == | == Detailed Description == | ||
Line 82: | Line 82: | ||
This was brought up on the NetworkManager mailing list ([https://mail.gnome.org/archives/networkmanager-list/2020-May/msg00002.html [1]]]). | This was brought up on the NetworkManager mailing list ([https://mail.gnome.org/archives/networkmanager-list/2020-May/msg00002.html [1]]]). | ||
Fedora CoreOS doesn't use ifcfg-rh files at all, only keyfile. Also, RHEL CoreOS uses the `"main.plugins=ifcfg-rh | Fedora CoreOS doesn't use ifcfg-rh files at all, only keyfile. Also, RHEL CoreOS uses the `"main.plugins=keyfile,ifcfg-rh"` configuration too. For CoreOS this of course is simpler, because they don't deal with existing user configurations and tools that would break during upgrade. | ||
== Benefit to Fedora == | == Benefit to Fedora == |
Latest revision as of 19:13, 15 July 2020
NetworkManager keyfile instead of ifcfg-rh
Summary
Change the default settings plugin of NetworkManager so that new profiles will be created in keyfile format instead of ifcfg-rh format.
Owner
- Name: Thomas Haller
- Email: <thaller@redhat.com>
Current status
- Targeted release: Fedora 33
- Last updated: 2020-07-15
- FESCo issue: #2432
- Tracker bug: #1857391
- Release notes tracker: #529
Detailed Description
NetworkManager supports settings plugins to persist connection profiles to disk. There is the native keyfile format and the Fedora/RHEL specific ifcfg-rh format originally from initscripts. The keyfile plugin is always enabled in NetworkManager and can handle any supported type of profile. It stores profiles under /{etc,usr/lib,run}/NetworkManager/system-connections
and is documented in nm-settings-keyfile manual. The ifcfg-rh format is in part compatible with the network-scripts package from initscripts, however both network-scripts and NetworkManager define their own extensions ([1]). Since network-scripts and NetworkManager are fundamentally different, the same ifcfg file is not treated exactly the same by both systems. In the past, having the ifcfg-rh format made it easier for users familiar with initscripts to migrate to/from NetworkManager.
The settings plugins are configurable in NetworkManager.conf via the "main.plugins"
option. Multiple plugins can be configured and on Fedora 32 and older, the compile time default for the option is "ifcfg-rh,keyfile"
. This means, that when NetworkManager stores a new profile to disk, it will first try to persist it in ifcfg-rh format before falling back to keyfile format, if the ifcfg-rh plugin doesn't support the profile type. When reading profiles from disk, NetworkManager will read and expose profiles from both settings plugins and when modifying an existing profile, it will update the existing file and preserve the settings plugin.
This Change is about to change the default for "main.plugins"
from "ifcfg-rh,keyfile"
to "keyfile,ifcfg-rh"
.
Feedback
This was brought up on the NetworkManager mailing list ([1]]).
Fedora CoreOS doesn't use ifcfg-rh files at all, only keyfile. Also, RHEL CoreOS uses the "main.plugins=keyfile,ifcfg-rh"
configuration too. For CoreOS this of course is simpler, because they don't deal with existing user configurations and tools that would break during upgrade.
Benefit to Fedora
The long term goal of NetworkManager is to move away from ifcfg-rh files. That will be difficult as it affects existing installations and will require migration of existing configurations. This change is only a first step and affects how NetworkManager by default persists new profiles to disk.
The ifcfg-rh format arguably has an uglier syntax and, contrary to keyfile, does not support all profile types. Also, keyfile plugin is available on every NetworkManager installation because that is the only plugin that supports all profiles. Having multiple plugins and file formats is confusing. By now, initscripts' network-script
package is deprecated in Fedora and upstream wants to move away from that format in the long term. Also maintaining multiple settings plugins is a maintainance burden, and in the past there were subtle bugs where ifcfg-rh did not implement all settings (e.g. CVE-2020-10754). On other Linux distributions NetworkManager uses the keyfile format by default. It is a general goal that NetworkManager works similar on all distributions.
Scope
- Proposal owners: The default settings for
"main.plugins"
can already be selected at compile time. This only requires building the package with a different default ([3]).
- Other developers: N/A (not needed for this Change)
- Release engineering: N/A (not needed for this Change)
- Policies and guidelines: N/A (not needed for this Change)
- Trademark approval: N/A (not needed for this Change)
Upgrade/compatibility impact
This affects most users, unless they explicitly set the option in NetworkManager.conf configuration. The biggest effect of this change is that new profiles will now preferably be persisted in keyfile format. This changes behavior for users who expect NetworkManager to write ifcfg-rh files, or who have scripts or tools that expect that. What will still work is that existing ifcfg files are loaded after upgrade. Users who only use the D-Bus API (via one of the client applications like nmcli or the GUI), shouldn't notice the difference.
As before, users still can explicitly configure the settings plugins in NetworkManager.conf. This only affects the default, but it affects existing installations if the user didn't explicitly configure NetworkManager's "main.plugins"
option.
The Change will be implemented by changing the compile time default, instead of dropping a configuration snippet. The reason is that it is preferably that the installation of NetworkManager avoids extra configuration. The default behavior should be achived without any configuration. During package update there would be the possibility to drop a file /etc/NetworkManager/02-update-plugins-ifcfg-rh.conf
that preserves the previous behavior. However, I don't think that is necessary. After upgrading NetworkManager, it will still read ifcfg-rh file so for the user it is less necessary to preserve the previous behavior. Also, dropping configuration snippets during package upgrade has its own downsides because new installations behave different than upgraded systems.
How To Test
The user can see the configured option with NetworkManager --print-config
. Also, nmcli -f ALL connection show
prints the filename of the connection profiles. Create a new profile, and check whether the profile gets stored in keyfile or ifcfg-rh format. Also, note that existing ifcfg-rh files are still loaded and when modifying a profile, note that the storage doesn't change and the existing file was updated.
You can already test the effect by explicitly configuring the setting which will become the default. For example, add a file /etc/NetworkManager/conf.d/99-main-plugins.conf
with content
[main] plugins=keyfile,ifcfg-rh
User Experience
NetworkManager now preferably uses the keyfile format (INI files). This format is probably easier to understand to users and also has a closer resemblance to how the profile is presented in nmcli.
If the user is using NetworkManager tools that use the D-Bus API (like nmcli or the GUI), then the used storage plugin and format is usually of no concern for the user.
Dependencies
None
Contingency Plan
The "main.plugins"
option exists for a long time in NetworkManager. All that changes here is the default of this option.
- Contingency mechanism: revert the change
- Contingency deadline: beta freeze
- Blocks release? No
- Blocks product? No
Documentation
I am not aware of documentation that gets affected by this.
Release Notes
NetworkManager now prefers the keyfile settings plugin over ifcfg-rh plugin when writing new connection profiles to disk. Existing ifcfg-rh files are still handled as before.