From Fedora Project Wiki
(Created page with "<!-- Self Contained or System Wide Change Proposal? Use this guide to determine to which category your proposed change belongs to. Self Contained Changes are: * changes to is...")
 
No edit summary
Line 82: Line 82:
<!-- Summarize the feedback from the community and address why you chose not to accept proposed alternatives. This section is optional for all change proposals, but is strongly suggested. Incorporating feedback here as it is raised gives FESCo a clearer view of your proposal and leaves a good record for the future. If you get no feedback, that is useful to note in this section as well. For innovative or possibly controversial ideas, consider collecting feedback before you file the change proposal. -->
<!-- Summarize the feedback from the community and address why you chose not to accept proposed alternatives. This section is optional for all change proposals, but is strongly suggested. Incorporating feedback here as it is raised gives FESCo a clearer view of your proposal and leaves a good record for the future. If you get no feedback, that is useful to note in this section as well. For innovative or possibly controversial ideas, consider collecting feedback before you file the change proposal. -->


This was brought up on the NetworkManager mailing list ([https://mail.gnome.org/archives/networkmanager-list/2020-May/msg00002.html [1]]]). Also, RHEL CoreOS uses this same configuration ([https://gitlab.cee.redhat.com/coreos/redhat-coreos/-/merge_requests/908 [2]]).
This was brought up on the NetworkManager mailing list ([https://mail.gnome.org/archives/networkmanager-list/2020-May/msg00002.html [1]]]).
 
Fedora CoreOS doesn't use ifcfg-rh files at all, only keyfile. Also, RHEL CoreOS uses the `"main.plugins=ifcfg-rh,keyfile"` configuration too. For CoreOS this of course is simpler, because they don't deal with existing user configurations and tools that would break during upgrade.


== Benefit to Fedora ==
== Benefit to Fedora ==
Line 141: Line 143:
As before, users still can explicitly configure the settings plugins in NetworkManager.conf. This only affects the default, but it affects existing installations if the user didn't explicitly configure NetworkManager's `"main.plugins"` option.
As before, users still can explicitly configure the settings plugins in NetworkManager.conf. This only affects the default, but it affects existing installations if the user didn't explicitly configure NetworkManager's `"main.plugins"` option.


The Change will be implemented by changing the compile time default, instead of dropping a configuration snippet. The reason is that it is preferably that the installation of NetworkManager avoids extra configuration. The default behavior should be achived without any configuration. During package update there would be the possibility to drop a file `/etc/NetworkManager/02-update-plugins-ifcfg-rh.conf` that preserves the previous behavior. However, I don't think that is necessary. After upgrading NetworkManager, it will still read ifcfg-rh file so for the user it is less necessary to preserve the previous behavior. Also, dropping configuration snippets during package upgrade has its own downsides because new installations behave different than upgraded systems.
<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->


Line 179: Line 182:


NetworkManager now preferably uses the keyfile format (INI files). This format is probably easier to understand to users and also has a closer resemblance to how the profile is presented in nmcli. Also, on other Linux distributions NetworkManager uses the keyfile format by default. It is a general goal that NetworkManager works similar on various distributions.
NetworkManager now preferably uses the keyfile format (INI files). This format is probably easier to understand to users and also has a closer resemblance to how the profile is presented in nmcli. Also, on other Linux distributions NetworkManager uses the keyfile format by default. It is a general goal that NetworkManager works similar on various distributions.
If the user is using NetworkManager tools that use the D-Bus API (like nmcli or the GUI), then the used storage plugin and format is usually of no concern for the user.


== Dependencies ==
== Dependencies ==

Revision as of 08:36, 29 June 2020


NetworkManager keyfile instead of ifcfg-rh

Summary

Change the default settings plugin of NetworkManager so that new profiles will be created in keyfile format instead of ifcfg-rh format.

Owner

Current status

  • Targeted release: Fedora 33
  • Last updated: 2020-06-29
  • FESCo issue: <will be assigned by the Wrangler>
  • Tracker bug: <will be assigned by the Wrangler>
  • Release notes tracker: <will be assigned by the Wrangler>

Detailed Description

NetworkManager supports settings plugins to persist connection profiles to disk. There is the native keyfile format and the Fedora/RHEL specific ifcfg-rh format originally from initscripts. The keyfile plugin is always enabled in NetworkManager and can handle any supported type of profile. It stores profiles under /{etc,usr/lib,run}/NetworkManager/system-connections and is documented in nm-settings-keyfile manual. The ifcfg-rh format is in part compatible with the network-scripts package from initscripts, however both network-scripts and NetworkManager define their own extensions ([1]). Since network-scripts and NetworkManager are fundamentally different, the same ifcfg file is not treated exactly the same by both systems. In the past, having the ifcfg-rh format made it easier for users familiar with initscripts to migrate to/from NetworkManager.

The settings plugins are configurable in NetworkManager.conf via the "main.plugins" option. Multiple plugins can be configured and on Fedora 32 and older, the compile time default for the option is "ifcfg-rh,keyfile". This means, that when NetworkManager stores a new profile to disk, it will first try to persist it in ifcfg-rh format before falling back to keyfile format, if the ifcfg-rh plugin doesn't support the profile type. When reading profiles from disk, NetworkManager will read and expose profiles from both settings plugins and when modifying an existing profile, it will update the existing file and preserve the settings plugin.

The ifcfg-rh format arguably has an uglier syntax and, contrary to keyfile, does not support all profile types. Also, keyfile plugin is available on every NetworkManager installation because that is the only plugin that supports all profiles. Having multiple plugins and file formats is confusing. By now, initscripts' network-script package is deprecated in Fedora, upstream wants to move away from that format in the long term. Also maintaining multiple settings plugins is a maintainance burden, and in the past there were subtle bugs where ifcfg-rh did not implement all settings (e.g. CVE-2020-10754).

This Change is about to change the default for "main.plugins" from "ifcfg-rh,keyfile" to "keyfile,ifcfg-rh".

Feedback

This was brought up on the NetworkManager mailing list ([1]]).

Fedora CoreOS doesn't use ifcfg-rh files at all, only keyfile. Also, RHEL CoreOS uses the "main.plugins=ifcfg-rh,keyfile" configuration too. For CoreOS this of course is simpler, because they don't deal with existing user configurations and tools that would break during upgrade.

Benefit to Fedora

The long term goal of NetworkManager is to move away from ifcfg-rh files. That will be difficult as it affects existing installations and will require migration of existing configurations. This change is only a first step and affects how NetworkManager by default persists new profiles to disk.

Scope

  • Proposal owners: The default settings for "main.plugins" can already be selected at compile time. This only requires building the package with a different default ([3]).
  • Other developers: N/A (not needed for this Change)
  • Release engineering: N/A (not needed for this Change)
  • Policies and guidelines: N/A (not needed for this Change)
  • Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

This affects most users, unless they explicitly set the option in NetworkManager.conf configuration. The biggest effect of this change is that new profiles will now preferably be persisted in keyfile format. This changes behavior for users who expect NetworkManager to write ifcfg-rh files, or who have scripts or tools that expect that. What will still work is that existing ifcfg files are loaded after upgrade. Users who only use the D-Bus API (via one of the client applications like nmcli or the GUI), shouldn't notice the difference.

As before, users still can explicitly configure the settings plugins in NetworkManager.conf. This only affects the default, but it affects existing installations if the user didn't explicitly configure NetworkManager's "main.plugins" option.

The Change will be implemented by changing the compile time default, instead of dropping a configuration snippet. The reason is that it is preferably that the installation of NetworkManager avoids extra configuration. The default behavior should be achived without any configuration. During package update there would be the possibility to drop a file /etc/NetworkManager/02-update-plugins-ifcfg-rh.conf that preserves the previous behavior. However, I don't think that is necessary. After upgrading NetworkManager, it will still read ifcfg-rh file so for the user it is less necessary to preserve the previous behavior. Also, dropping configuration snippets during package upgrade has its own downsides because new installations behave different than upgraded systems.

How To Test

The user can see the configured option with NetworkManager --print-config. Also, nmcli -f ALL connection show prints the filename of the connection profiles. Create a new profile, and check whether the profile gets stored in keyfile or ifcfg-rh format. Also, note that existing ifcfg-rh files are still loaded and when modifying a profile, note that the storage doesn't change and the existing file was updated.

You can already test the effect by explicitly configuring the setting which will become the default. For example, add a file /etc/NetworkManager/conf.d/99-main-plugins.conf with content

 [main]
 plugins=keyfile,ifcfg-rh

User Experience

NetworkManager now preferably uses the keyfile format (INI files). This format is probably easier to understand to users and also has a closer resemblance to how the profile is presented in nmcli. Also, on other Linux distributions NetworkManager uses the keyfile format by default. It is a general goal that NetworkManager works similar on various distributions.

If the user is using NetworkManager tools that use the D-Bus API (like nmcli or the GUI), then the used storage plugin and format is usually of no concern for the user.

Dependencies

None

Contingency Plan

The "main.plugins" option exists for a long time in NetworkManager. All that changes here is the default of this option.

  • Contingency mechanism: revert the change
  • Contingency deadline: beta freeze
  • Blocks release? No
  • Blocks product? No

Documentation

I am not aware of documentation that gets affected by this.

Release Notes

NetworkManager now prefers the keyfile settings plugin over ifcfg-rh plugin when writing new connection profiles to disk. Existing ifcfg-rh files are still handled as before.