02 Mar 2018 Configure VLAN on top of network team using nmcli / NetworkManager
This post is almost similar as the previous where I created a team with two network nics as members using NetworkManager nmcli from a console. This time I have added a VLAN on top of my LACP network team with two member nics.
First we need to install the teamd package if it is not already installed.
# yum install teamd
Using the console command nmcli and NetworkManager and a json-config file with the default config for the team, filename team-master-conf.json:
{
"runner": {
"active": true,
"fast_rate": true,
"name": "lacp",
"tx_hash": [ "eth", "ipv4" ]
},
"tx_balancer": { "name": "basic" },
"link_watch": { "name": "ethtool" }
}
# nmcli con add type team con-name team0 ifname team0 config team-master-conf.json # nmcli con add type team-slave con-name team0-em1 ifname em1 master team0 # nmcli con add type team-slave con-name team0-em2 ifname em2 master team0
I have not added an IP-address to the new team since I will add that on the VLAN interface.
Check the status of the team
# nmcli con status NAME UUID TYPE DEVICE team0 7f0c0038-b8c1-45bb-a286-501d02304700 team team0 team0-em1 0394e2ae-6610-4997-92db-775876866d0d 802-3-ethernet em1 team0-em2 7050d641-83bb-497a-ae23-6af029386117 802-3-ethernet em2
Check the state of the team
# teamdctl team0 state
setup:
runner: lacp
ports:
em1
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
down count: 1
runner:
aggregator ID: 12, Selected
selected: yes
state: current
em2
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
down count: 0
runner:
aggregator ID: 12, Selected
selected: yes
state: current
runner:
active: yes
fast rate: yes
Add a VLAN to the network team
# nmcli con add type vlan con-name team0-vlan12 dev team0 id 12 ip4 10.1.0.20/24 gw4 10.1.0.1
The new config looks like this
# nmcli con s | grep team team0 7f0c0038-b8c1-45bb-a286-501d02304700 team team0 team0-vlan12 d5de0d83-d490-4535-915c-4cbdcf39830b vlan team0.12 team0-em1 0394e2ae-6610-4997-92db-775876866d0d 802-3-ethernet em1 team0-em2 7050d641-83bb-497a-ae23-6af029386117 802-3-ethernet em2
This config is confirmed working on RHEL 7.4 and Centos.
I assume the switch is configured as needed before starting this config on the server.
Tags: CentOS, lacp, nmcli, RedHat, rhel7, teamd, teamdctl, vlan
Posted by Hans-Henry Jakobsen
02 Mar 2018 Configure network team using nmcli / NetworkManager
This is a short post on how to create a LACP network team with two member nics using NetworkManager and nmcli. Configuring av network team is very similar to creating a bond.
First we need to install the teamd package if it is not already installed.
# yum install teamd
I have also included a json-config file with the default config for the team, filename team-master-conf.json:
{
"runner": {
"active": true,
"fast_rate": true,
"name": "lacp",
"tx_hash": [ "eth", "ipv4" ]
},
"tx_balancer": { "name": "basic" },
"link_watch": { "name": "ethtool" }
}
# nmcli con add type team con-name team0 ifname team0 config team-master-conf.json ip4 10.0.0.10/24 gw4 10.0.0.1 # nmcli con add type team-slave con-name team0-em1 ifname em1 master team0 # nmcli con add type team-slave con-name team0-em2 ifname em2 master team0
Check the status of the team
# nmcli con status NAME UUID TYPE DEVICE team0 7f0c0038-b8c1-45bb-a286-501d02304700 team team0 team0-em1 0394e2ae-6610-4997-92db-775876866d0d 802-3-ethernet em1 team0-em2 7050d641-83bb-497a-ae23-6af029386117 802-3-ethernet em2
Check the state of the team
# teamdctl team0 state
setup:
runner: lacp
ports:
em1
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
down count: 1
runner:
aggregator ID: 12, Selected
selected: yes
state: current
em2
link watches:
link summary: up
instance[link_watch_0]:
name: ethtool
link: up
down count: 0
runner:
aggregator ID: 12, Selected
selected: yes
state: current
runner:
active: yes
fast rate: yes
Some NetworkManager basics
Take down a network interface
# nmcli con down em1
Take up a network interface
# nmcli con up em1
Delete a network interface
# nmcli con delete em1
Add a new network device
# nmcli con add em1
This config is confirmed working on RHEL 7.4 and Centos.
I assume the switch is configured as needed before starting this config on the server.
Tags: CentOS, lacp, nmcli, RedHat, rhel7, teamd, teamdctl
Posted by Hans-Henry Jakobsen
12 Jan 2018 Exclude certain packages from yum-cron (but not from yum)
This is a solution for how you can exclude certain packages being updated when using yum-cron.
Docker and kernel are packages I would like to exclude from yum-cron.
The solution to this is to modify the /etc/yum/yum-cron.conf file adding this to the [base] section
RHEL7/Centos7
[base]
...
exclude = kernel* docker*
On RHEL6/Centos6 you can use the YUM_PARAMETER to do the same thing
YUM_PARAMETER=kernel* docker*
If you would like to exclude certain packages from yum alltogether you need to modify the affected yum repository.
Example to permanently exclude certain packages like Docker from being updated using the yum command/CLI
RHEL7
Modify /etc/yum.repos.d/redhat.repo
Add the following line under [rhel-7-server-extras-rpms]
exclude = docker*
Before adding a exclude command verify that you add the exclude line under the right repository.
Example
# yum info docker
…
From repo : rhel-7-server-extras-rpms
Tags: CentOS, docker, RedHat, rhel6, rhel7
Posted by Hans-Henry Jakobsen
24 Jun 2015 Mount Samba share using gvfs-mount as normal user
This is just a shot note on how to mount a Samba or Windows CIFS share as a normal linux user using the gvfs-mount command in Centos 7 or RedHat 7.
Mounting a mountpoint share using the username user and password
[user@host] gvfs-mount smb://username@192.168.0.200/shared-folder
If the command finishes without any errors you can now access your smb mount on the following path
[user@host] ls -l /run/user/1000/gvfs/smb-share\:server\=192.168.0.200\,share\=shared-folder\,user\=username/
1000 corresponds to your users id and can be determined by the id command
[user@host] id
uid=1000(username) gid=1000(username) groups=1000(username)
PS
I compared the performance between connecting directly to a Samba share using UNC path and using gvfs-mount and saw that there is a noticeable speed decrease using gvfs-mount.
But if you have old software that does not support UNC path, then gvfs-mount is a good alternative to no access.
Tags: CentOS, gvfs-mount
Posted by Hans-Henry Jakobsen
26 May 2015 Installing Open vSwitch on CentOS 7
This post describes how to install the most recent version of Open vSwitch (ovs) on CentOS 7 and might be the base for future posts about using KVM as virtualization platform.
Open vSwitch is a production quality open source software switch designed to be used as a vswitch in virtualized server environments. A vswitch forwards traffic between different VMs on the same physical host and also forwards traffic between VMs and the physical network.
Install the needed packages (as root user)
# yum -y install wget openssl-devel kernel-devel
Install development tools
# yum groupinstall "Development Tools"
Add a ovswitch user
# adduser ovswitch
Download and unpack the openvswitch source code (as ovswitch user)
$ su - ovswitch $ mkdir -p ~/rpmbuild/SOURCES $ cd ~/rpmbuild/SOURCES $ wget http://openvswitch.org/releases/openvswitch-2.3.1.tar.gz $ tar xfz openvswitch-2.3.1.tar.gz
We will modify the openvswitch spec-file and use the kernel module CentOS provides instead of creating a new one.
$ sed 's/openvswitch-kmod, //g' openvswitch-2.3.1/rhel/openvswitch.spec > openvswitch-2.3.1/rhel/openvswitch_no_kmod.spec
Create a RPM-file to ease future package operations like upgrade
$ rpmbuild -bb --nocheck ~/openvswitch-2.3.1/rhel/openvswitch_no_kmod.spec $ exit
Now is the time to install the RPM-package (as root)
# yum localinstall /home/ovswitch/rpmbuild/RPMS/x86_64/openvswitch-2.3.1-1.x86_64.rpm
If you have not disabled SElinux then you will see the following SELinux issues when you try to start the openvswitch service
install: cannot change owner and permissions of ‘/etc/openvswitch': No such file or directory and Creating empty database /etc/openvswitch/conf.db ovsdb-tool: I/O error: /etc/openvswitch/conf.db: failed to lock lockfile (No such file or directory)
This is one way to fix this issue
# mkdir /etc/openvswitch # semanage fcontext -a -t openvswitch_rw_t "/etc/openvswitch(/.*)?" # restorecon -Rv /etc/openvswitch
We are now ready to start the openvswitch service
# service openvswitch start # chkconfig openvswitch on
Verify that we have installed openvswitch and that it is available
# virsh version Compiled against library: libvirt 1.2.8 Using library: libvirt 1.2.8 Using API: QEMU 1.2.8 Running hypervisor: QEMU 1.5.3
# lsmod |grep openvswitch openvswitch 70611 0 gre 13796 1 openvswitch vxlan 37409 1 openvswitch libcrc32c 12644 2 xfs,openvswitch
# ovs-vsctl show
...
Bridge "ovsbr1"
Port "ovsbr1"
Interface "ovsbr1"
type: internal
Bridge "ovsbr0"
Port "enp0s25"
Interface "enp0s25"
Port "ovsbr0"
Interface "ovsbr0"
type: internal
ovs_version: "2.3.1"
We are now ready to create a network bridge, but that will (maybe) be described in a future post of mine.
Tags: CentOS, openvswitch, ovs, rpmbuild, selinux, switch, virsh
Posted by Hans-Henry Jakobsen
