From Fedora Project Wiki

< Changes

Revision as of 21:21, 27 June 2020 by Thaller (talk | contribs) (Created page with "<!-- Self Contained or System Wide Change Proposal? Use this guide to determine to which category your proposed change belongs to. Self Contained Changes are: * changes to is...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)


NetworkManager keyfile instead of ifcfg-rh

Summary

Change the default settings plugin of NetworkManager so that new profiles will be created in keyfile format instead of ifcfg-rh format.

Owner

Current status

  • Targeted release: Fedora 33
  • Last updated: 2020-06-27
  • FESCo issue: <will be assigned by the Wrangler>
  • Tracker bug: <will be assigned by the Wrangler>
  • Release notes tracker: <will be assigned by the Wrangler>

Detailed Description

NetworkManager supports settings plugins to persist connection profiles to disk. There is the native keyfile format and the Fedora/RHEL specific ifcfg-rh format originally from initscripts. The keyfile plugin is always enabled in NetworkManager and can handle any supported type of profile. It stores profiles under /{etc,usr/lib,run}/NetworkManager/system-connections and is documented in nm-settings-keyfile manual. The ifcfg-rh format is in part compatible with the network-scripts package from initscripts, however both network-scripts and NetworkManager define their own extensions ([1]). Since network-scripts and NetworkManager are fundamentally different, the same ifcfg file is not treated exactly the same by both systems. In the past, having the ifcfg-rh format made it easier for users familiar with initscripts to migrate to/from NetworkManager.

The settings plugins are configurable in NetworkManager.conf via the "main.plugins" option. Multiple plugins can be configured and on Fedora 32 and older, the compile time default for the option is "ifcfg-rh,keyfile". This means, that when NetworkManager stores a new profile to disk, it will first try to persist it in ifcfg-rh format before falling back to keyfile format, if the ifcfg-rh plugin doesn't support the profile type. When reading profiles from disk, NetworkManager will read and expose profiles from both settings plugins and when modifying an existing profile, it will update the existing file and preserve the settings plugin.

The ifcfg-rh format arguably has an uglier syntax and, contrary to keyfile, does not support all profile types. Also, keyfile plugin is available on every NetworkManager installation because that is the only plugin that supports all profiles. Having multiple plugins and file formats is confusing. By now, initscripts' network-script package is deprecated in Fedora, upstream wants to move away from that format in the long term. Also maintaining multiple settings plugins is a maintainance burden, and in the past there were subtle bugs where ifcfg-rh did not implement all settings (e.g. CVE-2020-10754).

This Change is about to change the default for "main.plugins" from "ifcfg-rh,keyfile" to "keyfile,ifcfg-rh".

Feedback

This was brought up on the NetworkManager mailing list ([1]]). Also, RHEL CoreOS uses this same configuration ([2]).

Benefit to Fedora

The long term goal of NetworkManager is to move away from ifcfg-rh files. That will be difficult as it affects existing installations and will require migration of existing configurations. This change is only a first step and affects how NetworkManager by default persists new profiles to disk.

Scope

  • Proposal owners: The default settings for "main.plugins" can already be selected at compile time. This only requires building the package with a different default ([3]).
  • Other developers: N/A (not needed for this Change)
  • Release engineering: N/A (not needed for this Change)
  • Policies and guidelines: N/A (not needed for this Change)
  • Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

This affects most users, unless they explicitly set the option in NetworkManager.conf configuration. The biggest effect of this change is that new profiles will now preferably be persisted in keyfile format. This changes behavior for users who expect NetworkManager to write ifcfg-rh files, or who have scripts or tools that expect that. What will still work is that existing ifcfg files are loaded after upgrade. Users who only use the D-Bus API (via one of the client applications like nmcli or the GUI), shouldn't notice the difference.

As before, users still can explicitly configure the settings plugins in NetworkManager.conf. This only affects the default, but it affects existing installations if the user didn't explicitly configure NetworkManager's "main.plugins" option.


How To Test

The user can see the configured option with NetworkManager --print-config. Also, nmcli -f ALL connection show prints the filename of the connection profiles. Create a new profile, and check whether the profile gets stored in keyfile or ifcfg-rh format. Also, note that existing ifcfg-rh files are still loaded and when modifying a profile, note that the storage doesn't change and the existing file was updated.

You can already test the effect by explicitly configuring the setting which will become the default. For example, add a file /etc/NetworkManager/conf.d/99-main-plugins.conf with content 

 [main]
 plugins=keyfile,ifcfg-rh

User Experience

NetworkManager now preferably uses the keyfile format (INI files). This format is probably easier to understand to users and also has a closer resemblance to how the profile is presented in nmcli. Also, on other Linux distributions NetworkManager uses the keyfile format by default. It is a general goal that NetworkManager works similar on various distributions.

Dependencies

None

Contingency Plan

The "main.plugins" option exists for a long time in NetworkManager. All that changes here is the default of this option.

  • Contingency mechanism: revert the change
  • Contingency deadline: beta freeze
  • Blocks release? No
  • Blocks product? No

Documentation

I am not aware of documentation that gets affected by this.

Release Notes

NetworkManager now prefers the keyfile settings plugin over ifcfg-rh plugin when writing new connection profiles to disk. Existing ifcfg-rh files are still handled as before.

Retrieved from "https://fedoraproject.org/w/index.php?title=Changes/NetworkManager_keyfile_instead_of_ifcfg_rh&oldid=580640"