CentOS - Feb 2017 - CentOS 7, systemd, NetworkMangler, oh, my

On 02/13/2017 11:36 AM, peter.winterflood wrote:
> On 13/02/17 16:49, James Hogarth wrote:
>> On 13 February 2017 at 16:17, peter.winterflood
>> <peter.winterflood at ossi.co.uk> wrote:
>>>
>>>
>>> there's a really good solution to this.
>>>
>>> yum remove NetworkManager*
>>>
>>> chkconfig network on
>>>
>>> service network start
>>>
>>> and yes thats all under fedora 25, and centos 7.
>>>
>>> works like a charm.
>>>
>>> sometimes removing NM leaves resolv.conf pointing to the
networkmanager
>>> directory, and its best to check this, and replace your resolv.conf
link
>>> with a file with the correct settings.
>>>
>>> sorry if this upsets the people who maintain network mangler, but
its
>>> inappropriate on a server.
>>>
>>>
>> This is terribly bad advice I'm afraid ...
>>
>> https://access.redhat.com/solutions/783533
>>
>> The legacy network service is a fragile compilation of shell scripts
>> (which is why certain changes like some bonding or tagging alterations
>> require a full system restart or very careful unpicking manually with
>> ip) and is effectively deprecated in RHEL at this time due to major
>> bug fixes only but no feature work.
>>
>> You really should have a read through this as well:
>>
>> https://www.hogarthuk.com/?q=node/8
>>
>> On EL6 yes NM should be removed on anything but a wifi system but on
>> EL7 unless you fall into a specific edge case as per the network docs:
>>
>>
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Networking_Guide/index.html
>>
>>
>> you really should be using NM for a variety of reasons.
>>
>> Incidentally Mark, this had nothing to do with systemd ... I wish you
>> would pick your topics a little more appropriately rather than
>> tempting the usual flames.
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> https://lists.centos.org/mailman/listinfo/centos
> 
> James
> 
> This was not A flame at all, but another voice of frustration at the
> ongoing
> 
> adoption of workstation like features of the Redhat OS.
> 
> heres one of the reasons not to use NM in a server
> 
> we use bonding on all our systems
> 
> from that article you posted
> 
> Certain interface bonding configuration options as defined by the
> BONDING_OPTS parameter in the interface's ifcfg file may not be
> compatible with NetworkManager. ( Solution 1249593
> <https://access.redhat.com/solutions/1249593> )
> 
> in fact anyone who has tried to use bonding with NM will know why I
> dislike it.
> 
> thanks for that, article, this next bug had caught me, on an older build
> , now its fixed, but the fix did not go and backfix a broken config.
> 
> When transitioning from NetworkManager to using the network initscript,
> the default gateway parameter in the interface's ifcfg file will be
> depicted as 'GATEWAY0'. In order for the ifcfg file to be
compatible
> with the network initscript, this parameter must be renamed to
> 'GATEWAY'. This limitation will be addressed in an upcoming release
of
> RHEL7.
> 
> one to watch out for on the removing NM, plus the resolv.conf one.
> 
> Anyway, for anyone else, make you own mind up whether this is good or
> bad advise, test it, and see how your mileage varies, Ive had more
> problems with NM than ive had with initscripts.
That is your opinion .. and there are thousands of engineers from almost
every major Linux distro who disagree with you.

I am personally fine if people want to turn off NM .. but that is not
what any of the Enterprise distros are doing.

Opinions are fine .. I sometimes turn off NM as well .. and for some
cases it is best.

But as Linux installs become more and more complicated and it is not
some individual machines in a rack but clouds, clusters, and containers
with software defined networking and individual segments for specific
applications spread out within the network, only talking to one another
.. etc.  Well, NM will be much more important.

I get it .. but no one needed a hand held cell phone before 1973 and no
one needed a smart phone before 2007.  Now, almost everyone has a smart
cell and land lines are dying.  Technology moves forward.  People want
integrated cloud, container, SDN technology, etc.  Used a VCR or
Cassette Player lately?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.centos.org/pipermail/centos/attachments/20170214/3cc9e101/attachment-0001.sig>

Johnny Hughes wrote:
<snip>
> I get it .. but no one needed a hand held cell phone before 1973 and no
> one needed a smart phone before 2007.  Now, almost everyone has a smart
> cell and land lines are dying.  Technology moves forward.  People want
> integrated cloud, container, SDN technology, etc.  Used a VCR or
> Cassette Player lately?
I have no intention of *ever* getting an annoyaphone - I'm online all day
at work, before I go to work, and most evenings, in front of a *real*
computer. My cell's a flipphone, and I *LOATHE* texts... because the
protocol was developed for freakin' pagers, and after a job 20 years ago,
I don't EVER want that again.

And my land line phone has *much* better voice quality than any cell/mobile.*

And yes, I very happily have my VCR, for all the tapes I have, and a good
dual cassette deck (OK, I do want to burn them to disk... along with my
200-300 vinyl records...oh, that's right, vinyl's coming back. <g>

      mark, who's older than a lot of you

On 02/14/2017 06:49 AM, Johnny Hughes wrote:
>
> But as Linux installs become more and more complicated and it is not
> some individual machines in a rack but clouds, clusters, and containers
> with software defined networking and individual segments for specific
> applications spread out within the network, only talking to one another
> .. etc.  Well, NM will be much more important.
All due respect, when we drop KISS it is rarely a good thing.

Issue I am dealing with right now - all my VMs with linode are CentOS 7.

Three of them are nameservers, I have to run my own because some of my 
sites - I use certificate authorities but do not trust them, DNSSEC with 
DANE is a must, and with DNSSEC the only way to make sure I'm the only 
one with access to the private signing key is to manage the zone files 
myself.

One of the VMs (in London data center) was recently migrated to a 
different machine, I think because of a bad fan in the server.

NSD never properly came up. After investigation, it is because the IPv6 
address changed.

Trying to figure out why the IPv6 address changed has been a nightmare.

Linode support suspects the reason is because the VM is using slaac 
private to request the IP address instead of slaac hwaddr - and 
suggested that I change the /etc/dhcpcd.conf file.

Well CentOS 7 doesn't use that, and trying to figure out where in the 
mess of /etc/sysconfig/network-scripts the problem is occurring has 
caused me much frustration.

Why the bleep can't stuff like this be simple KISS with simple key=value 
configuration files?

So for now, that particular nameserver is only IPv4 until I figure it 
out, and modifying the network scripts to try and figure out how to fix 
it raises my blood pressure because if a modification causes the IPv4 
not to work, recovering becomes a real PITA.

On 02/14/2017 08:40 PM, Alice Wonder wrote:
> On 02/14/2017 06:49 AM, Johnny Hughes wrote:
>
>>
>> But as Linux installs become more and more complicated and it is not
>> some individual machines in a rack but clouds, clusters, and containers
>> with software defined networking and individual segments for specific
>> applications spread out within the network, only talking to one another
>> .. etc.  Well, NM will be much more important.
>
> All due respect, when we drop KISS it is rarely a good thing.
>
> Issue I am dealing with right now - all my VMs with linode are CentOS 7.
>
> Three of them are nameservers, I have to run my own because some of my
> sites - I use certificate authorities but do not trust them, DNSSEC with
> DANE is a must, and with DNSSEC the only way to make sure I'm the only
> one with access to the private signing key is to manage the zone files
> myself.
>
> One of the VMs (in London data center) was recently migrated to a
> different machine, I think because of a bad fan in the server.
>
> NSD never properly came up. After investigation, it is because the IPv6
> address changed.
>
> Trying to figure out why the IPv6 address changed has been a nightmare.
>
> Linode support suspects the reason is because the VM is using slaac
> private to request the IP address instead of slaac hwaddr - and
> suggested that I change the /etc/dhcpcd.conf file.
>
> Well CentOS 7 doesn't use that, and trying to figure out where in the
> mess of /etc/sysconfig/network-scripts the problem is occurring has
> caused me much frustration.
>
> Why the bleep can't stuff like this be simple KISS with simple
key=value
> configuration files?
>
> So for now, that particular nameserver is only IPv4 until I figure it
> out, and modifying the network scripts to try and figure out how to fix
> it raises my blood pressure because if a modification causes the IPv4
> not to work, recovering becomes a real PITA.
> _______________________________________________
As far as me not trusting certificate authorities - I read a Netcraft 
report a year ago or so that estimated about 100 fraudulent TLS 
certificates that browsers accept as valid are issued every month.

PKI is seriously broken, it depends upon trusting certificate 
authorities that have repeatedly demonstrated they put profit over 
proper validation before issuing certificates.

DNSSEC + DANE is the only viable solution, and DANE really only is 
secure when you know no one else has access to the private KSK ans ZSK 
and that pretty much means running your own authoritative nameservers, 
where a stable IP address is a must and VMs like what linode offers are 
the most cost effective way of making sure you have enough in 
geographically diverse locations.

It's a shame that Network Manager makes things so difficult, dhcp is how 
VM hosting service assign the IP addresses and they really shouldn't change.

On 02/14/2017 08:40 PM, Alice Wonder wrote:
> Well CentOS 7 doesn't use that, and trying to figure out where in the 
> mess of /etc/sysconfig/network-scripts the problem is occurring has 
> caused me much frustration. 

DHCPv6 is really unusual.  IPv6 addressing and routing is set up almost 
entirely in the kernel, unless you're using static addresses.  IPv6 is 
neither harder nor easier with NetworkManager, in my experience.

Too much temptation to resist, I don't know which one of us is older but I
have a feeling it's a "horse race".  Like you, I still have a land
line, WiFi is too slow and "WiFi security" seems to be an oxymoronic
phrase.  Why people text (or IM for that matter) anything other than a one-liner
is beyond me.

Now for the real issue, what happens when Network Manager (Systemd, journald,
etc.) breaks?  Who is going to fix it?  Hiding the complexity in software
effectively dumbs us down leaving us helpless when problems surface.  Anyone who
has worked with Microsoft understands - give me the command prompt any day
rather than layers of GUI hiding those possibly cryptic but also possibly useful
messages.

----- Original Message -----
From: "m roth" <m.roth at 5-cent.us>
To: "CentOS mailing list" <centos at centos.org>
Sent: Tuesday, February 14, 2017 10:07:55 AM
Subject: Re: [CentOS] CentOS 7, systemd, NetworkMangler, oh, my

Johnny Hughes wrote:
<snip>
> I get it .. but no one needed a hand held cell phone before 1973 and no
> one needed a smart phone before 2007.  Now, almost everyone has a smart
> cell and land lines are dying.  Technology moves forward.  People want
> integrated cloud, container, SDN technology, etc.  Used a VCR or
> Cassette Player lately?
I have no intention of *ever* getting an annoyaphone - I'm online all day
at work, before I go to work, and most evenings, in front of a *real*
computer. My cell's a flipphone, and I *LOATHE* texts... because the
protocol was developed for freakin' pagers, and after a job 20 years ago,
I don't EVER want that again.

And my land line phone has *much* better voice quality than any cell/mobile.*

And yes, I very happily have my VCR, for all the tapes I have, and a good
dual cassette deck (OK, I do want to burn them to disk... along with my
200-300 vinyl records...oh, that's right, vinyl's coming back. <g>

      mark, who's older than a lot of you

_______________________________________________
CentOS mailing list
CentOS at centos.org
https://lists.centos.org/mailman/listinfo/centos

> Used a VCR or Cassette Player lately?
My VCR broke. Replaced it with a DVD/HDD & USB3 unit. Replaced cassette
player and tape recorders with broadcast quality handheld recorder
DR-100mk3 and an amazingly good Sony PX440.

Still retain the original functionality. C7 doesn't retain all the
original functionality :-)



-- 
Regards,

Paul.
England, EU.      England's place is in the European Union.

On Tue, 2017-02-14 at 20:40 -0800, Alice Wonder wrote:
> Why the bleep can't stuff like this be simple KISS with simple
> key=value 
> configuration files?
Amen. Its incredibly simple to understand and doesn't require a
doctorate in confused thinking !



-- 
Regards,

Paul.
England, EU.      England's place is in the European Union.

Always Learning wrote:
>
>> Used a VCR or Cassette Player lately?
>
> My VCR broke. Replaced it with a DVD/HDD & USB3 unit. Replaced cassette
> player and tape recorders with broadcast quality handheld recorder
> DR-100mk3 and an amazingly good Sony PX440.
But how do you play all your old VCR tapes? As I said, I want to burn them
to disk, but I still have a working VCR.

       mark
>
> Still retain the original functionality. C7 doesn't retain all the
> original functionality :-)
>
>
>
> --
> Regards,
>
> Paul.
> England, EU.      England's place is in the European Union.
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>