CentOS - Dec 2014 - NetworkManager fights with DHCP-only backup NIC

On Dec 2, 2014, at 1:36 PM, Les Mikesell <lesmikesell at gmail.com> wrote:
> On Tue, Dec 2, 2014 at 2:26 PM, Warren Young <wyml at etr-usa.com>
wrote:
>> Again, I?m not really after a way to make this work without
NetworkManager.
> 
> What part of the breakage that NetworkManager does is good for a
> wired, static-addressed server?
If you disable NM, the network configuration GUI stops working in EL7.  (I
didn?t do much with EL6, but I thought its GUI had a fall-back for the non-NM
case.)

We don?t need this GUI, but our semi-technical customers sometimes do.  It can
be the difference between rolling a truck to a remote site vs letting the
on-site people take care of the problem.
> you should be able to ssh to some other box on the working network,
I did mention that these sites rarely have local staff who know Linux.  You can
correctly infer from that there *are* no other SSH servers, just ours.

These are K-12 schools, for the most part.  They often don?t have technical
staff on-site at all.  We have to schedule time with overworked district-level
staff who often only know Windows to get anything at this level done.

We?ve built up nasty hacks to solve this before; VPN -> RDP -> PuTTY ->
Linux server, for instance.  Getting protective network admins to allow all this
can chew up weeks of time.

It?s far, far better if the Linux box just phones home with the info we need to
fix it.  It can cut a 4-week phone tag game down to 15 minutes.

On Tue, Dec 2, 2014 at 3:14 PM, Warren Young <wyml at etr-usa.com>
wrote:
> >
>> What part of the breakage that NetworkManager does is good for a
>> wired, static-addressed server?
>
> If you disable NM, the network configuration GUI stops working in EL7.  (I
didn?t do much with EL6, but I thought its GUI had a fall-back for the non-NM
case.)
>
> We don?t need this GUI, but our semi-technical customers sometimes do.  It
can be the difference between rolling a truck to a remote site vs letting the
on-site people take care of the problem.
But can't you still set NM_CONTROLLED=no on an interface?
>> you should be able to ssh to some other box on the working network,
>
> I did mention that these sites rarely have local staff who know Linux.  You
can correctly infer from that there *are* no other SSH servers, just ours.
>
> These are K-12 schools, for the most part.  They often don?t have technical
staff on-site at all.  We have to schedule time with overworked district-level
staff who often only know Windows to get anything at this level done.
> We?ve built up nasty hacks to solve this before; VPN -> RDP -> PuTTY
-> Linux server, for instance.  Getting protective network admins to allow
all this can chew up weeks of time.
I'm way too familiar with the problem - but we usually have several
boxes in one place.
> It?s far, far better if the Linux box just phones home with the info we
need to fix it.  It can cut a 4-week phone tag game down to 15 minutes.
I've done some weird stuff like scripts that bring up all the
interfaces, look for link, apply one of the IPs that the box should
have to one of the interfaces with link up, try to ping the gateway,
lather, rinse, repeat, but I've never been happy with any of it.
Maybe a USB wifi adapter could be set up to make an openvpn connection
back to a home server if you know the location has wifi.   That could
give you a known private IP to connect to for the rest of the
configuration.

-- 
   Les Mikesell
     lesmikesell at gmail.com

On Dec 2, 2014, at 2:28 PM, Les Mikesell <lesmikesell at gmail.com> wrote:
> On Tue, Dec 2, 2014 at 3:14 PM, Warren Young <wyml at etr-usa.com>
wrote:
>>> 
>>> What part of the breakage that NetworkManager does is good for a
>>> wired, static-addressed server?
>> 
>> If you disable NM, the network configuration GUI stops working in EL7. 
> 
> But can't you still set NM_CONTROLLED=no on an interface?
That still effectively breaks the network settings GUI.  Interfaces you mark
that way show as ?unmanaged? in the GUI, and you can?t modify any of their
settings.  You can?t change them back to ?managed? via the GUI.  You can?t even
add an IP alias to them via the GUI.

If you?re suggesting that I do this only to the static interface and leave the
DHCP one under NM?s control, the only improvement relative to disabling NM
entirely is that it at least gives the semi-technical people on site the option
of repurposing the DHCP interface as a secondary static interface.

That?s not useless, but it?s a far cry from the MAC bonding I?m after.