{"id":124367,"date":"2022-04-29T08:22:00","date_gmt":"2022-04-29T08:22:00","guid":{"rendered":"https:\/\/fedoramagazine.org\/?p=36375"},"modified":"2022-04-29T08:22:00","modified_gmt":"2022-04-29T08:22:00","slug":"from-ifcfg-to-keyfiles-modernizing-networkmanager-configuration-in-fedora-linux-36","status":"publish","type":"post","link":"https:\/\/sickgaming.net\/blog\/2022\/04\/29\/from-ifcfg-to-keyfiles-modernizing-networkmanager-configuration-in-fedora-linux-36\/","title":{"rendered":"From ifcfg to keyfiles: modernizing NetworkManager configuration in Fedora Linux 36"},"content":{"rendered":"

One of the changes in Fedora Linux 36 is that new installations will no longer support the ifcfg files to configure networking<\/a>. What are those and what replaces them?<\/p>\n

<\/span> <\/p>\n

A bit of history<\/h2>\n

In the good old days, connecting a Linux box to a network was easy. For each of the interface cards connected to a network, the system administrator would drop a configuration file into the \/etc<\/em> directory. That configuration file would describe the addressing configuration for a particular network. On Fedora Linux, the configuration file would actually be a shell script snippet like this:<\/p>\n

$ cat \/etc\/sysconfig\/network-scripts\/ifcfg-eth0<\/strong>\nTYPE=Ethernet\nDEVICE=eth0\nBOOTPROTO=dhcp<\/pre>\n
A shell script executed on startup would read the file and apply the configuration. Simple.<\/p>\n
Towards the end of 2004, however, a change was in the air. Quite literally — the Wi-Fi has become ubiquitous. The portable computers of the day could rapidly connect to new networks and the USB bus allowed even the wired network adapters to come and go while the system was up and running. The network configuration became more dynamic than ever before, rendering the existing network configuration tooling impractical. To the rescue came NetworkManager<\/a>. On a Fedora Linux system, NetworkManager uses configuration like this:<\/p>\n
$ cat \/etc\/sysconfig\/network-scripts\/ifcfg-eth0<\/strong>\nTYPE=Ethernet\nDEVICE=eth0\nBOOTPROTO=dhcp<\/pre>\n
Looks familiar? It should. From the beginning, NetworkManager was intended to work with the existing configuration formats. In fact, it ended up with plugins which would seamlessly convert between NetworkManager’s internal configuration model and the distribution’s native format. On Fedora, it would be the aforementioned ifcfg<\/em> files.<\/p>\n
Let’s take a closer look at them.<\/p>\n
Ifcfg files<\/h2>\n
The legacy network service, now part of the network-scripts<\/em> package, originally defined the ifcfg<\/em> file format. Along with the package comes a file called sysconfig.txt<\/a> that, quite helpfully, documents the format.<\/p>\n
As NetworkManager gained traction it often found itself in need of expressing a configuration that was not supported by the old fashioned network service. Given the nature of configuring things with shell scripts, adding new settings is no big deal. The unknown ones are generally just silently ignored. The NetworkManager’s idea of what ifcfg files should look like is described in the nm-settings-ifcfg-rh(5)<\/a> manual.<\/p>\n
In general, NetworkManager tries hard to write ifcfg<\/em> files that work well with the legacy network service. Nevertheless, sometimes it is just not possible. These days, the number of network connection types that NetworkManager supports vastly outnumber what the legacy network service can configure. . A new format is now used to express what the legacy format can not. This includes VPN connections, broadband modems and more.<\/p>\n
Keyfiles<\/h2>\n
The new format closely resembled the NetworkManager’s native configuration model:<\/p>\n
\n
\n
$ cat \/etc\/NetworkManager\/system-connections\/VPN.ovpn<\/strong>\n[connection]\nid=My VPN\nuuid=c85a7cdb-973b-491f-998d-b09a590af10e\ntype=vpn [vpn]\nca=\/etc\/pki\/tls\/certs\/vpn-ca.pem\nconnection-type=password\nremote=vpn.example.com\nusername=lkundrak\nservice-type=org.freedesktop.NetworkManager.openvpn [ipv6]\nmethod=auto\nnever-default=true<\/pre>\n<\/div>\n<\/div>\n
The actual format should be instantly familiar to everyone familiar with Linux systems. It’s the “ini file” or “keyfile” — a bunch of plain text key-value pairs, much like the ifcfg files use, grouped into sections. The nm-settings-ifcfg-keyfile(5)<\/a> manual documents the format thoroughly.<\/p>\n
The main advantage of using this format is that it closely resembles NetworkManager’s idea of how to express network configuration, used both internally and on the D-Bus API. It’s easier to extend without taking into consideration the quirks of the mechanism that was designed in without the benefit of foresight back when the world was young. This means less code, less surprises and less bugs.<\/p>\n
In fact there’s nothing the keyfile<\/em> format can’t express that ifcfg<\/em> files can. It can express the simple wired connections just as well as the VPNs or modems.<\/p>\n
Migrating to keyfiles<\/h2>\n
The legacy network service served us well for many years, but its days are now long over. Fedora Linux dropped it many releases ago and without it there is seemingly little reason to use the ifcfg files. That is, for new configurations. While Fedora Linux still supports the ifcfg<\/em> files, it has defaulted to writing keyfiles<\/em> for quite some time.<\/p>\n
Starting with Fedora Linux 36, the ifcfg support will no longer be present in new installations. If you’re still using ifcfg<\/em> files, do not worry — the existing systems will keep it on upgrades. Nevertheless, you can still decide to uninstall it and carry your configuration over to keyfiles<\/em>. Keep on reading to learn how.<\/p>\n
If you’re like me, you installed your system years ago and you have a mixture of keyfiles<\/em> and ifcfg<\/em> files. Here’s how can you check:<\/p>\n
$ nmcli -f TYPE,FILENAME,NAME conn<\/strong>\nTYPE FILENAME NAME\nethernet \/etc\/sysconfig\/network-scripts\/ifcfg-eth0 eth0\nwifi \/etc\/sysconfig\/network-scripts\/ifcfg-Guest Guest\nwifi \/etc\/NetworkManager\/system-connections\/Base48 Base48\nvpn \/etc\/NetworkManager\/system-connections\/VPN.ovpn My VPN<\/pre>\n
This example shows a VPN connection that must have always used a keyfile and a Wi-Fi connection presumably created after Fedora Linux switched to writing keyfiles<\/em> by default. There’s also an Ethernet connection and Wi-Fi one from back in the day that use the ifcfg<\/em> plugin. Let’s see how we can convert those to keyfiles.<\/p>\n
The NetworkManager’s command line utility, nmcli(1)<\/a>, acquired a new connection migrate<\/em> command, that can change the configuration backend used by a connection profile.<\/p>\n
It’s a good idea to make a backup of \/etc\/sysconfig\/network-scripts\/ifcfg-*<\/em> files, in case anything goes wrong. Once you have the backup you can try migrating a single connection to a different configuration backend (keyfile<\/em> by default):<\/p>\n
$ nmcli connection migrate eth0<\/strong>\nConnection 'eth0' (336aba93-1cd7-4cf4-8e90-e2009db3d4d0) successfully migrated.<\/pre>\n
Did it work?<\/p>\n
$ nmcli -f TYPE,FILENAME,NAME conn<\/strong>\nTYPE FILENAME NAME\nethernet \/etc\/NetworkManager\/system-connections\/eth0.nmc eth0\nwifi \/etc\/sysconfig\/network-scripts\/ifcfg-Guest Guest\nwifi \/etc\/NetworkManager\/system-connections\/Base48 Base48\nvpn \/etc\/NetworkManager\/system-connections\/VPN.ovpn My VPN<\/pre>\n
Cool. Can I migrate it back, for no good reason?<\/p>\n
$ nmcli conn migrate --plugin ifcfg-rh eth0<\/strong>\nConnection 'eth0' (336aba93-1cd7-4cf4-8e90-e2009db3d4d0) successfully migrated.<\/pre>\n
Excellent. Without specifying more options, the “connection migrate” command ensures all connections use the keyfile backend:<\/p>\n
$ nmcli conn migrate<\/strong>\nConnection '336aba93-1cd7-4cf4-8e90-e2009db3d4d0' (eth0) successfully migrated.\nConnection '3802a9bc-6ca5-4a17-9d0b-346f7212f2d3' (Red Hat Guest) successfully migrated.\nConnection 'a082d5a0-5e29-4c67-8b6b-09af1b8d55a0' (Base48) successfully migrated.\nConnection 'c85a7cdb-973b-491f-998d-b09a590af10e' (Oh My VPN) successfully migrated.<\/pre>\n
And that’s all. Now that your system has no ifcfg<\/em> files, the configuration backend that supports them is of no use and you can remove it:<\/p>\n
# dnf remove NetworkManager-initscripts-ifcfg-rh<\/strong>\n\u2026<\/pre>\n
Your system now works the same as it did before, but you can rejoice, for it is now modern.<\/p>\n","protected":false},"excerpt":{"rendered":"
One of the changes in Fedora Linux 36 is that new installations will no longer support the ifcfg files to configure networking. What are those and what replaces them? A bit of history In the good old days, connecting a Linux box to a network was easy. For each of the interface cards connected to […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[48],"tags":[45,61,46,47],"class_list":["post-124367","post","type-post","status-publish","format-standard","hentry","category-fedora-os","tag-fedora","tag-fedora-project-community","tag-magazine","tag-news"],"_links":{"self":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts\/124367","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/comments?post=124367"}],"version-history":[{"count":0,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts\/124367\/revisions"}],"wp:attachment":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/media?parent=124367"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/categories?post=124367"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/tags?post=124367"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}