General networking question

Latest response

What, if any, are the dangers of manually editing the /etc/sysconfig/network-scripts/ifcfg-ethX file on a rhel6.5 system? If changes need to be made to a configuration, should they always be made with either nm-connection-editor or system-config-network, or can they be made manually or with some combination of manual editing and the aforementioned utilities?

DM
Log in to join the conversation

Responses

JL Active Contributor 251 points
18 April 2014 10:03 PM

It sort of voids the warranty if you do both tool-based and manual-based editing, but the combination can and does work.

The danger of manual edits is you may introduce a syntax error or some illegal combination, break networking, and need console access to back out of it. On the other hand, there are some things the GUI tools won't do, e.g. setting up multiple sub-interfaces for trunk ports with explicit vlan tagging.

You can go completely manual by setting:
NM_CONTROLLED="no"
in an individual ifcfg-* file, or globally by doing
service NetworkManager stop
chkconfig NetworkManager off
... even if the original configuration was generated from the GUI tools, which I tend to recommend.

On a laptop used for network testing, where I need to be able to rapidly move it between vlan's, I ended up setting up an entire subdirectory of hand-crafted ifcfg-eth0 files below /etc/sysconfig/network-scripts, along with a chooser script to copy one to ifcfg-eth0, and instantiating /sbin/ifup-local so that some of my non-default static routes would get handled properly.

A lot of my servers run without GUI, and I tend to maintain their ifcfg-* files manually. I also find it easier to tune some specialized interfaces like iSCSI manually.

On the other hand, I'd hate to have to set up a WPA2 WiFi interface by hand; for that sort of thing I go straight to the GUI.

What the answer will be a half decade from now, with network configuration moving more into systemd, remains to be seen. Possibly something more like what the Debian family does, where you can specify pre and post actions to run as interfaces come up and down.

-- Jim Leinweber, WI State Lab of Hygiene

DM Community Member 49 points
19 April 2014 1:56 AM

First of all, thanks for the response. I appreciate it. Having said that, I have a situation to describe and another question to ask. I realize that describing something that happened, then asking if someone has any idea as to why it occurred is tenuous at best, but I'll give it a shot anyway.

I have a small private peer-to-peer network at home. I handle name resolution using /etc/hosts files on each of three systems. I was doing some testing on the network, and had the following occur on one of the hosts.

I first created a copy of /etc/sysconfig/network-scripts/ifcfg-eth0.
Then, using nm-connection-editor, I edited my eth0 configuration, changing the IP address so that it was on a different network from my private network.
After completing the edit, I brought eth0 down, using ifdown, then restarted networking, using /etc/init.d/network restart.
I then executed some pings to see what, if anything, I would be able to get to.
After completing this, I brought eth0 down again, deleted /etc/sysconfig/network-scripts/ifcfg-eth0, and replaced it with the saved copy of the ifcfg-eth0 file I had created earlier.
When I attempted to bring eth0 back up, the system indicated, essentially, that it couldn't find eth0.
I next opted to execute nm-connection-editor and, consistent with what I had just seen, there was no eth0 there.
All this, despite the fact that I there was a /etc/sysconfig/network-scripts/ifcfg-eth0 in place, and was the one that had been there when the system was initially booted.
I was ultimately able to reestablish my network connectivity when I found a copy of ifcfg-eth0 in /etc/sysconfig/networking/devices and copied it over to /etc/sysconfig/network-scripts.

None of this makes sense to me. (It may not make sense to anyone reading this.) But I thought I'd post the question and see what responses I might receive.

R. Hinton's picture Guru 6827 points
20 April 2014 10:26 PM

Just a quick reply regarding the warranty... I've had administrators who edit the network interface files manually and it does not void the warranty, to include administrators who make typos or other erroneous entries that temporarily botch network function until resolved. Of course I'd also recommend picking one or the other, and not both. Using both would seem to beg for an issue. I would suspect if someone approached Red Hat Support with a network problem that arose from the improper use of both NM and manually editing files, they'd help the victim fix the issue and just say to pick one or the other in the future and not drop one's warranty.

We had a couple of highly unique network configurations that when someone did a typo, we were still able to use Red Hat Support even when mentioning to them that someone typo'd the file(s).

Red Hat Support was disinterested in whether or not we used NetworkManager or manually configured the files, but just helped us with either one method or another based on the best choice for the situation at hand. (i.e. not using NetworkManager for servers, or perhaps using NetworkManager for a laptop)

DM Community Member 49 points
21 April 2014 12:35 AM

Thanks for the update. Any additional information is greatly appreciated.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.