Red Hat Training

A Red Hat training course is available for RHEL 8

Chapter 52. Automatically configuring network interfaces in public clouds using nm-cloud-setup

Usually, a virtual machine (VM) has only one interface that is configurable by DHCP. However, DHCP cannot configure VMs with multiple network entities, such as interfaces, IP subnets, and IP addresses. Additionally, you cannot apply settings when the VM instance is running. To solve this runtime configuration issue, the nm-cloud-setup utility automatically retrieves configuration information from the metadata server of the cloud service provider and updates the network configuration of the host. The utility automatically picks up multiple network interfaces, multiple IP addresses, or IP subnets on one interface and helps to reconfigure the network of the running VM instance.

52.1. Configuring and pre-deploying nm-cloud-setup

To enable and configure network interfaces in public clouds, run nm-cloud-setup as a timer and service.

Note

On Red Hat Enterprise Linux On Demand and AWS golden images, nm-cloud-setup is already enabled and no action is required.

Prerequisite

  • A network connection exists.

  • The connection uses DHCP.

    By default, NetworkManager creates a connection profile which uses DHCP. If no profile was created because you set the no-auto-default parameter in /etc/NetworkManager/NetworkManager.conf, create this initial connection manually.

Procedure

  1. Install the nm-cloud-setup package: 

    # yum install NetworkManager-cloud-setup

  2. Create and run the snap-in file for the nm-cloud-setup service:

    1. Use the following command to start editing the snap-in file: 

      # systemctl edit nm-cloud-setup.service

      It is important to either start the service explicitly or reboot the system to make configuration settings effective.

    2. Use the systemd snap-in file to configure the cloud provider in nm-cloud-setup. For example, to use Amazon EC2, enter: 

      [Service]
Environment=NM_CLOUD_SETUP_EC2=yes

      You can set the following environment variables to enable the cloud provide you use:

      • NM_CLOUD_SETUP_AZURE for Microsoft Azure
      • NM_CLOUD_SETUP_EC2 for Amazon EC2 (AWS)
      • NM_CLOUD_SETUP_GCP for Google Cloud Platform(GCP)
      • NM_CLOUD_SETUP_ALIYUN for Alibaba Cloud (Aliyun)
    3. Save the file and quit the editor.

  3. Reload the systemd configuration: 

    # systemctl daemon-reload

  4. Enable and start the nm-cloud-setup service: 

    # systemctl enable --now nm-cloud-setup.service

  5. Enable and start the nm-cloud-setup timer: 

    # systemctl enable --now nm-cloud-setup.timer

Additional resources

52.2. Understanding the role of IMDSv2 and nm-cloud-setup in the RHEL EC2 instance

The instance metadata service (IMDS) in Amazon EC2 allows you to manage permissions to access instance metadata of a running Red Hat Enterprise Linux (RHEL) EC2 instance. The RHEL EC2 instance uses IMDS version 2 (IMDSv2), a session-oriented method. By using the nm-cloud-setup utility, administrators can reconfigure the network and automatically update the configuration of running RHEL EC2 instances. The nm-cloud-setup utility handles IMDSv2 API calls by using IMDSv2 tokens without any user intervention.

  • IMDS runs on a link-local address 169.254.169.254 for providing access to native applications on a RHEL EC2 instance.
  • After you have specified and configured IMDSv2 for each RHEL EC2 instance for applications and users, you can no longer access IMDSv1.
  • By using IMDSv2, the RHEL EC2 instance maintains metadata without using the IAM role while remaining accessible through the IAM role.
  • When the RHEL EC2 instance boots, the nm-cloud-setup utility automatically runs to fetch the EC2 instance API access token for using the RHEL EC2 instance API.
Note

Use the IMDSv2 token as an HTTP header to check the details of the EC2 environment.

Additional resources

  • nm-cloud-setup(8) man page