Chapter 53. Automatically configuring network interfaces in public clouds using nm-cloud-setup
Usually, a virtual machine (VM) has only one interface that is configurable by DHCP. However, DHCP cannot configure VMs with multiple network entities, such as interfaces, IP subnets, and IP addresses. Additionally, you cannot apply settings when the VM instance is running. To solve this runtime configuration issue, the
nm-cloud-setup utility automatically retrieves configuration information from the metadata server of the cloud service provider and updates the network configuration of the host. The utility automatically picks up multiple network interfaces, multiple IP addresses, or IP subnets on one interface and helps to reconfigure the network of the running VM instance.
53.1. Configuring and pre-deploying nm-cloud-setup
To enable and configure network interfaces in public clouds, run
nm-cloud-setup as a timer and service.
On Red Hat Enterprise Linux On Demand and AWS golden images,
nm-cloud-setup is already enabled and no action is required.
- A network connection exists.
The connection uses DHCP.
By default, NetworkManager creates a connection profile which uses DHCP. If no profile was created because you set the
/etc/NetworkManager/NetworkManager.conf, create this initial connection manually.
# yum install NetworkManager-cloud-setup
Create and run the snap-in file for the
Use the following command to start editing the snap-in file:
# systemctl edit nm-cloud-setup.service
It is important to either start the service explicitly or reboot the system to make configuration settings effective.
systemdsnap-in file to configure the cloud provider in
nm-cloud-setup. For example, to use Amazon EC2, enter:
You can set the following environment variables to enable the cloud provide you use:
NM_CLOUD_SETUP_AZUREfor Microsoft Azure
NM_CLOUD_SETUP_EC2for Amazon EC2 (AWS)
NM_CLOUD_SETUP_GCPfor Google Cloud Platform(GCP)
NM_CLOUD_SETUP_ALIYUNfor Alibaba Cloud (Aliyun)
- Save the file and quit the editor.
# systemctl daemon-reload
Enable and start the
# systemctl enable --now nm-cloud-setup.service
Enable and start the
# systemctl enable --now nm-cloud-setup.timer
- Configuring an Ethernet connection
53.2. Understanding the role of IMDSv2 and nm-cloud-setup in the RHEL EC2 instance
The instance metadata service (IMDS) in Amazon EC2 allows you to manage permissions to access instance metadata of a running Red Hat Enterprise Linux (RHEL) EC2 instance. The RHEL EC2 instance uses IMDS version 2 (IMDSv2), a session-oriented method. By using the
nm-cloud-setup utility, administrators can reconfigure the network and automatically update the configuration of running RHEL EC2 instances. The
nm-cloud-setup utility handles IMDSv2 API calls by using IMDSv2 tokens without any user intervention.
IMDS runs on a link-local address
169.254.169.254for providing access to native applications on a RHEL EC2 instance.
- After you have specified and configured IMDSv2 for each RHEL EC2 instance for applications and users, you can no longer access IMDSv1.
- By using IMDSv2, the RHEL EC2 instance maintains metadata without using the IAM role while remaining accessible through the IAM role.
When the RHEL EC2 instance boots, the
nm-cloud-setuputility automatically runs to fetch the EC2 instance API access token for using the RHEL EC2 instance API.
Use the IMDSv2 token as an HTTP header to check the details of the EC2 environment.