Network configuration with Elemental

Elemental cloud-config support does not include declarative networking at the moment.

The defaul OS channel shipped with Elemental provides SLE Micro OS images with NetworkManager which enables DCHP ethernet configuration automatically.

Elemental cloud-config allows to create NetworkManager connection profile configuration files in order to customize the host network.

To define custom network configuration for your Elemental OS deployment the required steps are:

  • Identify the content of the desired NetworkManager connection profile configuration files
  • Include a write_files cloud-config snippet in the Elemental MachineRegistration resource to create configuration files with content identified in the previous step

Customize networking - 图1info

The cloud-config configuration put in the Elemental MachineRegistration is applied on the installed system only, not on the generated ISO/Image. This means that when booting from the Elemental ISO/Image the MachineRegistration cloud-config is not applied on the host: it will be applied only after the OS is installed and rebooted.

Host configuration during Elemental ISO/Image boot is possible adding the cloud-config customization in the SeedImage resource instead of the MachineRegistration one.

Identify NetworkManager connection profile configuration files content

NetworkManager supports multiple connection profile storage formats. While one could focus on any of the supported configuration file plugins, the keyfile plugin is the one we recommend: it allows to store all the possible connection profile data and has a quite simple syntax.

NetworkManager keyfiles can be written directly following the nm-settings-keyfile man page.

Anyway, it could be easier to instruct NetworkManager to configure a connection profile if a live system is available: NetworkManager then creates the keyfiles for us in the /etc/NetworkManager/system-connections/ directory.

There are multiple different ways to interact with NetworkManager and create connection profiles. The most used and handy configuration tools include:

  • nmcli - the NetworkManager CLI
  • nmtui - the NetworManager Text User Interface
  • the UI applets present in all the major linux desktops environments

Finally, to generate NetworkManager keyfiles offline using a declarative approach, one could use the nm-configurator project.

Example: generate a static IPv4 ethernet connection porfile with nmcli

  1. nmcli connection add \
  2. con-name fixed-ip\
  3. type ethernet \
  4. ipv4.method manual \
  5. ipv4.addresses 192.168.1.2/24 \
  6. ipv4.gateway 192.168.1.1 \
  7. ipv4.dns 192.168.1.1

After running the above command, you will find your keyfile at /etc/NetworkManager/system-connections/fixed-ip.nmconnection.

Elemental cloud-config

The NetworkManager connection profile keyfiles can be injected in a MachineRegistration using the write_files module.

The content can be either plain text or base64 encoded (encoding: b64).

Example: MachineRegistration with static IPv4 ethernet connection profile

  1. apiVersion: elemental.cattle.io/v1beta1
  2. kind: MachineRegistration
  3. metadata:
  4. name: fire-nodes
  5. namespace: fleet-default
  6. spec:
  7. config:
  8. cloud-config:
  9. users:
  10. - name: root
  11. passwd: root
  12. write_files:
  13. - content: |
  14. [connection]
  15. id=fixed-ip
  16. uuid=9039a243-452d-4f01-9424-78648404d50b
  17. type=ethernet
  18. [ipv4]
  19. address1=192.168.1.2/24,192.168.1.1
  20. dns=192.168.1.1;
  21. method=manual
  22. path: /etc/NetworkManager/system-connections/fixed-ip.nmconnection
  23. permissions: 600
  24. elemental:
  25. install:
  26. reboot: true
  27. device: /dev/sda
  28. debug: true
  29. machineInventoryLabels:
  30. element: fire
  31. manufacturer: "${System Information/Manufacturer}"
  32. productName: "${System Information/Product Name}"
  33. serialNumber: "${System Information/Serial Number}"
  34. machineUUID: "${System Information/UUID}"

Customize networking - 图2warning

The connection profile keyfile file permissions should allow read and write access to the root user only, otherwise NetworkManager will refuse to load the connection profile: ensure to set permissions to 600 for NetworkManager keyfiles, otherwise your connection profiles will not be loaded.