Re: Default Gateway with Manual Setting

[Gene Czarcinski <gene czarc net>]

On Wednesday 07 October 2009 12:52:58 Dan Williams wrote:
> On Tue, 2009-10-06 at 11:19 -0400, Gene Czarcinski wrote:
> > On Tuesday 06 October 2009 10:45:50 Gene Czarcinski wrote:
> > > On Tuesday 06 October 2009 10:03:45 Gene Czarcinski wrote:
> > > > On Monday 05 October 2009 17:43:42 Dan Williams wrote:
> > > > > On Mon, 2009-10-05 at 16:52 -0400, Gene Czarcinski wrote:
> > > > > > On Monday 05 October 2009 16:33:21 Gene Czarcinski wrote:
> > > > > > > I have not worked with koji before but I can give 134947 a try
> > > > > > > too.
> > > > > >
> > > > > > Downloaded and installed:
> > > > > >
> > > > > > Download/NetworkManager-0.7.996-4.git20091002.fc12.x86_64.rpm
> > > > > > Download/NetworkManager-glib-0.7.996-4.git20091002.fc12.x86_64.rp
> > > > > >m
> > > > > > Download/NetworkManager-gnome-0.7.996-4.git20091002.fc12.x86_64.r
> > > > > >pm
> > > > > >
> > > > > > Still does not work.
> > > > >
> > > > > Ok, are these system connections or user connections?  For the ones
> > > > > where the "connection only" checkbox does not stick, is the
> > > > > "Available to all users" checkbox also set?
> > > >
> > > > Absolutely ... all connections are "System" interfaces with the
> > > > "Available to all users" checked.  The interface I am trying to set
> > > > "connection only" may be a "private" network but it is a system-wide
> > > > definition.
> > >
> > > OK, something new.
> > >
> > > I unchecked "Available to all users", applied, and restarted eth0 (I
> > > have it set to not start automatically in ifcfg-eth0).  I then edited
> > > and checked for "connection only".  Not only did the box stay checked
> > > but it worked ... the default route was no to 192.168.122.1 on eth1.
> > >
> > > SO, the problem looks like it is only on system wide ("Available to all
> > > users") interfaces.
> > >
> > > I am going to go back to F11 and try this there too.
> >
> > Yes, yes ... F11 is the same.
> >
> > Unchecked the "Available to all users" box for the "private" network NIC
> > and then I could check the "connection only" box and the default route
> > was correct.
> 
> Ok, this makes me think it's more of an issue in the ifcfg-rh backend.
> Unfortunately, the "connection only" thing is backed by a bit of
> ugliness in the ifcfg files; the device name (!) of the device that
> should receive the gateway is set in /etc/sysconfig/network like
> GATEWAYDEV=eth0, which is how it had always been done in a pre-NM and
> ifcfg-only world.  NM attempts to preserve that compatibility, and when
> reading in connections, will match the DEVICE=XXX line in the actual
> ifcfg file with the GATEWAYDEV=XXX line in /etc/sysconfig/network, and
> if they *don't* match, that connection will never get the default route.
> There's a bug here apparently.
> 
> This gets a bit hard, because device names aren't stable, and NM uses
> the persistent MAC address of the device instead of the device name in
> most cases.  Also the fact that connections/ifcfgs don't *have* to be
> tied to a specific device, and the ifcfg-rh backend does not write out
> DEVICE= lines specifically for that reason.  The ifcfg files are read
> long before the device might actually be plugged into the system too,
> which means we don't have any information to make that judgement at load
> time.
> 
> So the best case is probably to treat GATEWAYDEV as legacy, and have a
> new key on a *per-ifcfg* basis that prevents that ifcfg from ever having
> the default route, like the checkbox states.  The ifcfg-rh backend would
> still honor GATEWAYDEV if an ifcfg had the DEVICE=XXX line I guess.
> Thoughts?  GATEWAYDEV simply isn't really flexible enough.

Progress!  So, the "magic" parameter is GATEWAYDEV= in /etc/sysconfig/network

1.  On a qemu-kvm F12 guest, I tried manually setting GATEWAYDEV=eth1 and this 
works!  Not only is the default route correct but the "connection only" box is 
now checked.  At the very least, this gives me a work-around until things are 
fixed.

2.  GATEWAYDEV= (or for that matter GATEWAY=) is poorly documented ... I could 
never find any outside of some BZ reports and email messages.  However, it has 
been there in Fedora and Fedora Core as well as earlier in Red Hat Linux for a 
very long time.  I do not know what other distributions like Debian use but 
GATEWAYDEV is the "classic" way for us.

3.  A significant related problem is that system-config-network does not support 
having GATEWAYDEV= in /etc/sysconfig/network and will wipe it out!  I have 
reported this in https://bugzilla.redhat.com/show_bug.cgi?id=518878

4.  There are still problems in NM because I cannot use nm-connection-editor 
to check (add GATEWAYDEV=) or uncheck (remove GATEWAYDEV=).  Under F12, it 
does prompt me for authentication to make the change.

5.  I have not seen any problem with MAC addresses staying fixed.  Sure, when I 
fiddle with NIC definitions (or add one) (equivalent to changing NIC cards) or 
if I use virt-clone to make a new guest, I need to do some stuff to get the 
configuration "correct".  The first thing is to delete /etc/udev/rules.d/70-
persistent-net.rules and reboot to get "good" device names like eth0 and eth1.  
Then, I need to use system-config-network to get good system definitions.

6.  The whole business with network configuration files in /etc/sysconfig/ needs 
work.  There is no reason why a network definition such as ifcfg-eth0 needs to 
be in three separate locations (one file and two hard links).  There is also 
some info duplicated between /etc/sysconfig/network and 
/etc/sysconfig/networking/profile/default/network.

7.  I believe you are looking at the default route business in NM from the 
wrong direction.  Rather than specifying "connection only", there needs to be 
a "this NIC is the default route" checkbox.  Consider more than two NICs ... 
when you check "connection only" on an interface, which of the other two will 
be set in GATEWAYDEV=xxx ?

Anyway, as far as NM is concerned, #4 above is the issue ... 
/etc/sysconfig/network is not being changed.

Gene