On Wed, 2017-05-31 at 07:45 -0500, Greg Oliver wrote:
I have emailed a couple times about backing up connections since I have close to 100 VPNs I would like to restore when I upgrade my OS. The dconf/gconf methods from the past are no longer valid. I am willing to put in the work (since it is an obvious pain to do 2x a year when I upgrade) to write (I know python, perl and all shells) scripts to backup/restore connections. I see there are python bindings, but there are also a lot of unknowns (user or system connections, etc..). Is this something that would gain traction, or is it always going to be a moving target? I assume python bindings would not change (much like the kernel ABIs), but I obviously do not know. In the past I have used dconf, but the connections are no longer stored there, so you see my dilemma. If this sounds like something the network manager devs are interested in, let me know - otherwise I will figure out how to roll my own. It is an unusual use case I know, but I work with our clients through VPN connections all day every day, so it would save me quite a bit of time to be able to carry them over from upgrade to upgrade, etc.. If this does not seem like something important, I will just do something local. TIA!
Hi Greg, User-connections no longer exist since 0.9.0 from 2011. All connections are persisted by one of the settings plugins (plugins in `man NetworkManager.conf`). - for the keyfile plugin, you can simply backup /etc/NetworkManager/system-connections. - the ifcfg-rh plugin is used on Fedora and RHEL by default. In that case, you need to backup ifcfg-* files in /etc/sysconfig/network-scripts/ (possibly also route-*, route6-*, rule-*, rule6-*, keys-*). Other setting plugins hardly matter as they don't support writing connections, they are mostly read-only, like /etc/network/interfaces on Debian (ifupdown plugin). ifcfg-rh cannot handle VPN connection. Basically, keyfile is always enabled, and used if no other settings plugin can handle the type (like VPN). Backup and restore of files has problems: - requires root permissions. - if the connection references certificate files, those files are missing. Same, if the connection references PKCS#11 URIs for certificates. Eventually, nmcli should support exporting connection in keyfile format. For example: https://bugzilla.gnome.org/show_bug.cgi?id=744702 Basically, it should be able to edit files directly without the server, in off-line mode https://bugzilla.redhat.com/show_bug.cgi?id=1361145 Also related: https://bugzilla.gnome.org/show_bug.cgi?id=772414 best, Thomas
Attachment:
signature.asc
Description: This is a digitally signed message part