1

I frequently build centos7 servers and have a few special networking requirements. For example, I may want to use nameservers or repositories in private ranges that can't be reached via my normal subnet or default gateway.

Imagine a kickstart with something like the following:

network --device eth0 --bootproto static --ip 192.168.0.100 --netmask 255.255.0.0 --gateway 192.168.0.1 --nameserver 10.0.0.100

repo --name="private" --baseurl=http://172.16.0.100/private/7/x86_64

It's a purely theoretical setup. The theoretical box has an ip address in 192.168 range, with a default gateway that can reach the wider world, but would like to reach the 10/8 network and 172.16/12

Additionally, imagine that the default gateway cannot reach these other subnets.

On a live centos environment I could do the following

ip route add 10.0.0.0/8 via 192.168.0.2

ip route add 172.16.0.0/12 via 192.168.0.3

and to make persistent, this could be added to /etc/sysconfig/network-scripts/route-eth0

How do I get all this to come into play in anaconda? Historically this may have worked in %pre, but if I ssh into anaconda while it is running I can see that these routes are not in place.

Jarrod
  • 131
  • 3

2 Answers2

2

Why don't you just set up the static routes in %post?

%post
cat > /etc/sysconfig/network-scripts/route-eth0 <<EOF
10.0.0.0/8 via 192.168.0.2
172.16.0.0/12 via 192.168.0.3
EOF

If you need the static routes during installation, you can certainly add the appropriate ip route commands to %pre as well.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
  • %post works fine and isn't a problem, however %pre will not work as you suggest (centos7 onwards). I thought the difference between network.service and NetworkManager.service could be rectified by adding entries in the format ADDRESS0=10.0.0.0\nNETMASK0=255.0.0.0\nGATEWAY0=192.168.0.2 but this also doesn't work. – Jarrod Jan 07 '19 at 18:16
  • I did have some luck though trying something from Fedora documentation: `nmcli connection modify eth0 +ipv4.routes 10.0.0.0/8 ipv4.gateway 192.168.0.2` as anaconda did now have a route for 10.0.0.0/8, but sadly it didn't have a gateway. I must be close now! – Jarrod Jan 07 '19 at 18:23
  • Check the kickstart log file for the `%pre` section, to see what might have happened. – Michael Hampton Jan 07 '19 at 18:34
  • Good suggestion. I added a dummy package "deliberate-breaker" to my kickstart so anaconda would halt. In another tmux window I read the pre-install log. There were no errors relating to the ip route commands but the nmcli command did produce some output `Error: Failed to modify connection 'eth0': ipv4.gateway: gateway cannot be set if there are no addresses configured`, this suggests I need to define eth0 via nmcli first to progress further. – Jarrod Jan 08 '19 at 17:05
  • Is the interface actually named eth0? – Michael Hampton Jan 08 '19 at 17:12
  • Yes. There would be different error along the lines of `Error: unknown connection 'madeup'` – Jarrod Jan 09 '19 at 11:03
  • What happened to a simple `ip route add`? – Michael Hampton Jan 09 '19 at 14:17
  • It doesn't seem to have any effect. I should try an ip route show immediately afterwards actually. I suspect a primitive networking environment exists at first courtesy of the kernel, then I imagine NetworkManager takes over. I think I'm going to have to make a bug/feature request to Redhat about this. – Jarrod Jan 10 '19 at 18:06
  • That's probably a good idea. If the docs are right, the network should already be up when `%pre` runs, but apparently that doesn't seem to be happening for you. – Michael Hampton Jan 10 '19 at 18:29
  • I eventually found the solution, see below. It still feels like more work than should be necessary. I think I'll let RedHat know. – Jarrod Mar 26 '19 at 15:41
  • Network is not up during %pre unless you use the kernel command line to get dracut to bring it up, and dracut has it's own (different!) network-scripts. – stolenmoment May 09 '22 at 18:43
2

I eventually found the solution

%pre
nmcli connection modify "System eth0" +ipv4.routes "10.0.0.0/8 192.168.0.2"
%end

This both works for the build, but also then stays persistent for afterwards

Jarrod
  • 131
  • 3
  • 1
    Thanks very much for this! I'm trying to kickstart a server in which as much as possible comes off the net, and the package repo is (for some servers) not reachable via the default route. – stolenmoment May 09 '22 at 18:45