在CentOS7中默認(rèn)使用NetworkManager守護(hù)進(jìn)程來監(jiān)控和管理網(wǎng)絡(luò)設(shè)置。nmcli是命令行的NetworkManager工具毕骡，會(huì)自動(dòng)把配置寫到/etc/sysconfig/network-scripts/目錄下面。

NetworkManager最初由 Redhat 公司開發(fā)，現(xiàn)在由 GNOME 管理。

CentOS7之前的網(wǎng)絡(luò)管理是通過ifcfg文件配置管理接口(device)，而現(xiàn)在是通過NetworkManager服務(wù)管理連接(connection)盟蚣。一個(gè)接口(device)可以有多個(gè)連接(connection)，但是同時(shí)只允許一個(gè)連接(connection)處于激活（active）狀態(tài)卖怜。

簡單理解就是屎开，一個(gè)連接就是(connection)就是/etc/sysconfig/network-scripts/目錄下的一個(gè)配置文件，接口(device)是物理設(shè)備韧涨，一個(gè)物理設(shè)置可以擁有多個(gè)配置文件牍戚，但只能有一個(gè)配置文件屬于使用(active)狀態(tài)；配置文件的生成與使用狀態(tài)均由NetworkManager控制虑粥。

當(dāng)然如孝，依舊支持ifcfg文件配置管理網(wǎng)絡(luò)，但不推薦娩贷。

命令學(xué)習(xí)

查看幫助

[root@karate ~]# nmcli -h
Usage: nmcli [OPTIONS] OBJECT { COMMAND | help }

OPTIONS
  -t[erse]                                   terse output
  -p[retty]                                  pretty output
  -m[ode] tabular|multiline                  output mode
  -f[ields] <field1,field2,...>|all|common   specify fields to output
  -e[scape] yes|no                           escape columns separators in values
  -n[ocheck]                                 don't check nmcli and NetworkManager versions
  -a[sk]                                     ask for missing parameters
  -w[ait] <seconds>                          set timeout waiting for finishing operations
  -v[ersion]                                 show program version
  -h[elp]                                    print this help

OBJECT
  g[eneral]       NetworkManager's general status and operations
  n[etworking]    overall networking control
  r[adio]         NetworkManager radio switches
  c[onnection]    NetworkManager's connections
  d[evice]        devices managed by NetworkManager
  a[gent]         NetworkManager secret agent or polkit agent

有六個(gè)OBJECT第晰，常用的有connection，device彬祖，general查看它們的幫助

[root@karate ~]# nmcli c -h
Usage: nmcli connection { COMMAND | help }

COMMAND := { show | up | down | add | modify | edit | delete | reload | load }

  show [--active] [[--show-secrets] [id | uuid | path | apath] <ID>] ...

  up [[id | uuid | path] <ID>] [ifname <ifname>] [ap <BSSID>] [passwd-file <file with passwords>]

  down [id | uuid | path | apath] <ID> ...

  add COMMON_OPTIONS TYPE_SPECIFIC_OPTIONS IP_OPTIONS

  modify [--temporary] [id | uuid | path] <ID> ([+|-]<setting>.<property> <value>)+

  edit [id | uuid | path] <ID>
  edit [type <new_con_type>] [con-name <new_con_name>]

  delete [id | uuid | path] <ID>

  reload

  load <filename> [ <filename>... ]

常用命令

查看接口設(shè)備信息

# 簡單信息
nmcli device status
# 詳細(xì)的接口信息
nmcli device show
# 接口的詳細(xì)信息
nmcli device show interface-name

查看連接(connection)的信息

# 簡單信息
nmcli connection show
# 詳細(xì)的連接信息
nmcli connection show
# 某個(gè)連接的詳細(xì)信息
nmcli connection show connection-name

啟動(dòng)和停止接口

nmcli connection down connection-name
nmcli connection up connection-name
nmcli device disconnect interface-name
nmcli device connect interface-name

建議使用 nmcli dev disconnect interface-name 命令茁瘦，而不是 nmcli con down connection-name 命令，因?yàn)檫B接斷開可將該接口放到“手動(dòng)”模式储笑，這樣做用戶讓 NetworkManager 啟動(dòng)某個(gè)連接前甜熔，或發(fā)生外部事件（比如載波變化、休眠或睡眠）前突倍，不會(huì)啟動(dòng)任何自動(dòng)連接腔稀。

創(chuàng)建連接

nmcli connection add type ethernet con-name connection-name ifname interface-name
nmcli connection add type ethernet con-name connection-name ifname interface-name ip4 address gw4 address

## e.g. 創(chuàng)建一個(gè)基于eth1接口的連接
# 創(chuàng)建動(dòng)態(tài)連接，即BOOTPROTO默認(rèn)為DHCP
[root@localhost ~]# nmcli c add type eth con-name dynamic-eth1 ifname eth1
Connection 'dynamic-eth1' (9c0ad8a9-21f6-40b5-9313-e5c7e4b356f1) successfully added.
# 創(chuàng)建靜態(tài)連接
[root@localhost ~]# nmcli connection add type eth con-name static-eth1 ifname eth1 ip4 172.16.60.10/24
# nmcli connection add type eth con-name static-eth1 ifname eth1 ip4 172.16.60.10/24 gw4 192.168.60.1
Connection 'static-eth1' (0640bf7f-9490-44a8-be96-2e710fb650e6) successfully added.

創(chuàng)建連接后羽历，NetworkManager 自動(dòng)將 connection.autoconnect 設(shè)定為 yes焊虏。還會(huì)將設(shè)置保存到 /etc/sysconfig/network-scripts/ connection-name 文件中，且自動(dòng)將 ONBOOT 參數(shù)設(shè)定為 yes秕磷。

激活連接

nmcli connection up connection-name

## e.g. 激活eth1接口的static-eth1連接
[root@localhost ~]# nmcli c up static-eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)

修改連接的IP地址

# 可修改的屬性可通過以下命令查看
nmcli c show static-eth1
# 修改命令
nmcli connection modify [--temporary] [id | uuid | path] <ID> ([+|-]<setting>.<property> <value>)+

## e.g. 修改連接static-eth1的ip地址
[root@localhost ~]# ip addr | grep eth1
4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    inet 172.16.60.10/24 brd 172.16.60.255 scope global eth1
[root@localhost ~]# nmcli c mod static-eth1 ipv4.addr 172.16.60.20/24
[root@localhost ~]# nmcli c up static-eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[root@localhost ~]# ip a | grep eth1
4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    inet 172.16.60.20/24 brd 172.16.60.255 scope global eth1

配置連接的DNS

# 設(shè)定單個(gè)DNS
nmcli connection modify static-eth1 ipv4.dns DNS1
# 設(shè)定多個(gè)DNS
nmcli connection modify static-eth1 ipv4.dns "DNS1 DNS2"
# 以上命令會(huì)替換之前的DNS設(shè)置
# 添加某個(gè)連接的DNS诵闭，需要使用前綴“+”
nmcli connection modify static-eth1 +ipv4.dns DNS3

## e.g. 配置static-eth1連接的DNS
[root@localhost ~]# grep DNS /etc/sysconfig/network-scripts/ifcfg-static-eth1
IPV6_PEERDNS=yes
[root@localhost ~]# nmcli c mod static-eth1 ipv4.dns "114.114.114.114 223.5.5.5"
# 修改連接后，需要重新激活
[root@localhost ~]# nmcli c up static-eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/4)
[root@localhost ~]# grep DNS /etc/sysconfig/network-scripts/ifcfg-static-eth1
DNS1=114.114.114.114
DNS2=223.5.5.5
IPV6_PEERDNS=yes
# 新增DNS
[root@localhost ~]# nmcli c mod static-eth1 +ipv4.dns 223.5.5.6
[root@localhost ~]# nmcli c up static-eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
[root@localhost ~]# grep DNS /etc/sysconfig/network-scripts/ifcfg-static-eth1
DNS1=114.114.114.114
DNS2=223.5.5.5
DNS3=223.5.5.6
IPV6_PEERDNS=yes

設(shè)置主機(jī)名

# 查詢當(dāng)前主機(jī)名
nmcli general hostname
# 更改主機(jī)名
nmcli general hostname my-hostname
# 重啟hostnamed服務(wù)
systemctl restart systemd-hostnamed

CentOS7下的主機(jī)名管理是基于系統(tǒng)服務(wù)systemd-hostnamed，服務(wù)自身提供了hostnamectl命令用于修改主機(jī)名疏尿，推薦這種方式進(jìn)行修改瘟芝；
使用nmcli命令更改主機(jī)名時(shí)，systemd-hostnamed服務(wù)并不知曉 /etc/hostname 文件被修改润歉，因此需要重啟服務(wù)去讀取配置模狭；

命令交互模式

nmcli con edit
# Valid connection types: generic, 802-3-ethernet (ethernet), pppoe, 802-11-wireless (wifi), wimax, gsm, cdma, infiniband, adsl, bluetooth, vpn, 802-11-olpc-mesh (olpc-mesh), vlan, bond, team, bridge, bond-slave, team-slave, bridge-slave
# 也可以直接指定connection-name進(jìn)行交互修改
# 還是非交互配置方便

接口綁定(interface bonding)

CentOS7下新增了一種特性team，用于取代bond踩衩。

接口綁定步驟是：創(chuàng)建一個(gè)組接口(Team interface), 創(chuàng)建一個(gè)接口連接嚼鹉，指定網(wǎng)卡接口(device)到組接口里

nmcli connection add type team con-name connection-name ifname interface-name [config JSON]
# JSON  指定所使用的處理器(runner)。JSON語法 '{"runner":{"name":"METHOD"}}' 
# METHOD可以是：broadcast驱富、activebackup锚赤、roundrobin、loadbalance 或者 lacp
nmcli connection add type team-slave con-name connection-name ifname interface-name master team-name

## e.g. 創(chuàng)建組接口team0褐鸥，并把eth1和eth2加入其中线脚，網(wǎng)段為192.168.233.0/24
[root@localhost ~]# nmcli d status
DEVICE  TYPE      STATE      CONNECTION
eth0    ethernet  connected  eth0
eth1    ethernet  connected  Wired connection 1
eth2    ethernet  connected  Wired connection 2
lo      loopback  unmanaged  --
[root@localhost ~]# nmcli c show
NAME                UUID                                  TYPE            DEVICE
Wired connection 2  34494b9d-f056-4f30-841c-7e6fad3b73d0  802-3-ethernet  eth2
Wired connection 1  b7ca472c-67f7-4885-ba3b-1b572d3e0d40  802-3-ethernet  eth1
eth0                54bd03bd-1300-409b-974f-d98ed3bb8891  802-3-ethernet  eth0
[root@localhost ~]# nmcli c del "Wired connection 2"
[root@localhost ~]# nmcli c del "Wired connection 1"
[root@localhost ~]# nmcli c show
NAME  UUID                                  TYPE            DEVICE
eth0  54bd03bd-1300-409b-974f-d98ed3bb8891  802-3-ethernet  eth0
[root@localhost ~]# nmcli d status
DEVICE  TYPE      STATE         CONNECTION
eth0    ethernet  connected     eth0
eth1    ethernet  disconnected  --
eth2    ethernet  disconnected  --
lo      loopback  unmanaged     --

# 創(chuàng)建組接口，并分配ip地址
[root@localhost ~]# nmcli c add type team con-name team0 ifname team0 config '{"runner":{"name":"activebackup"}}' ip4 192.168.233.10/24 gw4 192.168.233.2
Connection 'team0' (4e75c1da-6ce5-4cbc-85fe-da5aa289b7d8) successfully added.
[root@localhost ~]# nmcli c mod team0 ipv4.dns "114.114.114.114 223.5.5.5"
[root@localhost ~]# nmcli c show
NAME   UUID                                  TYPE            DEVICE
eth0   54bd03bd-1300-409b-974f-d98ed3bb8891  802-3-ethernet  eth0
team0  4e75c1da-6ce5-4cbc-85fe-da5aa289b7d8  team            team0

# 將網(wǎng)卡接口加入到組接口中
[root@localhost ~]# nmcli c add type team-slave ifname eth1 master team0
Connection 'team-slave-eth1' (3ef0011b-6b69-4dfb-998b-13bf3d729c9c) successfully added.
[root@localhost ~]# nmcli c add type team-slave ifname eth2 master team0
Connection 'team-slave-eth2' (fe3fc939-dbff-485e-aef6-9fbf9f807926) successfully added.

# 啟動(dòng)組接口
[root@localhost ~]# nmcli c up team0
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)

# 查看 team0 當(dāng)前活動(dòng)的端口叫榕，活動(dòng)端口基于接口的連接
[root@localhost ~]# teamnl team0 ports
 4: eth2: up 1000Mbit FD
 3: eth1: up 1000Mbit FD
[root@localhost ~]# nmcli d status
DEVICE  TYPE      STATE      CONNECTION
eth0    ethernet  connected  eth0
eth1    ethernet  connected  team-slave-eth1
eth2    ethernet  connected  team-slave-eth2
team0   team      connected  team0
lo      loopback  unmanaged  --
[root@localhost ~]# nmcli c show
NAME             UUID                                  TYPE            DEVICE
eth0             54bd03bd-1300-409b-974f-d98ed3bb8891  802-3-ethernet  eth0
team-slave-eth2  fe3fc939-dbff-485e-aef6-9fbf9f807926  802-3-ethernet  eth2
team-slave-eth1  3ef0011b-6b69-4dfb-998b-13bf3d729c9c  802-3-ethernet  eth1
team0            4e75c1da-6ce5-4cbc-85fe-da5aa289b7d8  team            team0
[root@localhost ~]# ip a s team0
5: team0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
    link/ether 00:0c:29:d0:a2:77 brd ff:ff:ff:ff:ff:ff
    inet 192.168.233.10/24 brd 192.168.233.255 scope global team0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fed0:a277/64 scope link
       valid_lft forever preferred_lft forever
[root@localhost ~]# teamdctl team0 state
setup:
  runner: activebackup
ports:
  eth2
    link watches:
      link summary: up
      instance[link_watch_0]:
        name: ethtool
        link: up
  eth1
    link watches:
      link summary: up
      instance[link_watch_0]:
        name: ethtool
        link: up
runner:
  active port: eth1
[root@localhost ~]# nmcli c show team0
connection.id:                          team0
connection.uuid:                        4e75c1da-6ce5-4cbc-85fe-da5aa289b7d8
connection.interface-name:              team0
connection.type:                        team
connection.autoconnect:                 yes
connection.autoconnect-priority:        0
connection.timestamp:                   1464621245
connection.read-only:                   no
connection.permissions:
connection.zone:                        --
connection.master:                      --
connection.slave-type:                  --
connection.secondaries:
connection.gateway-ping-timeout:        0
ipv4.method:                            manual
ipv4.dns:                               114.114.114.114,223.5.5.5
ipv4.dns-search:
ipv4.addresses:                         192.168.233.10/24
ipv4.gateway:                           192.168.233.2
ipv4.routes:
ipv4.route-metric:                      -1
ipv4.ignore-auto-routes:                no
ipv4.ignore-auto-dns:                   no
ipv4.dhcp-client-id:                    --
ipv4.dhcp-send-hostname:                yes
ipv4.dhcp-hostname:                     --
ipv4.never-default:                     no
ipv4.may-fail:                          yes
ipv6.method:                            auto
ipv6.dns:
ipv6.dns-search:
ipv6.addresses:
ipv6.gateway:                           --
ipv6.routes:
ipv6.route-metric:                      -1
ipv6.ignore-auto-routes:                no
ipv6.ignore-auto-dns:                   no
ipv6.never-default:                     no
ipv6.may-fail:                          yes
ipv6.ip6-privacy:                       -1 (unknown)
ipv6.dhcp-send-hostname:                yes
ipv6.dhcp-hostname:                     --
team.config:                            {"runner":{"name":"activebackup"}}
GENERAL.NAME:                           team0
GENERAL.UUID:                           4e75c1da-6ce5-4cbc-85fe-da5aa289b7d8
GENERAL.DEVICES:                        team0
GENERAL.STATE:                          activated
GENERAL.DEFAULT:                        no
GENERAL.DEFAULT6:                       no
GENERAL.VPN:                            no
GENERAL.ZONE:                           --
GENERAL.DBUS-PATH:                      /org/freedesktop/NetworkManager/ActiveConnection/6
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/Settings/3
GENERAL.SPEC-OBJECT:                    /
GENERAL.MASTER-PATH:                    --
IP4.ADDRESS[1]:                         192.168.233.10/24
IP4.GATEWAY:                            192.168.233.2
IP4.DNS[1]:                             114.114.114.114
IP4.DNS[2]:                             223.5.5.5
IP6.ADDRESS[1]:                         fe80::20c:29ff:fed0:a277/64

測試的話浑侥，可以開個(gè)ping窗口持續(xù)ping，然后禁用team0組中的eth2晰绎；理論上ping包是不會(huì)丟失的寓落。

# 關(guān)閉eth2網(wǎng)卡，看ping狀態(tài)
[root@localhost ~]# nmcli d dis eth2
Device 'eth2' successfully disconnected.
[root@localhost ~]# teamdctl team0 state
setup:
  runner: activebackup
ports:
  eth1
    link watches:
      link summary: up
      instance[link_watch_0]:
        name: ethtool
        link: up
runner:
  active port: eth1
[root@localhost ~]# nmcli d con eth2
Device 'eth2' successfully activated with 'fe3fc939-dbff-485e-aef6-9fbf9f807926'.
[root@localhost ~]# teamdctl team0 state
setup:
  runner: activebackup
ports:
  eth1
    link watches:
      link summary: up
      instance[link_watch_0]:
        name: ethtool
        link: up
  eth2
    link watches:
      link summary: up
      instance[link_watch_0]:
        name: ethtool
        link: up
runner:
  active port: eth1
[root@localhost ~]# teamnl team0 options
 queue_id (port:eth2) 0
 priority (port:eth2) 0
 user_linkup_enabled (port:eth2) false
 user_linkup (port:eth2) true
 enabled (port:eth2) false
 queue_id (port:eth1) 0
 priority (port:eth1) 0
 user_linkup_enabled (port:eth1) false
 user_linkup (port:eth1) true
 enabled (port:eth1) true
 activeport 3
 mcast_rejoin_interval 0
 mcast_rejoin_count 1
 notify_peers_interval 0
 notify_peers_count 1
 mode activebackup

• 使用 NETWORKMANAGER 命令行工具 NMCLI
• 使用命令行配置網(wǎng)絡(luò)成組
• 在 Linux 中用 nmcli 命令綁定多塊網(wǎng)卡