1 介绍
随着centos的版本被收购后,就开始使用其他linux版本替代,最后选择ubuntu作为服务器系统,之前不太了解这个ntplan工具,阅读官方文档后组成的文档,和大家一起分享,也可以作为自己日后回顾查阅使用.
我们知道ubuntu私用netplan去管理网络接口,可以通过netplan配置网桥,vlan,bonding等,我们先来介绍netplan的命令选项
$ netplan help
usage: /usr/sbin/netplan [-h] [--debug] ...
Network configuration in YAML
options:
-h, --help show this help message and exit
--debug Enable debug messages
Available commands:
help 显示帮助信息
apply 应用现在的ntplan配置
generate Generate backend specific configuration files from /etc/netplan/*.yaml
get 现在配置文件中的内嵌配置信息,比如"ethernets.eth0.addresses"
info 显示有用的特性
ip 显示IP信息
set 修改配置信息,使用key=value形式,比如"ethernets.eth0.dhcp4=true"
rebind 重新绑定SR-IOV虚拟函数到对应的驱动上
try 类似apply,但是有自动回滚,在测试的时候很有用,怕配置后无法链接上服务器命令案例
#获得酥油的配置信息
netplan get
#获取eth0的IP相关信息
netplan ip leases eth0
#应用现在的配置
netplan apply2 架构图
netplan会根据/etc/netplan/*.yaml的配置生成对应的网络配置文件,这些配置文件或被内核的systemd-networkd或Network Manager管理,生成不同的网络接口
3 配置实例
主要是参考官方文档
3.1 使用DHCP
network:
version: 2
renderer: networkd
ethernets:
enp3s0:
dhcp4: true3.2 不使用DHCP
network:
version: 2
renderer: networkd
ethernets:
enp3s0:
addresses:
- 10.10.10.2/24
nameservers:
search: [mydomain, otherdomain]
addresses: [10.10.10.1, 1.1.1.1]
routes:
- to: default
via: 10.10.10.13.3 多个接口使用dhcp
network:
version: 2
ethernets:
enred:
dhcp4: yes
dhcp4-overrides:
route-metric: 100
engreen:
dhcp4: yes
dhcp4-overrides:
route-metric: 2003.4 连接一个WPA 个人无线网路
network:
version: 2
renderer: networkd
wifis:
wlp2s0b1:
dhcp4: no
dhcp6: no
addresses: [192.168.0.21/24]
nameservers:
addresses: [192.168.0.1, 8.8.8.8]
access-points:
"network_ssid_name":
password: "**********"
routes:
- to: default
via: 192.168.0.13.5 连接企业的无线网络
有额外的认证信息,使用wpa-eap和tls
network:
version: 2
wifis:
wl0:
access-points:
workplace:
auth:
key-management: eap
method: ttls
anonymous-identity: "@internal.example.com"
identity: "joe@internal.example.com"
password: "v3ryS3kr1t"
dhcp4: yesnetwork:
version: 2
wifis:
wl0:
access-points:
university:
auth:
key-management: eap
method: tls
anonymous-identity: "@cust.example.com"
identity: "cert-joe@cust.example.com"
ca-certificate: /etc/ssl/cust-cacrt.pem
client-certificate: /etc/ssl/cust-crt.pem
client-key: /etc/ssl/cust-key.pem
client-key-password: "d3cryptPr1v4t3K3y"
dhcp4: yes3.6 单个接口使用多个地址
network:
version: 2
renderer: networkd
ethernets:
enp3s0:
addresses:
- 10.100.1.37/24
- 10.100.1.38/24:
label: enp3s0:0
- 10.100.1.39/24:
label: enp3s0:some-label
routes:
- to: default
via: 10.100.1.13.7 多个地址使用多个网关
network:
version: 2
renderer: networkd
ethernets:
enp3s0:
addresses:
- 10.0.0.10/24
- 11.0.0.11/24
routes:
- to: default
via: 10.0.0.1
metric: 200
- to: default
via: 11.0.0.1
metric: 3003.8 设置使用不同的后端
支持network和network manager
network:
version: 2
renderer: NetworkManager3.9 配置网口使用bonding
network:
version: 2
renderer: networkd
bonds:
bond0:
dhcp4: yes
interfaces:
- enp3s0
- enp4s0
parameters:
mode: active-backup
primary: enp3s0network:
version: 2
renderer: networkd
ethernets:
enp1s0:
dhcp4: no
enp2s0:
dhcp4: no
enp3s0:
dhcp4: no
optional: true
enp4s0:
dhcp4: no
optional: true
enp5s0:
dhcp4: no
optional: true
enp6s0:
dhcp4: no
optional: true
bonds:
bond-lan:
interfaces: [enp2s0, enp3s0]
addresses: [192.168.93.2/24]
parameters:
mode: 802.3ad
mii-monitor-interval: 1
bond-wan:
interfaces: [enp1s0, enp4s0]
addresses: [192.168.1.252/24]
nameservers:
search: [local]
addresses: [8.8.8.8, 8.8.4.4]
parameters:
mode: active-backup
mii-monitor-interval: 1
gratuitious-arp: 5
routes:
- to: default
via: 192.168.1.1
bond-conntrack:
interfaces: [enp5s0, enp6s0]
addresses: [192.168.254.2/24]
parameters:
mode: balance-rr
mii-monitor-interval: 13.10 配置网桥
network:
version: 2
renderer: networkd
ethernets:
enp3s0:
dhcp4: no
bridges:
br0:
dhcp4: yes
interfaces:
- enp3s0network:
version: 2
renderer: networkd
ethernets:
enp0s25:
dhcp4: true
bridges:
br0:
addresses: [ 10.3.99.25/24 ]
interfaces: [ vlan15 ]
vlans:
vlan15:
accept-ra: no
id: 15
link: enp0s253.11 给网口设置vlan
network:
version: 2
renderer: networkd
ethernets:
mainif:
match:
macaddress: "de:ad:be:ef:ca:fe"
set-name: mainif
addresses: [ "10.3.0.5/23" ]
nameservers:
addresses: [ "8.8.8.8", "8.8.4.4" ]
search: [ example.com ]
routes:
- to: default
via: 10.3.0.1
vlans:
vlan15:
id: 15
link: mainif
addresses: [ "10.3.99.5/24" ]
vlan10:
id: 10
link: mainif
addresses: [ "10.3.98.5/24" ]
nameservers:
addresses: [ "127.0.0.1" ]
search: [ domain1.example.com, domain2.example.com ]3.12 直接连接网关
可以在网关不在同一个网段中
network:
version: 2
renderer: networkd
ethernets:
ens3:
addresses: [ "10.10.10.1/24" ]
routes:
- to: default # or 0.0.0.0/0
via: 9.9.9.9
on-link: trueipv6
network:
version: 2
renderer: networkd
ethernets:
ens3:
addresses: [ "2001:cafe:face:beef::dead:dead/64" ]
routes:
- to: "2001:cafe:face::1/128"
scope: link
- to: default # or "::/0"
via: "2001:cafe:face::1"
on-link: true3.13 配置源ip路由
network:
version: 2
renderer: networkd
ethernets:
ens3:
addresses:
- 192.168.3.30/24
dhcp4: no
routes:
- to: 192.168.3.0/24
via: 192.168.3.1
table: 101
routing-policy:
- from: 192.168.3.0/24
table: 101
ens5:
addresses:
- 192.168.5.24/24
dhcp4: no
routes:
- to: default
via: 192.168.5.1
- to: 192.168.5.0/24
via: 192.168.5.1
table: 102
routing-policy:
- from: 192.168.5.0/24
table: 1023.14 配置回环网口
network:
version: 2
renderer: networkd
ethernets:
lo:
addresses: [ "127.0.0.1/8", "::1/128", "7.7.7.7/32" ]3.15 和windows dchp server交互
需要携带认证信息
network:
version: 2
ethernets:
enp3s0:
dhcp4: yes
dhcp-identifier: mac3.16 配置ip tunnel
network:
version: 2
ethernets:
eth0:
addresses:
- 1.1.1.1/24
- "2001:cafe:face::1/64"
routes:
- to: default
via: 1.1.1.254
tunnels:
he-ipv6:
mode: sit
remote: 2.2.2.2
local: 1.1.1.1
addresses:
- "2001:dead:beef::2/64"
routes:
- to: default
via: "2001:dead:beef::1"3.17 配置SR-IOV虚拟函数
network:
version: 2
ethernets:
eno1:
mtu: 9000
enp1s16f1:
link: eno1
addresses : [ "10.15.98.25/24" ]
vf1:
match:
name: enp1s16f[2-3]
link: eno1
addresses : [ "10.15.99.25/24" ]