使用 NetworkManager 設定網路

Reference 1. Ubuntu NetworkManager 使用要項

從 RHEL7/CentOS7 開始, NetworkManager 已經過更好的改良, 使用 NetworkManager 服務可以一次設定好網路組態與DNS, 而不用再一個一個檔案修改.
nmcli 為 NetworkManager 主要的設定指令, 包含豐富的參數選項, 更容易調整網路位置, 以往在同一張網卡綁定多個 IP 時需要設定多個網路卡網態, 現在也需要使用一行指令即可隨意增加或修改.

開始設定
IP 與閘道
NIC Name: eno16780032
Tag Name: eth0
Type: ethernet
1st IPv4 IP: 192.168.1.192/24
2nd IPv4 IP: 192.168.1.25/24
IPv4 Default Getway: 192.168.1.1

root # nmcli connection add ifname eno16780032 con-name eth0 type ethernet ip4 192.168.1.192/24 gw4 192.168.1.1
root # nmcli connection modify eth0 +ipv4.addresses 192.168.1.25/24

ifname：網路卡名稱（Deivce 編號）
con-name：網路卡別名
type：網路型態
ip4：IPv4 位置，需加上網路區段
gw4：IPv4 閘道位置
設定 DNS
DNS1: 192.168.1.191
DNS1: 8.8.8.8

root # nmcli connection modify eth0 ipv4.dns 192.168.1.191
root # nmcli connection modify eth0 +ipv4.dns 8.8.8.8

ipv4.dns：設定第 1 組 DNS 位置
+ipv4.dns：設定第 2 組 DNS 位置（若有多個會累加）
Start eth0

root # nmcli connection up eth0

檢查設定
查看 IP

root # ip addr
1: lo: mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eno16780032: mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:50:56:bc:5f:90 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.192/24 brd 192.168.1.255 scope global eno16780032
       valid_lft forever preferred_lft forever
    inet 192.168.1.25/24 brd 192.168.1.255 scope global secondary eno16780032
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:febc:5f90/64 scope link
       valid_lft forever preferred_lft forever

查看 Routing table

root # route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    1024   0        0 eno16780032
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eno16780032

查看 DNS

root # cat /etc/resolv.conf
# Generated by NetworkManager
search intra.twlab.net
nameserver 192.168.1.191
nameserver 8.8.8.8

What does backport mean in Debian?

<用例子(1)來說明>

起因是安裝了 mepis ( based on Debian ) 之後, inkscape 無法輸入文字; 用 debian 的 backport 保守追新

以小心嚴謹出名的 debian, 它的穩定版 (stable) 所收錄的某些套件有時候太舊。 若非得用到某些套件的新版不可, 又不想整個系統更新至測試版 (testing), 或許可以到 backport 碰碰運氣。

在命令列下啟動 inkscape, 用錯誤訊息搜尋到 解決方案: 把 libgtk2.0-0 升級到 2.18.6-1。 一開始我也沒想到 debian 有 backport 這個東東, 就只是習慣性地隨意亂找 rpm 檔, 想用 alien 把 fedora 或其他版本較新的 libgtk2 的 rpm 轉成 deb 隨便應急一下。 不過連 alien 的版本也太舊, 無法轉較新的 rpm 冏rz。

後來回到 debian 官方的套件庫網站, 把 「發行版」 和 「section」 都設成 "any", 搜尋 libgtk2.0-0, 終於在 lenny-backports 底下看見 2.18.6-1~bpo50+1。 我還真的給他手工下載, 安裝, 發現相依問題, 再搜尋下一個套件, ... 然後系統就變得怪怪的, 冏rz。 (我對 debian 真的不熟)

以上是錯誤示範, 可略過。 其實根本不需要手工下載。 點進搜尋結果頁面上的 [backports] 連結, 終於學會如何使用 backports:

在 /etc/apt/sources.list 裡面加一句:deb http://backports.debian.org/debian-backports lenny-backports main
更新套件庫摘要索引資料: apt-get update
現在可以安裝新版函式庫了: apt-get -t lenny-backports install libgtk2.0-0
為了安全起見, 還要在 /etc/apt/preferences 最後面加上:
Package: *
Pin: release a=lenny-backports
Pin-Priority: 200
然後 inkscape 就又可以輸入中英文了!

<用例子(2)來說明>

LibreOffice Included In The Debian Squeeze Backports

Almost all the major Linux distributions are using LibreOffice instead of OpenOffice. Today, it has been announced that Debian Squeeze too will get LibreOffice in the backports.

LibreOffice has been available in Debian Wheezy and Debian Sid for a while now. But in the stable release, Debian Squeeze, it is not available. As a Debian policy, new packages are never introduced in the core repository of a stable release. So, it is very unlikely that Debian Squeeze will ever get LibreOffice in its main repository.

So, users of Debian Squeeze who wanted LibreOffice will have to install it from either the unstable or testing archive. However, Debian Squeeze users will no longer have to do that as LibreOffice has been made available in the Squeeze Backports.

How to install LibreOffice in Debian Squeeze from backports

Note: Installing LibreOffice will remove OpenOffice.

To install LibreOffice from the Squeeze backports, you need to add the backports first. To do that open the Terminal and execute:

$ sudo vi /etc/apt/sources.list

Now add the line given below and save the file.

# deb http://backports.debian.org/debian-backports squeeze-backports main

Now update the software list.

$ sudo apt-get update

Finally install LibreOffice with the command

$ apt-get -t squeeze-backports install libreoffice

NetworkManager conflict with rdnssd and resolvconf

Ref.1. Resolving the battle for control over your DNS settings in Debian/Ubuntu

There are a few daemons all wanting to control your DNS in Debian and Ubuntu. However, it’s better to resolve the conflict and leave one daemon in charge instead of having them battle it out on their own.

The Debian 8.0 “Jessie” network installer installs some packages that leaves you with broken domain name resolution in some situations. Ubuntu 15.04 “Vivid Vervet” also does some strange things out of the box. Both leaving Network Manager with a hard time controlling the systems’ DNS settings. Let us correct this by putting Network Manager back in control.

Assumption for leaving all of networking in Network Manager’s capable hands: You want your network to always configure itself automatically with minimal hassle at any location/Wi‐Fi network. Read on if this sounds like your use case.

Some symptoms indicating that you may have DNS resolution problems:

• Frequent unreliable and slow domain name resolution in browsers and other programs that seemingly correct themselves after some seconds
• It takes a long time for DNS to start working after connecting to a new network
• Only IPv6 resolution working when IPv4 resolution is not working, and visa‐versa
• /etc/resolv.conf is rewritten every few seconds
• /etc/resolv.conf is missing the “# Generated by NetworkManager” header at the top

Check that you’re actually using Network Manager. In most situations on most distributions this will be the case:

1. Run service NetworkManager status to confirm that Network Manager is running
2. Run head /etc/resolv.conf and look for:

   # Generated by NetworkManager

If the header is missing, continue with the below instructions. If it’s there then this post does not hold a solution to your network problem answer. Sorry, but you need to do more research elsewhere to identify your problem.

3. Run service rdnssd status to see if rdnssd is also running
4. Run service resolvconf status to see if resolvconf is also running

If two or more services are running we may have successfully identified the problem. Network Manager already covers the functionality provided by rdnssd and resolvconf, so you can go ahead and remove rdnssd and resolvconf.

5. Run apt-get purge rdnssd to remove it from your system
6. Run apt-get purge resolvconf to remove it from your system
7. Run service NetworkManager restart to stop and start the Network Manager daemon so it can find the changes

Wait a minute – or disconnect and reconnect your network – and then repeat step 2 to verify that that Network Manager is back in control over your name resolution.

How did this this problem arise in the first place? According to Debian bug #740998, the Debian network installer (for Debian 8.0 “Jessie”) will install the troublesome rdnssd program if the network installer sees an IPv6 environment. The package is not required on systems managed by Network Manager. Debian 9.0 “Sketch” – currently in the testing release channel – have resolved the problem by making the two packages conflict with each other, preventing them from being installed at the same time.

As for resolvconf, it’s a bit harder to track down how that gets installed. I suspect it’s the network installer again but haven’t confirmed it. Although resolvconf alone can almost manage your /etc/resolv.conf file, it will interfere with Network Manager. resolvconf will not setup IPv6 name servers in all situations

Ubuntu extra

Ubuntu always installs resolvconf. If you’re running Network Manager (see step 2), you can remove it. In addition to resolvconf, you also have to deal with dnsmasq in the mix on Ubuntu. dnsmasq is a caching system meant for situations when DNS is broken. As a side effect, it interferes with DNS and gets in the way of IPv6 DNS servers. Assuming you are not on the Moon or the International Space Station, you do not need a separate system‐level DNS caching daemon and can remove it:

1. Remove (or comment out) the below line from /etc/NetworkManager/NetworkManager.conf:

   dns=dnsmasq

2. Run service NetworkManager restart

Wait a minute – or disconnect and reconnect your network – and then repeat step 2 to verify that that Network Manager is back in control over your name resolution.

If your DNS still is broken, you can start blaming your router or internet service provider at this point. Check to see if you also have issues on other machines on the same network. Debian and Ubuntu’s conflicting oddities should have been neutralized, at least.

Debian 重新編譯套件 (Rebuilding Debian packages)

雖然 Debian 有很方便的 APT 套件管理工具，讓我們省去了許多自行下載、編譯(compile)、安裝程式碼的過程，但總難免會遇到需要修改程式碼的問題，這時就得下載套件原始碼(source code)，接著再根據套件相依性安裝其他套件，最後修改程式碼後進行編譯、安裝，但是問題往往不會如此順利與單純......。

一般透過 APT 所安裝的套件，大多都有經過 Debian 開發者的維護與修補(patch)，多多少少會與原本套件的原始碼不同，所以下載其他來源(如官方網站)的套件原始碼進行編譯時，有可能會遇到一些光怪陸離、不知如何解決的問題，例如你可能會遇到你所下載的套件原始碼並沒有針對 Debian 環境的修補，而導致無法順利安裝。

累了嗎？也許你可以有更好的選擇！

如果你所需要的套件是能夠透過 apt-get 就能夠安裝的話，同樣地，你也能夠透過 apt-get source 取得這些已經經過 Debian 維護與修補的套件原始碼！這樣有甚麽好處呢？

1. 不用再辛苦的除錯、修補 (可減少重複前人作過的事)
2. 確保一定能夠在 Debian 上運作
3. 節省時間、保留精力

接著以重新編譯 vim 為例，學習如何重新編譯套件。
重新編譯套件之前，需要三個基本的套件 build-essential, devscripts, fakeroot ，可使用以下指令進行安裝：

apt-get install build-essential devscripts fakeroot

接著使用 apt-get source (套件名稱) 指令下載 vim 的套件原始碼(建議使用一個新的資料夾存放原始碼)：

mkdir myvim
cd myvim
apt-get source vim

下載完之後，一般會有三個檔案(*.debian.tar.gz, *.dsc, *.orig.tar.gz)及一個資料夾出現，以 .orig.tar.gz 結尾的壓縮檔案是未經任何更動的套件原始碼，以 .debian.tar.gz 結尾的壓縮檔案則內含 Debian 的修補檔、編譯指令等等， .dsc 結尾的檔案則是記載要編譯此套件需滿足的相依性，而最後的資料夾則是含有 Debian 修補檔的套件原始碼。以 vim 為例就是以下三個檔案及一個資料夾：

vim-7.3.547  
vim_7.3.547-7.debian.tar.gz  
vim_7.3.547-7.dsc  
vim_7.3.547.orig.tar.gz

接著可以進入含有修補檔的資料夾中一探究竟：
cd vim-7.3.547

這個資料夾中經過 Debian 維護的修補檔，會存放在 debian 資料夾下的 patches 資料夾內 (debian/patches)，修補檔進行修補的順序則是依照 debian/patches/series 檔案內的順序，編譯的指令則是放在 debian 資料夾下的 rules 檔案裡，而原始程式碼則另外存放在 src 資料夾中，整體資料夾結構會如下所示：

vim-7.3.547/
             debian/
                   patches/
                   series
                   rules
             src/

如果只是想修改編譯時的參數，只要依照需求修改 debian/rules 即可。
若有更動到 src 資料夾下的檔案就還需使用以下指令提交修補檔(因為這些程式碼都有經過版本控制)！

dpkg-source --commit

提交時，會詢問修補檔要用甚麽檔名，此處可依需求輸入，例如 hellomyvim.patch 。
Enter the desired patch name:     hellomyvim.patch

提交成功後會出現如下的訊息：
dpkg-source: info: local changes have been recorded in a new patch: ...(略)

編譯之前，需先滿足編譯套件時的相依性，可使用 apt-get build-dep (套件名稱)，將需要的套件一併安裝起來。

apt-get build-dep vim

再來使用執行以下指令進行編譯即可：

fakeroot debian/rules clean
fakeroot debian/rules binary

若無任何錯誤訊息，編譯之後，在上一層的資料夾中會出現一個 .deb 檔，使用 dpkg -i 進行安裝即可！

cd ..
dpkg -i vim-7.3.547_.deb

參考資料
http://wiki.debian.org/BuildingTutorial

Install Full Kernel Source on Debian

Question: I need to download and install a full kernel source tree to compile a custom kernel for my Debian or Ubuntu system. What is a proper way to download full kernel source on Debian or Ubuntu?

Before installing full kernel source on your Linux system, ask yourself whether you really need the full kernel source. If you are trying to compile a kernel module or a custom driver for your kernel, you do not need the full kernel source. You only need to install matching kernel header files, and that's it.

You need the full kernel source tree only if you want to build a custom kernel after modifying the kernel code in any way and/or tweaking default kernel options.

Here is how to download and install full kernel source tree from Debian or Ubuntu repositories. While you can download the official kernel source code from https://www.kernel.org/pub/linux/kernel/, using distro's repositories allows you to download a kernel source with the maintainer's patches applied to it.

Install Full Kernel Source on Debian

Before downloading kernel source, install dpkg-dev, which contains a suite of development tools needed to build Debian source packages. Among other things, dpkg-dev contains dpgk-source tool which can extract a Debian source package and automatically apply patches.

$ sudo apt-get install dpkg-dev

Next, run the following command to download full kernel source.

$ apt-get source linux-image-$(uname -r)

Along with the full kernel source (linux_X.X.XX.orig.tar.xz), any available kernel patches (linux_X.X.X+XXX.debian.tar.xz) and source control file (linux_XXXX.dsc) will also be downloaded and stored in the current directory. The .dsc file instructs how the patches are applied to the kernel sources.

Upon the completion of download, the above command will automatically invoke dpkg-source tool, which will unpack the downloaded kernel source in the current directory, and apply downloaded patches according to .dsc file.

The final full kernel source tree will be available in the current directory as "linux-X.X.XX".

If "Can't drop privileges for downloading as file ... by user '_apt'. - pkgAcquire::Run (13: 13: Permission denied)." happens, please check owner & group of current directory.

Disable WLan if Wired/Cable Network is enabled

You can drop this script to /etc/NetworkManager/dispatcher.d/99-wlan:

#!/bin/bash

if [ "$1" = "eth0" ]; then
    case "$2" in
        up)
            nmcli radio wifi off
            ;;
        down)
            nmcli radio wifi on
            ;;
    esac
fi

Don't forget afterwards:

chmod +x /etc/NetworkManager/dispatcher.d/99-wlan