This document is not maintained anymore, please use YAML API document
This document holds all the API detail of the libnmstate Python module.
For rust crate API, please refer to our doc in docs.rs
For quick start, you may refer to Python code examples
The libnmstate package exposes the following API::
- Functions:
show()-- Query network stateapply()-- Apply network statecommit()-- Commit a transactionrollback()-- Rollback a transaction
- Submodules:
error-- Exceptionsschema-- Schema Constants
All constants and functions are available since version 1.0.0 unless state explicitly.
Besides using python dictionary with constants in libnmstate.schema as desire
state for libnmstate.apply(), you may also use yaml.load() or
json.loads() to convert desire state from YAML/JSON to dictionary
libnmstate.apply() needs. Please use YAML API document
if you prefer do show/apply the state in YAML format.
Example of querying network state:
import json
import libnmstate
from libnmstate.schema import Interface
net_state = libnmstate.show()
for iface_state in net_state[Interface.KEY]:
print(iface_state[Interface.NAME])Nmstate supports partial editing, only the specified data is changed, the
unspecified data is preserved/untouched.
Some properties(e.g. InterfaceIPv4.ADDRESS ) do not support partial editing,
please refer to their document for detail.
Example of changing eth1 MTU to 1460:
import libnmstate
from libnmstate.schema import Interface
libnmstate.apply({
Interface.KEY: [
{
Interface.NAME: 'eth1',
Interface.MTU: 1460
}
]
})All the exceptions are stored in libnmstate.error and are all
is inherited from NmstateError.
Nmstate requires external tools installed and/or started for desired state.
Exception happens at pre-apply check, user should resubmit the amended desired state. Example: * JSON/YAML syntax issue. * Nmstate schema issue. * Invalid value of desired property, like bond missing port.
Permission deny when applying the desired state.
An existing Nmstate transaction is in progress.
Exception for unexpected NetworkManager libnm failure.
After applied desired state, the desired state does not match the refreshed current state.
Desired feature is not supported by Nmstate yet.
Unexpected behaviour happened. It is a bug of libnmstate which should be fixed.
A resource like a device does not support the requested feature.
The transaction execution timed out.
Unexpected plugin behaviour happens, it is a bug of the plugin.
The YAML schema file is placed at libnmstate/schemas/operational-state.yaml.
In stead of using hard coded string, please use constants defined in
libnmstate.schema.
The network state is represented in a dictionary:
from libnmstate.schema import Interface
from libnmstate.schema import Route
from libnmstate.schema import DNS
network_state = {
DNS.KEY: {}, # Check section of 'DNS'
Route.KEY: {}, # Check section of 'Route'
Interface.KEY: [], # Check section of 'Interface -- Basic'
}An interface represents a hardware or software network interface. Each interface has these basic properties represented as a dictionary.
{
Interface.NAME: 'eth1',
Interface.STATE: InterfaceState.UP,
Interface.TYPE: InterfaceType.ETHERNET,
Interface.IPV4: {
InterfaceIPv4.ENABLED: True,
InterfaceIPv4.DHCP: False,
InterfaceIPv4.ADDRESS: [
{
InterfaceIPv4.ADDRESS_IP: '192.0.2.251',
InterfaceIPv4.ADDRESS_PREFIX_LENGTH: 24,
}
],
},
Interface.IPV6: {
InterfaceIPv6.ENABLED: True,
InterfaceIPv6.DHCP: True,
InterfaceIPv6.AUTOCONF: True,
InterfaceIPv6.AUTO_DNS: True,
InterfaceIPv6.AUTO_GATEWAY: True,
InterfaceIPv6.AUTO_ROUTES: True,
InterfaceIPv6.ADDRESS: [],
}
}The kernel name of the interface.
Type: string
The interface type.
Type: string
Possible values:
InterfaceType.ETHERNETInterfaceType.BONDInterfaceType.LINUX_BRIDGEInterfaceType.OVS_BRIDGEInterfaceType.OVS_PORTInterfaceType.OVS_INTERFACEInterfaceType.VLANInterfaceType.VXLANInterfaceType.TEAM(deprecated since 1.3 and removed since 2.0)InterfaceType.VRFInterfaceType.INFINIBANDInterfaceType.MAC_VLANInterfaceType.MAC_VTAPInterfaceType.VETH(new in 1.0.1)InterfaceType.LOOPBACK
The interface state.
Type: string
Possible values:
-
InterfaceState.UPBring interface link up.
-
InterfaceState.DOWNDeactivate the interface but keep the configure. Software based interface will be removed from kernel. You may reactivate the interface with old config again by using
InterfaceState.UP. The interface will be activated again after reboot. -
InterfaceState.ABSENTDeactivate the interface and remove its persisted configurations.
The maximum transmission unit of interface.
Type: interger
The minimum MTU supported by specified interface. This is a query only property and will be ignored when applying.
Type: integer
The maximum MTU supported by specified interface. This is a query only property and will be ignored when applying.
Type: integer
The MAC address of interface.
Type: String in the format of EA:60:E4:08:17:F1. Case insensitive.
New in 1.0.2.
Only valid for InterfaceType.BOND, InterfaceType.LINUX_BRIDGE and
InterfaceType.OVS_INTERFACE.
The Interface.COPY_MAC_FROM could hold the name of port which you
want this controller interface to use the same MAC with.
The MAC address is read from permanent hardware MAC address and fallback to current MAC address.
For example, below yaml state will create/change linux bridge br0 to
use the MAC address of eth2.
---
interfaces:
- name: br0
type: linux-bridge
state: up
copy-mac-from: eth2
bridge:
port:
- name: eth2
- name: eth1The description of the interface.
Type: String
The InterfaceIP class is holding the share constants between InterfaceIPv4
and InterfaceIPv6:
InterfaceIP.ENABLEDInterfaceIP.DHCPInterfaceIP.AUTO_DNSInterfaceIP.AUTO_GATEWAYInterfaceIP.AUTO_ROUTESInterfaceIP.ADDRESSInterfaceIP.ADDRESS_IPInterfaceIP.ADDRESS_PREFIX_LENGTHInterfaceIP.AUTO_ROUTE_METRIC(new in 1.4+ and 2.2+)
The Interface.IPV4 property holds the IPv4 stack information in a dictionary.
Example:
{
Interface.IPV4: {
InterfaceIPv4.ENABLED: True,
InterfaceIPv4.DHCP: True,
InterfaceIPv4.ADDRESS: [],
InterfaceIPv4.AUTO_DNS: True,
InterfaceIPv4.AUTO_GATEWAY: True,
InterfaceIPv4.AUTO_ROUTES: True,
InterfaceIPv4.AUTO_ROUTE_TABLE_ID: 100,
}
}Type: bool
Possible values:
-
True- IPv4 stack is enabled. -
False- IPv4 stack is disabled.
When applying network state with IPv4 disabled, all the remaining IPv4 configurations are ignored.
When showing the network state, if IPv4 is disabled, all the remaining properties are excluded in returned network state.
Type: bool
Possible values:
-
True- DHCPv4 is enabled. -
False- DHCPv4 is disabled.
Type: bool
Possible values:
-
TrueApply routes retrieved from DHCPv4: including gateway and classless static Route
-
FalseIgnore routes retrieved from DHCPv4: including gateway and classless static Route
This property only shows when Interface.IPV4[InterfaceIPv4.DHCP] is True
when querying.
This property is ignored when Interface.IPV4[InterfaceIPv4.DHCP] is
False when applying.
Type: bool
Possible values:
-
True- Apply gateway retrieved from DHCPv4. -
False- Ignore gateway retrieved from DHCPv4.
This property only shows when Interface.IPV4[InterfaceIPv4.DHCP] is True
when querying.
This property is ignored when Interface.IPV4[InterfaceIPv4.DHCP] is
False when applying.
Type: bool
Possible values:
-
TrueApply gateway retrieved from DHCPv4.
-
FalseIgnore gateway retrieved from DHCPv4.
This property only shows when Interface.IPV4[InterfaceIPv4.DHCP] is True
when querying.
This property is ignored when Interface.IPV4[InterfaceIPv4.DHCP] is
False when applying.
The table where the route will be configured when InterfaceIPv4.AUTO_ROUTES
is enabled.
Type: integer
New in 1.4 and 2.2.
The metric number assigned to routes retried from DHCPv4 or IPv6 autoconf.
Type: integer
The static IPv4 addresses. This property does not support partial editing, the full list of IP addresses is required in desired state.
Type: array of dictionary.
When Interface.IPV4[InterfaceIPv4.DHCP] is set to True, the address defined
in this property is also ignored.
Example:
InterfaceIPv4.ADDRESS: [
{
InterfaceIPv4.ADDRESS_IP: '192.0.2.251',
InterfaceIPv4.ADDRESS_PREFIX_LENGTH: 24,
}
]The static IPv4 address.
Type: string
Format: 192.0.2.251
The prefix length of static IPv4 address.
Type: interger.
The Interface.IPV6 property holds the IPv6 stack information in a dictionary.
Example:
{
Interface.IPV6: {
InterfaceIPv6.ENABLED: True,
InterfaceIPv6.DHCP: True,
InterfaceIPv6.ADDRESS: [],
InterfaceIPv6.AUTO_DNS: True,
InterfaceIPv6.AUTO_GATEWAY: True,
InterfaceIPv6.AUTO_ROUTES: True,
InterfaceIPv6.AUTO_ROUTE_TABLE_ID: 100,
}
}Type: bool
Possible values:
-
True- IPv6 stack is enabled. -
False- IPv6 stack is disabled.
When applying network state with IPv6 disabled, all the remaining IPv6 configurations are ignored.
When showing network state, if IPv6 is disabled, all the remaining properties are excluded in the returned network state.
Type: bool
Possible values:
True- DHCPv6 is enabled.False- DHCPv6 is disabled.
Type: bool
Possible values:
True- Auto configuration(IPv6 router advertisement) is enabled.False- Auto configuration(IPv6 router advertisement) is disabled.
Type: bool
Possible values:
-
TrueApply routes(including gateway) retrieved from IPv6 router advertisement.
-
FalseIgnore routes(including gateway) retrieved from IPv6 router advertisement.
Type: bool
Possible values:
-
True- Apply gateway retrieved from IPv6 router advertisement. -
False- Ignore gateway retrieved from IPv6 router advertisement.
Type: bool
Possible values:
-
TrueIgnore DNS client configuration retrieved from IPv6 router advertisement and DHCPv6.
-
FalseApply DNS client configuration retrieved from IPv6 router advertisement and DHCPv6.
The table where the route will be configured when InterfaceIPv6.AUTO_ROUTES
is enabled.
Type: integer
New in 1.4 and 2.2.
The metric number assigned to routes retried from DHCPv4 or IPv6 autoconf.
Type: integer
The static IPv6 addresses. This property does not support partial editing, the full list of IP addresses is required in desired state.
Type: array of dictionary.
When Interface.IPV6[InterfaceIPv6.DHCP] or
Interface.IPV6[InterfaceIPv6.AUTOCONF] is set to True, the address defined
in this property is also ignored.
Example:
InterfaceIPv6.ADDRESS: [
{
InterfaceIPv6.ADDRESS_IP: '2001:db8:1::f',
InterfaceIPv6.ADDRESS_PREFIX_LENGTH: 64,
}
]The static IPv6 address.
Type: string
Format: 2001:db8:1::f
The prefix length of static IPv6 address.
Type: interger.
Besides basic interface properties, each Ethernet interface state also contains
a dictionary saved in key Ethernet.CONFIG_SUBTREE.
For virtual interface like virtio_net or veth, there is no
Ethernet.CONFIG_SUBTREE.
Example:
{
Interface.KEY: [
{
Interface.NAME: "eth1",
Interface.TYPE: InterfaceType.ETHERNET,
Interface.STATE: InterfaceState.UP,
Ethernet.CONFIG_SUBTREE: {
Ethernet.AUTO_NEGOTIATION: True,
Ethernet.DUPLEX: Ethernet.FULL_DUPLEX,
Ethernet.SPEED: 1000
}
}
]
}Type: bool
The Interface.ACCEPT_ALL_MAC_ADDRESSES causes the kernel to accept ethernet
packages even its destination MAC address is not for current interface.
Type: string
The Interface.WAIT_IPproperty defines which IP stack should network backend
wait before considering the interface activation finished.
It supports these values: any, ipv4, ipv6 and ipv4+ipv6. For more
details please check the YAML API
documentation
Type: string
The Interface.CONTROLLER property defines the controller of the specified
interface. This property is hidden when querying and only used for controller
attaching and detaching. Setting as empty means deatching from current
controller.
Type: string
The profile name used by network backed.
Type: string
The Interface.IDENTIFIER property is only valid for applying or generating
configurations. The valid values are: Interface.IDENTIFIER_NAME or
Interface.IDENTIFIER_MAC. For further information, please read the YAML API
documentation.
Type: bool
When TRUE, enforce auto-negotiation of speed and duplex mode.
If Ethernet.SPEED and Ethernet.DUPLEX properties are both specified, only
that single mode is advertised and accepted during the link
auto-negotiation process: this works only for BASE-T 802.3 specifications and
is useful for enforcing gigabits modes, as in these cases link negotiation is
mandatory. When FALSE, Ethernet.SPEED and Ethernet.DUPLEX properties should
be both set or link configuration is skipped.
Type: string, Ethernet.FULL_DUPLEX or Ethernet.HALF_DUPLEX.
Ethernet duplex mode.
Type: integer
Ethernet speed in the unit of Mbps.
If the ethernet interface supports SR-IOV, the Ethernet.SRIOV_SUBTREE
dictionary allows to configure it.
- Some NICs don't use the standard kernel API to create VF or change the number
of VF, such as mlx4_en, cxgb4 etc. Try running
echo 1 > /sys/class/net/${interface}/device/sriov_numvfsto create a VF, if fails, then nmstate might not support manipulating SR-IOV on these NICs. - For some NICs, the MAC address of a VF might vary automatically even though you have specified it by nmstate, because PF enforces a MAC override. For such NICs, configuring MAC on the corresponding interface of a VF, instead of on the VF itself, is recommended.
- Not all the SR-IOV options listed below can be configured, it depends on a NIC's SR-IOV capabilities.
Nmstate supports the following options:
Type: integer
Total number of Virtual Functions per Physical Function. Changing the total VFs
will also change the interfaces that are visible in the Nmstate state. Reducing
the total VFs without setting Interface.STATE to InterfaceState.ABSENT for
the corresponding interfaces might lead to an undefined system state or error.
Example:
{
Interface.KEY: [
{
Interface.NAME: "eth1",
Interface.TYPE: InterfaceType.ETHERNET,
Interface.STATE: InterfaceState.UP,
Ethernet.CONFIG_SUBTREE: {
Ethernet.SRIOV_SUBTREE: {
Ethernet.SRIOV.TOTAL_VFS: 1,
Ethernet.SRIOV.VFS_SUBTREE: [
{
Ethernet.SRIOV.VFS.ID: 0,
Ethernet.SRIOV.VFS.MAC_ADDRESS: 76:A5:0B:F1:8A:C6,
Ethernet.SRIOV.VFS.MAX_TX_RATE: 1000,
Ethernet.SRIOV.VFS.MIN_TX_RATE: 100,
Ethernet.SRIOV.VFS.TRUST: False,
}
],
}
}
}
]
}If the ethernet SR-IOV is enabled and the Ethernet.SRIOV.TOTAL_VFS is greater
than 0, this will contain a list of dictionaries that allows to configure each
VF. Nmstate supports the following options:
The VF id. This parameter is read-only.
Type: integer
The MAC address of the VF.
Type: string in the format of EA:60:E4:08:17:F1. Case insensitive.
Enable or disable spoof check in the VF.
Type: bool
Enable or disable trust in the VF.
Type: bool
The minimum TX rate. Please, note that not all the NICs support this option.
Type: integer
Available since 1.2.1
The VLAN ID of SRIOV VF.
Type: integer
Available since 1.2.1
The QoS value of SRIOV VF.
Type: integer
Besides basic interface properties, each VLAN interface state also contains
a dictionary saved in key VLAN.CONFIG_SUBTREE.
Example:
{
Interface.KEY: [
{
Interface.NAME: "eth1.101",
Interface.TYPE: VLAN.TYPE,
Interface.STATE: InterfaceState.UP,
VLAN.CONFIG_SUBTREE: {
VLAN.ID: 101,
VLAN.BASE_IFACE: 'eth1'
}
}
]
}Type: integer
The VLAN ID.
To change VLAN ID, please use InterfaceState.ABSENT for existing one and add
new one after that.
Type: string
The interface name which current VLAN is based on.
Besides basic interface properties, each VXLAN interface state also contains
a dictionary saved in key VXLAN.CONFIG_SUBTREE.
Example:
{
Interface.KEY: [{
Interface.NAME: 'eth1.101',
Interface.TYPE: VXLAN.TYPE,
Interface.STATE: InterfaceState.UP,
VXLAN.CONFIG_SUBTREE: {
VXLAN.ID: 101,
VXLAN.BASE_IFACE: 'eth1',
VXLAN.REMOTE: '192.0.2.2',
VXLAN.DESTINATION_PORT: 4790 # optional
}
}]
}Type: integer
The VXLAN ID.
To change the VXLAN ID, please remove the interface first by setting the state
to InterfaceState.ABSENT and then add a new one.
Type: string
The name of the underlying interface for the VXLAN.
Type: string
The unicast destination IP address to use in outgoing packets when the destination link layer address is not known in the VXLAN device forwarding database, or the multicast IP address to join.
Type: integer
The UDP destination port to communicate to the remote VXLAN tunnel endpoint. Default: 4789
Type: string
The source IP address for out-going package of VxLAN tunnel.
Type: bool
Whether to learn link layer address for forward database.
Besides basic interface properties, each Linux Bridge interface state also
contains a dictionary saved in key LinuxBridge.CONFIG_SUBTREE.
Example:
{
Interface.KEY: [{
Interface.NAME: "linux-br0",
Interface.TYPE: LinuxBridge.TYPE,
Interface.STATE: InterfaceState.UP,
LinuxBridge.CONFIG_SUBTREE: {
LinuxBridge.OPTIONS_SUBTREE: {
LinuxBridge.Options.GROUP_FORWARD_MASK: 0,
LinuxBridge.Options.MAC_AGEING_TIME: 300,
LinuxBridge.Options.MULTICAST_SNOOPING: True,
LinuxBridge.STP_SUBTREE: {
LinuxBridge.STP.ENABLED: True,
LinuxBridge.STP.FORWARD_DELAY: 15,
LinuxBridge.STP.HELLO_TIME: 2,
LinuxBridge.STP.MAX_AGE: 20,
LinuxBridge.STP.PRIORITY: 32768
}
},
LinuxBridge.PORT_SUBTREE: [
{
LinuxBridge.Port.NAME: "eth1",
LinuxBridge.Port.STP_PRIORITY: 32,
LinuxBridge.Port.STP_HAIRPIN_MODE: False,
LinuxBridge.Port.STP_PATH_COST: 100
}
]
}
}]
}If Interface.MAC_ADDRESS is not defined in desire state of Linux Bridge,
nmstate will trust kernel and systemd to determine the MAC address of this
bridge:
- For RHEL/CentOS 8, the MAC of first attached port will be used.
- For Fedora 31+ or other distribution with systemd 242+, systemd will generate random MAC address with interface name as seed.
If you want to enforcing bridge to use MAC address of first attached port,
you may create /etc/systemd/network/98-bridge-inherit-mac.link with below
contents:
[Match]
Type=bridge
[Link]
MACAddressPolicy=none
Of course, you can always explicitly define assign a MAC address to a bridge without worrying above.
Type: integer
The mask of group address to forward.
Type: integer
The Spanning Tree Protocol (STP) maximum message age, in seconds.
Type: bool
Whether IGMP snooping is enabled for this bridge.
Type: string in the format of 01:80:C2:00:00:00.
The MAC address of the multicast group this bridge uses for STP.
Type: integer
A mask of group addresses to forward.
Type: integer
Type: integer
Type: string
Sets bridge’s multicast router. Multicast-snooping must be enabled for this option to work.
Type: integer
Set the number of queries the bridge will send before stopping forwarding a multicast group after a “leave” message has been received.
Type: integer
Set interval (in deciseconds) between queries to find remaining members of a group, after a “leave” message is received.
Type: integer
Set delay (in deciseconds) after which the bridge will leave a group, if no membership reports for this group are received.
Type: bool
Enable or disable sending of multicast queries by the bridge. If not specified the option is disabled.
Type: integer
If no queries are seen after this delay (in deciseconds) has passed, the bridge will start to send its own queries.
Type: bool
If enabled the bridge’s own IP address is used as the source address for IGMP queries otherwise the default of 0.0.0.0 is used.
Type: integer
Interval (in deciseconds) between queries sent by the bridge after the end of the startup phase.
Type: integer
Set the Max Response Time/Max Response Delay (in deciseconds) for IGMP/MLD queries sent by the bridge.
Type: integer
Set the number of IGMP queries to send during startup phase.
Type: integer
Sets the time (in deciseconds) between queries sent out at startup to determine membership information.
Type: integer
The drfault PVID for the ports of the bridge, that is the VLAN id assigned to incoming untagged frames.
Type: bool
Whether Spanning Tree Protocol (STP) is enabled for this bridge.
Type: integer
The Spanning Tree Protocol (STP) forwarding delay, in seconds.
Type: integer
The Spanning Tree Protocol (STP) hello time, in seconds.
Type: integer
The Spanning Tree Protocol (STP) maximum message age, in seconds.
Type: integer
Sets the Spanning Tree Protocol (STP) priority for this bridge. Lower values are "better"; the lowest priority bridge will be elected the root bridge.
Type: List of dictionary.
This property does not support partial editing, the full list of ports is required in desired state.
Type: string
The interface name of the linux bridge port.
Type: integer
The Spanning Tree Protocol (STP) priority of this bridge port. Lower values are "better".
Type: bool
Whether hairpin mode is enabled or not for the port.
Type: integer
The Spanning Tree Protocol (STP) port cost for destinations via this port.
Each Linux Bridge port also features a subtree to configure the allowed VLANs passing through it. If the VLAN subtree is not configured, all the VLANs are allowed; when the VLAN subtree is specified, the user needs to provide the full list of bridge ports.
Example:
{
LinuxBridge.Port.VLAN_SUBTREE: {
LinuxBridge.Port.Vlan.MODE: LinuxBridge.Port.Vlan.Mode.TRUNK,
LinuxBridge.Port.Vlan.ENABLE_NATIVE: True,
LinuxBridge.Port.Vlan.TAG: 105,
LinuxBridge.Port.Vlan.TRUNK_TAGS: [
LinuxBridge.Port.TrunkTags.ID: 100,
LinuxBridge.Port.TrunkTags.ID_RANGE: {
LinuxBridge.Port.TrunkTags.MIN_RANGE: 500,
LinuxBridge.Port.TrunkTags.MAX_RANGE: 599,
}
]
}
}Type: string
The operational mode of the port. Allowed values are:
- LinuxBridge.Port.Vlan.Mode.ACCESS
- LinuxBridge.Port.Vlan.Mode.TRUNK
Type: bool
Default: false
Can only be used for trunk ports. When enabled, it configures the VLAN specified by
LinuxBridge.Port.Vlan.TAG as a native VLAN.
Type: integer
The access tag of the access port, or the native vlan of the trunk port.
Type: array of dictionary.
Defines the white-list of VLANs accepted on this port. It accepts two formats:
- single tag - a dictionary with a single
idkey, and an integer value (0-4095) - tag ranges - a dictionary with a single
id-rangekey, whose value is a dict with two keys:minandmax. Both values are integers, in the (0-4095) range.
Besides basic interface properties, each bond interface state also
contains a dictionary saved in key BOND.CONFIG_SUBTREE.
Example:
{
Interface.KEY: [
{
Interface.NAME: "bond99",
Interface.TYPE: InterfaceType.BOND,
Interface.STATE: InterfaceState.UP,
Bond.CONFIG_SUBTREE: {
Bond.MODE: "balance-rr",
Bond.OPTIONS_SUBTREE: {},
Bond.PORT: ["eth1"]
},
}
]
}Type: string
The bond mode in kernel. Possible values are:
BondMode.ROUND_ROBINBondMode.ACTIVE_BACKUPBondMode.XORBondMode.BROADCASTBondMode.LACPBondMode.TLBBondMode.ALB
Please refer to kernel document for detail.
When changing bond mode, the Bond.OPTIONS_SUBTREE will not merge from current
state. User is required to provide full desire bond options when switching
bond mode.
Type: dictionary
The dictionary of bond options. Please refer to kernel document for detail.
Set to Bond.OPTIONS_SUBTREE: {} will revert all bond options back to kernel
defaults.
Nmstate will not perform verification on whether desired bond options is applied to kernel due to complexity of it, please verify the bond options by yourself.
Type: list of string
The names of bond port interfaces. This property does not support partial editing, full list of ports is required in desired state. If not defined in desire state, current status will be preserved.
Besides basic interface properties, each OVS bridge interface state also
contains a dictionary saved in key OVSBridge.CONFIG_SUBTREE.
Example:
{
Interface.KEY: [{
Interface.NAME: "ovs-br0",
Interface.TYPE: InterfaceType.BOND,
Interface.STATE: InterfaceState.UP,
OVSBridge.CONFIG_SUBTREE: {
OVSBridge.OPTIONS_SUBTREE: {
OVSBridge.Options.FAIL_MODE: "",
OVSBridge.Options.MCAST_SNOOPING_ENABLE: False,
OVSBridge.Options.RSTP: False,
OVSBridge.Options.STP: True
},
OVSBridge.PORT_SUBTREE: [
{
OVSBridge.Port.NAME: "ovs0",
},
{
OVSBridge.Port.NAME: "eth1",
}
]
},
}]
}When certain OVS interfaces interface is not created by NetworkManager or
nmstate, the libnmstate.show() might showing the incorrect running state of
it.
Type: string, 'secure' or 'standalone' or empty.
The bridge failure mode.
Type: bool
Enable or disable multicast snooping.
Type: bool
Enable or disable RSTP.
Type: bool
Enable or disable STP.
Type: List of dictionary.
This property does not support partial editing, the full list of ports is required in desired state.
Type: string
The OVS bridge port name.
Each OVS internal interface state contains a dictionary saved in key
OVSInterface.PATCH_CONFIG_SUBTREE.
Type: string
Interface patch peer name.
Besides basic interface properties, each Macvtap interface state also contains
a dictionary saved in key MacVtap.CONFIG_SUBTREE holding information
for MacVtap.BASE_IFACE, MacVtap.MODE and MacVtap.PROMISCUOUS.
The interface name which current Macvtap is based on.
The mode of Macvtap interface. Possible values are:
MacVtap.Mode.VEPAMacVtap.Mode.BRIDGEMacVtap.Mode.PRIVATEMacVtap.Mode.PASSTHRUMacVtap.Mode.SOURCE
Bool. Whether accept all mac addresses mode is enabled or not.
Besides basic interface properties, each Macvvlan interface state also contains
a dictionary saved in key MacVlan.CONFIG_SUBTREE holding information
for MacVlan.BASE_IFACE, MacVlan.MODE and MacVlan.PROMISCUOUS.
The interface name which current Macvvlan is based on.
The mode of Macvvlan interface. Possible values are:
MacVlan.Mode.VEPAMacVlan.Mode.BRIDGEMacVlan.Mode.PRIVATEMacVlan.Mode.PASSTHRUMacVlan.Mode.SOURCE
Bool. Whether accept all mac addresses mode is enabled or not.
Besides basic interface properties, each IP over InfiniBand interface state
also contains a dictionary saved in key InfiniBand.CONFIG_SUBTREE holding
information for InfiniBand.BASE_IFACE, InfiniBand.MODE and
InfiniBand.PKEY.
The parent interface current IPoIB interface is based on.
IPoIB can run in two modes of operation: Connected
mode(InfiniBand.Mode.CONNECTED) and Datagram
mode(InfiniBand.Mode.DATAGRAM).
The Partition Keys (PKeys) used to partition IPoIB communication. You may
use integer or hex string.
The InfiniBand.DEFAULT_PKEY indicating this IPoIB interface is not using
pkey partitioning.
Besides basic interface properties, each VRF interface state
also contains a dictionary saved in key VRF.CONFIG_SUBTREE holding
information for VRF.ROUTE_TABLE_ID, VRF.PORT_SUBTREE.
Integer, the route table id this VRF is assigned to.
List of string, the name of interfaces assigned to this VRF interface.
Besides basic interface properties, each Team interface state also contains a
dictionary saved in key Team.CONFIG_SUBTREE. In addition, this dictionary
contains a list of dictionaries saved in key Team.PORT_SUBTREE and a
dictionary saved in key Team.RUNNER_SUBTREE.
Example:
{
Interface.KEY : [
Interface.NAME: "team0",
Interface.TYPE: InterfaceType.TEAM,
Interface.STATE: InterfaceState.UP,
Team.CONFIG_SUBTREE: {
Team.PORT_SUBTREE: [
{
Team.Port.NAME: "eth1"
},
{
Team.Port.NAME: "eth2"
}
],
Team.RUNNER_SUBTREE: {
Team.Runner.NAME: Team.Runner.RunnerMode.LOAD_BALANCE
}
}
]
}These values are based on the teamd JSON API. For further information please refer to teamd manual page
When certain team interface is not created by NetworkManager or nmstate,
the libnmstate.show() might showing the incorrect running state of it.
Type: string
The interface name of the port.
Type: string
The mode in which the interface is operating. Currently we are supporting the following values:
Team.Runner.RunnedMode.LOAD_BALANCE
New in version 1.0.1.
Besides basic interface properties, each Veth interface state also contains a
dictionary saved in key Veth.CONFIG_SUBTREE. In addition, this dictionary
contains a property named Veth.PEER.
Example:
{
Interface.KEY : [
Interface.NAME: "veth0",
Interface.TYPE: InterfaceType.VETH,
Interface.STATE: InterfaceState.UP,
Veth.CONFIG_SUBTREE: {
Veth.PEER: "veth1"
}
]
}It contains the option to set the veth peer.
Type: string
Set the veth interface peer.
Nmstate provides Link Layer Discovery Protocol information for each interface.
It contains the option to enable LLDP and the neighbors information.
Type: bool
Enable or disable LLDP on the interface.
Contains a list of lists. Each element of the list is a neighbor announced by LLDP and each element of the neighbor is a dictionary containing the TLV information.
Type: string
Description of the TLV.
Type: integer
Type: integer
Type: string in the format 00:80:c2
Nmstate provides both running and in-config routes via libnmstate.show().
Example:
{
Route.KEY: {
Route.CONFIG: [
{
Route.TABLE_ID: 0,
Route.DESTINATION: "0.0.0.0/0",
Route.NEXT_HOP_INTERFACE: "eth1",
Route.NEXT_HOP_ADDRESS: "192.0.2.1",
Route.METRIC: -1
}
],
Route.RUNNING: [
{
Route.TABLE_ID: 254,
Route.DESTINATION: "192.0.2.0/24",
Route.NEXT_HOP_INTERFACE: "eth1",
Route.NEXT_HOP_ADDRESS: "",
Route.METRIC: 100
},
}
}The running routes contains route entries in kernel, which might contain:
- Routes from DHCP or IPv6-RA.
- Routes generated by kernel automatically. Like multicast, LAN and etc.
The config routes are the static routes saved in configuration files.
The libnmstate.apply(desire_state) merges current config routes into
desire_state, to remove config route entry, please use
Route.STATE: Route.STATE_ABSENT in the route entry:
-
Remove specific route config entry:
Just add
Route.STATE: Route.STATE_ABSENTto the route entry to be removed. -
Remove all route config entry that matches:
If any property is not defined in config absent route, it is treat as wildcard. For example, the following route entry removes all routes whose next hop is 'eth1'.
{
Route.STATE: Route.STATE_ABSENT,
Route.NEXT_HOP_INTERFACE: "eth1"
}Type: integer
The route table ID.
If not defined, set as Route.USE_DEFAULT_ROUTE_TABLE to use the default
route table.
Type: string
The route destination in the format like 192.0.2.0/24 or 2001:db8:1::/64.
Type: string
The next hop interface. Mandatory.
Type: string
The next hop address.
Type: integer
The route metric.
If not define, set to Route.USE_DEFAULT_METRIC for the default metric.
Type: integer
The route weight. Please, notice that this property is only effective on ECMP route. Nmstate will configure ECMP route when possible on kernel.
Nmstate provides routes rules via libnmstate.show().
Example:
{
RouteRule.KEY: {
RouteRule.CONFIG: [
{
RouteRule.IP_TO: 192.0.2.0/24,
RouteRule.PRIORITY: 1000,
RouteRule.ROUTE_TABLE: 50,
},
],
},
}A list containing the multiple rule configurations.
Type: string in the format 192.0.2.1/24
Type: string in the format 192.0.2.1/24
Type: integer
The priority of the rule over the others.
Type: integer
The table id where the rule should be applied.
Type: integer
Type: integer
Type: integer
The fwmark value used. The format reported by Nmstate is hexadecimal as 0x30
and it is also supported for applying the state.
Type: integer
The fwmask value used. The format reported by Nmstate is hexadecimal as 0x30
and it is also supported for applying the state. In addition, notice that this
value is optional and only valid when fwmark is set.
Type: string
The address family for this route rule. This option is specially useful when
configuring from all to all routing policy. The supported values are ipv4
and ipv6.
Type: string
Type: string
Type: string
This property defines the matching on incoming interface name.
Type: string
This property defines the action for the routing policy. The supported values
are: RouteRule.ACTION_BLACKHOLE, RouteRule.ACTION_UNREACHABLE and
RouteRule.ACTION_PROHIBIT
Nmstate provides both running and in-config DNS client configuration via
libnmstate.show(). Example:
{
DNS.KEY: {
DNS.CONFIG: {
DNS.SEARCH: [
"example.org",
"example.com",
],
DNS.SERVER: [
"192.0.2.1"
]
},
DNS.RUNNING: {
DNS.SEARCH: [
"example.org",
"example.com",
],
DNS.SERVER: [
"192.0.2.1"
]
}
},
}The running DNS config it might contains DNS config from DHCP or IPv6-RA. The config DNS is the static configuration saved in configuration files.
The libnmstate.apply(desire_state) copies current DNS config to
desire_state if DNS.KEY is missing from desire_state. Otherwise, DNS
config in desire_state overrides current DNS configurations.
Currently nmstate only support configuring static DNS on any of these situations:
- Has interface configured as static IP address and static default gateway.
- Has interface configured as dynamic IP with
InterfaceIP.AUTO_DNS: False.
Type: list of string
Search list for host-name lookup.
Type: list of string
Name server IP addresses.
Placing IPv4/IPv6 name server in the middle of IPv6/IPv4 name servers is not supported yet.
Available since 2.2.0.
The Interface.MPTCP section of interface holds the Multipath TCP interface
level flags, it will apply flags to all valid IP addresses(both static and
dynamic). Network backend might has its own rule on excusing special scope of
IP address, e.g. IPv6 multicast address.
Example:
desired_state = {
Interface.KEY: [
{
Interface.NAME: "eth1",
Interface.TYPE: InterfaceType.ETHERNET,
Interface.STATE: InterfaceState.UP,
Interface.MPTCP: {
Mptcp.ADDRESS_FLAGS: [
Mptcp.FLAG_SIGNAL,
Mptcp.FLAG_BACKUP,
]
},
}
]
}
libnmstate.apply(desired_state)Supported MPTCP flags are:
Mptcp.FLAG_FULLMESHMptcp.FLAG_SUBFLOWMptcp.FLAG_BACKUPMptcp.FLAG_SIGNAL
Limitations:
- Per IP address MPTCP flags is ignored with an warning message when different from interface level MPTCP flags.
- Cannot set
signalalong withfullmeshdue to kernel restriction. - If sysctl has
net.mptcp.enabledset to 0, NetworkManager cannot apply MPTCP flags. User will get an failure suggest them to use third-party tools. - Cannot reapply on MPTCP changes, full activation will invoked when MPTCP flags changed.
- When MPTCP not supported by NetworkManager, the query will hide interface level MPTCP flags even it been enabled by third party tool.