[opensuse] Changing network settings with YaST over SSH
I tried to change an openSUSE Leap 42.1 server from static IP to DHCP using YaST over SSH and in text mode. To make it short, this doesn't work. The Server is offline now. The last messages from YaST in the SSH session: x Write device configuration x Write network configuration x Write routing configuration x Write hostname and DNS configuration x Set up network services x Write firewall settings => Activate network services - Update configuration How I can do this the right way next time? (I doubt, that YaST stopped the network setup in step "Activate network services" because the SSH session was interrupted. But I had run YaST in TMUX.) Greetings, Björn -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Bjoern Voigt wrote:
I tried to change an openSUSE Leap 42.1 server from static IP to DHCP using YaST over SSH and in text mode.
To make it short, this doesn't work. The Server is offline now.
IOW, you changed the IP of the interface you are accessing it over?
How I can do this the right way next time?
Change the network config file and reboot. -- Per Jessen, Zürich (7.6°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 4/6/2017 5:16 PM, Bjoern Voigt wrote:
I tried to change an openSUSE Leap 42.1 server from static IP to DHCP using YaST over SSH and in text mode.
To make it short, this doesn't work. The Server is offline now.
The last messages from YaST in the SSH session:
x Write device configuration x Write network configuration x Write routing configuration x Write hostname and DNS configuration x Set up network services x Write firewall settings => Activate network services - Update configuration
How I can do this the right way next time?
(I doubt, that YaST stopped the network setup in step "Activate network services" because the SSH session was interrupted. But I had run YaST in TMUX.)
Greetings, Björn
While it might be nice if the network configurator were smart enough to take special pains to make such a risky procedure as bulletproof as possible, that is just a "that might be nice". A full general purpose server is not a router appliance alas. It should have been obvious that you can't safely use the network to make changes to that very same network, especialy not 100% connection-breaking ones like changing the ip that you are currently connected to. Your options are a few: 1) best: Always and only use a console to make THAT particular change. This can be a serial console, doesn't have to be an ip-kvm. Your motherboard has to support the feature, and you need to have that connected to a terminal server appliance where you essentially ssh to a serial port. Or, in the case of VPS's like Digital Ocean, use the web-based console they provide. It's crappy and slow, but you only need it for rare exception operations like this. 2) crap: Edit /etc/sysconfig/network/ifcfg-eth0 (or whatever the equivalent is these days, this is from 11.4 using ifcfg, not leap and not using networkmanager. But there IS some equivalent file you can edit.) Then issue a "reboot -r now" and cross your fingers and hope you got everything right and hope it actually does come back up on the new IP and that that IP actually does work. This is actually a crap answer. 3) running yast in a screen session might possibly save you in some odd situation where the machine is actually still... no actually I'm not sure there is any situation where this would help much. If you can get back in in order to re-connect to the busted screen session, well then you don't actually need to re-connect to the busted screen session, you can just kill any stuck yast processes and start over. 4) pay the hands-on hourly rate for the colo staff to do things for you with you on the phone with them. 5) drive to location Summary: Don't even use a remote server that doesn't have *some* form of remote console. -- bkw -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, 6 Apr 2017 18:01:07 -0400 Brian K. White wrote:
2) crap: Edit /etc/sysconfig/network/ifcfg-eth0 (or whatever the equivalent is these days, this is from 11.4 using ifcfg, not leap and not using networkmanager. But there IS some equivalent file you can edit.) Then issue a "reboot -r now" and cross your fingers
Notwithstanding all of your valid points, which I generally concur with, the last situation like this that I was forced to contend with, I wrote a 'scriptlet' that would restore the original, known working network configuration and reboot five minutes after booting if I'd botched things up. Just a thought ... ;-) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 4/6/2017 9:43 PM, Carl Hartung wrote:
On Thu, 6 Apr 2017 18:01:07 -0400 Brian K. White wrote:
2) crap: Edit /etc/sysconfig/network/ifcfg-eth0 (or whatever the equivalent is these days, this is from 11.4 using ifcfg, not leap and not using networkmanager. But there IS some equivalent file you can edit.) Then issue a "reboot -r now" and cross your fingers
Notwithstanding all of your valid points, which I generally concur with, the last situation like this that I was forced to contend with, I wrote a 'scriptlet' that would restore the original, known working network configuration and reboot five minutes after booting if I'd botched things up. Just a thought ... ;-)
What an entirely wise addition to the procedure. I apparently fall just short of that wise, since I never did that. :) How many years will it be before I'm in such a situation again so I can use this new trick? I have either serial consoles or web consoles *everywhere*... wait, actually, thanks to the backwards march of progress where sometimes things get worse over time, my vmware consoles are 100x harder to get access to than my old serial consoles. Not just by intentional security means like having to set up a vpn client... No I mean the thrice-damned vsphere web client with it's thrice-damned console plugin that doesn't work in any browsers any more, and the hosting provider has so far failed to update vcenter or esx to the newer versions that supposedly works in current browsers. If I don't happen to have one of my special laptops with me that I have painstakingly configured and hacked into working, then I am simply not getting into any of my vmware vms consoles in a hurry. I do have the necessary notes documented, and I have recipes that work for windows mac and linux client laptops (phones and tablets are right out), but it's just not happening in a hurry. So, I could possibly need to use this, on my *most expensive* and current servers, of all things. Meanwhile my crappy old plain hardware servers... I can get a console from any device and any os. I can do a bare metal fresh install from the bios and bootloader on up, from my old PalmOS phone, over it's 14.4 2g internet no less. Progress. -- bkw -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, 6 Apr 2017 18:01:07 -0400 Brian K. White wrote:
2) crap: Edit /etc/sysconfig/network/ifcfg-eth0 (or whatever the equivalent is these days, this is from 11.4 using ifcfg, not leap and not using networkmanager. But there IS some equivalent file you can edit.) Then issue a "reboot -r now" and cross your fingers Notwithstanding all of your valid points, which I generally concur with, the last situation like this that I was forced to contend with, I wrote a 'scriptlet' that would restore the original, known working network configuration and reboot five minutes after booting if I'd botched things up. Just a thought ... ;-) This looks like a very good idea. One practical problem can be, that you had to find all relevant configuration files for the backup/restory
Carl Hartung wrote: script. Sometimes network related settings can be found in unusual paths like /usr/lib/udev/rules.d/80-net-setup-link.rules. Today I resolved the problem on the server console. Probably I ran into a Yast problem in network settings module. I only changed the bridge device br0, which was connected to the real network device eth0, from a static IP to DHCP. But after that, I had a lot of configuration errors, probably caused by YaST errors, but maybe caused by a wrong usage or by failures before: - the bridge has forgotten the member eth0 - the routes file became empty - the default gateway was unset and not taken from the DHCP settings Greetings, Björn -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/06/2017 05:16 PM, Bjoern Voigt wrote:
How I can do this the right way next time?
Don't try to change network settings, when you're connected over the network. As you've discovered, it's all too easy to lock yourself out. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Don't try to change network settings, when you're connected over the network. As you've discovered, it's all too easy to lock yourself out. Yes, of course. But do not tell this the cloud or SDN people. ;-) But also 15 years ago where we had not such advanced tools like today I saw
James Knott wrote: people changing routes and firewall rules of multiple routers over SSH, most time with success. If they were unsuccessful, they had to bring back the routers to the admin office. Greetings, Björn -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/07/2017 04:54 PM, Bjoern Voigt wrote:
Don't try to change network settings, when you're connected over the network. As you've discovered, it's all too easy to lock yourself out. Yes, of course. But do not tell this the cloud or SDN people. ;-) But also 15 years ago where we had not such advanced tools like today I saw
James Knott wrote: people changing routes and firewall rules of multiple routers over SSH, most time with success. If they were unsuccessful, they had to bring back the routers to the admin office.
Routers from Cisco, Adtran etc. support a remote console via dial up modem. Just the thing you need for this. ;-) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
07.04.2017 00:16, Bjoern Voigt пишет:
How I can do this the right way next time?
You do it on console or at least local serial port. If you are going to remotely manage server, you should arrange for remote console/serial port access (built-in BMC/iLO/iRMC/iDRAC/whatever, add-on IPMI management card, external KVM with network port, serial multiplexor with network access, ...) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op donderdag 6 april 2017 23:16:42 CEST schreef Bjoern Voigt:
I tried to change an openSUSE Leap 42.1 server from static IP to DHCP using YaST over SSH and in text mode.
To make it short, this doesn't work. The Server is offline now.
I also do this type of changes, but you really need to know what you are doing. So you test such a procedure first in a test environment and carefully document the procedure. In this case going from a fixed IP address to DHCP, if you have it setup properly, the system will get a new IP address. This means that the current address does not work anymore. So somehow, maybe in your router/DHCP server or somewhere else you find the new address and you make a new ssh connection with that system, provided that there is no firewall blocking that access in your server. -- fr.gr. member openSUSE Freek de Kruijf -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On April 7, 2017 1:45:17 AM PDT, Freek de Kruijf <freek@opensuse.org> wrote:
Op donderdag 6 april 2017 23:16:42 CEST schreef Bjoern Voigt:
I tried to change an openSUSE Leap 42.1 server from static IP to DHCP using YaST over SSH and in text mode.
To make it short, this doesn't work. The Server is offline now.
I also do this type of changes, but you really need to know what you are doing. So you test such a procedure first in a test environment and carefully document the procedure.
In this case going from a fixed IP address to DHCP, if you have it setup properly, the system will get a new IP address. This means that the current address does not work anymore. So somehow, maybe in your router/DHCP server or somewhere else you find the new address and you make a new ssh connection with that system, provided that there is no firewall blocking that access in your server.
You can also use autossh to create a persistent connection from the remote machine to your machine with a static IP. In which case you don't even have to know the remote up. https://raymii.org/s/tutorials/Autossh_persistent_tunnels.html -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/07/2017 04:45 AM, Freek de Kruijf wrote:
Op donderdag 6 april 2017 23:16:42 CEST schreef Bjoern Voigt:
I tried to change an openSUSE Leap 42.1 server from static IP to DHCP using YaST over SSH and in text mode.
To make it short, this doesn't work. The Server is offline now. I also do this type of changes, but you really need to know what you are doing. So you test such a procedure first in a test environment and carefully document the procedure.
In this case going from a fixed IP address to DHCP, if you have it setup properly, the system will get a new IP address. This means that the current address does not work anymore. So somehow, maybe in your router/DHCP server or somewhere else you find the new address and you make a new ssh connection with that system, provided that there is no firewall blocking that access in your server.
Of course, this raises the question of why a server is using a DHCP address, unless the IP address is mapped to a specific MAC or perhaps used with dynamic DNS. Otherwise, how could anyone reach the server? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
Of course, this raises the question of why a server is using a DHCP address, unless the IP address is mapped to a specific MAC or perhaps used with dynamic DNS. Otherwise, how could anyone reach the server? The server is configured to use DHCP, but with a static IP assignment. This looks a bit unusual, but has two reasons.
1) I remotely prepared the server for a move. The target network has other network parameters. 2) If a server uses DHCP (with or without a static IP assignment), the router (Fritzbox) automatically creates or updates entries for DNS (local names in LAN) and port forwardings. It's more difficult to do this without DHCP on this router. Greetings, Björn -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (8)
-
Andrei Borzenkov -
Bjoern Voigt -
Brian K. White -
Carl Hartung -
Freek de Kruijf -
James Knott -
John Andersen -
Per Jessen