Do NOT restart NetworkManager (or firewalld) on CentOS 7.3

 in Uncategorized by

I configured my AIO router powered by CentOS using NetworkManager and firewalld as that’s the officially recommended way as of RHEL 7. Because I test various configurations, I also often restart services via “systemctl restart” to get back into safer state, eliminating runtime changes. I found issues when restarting firewalld or NetworkManager.

firewalld

Running “systemctl restart firewalld” is safe most of the times, but… I configured my network using NetworkManager and its “ipv4.method shared” feature because that what is supposed to make basic things one step easier (not that using dnsmasq would be hard). But for some reason the NetworkManager firewall rules are runtime only so restarting firewall loses all NM changes. I don’t think that’s right but no one got back to me at NetworkManager mailing list.

Solution here is to use manual configuration together with dnsmasq alone.

Network Manager

I created bridged and PPPoE interfaces using NetworkManager and had issues with both after NM restart. Browsing RedHat bugzilla there were/are issues with other types as well and it’s known issue of NetworkManager when you run “systemctl restart NetworkManager” (so better don’t!).

Please can you share why NetworkManager should be restart? This should be avoided whenever possible to avoid side effects.

From: nmcli duplicates a connection after a NetworkManager restart if DHCP_HOSTNAME is defined

Restarting NM may causes issues in some cases because NM tries to detect which connections were previously active and this doesn’t always work correctly. We have planned to rework this area for 7.4 and change how connections are handled upon restart, see bug 1394579.

From: NetworkManager comes up on boot, but a restart of the service fails to activate bond slaves

Why are you restarting NetworkManager? See above how to apply changes to a connection. Restarting NetworkManager is almost always the wrong thing to do. Certainly it is wrong to restart NM in order to activate a connection.

From: service network restart and systemctl restart network doesn’t accept domain and dns changes in ifcfg files for bonds.

So you aren’t supposed to do things like restarting NetworkManager via systemd. I have no idea where one is supposed to find such informations on what is not safe to do. Well, at least there is some hope it will get fixed in CentOS/RHEL 7.4. So just use:

nmcli connection reload

or (depending on what’s your intent):

systemctl restart network