document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-02-03 23:40:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

TSL&PRF

Browse Source
This commit is contained in:
Xingyu Wang 2021-10-08 14:55:24 +08:00
parent d005f8de3b
commit 76f44fb915
1 changed files with 49 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
sources/tech/20210809 NMState- A declarative networking config tool.md → translated/tech/20210809 NMState- A declarative networking config tool.md
View File

@ -3,42 +3,40 @@
[#]: author: "Maurizio Garcia https://fedoramagazine.org/author/malgnuz/"
[#]: collector: "lujun9972"
[#]: translator: "wxy"
[#]: reviewer: " "
[#]: reviewer: "wxy"
[#]: publisher: " "
[#]: url: " "
NMState: A declarative networking config tool
NMState:一个声明式网络配置工具
======
![][1]
Comic excerpted from photo by [Bee Felten-Leidel][2] on [Unsplash][3]
这篇文章描述并演示了 NMState这是一个使用声明式方法配置主机的网络管理器。这意味着你可以通过 API 定义所需的配置状态,而工具则通过<ruby>提供者<rt>provider</rt></ruby>来应用配置。
This article describes and demonstrates NMState, a network manager that uses a declarative approach to configure hosts. This means you define the desired configuration state through an API and the tool applies the configuration through a provider.
### 配置方法:命令式与声明式
### Configuration approaches: imperative vs declarative
网络管理有时候是一项非常复杂的任务,这取决于环境的规模和多样性。在 IT 的早期,网络管理依赖于网络管理员在网络设备上手动执行命令。如今,<ruby>基础设施即代码<rt>Infrastructure as Code</rt></ruby>IaC允许以不同的方式将这些任务自动化。z这基本上有两种方法命令式或声明式。
Networking management can be a very complex task depending on the size and diversity of the environment. In the early days of IT, networking management relied on manual procedures performed by network administrators over networking devices. Nowadays, Infrastructure as Code (IaC) allows automation of those tasks in a different way. There are, essentially two approaches: imperative or declarative.
在命令式方法中,你会定义“如何”达到所需的配置状态。而在声明式范式里则定义了“什么”是所需的配置状态,所以它不确定哪些步骤是必需的,也不确定它们必须以何种顺序执行。这种方法目前正在聚集更多的人员参与,你可以在目前使用的大多数管理和编排工具上找到它。
In an imperative approach you define “how” you will arrive at a desired configuration state. The declarative paradigm defines “what” is the desired configuration state, so it does not shape which steps are required nor in which order they must be performed. This approach is currently gathering more adepts and you can find it on most of the management and orchestration tools currently used.
### NMState一个声明式的工具
### NMState: a declarative tool
NMState 是一个网络管理器,允许你按照声明式方法配置主机。这意味着你通过一个北向的声明式 API 定义所需的配置状态,这个工具通过南向的<ruby>提供者<rt>provider</rt></ruby>应用配置。
NMState is a network manager that allows you to configure hosts following a declarative approach. It means you define the desired configuration state through a northbound declarative API and this tool applies the configuration through a southbound provider.
目前 NMState 支持的唯一的提供者是 NetworkManager它是为 Fedora Linux 提供网络功能的主要服务。不过NMState 的开发计划中将逐渐增加其他提供者。
Currently the only provider supported by NMState is NetworkManager, which is the main service to address networking capabilities on Fedora Linux. However, the development life cycle of NMState will add other providers gradually.
关于 NMState 的进一步信息,请访问其项目 [站点][4] 或 GitHub [仓库][5]。
For further information regarding NMState please visit either its project [site][4] or github [repository][5].
### 安装
### Installation
NMState is available on Fedora Linux 29+ and requires NetworkManager 1.26 or later installed and running on the system. The following shows the installation on Fedora Linux 34:
NMState 在 Fedora Linux 29+ 上可用,需要在系统上安装并运行 NetworkManager 1.26 或更高版本。下面是在 Fedora Linux 34 上的安装情况:
```
$ sudo dnf -y install nmstate
output omitted
...
输出节略
...
Installed:
NetworkManager-config-server-1:1.30.4-1.fc34.noarch gobject-introspection-1.68.0-3.fc34.x86_64 nispor-1.0.1-2.fc34.x86_64 nmstate-1.0.3-2.fc34.noarch
python3-gobject-base-3.40.1-1.fc34.x86_64 python3-libnmstate-1.0.3-2.fc34.noarch python3-nispor-1.0.1-2.fc34.noarch python3-varlink-30.3.1-2.fc34.noarch
@ -46,18 +44,18 @@ Installed:
Complete!
```
At this point you can use _nmstatectl_ as a command line tool for NMState. Please refer to either _nmstatectl help_ or _man nmstatectl_ for further information about this tool.
这样,你可以使用 `nmstatectl` 作为 NMState 的命令行工具。请参考 `nmstatectl -help``man nmstatectl` 以了解关于这个工具的进一步信息。
### Using NMstate
### 使用 NMstate
Start by checking the NMState version installed in the system:
首先要检查系统中安装的 NMState 版本:
```
$ nmstatectl version
1.0.3
```
Check the current configuration of a networking interface, e.g. the _eth0_ configuration:
检查一个网络接口的当前配置,例如 `eth0` 的配置:
```
$ nmstatectl show eth0
@ -124,29 +122,23 @@ interfaces:
mtu: 1500
```
 As you can see above the networking configuration shows four main sections:
正如你在上面看到的,这个网络配置显示了四个主要部分:
* **dns-resolver**: this section has the nameserver configuration for this interface.
* **route-rules**: it states the routing rules. 
* **routes**: it includes both dynamic and static routes.
* **Interfaces**: this section describes both ipv4 and ipv6 settings.
* `dns-resolver`:这部分是这个接口的名字服务器配置。
* `route-rules`:它说明了路由规则。 
* `routes`:它包括动态和静态路由。
* `interfaces`:这部分描述了 ipv4 和 ipv6 设置。
### 修改配置
你可以在两种模式下修改所需的配置状态:
### Modify the configuration
* 交互式:通过 `nmstatectl edit` 编辑接口配置。这个命令调用环境变量 `EDITOR` 定义的文本编辑器,因此可以用 yaml 格式编辑网络状态。完成编辑后NMState 将应用新的网络配置,除非有语法错误。
* 基于文件的:使用 `nmstatectl apply` 应用接口配置,它从先前创建的 yaml 或 json 文件中导入一个所需的配置状态。
You can modify the desired configuration state in two modes: 
下面几节告诉你如何使用 NMState 来改变网络配置。这些改变可能会对系统造成破坏,所以建议在测试系统或客户虚拟机上执行这些任务,直到你对 NMState 有更好的理解。
* **Interactive**: editing the interface configuration through _nmstatectl edit_. This command invokes the text editor defined by the environment variable EDITOR so the network state can be edited in yaml format. After finishing the edition NMState will apply the new network configuration unless there are syntax errors.
* **File-based**: applying the interface configuration using _nmstatectl apply_ which imports a desired configuration state from a yaml or json file earlier created.
The following sections show you how to change the networking configuration using NMState. These changes can be disruptive to the system so the recommendation is to perform these tasks on a test system or guest VM till you get a better understanding of NMState.
The test system in use herehas two Ethernet interfaces: _eth0_ and _eth1_:
这里使用的测试系统有两个以太网接口,`eth0` 和 `eth1`
```
$ ip -br -4 a
@ -155,11 +147,9 @@ eth0 UP 192.168.122.238/24
eth1 UP 192.168.122.108/24
```
#### Example of interactive configuration mode:
#### 互动配置模式的例子
```
Change the MTU of eth0 interface to 9000 bytes using the nmstatectl edit command as follows (all changes are in bold):
```
使用 `nmstatectl edit` 命令将 `eth0` 接口的 MTU 改为 9000 字节,如下所示:
```
$ sudo nmstatectl edit eth0
@ -222,7 +212,7 @@ interfaces:
mtu: 9000
```
After saving and exiting the edito, NMState applies the new network desired state:
在保存并退出编辑器后NMState 应用新的网络期望状态:
```
2021-06-29 11:29:05,726 root DEBUG Nmstate version: 1.0.3
@ -232,7 +222,7 @@ After saving and exiting the edito, NMState applies the new network desired stat
2021-06-29 11:29:05,792 root DEBUG Async action: Update profile uuid:2bdee700-f62b-365a-bd1d-69d9c31a9f0c iface:eth0 type:ethernet finished
```
Now, use both the _ip_ command and also the _eth0_ configuration file to check that the _MTU_ of _eth0_ is 9000 bytes.
现在,使用 `ip` 命令和 `eth0` 的配置文件来检查 `eth0``MTU` 是不是 9000 字节。
```
$ ip link show eth0
@ -273,11 +263,11 @@ ra-timeout=2147483647
[proxy]
```
#### Example of file-based configuration mode:
#### 基于文件的配置模式的例子
Lets use the file-based approach to set a new config state. In this case disable the IPv6 configuration in _eth1_ interface.
让我们使用基于文件的方法来设置一个新的配置状态。这里我们禁用 `eth1` 接口的 IPv6 配置。
First, create a yaml file to define the desired state of the _eth1_ interface. Use _nmstatectl show_ to save the current settings then _nmstatectl edit_ to disable IPv6. Again, all changes are in bold and deletions are shown with strike-through:
首先,创建一个 yaml 文件来定义 `eth1` 接口的期望状态。使用 `nmstatectl show` 来保存当前设置,然后使用 `nmstatectl edit` 来禁用 IPv6。
```
$ nmstatectl show eth1 > eth1.yaml
@ -341,7 +331,7 @@ interfaces:
mtu: 1500
```
After saving the new configuration, use it to apply the new state:
保存新的配置后,用它来应用新的状态:
```
$ sudo nmstatectl apply eth1.yaml
@ -402,7 +392,7 @@ interfaces:
mtu: 1500
```
You can check that the _eth1_ interface does not have any IPv6 configured:
你可以检查看到 `eth1` 接口没有配置任何 IPv6
```
$ ip -br a
@ -440,11 +430,11 @@ method=disabled
[proxy]
```
#### Applying changes temporarily
#### 临时应用改变
An interesting feature of NMState allows you to configure a desired networking state temporarily. In case you are satisfied with the configuration you can commit it afterwards. Otherwise it will rollback when the timeout expires (default is 60 sec).
NMState 的一个有趣的功能允许你临时配置一个期望的网络状态。如果你对这个配置感到满意,你可以事后提交。否则,当超时(默认为 60 秒)过后,它将回滚。
Modify the _eth1_ configuration from the previous example so it has an IPv4 static address instead of getting it dynamically by DHCP.
修改前面例子中的 `eth1` 配置,使它有一个 IPv4 静态地址,而不是通过 DHCP 动态获得。
```
$ vi eth1.yaml
@ -498,7 +488,7 @@ interfaces:
mtu: 1500
```
Now, apply this config temporarily using the option _no-commit_ so it will be valid only for 30 seconds. This can be done adding the option _timeout_. Meanwhile, we will run the _ip  -br a_ command three times to see how the IPv4 address configured in _eth1_ interface changes and then the configuration rolls back.
现在,使用选项 `no-commit` 临时应用这个配置,让它只在 30 秒内有效。这可以通过添加选项 `timeout` 来完成。同时,我们将运行 `ip -br a` 命令三次,看看配置在 `eth1` 接口的 IPv4 地址是如何变化的,然后配置就会回滚。
```
$ ip -br a && sudo nmstatectl apply --no-commit --timeout 30 eth1.yaml && sleep 10 && ip -br a && sleep 25 && ip -br a
@ -561,13 +551,13 @@ eth0 UP 192.168.122.238/24 fe80::5054:ff:fe91:e44e/64
eth1 UP 192.168.122.108/24
```
As you can see from above, the _eth1_ IP address changed temporarily from 192.168.122.108 to 192.168.122.110 and then it returned to 192.168.122.108 after the timeout expired.
从上面可以看到,`eth1` 的 IP 地址从 `192.168.122.108` 暂时变成了 `192.168.122.110`,然后在超时结束后又回到了 `192.168.122.108`
### Conclusion
### 总结
NMState is a declarative networking configuration tool that currently applies the desired networking configuration state in a host through the NetworkManager API. This state can be defined either interactively using a text editor or with a file-based approach creating a yaml or json file.
NMState 是一个声明式的网络配置工具,目前可以通过 NetworkManager API 在主机中应用所需的网络配置状态。这种状态既可以用文本编辑器交互式地定义,也可以用基于文件的方法创建一个 yaml 或 json 文件。
This kind of tool provides Infrastructure as Code, it allows the automation of networking tasks and also reduces potential misconfigurations or unstable networking scenarios that could arise using legacy configuration methods.
这种工具提供了“基础设施即代码”,它可以自动化网络任务,也减少了使用传统配置方法可能出现的潜在错误配置或不稳定的网络情况。
--------------------------------------------------------------------------------
@ -575,8 +565,8 @@ via: https://fedoramagazine.org/nmstate-a-declarative-networking-config-tool/
作者:[Maurizio Garcia][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
译者:[wxy](https://github.com/wxy)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出