Re: Adding experimental arguments to nmcli tool

From: Thomas Haller <thaller redhat com>
To: "Fernando F. Mancera" <ffmancera riseup net>, networkmanager-list gnome org
Subject: Re: Adding experimental arguments to nmcli tool
Date: Tue, 08 Mar 2022 22:15:37 +0100

Hi,

On Mon, 2022-03-07 at 12:54 +0100, Fernando F. Mancera via
networkmanager-list wrote:

Hello everyone!

The proposed experimental solutions are:

1. 'nmcli c show --keyfile $UUID' to output the profile keyfile in
stdout.
2. 'nmcli c add ... --keyfile' to output the generated keyfile in
stdout 
instead of adding it to the NetworkManager configuration so the 
NetworkManager daemon is not required..

re:2.: this `nmcli c add --keyfile` does not actually add the profile
in NM (via D-Bus). That's a bit odd, but ok(?).

what you also need is:

3. I think in this set, it would also make sense to have a `nmcli c
modify "$PROFILE" --keyfile $OPTIONS`, which reads $PROFILE from D-Bus,
modifies it in-memory and prints the result to stdout.

4. none of the above commands allow to add a profile from stdin. That
is necessary to tie it all together. This could be for example `nmcli
connection modify keyfile $OPTIONS`. Here, "keyfile" means to read a
keyfile from stdin. The result would be then added via D-Bus -- which
is a bid odd, that `nmcli connection modify` creates a new profile in
NM. On the other hand, it really does take a profile (from stdin),
modify it, and add it somewhere.

5. finally, `nmcli connection modify keyfile --keyfile $OPTIONS` would
read the profile from stdin, modify it, and output again to stdout.

then you can do:

nmcli connection modify $PROFILE --keyfile | \
nmcli connection modify keyfile \
connection.uuid $(uuidgen) \
autoconnect no \
--keyfile | \
nmcli connection modify keyfile

of course, that's just an example to show all pieces. Above could be
written shorter as:

nmcli connection modify $PROFILE --keyfile | \
nmcli connection modify keyfile \
connection.uuid $(uuidgen) \
autoconnect no

these are the basic operations. I don't have a strong opinion about the
actual command line options (though, I find it odd that `nmcli-c-
modify` adds a profile).

---

also, when editing/outputting keyfile format, eventually you want to
write it to a file. With above, the user could do:

nmcli connection show $PROFILE --keyfile > /etc/NetworkManager/system-connections/myfile.nmconnection

the problem with this is that umask is likely wrong, so you'd need to do `chmod 600` (and `nmcli connection
load $FILENAME`).
Maybe --keyfile could accept a filename, like

nmcli connection show $PROFILE --keyfile=/etc/NetworkManager/system-connections/myfile.nmconnection

so that nmcli gets the permissions right and (opt-in or opt-out) load
the file in NM.

Also, keyfiles can only be in 3 well-known locations:
A) /var/lib/NetworkManager/system-connections/
B) /etc/NetworkManager/system-connections/
C) /run/NetworkManager/system-connections/
these are the default paths, but they depend on the $PREFIX during
compilation. Also, B) can be configured in NetworkManager.conf as
[keyfile].path.

Anyway. With this, maybe it would make sense to have shortcuts:

nmcli connection show $PROFILE --keyfile=etc:myfile.nmconnection

best,
Thomas

Follow-Ups:
- Re: Adding experimental arguments to nmcli tool
  - From: Thomas Haller

References:
- Adding experimental arguments to nmcli tool
  - From: Fernando F. Mancera

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]