Nmcli returns to default connections after image update

General Discussions
1

Hello,

I’m running mender on some compulab devices running Debian 11.3. When I do a mender image update (full root fs / switch to other partition) on the first boot after that event the system always come back with the default “Wired connection 1” in nmcli being the active one.
My custom connection profiles are listed, but not active and consequently it ends up not applying the intended static IP:

root@0001c02f6b64:~# nmcli con
NAME                UUID                                  TYPE      DEVICE 
Wired connection 2  f94ac931-2213-3642-88e3-314c1c9fdf62  ethe
rnet  eth1   
Wired connection 1  29ce1ac9-ee08-31aa-ba41-0f1e253de6ac  ethe
rnet  eth0   
eth0                28d86cbb-8922-4538-b293-9bc9deea171f  ethernet  --     
eth1                ef6d80c2-1d65-4fde-9ef6-2de528f953b3  ethernet  --     


root@0001c02f6b64:~# nmcli con show "Wired connection 2" | grep autoconnect
connection.autoconnect:                 yes
connection.autoconnect-priority:        -999
connection.autoconnect-retries:         -1 (default)
connection.autoconnect-slaves:          -1 (default)


root@0001c02f6b64:~# nmcli con show eth1 | grep autoconnect
connection.autoconnect:                 yes
connection.autoconnect-priority:        10
connection.autoconnect-retries:         -1 (default)
connection.autoconnect-slaves:          -1 (default)


root@0001c02f6b64:~# nmcli con show eth1 | grep ipv4.addresses
ipv4.addresses:                         192.168.0.9/24
root@0001c02f6b64:~# ip add list dev eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:01:c0:30:42:7a brd ff:ff:ff:ff:ff:ff
    inet 10.0.1.100/24 brd 10.0.1.255 scope global dynamic noprefixroute eth1

Given the higher autoconnect priority on my profiles - these should be the active ones.
I can see as part of the mender update it backs up these profiles in /data/backup and restores them on first boot. Is it possible that restore is happening too late after nmcli has already started with default profiles?

If I do a 2nd manual reboot, the default nmcli conns disappear and everything works correctly:

root@0001c02f6b64:~# nmcli con
NAME  UUID                                  TYPE      DEVICE 
eth0  28d86cbb-8922-4538-b293-9bc9deea171f  ethernet  e
th0   
eth1  ef6d80c2-1d65-4fde-9ef6-2de528f953b3  ethernet  e
th1

Are there any ways to fix this so it restores & activates my static nmcli connections on first boot after the update? Going back to the defaults potentially breaks its connection to mender and locks me out of the system.

Thank you.

2

Looks like I got this sorted by adding the following into my mender rootfs image:

root@0001c02f6b64:~# cat /etc/NetworkManager/conf.d/no-auto-default.conf 
[main]
no-auto-default=*
root@0001c02f6b64:~#
3

@martin1

I have had a similar problem with NetworkManager and predefined network connections. So NetworkManager ist very sensitive by handling pre-configured files in path /etc/NetworkManager/system-connections.
So for this it was necessary to set 600 all files stored in the path, for example do this during build or via script:

chmod 600 /etc/NetworkManager/system-connections/*

This works for me also for updates.