How to stop Network Manager creating connections under /run/NetworkManager/system-connections?

Question

I'm trying to configure networking on a RHEL9 server with NetworkManager 1.42. I'm doing this by writing out a bunch of keyfiles to /etc/NetworkManager/system-connections as per here.

The server I'm running on has a quirk that this is done in a chroot environment (sadly this is unavoidable, as it's run as part of an operating system upgrade), so I cannot run nmcli connection reload after writing the keyfiles. Despite that, my hope was that rebooting the entire machine would be enough to have NetworkManager reload the connections.

Here's the file I write to /etc/NetworkManager/system-connections/ethMgmt:

[connection]
id=ethMgmt
type=ethernet
interface-name=ethMgmt
autoconnect=true


[ethernet]
mac-address=00:0d:3a:aa:97:31

[ipv4]
method=manual
address1=10.60.4.101/27,10.60.4.97

[ipv6]
method=disabled

Then after reboot I can see the connection has been read, but several other connections have been created:

$ nmcli -f TYPE,FILENAME,NAME connection
TYPE      FILENAME                                                     NAME
loopback  /run/NetworkManager/system-connections/lo.nmconnection       lo       // green - connected
ethernet  /run/NetworkManager/system-connections/ethMgmt.nmconnection  ethMgmt  // green - connected
ethernet  /etc/NetworkManager/system-connections/ethMgmt.nmconnection  ethMgmt  // grey - not connected

I should mention I also have the NetworkManager-config-server RPM installed as well, so my NetworkManager is configured with: no-auto-default=*.

Deleting the files under /run/NetworkManager/system-connections/* and restarting NetworkManager with systemctl restart NetworkManager brings them back, so I'm sure it's NetworkManager creating them. They look like this (the config is notably different):

[connection]
id=ethMgmt
uuid=12899f61-26c1-4b62-826e-5ec70a545802
type=ethernet
autoconnect=false
interface-name=ethMgmt
timestamp=1701105499

[ethernet]
mac-address=00:0D:3A:AA:97:31

[ipv4]
address1=10.60.4.101/27,10.60.4.97
method=manual
route1=168.63.129.16/32,10.60.4.97,0
route2=169.254.169.254/32,10.60.4.97,0

[ipv6]
addr-gen-mode=default
method=link-local

[proxy]

[.nmmeta]
nm-generated=true
volatile=true
external=true

I seem to be able to resolve the problem by:

rm -rf /run/NetworkManager/system-connections/*
nmcli connection reload

...which results in:

$ nmcli -f TYPE,FILENAME,NAME connection
TYPE      FILENAME                                                     NAME
loopback  /run/NetworkManager/system-connections/lo.nmconnection       lo      -- green / connected
ethernet  /etc/NetworkManager/system-connections/ethMgmt.nmconnection  ethMgmt  -- green / connected

...but that's quite an inelegant solution (in particular to have to remember to run some commands after reboot of the machine).

Is there something I can to to prevent NetworkManager creating these files at all and to read the /etc/NetworkManager/system-connections/ethMgmt.nmconnection on start?

Answer 1

I was missing the "keep-configuration" bit of config. Adding the following to the /usr/lib/NetworkManager/conf.d/01-custom.conf solved this:

[device]
keep-configuration=no

From the docs:

On startup, NetworkManager tries to not interfere with interfaces that are already configured. It does so by generating a in-memory connection based on the interface current configuration. If this generated connection matches one of the existing persistent connections, the persistent connection gets activated. If there is no match, the generated connection gets activated as "external", which means that the connection is considered as active, but NetworkManager doesn't actually touch the interface.

It is possible to disable this behavior by setting keep-configuration to no. In this way, on startup NetworkManager always tries to activate the most suitable persistent connection (the one with highest autoconnect-priority or, in case of a tie, the one activated most recently).

Note that when NetworkManager gets restarted, it stores the previous state in /run/NetworkManager; in particular it saves the UUID of the connection that was previously active so that it can be activated again after the restart. Therefore, keep-configuration does not have any effect on service restart.