Introduction to CentOS Stream 9 and 10

CentOS Stream represents a significant evolution in the Red Hat ecosystem, serving as the upstream development branch for Red Hat Enterprise Linux (RHEL). Unlike traditional CentOS, which was a downstream rebuild of RHEL, CentOS Stream adopts a rolling release model that positions it between Fedora and RHEL. This unique positioning allows administrators and developers to preview upcoming RHEL features before they reach enterprise stability.

Key Differences Between CentOS Stream 9 and 10

The transition from CentOS Stream 9 to 10 brings substantial improvements across multiple system components. CentOS Stream 9 aligns with RHEL 9 series and ships with Linux Kernel 5.14, Python 3.9 as the default interpreter, and GCC 11 for compilation tasks. The system maintains traditional YUM/DNF package management while introducing modern containerization concepts.

CentOS Stream 10, codenamed "Coughlan," represents a more significant leap forward. It corresponds to RHEL 10 series and introduces Linux Kernel 6.12 or higher, bringing improved hardware support and performance optimizations. Python 3.12 becomes the default, offering notable performance improvements and new language features. The compiler toolchain upgrades to GCC 14, enabling support for the latest C++ standards and optimization techniques. Perhaps most notably, CentOS Stream 10 introduces System Wide Image (SWI) and Bootable Container concepts, reflecting the industry's shift toward immutable infrastructure and container-native deployments.

Lifecycle and Support Considerations

Understanding the support lifecycle is crucial for production deployments. CentOS Stream 9 maintains full support until 2027, with maintenance support extending to 2032. CentOS Stream 10, being newer, is expected to receive support through the early 2030s. This extended support window makes both versions viable choices for long-term infrastructure projects, though organizations should plan their migration strategies accordingly.

System Environment Overview

The test environment for this guide encompasses both CentOS Stream 9 and 10 installations. CentOS Stream 10 runs on kernel 6.12.0-212.el10.x86_64, while CentOS Stream 9 operates on kernel 5.14.0-687.el9.x86_64. Both systems demonstrate the network configuration principles discussed in this guide, ensuring compatibility across versions.

Configuring Static IP Addresses

Understanding the NetworkManager Transition

A fundamental shift in CentOS Stream 9 and 10 is the complete transition to NetworkManager for network configuration management. The traditional network service and its configuration files located at /etc/sysconfig/network-scripts/ifcfg-eth0 have been deprecated. This change reflects the industry-wide move toward more dynamic and flexible network management solutions.

NetworkManager stores connection profiles in the /etc/NetworkManager/system-connections/ directory. Each network interface has its own configuration file with a .nmconnection extension. This file-based approach provides better organization and easier version control integration compared to the legacy ifcfg scripts.

Method 1: Direct Configuration File Editing

The first approach involves directly editing the NetworkManager connection profile. Begin by navigating to the system connections directory and identifying your network interface configuration file:

cd /etc/NetworkManager/system-connections/
ls

You should see files named after your network interfaces, such as ens160.nmconnection or eth0.nmconnection. Open the appropriate file using your preferred text editor:

vim ens160.nmconnection

A properly configured static IP connection profile contains several important sections. The [connection] section defines basic connection parameters including the connection ID, UUID (which remains constant even if you rename the connection), connection type, and the bound interface name. The UUID is particularly important as it serves as the internal identifier that the system uses to track connections regardless of their display names.

The [ethernet] section controls physical layer settings. While you can specify duplex mode and speed, it's generally recommended to allow automatic negotiation unless you have specific requirements. Setting duplex=half severely limits network performance and should only be used with legacy hub-based networks.

The [ipv4] section is where static IP configuration happens. The address1 parameter specifies the IP address and subnet mask in CIDR notation (for example, 192.168.0.132/24). The dns parameter accepts multiple DNS server addresses separated by semicolons. For deployments in China, using domestic DNS servers like Alibaba's 223.5.5.5 and Tencent's 119.29.29.29 provides better resolution performance. The gateway parameter defines the default route, and method=manual explicitly enables static IP configuration as opposed to method=auto for DHCP.

Here's a complete example configuration:

[connection]
id=ens160
uuid=89fcf374-9ca1-30b1-b1dd-ed124953574c
type=ethernet
interface-name=ens160

[ethernet]
duplex=full

[ipv4]
address1=192.168.0.132/24
dns=223.5.5.5;223.6.6.6;119.29.29.29
gateway=192.168.0.2
method=manual

[ipv6]
addr-gen-mode=eui64
method=auto

After modifying the configuration file, apply the changes by restarting NetworkManager:

systemctl restart NetworkManager
systemctl status NetworkManager

Verify that the DNS configuration has propagated correctly by checking /etc/resolv.conf. NetworkManager automatically updates this file when connection profiles change. You should see your configured DNS servers listed as nameserver entries.

Finally, validate the network configuration using standard networking commands:

ip a          # Display IP addresses
ip r          # Show routing table
ping qq.com   # Test internet connectivity

Method 2: Using nmcli Command-Line Interface

For administrators who prefer command-line tools or need to automate network configuration, nmcli (NetworkManager Command Line Interface) provides a powerful alternative. Unlike temporary commands like ip addr, nmcli modifications are persistent across reboots because they modify the underlying connection profiles.

The nmcli utility offers comprehensive network management capabilities through a consistent command syntax. Key operations include checking overall NetworkManager status with nmcli general status, viewing device states with nmcli device status, and listing saved connections with nmcli connection show.

To configure a static IP address using nmcli, use the connection modify command:

nmcli connection modify "ens33" \
  ipv4.addresses "192.168.0.132/24" \
  ipv4.gateway "192.168.0.2" \
  ipv4.dns "223.5.5.5,8.8.8.8" \
  ipv4.method manual

Note that DNS servers are separated by commas in nmcli commands, unlike the semicolon separator used in configuration files. After modifying the connection profile, activate the changes:

nmcli connection down ens33 && nmcli connection up ens33

Verify the configuration with:

nmcli connection show ens33

This command displays all connection parameters, allowing you to confirm that your settings have been applied correctly.

Understanding DNF Package Management

DNF Overview and Evolution

DNF (Dandified YUM) represents the next generation of RPM-based package management, designed specifically for Fedora, RHEL 8 and later, and CentOS Stream 9/10. DNF addresses several performance bottlenecks and functional limitations present in the original YUM implementation while maintaining command syntax compatibility for ease of transition.

In CentOS Stream 9 and 10, the yum command exists as a symbolic link pointing to dnf-3. This means that executing yum actually invokes DNF functionality, ensuring backward compatibility with existing scripts and documentation while providing users with DNF's improved performance and features.

Essential DNF Commands

Mastering DNF requires familiarity with its core command set. Installation operations form the foundation of package management. The basic sudo dnf install <package> command installs a single package, while sudo dnf install <package1> <package2> handles multiple packages simultaneously. For automated scripts, the -y flag automatically confirms installation prompts.

Package removal uses sudo dnf remove <package>, while system updates employ sudo dnf update for comprehensive updates or sudo dnf update <package> for targeted updates. The autoremove command automatically cleans up orphaned dependencies, helping maintain a lean system.

Query and search operations help administrators discover available packages and understand installed software. The dnf search <keyword> command searches package names and descriptions, while dnf info <package> provides detailed package information including version, size, and dependencies. The dnf provides /path/to/file command identifies which package provides a specific file, invaluable for troubleshooting missing dependencies.

Repository management commands enable control over package sources. dnf repolist displays enabled repositories, and dnf repolist --verbose provides detailed repository information including URLs and status. The config-manager subcommand enables or disables specific repositories as needed.

Cache management becomes important when troubleshooting repository issues or freeing disk space. sudo dnf clean all removes all cached metadata and packages, while sudo dnf makecache rebuilds the cache after repository changes. For targeted cleanup, sudo dnf clean packages removes only downloaded RPM files while preserving metadata.

Transaction history features provide audit capabilities and rollback options. dnf history lists all package operations, dnf history info <id> shows details of a specific transaction, and sudo dnf history undo <id> reverses a previous operation, useful for recovering from problematic updates.

Module functionality in DNF enables management of multiple software versions. dnf module list displays available module streams, sudo dnf module enable <module>:<stream> activates a specific version, and sudo dnf module install <module> installs modular packages.

Advanced features include dnf download <package> --resolve for downloading packages and dependencies without installation (useful for offline deployments), and sudo dnf repair for attempting automatic system recovery from package database corruption.

Configuring DNF/YUM Repositories

Proper repository configuration is essential for system maintenance and software installation. Before configuring new repositories, always backup existing configuration files:

cd /etc/yum.repos.d/
mkdir bak
mv *.repo bak/

For Chinese deployments, the Aliyun mirror provides excellent performance and reliability. Create the primary repository configuration file ali-centos.repo with the following content:

[baseos]
name=CentOS Stream $releasever - BaseOS
baseurl=https://mirrors.aliyun.com/centos-stream/$stream/BaseOS/$basearch/os/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
countme=1
enabled=1

[appstream]
name=CentOS Stream $releasever - AppStream
baseurl=https://mirrors.aliyun.com/centos-stream/$stream/AppStream/$basearch/os/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
countme=1
enabled=1

[crb]
name=CentOS Stream $releasever - CRB
baseurl=https://mirrors.aliyun.com/centos-stream/$stream/CRB/$basearch/os/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
countme=1
enabled=1

The BaseOS repository contains core operating system packages, AppStream provides application streams and additional software, while CRB (CodeReady Builder) offers development tools and libraries. Debug and source repositories are available but disabled by default to reduce metadata overhead.

Additional repositories in ali-addons.repo provide specialized packages:

[highavailability]
name=CentOS Stream $releasever - HighAvailability
baseurl=http://mirrors.aliyun.com/centos-stream/$stream/HighAvailability/$basearch/os/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
gpgcheck=1
enabled=0

[extras-common]
name=CentOS Stream $releasever - Extras packages
baseurl=http://mirrors.aliyun.com/centos-stream/SIGs/$stream/extras/$basearch/extras-common/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Extras-SHA512
gpgcheck=1
enabled=1

These optional repositories provide high availability clustering tools, real-time kernel variants, NFV (Network Functions Virtualization) packages, and community-contributed extras. Enable them only when specifically needed to minimize attack surface and update overhead.

Installing the EPEL (Extra Packages for Enterprise Linux) repository extends available software:

dnf install epel-release

EPEL provides thousands of additional packages not included in the base CentOS Stream repositories, including many popular open-source tools and applications.

After configuring repositories, refresh the package cache and update the system:

dnf clean all
dnf makecache
dnf update

This sequence ensures that your system has the latest package metadata and applies any pending security updates. The repository configuration is now complete, and your CentOS Stream system is ready for software installation and maintenance operations.

Conclusion

Proper network and repository configuration forms the foundation of any CentOS Stream deployment. By understanding both the configuration file approach and the nmcli command-line interface, administrators can choose the method that best fits their workflow. Similarly, mastering DNF package management enables efficient software installation, updates, and system maintenance. The combination of static IP configuration and properly configured repositories ensures stable, maintainable infrastructure ready for production workloads.