iad2: add a clevis role to adjust virthosts for clevis/tang
clevis needs to bring up a interface to talk to the tang server at initramfs time. This is fine, but dracut then "helpfully" writes out any network config you pass it to ifcfg- files and messes up the hosts normal networking. If you have bridge devices this is even more pronounced as the device clevis used keeps the main bridge ip and doesnt enslave to the bridge, breaking everything. In order to work around this we: * tell dracut to not save ifcfg- files from it's passed network config. * tell dracut to use the first bridge device at initramfs time to talk to tang * run a systemd unit after boot to wipe any dract network config out, allowing NM to start with a clean slate. Note that you still need to run a dracut -f --regenerate-all Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi
parent
1871d44c90
commit
3fc79913d0
5 changed files with 51 additions and 0 deletions
15
roles/clevis/files/flush-dracut-network@.service
Normal file
15
roles/clevis/files/flush-dracut-network@.service
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
# Remove Dracut's network configuration
|
||||
# https://access.redhat.com/solutions/3017441
|
||||
# https://unix.stackexchange.com/questions/506331/networkmanager-doesnt-change-ip-address-when-dracut-cmdline-provided-static-ip
|
||||
|
||||
[Unit]
|
||||
Description=Remove dracut's network configuration for %I
|
||||
Before=network-pre.target
|
||||
Wants=network-pre.target
|
||||
|
||||
[Service]
|
||||
ExecStartPre=/usr/sbin/ip address show %i
|
||||
ExecStart=/usr/sbin/ip -statistics address flush dev %i
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
Loading…
Add table
Add a link
Reference in a new issue