From 017e2d86664df4c60b193bdc4c8a6441749b5344 Mon Sep 17 00:00:00 2001 From: Sergio Correia Date: Thu, 13 Jan 2022 11:42:39 -0300 Subject: [PATCH] Add network flushing before setting up network (#58) This should allow for using the nbde_client role with machines that use static IP configurations, as network flushing should undo the network setup done at the initramfs, allowing the system to use its regular configuration. Approach based on the answers posted here: https://unix.stackexchange.com/questions/506331/networkmanager-doesnt-change-ip-address-when-dracut-cmdline-provided-static-ip/541108 --- files/nbde_client-network-flush | 9 +++++ files/nbde_client-network-flush.service | 10 ++++++ tasks/main-clevis.yml | 35 +++++++++++++++++++ templates/nbde_client.conf | 4 +++ .../linux-system-roles.nbde_client/files | 1 + .../linux-system-roles.nbde_client/templates | 1 + vars/CentOS_7.yml | 9 ++++- vars/CentOS_8.yml | 8 +++-- vars/CentOS_9.yml | 19 ++++++++++ vars/Fedora.yml | 7 +++- vars/RedHat_7.yml | 8 ++++- vars/RedHat_8.yml | 7 +++- vars/RedHat_9.yml | 7 +++- vars/default.yml | 1 + 14 files changed, 119 insertions(+), 7 deletions(-) create mode 100755 files/nbde_client-network-flush create mode 100644 files/nbde_client-network-flush.service create mode 100644 templates/nbde_client.conf create mode 120000 tests/roles/linux-system-roles.nbde_client/files create mode 120000 tests/roles/linux-system-roles.nbde_client/templates create mode 100644 vars/CentOS_9.yml diff --git a/files/nbde_client-network-flush b/files/nbde_client-network-flush new file mode 100755 index 0000000..8b32a5a --- /dev/null +++ b/files/nbde_client-network-flush @@ -0,0 +1,9 @@ +#!/bin/sh + +for f in /sys/class/net/*; do + iface="${f##*/}" + [ "${iface}" = "lo" ] && continue + ip -statistics address flush dev "${iface}" +done + +# vim:set ts=2 sw=2 et: diff --git a/files/nbde_client-network-flush.service b/files/nbde_client-network-flush.service new file mode 100644 index 0000000..04cb6bf --- /dev/null +++ b/files/nbde_client-network-flush.service @@ -0,0 +1,10 @@ +[Unit] +Description=Network flush service for nbde_client Ansible role +Before=network-pre.target +Wants=network-pre.target + +[Service] +ExecStart=/usr/bin/nbde_client-network-flush + +[Install] +WantedBy=default.target diff --git a/tasks/main-clevis.yml b/tasks/main-clevis.yml index 945100c..f1546cc 100644 --- a/tasks/main-clevis.yml +++ b/tasks/main-clevis.yml @@ -4,6 +4,18 @@ name: "{{ __nbde_client_packages }}" state: present +- name: Enable clevis askpass unit + service: + name: clevis-luks-askpass.path + enabled: yes + +- name: Generate nbde_client dracut config + template: + src: nbde_client.conf + dest: /etc/dracut.conf.d/nbde_client.conf + owner: root + mode: '0444' + - name: Check whether devices are at the desired state when: - nbde_client_bindings | default([]) @@ -56,4 +68,27 @@ - __nbde_client_clevis_check_state is defined - __nbde_client_clevis_check_state is changed +- name: Set-up network flushing + block: + - name: Deploy network flushing script + copy: + src: "{{ role_path }}/files/nbde_client-network-flush" + dest: /usr/bin/nbde_client-network-flush + mode: '0755' + + - name: Deploy network flushing service + copy: + src: "{{ role_path }}/files/nbde_client-network-flush.service" + dest: /etc/systemd/system/nbde_client-network-flush.service + mode: '0644' + + - name: Reload systemd config + systemd: + daemon_reload: yes + + - name: Enable network flushing service + service: + name: nbde_client-network-flush.service + enabled: yes + # vim:set ts=2 sw=2 et: diff --git a/templates/nbde_client.conf b/templates/nbde_client.conf new file mode 100644 index 0000000..84aec63 --- /dev/null +++ b/templates/nbde_client.conf @@ -0,0 +1,4 @@ +# nbde_client dracut config +{% for line in __nbde_client_dracut_settings %} +{{ line }} +{% endfor %} diff --git a/tests/roles/linux-system-roles.nbde_client/files b/tests/roles/linux-system-roles.nbde_client/files new file mode 120000 index 0000000..aa29175 --- /dev/null +++ b/tests/roles/linux-system-roles.nbde_client/files @@ -0,0 +1 @@ +../../../files \ No newline at end of file diff --git a/tests/roles/linux-system-roles.nbde_client/templates b/tests/roles/linux-system-roles.nbde_client/templates new file mode 120000 index 0000000..0e4c94f --- /dev/null +++ b/tests/roles/linux-system-roles.nbde_client/templates @@ -0,0 +1 @@ +../../../templates \ No newline at end of file diff --git a/vars/CentOS_7.yml b/vars/CentOS_7.yml index 7cfb3e1..bc328fe 100644 --- a/vars/CentOS_7.yml +++ b/vars/CentOS_7.yml @@ -7,6 +7,13 @@ __nbde_client_packages: - clevis-dracut - clevis-luks - clevis-systemd + - iproute + +__nbde_client_initramfs_update_cmd: > + dracut -fv --regenerate-all + +__nbde_client_dracut_settings: + - kernel_cmdline="rd.neednet=1" + - omit_dracutmodules+="ifcfg" -__nbde_client_initramfs_update_cmd: dracut -f # vim:set ts=2 sw=2 et: diff --git a/vars/CentOS_8.yml b/vars/CentOS_8.yml index 85e29f2..6797c22 100644 --- a/vars/CentOS_8.yml +++ b/vars/CentOS_8.yml @@ -7,9 +7,13 @@ __nbde_client_packages: - clevis-dracut - clevis-luks - clevis-systemd - + - iproute __nbde_client_initramfs_update_cmd: > - dracut -fv --regenerate-all --hostonly-cmdline + dracut -fv --regenerate-all + +__nbde_client_dracut_settings: + - kernel_cmdline="rd.neednet=1" + - omit_dracutmodules+="ifcfg" # vim:set ts=2 sw=2 et: diff --git a/vars/CentOS_9.yml b/vars/CentOS_9.yml new file mode 100644 index 0000000..6e95a0c --- /dev/null +++ b/vars/CentOS_9.yml @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: MIT +--- +# Put internal variables here with CentOS 9 specific values. + +__nbde_client_packages: + - clevis + - clevis-dracut + - clevis-luks + - clevis-systemd + - iproute + +__nbde_client_initramfs_update_cmd: > + dracut -fv --regenerate-all + +__nbde_client_dracut_settings: + - kernel_cmdline="rd.neednet=1" + - omit_dracutmodules+="ifcfg" + +# vim:set ts=2 sw=2 et: diff --git a/vars/Fedora.yml b/vars/Fedora.yml index 1756157..82ada5d 100644 --- a/vars/Fedora.yml +++ b/vars/Fedora.yml @@ -7,8 +7,13 @@ __nbde_client_packages: - clevis-dracut - clevis-luks - clevis-systemd + - iproute __nbde_client_initramfs_update_cmd: > - dracut -fv --regenerate-all --hostonly-cmdline + dracut -fv --regenerate-all + +__nbde_client_dracut_settings: + - kernel_cmdline="rd.neednet=1" + - omit_dracutmodules+="ifcfg" # vim:set ts=2 sw=2 et: diff --git a/vars/RedHat_7.yml b/vars/RedHat_7.yml index 36f8d4d..d66bdb5 100644 --- a/vars/RedHat_7.yml +++ b/vars/RedHat_7.yml @@ -7,7 +7,13 @@ __nbde_client_packages: - clevis-dracut - clevis-luks - clevis-systemd + - iproute -__nbde_client_initramfs_update_cmd: dracut -f +__nbde_client_initramfs_update_cmd: > + dracut -fv --regenerate-all + +__nbde_client_dracut_settings: + - kernel_cmdline="rd.neednet=1" + - omit_dracutmodules+="ifcfg" # vim:set ts=2 sw=2 et: diff --git a/vars/RedHat_8.yml b/vars/RedHat_8.yml index 50daa50..87eb79c 100644 --- a/vars/RedHat_8.yml +++ b/vars/RedHat_8.yml @@ -7,8 +7,13 @@ __nbde_client_packages: - clevis-dracut - clevis-luks - clevis-systemd + - iproute __nbde_client_initramfs_update_cmd: > - dracut -fv --regenerate-all --hostonly-cmdline + dracut -fv --regenerate-all + +__nbde_client_dracut_settings: + - kernel_cmdline="rd.neednet=1" + - omit_dracutmodules+="ifcfg" # vim:set ts=2 sw=2 et: diff --git a/vars/RedHat_9.yml b/vars/RedHat_9.yml index 35c7bbd..9922b15 100644 --- a/vars/RedHat_9.yml +++ b/vars/RedHat_9.yml @@ -7,8 +7,13 @@ __nbde_client_packages: - clevis-dracut - clevis-luks - clevis-systemd + - iproute __nbde_client_initramfs_update_cmd: > - dracut -fv --regenerate-all --hostonly-cmdline + dracut -fv --regenerate-all + +__nbde_client_dracut_settings: + - kernel_cmdline="rd.neednet=1" + - omit_dracutmodules+="ifcfg" # vim:set ts=2 sw=2 et: diff --git a/vars/default.yml b/vars/default.yml index 1527990..7561a05 100644 --- a/vars/default.yml +++ b/vars/default.yml @@ -4,5 +4,6 @@ __nbde_client_packages: [] __nbde_client_initramfs_update_cmd: "" +__nbde_client_dracut_settings: [] # vim:set ts=2 sw=2 et: