You are not logged in.

#1 2013-04-17 23:01:03

eomanis
Member
Registered: 2013-04-17
Posts: 50

Using the mkinitcpio net hook confuses netcfg

Hello everybody.

I am currently trying to build a headless Linux home server, and I decided to try out Arch.
The server has an encrypted root file system by means of having a plain-text /boot 1st partition and having the / file system on a 2nd LUKS partition.

For starters I used the mkinitcpio hooks "keymap keyboard encrypt", with the appropriate "cryptdevice=..." and "root=..." kernel parameters to make the server prompt me for the pass phrase in early user space, which works nicely.

As this thing is supposed to become a headless system I then tried to set it up in a way that enables me to open an SSH connection into the early user space and supply the pass phrase from there, using dropbear_initrd_encrypt. And it works! This is great stuff.

Unfortunately doing this broke the then-running server's network connection.

I have a static IP address netcfg profile that is loaded from systemd on server start-up (systemctl enable netcfg; the profile is set in the "NETWORKS=..." variable in "/etc/conf.d/netcfg").
The ethernet device is called "enp2s0".

This worked flawlessly until I started using the "net" mkinitcpio hook to get a network connection in early user space for the remote unlocking.
The net hook's corresponding kernel parameter looks like "ip=<ip>:::<netmask>:::none"

When I use this hook, the system boots up without having the "enp2s0" ethernet device, causing netcfg to bail out.
It does however gain the same network device as "eth0" instead, which is apparently how early user space calls it. This "eth0" ethernet device appears to retain the settings it has been set up with by the net hook.
Unfortunately the net hook does not supply things like a default gateway or DNS servers, so while the server technically is reachable from the local network, it cannot access the internet, which it definitely needs to be able to do.

After tracking this down I figured "Whatever. I can live with the ethernet device being called eth0."
So I made a second identical netcfg profile, exchanging "enp2s0" for "eth0", and set the server to load that one instead when booting.
That unfortunately did not work either, because netcfg is cautious and aborts when it is told to set up a network adapter that is already active in some way unknown to netcfg.

What also didn't help was specifying the "enp2s0" ethernet device name in the "ip=..." kernel parameter for the net hook, because indeed the early user space only knows the device as "eth0".

So for now I'm stumped. Anyone experienced this issue and managed to solve it?

A solution might be another "disablenet" mkinitcpio hook that deconfigures the network adapters configured by "net", so that the renaming from "eth0" to "enp2s0" during boot, which I assume fails on account of "eth0" being active, works again.

Thanks for any help,
eomanis

Edit: Changed "netctl" to "netcfg" in the thread subject

Last edited by eomanis (2013-04-18 08:45:21)

Offline

#2 2013-04-18 02:21:09

jmgib
Member
Registered: 2012-08-11
Posts: 1

Re: Using the mkinitcpio net hook confuses netcfg

Would this help?.

Specifically

I don't like this, how do I disable this?

You basically have three options:

    You disable the assignment of fixed names, so that the unpredictable kernel names are used again. For this, simply mask udev's rule file for the default policy: ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules

    You create your own manual naming scheme, for example by naming your interfaces "internet0", "dmz0" or "lan0". For that create your own udev rules file and set the NAME property for the devices. Make sure to order it before the default policy file, for example by naming it /etc/udev/rules.d/70-my-net-names.rules

    You alter the default policy file, for picking a different naming scheme, for example for naming all interface names after their MAC address by default: cp /usr/lib/udev/rules.d/80-net-name-slot.rules /etc/udev/rules.d/80-net-name-slot.rules, then edit the file there and change the lines as necessary.

Offline

#3 2013-04-18 17:31:39

eomanis
Member
Registered: 2013-04-17
Posts: 50

Re: Using the mkinitcpio net hook confuses netcfg

@jmgib:
Well, this explains where the "enp2s0" ethernet device comes from in the first place, and why its name is "eth0" in early user space (no systemd there yet).
Always nice to know how stuff works.

However I don't think this is relevant to my issue. After all, if systemd can't rename "eth0" to "enp2s0", why should it be able to rename it to anything else either?
Also, I do not see any reason why disabling the renaming of "eth0" should make any difference toward the device's state at the time when netcfg tries to set it up in the boot process.

I'm gonna try some of this later to make sure, of course.

Thanks,
eomanis

Offline

#4 2013-04-18 18:18:42

tomk
Forum Fellow
From: Ireland
Registered: 2004-07-21
Posts: 9,839

Re: Using the mkinitcpio net hook confuses netcfg

You could try including the appropriate command to bring down your interface in your profile's PRE_UP field.

Offline

#5 2013-04-18 19:29:07

falconindy
Developer
From: New York, USA
Registered: 2009-10-22
Posts: 4,111
Website

Re: Using the mkinitcpio net hook confuses netcfg

...Or simply include the relevant udev rule (/lib/udev/rules.d/80-net-name-slot.rules) in your initramfs config so that the rename happens in early userspace.

Offline

#6 2013-04-18 21:28:26

eomanis
Member
Registered: 2013-04-17
Posts: 50

Re: Using the mkinitcpio net hook confuses netcfg

tomk wrote:

You could try including the appropriate command to bring down your interface in your profile's PRE_UP field.

Okay, I tried that.
I put both netcfg profiles into the "NETWORKS=..." variable in "/etc/conf.d/netcfg", and added this to both of them:

# Clear leftover state from mkinitcpio net hook
PRE_UP="ip link set <device> down || true"

where <device> is eth0 or enp2s0, respectively.

After a reboot with remote decryption the server's network was down completely. Looks like the "ip link set ... down" command worked all right, but the rest didn't go as planned.

Here's what systemctl says about that:

[root@hserver autologin]# systemctl status netcfg
netcfg.service - Netcfg multi-profile daemon
   Loaded: loaded (/usr/lib/systemd/system/netcfg.service; enabled)
   Active: failed (Result: exit-code) since Thu 2013-04-18 22:35:38 CEST; 26min ago
  Process: 340 ExecStart=/usr/bin/netcfg-daemon start (code=exited, status=1/FAILURE)

Apr 18 22:35:35 hserver netcfg-daemon[340]: :: static_enp2s0 up Cannot find device "enp2s0"
Apr 18 22:35:35 hserver netcfg-daemon[340]: Interface enp2s0 does not exist
Apr 18 22:35:35 hserver netcfg-daemon[340]: [fail]
Apr 18 22:35:38 hserver netcfg-daemon[340]: :: static_eth0 up RTNETLINK answers: File exists
Apr 18 22:35:38 hserver netcfg-daemon[340]: Could not configure interface
Apr 18 22:35:38 hserver netcfg-daemon[340]: [fail]
Apr 18 22:35:38 hserver systemd[1]: netcfg.service: main process exited, code=exited, status=1/FAILURE
Apr 18 22:35:38 hserver systemd[1]: Failed to start Netcfg multi-profile daemon.
Apr 18 22:35:38 hserver systemd[1]: Unit netcfg.service entered failed state

As before, device "enp2s0" is missing, but "eth0" doesn't come up either, even after being downed manually beforehand :-(
Strangely enough, if I do "netcfg -u static_eth0" after that, eth0 does come up. What?!

@falconindy: Applying a udev rule in early user space would require to make a custom initcpio hook, wouldn't it?
In that case I'd rather try to figure out what the "net" hook does and undo it, seeing that I have to write a custom hook anyway and that "eth0" doesn't come up no matter what.
Having an "enp2s0" ethernet device that doesn't come up either isn't going to do me much good ;-)

Thanks for the suggestions,
eomanis

Offline

#7 2013-04-19 02:59:26

falconindy
Developer
From: New York, USA
Registered: 2009-10-22
Posts: 4,111
Website

Re: Using the mkinitcpio net hook confuses netcfg

eomanis wrote:

@falconindy: Applying a udev rule in early user space would require to make a custom initcpio hook, wouldn't it?

No, it wouldn't. See the FILES= variable in /etc/mkinitcpio.conf

eomanis wrote:

In that case I'd rather try to figure out what the "net" hook does and undo it, seeing that I have to write a custom hook anyway and that "eth0" doesn't come up no matter what.
Having an "enp2s0" ethernet device that doesn't come up either isn't going to do me much good ;-)

Perhaps you could expand more on the problems you're having with the net hook so they can be properly fixed for everyone. What exactly are you "undoing"?

Offline

#8 2013-04-19 08:52:19

eomanis
Member
Registered: 2013-04-17
Posts: 50

Re: Using the mkinitcpio net hook confuses netcfg

falconindy wrote:

Perhaps you could expand more on the problems you're having with the net hook so they can be properly fixed for everyone. What exactly are you "undoing"?

Right now I'm not undoing anything, that's just a possible solution that came to mind.
Anyhow, I'm with you on your suggestion to fix that properly for everybody, if possible.

Maybe we should dissect that issue somewhat. I think the fact that the net hook configures the ethernet device causes two problems here:

  1. Breakage of predictable network interface naming ("eth0" stays "eth0")

  2. Breakage of netcfg profiles that try to set up the affected ethernet device, regardless of whether it has been renamed or not

My reasoning with "undoing the net hook" was, "When early user space terminates, if I manage to reset the networking to the state it was in before the net hook did its job, then it would be as if there hadn't been any net hook in the first place, and then systemd and netcfg would both work properly again".

falconindy wrote:
eomanis wrote:

@falconindy: Applying a udev rule in early user space would require to make a custom initcpio hook, wouldn't it?

No, it wouldn't. See the FILES= variable in /etc/mkinitcpio.conf

Well, that might take care of issue #1, but I suppose #2 would still apply.

eomanis

Offline

#9 2013-04-19 10:21:34

tomk
Forum Fellow
From: Ireland
Registered: 2004-07-21
Posts: 9,839

Re: Using the mkinitcpio net hook confuses netcfg

Just a thought - do you still need netcfg? IOW, does the early userspace net connection persist into normal userspace?

Offline

#10 2013-04-19 11:53:15

eomanis
Member
Registered: 2013-04-17
Posts: 50

Re: Using the mkinitcpio net hook confuses netcfg

tomk wrote:

Just a thought - do you still need netcfg? IOW, does the early userspace net connection persist into normal userspace?

Yes, the connection seems to persist, which I assume is causing problem #2.

However the net hook device configuration lacks certain important properties:

eomanis wrote:

Unfortunately the net hook does not supply things like a default gateway or DNS servers, so while the server technically is reachable from the local network, it cannot access the internet, which it definitely needs to be able to do.

I just noticed that a gateway may be defined via the net hook:
Mkinitcpio: Using net
So I'll specify a gateway there and see if that works. No idea about the DNS servers though, net doesn't support those.

Offline

#11 2013-04-19 12:43:19

tomk
Forum Fellow
From: Ireland
Registered: 2004-07-21
Posts: 9,839

Re: Using the mkinitcpio net hook confuses netcfg

For static connections, you can just hardcode your dns requirements into /etc/resolv.conf.

Offline

#12 2013-04-19 17:15:34

eomanis
Member
Registered: 2013-04-17
Posts: 50

Re: Using the mkinitcpio net hook confuses netcfg

tomk wrote:

For static connections, you can just hardcode your dns requirements into /etc/resolv.conf.

Hey, thanks! Together with specifying a gateway this makes for a network connection that fits my needs here, without using netcfg.

falconindy wrote:

...Or simply include the relevant udev rule (/lib/udev/rules.d/80-net-name-slot.rules) in your initramfs config so that the rename happens in early userspace.

I tried that too, using the "FILES=..." setting in /etc/mkinitcpio.conf that you mentioned, but it didn't have any effect.

So now I have a workaround that I can use. Thanks a lot everybody!

Maybe in Mkinitcpio: Using net we should drop a note that devices configured using that hook cannot be reliably configured using netcfg and lose their predictable network interface name.

eomanis

Offline

#13 2013-04-19 17:53:22

falconindy
Developer
From: New York, USA
Registered: 2009-10-22
Posts: 4,111
Website

Re: Using the mkinitcpio net hook confuses netcfg

eomanis wrote:

I tried that too, using the "FILES=..." setting in /etc/mkinitcpio.conf that you mentioned, but it didn't have any effect.

If it had no effect, then you didn't rebuild your initramfs.

Offline

#14 2013-04-19 18:23:18

eomanis
Member
Registered: 2013-04-17
Posts: 50

Re: Using the mkinitcpio net hook confuses netcfg

falconindy wrote:
eomanis wrote:

I tried that too, using the "FILES=..." setting in /etc/mkinitcpio.conf that you mentioned, but it didn't have any effect.

If it had no effect, then you didn't rebuild your initramfs.

Yes I did, using "mkinitcpio -p linux", and of course rebooted. Afterwards "eth0" still is "eth0":

[root@hserver ~]# ls /sys/class/net
eth0  lo

Precisely the "FILES=..." setting looks like this:

FILES="/lib/udev/rules.d/80-net-name-slot.rules"

There is no hint as to how to specify multiple files in Mkinitcpio: BINARIES and FILES. Maybe this is supposed to be declared as a bash array or something?

eomanis

Offline

#15 2013-04-19 18:57:06

falconindy
Developer
From: New York, USA
Registered: 2009-10-22
Posts: 4,111
Website

Re: Using the mkinitcpio net hook confuses netcfg

eomanis wrote:

There is no hint as to how to specify multiple files in Mkinitcpio: BINARIES and FILES. Maybe this is supposed to be declared as a bash array or something?

For hysterical raisins, it's a simple string, not an array. Multiple items are space delimited, as documented by mkinitcpio.conf(5).

Offline

Board footer

Powered by FluxBB