You are not logged in.

#1 2020-05-27 11:38:28

caleb
Member
Registered: 2016-04-16
Posts: 14

How to release an interface enabled by the kernel at boot time?

I am trying to setup either netctl or systemd-networkd (I don't care which) to manage my interfaces. Specifically I want to stop using DHCP directly on the the wired ethernet interface and start using a bridge device (br0 or similar) so that I can add interfaces for LXC to the bridge.

I've been trying to follow the Wiki instructions for a network bridge device for either service and neither are getting me anywhere. I think the trouble is that I'm enabling the wired interface myself earlier in the boot process and by the time it gets to either of those services the damage is done. I'm using `ip=:::::eth0:dhcp` as an argument to my kernel line in Grub. Combined with the net, dropbear, and encryptssh hooks in my initramfs this allows my interface to get online early in the boot process so I can remotely unlock the encrypted root file system.

Once the system boots up past where than is useful, it doesn't seem to ever let go of it and neither netctl or systemd-networkd seem to link managing that interface afterwords. Most importantly I need to _drop_ the IP address that was assigned because I want to get the same address brought up on the bridge device.

What's the best way to go about releasing an interface configured by the kernel prior to being managed by a different service?

Offline

#2 2020-05-27 12:56:22

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 11,868

Re: How to release an interface enabled by the kernel at boot time?

That's a very specific kernel parameter.

It's documented in /usr/lib/modules/5.6.14-arch1-1/Documentation/admin-guide/nfs/nfsroot.rst (assuming you have linux-docs installed) .

Using the iproute2 utilities you should be able to bring the interface down and let another  network management tool take over.
No idea how to release the address assigned over the dhcp protocol .

I do feel like you're trying to solve this the hard way though.

Accessing a server remotely during early boot is a common task and usually solved with IPMI .
Dell DRAC and HP ILO are well-known implementations of IPMI, most server motherboards do support ipmi.

Does you server support IPMI ?


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#3 2020-05-28 05:38:17

caleb
Member
Registered: 2016-04-16
Posts: 14

Re: How to release an interface enabled by the kernel at boot time?

Thanks for the reply @Lone_Wolf, but that doesn't really solve this.

First, the correct docs file is /usr/lib/modules/5.6.14-arch1-1/build/Documentation/admin-guide/nfs/nfsroot.rst (or online on kernel.org). But the docs don't say anything about taking the interface back down after it boots.

I can in fact manually unassign the IP and bring the interface down manually, at which point it seems like other tools are much happier. What I need though in a proper systemd way of doing this. How would I go about creating a unit file that handles this at the right time and only if/when another manager was about to take over?

No, I don't have any IPMI support. These are not server motherboards, I'm actually implementing this on a handful of desktops and laptops. I don't typically encrypt the root file system on servers, I do on desktops. And all my systems have remote unlock support, most have remote power-on as well.

Last edited by caleb (2020-05-28 05:40:57)

Offline

#4 2020-05-28 22:23:14

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 11,868

Re: How to release an interface enabled by the kernel at boot time?

Yeah, seems I missed one part of the path to the docs .
That interface is only special because of the way it's initialised, once present it's just another standard network interface.

Putting those manual commands in a script that's called by a custom systemd unit is not hard.

handles this at the right time and only if/when another manager was about to take over?

that's the tricky part.
The custom unit could depend on "remote unlock succesfull" target" , then execute the commands to bring the interface down and start the network management tool to be used.

This method doesn't feel clean or reliable .

Trying to brainstorm a bit .

IPMI is not possible
adding a second network card to be used for remote unlock as a poor mans ipmi doesn't feel like a good solution also

What you need is network access during initramfs stage to unlock filesystems
systemd relies heavily on targets
targets are very flexible (some would say complicated )

If your chosen network setup (bridge) allows remote access to enter passphrases, all that would be needed is to have that setup active before filessytems are unlocked.
You would no longer need the kernel parameter.

Theoretically it should be possible to do it, but you'll probably need help from people with good knowledge of systemd & initramfs details.

Last edited by Lone_Wolf (2020-05-28 22:24:21)


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#5 2020-05-28 22:50:45

loqs
Member
Registered: 2014-03-06
Posts: 17,195

Re: How to release an interface enabled by the kernel at boot time?

Add a mkinitcpio hook that is run last that will unassign any IP addresses and bring interfaces down?  Do the same thing in a systemd unit thats pulls in network-pre.target?
Why can you not assume a network management service will start because that is how you have configured the system?  Scheduling a service to run if the network management service is scheduled to start by systemd does not mean the network management service will start successfully.
Edit:
systemd-networkd failed to take control of the interface because it was already up and had an IP assigned?

Last edited by loqs (2020-05-28 23:03:38)

Offline

#6 2020-05-29 21:42:39

caleb
Member
Registered: 2016-04-16
Posts: 14

Re: How to release an interface enabled by the kernel at boot time?

Lone_Wolf wrote:

What you need is network access during initramfs stage to unlock filesystems

Let me just add these are the _root_ file systems I'm talking about unlocking.

Basically if the main system's init system even starts up then we already got past the unlock, so a systemd unit very early on in the boot phase that dropped all interface configs would work.

Lone_Wolf wrote:

If your chosen network setup (bridge) allows remote access to enter passphrases, all that would be needed is to have that setup active before filessytems are unlocked.
You would no longer need the kernel parameter.

That would be cool but makes more sense I think for other file systems besides the root mount.

Offline

#7 2020-05-29 21:44:49

caleb
Member
Registered: 2016-04-16
Posts: 14

Re: How to release an interface enabled by the kernel at boot time?

loqs wrote:

Add a mkinitcpio hook that is run last that will unassign any IP addresses and bring interfaces down?
Do the same thing in a systemd unit thats pulls in network-pre.target?

Either ef these sound fine to me. Once past unlocking the root file system I don't care about the network config getting dropped. If the system starts up properly it will get reconfigured anyway, and if it doesn't it's not like I'd be able to login remotely!

I just don't know how to make such a hook.

Offline

#8 2020-05-29 22:34:40

loqs
Member
Registered: 2014-03-06
Posts: 17,195

Re: How to release an interface enabled by the kernel at boot time?

See the link in my edit to post #5.  netctl failing because an interface is up is intended behavior to prevent multiple services from attempting managing the interface.
systemd-networkd according the documentation will flush the address before setting up the interface.  Please post the journal for systemd-networkd failing along with the config files used.

Offline

#9 2020-05-30 17:59:54

caleb
Member
Registered: 2016-04-16
Posts: 14

Re: How to release an interface enabled by the kernel at boot time?

@loqs I saw that link, but I think you must have made a mistake posting it. Can you check it is actually pointing to what you intended? I just get something like a man page for systemd-networkd.

Offline

#10 2020-05-30 18:14:55

loqs
Member
Registered: 2014-03-06
Posts: 17,195

Re: How to release an interface enabled by the kernel at boot time?

Right that is what I intended it to link to.  In your first post

caleb wrote:

Once the system boots up past where than is useful, it doesn't seem to ever let go of it and neither netctl or systemd-networkd seem to link managing that interface afterwords. Most importantly I need to _drop_ the IP address that was assigned because I want to get the same address brought up on the bridge device.

You had used systemd-networkd and it failed because the interface was up and had an address assigned.  That contradicted my understanding of systemd-networkd.

systemd-networkd will manage network addresses and routes for any link for which it finds a .network file with an appropriate [Match] section, see systemd.network(5). For those links, it will flush existing network addresses and routes when bringing up the device. Any links not matched by one of the .network files will be ignored. It is also possible to explicitly tell systemd-networkd to ignore a link by using Unmanaged=yes option, see systemd.network(5).

When systemd-networkd exits, it generally leaves existing network devices and configuration intact. This makes it possible to transition from the initramfs and to restart the service without breaking connectivity. This also means that when configuration is updated and systemd-networkd is restarted, netdev interfaces for which configuration was removed will not be dropped, and may need to be cleaned up manually.

My understanding from the above is that systemd-networkd supports an interface already being up with an IP address assigned.

Offline

#11 2020-06-18 11:26:51

caleb
Member
Registered: 2016-04-16
Posts: 14

Re: How to release an interface enabled by the kernel at boot time?

I still don't have an answer to this problem, but I have more info.

First of all, apparently using boot time kernel initiated networking is inhibiting the udev interface renaming process. With no networking on boot my interface comes up as enp2s0, but if I enable networking in the kernel command line so that it is available to dropbear/encryptssh then it comes up as eth0. The kernel parameter cannot be `ip=:::::enp2s0:dhcp`, in that case it says the interface does not exist. Only `ip=:::::eth0:dhcp` works.

The following systemd unit installed as `/etc/systemd/system/release-kernel-networking.service` works great for clearing the IP and setting the interface status to down:

[Unit]
Description=Release interface configured by kernel at boot time
Before=network-pre.target

[Service]
Type=oneshot
ExecStartPre=ip addr flush eth0
ExecStart=ip link set eth0 down

[Install]
WantedBy=network-pre.target

However the interface remains as eth0, it never gets renamed by udev.

The thing is, netctl will absolutely refuse to work on eth0. The same netctl setup that works fine with `Interface=enp2s0` when no kernel networking has been used fails entirely with some gibberish about dependency failures. The dependency it is looking for is a systemd devices unit for eth0, which doesn't exist.

Timed out waiting for device /sys/subsystem/net/devices/eth0

Offline

#12 2020-06-18 13:14:30

seth
Member
Registered: 2012-09-03
Posts: 49,981

Re: How to release an interface enabled by the kernel at boot time?

some gibberish about dependency failures

Don't paraphrase, please paste the "gibberish"

Does https://wiki.archlinux.org/index.php/Ne … face_names help you w/ the imminent issue?

Offline

#13 2020-06-18 14:27:27

caleb
Member
Registered: 2016-04-16
Posts: 14

Re: How to release an interface enabled by the kernel at boot time?

seth wrote:

some gibberish about dependency failures

Don't paraphrase, please paste the "gibberish"

I did. See the block quoted text in the next line. It's trying to start unit sys-subsystem-net-devices-eth0.device and failing with the error shown.

seth wrote:

Does https://wiki.archlinux.org/index.php/Ne … face_names help you w/ the imminent issue?

No, not at all. That's explaining how to do exactly the opposite. I don't want to revert to traditional naming, I am more than happy to use the new naming but I want the kernel to stop reverting or inhibiting the rename or whatever it is doing. Nothing about this direction is mentioned in there at all and none of the things for going the opposite direction are present, so there is nothing to invert.

Offline

#14 2020-06-18 14:38:48

seth
Member
Registered: 2012-09-03
Posts: 49,981

Re: How to release an interface enabled by the kernel at boot time?

The quote is about a timeout because the eth0 device won't show up, not a service dependency.

The idea then was, since the kernel parameter required for the remote unlocking inhibits the renaming, to abandon the predictable names to not run into interference from that side.
What's the output of "systemctl list-units | grep net"?

Edit: alternatively you'll probably have to trigger the rename after the NIC is released/brought down.

Last edited by seth (2020-06-18 14:40:39)

Offline

Board footer

Powered by FluxBB