Setting up network bridge during boot

Issues related to configuring your network
Post Reply
boja
Posts: 2
Joined: 2019/03/05 12:59:57

Setting up network bridge during boot

Post by boja » 2019/03/05 14:42:32

I have recently configured NBDE on my machines. It works like a charm, but I have noticed one issue however.
It seems like clevis-dracut set my main interface (enp6s0) to be enabled during boot. This creates an issue, because once the server boots, it automatically spins up a couple of VMs that rely on a network bridge (br0 and bridge-slave-enp6s0).

A temporary workaround is to run the "nmcli connection down enp6s0 && nmcli connection up br0" command when the machine has booted, but that's quite a hassle.

Can anyone tell me, how to setup initramfs to use my network-bridge rather than the main network during boot?

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Setting up network bridge during boot

Post by jlehtone » 2019/03/05 18:40:48

1. What is NBDE? Google says: Dentist. Scary, if true.

2. Does any connection have to be up that early?

3. Are the connections configured correctly?

4. Initramfs recreated on properly configured system ought get the necessary bits.


PS. Disable the autostart of VM's while you debug the server configuration.

boja
Posts: 2
Joined: 2019/03/05 12:59:57

Re: Setting up network bridge during boot

Post by boja » 2019/03/06 07:49:19

jlehtone wrote:
2019/03/05 18:40:48
1. What is NBDE? Google says: Dentist. Scary, if true.
Network Bound Disk Encryption. The idea is that you install a client ("Clevis" software) on the host and make another physical machine a key-server (using the software "Tang"). Clevis is then used to add a new key to the encrypted Luks partition and clevis-dracut generates a new initramfs configuration, that automatically reaches out to the key-server for decryption during boot-time.

As long as the key-server is available during boot, the decryption is automatic.

The dentist stuff confused me as well, when I initially researched it :D
RH wrote a blogpost about it here: https://rhelblog.redhat.com/2018/04/13/ ... sing-nbde/
jlehtone wrote:
2019/03/05 18:40:48
2. Does any connection have to be up that early?
Yes, otherwise the automatic decrypt won't work.
jlehtone wrote:
2019/03/05 18:40:48
3. Are the connections configured correctly?
The br0 was auto connected after boot, before I configured network bound disk encryption and re-ran dracut.
jlehtone wrote:
2019/03/05 18:40:48
4. Initramfs recreated on properly configured system ought get the necessary bits.


PS. Disable the autostart of VM's while you debug the server configuration.
I guess a good step for debugging could be:
Find out which parameters clevis-dracut adds and see how/if I can change that.

tomkep
Posts: 38
Joined: 2018/04/25 13:30:50

Re: Setting up network bridge during boot

Post by tomkep » 2019/03/06 18:51:34

Yes, it looks like clevis-dracut causes some interference with regular NetworkManager connections. I have similar problem but with 802.1x, which does not start as the interface was brought up earlier...

Post Reply