This repository has been archived by the owner on Aug 25, 2021. It is now read-only.
add coreos-teardown-initramfs-network.service #159
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dustymabe
changed the title
dustymabe
force-pushed
the
dusty-network
branch
from
268ceb4
to
aaadaca
Compare
|
this is working in initial tests but I need to look at things more comprehensively before we merge this.. setting to draft for now |
|
I think one reason we weren't doing this in FCOS is that we ended up with two DHCP leases or something. We need to also kill dhclient; maybe it's watching for the interface going down, but that's going to be racy because it may not have a chance to release the lease before being killed by switchroot. |
|
@cgwalters - I haven't seen any issues with that in initial tests with NM in the initrd. I'll watch out for it. |
|
I think the double lease issue was fixed since coreos/fedora-coreos-config#82. |
dustymabe
added a commit
to dustymabe/fedora-coreos-config
that referenced
this pull request
Mar 19, 2020
Moving to NetworkManager in the initrd should help us solve some problems we've been having with Networking. For what we want to do in Fedora CoreOS doing this right requires the network to be torn down in the initrd and also possibly propagated forward. Requires: coreos/ignition-dracut#159 Fixes: coreos/fedora-coreos-tracker#394
|
Could we split the tearing down part from the persisting part? Presumably once we can use NM for the former, that service would just be e.g. |
right. |
|
though one problem with doing that is the question of who is responsible for removing /run/NetworkManager/* files. Is it the teardown or the propagate. |
This was referenced Mar 23, 2020
|
ok I talked with jlebon and we are going to leave this in a single teardown script/service for now. I did a bunch of testing on this using a script to simulate different scenarios. It seems like things are going well so far. This script is at https://dustymabe.fedorapeople.org/fcos-network-testing.sh . I need to find the right place to put it for now. I've been told that network testing in our CI is going to be somewhat limited for now because of unpriv qemu networking but maybe we can use this script as inspiration for CI tests when that is no longer a blocker. |
dustymabe
added a commit
to dustymabe/fedora-coreos-config
that referenced
this pull request
Mar 24, 2020
Moving to NetworkManager in the initrd should help us solve some problems we've been having with Networking. For what we want to do in Fedora CoreOS doing this right requires the network to be torn down in the initrd and also possibly propagated forward. Requires: coreos/ignition-dracut#159 Fixes: coreos/fedora-coreos-tracker#394
darkmuggle
reviewed
Mar 24, 2020
dustymabe
force-pushed
the
dusty-network
branch
2 times, most recently
from
46726e4
to
0e3e188
Compare
dustymabe
added a commit
to dustymabe/fedora-coreos-config
that referenced
this pull request
Mar 24, 2020
Moving to NetworkManager in the initrd should help us solve some problems we've been having with Networking. For what we want to do in Fedora CoreOS doing this right requires the network to be torn down in the initrd and also possibly propagated forward. Requires: coreos/ignition-dracut#159 Fixes: coreos/fedora-coreos-tracker#394
|
LGTM, I guess my comments were nits. |
jlebon
reviewed
Mar 24, 2020
dustymabe
added a commit
to dustymabe/fedora-coreos-config
that referenced
this pull request
Mar 24, 2020
Moving to NetworkManager in the initrd should help us solve some problems we've been having with Networking. For what we want to do in Fedora CoreOS doing this right requires the network to be torn down in the initrd and also possibly propagated forward. We effectively move *to* NetworkManager in the initrd (the default in Fedora 31+) by putting back in the nm-initrd-generator, which we were previously removing. Requires: coreos/ignition-dracut#159 Fixes: coreos/fedora-coreos-tracker#394
This is a forward port of coreos-teardown-initramfs-network.service from the spec2x branch [1] (used for RHEL CoreOS). When moving to NM in the initrd [2] we decided that we also needed a mechanism to take down the networking between the initramfs and the real root. While we would like to use NetworkManager's logic to do this operation in the future it's currently not easily achieved because NetworkManager is not running persistently in the initramfs [3]. [1] coreos#78 [2] coreos/fedora-coreos-tracker#394 [3] https://bugzilla.redhat.com/show_bug.cgi?id=1814038
This will make it easier for us to add a bit more code into this file.
…g if desired
The policy here is:
- If a networking configuration was provided before this point
(most likely via Ignition) and exists in the real root then
we do nothing and don't propagate any initramfs networking.
- If a user did not provide any networking configuration
then we'll propagate the initramfs networking configuration
into the real root.
See coreos/fedora-coreos-tracker#394 (comment)
Remove the removal of the `/tmp/net.$1.did-setup` (used by network-legacy dracut module) and start removing files under /run/NetworkManager/ instead.
down_teams() is a placeholder for now to remind us that teams do exist and need to be considered. If we find things that need to be done then we'll add actions to do in the down_teams() function in the future.
On recommendation from the NM team let's take down routes as well.
On recommendation from the NM team let's try to delete the device first and if that doesn't work then set it to down and flush any associated addresses. Deleting virtual devices (bonds, teams, bridges, ip-tunnels, etc) will clean up any associated kernel resources, so this makes the logic for bringing down these devices easier. A real device can't be deleted so that will fail and we'll fallback to setting it down and flushing addresses.
Since we have ignition-complete.target we don't need to use the generator to enable the unit.
dustymabe
force-pushed
the
dusty-network
branch
from
0e3e188
to
89f2673
Compare
dustymabe
added a commit
to dustymabe/fedora-coreos-config
that referenced
this pull request
Mar 24, 2020
Moving to NetworkManager in the initrd should help us solve some problems we've been having with Networking. For what we want to do in Fedora CoreOS doing this right requires the network to be torn down in the initrd and also possibly propagated forward. We effectively move *to* NetworkManager in the initrd (the default in Fedora 31+) by putting back in the nm-initrd-generator, which we were previously removing. Requires: coreos/ignition-dracut#159 Fixes: coreos/fedora-coreos-tracker#394
dustymabe
added a commit
to dustymabe/fedora-coreos-config
that referenced
this pull request
Mar 24, 2020
Needed for appropriately implementing NetworkManager support in the initramfs. See coreos/ignition-dracut#159
|
FYI: I've been testing this using an ugly script for now (better than hand testing at least 😄). It goes through and makes sure variations of initrd passed networking config and ignition passed networking config works. See coreos/fedora-coreos-config#316 |
dustymabe
added a commit
to coreos/fedora-coreos-config
that referenced
this pull request
Mar 24, 2020
Moving to NetworkManager in the initrd should help us solve some problems we've been having with Networking. For what we want to do in Fedora CoreOS doing this right requires the network to be torn down in the initrd and also possibly propagated forward. We effectively move *to* NetworkManager in the initrd (the default in Fedora 31+) by putting back in the nm-initrd-generator, which we were previously removing. Requires: coreos/ignition-dracut#159 Fixes: coreos/fedora-coreos-tracker#394
dustymabe
added a commit
to coreos/fedora-coreos-config
that referenced
this pull request
Mar 24, 2020
Needed for appropriately implementing NetworkManager support in the initramfs. See coreos/ignition-dracut#159
dustymabe
added a commit
to dustymabe/ignition-dracut
that referenced
this pull request
Apr 22, 2020
This is a backport of the commits merged in f67d587, which was part of coreos#159. The upstream commits persisted Networking as part of the teardown service so we also remove `persist-ifcfg.sh`.
dustymabe
added a commit
to dustymabe/ignition-dracut
that referenced
this pull request
Apr 24, 2020
This is a backport of the merge commits f67d587 (coreos#159), and 390779d (coreos#174). The upstream commits persisted networking configuration and hostname as part of the teardown service so we also remove `persist-ifcfg.sh`.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a forward port of coreos-teardown-initramfs-network.service
from the spec2x branch [1] (used for RHEL CoreOS). When moving to NM
in the initrd [2] we decided that we also needed a mechanism to take down
the networking between the initramfs and the real root. While we would
like to use NetworkManager's logic to do this operation in the future
it's currently not easily achieved because NetworkManager is not running
persistently in the initramfs [3].
Additionally, we have decided to propagate initramfs networking configuration
in some scenarios [4]. The policy here is:
(most likely via Ignition) and exists in the real root then
we do nothing and don't propagate any initramfs networking.
then we'll propagate the initramfs networking configuration
into the real root.
[1] #78
[2] coreos/fedora-coreos-tracker#394
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1814038
[4] coreos/fedora-coreos-tracker#394 (comment)