30ignition: remove initramfs networking #78
Conversation
dracut/30ignition/ignition-generator
Outdated
| @@ -39,6 +39,7 @@ if $(cmdline_bool 'ignition.firstboot' 0); then | |||
| add_requires ignition-disks.service | |||
| add_requires ignition-files.service | |||
| add_requires ignition-ask-var-mount.service | |||
| add_requires coreos-remove-initramfs-network.service | |||
dracut/30ignition/module-setup.sh
Outdated
|
|
||
| # clean up networking so when we switch to the real root, | ||
| # NetworkManager will set up the correct ignition-configured networking | ||
| # inst_hook cleanup 10 "$moddir/networking-cleanup" |
There was a problem hiding this comment.
Nope, will remove, thanks for catching that!
| interface=$(basename "$f") | ||
| ip link set $interface down | ||
| ip addr flush dev $interface | ||
| rm -f -- /tmp/net.$interface.did-setup |
There was a problem hiding this comment.
Hmm the file does exist in the initramfs, but it does not seem to cause errors if not removed. I just followed dracut's ifdown
There was a problem hiding this comment.
Hmm OK, I see it now. Let's maybe add a comment at the top of the script that this is mimicking dracut's ifdown()?
| [Service] | ||
| Type=oneshot | ||
| ExecStart=/usr/sbin/coreos-remove-initramfs-network | ||
| RemainAfterExit=yes |
There was a problem hiding this comment.
So one thing that would be cool here is to follow the pattern coreos-mount-var.service & ignition-complete.target use, e.g.:
[Unit]
...
# Make sure ExecStop= runs before we switch root
Conflicts=initrd-switch-root.target umount.target
Before=initrd-switch-root.target
# Make sure if ExecStop= fails, the boot fails
OnFailure=emergency.target
OnFailureJobMode=isolate
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStop=...
That way we tear down the network just before switching root.
| # ex: ts=8 sw=4 sts=4 et filetype=sh | ||
|
|
||
| # Clean up the interfaces set up in the initramfs | ||
| for f in /sys/class/net/*; do |
There was a problem hiding this comment.
Hmm, this should probably be strengthened to handle the case where there are no network interfaces at all.
There was a problem hiding this comment.
I believe for this particular use case, if there is no network interfaces at all, NM will correctly bring up interfaces for the real root? Or is there some specific scenarios you are thinking of.
I meant for this PR to handle only network interfaces right now, since it is the first step (and unblocks static IP generation). I agree that the functionality needs to be strengthened a lot more (maybe in followup PRs?)
There was a problem hiding this comment.
Or is there some specific scenarios you are thinking of.
If a directory is empty, then for f in /my/dir/*; do will still iterate once with that string verbatim as f. Though hmm, I guess we can always count on at least lo to be there.
|
This looks fine to me for Higher-level, I think it'd be great if we only actually brought up networking if we needed it (i.e. if Ignition needs to fetch a config over the network). Then this new service would be conditional on that as well. Anyway, we can definitely leave that for later! |
| @@ -0,0 +1,11 @@ | |||
| #!/bin/bash | |||
| # -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- | |||
| # ex: ts=8 sw=4 sts=4 et filetype=sh | |||
There was a problem hiding this comment.
This is missing the standard set -euo pipefail.
yuqi-zhang
force-pushed
the
clean-initramfs-networking
branch
from
8260a10
to
25320af
Compare
Add coreos-remove-initramfs-network.service to run after ignition has finished using initramfs networking, so NetworkManager properly brings up ignition-configured networking in the real root. Otherwise the initramfs network persists into the real root. Signed-off-by: Yu Qi Zhang <[email protected]>
yuqi-zhang
force-pushed
the
clean-initramfs-networking
branch
from
25320af
to
55131c7
Compare
|
Added fixups and comments, also confirmed that |
This is a forward port of coreos-teardown-initramfs-network.service from the spec2x branch [1] (used for RHEL CoreOS). When moving to NM in the initrd [2] we decided that we also needed a mechanism to take down the networking between the initramfs and the real root. While we would like to use NetworkManager's logic to do this operation in the future it's currently not easily achieved because NetworkManager is not running persistently in the initramfs [3]. [1] coreos#78 [2] coreos/fedora-coreos-tracker#394 [3] https://bugzilla.redhat.com/show_bug.cgi?id=1814038
This is a forward port of coreos-teardown-initramfs-network.service from the spec2x branch [1] (used for RHEL CoreOS). When moving to NM in the initrd [2] we decided that we also needed a mechanism to take down the networking between the initramfs and the real root. While we would like to use NetworkManager's logic to do this operation in the future it's currently not easily achieved because NetworkManager is not running persistently in the initramfs [3]. [1] coreos#78 [2] coreos/fedora-coreos-tracker#394 [3] https://bugzilla.redhat.com/show_bug.cgi?id=1814038
This is a forward port of coreos-teardown-initramfs-network.service from the spec2x branch [1] (used for RHEL CoreOS). When moving to NM in the initrd [2] we decided that we also needed a mechanism to take down the networking between the initramfs and the real root. While we would like to use NetworkManager's logic to do this operation in the future it's currently not easily achieved because NetworkManager is not running persistently in the initramfs [3]. [1] coreos#78 [2] coreos/fedora-coreos-tracker#394 [3] https://bugzilla.redhat.com/show_bug.cgi?id=1814038
This is a forward port of coreos-teardown-initramfs-network.service from the spec2x branch [1] (used for RHEL CoreOS). When moving to NM in the initrd [2] we decided that we also needed a mechanism to take down the networking between the initramfs and the real root. While we would like to use NetworkManager's logic to do this operation in the future it's currently not easily achieved because NetworkManager is not running persistently in the initramfs [3]. [1] coreos#78 [2] coreos/fedora-coreos-tracker#394 [3] https://bugzilla.redhat.com/show_bug.cgi?id=1814038
Add coreos-remove-initramfs-network.service to run after ignition
has finished using initramfs networking, so NetworkManager properly
brings up ignition-configured networking in the real root. Otherwise
the initramfs network persists into the real root.
Signed-off-by: Yu Qi Zhang [email protected]