add coreos-teardown-initramfs-network.service

This is a forward port of coreos-teardown-initramfs-network.service
from the spec2x branch [1] (used for RHEL CoreOS). When moving to NM
in the initrd [2] we decided that we also needed a mechanism to take down
the networking between the initramfs and the real root. While we would
like to use NetworkManager's logic to do this operation in the future
it's currently not easily achieved because NetworkManager is not running
persistently in the initramfs [3].

[1] coreos#78
[2] coreos/fedora-coreos-tracker#394
[3] https://bugzilla.redhat.com/show_bug.cgi?id=1814038

dracut/30ignition/coreos-teardown-initramfs-network.service

@@ -0,0 +1,21 @@
+# Clean up the initramfs networking on first boot
+# so the real network is being brought up
+# https://github.com/coreos/fedora-coreos-tracker/issues/394#issuecomment-599721763
+
+[Unit]
+Description=Tear down initramfs networking
+DefaultDependencies=false
+After=ignition-files.service
+
+# Make sure ExecStop= runs before we switch root
+Conflicts=initrd-switch-root.target umount.target
+Before=initrd-switch-root.target
+
+# Make sure if ExecStart= fails, the boot fails
+OnFailure=emergency.target
+OnFailureJobMode=isolate
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStop=/usr/sbin/coreos-teardown-initramfs-network

dracut/30ignition/coreos-teardown-initramfs-network.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+
+set -euo pipefail
+
+down_interface() {
+    ip link set $1 down
+    ip addr flush dev $1
+    rm -f -- /tmp/net.$1.did-setup
+}
+
+# We want to take down the bonded interfaces first
+if [ -f "/sys/class/net/bonding_masters" ]; then
+    bonds="$(cat /sys/class/net/bonding_masters)"
+    for b in ${bonds[@]}; do
+        down_interface ${b}
+        echo -"${b}" > /sys/class/net/bonding_masters
+     done
+fi
+
+# Clean up the interfaces set up in the initramfs
+# This mimics the behaviour of dracut's ifdown() in net-lib.sh
+if ! [ -z "$(ls /sys/class/net)" ]; then
+    for f in /sys/class/net/*; do
+        interface=$(basename "$f")
+        # The `bonding_masters` entry is not a true interface and thus
+        # cannot be taken down.  If they existed, the bonded interfaces
+        # were taken down earlier in this script.
+        if [ "$interface" == "bonding_masters" ]; then continue; fi
+        down_interface $interface
+    done
+fi

dracut/30ignition/ignition-generator

@@ -39,6 +39,10 @@ add_requires() {
 if $(cmdline_bool 'ignition.firstboot' 0); then
     add_requires ignition-complete.target initrd.target
 
+    # For consistency tear down the network between the initramfs and
+    # real root. See https://github.com/coreos/fedora-coreos-tracker/issues/394#issuecomment-599721763
+    add_requires coreos-teardown-initramfs-network.service ignition-complete.target
+
     # Invoke distro hook for detecting whether we're booted from a live image,
     # and therefore won't have a root disk.
     if ! command -v is-live-image >/dev/null || ! is-live-image; then

dracut/30ignition/module-setup.sh

@@ -61,6 +61,13 @@ install() {
             "$systemdsystemunitdir/ignition-$x.target"
     done
 
+    # For consistency tear down the network between the initramfs and
+    # real root. See https://github.com/coreos/fedora-coreos-tracker/issues/394#issuecomment-599721763
+    inst_script "$moddir/coreos-teardown-initramfs-network.sh" \
+	"/usr/sbin/coreos-teardown-initramfs-network"
+    inst_simple "$moddir/coreos-teardown-initramfs-network.service" \
+        "$systemdutildir/system/coreos-teardown-initramfs-network.service"
+
     install_ignition_unit ignition-setup-base.service
     install_ignition_unit ignition-setup-user.service
     install_ignition_unit ignition-fetch.service