I unlock my drive with clevis/tang on an Ubuntu server (NBDE). It works fine, but even if my server is configured to use a static ip in /etc/netplan/01-netcfg.yaml, my network interface also listen on two dhcp ip attributed on the boot process. How to drop it after boot is completed?
I enabled clevis with the following commands:
sudo apt install clevis clevis-systemd clevis-initramfs clevis-luks
sudo clevis luks bind -d /dev/sda3 sss '{"t": 1, "pins": {"tang": [{"url": "http://10.1.1.1:8888"},{"url": "http://10.2.2.2:8888"}]}}'
sudo update-initramfs -u -k 'all'
After rebooting my server, the network interface got 3 ips! My static ip configured in /etc/netplan and two dhcp ips. One of the dhcp ip is used by the clevis process (I see a trace on my tang server). The other seem to be assigned after the clevis process is completed.
I was able to make clevis to drop the dhcp ip it use. I noticed that the script at /usr/share/initramfs-tools/scripts/local-bottom/clevis
was different than the one in the clevis git repository. I added the line iface=$(basename "$iface")
after if [ -e "$iface" ]; then
.
But I'm still stuck with one useless dhcp ip on my interface. When I do a netplan apply
, systemd-networkd even refresh the dhcp lease as you can the in the following log extract:
Oct 22 12:04:56 testserver systemd[1]: Reloading.
Oct 22 12:04:56 testserver systemd[1]: /lib/systemd/system/dbus.socket:5: ListenStream= references a path below legacy directory /var/run/, updating /var/run/dbus/system_bus_socket → /run/dbus/system_bus_socket; please update the unit file accordingly.
Oct 22 12:04:56 testserver systemd[1]: systemd-networkd-wait-online.service: Succeeded.
Oct 22 12:04:56 testserver systemd[1]: Stopped Wait for Network to be Configured.
Oct 22 12:04:56 testserver systemd[1]: Stopping Network Service...
Oct 22 12:04:57 testserver systemd[1]: systemd-networkd.service: Succeeded.
Oct 22 12:04:57 testserver systemd[1]: Stopped Network Service.
Oct 22 12:04:57 testserver systemd[1]: Condition check resulted in OpenVSwitch configuration for cleanup being skipped.
Oct 22 12:04:57 testserver systemd[1]: Starting Network Service...
Oct 22 12:04:57 testserver systemd[1]: Condition check resulted in OpenVSwitch configuration for cleanup being skipped.
Oct 22 12:04:57 testserver systemd-networkd[1711]: eno3: Gained IPv6LL
Oct 22 12:04:57 testserver systemd-networkd[1711]: Enumeration completed
Oct 22 12:04:57 testserver systemd[1]: Started Network Service.
Oct 22 12:04:57 testserver systemd-networkd[1711]: eno3: IPv6 successfully enabled
Oct 22 12:04:57 testserver systemd-networkd[1711]: eno3: DHCPv4 address 10.1.1.71/21 via 10.1.0.1
But I don't use dhcp at all in my netplan configuration!
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
#renderer: networkd
ethernets:
eno3:
dhcp4: no
addresses:
- 10.1.0.99/21
gateway4: 10.1.0.1
nameservers:
addresses:
- 10.1.0.3
- 10.1.0.33
When I launch netplan --debug apply
, I see that dhcp4
become enabled when the config is merged!? But merged with what? Can be from /run/netplan/eno3.yaml
? In that file, I see a dynamic network configuration with dhcp enabled. What does generate that file?
Seem like there is a bug in a clevis script. Edit
/usr/share/initramfs-tools/scripts/local-bottom/clevis
.Search:
Replace with:
Regenerate initramfs with the following command:
update-initramfs -u -k 'all'
then reboot.The file /run/netplan/eno3.yaml is gone and all the stall dhcp addresses are also gone from the interface!