The network-manager module also writes logs to the console, so that it's easier
to debug network-related boot issues. If systemd can't open the console, the
service fails and network doesn't get configured.
Add a check to disable tty output when the console is not present or not
usable.
https://github.com/coreos/fedora-coreos-tracker/issues/943
When NetworkManager is running as systemd service, it's not enough to write
connection files; the module should also tell NetworkManager to reload the
connections from disk so that any new connection can be auto-activated.
https://bugzilla.redhat.com/show_bug.cgi?id=1975929
NetworkManager leaves state files behind in "/run/NetworkManager/devices".
These files are in keyfile format (glib's GKeyFile API [1]).
From the statefile, the dracut module writes a .dhcpopts file. And other users
want to parse that file, for example anaconda ([2]). To be fair,
anaconda seems to parse a different file, so I am a bit confused who
uses this file how. In any case, it seems somebody might be tempted to
execute this as a script.
We need to write the .dhcpopts file in a format that is defined and easy
to handle from a shell script. As already previously, this format is
a bash script that sets certain variables. That means, to load the file,
the user could execute it as bash script. But this is dangerous, as the
file contains potentially untrusted data from the network.
Optimally, users still don't trust the .dhcpopts file to be safe for
executing! It would be better if users too try to parse the file
instead of executing it. That is not trivial however because in face
of special characters, as we use bash's `printf '%q'` to escape the values
and parsing bash escaping is not trivial.
Anyway, make sure we properly quote and handle the content so that also
executing is safe. In the best case, there are no special characters
that require escaping, and naive parsing can be done with `sed`.
Otherwise, executing is now also supposed to be safe.
In this case we parse DHCP options from the state file. They are themselves
backslash escaped UTF-8 strings (C escape sequences), which then are stored
via keyfile API. The properly parse them, we would first need to load the file
with GKeyFile (which undoes one level of backslash escaping) and then
use g_str_compress() (to undo the second level). We mimic that with
shell.
[1] b3411d6780/dracut/fetch-kickstart-net.sh (L30)
[2] https://developer.gnome.org/glib/stable/glib-Key-value-file-parser.html
Signed-off-by: Thomas Haller <thaller@redhat.com>
Since version 1.32, NetworkManager launches a tiny external helper to determine
the hostname via reverse DNS resolution through glibc's nss-dns. Include the
binary.
We get a nice warning about it being deprecated:
```
systemd-udev-settle.service is deprecated. Please fix nm-initrd.service not to pull it in.
```
The service is deprecated because its purpose was to wait for the
discovery of all hardware, but it didn't guarantee that (see the
systemd-udev-settle man page).
NM now runs as an independent service and can deal with devices showing
up at any point, but it does need udev to be started. For now just
Want/After systemd-udev-trigger.
Previously when NM was run without dbus then teaming would come
up appropriately [1], but now that dbus exists we also need to
include some supporting infrastructure to allow for it to work
again.
[1] d689380cfc
Removing sourcing of network link files from the udev-rules module.
What always should be included should be placed in the systemd-network
module and other modules that provide/require spesific link files
should add them, themselves via their relevant include section.
Create the `/run/NetworkManager/initrd` directory before creating
`/run/NetworkManager/initrd/neednet`. Somehow on Fedora 32 this
directory is missing, when the script is running.
This fixes all NetworkManager tests for Fedora 32.
This commit changes how NM is started inside the initrd. Instead of running NM
in the special --configure-and-quit=initrd mode, which sets up network and
quits, start it as a daemon.
This has multiple advantages. First, we no longer need to run NM in a special
mode that requires additional code and maintenance. NetworkManager works
exactly as in the real root.
One problem of the current configure-and-quit approach is that once NM has
quit, dynamic addresses can expire if the initrd setup takes longer than the
DHCP lease interval or than the IPv6 address lifetime. Running NM as a service
solves this problem.
Now NM runs with D-Bus support and therefore its API can be used by other
modules. This open the possibility, for example, to integrate nm-cloud-setup to
automatically configure networking based on cloud metadata.
Use the NetworkManager-wait-online.service, ordered before
dracut-initqueue.service, to delay the initqueue until NM has terminated its
configuration.
We don't want to start NetworkManager if networking is not needed.
Right now nm-config.sh lays down /usr/lib/dracut/hooks/initqueue/finished/nm.sh
which will cause the initqueue to run. If nothing exists in
/usr/lib/dracut/hooks/initqueue/finished/ then it will short circuit and
the initqueue won't run anything. But what if something else needed
something to run in the initqueue? nm-run.sh would still get started,
even though /usr/lib/dracut/hooks/initqueue/finished/nm.sh didn't exist.
In this case let's just trigger off of /run/NetworkManager/initrd/neednet
like we are doing in the systemd unit (nm-run.service).
Don't run the new systemd unit (nm-run.service) if rd.neednet=1
isn't set. nm-initrd-generator will generate configuration even
without rd.neednet=1 so determining if we should start based on
just if connection profiles exist isn't enough. We need some other
indicator. In this case we lay down a /run/NetworkManager/initrd/neednet
if rd.neednet=1, which is used by nm-run.service to determine the
need to run.
If teaming is set up via NetworkManager we don't want systemd to take
down the userspace teamd process when NetworkManager quits. `KillMode=process`
will allow it to leave those processes behind.
This is fallout from the change to run NetworkManager via systemd (c17c5b7).
With `KillMode=process` we get something like:
```
sh-5.1# journalctl -u nm-run -o cat | tail
<info> [1618411262.7030] quitting now that startup is complete
<info> [1618411262.7030] device (team0): carrier: link connected
<info> [1618411262.7033] device (team0): team port ens2 was released
<info> [1618411262.7033] device (team0): team port ens3 was released
<info> [1618411262.7033] manager: NetworkManager state is now CONNECTED_SITE
<info> [1618411262.7034] exiting (success)
nm-run.service: Deactivated successfully.
nm-run.service: Unit process 476 (teamd) remains running after unit stopped.
Finished nm-run.service.
```
In the current state, services that depend on network need to
use dracut hooks, since nothing with pull in the network
targets into the transaction.
In the future, it would be nice to provide developers on systemd-only
systems the possibility to not use dracut hooks at all, but simply put
normal systemd services into the initrd.
Also, some modules even right now depend on systemd ordering, like
cryptsetup, so let's make sure, that the ordering inside systemd work
properly as well.
Instead of running directly NM with --debug, create a drop-in in
nm-config.sh. This will make sure, that we can get the debug output
regardless the way how NM will be started.
With dracutsysrootdir set and foreign binaries in sysroot,
running NetworkManager --version is not possible and it may be
different than the one installed on the host.
NM_VERSION can be used to override it.
Signed-off-by: Zoltán Böszörményi <zboszor@pr.hu>
On EL8.3 the NetworkManager keep restarting even if it exits successfully while waiting for Clevis to unlock. This patch ensures NetworkManager runs only once in initrd.
Since commit ff70adf873ef ("initrd: save hostname to a file in /run"),
the initrd generator of NetworkManager parses the hostname from 'ip='
options of the kernel command line and writes it to
/run/NetworkManager/initrd/hostname.
When that file exists, set the kernel hostname.
In presence of multiple hostnames in the command line, the last one
wins. Hostnames from command line always have precedence over ones
received through DHCP. This is a bit different from the legacy network
module that gives higher precedence to the hostname (from DHCP or
command line) of the last interface that is brought up, which depends
on the udev order.
Install libnss_dns.so and libnss_mdns4_minimal.so plugins for the Name
Service Switch (NSS) functionality of glibc so that name resolution
through /etc/resolv.conf and mDNS works in the initrd.
Fixes: #772
The network-manager command line hook must install a
initqueue/finished hook to ensure that nm-run.sh is executed when
there are network connections to activate.
Fixes: #694
NetworkManager would unnecessarily bring up the devices, colliding with
further attempts to rename the devices.
This is arguably a NetworkManager bug and should eventually be fixed there.
Running NetworkManager without the connection is unnecessary regardless.
commit 5e0f8c8a4c ('network-manager: remove useless use of basename')
somewhat carelessly didn't take into account that $_i has a slash at
the end which made the result of the ## substitution be just an empty
string.
The slash was put to the end of /sys/class/net/*/ to make sure we're only
iterating directories, but it's not strictly necessary. In an unlikely case
something else than a directory appears in /sys/class/net/, we'll already deal
with it gracefully. Remove it.
This fixes the TEST-30-ISCSI test.
If the root is on network, let nm-initrd-generator create configuration
even if none was explicitly specified on the command line.
Also do the same if /tmp/net.ifaces exists, because the anaconda plugin
creates an empty file in that location in hopes that will make us
configure the network.
Look for "connection-uuid" instead of "managed" to determine the devices
that are actually activated with a connection and call the online hook.
This fixes the anaconda-net root mount, which utilizes the online hook.
Glenn Morris