hi,
we have successfully implemented at tang/clevis environment for
automatically entering luks keys and booting hosts without operator
intervention.
Now we would like to use this as well on ipv6 networks, but I do not seem
to get it to work.
I have already posted this issue to the dracut devs github issue tracker (
https://github.com/dracutdevs/dracut/issues/554) but no response so far.
Maybe here I will get an aswer.
I have tried these combinations but none works
(/etc/dracut.conf.d/1_static.conf)
kernel_cmdline="ip=[fd0c:fc8a:xxxx:xx::2] netmask=64
gateway=[fd0c:fc8a:xxxx:xx::1] nameserver=[fd7a:f141:xxxx:xx::11]"
omit_dracutmodules+="ifcfg"
kernel_cmdline="ip=[fd0c:fc8a:xxxx:xx::2] netmask=/64
gateway=[fd0c:fc8a:xxxx:xx::1] nameserver=[fd7a:f141:xxxx:xx::11]"
omit_dracutmodules+="ifcfg"
kernel_cmdline="ip=[fd0c:fc8a:xxxx:xx::2]::[fd0c:fc8a:xxx:xx::1]:64:::none::[mac:address]
nameserver=[fd7a:f141:xxxx:xx::11]"
kernel_cmdline="ip=[fd0c:fc8a:xxxx:xx::2]::[fd0c:fc8a:xxxx:xx::1]:64::eno1:none
nameserver=[fd7a:f141:xxxx:xxx::11]"
With the first two I get an unbootable system (system halted) (sorry, I did
not take a foto of the error), the latest two do boot but never contact the
tang server so I need to manually enter the luks key.
On the ipv6 gateway there comes no ipv6 traffic from the dracut client
while on the luks password prompt. Once the system is booted, I can decrypt
fine sing the clevis tools and ipv6 (no firewall issue).
We are working arround the issue booting clevis in dracut with a ipv4
address and natting the http client to the tang servers on the gateway, but
this is suboptimal and makes us maintain an ipv4 presence we neither need
nor want.
Am I missing something obvious in the dracut conf file maybe? Anyone
experience with something similar?
Thanks in advance.
--
regards,
Natxo