Use generated network configuration by default

This commit removes the hard-coded `eth0.xml` network configuration file in favor of using `netdog` to generate the network configuration for all variants. It adds a new systemd unit file to run `netdog generate-net-config` early in boot, before the network is up. To generate the network configuration for AWS/VMware variants, we pass `netdog.default-interface=eth0:dhcp4,dhcp6?` which `netdog` interprets and generates network config similar to the hardcoded file previously used for these variants. For metal variants, we decided to use systemd-udevd's predictable device naming so we can count on network devices being named identically every boot. We currently pass `net.ifnames=0` on the kernel command line which disables predictable naming, which is fine for AWS and VMware variants as hardware is controlled and instances typically initially come up with a single interface in the same PCIe location. In order to continue using `net.ifnames=0` for AWS/VMware, we move this parameter out of the default kernel command line to the KERNEL_PARAMETERS section of each variants `Cargo.toml`. Aside: We previously passed `biosdevname=0` on the kernel command line as well. `biosdevname` is a udev helper utility written by Dell for consistent device naming based on SMBIOS info. We don't currently package the helper or include the udev rule that uses it, so we have removed the `biosdevname` parameter entirely.
bottlerocket-os · May 16, 2022 · f68eec8 · f68eec8
1 parent 2ecf51c
commit f68eec8
Show file tree

Hide file tree

Showing 19 changed files with 49 additions and 42 deletions.
diff --git a/packages/os/generate-network-config.service b/packages/os/generate-network-config.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Generate network configuration
+# Block manual interactions with this service, since it could leave the system in an
+# unexpected state
+RefuseManualStart=true
+RefuseManualStop=true
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/netdog generate-net-config
+RemainAfterExit=true
+StandardError=journal+console
+
+[Install]
+RequiredBy=network-pre.target
diff --git a/packages/os/os.spec b/packages/os/os.spec
@@ -45,6 +45,7 @@ Source114: [email protected]
 Source115: link-kernel-modules.service
 Source116: load-kernel-modules.service
 Source117: cfsignal.service
+Source118: generate-network-config.service
 
 # 2xx sources: tmpfilesd configs
 Source200: migration-tmpfiles.conf
@@ -444,7 +445,7 @@ install -d %{buildroot}%{_cross_unitdir}
 install -p -m 0644 \
   %{S:100} %{S:101} %{S:102} %{S:103} %{S:105} \
   %{S:106} %{S:107} %{S:110} %{S:111} %{S:112} \
-  %{S:113} %{S:114} \
+  %{S:113} %{S:114} %{S:118} \
 %if %{_is_vendor_variant}
   %{S:115} %{S:116} \
 %endif
@@ -487,6 +488,7 @@ install -p -m 0644 %{S:300} %{buildroot}%{_cross_udevrulesdir}/80-ephemeral-stor
 %files -n %{_cross_os}netdog
 %{_cross_bindir}/netdog
 %{_cross_tmpfilesdir}/netdog.conf
+%{_cross_unitdir}/generate-network-config.service
 
 %files -n %{_cross_os}corndog
 %{_cross_bindir}/corndog

diff --git a/packages/release/eth0.xml b/packages/release/eth0.xml
diff --git a/packages/release/release-tmpfiles.conf b/packages/release/release-tmpfiles.conf
@@ -1,5 +1,4 @@
 C /etc/nsswitch.conf - - - -
-C /etc/wicked/ifconfig/eth0.xml - - - -
 d /var/log/kdump 0700 root root -
 d /sys/fs/cgroup/cpuset/runtime.slice 0755 root root -
 d /sys/fs/cgroup/hugetlb/runtime.slice 0755 root root -

diff --git a/packages/release/release.spec b/packages/release/release.spec
@@ -18,7 +18,6 @@ Source201: proxy-env
 Source202: hostname-env
 Source203: hosts.template
 
-Source1000: eth0.xml
 Source1001: multi-user.target
 Source1002: configured.target
 Source1003: preconfigured.target
@@ -106,9 +105,6 @@ Requires: %{_cross_os}wicked
 install -d %{buildroot}%{_cross_factorydir}%{_cross_sysconfdir}
 install -p -m 0644 %{S:11} %{buildroot}%{_cross_factorydir}%{_cross_sysconfdir}
 
-install -d %{buildroot}%{_cross_factorydir}%{_cross_sysconfdir}/wicked/ifconfig
-install -p -m 0644 %{S:1000} %{buildroot}%{_cross_factorydir}%{_cross_sysconfdir}/wicked/ifconfig
-
 install -d %{buildroot}%{_cross_libdir}/repart.d
 install -p -m 0644 %{S:96} %{buildroot}%{_cross_libdir}/repart.d/80-local.conf
 
@@ -172,7 +168,6 @@ ln -s preconfigured.target %{buildroot}%{_cross_unitdir}/default.target
 
 %files
 %{_cross_factorydir}%{_cross_sysconfdir}/nsswitch.conf
-%{_cross_factorydir}%{_cross_sysconfdir}/wicked/ifconfig/eth0.xml
 %{_cross_sysctldir}/80-release.conf
 %{_cross_tmpfilesdir}/release.conf
 %{_cross_libdir}/os-release

diff --git a/packages/wicked/wicked-tmpfiles.conf b/packages/wicked/wicked-tmpfiles.conf
@@ -2,6 +2,7 @@ C /etc/wicked/client.xml - - - -
 C /etc/wicked/common.xml - - - -
 C /etc/wicked/nanny.xml - - - -
 C /etc/wicked/server.xml - - - -
+d /etc/wicked/ifconfig 0700 root root -
 
 d /var/lib/wicked 0700 root root -
 Z /var/lib/wicked 0700 root root -
diff --git a/tools/rpm2img b/tools/rpm2img
@@ -280,8 +280,7 @@ menuentry "${PRETTY_NAME} ${VERSION_ID}" {
        dm-mod.create="root,,,ro,0 $VERITY_DATA_512B_BLOCKS verity $VERITY_VERSION PARTUUID=\$boot_uuid/PARTNROFF=1 PARTUUID=\$boot_uuid/PARTNROFF=2 \\
        $VERITY_DATA_BLOCK_SIZE $VERITY_HASH_BLOCK_SIZE $VERITY_DATA_4K_BLOCKS 1 $VERITY_HASH_ALGORITHM $VERITY_ROOT_HASH $VERITY_SALT 1 restart_on_corruption" \\
        -- \\
-       systemd.log_target=journal-or-kmsg systemd.log_color=0 \\
-       net.ifnames=0 biosdevname=0
+       systemd.log_target=journal-or-kmsg systemd.log_color=0
    ${INITRD}
 }
 EOF

diff --git a/variants/aws-dev/Cargo.toml b/variants/aws-dev/Cargo.toml
@@ -12,7 +12,9 @@ kernel-parameters = [
     "console=tty0",
     "console=ttyS0,115200n8",
     # Only reserve if there are at least 2GB
-    "crashkernel=2G-:256M"
+    "crashkernel=2G-:256M",
+    "net.ifnames=0",
+    "netdog.default-interface=eth0:dhcp4,dhcp6?",
 ]
 included-packages = [
 # core

diff --git a/variants/aws-ecs-1/Cargo.toml b/variants/aws-ecs-1/Cargo.toml
@@ -9,6 +9,8 @@ build = "build.rs"
 kernel-parameters = [
     "console=tty0",
     "console=ttyS0,115200n8",
+    "net.ifnames=0",
+    "netdog.default-interface=eth0:dhcp4,dhcp6?",
 ]
 included-packages = [
 # core

diff --git a/variants/aws-k8s-1.19/Cargo.toml b/variants/aws-k8s-1.19/Cargo.toml
@@ -13,6 +13,8 @@ exclude = ["README.md"]
 kernel-parameters = [
     "console=tty0",
     "console=ttyS0,115200n8",
+    "net.ifnames=0",
+    "netdog.default-interface=eth0:dhcp4,dhcp6?",
 ]
 included-packages = [
     "aws-iam-authenticator",

diff --git a/variants/aws-k8s-1.20/Cargo.toml b/variants/aws-k8s-1.20/Cargo.toml
@@ -21,6 +21,8 @@ included-packages = [
 kernel-parameters = [
     "console=tty0",
     "console=ttyS0,115200n8",
+    "net.ifnames=0",
+    "netdog.default-interface=eth0:dhcp4,dhcp6?",
 ]
 
 [lib]

diff --git a/variants/aws-k8s-1.21-nvidia/Cargo.toml b/variants/aws-k8s-1.21-nvidia/Cargo.toml
@@ -26,6 +26,8 @@ included-packages = [
 kernel-parameters = [
     "console=tty0",
     "console=ttyS0,115200n8",
+    "net.ifnames=0",
+    "netdog.default-interface=eth0:dhcp4,dhcp6?",
 ]
 
 [lib]

diff --git a/variants/aws-k8s-1.21/Cargo.toml b/variants/aws-k8s-1.21/Cargo.toml
@@ -21,6 +21,8 @@ included-packages = [
 kernel-parameters = [
     "console=tty0",
     "console=ttyS0,115200n8",
+    "net.ifnames=0",
+    "netdog.default-interface=eth0:dhcp4,dhcp6?",
 ]
 
 [lib]

diff --git a/variants/aws-k8s-1.22-nvidia/Cargo.toml b/variants/aws-k8s-1.22-nvidia/Cargo.toml
@@ -26,6 +26,8 @@ included-packages = [
 kernel-parameters = [
     "console=tty0",
     "console=ttyS0,115200n8",
+    "net.ifnames=0",
+    "netdog.default-interface=eth0:dhcp4,dhcp6?",
 ]
 
 [lib]

diff --git a/variants/aws-k8s-1.22/Cargo.toml b/variants/aws-k8s-1.22/Cargo.toml
@@ -21,6 +21,8 @@ included-packages = [
 kernel-parameters = [
     "console=tty0",
     "console=ttyS0,115200n8",
+    "net.ifnames=0",
+    "netdog.default-interface=eth0:dhcp4,dhcp6?",
 ]
 
 [lib]

diff --git a/variants/vmware-dev/Cargo.toml b/variants/vmware-dev/Cargo.toml
@@ -14,7 +14,9 @@ kernel-parameters = [
     "console=ttyS0,115200n8",
     "console=tty1",
     # Only reserve if there are at least 2GB
-    "crashkernel=2G-:256M"
+    "crashkernel=2G-:256M",
+    "net.ifnames=0",
+    "netdog.default-interface=eth0:dhcp4,dhcp6?",
 ]
 included-packages = [
 # core

diff --git a/variants/vmware-k8s-1.20/Cargo.toml b/variants/vmware-k8s-1.20/Cargo.toml
@@ -16,7 +16,9 @@ kernel-parameters = [
     "console=ttyS0,115200n8",
     "console=tty1",
     # Only reserve if there are at least 2GB
-    "crashkernel=2G-:256M"
+    "crashkernel=2G-:256M",
+    "net.ifnames=0",
+    "netdog.default-interface=eth0:dhcp4,dhcp6?",
 ]
 included-packages = [
     "cni",

diff --git a/variants/vmware-k8s-1.21/Cargo.toml b/variants/vmware-k8s-1.21/Cargo.toml
@@ -16,7 +16,9 @@ kernel-parameters = [
     "console=ttyS0,115200n8",
     "console=tty1",
     # Only reserve if there are at least 2GB
-    "crashkernel=2G-:256M"
+    "crashkernel=2G-:256M",
+    "net.ifnames=0",
+    "netdog.default-interface=eth0:dhcp4,dhcp6?",
 ]
 included-packages = [
     "cni",

diff --git a/variants/vmware-k8s-1.22/Cargo.toml b/variants/vmware-k8s-1.22/Cargo.toml
@@ -19,7 +19,9 @@ kernel-parameters = [
     "console=ttyS0,115200n8",
     "console=tty1",
     # Only reserve if there are at least 2GB
-    "crashkernel=2G-:256M"
+    "crashkernel=2G-:256M",
+    "net.ifnames=0",
+    "netdog.default-interface=eth0:dhcp4,dhcp6?",
 ]
 included-packages = [
     "cni",