Bug 1821251
| Summary: | Support network bound disk encryption with static IP configuration with RHHI-V | ||
|---|---|---|---|
| Product: | [Red Hat Storage] Red Hat Gluster Storage | Reporter: | SATHEESARAN <sasundar> |
| Component: | gluster-ansible | Assignee: | Gobinda Das <godas> |
| Status: | CLOSED ERRATA | QA Contact: | SATHEESARAN <sasundar> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rhgs-3.5 | CC: | asakthiv, godas, pprakash, puebele, rhs-bugs, sabose, sasundar, sheggodu |
| Target Milestone: | --- | Keywords: | ZStream |
| Target Release: | RHGS 3.5.z Batch Update 2 | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | gluster-ansible-infra-1.0.4-8.el8rhgs,gluster-ansible-roles-1.0.5-8.el8rhgs | Doc Type: | Enhancement |
| Doc Text: |
Previously, host root disk was encrypted using clevis, during the reboot of host the user was required to manually enter passphrase to unlock root disk. In this release, tang server is configured to automate the reboot process without manual entry of passphrase, on Red Hat Hyperconverged Infrastructure for Virtualization deployments.
|
Story Points: | --- |
| Clone Of: | 1821248 | Environment: |
rhhiv, rhel8
|
| Last Closed: | 2020-06-16 05:57:32 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1821248 | ||
Tested with gluster-ansible-infra-1.0.4-8.el8rhgs 1. Hosts are configured with static IPs 2. Inventory file is edited with static IP, prefix, and the gateway. 3. Execute the playbook 4. Rebooted the host The host could boot properly with static IP configured and doesn't wait for encryption passphrase prompt RDT updated Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2020:2575 |
Description of problem: ----------------------- Static IP configuration requires some more values required for generating initramfs, without which the proper lookup for tang server will not work. Following info is required per host and should be collected as part of inventory file: host_ip_addr: host_ip_prefix: host_net_gateway: Version-Release number of selected component (if applicable): -------------------------------------------------------------- gluster-ansible-infra-1.0.4-7 How reproducible: ----------------- Not applicable, there is no support for static IP based deployment Steps to Reproduce: ------------------- Not Applicable. This is the request to have few more attributes in the inventory file to support static deployment Actual results: --------------- No support for static IP based configuration Expected results: ----------------- Support for static IP configuration --- Additional comment from SATHEESARAN on 2020-04-06 11:51:03 UTC --- Inventory file should include following Global option: ip_version: 4 or 6 ( defaults to 4, ipv4 ) ip_config_method: static or dhcp ( defaults to dhcp ) Per host: Only if 'ip_config_method' is 'static', following details makes sense host_ip_addr: Static IP of the host host_ip_prefix: network prefix host_net_gateway: Default network gateway Dracut drop-in file (Clevis.conf) content for ipv4: [root@localhost ~]# cat /etc/dracut.conf.d/clevis.conf kernel_cmdline="ip={{host_ip_addr}}::{{host_net_gateway}}:{{host_ip_prefix}}::{{interface}}:off" omit_dracutmodules+="ifcfg" omit_dracutmodules+="network-legacy" add_dracutmodules+="clevis network-manager" Dracut drop-in file (Clevis.conf) content for ipv6: [root@localhost ~]# cat /etc/dracut.conf.d/clevis.conf kernel_cmdline="ip={{[host_ip_addr]}}::{{[host_net_gateway]}}:{{host_ip_prefix}}::{{interface}}:off" omit_dracutmodules+="ifcfg" omit_dracutmodules+="network-legacy" add_dracutmodules+="clevis network-manager"