Bug 431915

Summary: feature request: add 802.1q vlan tagging to anaconda
Product: Red Hat Enterprise Linux 5 Reporter: Michele Newman <mnewman>
Component: anacondaAssignee: Radek Vykydal <rvykydal>
Status: CLOSED ERRATA QA Contact: Alexander Todorov <atodorov>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.3CC: agospoda, atodorov, borgan, cstlaure, ddumas, emcnabb, ndevos, riek, tao, xiaohm
Target Milestone: rcKeywords: FutureFeature, Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-01-20 21:37:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michele Newman 2008-02-07 20:10:50 UTC
My customer wants to install systems across vlans for security reasons.  It
would be great to add a kickstart network command option like "--vlanid=123".  

Example:

network --device eth0 --bootproto static --ip 10.42.10.10 --netmask
255.255.255.0 --gateway 10.42.10.1 --nameserver 10.42.10.100 --hostname
server1.example.com  --vlanid=100

Additional info:
Previous request: BZ: #184922, IT: #85144

Comment 1 Andy Gospodarek 2008-03-17 14:09:35 UTC
I think the change to anaconda would be as simple as something like this??

diff --git a/loader2/module-info b/loader2/module-info
index 9381c5f..8cbc7ba 100644
--- a/loader2/module-info
+++ b/loader2/module-info
@@ -75,6 +75,10 @@ Version 0
        eth
        "3Com 3c590/3c595/3c90x/3cx980"

+8021q
+       eth
+       "802.1q VLAN device driver"
+
 82596
        eth
        "Apricot 82596"

but we also have to consider that 

Comment 2 Andy Gospodarek 2008-03-18 20:22:34 UTC
...vconfig will need to be in the initrd if it is not already.  Those two plus
the appropriate initscripts stuff should make using vlans in kickstart possible.

Comment 3 Joel Andres Granados 2008-04-18 12:32:41 UTC
Why is this not possible currently?  I have this running on my environment.  

My local setup consists in a PXE running in vlan 500 and have the tree and the
images (vmlinuz and initrd.img) in another vlan.  I load the images using nfs
and access the tree through http.

If you don't like the PXE idea, you can have a cd based installation that points
to a ks and tree in another vlan.

Comment 4 Michele Newman 2008-04-23 16:44:29 UTC
I need to have the client that is being installed be able to add vlan tagging to
its own network settings. Right now the 8021q module is not available in the
anaconda install environment, but the vconfig cmd is there.  I just need the
module added to the initrd.  I don't want to create a custom initrd since I am
using sat serv to provision my systems.  Right now I have to build my systems on
a completely different network (i.e. moving a network cable back and forth)
which is just a band-aid right now.  In doing this I also have to do some
fudging with network settings to register properly with the sat serv because of
the vlan issue.  

Comment 5 Chris Lumens 2008-08-18 15:22:12 UTC
Yeah, the vconfig program is there as provided by busybox.  We can add the 8021q.ko module to the initrd, but that will not give you the ability to specify a vlanid as an argument to the kickstart network command.  In order to do that, we'd have to patch both pykickstart and anaconda, and that amount of work should probably first happen in Fedora for development, then be ported to RHEL.

If this is just a request to include the module, I am okay with ACKing it at this relatively late stage in the 5.3 cycle.  However if it includes real new development, we should wait until 5.4 and see if we can get some work done in Fedora for it first.

Comment 7 Andy Gospodarek 2008-08-22 20:38:40 UTC
The dot1q module and vconfig need to at least get added for 5.3.  This gives those that install via kickstart the chance to use vlans.  I'd like to see anaconda actually be able to set the vlan to use for a network install as well, but if that can't make it for 5.3, that's fine.

Comment 8 Denise Dumas 2008-09-10 17:11:12 UTC
Per Michelle: 
I have had two customer's: NGA and FBI who use vlans heavily and it would be extremely convenient as a GPS consultant to have that ability to kickstart from one Satellite over many VLAN's. But we would also need to get the Satellite people on board with this also since that sort of option would need to be added to the Satellite Kickstart Options. On October 8th I am meeting with Todd Warner and Chris Wells to talk about future Satellite features and I will bring up VLAN and probably bonding in that meeting. In the Government sector network separation is common practice and kickstarting across vlans would definitely give our product an boost in the ease of use category.

If there is a way to get any VLAN ability in 5.3 and then add full features in Fedora > RHEL 6 (i.e. Satellite and "network --vlanid=blah idea" in ks) then thats fine. Any sort of VLAN functionality in ks soon would be highly appreciated, and I know my two customers would be very grateful.

Per Andy: 
Our larger (number of entitlement not size of company) customers probably care more about pxeboot and other automated installation and provisioning tools, so I see anaconda as a lower priority for RHEL5, but a nice feature for Fedora and RHEL6. Bonding too.

Our plan: 
Add the dot1q module and vconfig to initd for 5.3, so at least kickstart users can use vlans. That's all for RHEL 5 stream. Then look at the business case and see about Fedora (where the anaconda  network code has changed drastically) in time for RHEL6.

Comment 9 Andy Gospodarek 2008-09-10 17:47:22 UTC
Just for the record, I'm not sure satellite needs to know about VLANs for this to be a useful feature.  There are all sorts of network configurations that would be used where the satellite server would not use VLANs on the interface, but the installer would need to use a VLANS to access certain resources.

Comment 11 Radek Vykydal 2008-09-11 16:00:39 UTC
Patch applied - module added.
Will be included in 11.1.2.122.

Comment 14 Alexander Todorov 2008-11-12 12:38:16 UTC
Listing the contents of initrd.img files under pxeboot directory from the install tree doesn't show 8021q.ko is included. This is for both ia64 and x86_64.

Unless somebody proves me wrong I think this FAILS_QA.

Comment 15 Alexander Todorov 2008-11-12 14:36:41 UTC
Ignore comment #14, bad test. 

VERIFIED that initrd.img from the install tree for snap #2 contains the 8021q.ko module.

Comment 17 errata-xmlrpc 2009-01-20 21:37:24 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0164.html

Comment 21 Tom 2013-01-21 16:25:56 UTC
Can you post the changset related to this change here?

Thanks.