Bug 1821248 - Support network bound disk encryption with static IP configuration with RHHI-V
Summary: Support network bound disk encryption with static IP configuration with RHHI-V
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Gluster Storage
Classification: Red Hat Storage
Component: rhhi
Version: rhgs-3.5
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
: RHHI-V 1.8
Assignee: Gobinda Das
QA Contact: SATHEESARAN
URL:
Whiteboard:
Depends On: 1821251
Blocks: RHHI-V-1.8-Engineering-Inflight-BZs
TreeView+ depends on / blocked
 
Reported: 2020-04-06 11:40 UTC by SATHEESARAN
Modified: 2020-08-04 14:52 UTC (History)
2 users (show)

Fixed In Version: gluster-ansible-infra-1.0.4-8.el8rhgs
Doc Type: Enhancement
Doc Text:
At-rest encryption using Network-Bound Disk Encryption is now supported on new Red Hat Hyperconverged Infrastructure for Virtualization deployments.
Clone Of:
: 1821251 (view as bug list)
Environment:
Last Closed: 2020-08-04 14:52:07 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2020:3314 0 None None None 2020-08-04 14:52:25 UTC

Description SATHEESARAN 2020-04-06 11:40:28 UTC 
Description of problem:
-----------------------
Static IP configuration requires some more values required for generating initramfs, without which the proper lookup for tang server will not work.

Following info is required per host and should be collected as part of inventory file:

host_ip_addr:
host_ip_prefix:
host_net_gateway:

Version-Release number of selected component (if applicable):
--------------------------------------------------------------
gluster-ansible-infra-1.0.4-7

How reproducible:
-----------------
Not applicable, there is no support for static IP based deployment

Steps to Reproduce:
-------------------
Not Applicable. This is the request to have few more attributes in the inventory file to support static deployment

Actual results:
---------------
No support for static IP based configuration

Expected results:
-----------------
Support for static IP configuration
Comment 1 SATHEESARAN 2020-04-06 11:51:03 UTC 
Inventory file should include following 

Global option:
ip_version: 4 or 6 ( defaults to 4, ipv4 )
ip_config_method: static or dhcp ( defaults to dhcp )

Per host:
Only if 'ip_config_method' is 'static', following details makes sense
host_ip_addr: Static IP of the host
host_ip_prefix: network prefix
host_net_gateway: Default network gateway

Dracut drop-in file (Clevis.conf) content for ipv4:

[root@localhost ~]# cat /etc/dracut.conf.d/clevis.conf 
kernel_cmdline="ip={{host_ip_addr}}::{{host_net_gateway}}:{{host_ip_prefix}}::{{interface}}:off"
omit_dracutmodules+="ifcfg"
omit_dracutmodules+="network-legacy"
add_dracutmodules+="clevis network-manager"


Dracut drop-in file (Clevis.conf) content for ipv6:

[root@localhost ~]# cat /etc/dracut.conf.d/clevis.conf 
kernel_cmdline="ip={{[host_ip_addr]}}::{{[host_net_gateway]}}:{{host_ip_prefix}}::{{interface}}:off"
omit_dracutmodules+="ifcfg"
omit_dracutmodules+="network-legacy"
add_dracutmodules+="clevis network-manager"
Comment 3 SATHEESARAN 2020-04-18 08:28:45 UTC 
Tested with gluster-ansible-infra-1.0.4-8.el8rhgs

1. Hosts are configured with static IPs
2. Inventory file is edited with static IP, prefix, and the gateway.
3. Execute the playbook
4. Rebooted the host

The host could boot properly with static IP configured and doesn't wait
for encryption passphrase prompt
Comment 7 errata-xmlrpc 2020-08-04 14:52:07 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (RHHI for Virtualization 1.8 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:3314
Note You need to log in before you can comment on or make changes to this bug.