Description of problem: dracut module 'clevis' will not be installed, because it's in the list to be omitted! Version-Release number of selected component (if applicable): redhat-virtualization-host-image-update-placeholder-4.4.5-4.el8ev.noarch redhat-virtualization-host-image-update-4.4.5-20210330.0.el8_3.noarch How reproducible: everytime Steps to Reproduce: 1.install 4.4.3 host or even older 2. upgrade to 4.4.5 3. Actual results: dracut module 'clevis' will not be installed, because it's in the list to be omitted! Expected results: clevis module wil be included Additional info: it looks like the issue is caused by whitespaces in /usr/lib/dracut/dracut.conf.d/99-vdsm_protect_ifcfg.conf clevis is included in in initramfs with below: omit_dracutmodules+="ifcfg clevis" clevis is not included in in initramfs with below: omit_dracutmodules+=" ifcfg clevis "
As mentioned in BZ1760262 we need to omit clevis module. But if in your setup you require clevis module, overwrite dracut configuration using /etc/dracut.conf.d directory as mentioned https://bugzilla.redhat.com/show_bug.cgi?id=1943383#c8
Hello Martin, Ales if "/usr/lib/dracut/dracut.conf.d/99-vdsm_protect_ifcfg.conf" does contain "omit_dracutmodules+=" ifcfg clevis "" clevis is not included in in initramfs even there is config file in /etc/dracut.conf.d/clevis.conf if "/usr/lib/dracut/dracut.conf.d/99-vdsm_protect_ifcfg.conf" does contain "omit_dracutmodules+="ifcfg clevis"" clevis is included in in initramfs with same config file in /etc/dracut.conf.d/clevis.conf Marian
(In reply to Marian Jankular from comment #3) > Hello Martin, Ales > > if "/usr/lib/dracut/dracut.conf.d/99-vdsm_protect_ifcfg.conf" does contain > "omit_dracutmodules+=" ifcfg clevis "" clevis is not included in in > initramfs even there is config file in /etc/dracut.conf.d/clevis.conf > > if "/usr/lib/dracut/dracut.conf.d/99-vdsm_protect_ifcfg.conf" does contain > "omit_dracutmodules+="ifcfg clevis"" clevis is included in in initramfs with > same config file in /etc/dracut.conf.d/clevis.conf > > Marian The file needs to be named the same so it would be "/etc/dracut.conf.d/99-vdsm_protect_ifcfg.conf" containing: 1) If you want to enable only clevis (not sure if this is allowed in order to get clevis working): omit_dracutmodules+=" clevis " 2) Enable both ifcfg and clevis: #Empty or some comment
(In reply to Ales Musil from comment #4) > (In reply to Marian Jankular from comment #3) > > Hello Martin, Ales > > > > if "/usr/lib/dracut/dracut.conf.d/99-vdsm_protect_ifcfg.conf" does contain > > "omit_dracutmodules+=" ifcfg clevis "" clevis is not included in in > > initramfs even there is config file in /etc/dracut.conf.d/clevis.conf > > > > if "/usr/lib/dracut/dracut.conf.d/99-vdsm_protect_ifcfg.conf" does contain > > "omit_dracutmodules+="ifcfg clevis"" clevis is included in in initramfs with > > same config file in /etc/dracut.conf.d/clevis.conf > > > > Marian > > The file needs to be named the same so it would be > "/etc/dracut.conf.d/99-vdsm_protect_ifcfg.conf" > containing: > > 1) If you want to enable only clevis (not sure if this is allowed in order > to get clevis working): > omit_dracutmodules+=" clevis " Ops the other way around, my bad. omit_dracutmodules+=" ifcfg " > > 2) Enable both ifcfg and clevis: > #Empty or some comment
Hi, ifcfg was explicitly disabled in https://gerrit.ovirt.org/c/vdsm/+/104420 // https://bugzilla.redhat.com/show_bug.cgi?id=1760262 so I am not sure the fix is just enabling it again :) https://gerrit.ovirt.org/c/vdsm/+/104420 says "Enabling clevis on an ovirt host requires special handling" but I did not find how to actually enable it in any docs. Maybe Milan Zamazal could explain what his commit means?
Marian, the description of the bug is somewhat confusing, what's the real issue? I. Clevis module is not enabled by default, because it caused issues described in BZ1760262. Do you want to enable it, becuase you are not affected by BZ1760262? If so, then you need to create /etc/dracut.conf.d/99-vdsm_protect_ifcfg.conf with below content omit_dracutmodules+=" ifcfg " II. Clevis module should not be enabled by default, but you can see it enabled in your setup? If so, could you please share all customizations that you did on your hypervisor?
(In reply to Martin Perina from comment #7) > Marian, the description of the bug is somewhat confusing, what's the real > issue? > > I. Clevis module is not enabled by default, because it caused issues > described in BZ1760262. > Do you want to enable it, becuase you are not affected by BZ1760262? If > so, then you need > to create /etc/dracut.conf.d/99-vdsm_protect_ifcfg.conf with below > content > > omit_dracutmodules+=" ifcfg " > > II. Clevis module should not be enabled by default, but you can see it > enabled in your setup? If so, could you please share all customizations that > you did on your hypervisor? Hi, the issue is file on my behalf. I am a RHV customer and I would like to know how to enable clevis on rhvh. I am not sure if I am affected by BZ176026 . The question at the base of this topic is: "how do I enable clevis in a supported manner for rhvh". Greetings Klaas
I looked at my installation, I would say everyone uses bridges except for the ones that use ovs which is in technology preview :)
In theory NetworkManager bug, which caused our issues with ifcfg and clevis modules (BZ1760262), was fixed by BZ1627820. We will try to remove omitting the module and check within our automation if there are no additional issues with bridged networking during 4.4.7 cycle.
What is the suggested way of enabling network during boot? clevis no longer automatically enables dhcp based networking during boot. Is the recommended way having a dhcp enabled setup and using rd.neednet=1 via kernel cmdline host settings in manager? Or would you recommend to set a static configuration that matches the bridged setup that is being setup by host installation?
(In reply to Klaas Demter from comment #15) > What is the suggested way of enabling network during boot? clevis no longer > automatically enables dhcp based networking during boot. > Is the recommended way having a dhcp enabled setup and using rd.neednet=1 > via kernel cmdline host settings in manager? > Or would you recommend to set a static configuration that matches the > bridged setup that is being setup by host installation? Since RHEL 8.3 NetworkManager is enabled by default in dracut. So you can use it, please see https://www.redhat.com/sysadmin/network-confi-initrd for more details.
Verified on - vdsm-4.40.60.7-1.el8ev.x86_64 with rhvm-4.4.6.8-0.1.el8ev.noarch nmstate-1.0.2-6.el8_4.noarch NetworkManager-1.30.0-7.el8.x86_64 No regression found with this fix.
I tested it on ovirt-node 4.4.6.3 for the docs: You'll need a config like this to get dracut to boot with dhcp: # cat /etc/dracut.conf.d/clevis.conf kernel_cmdline="rd.neednet=1" If you have additional encrypted volumes (localstorage for example) you will also need to enable clevis-luks-askpass.path like this: # systemctl enable clevis-luks-askpass.path Greetings Klaas
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Async RHV RHEL Host (ovirt-host) [ovirt-4.4.6]), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:2240