Red Hat Bugzilla – Bug 431915
feature request: add 802.1q vlan tagging to anaconda
Last modified: 2014-11-09 17:46:22 EST
My customer wants to install systems across vlans for security reasons. It
would be great to add a kickstart network command option like "--vlanid=123".
network --device eth0 --bootproto static --ip 10.42.10.10 --netmask
255.255.255.0 --gateway 10.42.10.1 --nameserver 10.42.10.100 --hostname
Previous request: BZ: #184922, IT: #85144
I think the change to anaconda would be as simple as something like this??
diff --git a/loader2/module-info b/loader2/module-info
index 9381c5f..8cbc7ba 100644
@@ -75,6 +75,10 @@ Version 0
+ "802.1q VLAN device driver"
but we also have to consider that
...vconfig will need to be in the initrd if it is not already. Those two plus
the appropriate initscripts stuff should make using vlans in kickstart possible.
Why is this not possible currently? I have this running on my environment.
My local setup consists in a PXE running in vlan 500 and have the tree and the
images (vmlinuz and initrd.img) in another vlan. I load the images using nfs
and access the tree through http.
If you don't like the PXE idea, you can have a cd based installation that points
to a ks and tree in another vlan.
I need to have the client that is being installed be able to add vlan tagging to
its own network settings. Right now the 8021q module is not available in the
anaconda install environment, but the vconfig cmd is there. I just need the
module added to the initrd. I don't want to create a custom initrd since I am
using sat serv to provision my systems. Right now I have to build my systems on
a completely different network (i.e. moving a network cable back and forth)
which is just a band-aid right now. In doing this I also have to do some
fudging with network settings to register properly with the sat serv because of
the vlan issue.
Yeah, the vconfig program is there as provided by busybox. We can add the 8021q.ko module to the initrd, but that will not give you the ability to specify a vlanid as an argument to the kickstart network command. In order to do that, we'd have to patch both pykickstart and anaconda, and that amount of work should probably first happen in Fedora for development, then be ported to RHEL.
If this is just a request to include the module, I am okay with ACKing it at this relatively late stage in the 5.3 cycle. However if it includes real new development, we should wait until 5.4 and see if we can get some work done in Fedora for it first.
The dot1q module and vconfig need to at least get added for 5.3. This gives those that install via kickstart the chance to use vlans. I'd like to see anaconda actually be able to set the vlan to use for a network install as well, but if that can't make it for 5.3, that's fine.
I have had two customer's: NGA and FBI who use vlans heavily and it would be extremely convenient as a GPS consultant to have that ability to kickstart from one Satellite over many VLAN's. But we would also need to get the Satellite people on board with this also since that sort of option would need to be added to the Satellite Kickstart Options. On October 8th I am meeting with Todd Warner and Chris Wells to talk about future Satellite features and I will bring up VLAN and probably bonding in that meeting. In the Government sector network separation is common practice and kickstarting across vlans would definitely give our product an boost in the ease of use category.
If there is a way to get any VLAN ability in 5.3 and then add full features in Fedora > RHEL 6 (i.e. Satellite and "network --vlanid=blah idea" in ks) then thats fine. Any sort of VLAN functionality in ks soon would be highly appreciated, and I know my two customers would be very grateful.
Our larger (number of entitlement not size of company) customers probably care more about pxeboot and other automated installation and provisioning tools, so I see anaconda as a lower priority for RHEL5, but a nice feature for Fedora and RHEL6. Bonding too.
Add the dot1q module and vconfig to initd for 5.3, so at least kickstart users can use vlans. That's all for RHEL 5 stream. Then look at the business case and see about Fedora (where the anaconda network code has changed drastically) in time for RHEL6.
Just for the record, I'm not sure satellite needs to know about VLANs for this to be a useful feature. There are all sorts of network configurations that would be used where the satellite server would not use VLANs on the interface, but the installer would need to use a VLANS to access certain resources.
Patch applied - module added.
Will be included in 22.214.171.124.
Listing the contents of initrd.img files under pxeboot directory from the install tree doesn't show 8021q.ko is included. This is for both ia64 and x86_64.
Unless somebody proves me wrong I think this FAILS_QA.
Ignore comment #14, bad test.
VERIFIED that initrd.img from the install tree for snap #2 contains the 8021q.ko module.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
Can you post the changset related to this change here?