Closed ne20002 closed 2 years ago
I now have set up LUKS2 encryption with tang/clevis which initializes the NIC at startup before unlocking the root device.
Can you say exactly what you did? For example, if you followed some instructions, could you link to them?
You say "root device", so is the NIC initialized by the initrd already?
I used mainly this info: https://semanticlab.net/sysadmin/encryption/Network-bound-disk-encryption-in-ubuntu-20.04/ I also found that I needed to add two additinal modules to /etc/initramfs-tools/modules (usbnet, r8152) as I use a TB4 docking station.
So, yes, the NIC is intialized at boot by initrd .. clevis queries the tang server, gets a key and unlocks the root partition. Then the boot continues.
But now the NIC, already initialized is not longer managed by NetworkManager ... and I wonder if I can force NetworkManager to take control afterwards.
Ok, I found my solution. In Debian/Ubuntu (don't know for other distros) I needed to do: $ cd /etc/netplan $ cp 1-network-manager-all.yaml z-1-network-manager-all.yaml $ nano z-1-network-manager-all.yaml
Have it like this:
# Let NetworkManager manage all devices on this system network: version: 2 renderer: NetworkManager ethernets: enxf4a80d0885b0: dhcp4: true dhcp-identifier: mac critical: true dhcp6: true
Check for your NIC identifier
The I needed to rebuild initramfs with: $ update-initramfs -u -k 'all'
After this, the network initialization is done by NetworkManager at boot.
Hi I have a server set up with Debian Bullseye using Cockpit. The network page was just fine using Network-Manager to handle the NIC. I now have set up LUKS2 encryption with tang/clevis which initializes the NIC at startup before unlocking the root device. This works so far, except: the NIC is now no longer handled by Network-Manager. Is there any way to get this fixed so that the NIC is used on boot for tang/clevis with dhcp and afterwards it is managed by Network-Manager?