Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FCOS asking for two DHCP leases #58

Closed
jlebon opened this issue Feb 22, 2019 · 5 comments
Closed

FCOS asking for two DHCP leases #58

jlebon opened this issue Feb 22, 2019 · 5 comments

Comments

@jlebon
Copy link
Member

jlebon commented Feb 22, 2019

Right now, booting FCOS will result in two DHCP leases being handed out: once during the initrd, and once more in the real root. I initially thought this was because unlike in FAH, we weren't shipping initscripts, which has a legacy script to copy networking data over from the initrd (though in addition to that, FAH also doesn't set up networking since we don't have rd.neednet=1).

Anyway, I was playing with variations of:

diff --git a/fedora-coreos-base.yaml b/fedora-coreos-base.yaml
index 95c2c6f..4b81036 100644
--- a/fedora-coreos-base.yaml
+++ b/fedora-coreos-base.yaml
@@ -122,12 +122,29 @@ postprocess:
     WantedBy=multi-user.target
     EOF

+    # Make sure we carry any DHCP lease obtained during initrd
+    cat > /usr/lib/systemd/system/coreos-carry-initrd-lease.service <<'EOF'
+    [Unit]
+    Description=Carry over DHCP lease from initramfs
+    DefaultDependencies=no
+    ConditionDirectoryNotEmpty=/run/initramfs/state/var/lib/dhclient
+    Before=sysinit.target
+    After=local-fs.target systemd-tmpfiles-setup.service
+    [Service]
+    Type=oneshot
+    ExecStart=/usr/bin/sh -c "cp -v /run/initramfs/state/var/lib/dhclient/*.lease /var/lib/NetworkManager"
+    ExecStart=/usr/bin/sh -c "grep UUID= /run/initramfs/state/etc/sysconfig/network-scripts/ifcfg-eth0 >> /etc/sysconfig/network-scripts/ifcfg-eth0"
+    RemainAfterExit=yes
+    [Install]
+    WantedBy=sysinit.target
+    EOF
+
     cat >/usr/lib/systemd/system-preset/42-coreos.preset << EOF
     # Presets here that eventually should live in the generic fedora presets
     # This one is from https://github.com/coreos/ignition-dracut
     enable ignition-firstboot-complete.service
     enable coreos-growpart.service
     enable coreos-useradd-core.service
+    enable coreos-carry-initrd-lease.service
     enable console-login-helper-messages-*.service
     enable console-login-helper-messages-*.path
     EOF

Though for some reason, NetworkManager still calls dhclient again. The lease file then ends up with two also identical entries.

Interestingly, on RHCOS maipo, this does not happen, even though rhel-import-state is disabled, and NetworkManager does end up calling dhclient again. Though it looks like dhclient is happy reusing the same lease.
@bgilbert
Copy link
Contributor

There are a couple pieces here:

  1. The initramfs should only be enabling networking on the first boot, when Ignition needs it (Enable initramfs networking only on first boot #43).
  2. The Ignition config may change the network configuration, so we shouldn't necessarily carry the initial DHCP lease into the real root.
  3. On CL, when Ignition or coreos-metadata modify network configs from inside the initramfs, they only do it for the real root, not for the initramfs itself. This leads to Ignition can't fetch remote resources on DigitalOcean bugs#2205 on DigitalOcean and similar problems on particular bare metal or virt environments, so we may want to consider behaving differently in FCOS. If we do restart networking inside the initramfs itself, then there's no harm in carrying the resulting leases into the real root.

On the basis of point 1, I'd probably advocate for not changing this behavior. Otherwise, the network setup will happen via a different path only on the first boot.

@jlebon
Copy link
Member Author

jlebon commented Feb 22, 2019 

2\. The Ignition config may change the network configuration, so we shouldn't necessarily carry the initial DHCP lease into the real root.

Yeah, that's a good point. It'd be neat though if we could let the stack take care of this for us (i.e. NM or dhclient understanding that it's safe to reuse the same connection if the configs match).

One side effect of this right now is that e.g. virsh domifaddr will show two addresses. And ip addr as well in the VM.

@bgilbert
Copy link
Contributor

If we're actually getting two different IP addresses, that seems like a server misconfiguration? I'd expect a second request from the same MAC to return the existing valid lease.

@dustymabe
Copy link
Member

If we're actually getting two different IP addresses, that seems like a server misconfiguration? I'd expect a second request from the same MAC to return the existing valid lease.

I'm seeing this in the local libvirt case.

jlebon added a commit to jlebon/coreos-assembler that referenced this issue Feb 22, 2019
@jlebon
image-cloud.ks: Use DHCP_CLIENT_ID=mac
ef728f2 
Right now in FCOS, VMs are getting *two* IP addresses when testing
locally in libvirt. The root of the issue is that the first request in
the initrd is using a different client ID than the one from NM in the
real root. This throws off at least dnsmasq, which then refuses to give
out the same IP again. Tell NM to also use the MAC address as the client
ID, to match what `dhclient` also does in the initrd.

For more background information, see:
coreos/fedora-coreos-config#58

Closes: coreos/fedora-coreos-config#58
@jlebon jlebon mentioned this issue Feb 22, 2019
Merged
@jlebon
Copy link
Member Author

jlebon commented Feb 22, 2019

Unwilling to let this go, I finally got to the bottom of it! PR in coreos/coreos-assembler#367.

jlebon added a commit to jlebon/coreos-assembler that referenced this issue Feb 26, 2019
@jlebon
image-cloud.ks: Use DHCP_CLIENT_ID=mac
59a36f3 
Right now in FCOS, VMs are getting *two* IP addresses when testing
locally in libvirt. The root of the issue is that the first request in
the initrd is using a different client ID than the one from NM in the
real root. This throws off at least dnsmasq, which then refuses to give
out the same IP again. Tell NM to also use the MAC address as the client
ID, to match what `dhclient` also does in the initrd.

For more background information, see:
coreos/fedora-coreos-config#58

Closes: coreos/fedora-coreos-config#58
@michaeldebian michaeldebian mentioned this issue Jul 2, 2020
Closed
c4rt0 pushed a commit to c4rt0/fedora-coreos-config that referenced this issue Mar 27, 2023
@openshift-merge-robot
Merge pull request coreos#58 from cgwalters/rdgo-artifacts
de1c9e8 
jenkins/rdgo: Archive rdgo artifacts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bgilbert @dustymabe @jlebon