hi,
we have successfully implemented at tang/clevis environment for automatically entering luks keys and booting hosts without operator intervention.
Now we would like to use this as well on ipv6 networks, but I do not seem to get it to work.
I have already posted this issue to the dracut devs github issue tracker ( https://github.com/dracutdevs/dracut/issues/554) but no response so far. Maybe here I will get an aswer.
I have tried these combinations but none works (/etc/dracut.conf.d/1_static.conf)
kernel_cmdline="ip=[fd0c:fc8a:xxxx:xx::2] netmask=64 gateway=[fd0c:fc8a:xxxx:xx::1] nameserver=[fd7a:f141:xxxx:xx::11]" omit_dracutmodules+="ifcfg"
kernel_cmdline="ip=[fd0c:fc8a:xxxx:xx::2] netmask=/64 gateway=[fd0c:fc8a:xxxx:xx::1] nameserver=[fd7a:f141:xxxx:xx::11]" omit_dracutmodules+="ifcfg"
kernel_cmdline="ip=[fd0c:fc8a:xxxx:xx::2]::[fd0c:fc8a:xxx:xx::1]:64:::none::[mac:address] nameserver=[fd7a:f141:xxxx:xx::11]"
kernel_cmdline="ip=[fd0c:fc8a:xxxx:xx::2]::[fd0c:fc8a:xxxx:xx::1]:64::eno1:none nameserver=[fd7a:f141:xxxx:xxx::11]"
With the first two I get an unbootable system (system halted) (sorry, I did not take a foto of the error), the latest two do boot but never contact the tang server so I need to manually enter the luks key.
On the ipv6 gateway there comes no ipv6 traffic from the dracut client while on the luks password prompt. Once the system is booted, I can decrypt fine sing the clevis tools and ipv6 (no firewall issue). We are working arround the issue booting clevis in dracut with a ipv4 address and natting the http client to the tang servers on the gateway, but this is suboptimal and makes us maintain an ipv4 presence we neither need nor want.
Am I missing something obvious in the dracut conf file maybe? Anyone experience with something similar?
Thanks in advance.
-- regards, Natxo