[CentOS] C7, encryption, and clevis

Fri Jun 8 15:11:02 UTC 2018
John Hodrien <J.H.Hodrien at leeds.ac.uk>

On Fri, 8 Jun 2018, m.roth at 5-cent.us wrote:

> We've been required to encrypt h/ds, and so have been rolling that out
> over the last year or so. Thing is, you need to put in a password, of
> course, to boot the system. My manager found a way to allow us to reboot
> without being at the system's keyboard, a package called clevis. Works
> fine... except in a couple of very special cases.
> Those systems, the problem is that, due to older software, and *very*
> expensive licenses that are tied to a MAC address, I have to spoof the MAC
> address since my users got new(er) machines.
> Clevis is trying to contact its password server, using the *real* MAC
> address, but our DHCP has to serve the *spoofed* MAC address. I know, from
> trying, that I can't have two entries for the same system. Can anyone
> suggest a solution?

Nothing wrong with having two MAC addresses listed for one IP.  With ISC DHCP
the label for a host has to be unique, but the hostname doesn't.