[SOLVED] Initramfs and static IP?

[Dunuin]

Hi,

My Proxmox is installed ontop of a Debain 10 ontop of a LVM ontop of LUKS ontop of a mdraid raid1 array.
I use dropbear-initramfs to SSH into the host to unlock the LUKS after boot. Proxmox only starts after I unlocked the LUKS that way.

That worked really fine without any problems, but now I want to change my network so the host is connected to different subnets by a single VLAN Trunk to my switch.
That trunk works fine as soon as proxmox has started but that way I can't use the same NIC to unlock the LUKS because I don't know if initramfs is capable of using tagged VLANs.
Someone know if that is possible?

Another problem is that I want to replace my router with a virtual OPNsense inside a VM on that proxmox host. Right now initramfs is using DHCP and gets a IP of the router I want to replace. So i really need that the initramfs is using a static IP so I can SSH into the initramfs while booting so that it even works without a working router.

My "/etc/initramfs-tools/initramfs.conf" looks like this:

#
# initramfs.conf
# Configuration file for mkinitramfs(8). See initramfs.conf(5).
#
# Note that configuration options from this file can be overridden
# by config files in the /etc/initramfs-tools/conf.d directory.

#
# MODULES: [ most | netboot | dep | list ]
#
# most - Add most filesystem and all harddrive drivers.
#
# dep - Try and guess which modules to load.
#
# netboot - Add the base modules, network modules, but skip block devices.
#
# list - Only include modules from the 'additional modules' list
#

MODULES=most

#
# BUSYBOX: [ y | n | auto ]
#
# Use busybox shell and utilities.  If set to n, klibc utilities will be used.
# If set to auto (or unset), busybox will be used if installed and klibc will
# be used otherwise.
#

BUSYBOX=auto

#
# KEYMAP: [ y | n ]
#
# Load a keymap during the initramfs stage.
#

KEYMAP=n

#
# COMPRESS: [ gzip | bzip2 | lz4 | lzma | lzop | xz ]
#

COMPRESS=gzip

#
# NFS Section of the config.
#

#
# DEVICE: ...
#
# Specify a specific network interface, like eth0
# Overridden by optional ip= or BOOTIF= bootarg
#

DEVICE=eno2
ip=192.168.43.50::192.168.43.1:255.255.255.0:Hypervisor:eno2:off:192.168.43.1:192.168.42.1:

#
# NFSROOT: [ auto | HOST:MOUNT ]
#

NFSROOT=auto

#
# RUNSIZE: ...
#
# The size of the /run tmpfs mount point, like 256M or 10%
# Overridden by optional initramfs.runsize= bootarg
#

RUNSIZE=10%

#DROPBEAR=y

The line "DEVICE=eno2" is working but that way eno2 is used in the default DHCP mode.
The line "ip=192.168.43.50::192.168.43.1:255.255.255.0:Hypervisor:eno2ff:192.168.43.1:192.168.42.1:" should set a static IP, Gateway, DNS-Servers, interface and hostname but it isn't working. It looks like that line is ignored.

Does someone know how to setup a static IP?

 

[H4R0]

Initramfs does not support vlans, you will have to use a hook script to add the 8021q module. https://github.com/skom91/initramfs-tools-network-hook

Your IP line seems wrong, why do you add 2 gateways at the end ?

This is mine:

# static ip
cat << 'EOF' >> /etc/initramfs-tools/initramfs.conf
DEVICE=enp2s0

IP=192.168.1.10::192.168.1.1:255.255.255.0::enp2s0:off
EOF

update-initramfs -u
reboot

 

[Dunuin]

Initramfs does not support vlans, you will have to use a hook script to add the 8021q module. https://github.com/skom91/initramfs-tools-network-hook

Great, I will try that.

Your IP line seems wrong, why do you add 2 gateways at the end ?

This is mine:

# static ip
cat << 'EOF' >> /etc/initramfs-tools/initramfs.conf
DEVICE=enp2s0

IP=192.168.1.10::192.168.1.1:255.255.255.0::enp2s0:off
EOF

update-initramfs -u
reboot

I found this somewhere as explanation how the line should be look like:

ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf>:<dns0-ip>:<dns1-ip>:<ntp0-ip>

So my line was supposed to be:

ip=192.168.43.50(client-ip)server-ip):192.168.43.1(gw-ip):255.255.255.0(netmask):Hypervisor(hostname):eno2(device)ff(autoconf):192.168.43.1(dns0-ip):192.168.42.1(dns1-ip)ntp0-ip)

So the two IPs at the end should be two DNS servers.

Your line "IP=192.168.1.10::192.168.1.1:255.255.255.0::enp2s0:eek:ff" is 192.168.1.10 as static IP with 192.168.1.1 as gateway, netmask 255.255.255.0, enp2s0 as interface and no dns, ntp servers, hostname, serverip or autoconf?

Edit:
Looks like static IP is working with the Line "IP=192.168.43.50::192.168.43.1:255.255.255.0::eno1:off"

 

[Dunuin]

The github repo mentions "Requiments: The package vlan for vlan support.". I tried "apt install vlan" but if I want to install it apt wants to remove all the proxmox-ve packages.
Is it really needed? Proxmox itself is working fine with tagged VLANs without that package.

 

[H4R0]

The github repo mentions "Requiments: The package vlan for vlan support.". I tried "apt install vlan" but if I want to install it apt wants to remove all the proxmox-ve packages.
Is it really needed? Proxmox itself is working fine with tagged VLANs without that package.

If you tag on your switch you don't need to tag in initram.

I just checked and proxmox comes with the 8021q kernel module so you don't need the package "vlan".

You still have to add a initramfs hook script and load the module if you want to set another tag.

So the two IPs at the end should be two DNS servers.

Ok makes sense, fyi your second dns is in another /24 subnet so it wouldn't route anyway.

For initram you don't need dns etc. you can set it but it doesn't make a difference.

Keep it simple with ip, gw and netmask.

 

[Dunuin]

If you tag on your switch you don't need to tag on proxmox.

The problem is that my switch doensn't allow me to set the same VLAN as tagged and untagged at the same time. Proxmox later needs that VLAN as tagged so I can use a trunk to send several VLAN through that one NIC. So the initramfs needs to do the tagging.

I just checked and proxmox comes with the 8021q kernel module so you don't need the package "vlan".

You still have to add a initramfs hook script and load the module if you want to set another tag for initram.



Ok makes sense, fyi your second dns is in another /24 subnet so it wouldn't route anyway.

For initram you don't need dns etc. you can set it but it doesn't make a difference.

Keep it simple with ip, gw and netmask.

A added the hook and scripts for vlan, set rights to 755 and rebuild the initramfs.
Do you know what the device should be? Do I need to use "eno1" or deas it need to something else like "eno1.43" if I want everything on that device tagged as VLAN 43?

I tried it with this but doesn't worked:

DEVICE=eno1
IP=192.168.43.50::192.168.43.1:255.255.255.0::eno1:off
VLAN="eno1:43"

Edit:
If I use this a can SSH into the initramfs but if I look into the IPMI console I see errors that "eno1.43" wasn't found and can't be configured:

VLAN="eno1:43"
DEVICE=eno1.43
IP=192.168.43.50::192.168.43.1:255.255.255.0::eno1.43:off

If I use this I get no errors but SSH isn't working anymore:

VLAN="eno1:43"
DEVICE=eno1
IP=192.168.43.50::192.168.43.1:255.255.255.0::eno1:off

Edit:
I think it is working now. I removed the "DEVICE=" line (should be overwritten if "IP=" line is present anyway) and now there are no error messages and SSH other the VLAN trunk is working.

Final config looked like this:

VLAN="eno1:43"
IP=192.168.43.50::192.168.43.1:255.255.255.0::eno1.43:off

 

[xed]

This should be a sticky. Dunuin's solution is what I came up with on my own ages ago, you would have saved me some time!

 

[Dunuin]

I also bookmarked it now. Always good to be able to find old threads again in case I need to do it again and can't remember a thing.
Thanks again to H4R0, that was a hard one for me to figure out. And works still fine until now without any problems.

 

[user973249]

Helped me alot as well.
One further question: My PVE8.1 hosts multiple interfaces with further "infrastructure" (different switches and access points) attached. Therefore I'd like dropbear-initramfs to listen on all of those VLAN-enabled interfaces (4 in total) - is that possible? That way I would be able to restart my PVE8.1 disregarding from which of the interfaces I am connected.

 

[Echogolf]

This still works for Debian 12.4 and Proxmox 8.1. However is there any particular need for the VLAN= and BOND= lines to use a colon ":" when the usual notation for a VLAN used with an interface or bridge or bond is a "." (full stop), in fact as per the reference to the vlan within the IP= definition. I realise I should read the docs more carefully but that's two hours of my life I'm not going to get back because I'd typed a "." when I should have typed a ":" :-S. Looking at the scripts, is it as simple as changing the ":" for a "." in the for loops?

As is, do as follows:
wget https://github.com/stcz/initramfs-tools-network-hook/archive/main.zip
unzip main.zip
# as root
# merge the expanded zip file to the relevant initramfs-tools folder with:
rsync -a ./etc/ /etc/
# make the scripts executable with
chmod -r +x /etc/initramfs-tools/*
apt update
apt upgrade
# if not already installed:
apt install vlan
# Modify /etc/initramfs-tools/initramfs.conf:
# comment out with # the DEVICE line. It isn't needed.
# DEVICE=
# Specify VLAN. Note use of colon not fullstop. For example:
VLAN="enp0s25:2"
# Modify IP= line for VLAN use. Note the use of fullstop not colon for interface. For example:
IP=192.168.2.241::192.168.2.1:255.255.255.0:yourdebianhostname:enp0s25.2
# run as root:
update-initramfs -u -v

Reboot to test.