-
Notifications
You must be signed in to change notification settings - Fork 13
Networking
sd-network enables network connectivity during the initramfs
phase of the
Linux boot process. This is achieved by starting the systemd network manager
systemd-networkd. The install hook sd-network takes care of providing the
initramfs image with all binaries, network drivers, configuration files
required by systemd-networkd and enabling the systemd service
systemd-networkd.service.
By default the network configuration files in and below /etc/systemd/network
are copied unaltered into the initramfs image. Usually this setup is desired.
But see below section Predictable Network Interface Names.
An important detail to keep in mind is the topic of predictable network
interface names. In short,
systemd (with the help of udev) takes care of naming all network interfaces in
a consistent (predictable) way, overriding names assigned by the kernel (e.g.
eth0, eth1, etc.). The latter names are assigned in a non-predictable way,
i.e. a certain network interface may be assigned eth0 at one instance, while
after the next reboot the very same network interface may be named eth2.
Unfortunately, by default these predictable network interface names are not
available during initramfs phase. In other words, during early boot network
interface names follow the non-predictable naming scheme with eth0, eth1,
wlan0, wlan1, etc., while in the regular operating environment you will
encounter network interface names like enp2s0, wlp0s20f3, etc.
This has the unpleasant consequence, that in many cases network configuration
files in and below /etc/systemd/network that are used by systemd-networkd
for the regular operating environment will not work during initramfs phase.
There are several approaches how to deal with this complication.
With the following two approaches you can use the configuration files for
systemd-networkd from your regular operating environment unaltered also for
the initramfs phase.
Instead of identifying your network interfaces by their name (being unreliable during initramfs phase) you can use their MAC address or their persistent path. For example:
[Match]
MACAddress=00:1C:06:30:9F:15
or
[Match]
Path=platform-xhci-hcd.5.auto-usb-0:1:1.0
The latter can be determined with
udevadm info --query=property --property=ID_PATH /sys/class/net/<nic-name>
where <nic-name> is the network interface name as reported by ip link.
It is fairly easy to make predictable network interface names available during initramfs phase. Just add
/usr/lib/udev/rules.d/75-net-description.rules
/usr/lib/udev/rules.d/80-net-setup-link.rules
/usr/lib/systemd/network/99-default.link
to the array FILES in /etc/mkinitcpio.conf. This way you get the very same
network interface names during initramfs phase as in your final operating
environment.
Add sd-network to the array HOOKS in /etc/mkinitcpio.conf. The entry must
be positioned somewhere after (right of) autodetect and after systemd.
Apart from that the concrete position is irrelevant.
-
SD_NETWORK_EXCLUDES: This is a bash array to specify filenames and globs (e.g."wg*") that will be excludes when copying configuration files in and below/etc/systemd/networkto the initramfs image.E.g. you may want to avoid that a wireguard tunnel is established during the initramfs phase. (The tunnel is of no use in this early phase of your system and the configuration files contain sensitive information that could be easily extracted from the initramfs image.) So specify
SD_NETWORK_EXCLUDESsomewhere in/etc/mkinitcpio.conf:SD_NETWORK_EXCLUDES=("wg*")This example assumes that the configuration of the wireguard tunnel has been stored in files with names beginning with
wg.SD_NETWORK_EXCLUDESis a bash array so the parentheses are required. Entries have to be separated by blanks. Put all globs in quotes to prevent them from being expanded too early. Otherwise you may experience undesired behavior. -
SD_NETWORK_CONFIG: With this configuration in your/etc/mkinitcpio.confyou can specify an alternative source directory where the network configuration is copied from, e.g.:SD_NETWORK_CONFIG=/etc/systemd/network-initramfs
Drop-in files
${SD_NETWORK_CONFIG}/*.d/*.confare taken care of the same way as drop-in files for the default case (i.e./etc/systemd/network/*.d/*conf).SD_NETWORK_CONFIGandSD_NETWORK_EXCLUDEScan be used together (although this rarely makes sense).
Caution
Mind that using SD_NETWORK_CONFIG poses a risk that you must be aware of:
Usually the configuration in $SD_NETWORK_CONFIG is in some way derived from
the configuration in /etc/systemd/network. When later something has to be
changed in /etc/systemd/network you may forget about applying this change
also to the configuration in $SD_NETWORK_CONFIG. This may (or may not)
render your system inaccessible after the next reboot!
-
SD_NETWORKD_CONFIG: (Mind the extraD.) The configuration ofsystemd-networkditself is located in/etc/systemd/networkd.conf(and optionally in drop-in files) and copied into the initramfs image. WithSD_NETWORKD_CONFIGyou can specify an alternative location where this configuration files are copied from.Drop-in files
${SD_NETWORKD_CONFIG}.d/*.confare taken care of the same way as drop-in files for the default case (i.e./etc/systemd/network.d/*conf).