Hi folks,
I’m finding some troubles setting up a test environment (bare metal).
I’ve just install 2 nodes (each device have 4 NIC) with fedora 35 having luks encryption on the root partition.
I would like to set-up TANG plus clevis to permit reciprocy unlock
The kernel boot settings are already done (automated config during installation)
Ive installed the tang server
# yum -y install tang
# systemctl enable tangd.socket --now
Opened the firewall port
# firewall-cmd --permanent --add-service http
# firewall-cmd --reload
And the clevis system
# yum -y install clevis clevis-luks clevis-dracut
Then
# clevis luks bind -d /dev/sda3 tang '{"url":"http://<other server ip>"}'
The goal is to use the first nic for the clevis unlock and the secon one for othe comunications
I’m getting lost enabling network early on boot
# dracut -fv --regenerate-all --kernel-cmdline "ip=IPADDRESS:::SUBNETMASK::INTERFACE:none"
or
# dracut -fv --regenerate-all --kernel-cmdline "ifname=bootnet:MACADDRESS ip=IPADDRESS:::SUBNETMASK::bootnet:none"
The systems can not auto unlock.
Please, some one can help?
Thanks