| 17 Jan 2025 |
 gdamjan | there's an additional complexity (if I remember correctly) - you can have bird configure your interfaces too (static ips) but OTOH it might also depend on ip addresses being setup by your NM or networkd … so that would complicate strict ordering/dependencies
the good thing is, IIRC, bird actually does work properly on kernel netlink events and doesn't depend on preconfigured interfaces
| 00:02:13 |
| gdamjan | so in short: WantedBy=multi-user.target After=network-pre.target and probably Before=network.target but not necessary this last thing | 00:02:48 |
 @elvishjerricco:matrix.org | Ok interesting. Then I'm not sure what that person is complaining about because I think that's already how it is :P | 00:05:47 |
| gdamjan | it was a really not-that-coherent rant imho :/ | 00:06:13 |
| gdamjan | it's probably better if they take it here on the channel | 00:06:26 |
| @elvishjerricco:matrix.org | hm, actually it looks like we don't have the After ordering. Huh. | 00:08:17 |
| @elvishjerricco:matrix.org | I wonder if that's their real problem | 00:08:36 |
|  chintuchamar joined the room. | 04:40:17 |
 phaer | I am trying to get a public key into a systemd credential via kernel cmdline, but seem to hold it wrong.
In my kernel params i got systemd.set_credential=login.motd:hello and see it in /proc/cmdline in the target machine.
But systemd-creds --system doesn't show anything. Is there a hint what it might be or how to effectively debug this? | 15:17:04 |
 raitobezarius | turn on systemd debug logging and look for credential processing in the journal | 15:17:42 |
| phaer | Hm.. they work fine in initrd, but they don't get imported into stage2 for some reason.
Not importing credentials, $CREDENTIALS_DIRECTORY or $ENCRYPTED_CREDENTIALS_DIRECTORY already set.
No credentials passed from initrd.
That's a vm with tmpfs as /root etc.overlay and systemd in initrd both otherwise a pretty standard nixos-unstable.
| 15:48:07 |
 mlyx | Do you remount-root twice?
try copy /run/credentials/@system/KEY to /sysroot/run/credentials/ | 15:52:10 |
| phaer | I don't think so, and a grep in the log says I am only remounting root once.
copying the credentials manually should probably work but is more of a workaround imo. I am trying to find out why CREDENTIALS_DIRECTORY is already set here atm | 15:54:47 |
| @elvishjerricco:matrix.org | which thing is giving that message? Is it just PID1 or a service? | 16:09:03 |
| phaer | PID 1 as far as i can tell, i.e. no prefix in the log i get on the console https://gist.github.com/phaer/a992607df31fb18364264a77fa177e5f#file-log-txt-L5809 (sorry for the botched formatting) | 16:15:35 |
| @elvishjerricco:matrix.org | phaer: that's... interesting. Not usually what my journal looks like at all | 16:17:48 |
| @elvishjerricco:matrix.org | or did you copy the dmesg output or something? | 16:18:00 |
| phaer | I have the following kernel params set for debugging, if that's what you mean?
"console=hvc0"
"systemd.log_level=debug"
"systemd.log_target=console"
| 16:19:28 |
| phaer | and then the rest is just what i get from the serial console in my shell on the host, minus some terminal escape codes for colors | 16:20:23 |
| @elvishjerricco:matrix.org | Well you could have just run journalctl -b 0 to get a properly formatted log for the current boot I think | 16:20:23 |
| @elvishjerricco:matrix.org | the actual console output is formatted a little weird to make it visually appealing | 16:21:11 |
| @elvishjerricco:matrix.org | but it loses some of the stuff that gets logged in the journal | 16:21:21 |
| phaer | Thanks, that seems to confirm that the line about not importing the credentials because one of the env vars is already set is coming from pid 1 https://gist.github.com/phaer/b233e40012239e4411d56032867062ee#file-gistfile1-txt-L122 | 16:33:43 |
| @elvishjerricco:matrix.org | well that's very confusing. That log looks like something I don't understand is happening :P | 16:39:22 |
| @elvishjerricco:matrix.org | I'm fairly sure it's not even getting to switch-root, right? | 16:39:34 |
| @elvishjerricco:matrix.org | do you have any custom services in your stage 1 or 2? My paranoia makes me think that when I see logs I don't understand, it's probably an ordering cycle that caused systemd to blow up proper ordering almost entirely | 16:42:06 |
| @elvishjerricco:matrix.org | oh wait maybe I'm wrong. I didn't realize you had added a grep | 16:43:00 |
| phaer | That log is grepped for -i 'cred', if you'd like i can hapilly post the full one it's just a bit annoying to copy out of the serial, because i haven't set up sshd yet (injecting the pub keys without needing to rebuild images in the end is my goal here ;-P) | 16:43:07 |
| @elvishjerricco:matrix.org | so I wasn't seeing what I expected | 16:43:10 |
| @elvishjerricco:matrix.org | if it's got network access you can just pipe into nc termbin.com 9999 or something like that | 16:43:41 |
