I am trying to have NBDE on Ubunutu LTS 22.04.1 . basically i want my compute-1 node to auto decrypt on boot when it's able to ping controller (tang server) node. the problem is i encrypted every thing (lvm-luks2) except /boot partition
//Compute-1 node
lsblk
sda 8:0 0 100G 0 disk
├─sda1 8:1 0 1M 0 part
├─sda2 8:2 0 2G 0 part /boot
└─sda3 8:3 0 98G 0 part
└─dm_crypt-0 253:0 0 98G 0 crypt
├─ubuntu--vg-ubuntu--lv 253:1 0 90G 0 lvm /
└─ubuntu--vg-lv--0 253:2 0 8G 0 lvm [SWAP]
apt install clevis clevis-luks clevis-initramfs
clevis luks bind -d /dev/sda3 tang '{"url":"<compute-node>:7500"}' (successful)
clevis luks list -d /dev/sda3 (returns tang server url)
cryptsetup luksDump /dev/sda3 (token successfully added under clevis keyslot section)
now when i reboot it fails. it print some errors about my network interfaces i am pretty sure it's because i don't have networking at that level before decryption. redhat said i should use rd.neednet=1
to solve this issue. where should i put this? is it even possible to use in ubuntu ?
when i run update-initramfs -u -k 'all'
i get error below
I: The initramfs will attempt to resume from /dev/dm-2
I: (/dev/mapper/ubuntu--vg-lv--0)
I: Set the RESUME variable to override this.