Systemd based network setup on Debian Edu jessie workstations

This article describes how to use systemd-networkd on Debian Edu 8.x (aka jessie) notebooks.

What we have to deal with?

At the schools we support we have several notebooks running Debian Edu 8.x (aka jessie) in the field.

For school notebooks (classroom sets) we install the Debian Edu Workstation Profile. Those machines are mostly used over wireless network.

We know that Debian Edu also offers a Roaming Workstation Profile at installation time, but with that profile chosen, user logins create local user accounts and local home directories on the notebooks (package: libpam-mklocaluser). For our customers, we do not want that. People using the school notebooks shall always work on their NFS home directories. School notebooks shall not be usable outside of the school network.

Our woes...

The default setup on Debian Edu jessie workstations regarding networking is this:

systemd runs as PID 1
ifupdown manages static network interfaces (eth0, etc.)
NetworkManager manages wireless network interfaces
for our customers we configured NetworkManager with a system-wide WiFi (WPA2-PSK) profile

We have observed various problems with that setup:

By default, network interface eth0 is managed by ifupdown (via /etc/network/interfaces):
```
auto eth0
iface eth0 inet dhcp
```
Woe no. 1: In combination with systemd, this results in a 120sec delay at system startup.
Woe no. 2: The wireless network card, managed by NetworkManager, comes up whenever "it wants to".

This definitely becomes problematic, when relying on autofs-ldap at login time. We often encountered the situation, where the autofs service had already been started, but wireless network was not yet up and running.

This results in notebook systems not finding Debian Edu's LDAP server and thus ending up with a dumb autofs service, not knowing about any NFS network shares provisioned via LDAP.
On occasions where the race condition (speed of a notebook's boot process vs. speed of DHCP request being answered over WiFi) was on our side, people could log in (with homes mounted over NFS, LDAP/Kerberos login, etc.).

Woe no. 3: However, on system shutdown, the machine would hang again for 120sec, because of the NFS mounts (home directories) not being properly unmounted.

This all has been somehow painful. Today I sat with one of our customers and came up with the setup described below, which works like charm...

Why switch over to systemd-networkd?

With the switch over to systemd-networkd (from systemd 215 as found in Debian jessie), all headaches instantly stopped:

notebooks boot without delay (with LAN cable plugged in or over WiFi, does not matter)
users are always able to log into the system (LDAP is available, Kerberos is available, the autofs-ldap service has found its LDAP server)
the notebook shuts down without any delay

\o/ Thus, all woes soothed!!! \o/

How to switch over to systemd-networkd?

Study first and then run the script below as root on Debian Edu jessie notebooks installed via Debian Edu's Workstation Profile.

Assumptions taken

Cable network cards are called eth0, eth1, etc.
The wireless network card is known under the name wlan0
These files, which normally don't exist, will be overwritten:
- /etc/systemd/network/20-dhcp.network
- /etc/systemd/network/21-dhcp-wireless.network
- /etc/systemd/system/wpa_supplicant@.service
- /etc/wpa_supplicant/wpa_supplicant-wlan0.conf

The Script

#!/bin/bash

WIFIDEV=wlan0

export DEBIAN_FRONTEND=noninteractive
apt-get remove -q -y --purge resolvconf

systemctl disable NetworkManager
systemctl enable systemd-networkd.service
systemctl enable systemd-resolved.service 
systemctl start systemd-resolved.service 
rm /etc/resolv.conf 
ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf

cat > /etc/systemd/network/20-dhcp.network << EOF
[Match]
Name=eth*

[Network]
DHCP=yes
EOF

cat > /etc/systemd/network/21-dhcp-wireless.network << EOF
[Match]
Name=$WIFIDEV

[Network]
DHCP=yes
EOF

cat > /etc/systemd/system/wpa_supplicant@.service << EOF
[Unit]
Description=WPA supplicant daemon (interface-specific version)
Requires=sys-subsystem-net-devices-%i.device
After=sys-subsystem-net-devices-%i.device
Before=network.target
Wants=network.target

# NetworkManager users will probably want the dbus version instead.

[Service]
Type=simple
ExecStart=/sbin/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I

[Install]
Alias=multi-user.target.wants/wpa_supplicant@%i.service
EOF

touch /etc/wpa_supplicant/wpa_supplicant-$WIFIDEV.conf
chmod go-rwx /etc/wpa_supplicant/wpa_supplicant-$WIFIDEV.conf

systemctl enable wpa_supplicant@$WIFIDEV.service
systemctl disable networking
systemctl disable wpa_supplicant.service

Adding WiFi networks

Now, as site administrator, you can add passphrases for your school site's ESSIDs / WiFi networks to the wpa_supplicant configuration file:

export WIFIDEV=wlan0
wpa_passphrase <ESSID> '<wpapassphrase>' >> /etc/wpa_supplicant/wpa_supplicant-$WIFIDEV.conf

Add as many ESSIDs and passphrases as needed.

Reboot

Once the script is done and credentials of your wireless networks have been configured, please reboot the notebook system and enjoy.

Credits

The above has been inspired and brought on its way today by two articles. Many thanks to Dan Nanni [1] and Joachim Breitner [2] for inspiration.

light+love
Mike

[1] http://xmodulo.com/switch-from-networkmanager-to-systemd-networkd.html
[2] https://www.joachim-breitner.de/blog/664-Switching_to_systemd-networkd

By sunweaver at 02/09/2016 - 18:35
sunweaver's blog
Login to post comments

sunweaver's NET