This article describes how to use systemd-networkd on Debian Edu 8.x (aka jessie) notebooks.
What we have to deal with?
At the schools we support we have several notebooks running Debian Edu 8.x (aka jessie) in the field.
For school notebooks (classroom sets) we install the Debian Edu Workstation Profile. Those machines are mostly used over wireless network.
We know that Debian Edu also offers a Roaming Workstation Profile at installation time, but with that profile chosen, user logins create local user accounts and local home directories on the notebooks (package: libpam-mklocaluser). For our customers, we do not want that. People using the school notebooks shall always work on their NFS home directories. School notebooks shall not be usable outside of the school network.
The default setup on Debian Edu jessie workstations regarding networking is this:
- systemd runs as PID 1
- ifupdown manages static network interfaces (eth0, etc.)
- NetworkManager manages wireless network interfaces
- for our customers we configured NetworkManager with a system-wide WiFi (WPA2-PSK) profile
We have observed various problems with that setup:
- By default, network interface eth0 is managed by ifupdown (via /etc/network/interfaces):
auto eth0 iface eth0 inet dhcp
Woe no. 1: In combination with systemd, this results in a 120sec delay at system startup.
Woe no. 2: The wireless network card, managed by NetworkManager, comes up whenever "it wants to".
This definitely becomes problematic, when relying on autofs-ldap at login time. We often encountered the situation, where the autofs service had already been started, but wireless network was not yet up and running.
This results in notebook systems not finding Debian Edu's LDAP server and thus ending up with a dumb autofs service, not knowing about any NFS network shares provisioned via LDAP.
On occasions where the race condition (speed of a notebook's boot process vs. speed of DHCP request being answered over WiFi) was on our side, people could log in (with homes mounted over NFS, LDAP/Kerberos login, etc.).
Woe no. 3: However, on system shutdown, the machine would hang again for 120sec, because of the NFS mounts (home directories) not being properly unmounted.
This all has been somehow painful. Today I sat with one of our customers and came up with the setup described below, which works like charm...
Why switch over to systemd-networkd?
With the switch over to systemd-networkd (from systemd 215 as found in Debian jessie), all headaches instantly stopped:
- notebooks boot without delay (with LAN cable plugged in or over WiFi, does not matter)
- users are always able to log into the system (LDAP is available, Kerberos is available, the autofs-ldap service has found its LDAP server)
- the notebook shuts down without any delay
\o/ Thus, all woes soothed!!! \o/
How to switch over to systemd-networkd?
Study first and then run the script below as root on Debian Edu jessie notebooks installed via Debian Edu's Workstation Profile.
- Cable network cards are called eth0, eth1, etc.
- The wireless network card is known under the name wlan0
- These files, which normally don't exist, will be overwritten:
#!/bin/bash WIFIDEV=wlan0 export DEBIAN_FRONTEND=noninteractive apt-get remove -q -y --purge resolvconf systemctl disable NetworkManager systemctl enable systemd-networkd.service systemctl enable systemd-resolved.service systemctl start systemd-resolved.service rm /etc/resolv.conf ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf cat > /etc/systemd/network/20-dhcp.network << EOF [Match] Name=eth* [Network] DHCP=yes EOF cat > /etc/systemd/network/21-dhcp-wireless.network << EOF [Match] Name=$WIFIDEV [Network] DHCP=yes EOF cat > /etc/systemd/system/wpa_supplicant@.service << EOF [Unit] Description=WPA supplicant daemon (interface-specific version) Requires=sys-subsystem-net-devices-%i.device After=sys-subsystem-net-devices-%i.device Before=network.target Wants=network.target # NetworkManager users will probably want the dbus version instead. [Service] Type=simple ExecStart=/sbin/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I [Install] Alias=multi-user.target.wants/wpa_supplicant@%i.service EOF touch /etc/wpa_supplicant/wpa_supplicant-$WIFIDEV.conf chmod go-rwx /etc/wpa_supplicant/wpa_supplicant-$WIFIDEV.conf systemctl enable wpa_supplicant@$WIFIDEV.service systemctl disable networking systemctl disable wpa_supplicant.service
Adding WiFi networks
Now, as site administrator, you can add passphrases for your school site's ESSIDs / WiFi networks to the wpa_supplicant configuration file:
export WIFIDEV=wlan0 wpa_passphrase <ESSID> '<wpapassphrase>' >> /etc/wpa_supplicant/wpa_supplicant-$WIFIDEV.conf
Add as many ESSIDs and passphrases as needed.
Once the script is done and credentials of your wireless networks have been configured, please reboot the notebook system and enjoy.
The above has been inspired and brought on its way today by two articles. Many thanks to Dan Nanni  and Joachim Breitner  for inspiration.