Accepting request 900741 from devel:kubic:ignition
OBS-URL: https://build.opensuse.org/request/show/900741 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/combustion?expand=0&rev=9
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
26157798fd
46
README
46
README
@ -19,11 +19,25 @@ The configuration files are copied from a filesystem with the LABEL
|
||||
It expects a directory "combustion" at the root level of the filesystem and
|
||||
a file "script" inside, which is executed inside a transactional-update shell.
|
||||
|
||||
<root directory>
|
||||
├── combustion
|
||||
│ ├── script
|
||||
│ └── ... other files
|
||||
└── ignition (optional)
|
||||
└── config.ign
|
||||
|
||||
If a QEMU fw_cfg blob with the name "opt/org.opensuse.combustion/script" is
|
||||
found, it is preferred and the content of that is used as script.
|
||||
Example parameter for QEMU:
|
||||
-fw_cfg name=opt/org.opensuse.combustion/script,file=/var/combustion-script
|
||||
|
||||
You can do everything necessary for initial system configuration from this
|
||||
script, including addition of ssh keys, adding users, changing passwords
|
||||
or even doing partitioning changes.
|
||||
|
||||
Simple example
|
||||
--------------
|
||||
|
||||
Example for formatting a USB drive and adding a config, which installs the
|
||||
"vim-small" package and creates a /root/welcome file:
|
||||
|
||||
@ -43,12 +57,34 @@ echo "Hello User!" >/mnt/combustion/welcome
|
||||
umount /mnt
|
||||
```
|
||||
|
||||
The "# combustion: network" comment indicates that network needs to be
|
||||
configured before running the script.
|
||||
The "# combustion: network" comment triggers networking initialization before
|
||||
running the script. This is equivalent to passing "rd.neednet=1" on the kernel
|
||||
cmdline and so the network configuration parameters (man dracut.cmdline) apply
|
||||
here as well. If those aren't specified, it defaults to "ip=dhcp" for each
|
||||
available interface.
|
||||
|
||||
You can do everything necessary for initial system configuration from this
|
||||
script, including addition of ssh keys, adding users, changing passwords
|
||||
or even doing partitioning changes.
|
||||
More complex configuration example
|
||||
----------------------------------
|
||||
|
||||
This script additionally provides visible feedback during boot, sets a password
|
||||
and copies a public ssh key (which has to be in the "combustion" folder).
|
||||
|
||||
```
|
||||
#!/bin/bash
|
||||
# combustion: network
|
||||
# Redirect output to the console
|
||||
exec > >(exec tee -a /dev/tty0) 2>&1
|
||||
# Set a password for root, generate the hash with "openssl passwd -6"
|
||||
echo 'root:$5$.wn2BZHlEJ5R3B1C$TAHEchlU.h2tvfOpOki54NaHpGYKwdNhjaBuSpDotD7' | chpasswd -e
|
||||
# Add a public ssh key and enable sshd
|
||||
mkdir -pm700 /root/.ssh/
|
||||
cat id_rsa_new.pub >> /root/.ssh/authorized_keys
|
||||
systemctl enable sshd.service
|
||||
# Install vim-small
|
||||
zypper --non-interactive install vim-small
|
||||
# Leave a marker
|
||||
echo "Configured with combustion" > /etc/issue.d/combustion
|
||||
```
|
||||
|
||||
How it works
|
||||
------------
|
||||
|
||||
13
combustion
13
combustion
@ -106,6 +106,14 @@ if ! [ -e "${config_dir}/script" ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Have to take care of x-initrd.mount first and from the outside
|
||||
awk '$4 ~ /x-initrd.mount/ { system("findmnt /sysroot" $2 " >/dev/null || mount -t " $3 " -o " $4 " " $1 " /sysroot" $2) }' /sysroot/etc/fstab
|
||||
|
||||
# Make sure the old snapshot is relabeled too, otherwise syncing its /etc fails.
|
||||
if [ -e /sysroot/etc/selinux/.autorelabel ]; then
|
||||
NEWROOT=/sysroot bash -c '. /lib/dracut-lib.sh; . /lib/dracut/hooks/pre-pivot/50-selinux-microos-relabel.sh'
|
||||
fi
|
||||
|
||||
# Prepare chroot
|
||||
for i in proc sys dev; do
|
||||
mount --rbind /$i /sysroot/$i
|
||||
@ -113,8 +121,6 @@ done
|
||||
mount --make-rslave /sysroot
|
||||
|
||||
# Mount everything we can, errors deliberately ignored
|
||||
# Have to take care of x-initrd.mount first and from the outside
|
||||
awk '$4 ~ /x-initrd.mount/ { system("findmnt /sysroot" $2 " >/dev/null || mount -t " $3 " -o " $4 " " $1 " /sysroot" $2) }' /sysroot/etc/fstab
|
||||
chroot /sysroot mount -a || true
|
||||
# t-u needs writable /var/run and /tmp
|
||||
findmnt /sysroot/run >/dev/null || mount -t tmpfs tmpfs /sysroot/run
|
||||
@ -150,6 +156,9 @@ EOF
|
||||
chroot /sysroot transactional-update --no-selfupdate rollback
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Snapshot got touched while the policy isn't active, needs relabeling again.
|
||||
[ -e /sysroot/etc/selinux/.relabelled ] && >> /sysroot/etc/selinux/.autorelabel
|
||||
else
|
||||
mount -o remount,rw /sysroot
|
||||
if ! chroot /sysroot sh -e -c "cd '${config_dir}'; chmod a+x script; ./script"; then
|
||||
|
||||
@ -1,3 +1,14 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 7 14:13:14 UTC 2021 - Fabian Vogt <fvogt@suse.com>
|
||||
|
||||
- combustion: Relabel the old snapshot (if necessary) and explicitly
|
||||
trigger autorelabel for the new snapshot
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 5 13:35:22 UTC 2021 - Fabian Vogt <fvogt@suse.com>
|
||||
|
||||
- Expand and clarify README
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 20 09:50:53 UTC 2021 - Fabian Vogt <fvogt@suse.com>
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user