ignition/README.SUSE

Changes for openSUSE / SLE:

* ignition-mount-initrd-fstab.service / ignition-umount-initrd-fstab.service:
  Upstream Ignition will only mount partitions or subvolumes explicitly
  mentioned in the Ignition configuration. A default SUSE system, however,
  is split over several subvolumes, and most users won't want to define
  all the partitions again. On the other hand a lot of core functionality (e.g.
  configuring a SSH certificate for the root user or adding a configuration
  file) requires access to those subvolumes.
  For better usability in addition to Ignition's own mount / umount stage all
  files systems tagged for being mounted in the initrd ("x-initrd.mount" mount
  flag) will automatically be mounted / umounted.
* ignition-setup-user.service / ignition-setup-user.sh:
  The user configuration can be stored on a device with the label "ignition"
  (e.g. by attaching a USB flash drive with that name) instead of using the
  platform specific configuration storage mechanism.
* ignition-userconfig-timeout*.conf:
  Set timeout for Ignition device so boot will just continue if no physical
  Ignition configuration device is attached (e.g. when using platform
  specific configuration).
* ignition-rmcfg-suse.conf:
  Adapt systemd service to match our own packaging: We do not support
  ConditionFirstBoot, and additionally support auto-detection of the platform
  (see ignition-suse-generator), so the detection whether the stage should be
  called has to be done via shell script.
* ignition-touch-selinux-autorelabel.conf:
  Trigger SELinux autorelabel after Ignition runs; Ignition would support
  SELinux itself, however this is a compile time option, so it can't be
  used here.
* ignition-suse-generator:
  Replaces the upstream generator by making use of firstboot.target provided
  by combustion and hooking up the services provided by this module.
  Additionally it will try to autodect the platform if it is not set on the
  kernel command line.
* ignition-enable-network.service / ignition-enable-network.sh:
  Ignition supports detection whether the configuration requires networking
  to avoid having to boot with networking enabled even when it isn't
  necessary; the actual implementation to start the network is left to the
  distribution.
* ignition-kargs-helper:
  Distribution specific helper script to implement kernel argument support.
- Update to version 2.6.0 - Update to version 2.5.0 * Dropped 0003-Disable-resetting-UUID.patch (upstream moved the functionality into the CoreOS configuration. * Added ignition-enable-network.sh / ignition-enable-network.service: Implemented ignition-fetch-offline feature to only start networking if required - Update to version 2.4.1 - Update to version 2.4.0 OBS-URL: https://build.opensuse.org/package/show/devel:kubic:ignition/ignition?expand=0&rev=49 2020-08-10 11:28:19 +02:00			`Changes for openSUSE / SLE:`

- ignition-mount-initrd-fstab.service: - Don't ignore errors in loops - Unmount mount points recursively - a new submount may have appeared - Split umount part into own service file: - ignition-umount-initrd-fstab.service: - Unmounts the additional mounts as soon as they are not required for Ignition any more; the ExecStop operation is running quite late in initrd and may unmount essential mount points flagged with "x-initrd.mount" (e.g. when storing /usr on a separate mount point). In theory this will also affect Ignition itself, but it hasn't been reported as a problem so far. OBS-URL: https://build.opensuse.org/package/show/devel:kubic:ignition/ignition?expand=0&rev=91 2022-04-06 19:10:21 +02:00			`* ignition-mount-initrd-fstab.service / ignition-umount-initrd-fstab.service:`
- Update to version 2.6.0 - Update to version 2.5.0 * Dropped 0003-Disable-resetting-UUID.patch (upstream moved the functionality into the CoreOS configuration. * Added ignition-enable-network.sh / ignition-enable-network.service: Implemented ignition-fetch-offline feature to only start networking if required - Update to version 2.4.1 - Update to version 2.4.0 OBS-URL: https://build.opensuse.org/package/show/devel:kubic:ignition/ignition?expand=0&rev=49 2020-08-10 11:28:19 +02:00			`Upstream Ignition will only mount partitions or subvolumes explicitly`
			`mentioned in the Ignition configuration. A default SUSE system, however,`
			`is split over several subvolumes, and most users won't want to define`
			`all the partitions again. On the other hand a lot of core functionality (e.g.`
			`configuring a SSH certificate for the root user or adding a configuration`
			`file) requires access to those subvolumes.`
			`For better usability in addition to Ignition's own mount / umount stage all`
			`files systems tagged for being mounted in the initrd ("x-initrd.mount" mount`
			`flag) will automatically be mounted / umounted.`
Accepting request 1105491 from home:favogt:combustion - Omit ignition module in initrds for already configured systems: * Add 0001-dracut-Don-t-include-the-ignition-module-by-default.patch * Edit module-setup.sh - Add explicit dep on combustion in module-setup.sh - Replace ignition-dracut-grub2 with combustion's firstboot.target: * Add 0001-Order-ignition-disks.service-before-systemd-fsck-roo.patch * Edit ignition-suse-generator * Edit ignition-umount-initrd-fstab.service * Edit module-setup.sh * Drop 02_ignition_firstboot * Drop ignition-firstboot-complete.service * Adjust README.SUSE - Edit ignition-umount-initrd-fstab.service to not rely on combustion units forcing proper order - Add 0003-Move-the-GPT-header-on-resized-disks.patch to make it - Fix patch file metadata in 0001-ignore-missing-qemu-blockdev.patch and 0002-allow-multiple-mounts-of-same-device.patch OBS-URL: https://build.opensuse.org/request/show/1105491 OBS-URL: https://build.opensuse.org/package/show/devel:kubic:ignition/ignition?expand=0&rev=111 2023-08-23 16:09:02 +02:00			`* ignition-setup-user.service / ignition-setup-user.sh:`
- Update to version 2.6.0 - Update to version 2.5.0 * Dropped 0003-Disable-resetting-UUID.patch (upstream moved the functionality into the CoreOS configuration. * Added ignition-enable-network.sh / ignition-enable-network.service: Implemented ignition-fetch-offline feature to only start networking if required - Update to version 2.4.1 - Update to version 2.4.0 OBS-URL: https://build.opensuse.org/package/show/devel:kubic:ignition/ignition?expand=0&rev=49 2020-08-10 11:28:19 +02:00			`The user configuration can be stored on a device with the label "ignition"`
- Update to version 2.12.0: * news: add notes for 2.12.0 * stages/files: add previousReport to result report * tests: fix linter warning * workflows: limit permissions to reading repo contents * workflows: bump linter version * go.mod: revendor * Drop EOL Go versions * internal/distro: drop DiskByIDDir * providers/azure: add support for azure gen2 VMs * stages/mount: correctly relabel the root of a fresh ext4 filesystem * exec: fix permissions for mountpoints in home dirs * tests: drop os.ModeDir requirement in mode of output directories * examples: reboot with --force * exec/util: add blkid API to query block devices based on FSTYPE * stages/files: use IntToPtr() in createCrypttabEntries() * stages/files: write result report to /var/lib/ignition * engine: persist fetched config summaries in State * stages/disks: use State to persist keyfiles for files stage * : add general mechanism for persisting state between stages main: drop -clear-cache flag * engine: don't hardcode neednet path * fetch-offline: return ErrNeedNet if we need net * engine: switch Engine.logReport() to pointer receiver * engine: fix incorrect error in log message * dracut: drop ignition-setup-user.service * dracut: drop reference to ignition-setup-base.service * providers/gcp: access GCP metadata service by IP address * Remove ignition-firstboot-complete.service * OWNERS: remove * internal/exec/util: drop device argument from cResultToErr() * docs/config: document storage.luks.clevis.threshold default ci: disable spec bump external test workaround * docs: Add Ignition release / Spec version table * templates: update example releng signing ticket * templates: don't update %gotest lines * Provide ignition-firstboot-complete.service (removed by upstream due to correctly being considered distro spcific), based on the old upstream version; removed all non-SUSE specific stuff and integrated our own changes * Removed change-ignition-firstboot-path.conf (changes are integrated into ignition-firstboot-complete.service now). * Provide ignition-setup-user.service (removed by upstream due to correctly being considered distro spcific), based on the old upstream version. * Renamed ignition-setup-user-suse.sh to ignition-setup-user.sh * Adapted ignition-generator-suse and module-setup.sh to use the custom ignition-setup-user.service (no overriding of parts of the service file necessary any more). * Synced ignition-kargs-helper script with upstream example * Raising minimum Go version to 1.15 as required by upstream OBS-URL: https://build.opensuse.org/package/show/devel:kubic:ignition/ignition?expand=0&rev=79 2021-08-09 17:33:18 +02:00			`(e.g. by attaching a USB flash drive with that name) instead of using the`
			`platform specific configuration storage mechanism.`
			`* ignition-userconfig-timeout*.conf:`
			`Set timeout for Ignition device so boot will just continue if no physical`
			`Ignition configuration device is attached (e.g. when using platform`
			`specific configuration).`
- Update to version 2.14.0: * NEWS: update v2.14.0 * docs/operator-notes: add section on provisioning secrets * Dockerfile.validate: build with Fedora 36 * internal/resource: fix gs:// fetches in GCE without a service account * docs/operator-notes: document supported S3 URL formats * internal/resource: fix S3 access point object ARNs * exec/util: fix infinite loop in Depth() if -root is relative * Add ignition-delete-config.service and ignition-rmcfg symlink * providers/virtualbox: support deleting Ignition configs * providers/virtualbox: add comment referencing VirtualBox source * providers/virtualbox: add define for GUEST_PROP_FN_GET_PROP * providers/virtualbox: add helper to set up hypervisor connection * providers/vmware: support deleting Ignition configs * main: add ignition-rmcfg multicall binary * go.mod: add github.com/beevik/etree * providers/vmware: switch to internal copy of OVF parser * internal/resource: fix bucket field in error message * internal/resource: derive AWS region hint from ARN partition field * internal/resource: simplify test * internal/resource: fix minor nits * provider/azure: try to fetch userdata from IMDS * providers/vmware: convert OVF tests to testify * providers/vmware: drop vmw-ovflib docs * providers/vmware: add verbatim copy of vmw-ovflib * providers/vmware: add constants for guestinfo and OVF property names * providers/virtualbox: fix reading properties with flags * internal/resource: support S3 access point URLs - Update fixes CVE from [bsc#1199524]; this introduces a new service "ignition-delete-config.service" - Add ignition-rmcfg-suse.conf dropin to adapt to SUSE environment - Use fixed paths in spec file for hardcoded installation paths OBS-URL: https://build.opensuse.org/package/show/devel:kubic:ignition/ignition?expand=0&rev=95 2022-06-09 18:46:15 +02:00			`* ignition-rmcfg-suse.conf:`
			`Adapt systemd service to match our own packaging: We do not support`
			`ConditionFirstBoot, and additionally support auto-detection of the platform`
			`(see ignition-suse-generator), so the detection whether the stage should be`
			`called has to be done via shell script.`
Accepting request 964892 from home:fos:branches:devel:kubic:ignition - Add ignition-touch-selinux-autorelabel.conf: Trigger SELinux autorelabel after Ignition runs; Ignition would support SELinux itself, however this is a compile time option, so it can't be used here. - Filter commented lines in ignition-mount-initrd-fstab.service OBS-URL: https://build.opensuse.org/request/show/964892 OBS-URL: https://build.opensuse.org/package/show/devel:kubic:ignition/ignition?expand=0&rev=88 2022-03-25 16:23:52 +01:00			`* ignition-touch-selinux-autorelabel.conf:`
			`Trigger SELinux autorelabel after Ignition runs; Ignition would support`
			`SELinux itself, however this is a compile time option, so it can't be`
			`used here.`
- Update to version 2.6.0 - Update to version 2.5.0 * Dropped 0003-Disable-resetting-UUID.patch (upstream moved the functionality into the CoreOS configuration. * Added ignition-enable-network.sh / ignition-enable-network.service: Implemented ignition-fetch-offline feature to only start networking if required - Update to version 2.4.1 - Update to version 2.4.0 OBS-URL: https://build.opensuse.org/package/show/devel:kubic:ignition/ignition?expand=0&rev=49 2020-08-10 11:28:19 +02:00			`* ignition-suse-generator:`
Accepting request 1105491 from home:favogt:combustion - Omit ignition module in initrds for already configured systems: * Add 0001-dracut-Don-t-include-the-ignition-module-by-default.patch * Edit module-setup.sh - Add explicit dep on combustion in module-setup.sh - Replace ignition-dracut-grub2 with combustion's firstboot.target: * Add 0001-Order-ignition-disks.service-before-systemd-fsck-roo.patch * Edit ignition-suse-generator * Edit ignition-umount-initrd-fstab.service * Edit module-setup.sh * Drop 02_ignition_firstboot * Drop ignition-firstboot-complete.service * Adjust README.SUSE - Edit ignition-umount-initrd-fstab.service to not rely on combustion units forcing proper order - Add 0003-Move-the-GPT-header-on-resized-disks.patch to make it - Fix patch file metadata in 0001-ignore-missing-qemu-blockdev.patch and 0002-allow-multiple-mounts-of-same-device.patch OBS-URL: https://build.opensuse.org/request/show/1105491 OBS-URL: https://build.opensuse.org/package/show/devel:kubic:ignition/ignition?expand=0&rev=111 2023-08-23 16:09:02 +02:00			`Replaces the upstream generator by making use of firstboot.target provided`
			`by combustion and hooking up the services provided by this module.`
- Update to version 2.6.0 - Update to version 2.5.0 * Dropped 0003-Disable-resetting-UUID.patch (upstream moved the functionality into the CoreOS configuration. * Added ignition-enable-network.sh / ignition-enable-network.service: Implemented ignition-fetch-offline feature to only start networking if required - Update to version 2.4.1 - Update to version 2.4.0 OBS-URL: https://build.opensuse.org/package/show/devel:kubic:ignition/ignition?expand=0&rev=49 2020-08-10 11:28:19 +02:00			`Additionally it will try to autodect the platform if it is not set on the`
			`kernel command line.`
			`* ignition-enable-network.service / ignition-enable-network.sh:`
			`Ignition supports detection whether the configuration requires networking`
			`to avoid having to boot with networking enabled even when it isn't`
			`necessary; the actual implementation to start the network is left to the`
			`distribution.`
Accepting request 904616 from home:fos:branches:home:susnux:branches:devel:kubic:ignition Implement missing ignition-kargs-helper script for kernel argument support OBS-URL: https://build.opensuse.org/request/show/904616 OBS-URL: https://build.opensuse.org/package/show/devel:kubic:ignition/ignition?expand=0&rev=73 2021-07-07 18:27:38 +02:00			`* ignition-kargs-helper:`
			`Distribution specific helper script to implement kernel argument support.`