From 406cbf31e8e092b707cdedd732984110434f4452b80b661044947f9b365d91b4 Mon Sep 17 00:00:00 2001 From: Ignaz Forster Date: Mon, 9 Aug 2021 15:33:18 +0000 Subject: [PATCH] - Update to version 2.12.0: * news: add notes for 2.12.0 * stages/files: add previousReport to result report * tests: fix linter warning * workflows: limit permissions to reading repo contents * workflows: bump linter version * go.mod: revendor * Drop EOL Go versions * internal/distro: drop DiskByIDDir * providers/azure: add support for azure gen2 VMs * stages/mount: correctly relabel the root of a fresh ext4 filesystem * exec: fix permissions for mountpoints in home dirs * tests: drop os.ModeDir requirement in mode of output directories * examples: reboot with --force * exec/util: add blkid API to query block devices based on FSTYPE * stages/files: use IntToPtr() in createCrypttabEntries() * stages/files: write result report to /var/lib/ignition * engine: persist fetched config summaries in State * stages/disks: use State to persist keyfiles for files stage * *: add general mechanism for persisting state between stages * main: drop -clear-cache flag * engine: don't hardcode neednet path * fetch-offline: return ErrNeedNet if we need net * engine: switch Engine.logReport() to pointer receiver * engine: fix incorrect error in log message * dracut: drop ignition-setup-user.service * dracut: drop reference to ignition-setup-base.service * providers/gcp: access GCP metadata service by IP address * Remove ignition-firstboot-complete.service * OWNERS: remove * internal/exec/util: drop device argument from cResultToErr() * docs/config*: document storage.luks.clevis.threshold default * ci: disable spec bump external test workaround * docs: Add Ignition release / Spec version table * templates: update example releng signing ticket * templates: don't update %gotest lines * Provide ignition-firstboot-complete.service (removed by upstream due to correctly being considered distro spcific), based on the old upstream version; removed all non-SUSE specific stuff and integrated our own changes * Removed change-ignition-firstboot-path.conf (changes are integrated into ignition-firstboot-complete.service now). * Provide ignition-setup-user.service (removed by upstream due to correctly being considered distro spcific), based on the old upstream version. * Renamed ignition-setup-user-suse.sh to ignition-setup-user.sh * Adapted ignition-generator-suse and module-setup.sh to use the custom ignition-setup-user.service (no overriding of parts of the service file necessary any more). * Synced ignition-kargs-helper script with upstream example * Raising minimum Go version to 1.15 as required by upstream OBS-URL: https://build.opensuse.org/package/show/devel:kubic:ignition/ignition?expand=0&rev=79 --- README.SUSE | 22 ++++++-- _service | 4 +- _servicedata | 2 +- change-ignition-firstboot-path.conf | 3 - ignition-2.11.0.tar.xz | 3 - ignition-2.12.0.tar.xz | 3 + ignition-firstboot-complete.service | 13 +++++ ignition-kargs-helper | 2 +- ignition-setup-user.service | 18 ++++++ ...tup-user-suse.sh => ignition-setup-user.sh | 0 ignition-suse-generator | 9 ++- ignition.changes | 55 +++++++++++++++++++ ignition.spec | 26 ++++----- module-setup.sh | 15 ++++- 14 files changed, 139 insertions(+), 36 deletions(-) delete mode 100644 change-ignition-firstboot-path.conf delete mode 100644 ignition-2.11.0.tar.xz create mode 100644 ignition-2.12.0.tar.xz create mode 100644 ignition-firstboot-complete.service create mode 100644 ignition-setup-user.service rename ignition-setup-user-suse.sh => ignition-setup-user.sh (100%) diff --git a/README.SUSE b/README.SUSE index 34aa941..6dc752d 100644 --- a/README.SUSE +++ b/README.SUSE @@ -10,13 +10,17 @@ Changes for openSUSE / SLE: For better usability in addition to Ignition's own mount / umount stage all files systems tagged for being mounted in the initrd ("x-initrd.mount" mount flag) will automatically be mounted / umounted. -* ignition-setup-user-suse.sh / ignition-userconfig-timeout*.conf: +* ignition-setup-user.service / ignition-setup-use.sh: The user configuration can be stored on a device with the label "ignition" - (e.g. by attaching a USB flash drive with that name) instead of putting the - file onto the root partition. + (e.g. by attaching a USB flash drive with that name) instead of using the + platform specific configuration storage mechanism. +* ignition-userconfig-timeout*.conf: + Set timeout for Ignition device so boot will just continue if no physical + Ignition configuration device is attached (e.g. when using platform + specific configuration). * ignition-suse-generator: Supplements the upstream generator by adding dependencies to - ignition-setup-user-suse.sh and ignition-mount-initrd-fstab.service. + ignition-setup-user.service and ignition-mount-initrd-fstab.service. Additionally it will try to autodect the platform if it is not set on the kernel command line. * 02_ignition_firstboot: @@ -28,8 +32,14 @@ Changes for openSUSE / SLE: Ignition run if a flag file does not exist (e.g. on first boot). To trigger an Ignition run manually just delete the file "/boot/writable/firstboot_happened". -* change-ignition-firstboot-path.conf: - Overwrite CoreOS specific path. +* ignition-firstboot-complete.service: + This file has been part of upstream ignition-dracut, but has since then been + moved to a static CoreOS specific configuration + (https://github.com/coreos/fedora-coreos-config/pull/1087); it is now used + in a simpified version adapted to SUSE's needs. + Sets the flag file "/boot/writable/firstboot_happened" to indicate a + successful first boot. This flag file is evaluated by the GRUB script + 02_ignition_firstboot from above. * ignition-enable-network.service / ignition-enable-network.sh: Ignition supports detection whether the configuration requires networking to avoid having to boot with networking enabled even when it isn't diff --git a/_service b/_service index e840cad..d4c2038 100644 --- a/_service +++ b/_service @@ -1,7 +1,7 @@ - 2.11.0 - v2.11.0 + 2.12.0 + v2.12.0 git://github.com/coreos/ignition.git git enable diff --git a/_servicedata b/_servicedata index 45a8dd1..eea9426 100644 --- a/_servicedata +++ b/_servicedata @@ -1,6 +1,6 @@ git://github.com/coreos/ignition.git - c10c5d4ed00ea05d42223e2877d8f9bdb9f1ce49 + 02f4e481faf0d5aed0cd173437b3ae7a07a7388c \ No newline at end of file diff --git a/change-ignition-firstboot-path.conf b/change-ignition-firstboot-path.conf deleted file mode 100644 index eac0cb1..0000000 --- a/change-ignition-firstboot-path.conf +++ /dev/null @@ -1,3 +0,0 @@ -[Service] -ExecStart= -ExecStart=/usr/bin/touch /boot/writable/firstboot_happened diff --git a/ignition-2.11.0.tar.xz b/ignition-2.11.0.tar.xz deleted file mode 100644 index 527c4db..0000000 --- a/ignition-2.11.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d3f05956d04ce608d8f613313c5462e9bcddcbdc9feb2671ac73925a3c1dace9 -size 2280028 diff --git a/ignition-2.12.0.tar.xz b/ignition-2.12.0.tar.xz new file mode 100644 index 0000000..aa4bb47 --- /dev/null +++ b/ignition-2.12.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:690f8f03c9c97f30929f87f4a82b383a8fede6bbb093d6de97e68a8a720e0905 +size 2282292 diff --git a/ignition-firstboot-complete.service b/ignition-firstboot-complete.service new file mode 100644 index 0000000..73f1e4b --- /dev/null +++ b/ignition-firstboot-complete.service @@ -0,0 +1,13 @@ +[Unit] +Description=Mark boot complete +Documentation=https://build.opensuse.org/package/view_file/devel:kubic:ignition/ignition/README.SUSE?expand=1 +ConditionKernelCommandLine=ignition.firstboot + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/touch /boot/writable/firstboot_happened + +[Install] +# Part of basic.target so this happens early on in firstboot +WantedBy=basic.target diff --git a/ignition-kargs-helper b/ignition-kargs-helper index 22e8934..44551ee 100644 --- a/ignition-kargs-helper +++ b/ignition-kargs-helper @@ -74,6 +74,6 @@ EOF echo "Clearing GRUB flag" chroot /sysroot grub2-editenv - set health_checker_flag=0 || true - reboot + systemctl reboot --force fi diff --git a/ignition-setup-user.service b/ignition-setup-user.service new file mode 100644 index 0000000..a011f12 --- /dev/null +++ b/ignition-setup-user.service @@ -0,0 +1,18 @@ +[Unit] +Description=Ignition User Config Setup +Documentation=https://build.opensuse.org/package/view_file/devel:kubic:ignition/ignition/README.SUSE?expand=1 +ConditionPathExists=/etc/initrd-release +DefaultDependencies=false + +# We run before config fetch because we may copy in new/different configs +# for Ignition to consume. +Before=ignition-fetch-offline.service + +OnFailure=emergency.target +OnFailureJobMode=isolate + +[Service] +Type=oneshot +RemainAfterExit=yes +MountFlags=slave +ExecStart=/usr/sbin/ignition-setup-user diff --git a/ignition-setup-user-suse.sh b/ignition-setup-user.sh similarity index 100% rename from ignition-setup-user-suse.sh rename to ignition-setup-user.sh diff --git a/ignition-suse-generator b/ignition-suse-generator index 360a114..3b5e1ad 100644 --- a/ignition-suse-generator +++ b/ignition-suse-generator @@ -11,15 +11,14 @@ set -e add_requires ignition-mount-initrd-fstab.service ignition-files.service add_requires ignition-enable-network.service ignition-fetch.service -if [ -e "${UNIT_DIR}/ignition-setup-user.service.d/diskful.conf" ]; then +if ! is-live-image; then + # ignition-setup-user.service should depend on the boot device node + # only on diskful boots + mkdir -p "${UNIT_DIR}/ignition-setup-user.service.d" cat > "${UNIT_DIR}/ignition-setup-user.service.d/diskful.conf" < diff --git a/ignition.spec b/ignition.spec index a247198..a92374d 100644 --- a/ignition.spec +++ b/ignition.spec @@ -17,7 +17,7 @@ Name: ignition -Version: 2.11.0 +Version: 2.12.0 Release: 0 Summary: First boot installer and configuration tool License: Apache-2.0 @@ -29,12 +29,13 @@ Source2: ignition-rpmlintrc Source3: ignition-suse-generator Source4: module-setup.sh Source5: 02_ignition_firstboot -Source6: change-ignition-firstboot-path.conf +Source6: ignition-firstboot-complete.service Source7: README.SUSE -Source8: ignition-setup-user-suse.sh -Source9: ignition-enable-network.service -Source10: ignition-enable-network.sh -Source11: ignition-kargs-helper +Source8: ignition-setup-user.sh +Source9: ignition-setup-user.service +Source10: ignition-enable-network.service +Source11: ignition-enable-network.sh +Source12: ignition-kargs-helper Source20: ignition-userconfig-timeout.conf Source21: ignition-userconfig-timeout-arm.conf Patch2: 0002-allow-multiple-mounts-of-same-device.patch @@ -42,7 +43,7 @@ BuildRequires: dracut BuildRequires: libblkid-devel BuildRequires: systemd-rpm-macros BuildRequires: update-bootloader-rpm-macros -BuildRequires: golang(API) >= 1.13 +BuildRequires: golang(API) >= 1.15 Requires: %{name}-dracut-grub2 Requires: dracut Recommends: %{_sbindir}/groupadd @@ -86,8 +87,8 @@ which creates firstboot_happened after the first boot. %patch2 -p1 mkdir dracut/30ignition-microos grub systemd_suse -chmod +x %{SOURCE3} %{SOURCE4} %{SOURCE8} %{SOURCE11} -cp %{SOURCE1} %{SOURCE3} %{SOURCE4} %{SOURCE8} %{SOURCE9} %{SOURCE10} dracut/30ignition-microos/ +chmod +x %{SOURCE3} %{SOURCE4} %{SOURCE8} %{SOURCE12} +cp %{SOURCE1} %{SOURCE3} %{SOURCE4} %{SOURCE8} %{SOURCE9} %{SOURCE10} %{SOURCE11} dracut/30ignition-microos/ %ifarch aarch64 %{arm} cp %{SOURCE21} dracut/30ignition-microos/ignition-userconfig-timeout.conf %else @@ -96,7 +97,7 @@ cp %{SOURCE20} dracut/30ignition-microos/ignition-userconfig-timeout.conf cp %{SOURCE5} grub/ cp %{SOURCE6} systemd_suse/ cp %{SOURCE7} . -cp %{SOURCE11} dracut/30ignition/ignition-kargs-helper.sh +cp %{SOURCE12} dracut/30ignition/ignition-kargs-helper.sh %build sed -i -e 's|go build -ldflags|go build -buildmode=pie -ldflags|g' build @@ -106,9 +107,9 @@ env VERSION=%{version} GLDFLAGS='-X github.com/coreos/ignition/v2/internal/distr make -o all install DESTDIR=%{buildroot} install -d %{buildroot}%{_sysconfdir}/grub.d -install -d %{buildroot}%{_prefix}/lib/systemd/system/ignition-firstboot-complete.service.d +install -d %{buildroot}%{_prefix}/lib/systemd/system install -p -m 0755 grub/* %{buildroot}%{_sysconfdir}/grub.d/ -install -p -m 0644 systemd_suse/*.conf %{buildroot}%{_prefix}/lib/systemd/system/ignition-firstboot-complete.service.d/ +install -p -m 0644 systemd_suse/* %{buildroot}%{_prefix}/lib/systemd/system/ %post %{?regenerate_initrd_post} @@ -159,6 +160,5 @@ fi %doc README.SUSE %{_sysconfdir}/grub.d/02_ignition_firstboot %{_prefix}/lib/systemd/system/ignition-firstboot-complete.service -%{_prefix}/lib/systemd/system/ignition-firstboot-complete.service.d/ %changelog diff --git a/module-setup.sh b/module-setup.sh index e8fe032..50680b6 100644 --- a/module-setup.sh +++ b/module-setup.sh @@ -6,6 +6,16 @@ depends() { echo ignition } +install_ignition_unit() { + local unit="$1"; shift + local target="${1:-ignition-complete.target}"; shift + local instantiated="${1:-$unit}"; shift + inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit" + # note we `|| exit 1` here so we error out if e.g. the units are missing + # see https://github.com/coreos/fedora-coreos-config/issues/799 + systemctl -q --root="$initdir" add-requires "$target" "$instantiated" || exit 1 +} + install() { inst_simple "$moddir/ignition-enable-network.service" \ "$systemdsystemunitdir/ignition-enable-network.service" @@ -17,9 +27,10 @@ install() { "/etc/systemd/system-generators/ignition-generator" inst_script "$moddir/ignition-enable-network.sh" \ "/usr/sbin/ignition-enable-network" - inst_script "$moddir/ignition-setup-user-suse.sh" \ - "/usr/sbin/ignition-setup-user-suse" + inst_script "$moddir/ignition-setup-user.sh" \ + "/usr/sbin/ignition-setup-user" inst_multiple awk systemd-detect-virt + install_ignition_unit ignition-setup-user.service } installkernel() {