SHA256
1
0
forked from pool/ignition
ignition/README.SUSE

59 lines
3.3 KiB
Plaintext
Raw Normal View History

Changes for openSUSE / SLE:
* ignition-mount-initrd-fstab.service / ignition-umount-initrd-fstab.service:
Upstream Ignition will only mount partitions or subvolumes explicitly
mentioned in the Ignition configuration. A default SUSE system, however,
is split over several subvolumes, and most users won't want to define
all the partitions again. On the other hand a lot of core functionality (e.g.
configuring a SSH certificate for the root user or adding a configuration
file) requires access to those subvolumes.
For better usability in addition to Ignition's own mount / umount stage all
files systems tagged for being mounted in the initrd ("x-initrd.mount" mount
flag) will automatically be mounted / umounted.
- Update to version 2.12.0: * news: add notes for 2.12.0 * stages/files: add previousReport to result report * tests: fix linter warning * workflows: limit permissions to reading repo contents * workflows: bump linter version * go.mod: revendor * Drop EOL Go versions * internal/distro: drop DiskByIDDir * providers/azure: add support for azure gen2 VMs * stages/mount: correctly relabel the root of a fresh ext4 filesystem * exec: fix permissions for mountpoints in home dirs * tests: drop os.ModeDir requirement in mode of output directories * examples: reboot with --force * exec/util: add blkid API to query block devices based on FSTYPE * stages/files: use IntToPtr() in createCrypttabEntries() * stages/files: write result report to /var/lib/ignition * engine: persist fetched config summaries in State * stages/disks: use State to persist keyfiles for files stage * *: add general mechanism for persisting state between stages * main: drop -clear-cache flag * engine: don't hardcode neednet path * fetch-offline: return ErrNeedNet if we need net * engine: switch Engine.logReport() to pointer receiver * engine: fix incorrect error in log message * dracut: drop ignition-setup-user.service * dracut: drop reference to ignition-setup-base.service * providers/gcp: access GCP metadata service by IP address * Remove ignition-firstboot-complete.service * OWNERS: remove * internal/exec/util: drop device argument from cResultToErr() * docs/config*: document storage.luks.clevis.threshold default * ci: disable spec bump external test workaround * docs: Add Ignition release / Spec version table * templates: update example releng signing ticket * templates: don't update %gotest lines * Provide ignition-firstboot-complete.service (removed by upstream due to correctly being considered distro spcific), based on the old upstream version; removed all non-SUSE specific stuff and integrated our own changes * Removed change-ignition-firstboot-path.conf (changes are integrated into ignition-firstboot-complete.service now). * Provide ignition-setup-user.service (removed by upstream due to correctly being considered distro spcific), based on the old upstream version. * Renamed ignition-setup-user-suse.sh to ignition-setup-user.sh * Adapted ignition-generator-suse and module-setup.sh to use the custom ignition-setup-user.service (no overriding of parts of the service file necessary any more). * Synced ignition-kargs-helper script with upstream example * Raising minimum Go version to 1.15 as required by upstream OBS-URL: https://build.opensuse.org/package/show/devel:kubic:ignition/ignition?expand=0&rev=79
2021-08-09 17:33:18 +02:00
* ignition-setup-user.service / ignition-setup-use.sh:
The user configuration can be stored on a device with the label "ignition"
- Update to version 2.12.0: * news: add notes for 2.12.0 * stages/files: add previousReport to result report * tests: fix linter warning * workflows: limit permissions to reading repo contents * workflows: bump linter version * go.mod: revendor * Drop EOL Go versions * internal/distro: drop DiskByIDDir * providers/azure: add support for azure gen2 VMs * stages/mount: correctly relabel the root of a fresh ext4 filesystem * exec: fix permissions for mountpoints in home dirs * tests: drop os.ModeDir requirement in mode of output directories * examples: reboot with --force * exec/util: add blkid API to query block devices based on FSTYPE * stages/files: use IntToPtr() in createCrypttabEntries() * stages/files: write result report to /var/lib/ignition * engine: persist fetched config summaries in State * stages/disks: use State to persist keyfiles for files stage * *: add general mechanism for persisting state between stages * main: drop -clear-cache flag * engine: don't hardcode neednet path * fetch-offline: return ErrNeedNet if we need net * engine: switch Engine.logReport() to pointer receiver * engine: fix incorrect error in log message * dracut: drop ignition-setup-user.service * dracut: drop reference to ignition-setup-base.service * providers/gcp: access GCP metadata service by IP address * Remove ignition-firstboot-complete.service * OWNERS: remove * internal/exec/util: drop device argument from cResultToErr() * docs/config*: document storage.luks.clevis.threshold default * ci: disable spec bump external test workaround * docs: Add Ignition release / Spec version table * templates: update example releng signing ticket * templates: don't update %gotest lines * Provide ignition-firstboot-complete.service (removed by upstream due to correctly being considered distro spcific), based on the old upstream version; removed all non-SUSE specific stuff and integrated our own changes * Removed change-ignition-firstboot-path.conf (changes are integrated into ignition-firstboot-complete.service now). * Provide ignition-setup-user.service (removed by upstream due to correctly being considered distro spcific), based on the old upstream version. * Renamed ignition-setup-user-suse.sh to ignition-setup-user.sh * Adapted ignition-generator-suse and module-setup.sh to use the custom ignition-setup-user.service (no overriding of parts of the service file necessary any more). * Synced ignition-kargs-helper script with upstream example * Raising minimum Go version to 1.15 as required by upstream OBS-URL: https://build.opensuse.org/package/show/devel:kubic:ignition/ignition?expand=0&rev=79
2021-08-09 17:33:18 +02:00
(e.g. by attaching a USB flash drive with that name) instead of using the
platform specific configuration storage mechanism.
* ignition-userconfig-timeout*.conf:
Set timeout for Ignition device so boot will just continue if no physical
Ignition configuration device is attached (e.g. when using platform
specific configuration).
- Update to version 2.14.0: * NEWS: update v2.14.0 * docs/operator-notes: add section on provisioning secrets * Dockerfile.validate: build with Fedora 36 * internal/resource: fix gs:// fetches in GCE without a service account * docs/operator-notes: document supported S3 URL formats * internal/resource: fix S3 access point object ARNs * exec/util: fix infinite loop in Depth() if -root is relative * Add ignition-delete-config.service and ignition-rmcfg symlink * providers/virtualbox: support deleting Ignition configs * providers/virtualbox: add comment referencing VirtualBox source * providers/virtualbox: add define for GUEST_PROP_FN_GET_PROP * providers/virtualbox: add helper to set up hypervisor connection * providers/vmware: support deleting Ignition configs * main: add ignition-rmcfg multicall binary * go.mod: add github.com/beevik/etree * providers/vmware: switch to internal copy of OVF parser * internal/resource: fix bucket field in error message * internal/resource: derive AWS region hint from ARN partition field * internal/resource: simplify test * internal/resource: fix minor nits * provider/azure: try to fetch userdata from IMDS * providers/vmware: convert OVF tests to testify * providers/vmware: drop vmw-ovflib docs * providers/vmware: add verbatim copy of vmw-ovflib * providers/vmware: add constants for guestinfo and OVF property names * providers/virtualbox: fix reading properties with flags * internal/resource: support S3 access point URLs - Update fixes CVE from [bsc#1199524]; this introduces a new service "ignition-delete-config.service" - Add ignition-rmcfg-suse.conf dropin to adapt to SUSE environment - Use fixed paths in spec file for hardcoded installation paths OBS-URL: https://build.opensuse.org/package/show/devel:kubic:ignition/ignition?expand=0&rev=95
2022-06-09 18:46:15 +02:00
* ignition-rmcfg-suse.conf:
Adapt systemd service to match our own packaging: We do not support
ConditionFirstBoot, and additionally support auto-detection of the platform
(see ignition-suse-generator), so the detection whether the stage should be
called has to be done via shell script.
* ignition-touch-selinux-autorelabel.conf:
Trigger SELinux autorelabel after Ignition runs; Ignition would support
SELinux itself, however this is a compile time option, so it can't be
used here.
* ignition-suse-generator:
Supplements the upstream generator by adding dependencies to
- Update to version 2.12.0: * news: add notes for 2.12.0 * stages/files: add previousReport to result report * tests: fix linter warning * workflows: limit permissions to reading repo contents * workflows: bump linter version * go.mod: revendor * Drop EOL Go versions * internal/distro: drop DiskByIDDir * providers/azure: add support for azure gen2 VMs * stages/mount: correctly relabel the root of a fresh ext4 filesystem * exec: fix permissions for mountpoints in home dirs * tests: drop os.ModeDir requirement in mode of output directories * examples: reboot with --force * exec/util: add blkid API to query block devices based on FSTYPE * stages/files: use IntToPtr() in createCrypttabEntries() * stages/files: write result report to /var/lib/ignition * engine: persist fetched config summaries in State * stages/disks: use State to persist keyfiles for files stage * *: add general mechanism for persisting state between stages * main: drop -clear-cache flag * engine: don't hardcode neednet path * fetch-offline: return ErrNeedNet if we need net * engine: switch Engine.logReport() to pointer receiver * engine: fix incorrect error in log message * dracut: drop ignition-setup-user.service * dracut: drop reference to ignition-setup-base.service * providers/gcp: access GCP metadata service by IP address * Remove ignition-firstboot-complete.service * OWNERS: remove * internal/exec/util: drop device argument from cResultToErr() * docs/config*: document storage.luks.clevis.threshold default * ci: disable spec bump external test workaround * docs: Add Ignition release / Spec version table * templates: update example releng signing ticket * templates: don't update %gotest lines * Provide ignition-firstboot-complete.service (removed by upstream due to correctly being considered distro spcific), based on the old upstream version; removed all non-SUSE specific stuff and integrated our own changes * Removed change-ignition-firstboot-path.conf (changes are integrated into ignition-firstboot-complete.service now). * Provide ignition-setup-user.service (removed by upstream due to correctly being considered distro spcific), based on the old upstream version. * Renamed ignition-setup-user-suse.sh to ignition-setup-user.sh * Adapted ignition-generator-suse and module-setup.sh to use the custom ignition-setup-user.service (no overriding of parts of the service file necessary any more). * Synced ignition-kargs-helper script with upstream example * Raising minimum Go version to 1.15 as required by upstream OBS-URL: https://build.opensuse.org/package/show/devel:kubic:ignition/ignition?expand=0&rev=79
2021-08-09 17:33:18 +02:00
ignition-setup-user.service and ignition-mount-initrd-fstab.service.
Additionally it will try to autodect the platform if it is not set on the
kernel command line.
* 02_ignition_firstboot:
This file has been part of upstream ignition-dracut, but has since then been
moved to a static CoreOS specific configuration
(https://github.com/coreos/coreos-assembler/pull/616); it is now used in a
modified version adapted to SUSE's needs.
This script will automatically set the kernel parameters to trigger an
Ignition run if a flag file does not exist (e.g. on first boot). To trigger
an Ignition run manually just delete the file
"/boot/writable/firstboot_happened".
- Update to version 2.12.0: * news: add notes for 2.12.0 * stages/files: add previousReport to result report * tests: fix linter warning * workflows: limit permissions to reading repo contents * workflows: bump linter version * go.mod: revendor * Drop EOL Go versions * internal/distro: drop DiskByIDDir * providers/azure: add support for azure gen2 VMs * stages/mount: correctly relabel the root of a fresh ext4 filesystem * exec: fix permissions for mountpoints in home dirs * tests: drop os.ModeDir requirement in mode of output directories * examples: reboot with --force * exec/util: add blkid API to query block devices based on FSTYPE * stages/files: use IntToPtr() in createCrypttabEntries() * stages/files: write result report to /var/lib/ignition * engine: persist fetched config summaries in State * stages/disks: use State to persist keyfiles for files stage * *: add general mechanism for persisting state between stages * main: drop -clear-cache flag * engine: don't hardcode neednet path * fetch-offline: return ErrNeedNet if we need net * engine: switch Engine.logReport() to pointer receiver * engine: fix incorrect error in log message * dracut: drop ignition-setup-user.service * dracut: drop reference to ignition-setup-base.service * providers/gcp: access GCP metadata service by IP address * Remove ignition-firstboot-complete.service * OWNERS: remove * internal/exec/util: drop device argument from cResultToErr() * docs/config*: document storage.luks.clevis.threshold default * ci: disable spec bump external test workaround * docs: Add Ignition release / Spec version table * templates: update example releng signing ticket * templates: don't update %gotest lines * Provide ignition-firstboot-complete.service (removed by upstream due to correctly being considered distro spcific), based on the old upstream version; removed all non-SUSE specific stuff and integrated our own changes * Removed change-ignition-firstboot-path.conf (changes are integrated into ignition-firstboot-complete.service now). * Provide ignition-setup-user.service (removed by upstream due to correctly being considered distro spcific), based on the old upstream version. * Renamed ignition-setup-user-suse.sh to ignition-setup-user.sh * Adapted ignition-generator-suse and module-setup.sh to use the custom ignition-setup-user.service (no overriding of parts of the service file necessary any more). * Synced ignition-kargs-helper script with upstream example * Raising minimum Go version to 1.15 as required by upstream OBS-URL: https://build.opensuse.org/package/show/devel:kubic:ignition/ignition?expand=0&rev=79
2021-08-09 17:33:18 +02:00
* ignition-firstboot-complete.service:
This file has been part of upstream ignition-dracut, but has since then been
moved to a static CoreOS specific configuration
(https://github.com/coreos/fedora-coreos-config/pull/1087); it is now used
in a simpified version adapted to SUSE's needs.
Sets the flag file "/boot/writable/firstboot_happened" to indicate a
successful first boot. This flag file is evaluated by the GRUB script
02_ignition_firstboot from above.
* ignition-enable-network.service / ignition-enable-network.sh:
Ignition supports detection whether the configuration requires networking
to avoid having to boot with networking enabled even when it isn't
necessary; the actual implementation to start the network is left to the
distribution.
* ignition-kargs-helper:
Distribution specific helper script to implement kernel argument support.