From 5da73581354eb64c35bbd786e7035a20347be63f Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Thu, 8 Jul 2021 18:09:10 -0400 Subject: [PATCH] Drop ignition-firstboot-complete and ignition-setup-user services They should be in distro glue instead. See also https://github.com/coreos/ignition/pull/1246#issuecomment-876451763. --- drop-ignition-firstboot-complete-2.11.0.patch | 67 ++++++ drop-ignition-setup-base-2.11.0.patch | 25 ++ drop-ignition-setup-user-2.11.0.patch | 218 ++++++++++++++++++ ignition.spec | 14 +- 4 files changed, 320 insertions(+), 4 deletions(-) create mode 100644 drop-ignition-firstboot-complete-2.11.0.patch create mode 100644 drop-ignition-setup-base-2.11.0.patch create mode 100644 drop-ignition-setup-user-2.11.0.patch diff --git a/drop-ignition-firstboot-complete-2.11.0.patch b/drop-ignition-firstboot-complete-2.11.0.patch new file mode 100644 index 0000000..49e68bb --- /dev/null +++ b/drop-ignition-firstboot-complete-2.11.0.patch @@ -0,0 +1,67 @@ +From fdbd1e41bb15d24936e4c14323ea988a0ecf0846 Mon Sep 17 00:00:00 2001 +From: Jonathan Lebon +Date: Tue, 6 Jul 2021 14:49:32 -0400 +Subject: [PATCH 1/3] Remove ignition-firstboot-complete.service + +This is a distro-level integration service. Let's remove it from here +and have it live e.g. in coreos/fedora-coreos-config for FCOS/RHCOS. + +Closes: #1125 +--- + Makefile | 1 - + systemd/ignition-firstboot-complete.service | 31 --------------------- + 2 files changed, 32 deletions(-) + delete mode 100644 systemd/ignition-firstboot-complete.service + +diff --git a/Makefile b/Makefile +index 6b3f49a4..af9a94ad 100644 +--- a/Makefile ++++ b/Makefile +@@ -23,7 +23,6 @@ install: all + install -m 0644 -D -t $(DESTDIR)/usr/lib/dracut/modules.d/$${bn} $$x/*; \ + done + chmod a+x $(DESTDIR)/usr/lib/dracut/modules.d/*/*.sh $(DESTDIR)/usr/lib/dracut/modules.d/*/*-generator +- install -m 0644 -D -t $(DESTDIR)/usr/lib/systemd/system systemd/* + install -m 0755 -D -t $(DESTDIR)/usr/lib/dracut/modules.d/30ignition bin/$(GOARCH)/ignition + install -m 0755 -D -t $(DESTDIR)/usr/bin bin/$(GOARCH)/ignition-validate + +diff --git a/systemd/ignition-firstboot-complete.service b/systemd/ignition-firstboot-complete.service +deleted file mode 100644 +index c506773a..00000000 +--- a/systemd/ignition-firstboot-complete.service ++++ /dev/null +@@ -1,31 +0,0 @@ +-[Unit] +-Description=Mark boot complete +-Documentation=https://github.com/coreos/ignition +-ConditionKernelCommandLine=ignition.firstboot +-ConditionPathExists=!/run/ostree-live +-RequiresMountsFor=/boot +- +-[Service] +-Type=oneshot +-RemainAfterExit=yes +-# The MountFlags=slave is so we remount /boot temporarily writable; +-# see https://github.com/ostreedev/ostree/issues/1265 for the bigger picture. +-# This option creates a new mount namespace; from the point of view of +-# everything else, /boot stays readonly. We only have a transient writable mount +-# for the lifetime of the unit. +-# +-# Also regarding the lack of `-f` for rm ; we should have only run if GRUB +-# detected this file. Fail if we are unable to remove it, rather than risking +-# rerunning Ignition at next boot. +-MountFlags=slave +-# It is better to have a separate script to do this but it might be polluting +-# the target system with some script in i.e. /usr/sbin/firstboot-complete +-# The retval code is still respected with having this if-else block. +-ExecStart=/bin/sh -c \ +- 'mount -o remount,rw /boot && \ +- if [[ $(uname -m) = s390x ]]; then zipl; fi && \ +- rm /boot/ignition.firstboot' +- +-[Install] +-# Part of basic.target so this happens early on in firstboot +-WantedBy=basic.target +-- +2.31.1 + diff --git a/drop-ignition-setup-base-2.11.0.patch b/drop-ignition-setup-base-2.11.0.patch new file mode 100644 index 0000000..462d851 --- /dev/null +++ b/drop-ignition-setup-base-2.11.0.patch @@ -0,0 +1,25 @@ +From 9f25f6a7371c8027777c76efe77904c2e2c8fd75 Mon Sep 17 00:00:00 2001 +From: Benjamin Gilbert +Date: Wed, 7 Jul 2021 18:27:31 -0400 +Subject: [PATCH 2/3] dracut: drop reference to ignition-setup-base.service + +It was removed in e2d3fa3a61b3. +--- + dracut/30ignition/ignition-fetch-offline.service | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/dracut/30ignition/ignition-fetch-offline.service b/dracut/30ignition/ignition-fetch-offline.service +index 0a18e0de..7c4b0289 100644 +--- a/dracut/30ignition/ignition-fetch-offline.service ++++ b/dracut/30ignition/ignition-fetch-offline.service +@@ -14,7 +14,6 @@ After=basic.target + # Stage order: setup -> fetch-offline [-> fetch] [-> kargs] -> disks -> mount -> files. + # We run after the setup stage has run because it may copy in new/different + # ignition configs for us to consume. +-After=ignition-setup-base.service + After=ignition-setup-user.service + Before=ignition-fetch.service + +-- +2.31.1 + diff --git a/drop-ignition-setup-user-2.11.0.patch b/drop-ignition-setup-user-2.11.0.patch new file mode 100644 index 0000000..a4f3006 --- /dev/null +++ b/drop-ignition-setup-user-2.11.0.patch @@ -0,0 +1,218 @@ +From d791aaed74b861fc40104e0c96c4427d667a8f7a Mon Sep 17 00:00:00 2001 +From: Benjamin Gilbert +Date: Thu, 8 Jul 2021 15:39:11 -0400 +Subject: [PATCH 3/3] dracut: drop ignition-setup-user.service + +It assumes that we can mount /dev/disk/by-label/boot and copy a file out +of it, which may not be true on all distros. We already have a clear +external API for providing injected user configs to Ignition (put them +in /usr/lib/ignition/user.ign), so leave this to the distro to handle as +it wishes. +--- + dracut/30ignition/ignition-disks.service | 2 +- + .../30ignition/ignition-fetch-offline.service | 5 +-- + dracut/30ignition/ignition-fetch.service | 2 +- + dracut/30ignition/ignition-files.service | 2 +- + dracut/30ignition/ignition-generator | 9 ------ + dracut/30ignition/ignition-kargs.service | 2 +- + dracut/30ignition/ignition-mount.service | 2 +- + dracut/30ignition/ignition-setup-user.service | 23 ------------- + dracut/30ignition/ignition-setup-user.sh | 32 ------------------- + dracut/30ignition/module-setup.sh | 4 --- + 10 files changed, 6 insertions(+), 77 deletions(-) + delete mode 100644 dracut/30ignition/ignition-setup-user.service + delete mode 100755 dracut/30ignition/ignition-setup-user.sh + +diff --git a/dracut/30ignition/ignition-disks.service b/dracut/30ignition/ignition-disks.service +index 66fa8838..92c8d242 100644 +--- a/dracut/30ignition/ignition-disks.service ++++ b/dracut/30ignition/ignition-disks.service +@@ -5,7 +5,7 @@ ConditionPathExists=/etc/initrd-release + DefaultDependencies=false + Before=ignition-complete.target + +-# Stage order: setup -> fetch-offline [-> fetch] [-> kargs] -> disks -> mount -> files. ++# Stage order: fetch-offline [-> fetch] [-> kargs] -> disks -> mount -> files. + After=ignition-fetch.service + Before=ignition-mount.service + +diff --git a/dracut/30ignition/ignition-fetch-offline.service b/dracut/30ignition/ignition-fetch-offline.service +index 7c4b0289..b8ae7a7d 100644 +--- a/dracut/30ignition/ignition-fetch-offline.service ++++ b/dracut/30ignition/ignition-fetch-offline.service +@@ -11,10 +11,7 @@ DefaultDependencies=false + Before=ignition-complete.target + After=basic.target + +-# Stage order: setup -> fetch-offline [-> fetch] [-> kargs] -> disks -> mount -> files. +-# We run after the setup stage has run because it may copy in new/different +-# ignition configs for us to consume. +-After=ignition-setup-user.service ++# Stage order: fetch-offline [-> fetch] [-> kargs] -> disks -> mount -> files. + Before=ignition-fetch.service + + OnFailure=emergency.target +diff --git a/dracut/30ignition/ignition-fetch.service b/dracut/30ignition/ignition-fetch.service +index d629273d..d914362d 100644 +--- a/dracut/30ignition/ignition-fetch.service ++++ b/dracut/30ignition/ignition-fetch.service +@@ -9,7 +9,7 @@ ConditionPathExists=/run/ignition/neednet + # Don't run if the `fetch-offline` stage successfully fetched a config + ConditionPathExists=!/run/ignition.json + +-# Stage order: setup -> fetch-offline [-> fetch] [-> kargs] -> disks -> mount -> files. ++# Stage order: fetch-offline [-> fetch] [-> kargs] -> disks -> mount -> files. + # We run after the setup stage has run because it may copy in new/different + # ignition configs for us to consume. + After=ignition-fetch-offline.service +diff --git a/dracut/30ignition/ignition-files.service b/dracut/30ignition/ignition-files.service +index 90bda675..aa64fb68 100644 +--- a/dracut/30ignition/ignition-files.service ++++ b/dracut/30ignition/ignition-files.service +@@ -8,7 +8,7 @@ Before=ignition-complete.target + OnFailure=emergency.target + OnFailureJobMode=isolate + +-# Stage order: setup -> fetch-offline [-> fetch] [-> kargs] -> disks -> mount -> files. ++# Stage order: fetch-offline [-> fetch] [-> kargs] -> disks -> mount -> files. + After=ignition-mount.service + + # Run before initrd-parse-etc so that we can drop files it then picks up. +diff --git a/dracut/30ignition/ignition-generator b/dracut/30ignition/ignition-generator +index a444395a..1dff7442 100755 +--- a/dracut/30ignition/ignition-generator ++++ b/dracut/30ignition/ignition-generator +@@ -47,15 +47,6 @@ if $(cmdline_bool 'ignition.firstboot' 0); then + # and therefore won't have a root disk. + if ! command -v is-live-image >/dev/null || ! is-live-image; then + add_requires ignition-diskful.target ignition-complete.target +- +- # ignition-setup-user.service should depend on the boot device node +- # only on diskful boots +- mkdir -p "${UNIT_DIR}/ignition-setup-user.service.d" +- cat > "${UNIT_DIR}/ignition-setup-user.service.d/diskful.conf" < fetch-offline [-> fetch] [-> kargs] -> disks -> mount -> files. ++# Stage order: fetch-offline [-> fetch] [-> kargs] -> disks -> mount -> files. + After=ignition-fetch.service + Before=ignition-disks.service + +diff --git a/dracut/30ignition/ignition-mount.service b/dracut/30ignition/ignition-mount.service +index b3af2fa8..0d25afab 100644 +--- a/dracut/30ignition/ignition-mount.service ++++ b/dracut/30ignition/ignition-mount.service +@@ -5,7 +5,7 @@ ConditionPathExists=/etc/initrd-release + DefaultDependencies=false + Before=ignition-complete.target + +-# Stage order: setup -> fetch-offline [-> fetch] [-> kargs] -> disks -> mount -> files. ++# Stage order: fetch-offline [-> fetch] [-> kargs] -> disks -> mount -> files. + # We need to make sure the partitions and filesystems are set up before + # mounting. This is also guaranteed through After=initrd-root-fs.target but + # just to be explicit. +diff --git a/dracut/30ignition/ignition-setup-user.service b/dracut/30ignition/ignition-setup-user.service +deleted file mode 100644 +index 40c53dd1..00000000 +--- a/dracut/30ignition/ignition-setup-user.service ++++ /dev/null +@@ -1,23 +0,0 @@ +-[Unit] +-Description=Ignition (setup user config) +-Documentation=https://github.com/coreos/ignition +-ConditionPathExists=/etc/initrd-release +-DefaultDependencies=false +-Before=ignition-complete.target +- +-OnFailure=emergency.target +-OnFailureJobMode=isolate +- +-# Stage order: setup -> fetch-offline [-> fetch] [-> kargs] -> disks -> mount -> files. +-Before=ignition-fetch-offline.service +- +-# On diskful boots, ignition-generator adds Requires/After on +-# dev-disk-by\x2dlabel-boot.device +- +-[Service] +-Type=oneshot +-RemainAfterExit=yes +-# The MountFlags=slave is so the umount of /boot is guaranteed to happen +-# /boot will only be mounted for the lifetime of the unit. +-MountFlags=slave +-ExecStart=/usr/sbin/ignition-setup-user +diff --git a/dracut/30ignition/ignition-setup-user.sh b/dracut/30ignition/ignition-setup-user.sh +deleted file mode 100755 +index e0f3c4e2..00000000 +--- a/dracut/30ignition/ignition-setup-user.sh ++++ /dev/null +@@ -1,32 +0,0 @@ +-#!/bin/bash +-set -euo pipefail +- +-copy_file_if_exists() { +- src="${1}"; dst="${2}" +- if [ -f "${src}" ]; then +- echo "Copying ${src} to ${dst}" +- cp "${src}" "${dst}" +- else +- echo "File ${src} does not exist.. Skipping copy" +- fi +-} +- +-destination=/usr/lib/ignition +-mkdir -p $destination +- +-if command -v is-live-image >/dev/null && is-live-image; then +- # Live image. If the user has supplied a config.ign via an appended +- # initrd, put it in the right place. +- copy_file_if_exists "/config.ign" "${destination}/user.ign" +-else +- # We will support a user embedded config in the boot partition +- # under $bootmnt/ignition/config.ign. Note that we mount /boot +- # but we don't unmount boot because we are run in a systemd unit +- # with MountFlags=slave so it is unmounted for us. +- bootmnt=/mnt/boot_partition +- mkdir -p $bootmnt +- # mount as read-only since we don't strictly need write access and we may be +- # running alongside other code that also has it mounted ro +- mount -o ro /dev/disk/by-label/boot $bootmnt +- copy_file_if_exists "${bootmnt}/ignition/config.ign" "${destination}/user.ign" +-fi +diff --git a/dracut/30ignition/module-setup.sh b/dracut/30ignition/module-setup.sh +index e51112f8..8e7e3033 100755 +--- a/dracut/30ignition/module-setup.sh ++++ b/dracut/30ignition/module-setup.sh +@@ -56,9 +56,6 @@ install() { + # Required on system using SELinux + inst_multiple -o setfiles + +- inst_script "$moddir/ignition-setup-user.sh" \ +- "/usr/sbin/ignition-setup-user" +- + inst_script "$moddir/ignition-kargs-helper.sh" \ + "/usr/sbin/ignition-kargs-helper" + +@@ -83,7 +80,6 @@ install() { + "$systemdsystemunitdir/ignition-$x.target" + done + +- install_ignition_unit ignition-setup-user.service + install_ignition_unit ignition-fetch.service + install_ignition_unit ignition-fetch-offline.service + install_ignition_unit ignition-kargs.service +-- +2.31.1 + diff --git a/ignition.spec b/ignition.spec index 5c8cbb4..10d68cc 100644 --- a/ignition.spec +++ b/ignition.spec @@ -13,13 +13,18 @@ Version: 2.11.0 %global dracutlibdir %{_prefix}/lib/dracut Name: ignition -Release: 1%{?dist} +Release: 2%{?dist} Summary: First boot installer and configuration tool # Upstream license specification: Apache-2.0 License: ASL 2.0 URL: %{gourl} Source0: %{gosource} +# https://github.com/coreos/ignition/pull/1245 +Patch0: drop-ignition-firstboot-complete-2.11.0.patch +# https://github.com/coreos/ignition/pull/1248 +Patch1: drop-ignition-setup-base-2.11.0.patch +Patch2: drop-ignition-setup-user-2.11.0.patch BuildRequires: libblkid-devel @@ -250,9 +255,7 @@ GOARCH=amd64 GOOS=windows %gocrossbuild -o ./ignition-validate-x86_64-pc-windows %install # dracut modules install -d -p %{buildroot}/%{dracutlibdir}/modules.d -install -d -p %{buildroot}/%{_prefix}/lib/systemd/system cp -r dracut/* %{buildroot}/%{dracutlibdir}/modules.d/ -install -m 0644 -t %{buildroot}/%{_prefix}/lib/systemd/system/ systemd/* # ignition install -d -p %{buildroot}%{_bindir} @@ -276,7 +279,6 @@ install -p -m 0755 ./ignition %{buildroot}/%{dracutlibdir}/modules.d/30ignition %license %{golicenses} %doc %{godocs} %{dracutlibdir}/modules.d/* -%{_prefix}/lib/systemd/system/*.service %files validate %doc README.md @@ -290,6 +292,10 @@ install -p -m 0755 ./ignition %{buildroot}/%{dracutlibdir}/modules.d/30ignition %{_datadir}/ignition/ignition-validate-x86_64-pc-windows-gnu.exe %changelog +* Thu Jul 8 2021 Benjamin Gilbert - 2.11.0-2 +- Move ignition-firstboot-complete and ignition-setup-user services out of + package into distro glue + * Fri Jun 25 2021 Benjamin Gilbert - 2.11.0-1 - New release