From 1d0e8f1ace2df15fee13ed9c9e98bb9ef5e42c80 Mon Sep 17 00:00:00 2001 From: fushanqing Date: Tue, 22 Mar 2022 02:33:54 +0800 Subject: [PATCH] update latest config --- config/live/zipl.prm | 1 - config/manifest.yaml | 15 ----- .../coreos-sulogin-force.conf | 7 -- .../etc/modprobe.d/blacklist-nouveau.conf | 2 - .../tmpfiles.d/coreos-fix-etc-ownership.conf | 11 ---- .../system/kdump.service.d/remount-boot.conf | 9 --- .../usr/libexec/coreos-check-ignition-config | 26 -------- {config => nestos-config}/COPYING | 2 +- nestos-config/LICENSE | 21 ++++++ {config => nestos-config}/image-base.yaml | 12 +++- {config => nestos-config}/image.yaml | 0 nestos-config/kola-denylist.yaml | 14 ++++ .../live/EFI/openEuler/grub.cfg | 8 ++- .../live/README-devel.md | 4 +- .../live/isolinux/boot.msg | 0 .../live/isolinux/isolinux.cfg | 2 +- nestos-config/live/zipl.prm | 1 + nestos-config/manifest.yaml | 25 ++++++++ .../manifests/bootable-rpm-ostree.yaml | 12 ++-- .../manifests/bootupd.yaml | 4 +- .../manifests/file-transfer.yaml | 3 +- {config => nestos-config}/manifests/group | 4 +- .../manifests/grub2-removals.yaml | 0 .../manifests/ignition-and-ostree.yaml | 2 +- .../manifests/nestos-base.yaml | 36 ++++++++--- .../manifests/nestos.yaml | 26 ++++++-- .../manifests/networking-tools.yaml | 10 +-- {config => nestos-config}/manifests/passwd | 2 +- .../manifests/shared-workarounds.yaml | 64 +++++++++++++++++++ .../manifests/system-configuration.yaml | 4 +- .../manifests/user-experience.yaml | 4 +- {config => nestos-config}/nestos-pool.repo | 5 +- .../pwquality.conf.d/20-disable-dict.conf | 0 .../05core/etc/sudoers.d/coreos-sudo-group | 0 nestos-config/overlay.d/05core/statoverride | 6 ++ .../conf.d/20-client-id-from-mac.conf | 0 .../05core/usr/lib/coreos/generator-lib.sh | 11 ++++ .../modules.d/01scsi-rules/module-setup.sh | 13 ++++ .../modules.d/10coreos-sysctl/module-setup.sh | 5 +- .../25coreos-azure-udev/module-setup.sh | 3 +- .../coreos-boot-edit.service | 0 .../35coreos-ignition/coreos-boot-edit.sh | 18 +++++- .../coreos-diskful-generator | 0 .../coreos-gpt-setup.service | 0 .../35coreos-ignition/coreos-gpt-setup.sh | 2 +- .../coreos-ignition-setup-user.service | 0 .../coreos-ignition-setup-user.sh | 0 .../coreos-kargs-reboot.service | 6 +- .../35coreos-ignition/coreos-kargs.sh | 2 +- .../coreos-teardown-initramfs.service | 4 +- .../coreos-teardown-initramfs.sh | 9 +-- .../35coreos-ignition/module-setup.sh | 4 +- .../coreos-live-clear-sssd-cache.service | 0 .../coreos-live-unmount-tmpfs-var.service | 0 .../coreos-live-unmount-tmpfs-var.sh | 0 .../coreos-liveiso-persist-osmet.service | 4 +- .../coreos-livepxe-persist-osmet.service | 4 +- .../coreos-livepxe-rootfs.service | 0 .../35coreos-live/coreos-livepxe-rootfs.sh | 13 ++-- .../modules.d/35coreos-live/is-live-image.sh | 0 .../modules.d/35coreos-live/live-generator | 4 +- .../modules.d/35coreos-live/module-setup.sh | 7 +- .../modules.d/35coreos-live/ostree-cmdline.sh | 0 .../coreos-multipath-generator | 0 .../coreos-multipath-trigger.service | 2 +- .../coreos-multipath-wait.target | 0 .../coreos-propagate-multipath-conf.service | 0 .../coreos-propagate-multipath-conf.sh | 0 .../35coreos-multipath/module-setup.sh | 2 +- .../50-afterburn-network-kargs-default.conf | 2 +- .../coreos-copy-firstboot-network.service | 2 +- .../coreos-copy-firstboot-network.sh | 0 .../coreos-enable-network.service | 0 .../35coreos-network/coreos-enable-network.sh | 2 +- .../35coreos-network/module-setup.sh | 2 +- .../modules.d/40ignition-conf/00-core.ign | 0 .../modules.d/40ignition-conf/README.md | 0 .../modules.d/40ignition-conf/module-setup.sh | 0 .../coreos-check-rootfs-size | 5 +- .../40ignition-ostree/coreos-relabel | 0 .../40ignition-ostree/coreos-rootflags.sh | 0 .../ignition-ostree-check-rootfs-size.service | 0 .../ignition-ostree-firstboot-uuid | 7 +- .../ignition-ostree-growfs.service | 0 .../ignition-ostree-growfs.sh | 3 +- ...ion-ostree-mount-firstboot-sysroot.service | 0 ...on-ostree-mount-subsequent-sysroot.service | 0 .../ignition-ostree-mount-sysroot.sh | 0 .../ignition-ostree-mount-var.service | 0 .../ignition-ostree-mount-var.sh | 0 .../ignition-ostree-populate-var.service | 0 .../ignition-ostree-populate-var.sh | 4 +- ...ignition-ostree-transposefs-detect.service | 0 ...gnition-ostree-transposefs-restore.service | 0 .../ignition-ostree-transposefs-save.service | 0 .../ignition-ostree-transposefs.sh | 0 .../ignition-ostree-uuid-boot.service | 0 .../ignition-ostree-uuid-root.service | 0 .../40ignition-ostree/module-setup.sh | 1 + .../coreos-check-kernel.service | 0 .../modules.d/50coreos-kernel/module-setup.sh | 1 + .../coreos-touch-run-agetty.service | 2 + .../module-setup.sh | 2 + .../ignition-virtio-dump-journal.service | 0 .../ignition-virtio-dump-journal.sh | 0 .../99emergency-timeout/module-setup.sh | 1 + .../modules.d/99emergency-timeout/timeout.sh | 0 .../00-journal-log-forwarding.conf | 2 +- .../modules.d/99journal-conf/module-setup.sh | 0 .../sysctl.d/10-coreos-ratelimit-kmsg.conf | 0 .../journald.conf.d/10-coreos-persistent.conf | 0 .../coreos-boot-mount-generator | 40 +++++++++++- .../coreos-liveiso-autologin-generator | 14 ++-- .../system-preset/40-coreos-systemd.preset | 0 .../systemd/system-preset/40-coreos.preset | 14 ++-- .../coreos-check-ignition-config.service | 10 ++- ...coreos-ignition-firstboot-complete.service | 0 .../system/coreos-liveiso-success.service | 14 ++-- .../system/coreos-update-ca-trust.service | 0 .../coreos-sulogin-force.conf | 2 +- .../coreos-sulogin-force.conf | 1 + .../45-after-ostree-remount.conf | 4 ++ .../fcos-disable.conf | 0 .../lib/udev/rules.d/65-gce-disk-naming.rules | 0 .../rules.d/68-azure-sriov-nm-unmanaged.rules | 0 .../rules.d/90-coreos-device-mapper.rules | 0 .../usr/libexec/coreos-check-ignition-config | 47 ++++++++++++++ .../coreos-ignition-firstboot-complete | 2 +- .../licenses/fedora-coreos-config/LICENSE | 2 +- .../licenses/fedora-coreos-config/README.md | 7 +- .../etc/modprobe.d/blacklist-nouveau.conf | 2 + .../overlay.d/08nouveau/statoverride | 2 + .../overlay.d/09misc/etc/sysconfig/README | 0 nestos-config/overlay.d/09misc/statoverride | 2 + .../14NetworkManager-plugins/statoverride | 2 + .../conf.d/10-disable-default-plugins.conf | 0 .../sshd_config.d/40-disable-passwords.conf | 1 + nestos-config/overlay.d/15fcos/statoverride | 2 + .../20-aws-nm-cloud-setup.ign | 0 .../20-azure-nm-cloud-setup.ign | 0 .../20-gcp-nm-cloud-setup.ign | 0 .../30-afterburn-sshkeys-core.ign | 0 .../modules.d/50ignition-conf-fcos/README.md | 0 .../50ignition-conf-fcos/module-setup.sh | 0 .../15fcos/usr/lib/motd.d/tracker.motd | 0 .../lib/systemd/system-preset/45-fcos.preset | 3 +- .../system/coreos-check-cgroups.service | 0 .../system/coreos-check-ssh-keys.service | 4 +- .../coreos-cleanup-ignition-config.service | 2 - .../15fcos/usr/libexec/coreos-check-cgroups | 1 + .../15fcos/usr/libexec/coreos-check-ssh-keys | 8 +-- .../libexec/coreos-cleanup-ignition-config | 1 + .../overlay.d/20platform-chrony/statoverride | 2 + .../system-generators/coreos-platform-chrony | 11 +++- {config => nestos-config}/overlay.d/README.md | 12 ++-- 155 files changed, 483 insertions(+), 220 deletions(-) delete mode 100644 config/live/zipl.prm delete mode 100644 config/manifest.yaml delete mode 100644 config/overlay.d/05core/usr/lib/systemd/system/rescue.service.d/coreos-sulogin-force.conf delete mode 100644 config/overlay.d/08nouveau/etc/modprobe.d/blacklist-nouveau.conf delete mode 100644 config/overlay.d/09misc/usr/lib/tmpfiles.d/coreos-fix-etc-ownership.conf delete mode 100644 config/overlay.d/12kdump/usr/lib/systemd/system/kdump.service.d/remount-boot.conf delete mode 100644 config/overlay.d/15fcos/usr/libexec/coreos-check-ignition-config rename {config => nestos-config}/COPYING (96%) create mode 100644 nestos-config/LICENSE rename {config => nestos-config}/image-base.yaml (59%) rename {config => nestos-config}/image.yaml (100%) create mode 100644 nestos-config/kola-denylist.yaml rename {config => nestos-config}/live/EFI/openEuler/grub.cfg (89%) rename {config => nestos-config}/live/README-devel.md (80%) rename {config => nestos-config}/live/isolinux/boot.msg (100%) rename {config => nestos-config}/live/isolinux/isolinux.cfg (97%) create mode 100644 nestos-config/live/zipl.prm create mode 100644 nestos-config/manifest.yaml rename {config => nestos-config}/manifests/bootable-rpm-ostree.yaml (70%) rename {config => nestos-config}/manifests/bootupd.yaml (80%) rename {config => nestos-config}/manifests/file-transfer.yaml (76%) rename {config => nestos-config}/manifests/group (96%) rename {config => nestos-config}/manifests/grub2-removals.yaml (100%) rename {config => nestos-config}/manifests/ignition-and-ostree.yaml (99%) rename {config => nestos-config}/manifests/nestos-base.yaml (81%) rename {config => nestos-config}/manifests/nestos.yaml (81%) rename {config => nestos-config}/manifests/networking-tools.yaml (87%) rename {config => nestos-config}/manifests/passwd (96%) create mode 100644 nestos-config/manifests/shared-workarounds.yaml rename {config => nestos-config}/manifests/system-configuration.yaml (93%) rename {config => nestos-config}/manifests/user-experience.yaml (96%) rename {config => nestos-config}/nestos-pool.repo (46%) rename {config => nestos-config}/overlay.d/05core/etc/security/pwquality.conf.d/20-disable-dict.conf (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/etc/sudoers.d/coreos-sudo-group (100%) mode change 100644 => 100755 create mode 100755 nestos-config/overlay.d/05core/statoverride rename {config => nestos-config}/overlay.d/05core/usr/lib/NetworkManager/conf.d/20-client-id-from-mac.conf (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/coreos/generator-lib.sh (64%) mode change 100644 => 100755 create mode 100755 nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/01scsi-rules/module-setup.sh rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/10coreos-sysctl/module-setup.sh (66%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/25coreos-azure-udev/module-setup.sh (81%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-boot-edit.service (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-boot-edit.sh (63%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-diskful-generator (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.service (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh (98%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-ignition-setup-user.service (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-ignition-setup-user.sh (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs-reboot.service (73%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs.sh (65%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.service (90%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh (95%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh (92%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-clear-sssd-cache.service (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-unmount-tmpfs-var.service (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-unmount-tmpfs-var.sh (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-liveiso-persist-osmet.service (77%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-persist-osmet.service (80%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.service (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.sh (88%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/is-live-image.sh (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator (98%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/module-setup.sh (91%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/ostree-cmdline.sh (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-generator (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-trigger.service (91%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-wait.target (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.service (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.sh (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/module-setup.sh (94%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-afterburn-network-kargs-default.conf (80%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service (96%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.sh (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.sh (89%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh (94%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/00-core.ign (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/README.md (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/module-setup.sh (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-check-rootfs-size (82%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-relabel (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-rootflags.sh (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-check-rootfs-size.service (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid (90%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh (97%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-firstboot-sysroot.service (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-subsequent-sysroot.service (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-sysroot.sh (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-var.service (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-var.sh (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-populate-var.service (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-populate-var.sh (90%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-detect.service (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-restore.service (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-save.service (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-root.service (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh (97%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/coreos-check-kernel.service (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/module-setup.sh (85%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/coreos-touch-run-agetty.service (68%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/module-setup.sh (78%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/ignition-virtio-dump-journal.service (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/ignition-virtio-dump-journal.sh (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/module-setup.sh (91%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/timeout.sh (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/99journal-conf/00-journal-log-forwarding.conf (87%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/dracut/modules.d/99journal-conf/module-setup.sh (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/sysctl.d/10-coreos-ratelimit-kmsg.conf (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/systemd/journald.conf.d/10-coreos-persistent.conf (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator (60%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/systemd/system-generators/coreos-liveiso-autologin-generator (89%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos-systemd.preset (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset (46%) mode change 100644 => 100755 rename {config/overlay.d/15fcos => nestos-config/overlay.d/05core}/usr/lib/systemd/system/coreos-check-ignition-config.service (42%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/systemd/system/coreos-ignition-firstboot-complete.service (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/systemd/system/coreos-liveiso-success.service (49%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/systemd/system/coreos-update-ca-trust.service (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/systemd/system/emergency.service.d/coreos-sulogin-force.conf (77%) mode change 100644 => 100755 create mode 100755 nestos-config/overlay.d/05core/usr/lib/systemd/system/rescue.service.d/coreos-sulogin-force.conf create mode 100755 nestos-config/overlay.d/05core/usr/lib/systemd/system/systemd-backlight@.service.d/45-after-ostree-remount.conf rename {config => nestos-config}/overlay.d/05core/usr/lib/systemd/system/systemd-firstboot.service.d/fcos-disable.conf (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/udev/rules.d/65-gce-disk-naming.rules (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/udev/rules.d/68-azure-sriov-nm-unmanaged.rules (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/lib/udev/rules.d/90-coreos-device-mapper.rules (100%) mode change 100644 => 100755 create mode 100755 nestos-config/overlay.d/05core/usr/libexec/coreos-check-ignition-config rename {config => nestos-config}/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete (88%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/share/licenses/fedora-coreos-config/LICENSE (96%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/05core/usr/share/licenses/fedora-coreos-config/README.md (64%) mode change 100644 => 100755 create mode 100755 nestos-config/overlay.d/08nouveau/etc/modprobe.d/blacklist-nouveau.conf create mode 100755 nestos-config/overlay.d/08nouveau/statoverride rename {config => nestos-config}/overlay.d/09misc/etc/sysconfig/README (100%) mode change 100644 => 100755 create mode 100755 nestos-config/overlay.d/09misc/statoverride create mode 100755 nestos-config/overlay.d/14NetworkManager-plugins/statoverride rename {config => nestos-config}/overlay.d/14NetworkManager-plugins/usr/lib/NetworkManager/conf.d/10-disable-default-plugins.conf (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/15fcos/etc/ssh/sshd_config.d/40-disable-passwords.conf (70%) mode change 100644 => 100755 create mode 100755 nestos-config/overlay.d/15fcos/statoverride rename {config => nestos-config}/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-aws-nm-cloud-setup.ign (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-azure-nm-cloud-setup.ign (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-gcp-nm-cloud-setup.ign (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/30-afterburn-sshkeys-core.ign (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/README.md (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/module-setup.sh (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/15fcos/usr/lib/motd.d/tracker.motd (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset (74%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-cgroups.service (100%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ssh-keys.service (85%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/15fcos/usr/lib/systemd/system/coreos-cleanup-ignition-config.service (86%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/15fcos/usr/libexec/coreos-check-cgroups (92%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys (88%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/15fcos/usr/libexec/coreos-cleanup-ignition-config (78%) mode change 100644 => 100755 create mode 100755 nestos-config/overlay.d/20platform-chrony/statoverride rename {config => nestos-config}/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony (84%) mode change 100644 => 100755 rename {config => nestos-config}/overlay.d/README.md (71%) mode change 100644 => 100755 diff --git a/config/live/zipl.prm b/config/live/zipl.prm deleted file mode 100644 index 56a2c07..0000000 --- a/config/live/zipl.prm +++ /dev/null @@ -1 +0,0 @@ -@@KERNEL-ARGS@@ ignition.firstboot ignition.platform.id=metal diff --git a/config/manifest.yaml b/config/manifest.yaml deleted file mode 100644 index 98db188..0000000 --- a/config/manifest.yaml +++ /dev/null @@ -1,15 +0,0 @@ -ref: openEuler/${basearch}/nestos/stable -include: manifests/nestos.yaml - -releasever: "LTS" - -rojig: - license: MIT - name: nestos - summary: NestOS stable - -repos: - - nestos - -add-commit-metadata: - fedora-coreos.stream: stable diff --git a/config/overlay.d/05core/usr/lib/systemd/system/rescue.service.d/coreos-sulogin-force.conf b/config/overlay.d/05core/usr/lib/systemd/system/rescue.service.d/coreos-sulogin-force.conf deleted file mode 100644 index 7300c85..0000000 --- a/config/overlay.d/05core/usr/lib/systemd/system/rescue.service.d/coreos-sulogin-force.conf +++ /dev/null @@ -1,7 +0,0 @@ - -# https://github.com/systemd/systemd/pull/10397 -# We want things like `systemd.unit=emergency.target` and `single` on the -# kernel command line to just work even with our locked root account. -# This file is used as an override for both emergency.target and rescue.target. -[Service] -Environment=SYSTEMD_SULOGIN_FORCE=1 diff --git a/config/overlay.d/08nouveau/etc/modprobe.d/blacklist-nouveau.conf b/config/overlay.d/08nouveau/etc/modprobe.d/blacklist-nouveau.conf deleted file mode 100644 index 2ea53bd..0000000 --- a/config/overlay.d/08nouveau/etc/modprobe.d/blacklist-nouveau.conf +++ /dev/null @@ -1,2 +0,0 @@ - -blacklist nouveau diff --git a/config/overlay.d/09misc/usr/lib/tmpfiles.d/coreos-fix-etc-ownership.conf b/config/overlay.d/09misc/usr/lib/tmpfiles.d/coreos-fix-etc-ownership.conf deleted file mode 100644 index 8d52ab0..0000000 --- a/config/overlay.d/09misc/usr/lib/tmpfiles.d/coreos-fix-etc-ownership.conf +++ /dev/null @@ -1,11 +0,0 @@ - -# Fix mode (chmod g-w) for existing files on the system during boot -#z /etc/crypto-policies/state/current 644 root root -#z /etc/group 644 root root -#z /etc/group- 644 root root -#z /etc/iscsi/initiatorname.iscsi 644 root root -#z /etc/passwd 644 root root -#z /etc/passwd- 644 root root -#z /etc/selinux/config 644 root root -#z /etc/ssh/sshd_config.d/40-disable-passwords.conf 644 root root -#z /etc/systemd/dont-synthesize-nobody 644 root root diff --git a/config/overlay.d/12kdump/usr/lib/systemd/system/kdump.service.d/remount-boot.conf b/config/overlay.d/12kdump/usr/lib/systemd/system/kdump.service.d/remount-boot.conf deleted file mode 100644 index 10d437d..0000000 --- a/config/overlay.d/12kdump/usr/lib/systemd/system/kdump.service.d/remount-boot.conf +++ /dev/null @@ -1,9 +0,0 @@ - -# `/boot` is read-only, but `kdump.service` wants to -# places its generated initramfs alongside the default -# initramfs under `/boot/ostree`. -# Until `kdump` gains the ability to place its initramfs -# elsewhere, temporarily remount `/boot` read-write before -# the `kdump` initramfs is generated. -[Service] -ExecStartPre=/usr/bin/mount -o remount,rw /boot diff --git a/config/overlay.d/15fcos/usr/libexec/coreos-check-ignition-config b/config/overlay.d/15fcos/usr/libexec/coreos-check-ignition-config deleted file mode 100644 index f96d743..0000000 --- a/config/overlay.d/15fcos/usr/libexec/coreos-check-ignition-config +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/bash -# The logic for the message_id is handled in - -# In this script, we need to capture the journald -# log with the particular message_id and query using -#`jq` utility to check if a user config is provided. - -# Change the output color to yellow -warn='\033[0;33m' -# No color -nc='\033[0m' - - -# It will track the journal messages related to an Ignition config provided -# by the user. -output=$(journalctl -o json-pretty MESSAGE_ID=57124006b5c94805b77ce473e92a8aeb | jq -s '.[] | select(.IGNITION_CONFIG_TYPE == "user")'| wc -l) - -if [[ $output -gt 0 ]];then - echo "Ignition: user-provided config was applied" > /etc/issue.d/30_ignition_config_info.issue -else - echo -e "${warn}Ignition: no config provided by user${nc}" > /etc/issue.d/30_ignition_config_info.issue -fi - -# Ask all running agetty instances to reload and update their -# displayed prompts in case this script was run before agetty. -/usr/sbin/agetty --reload diff --git a/config/COPYING b/nestos-config/COPYING similarity index 96% rename from config/COPYING rename to nestos-config/COPYING index 660c822..b81e261 100644 --- a/config/COPYING +++ b/nestos-config/COPYING @@ -1,4 +1,4 @@ -Copyright 2021 NestOS Authors. +Copyright 2018 Fedora CoreOS Authors. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the diff --git a/nestos-config/LICENSE b/nestos-config/LICENSE new file mode 100644 index 0000000..e50acb0 --- /dev/null +++ b/nestos-config/LICENSE @@ -0,0 +1,21 @@ +Copyright 2018 Fedora CoreOS Authors. + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, +TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + diff --git a/config/image-base.yaml b/nestos-config/image-base.yaml similarity index 59% rename from config/image-base.yaml rename to nestos-config/image-base.yaml index 66e023a..9645d13 100644 --- a/config/image-base.yaml +++ b/nestos-config/image-base.yaml @@ -9,6 +9,7 @@ size: 10 extra-kargs: # Disable SMT on systems vulnerable to MDS or any similar future issue. - mitigations=auto,nosmt + - console=tty1 # Disable networking by default on firstboot. We can drop this once cosa stops # defaulting to `ip=dhcp,dhcp6 rd.neednet=1` when it doesn't see this key. @@ -17,9 +18,14 @@ ignition-network-kcmdline: [] # Optional remote by which to prefix the deployed OSTree ref ostree-remote: openEuler -# We want read-only /sysroot to protect from unintentional damage. -# https://github.com/ostreedev/ostree/issues/1265 -sysroot-readonly: true +# opt in to using the `metadata_csum_seed` feature of the ext4 filesystem +# for the /boot filesystem. Support for this was only recently added to grub +# and isn't available everywhere yet so we'll gate it behind this image.yaml +# knob. It should be easy to know when RHEL/RHCOS supports this by just flipping +# this to `true` and doing a build. It should error when building the disk +# images if grub doesn't support it. +# https://lists.gnu.org/archive/html/grub-devel/2021-06/msg00031.html +#bootfs_metadata_csum_seed: true # After this, we plan to add support for the Ignition # storage/filesystems sections. (Although one can do diff --git a/config/image.yaml b/nestos-config/image.yaml similarity index 100% rename from config/image.yaml rename to nestos-config/image.yaml diff --git a/nestos-config/kola-denylist.yaml b/nestos-config/kola-denylist.yaml new file mode 100644 index 0000000..c436860 --- /dev/null +++ b/nestos-config/kola-denylist.yaml @@ -0,0 +1,14 @@ +# This file documents currently known-to-fail kola tests. It is consumed by +# coreos-assembler to automatically skip some tests. For more information, +# see: https://github.com/coreos/coreos-assembler/pull/866. +- pattern: fcos.internet + tracker: https://github.com/coreos/coreos-assembler/pull/1478 +- pattern: podman.workflow + tracker: https://github.com/coreos/coreos-assembler/pull/1478 +- pattern: ostree.hotfix + tracker: https://github.com/coreos/fedora-coreos-tracker/issues/942 + snooze: 2021-10-25 + streams: + - rawhide + arches: + - aarch64 diff --git a/config/live/EFI/openEuler/grub.cfg b/nestos-config/live/EFI/openEuler/grub.cfg similarity index 89% rename from config/live/EFI/openEuler/grub.cfg rename to nestos-config/live/EFI/openEuler/grub.cfg index f208a7f..0db1032 100644 --- a/config/live/EFI/openEuler/grub.cfg +++ b/nestos-config/live/EFI/openEuler/grub.cfg @@ -4,9 +4,11 @@ # # One diff to note is we use linux and initrd instead of linuxefi and # initrdefi. We do this because it works and allows us to use this same -# file on other architecutres. +# file on other architectures. # -# This file gets embedded into the efiboot.img on our NestOS ISO. +# This file is loaded directly when booting via El Torito, and indirectly +# from a stub config in efiboot.img when booting via the hybrid ESP. + set default="1" function load_video { @@ -28,7 +30,7 @@ set timeout=5 ### BEGIN /etc/grub.d/10_linux ### menuentry 'NestOS (Live)' --class openeuler --class gnu-linux --class gnu --class os { - linux /images/pxeboot/vmlinuz @@KERNEL-ARGS@@ ignition.firstboot ignition.platform.id=metal + linux /images/pxeboot/vmlinuz @@KERNEL-ARGS@@ ignition.firstboot ignition.platform.id=metal console=tty1 ################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################ COREOS_KARG_EMBED_AREA initrd /images/pxeboot/initrd.img /images/ignition.img } diff --git a/config/live/README-devel.md b/nestos-config/live/README-devel.md similarity index 80% rename from config/live/README-devel.md rename to nestos-config/live/README-devel.md index 6316954..c0bde04 100644 --- a/config/live/README-devel.md +++ b/nestos-config/live/README-devel.md @@ -1,6 +1,6 @@ These files will be copied to the target live ISO via the CoreOS Assembler buildextend-live call. It -picks up all files in the NestOS-config/live/ +picks up all files in the coreos/NestOS-config/live/ directory and copies them to the base of the ISO. Files currently copied are: @@ -10,4 +10,4 @@ Files currently copied are: Files that get copied into efiboot.img in the ISO: -- EFI/grub.cfg \ No newline at end of file +- EFI/grub.cfg diff --git a/config/live/isolinux/boot.msg b/nestos-config/live/isolinux/boot.msg similarity index 100% rename from config/live/isolinux/boot.msg rename to nestos-config/live/isolinux/boot.msg diff --git a/config/live/isolinux/isolinux.cfg b/nestos-config/live/isolinux/isolinux.cfg similarity index 97% rename from config/live/isolinux/isolinux.cfg rename to nestos-config/live/isolinux/isolinux.cfg index 06159f6..5ec947c 100644 --- a/config/live/isolinux/isolinux.cfg +++ b/nestos-config/live/isolinux/isolinux.cfg @@ -67,7 +67,7 @@ label linux menu label ^NestOS (Live) menu default kernel /images/pxeboot/vmlinuz - append initrd=/images/pxeboot/initrd.img,/images/ignition.img @@KERNEL-ARGS@@ ignition.firstboot ignition.platform.id=metal + append initrd=/images/pxeboot/initrd.img,/images/ignition.img @@KERNEL-ARGS@@ ignition.firstboot ignition.platform.id=metal console=tty1 ################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################ COREOS_KARG_EMBED_AREA menu separator # insert an empty line diff --git a/nestos-config/live/zipl.prm b/nestos-config/live/zipl.prm new file mode 100644 index 0000000..c98eab0 --- /dev/null +++ b/nestos-config/live/zipl.prm @@ -0,0 +1 @@ +@@KERNEL-ARGS@@ ignition.firstboot ignition.platform.id=metal console=tty1 diff --git a/nestos-config/manifest.yaml b/nestos-config/manifest.yaml new file mode 100644 index 0000000..acdb147 --- /dev/null +++ b/nestos-config/manifest.yaml @@ -0,0 +1,25 @@ +ref: openEuler/${basearch}/nestos/stable +include: manifests/nestos.yaml + +releasever: "22.03" + +rojig: + license: MIT + name: nestos + summary: NestOS stable + +add-commit-metadata: + fedora-coreos.stream: stable + +packages: + # resolved was broken out to its own package in rawhide/f35 + # - systemd-resolved + # In F35+ need `iptables-legacy` package + # See https://github.com/coreos/fedora-coreos-tracker/issues/676#issuecomment-928028451 + # - iptables-legacy + +remove-from-packages: + # Hopefully short-term hack -- see https://github.com/coreos/fedora-coreos-config/pull/1206#discussion_r705425869. + # This keeps the size down and ensures nothing tries to use it, preventing us + # from shedding the dep eventually. + - [cracklib-dicts, .*] diff --git a/config/manifests/bootable-rpm-ostree.yaml b/nestos-config/manifests/bootable-rpm-ostree.yaml similarity index 70% rename from config/manifests/bootable-rpm-ostree.yaml rename to nestos-config/manifests/bootable-rpm-ostree.yaml index ddc3938..aaef03a 100644 --- a/config/manifests/bootable-rpm-ostree.yaml +++ b/nestos-config/manifests/bootable-rpm-ostree.yaml @@ -2,14 +2,12 @@ # The intent of this is to inherit from this if you are doing something highly # custom that e.g. might not involve Ignition or podman, but you do want # rpm-ostree. -# We expect most people though using coreos-assembler to inherit from -# fedora-coreos-base.yaml. +# We expect most people though using nestos-assembler to inherit from +# nestos-base.yaml. packages: # Kernel + systemd. Note we explicitly specify kernel-{core,modules} # because otherwise depsolving could bring in kernel-debug. - - kernel systemd -# - kernel-devel kernel-tools kernel-headers - # kernel-core kernel-modules + - kernel systemd # rpm-ostree - rpm-ostree nss-altfiles # firmware updates @@ -25,7 +23,5 @@ packages-s390x: # provided by s390utils-base, but soon will be -core too. - /usr/sbin/zipl packages-x86_64: - - grub2 efibootmgr shim -# grub2-efi-x64-cdboot grub2-efi-x64-modules grub2-tools-efi grub2-emu grub2-emu-modules + - grub2 grub2-efi-x64 efibootmgr shim - microcode_ctl - - grub2-efi-x64 diff --git a/config/manifests/bootupd.yaml b/nestos-config/manifests/bootupd.yaml similarity index 80% rename from config/manifests/bootupd.yaml rename to nestos-config/manifests/bootupd.yaml index a107a98..659f72d 100644 --- a/config/manifests/bootupd.yaml +++ b/nestos-config/manifests/bootupd.yaml @@ -7,10 +7,10 @@ postprocess: - | #!/bin/bash set -xeuo pipefail - ## Until we have https://github.com/coreos/rpm-ostree/pull/2275 + # Until we have https://github.com/coreos/rpm-ostree/pull/2275 mkdir -p /run # Transforms /usr/lib/ostree-boot into a bootupd-compatible update payload /usr/bin/bootupctl backend generate-update-metadata / chmod -R +x /usr/bin/ chmod -R +x /usr/sbin/ - chmod -R +x /usr/libexec/ + chmod -R +x /usr/libexec/ \ No newline at end of file diff --git a/config/manifests/file-transfer.yaml b/nestos-config/manifests/file-transfer.yaml similarity index 76% rename from config/manifests/file-transfer.yaml rename to nestos-config/manifests/file-transfer.yaml index aa584dd..64ae367 100644 --- a/config/manifests/file-transfer.yaml +++ b/nestos-config/manifests/file-transfer.yaml @@ -1,6 +1,5 @@ # Moving files around and verifying them packages: - # - git-core - - git + - git-core - gnupg2 - rsync diff --git a/config/manifests/group b/nestos-config/manifests/group similarity index 96% rename from config/manifests/group rename to nestos-config/manifests/group index fac113c..4c2f543 100644 --- a/config/manifests/group +++ b/nestos-config/manifests/group @@ -51,8 +51,8 @@ systemd-resolve:x:989: systemd-bus-proxy:x:988: cockpit-ws:x:987: -#duyiwei named:x:25: dhcpd:x:177: dnsmasq:x:980: - +saslauth:x:76: +isula:x:986: diff --git a/config/manifests/grub2-removals.yaml b/nestos-config/manifests/grub2-removals.yaml similarity index 100% rename from config/manifests/grub2-removals.yaml rename to nestos-config/manifests/grub2-removals.yaml diff --git a/config/manifests/ignition-and-ostree.yaml b/nestos-config/manifests/ignition-and-ostree.yaml similarity index 99% rename from config/manifests/ignition-and-ostree.yaml rename to nestos-config/manifests/ignition-and-ostree.yaml index df57ea6..34879ff 100644 --- a/config/manifests/ignition-and-ostree.yaml +++ b/nestos-config/manifests/ignition-and-ostree.yaml @@ -24,7 +24,7 @@ packages: - dracut-network # for encryption - clevis clevis-dracut clevis-systemd - # - clevis-luks + remove-from-packages: # We don't want systemd-firstboot.service. It conceptually conflicts with # Ignition. We also inject runtime bits to disable it in systemd-firstboot.service.d/fcos-disable.conf diff --git a/config/manifests/nestos-base.yaml b/nestos-config/manifests/nestos-base.yaml similarity index 81% rename from config/manifests/nestos-base.yaml rename to nestos-config/manifests/nestos-base.yaml index 121d9bf..1aca934 100644 --- a/config/manifests/nestos-base.yaml +++ b/nestos-config/manifests/nestos-base.yaml @@ -8,6 +8,7 @@ include: - networking-tools.yaml - system-configuration.yaml - user-experience.yaml + - shared-workarounds.yaml initramfs-args: - --no-hostonly @@ -51,7 +52,9 @@ rpmdb: sqlite postprocess: - | #!/usr/bin/env bash - /usr/sbin/mpathconf --enable + #/usr/sbin/mpathconf --enable + systemctl mask kdump.service + systemctl mask multipathd.service - | #!/usr/bin/env bash @@ -60,6 +63,7 @@ postprocess: echo "u chrony - chrony" > /usr/lib/sysusers.d/chrony.conf echo "u sshd - sshd" > /usr/lib/sysusers.d/sshd.conf echo "u rpc - rpc" > /usr/lib/sysusers.d/rpc.conf + echo "u rpcuser - rpcuser" > /usr/lib/sysusers.d/rpcuser.conf # This will be dropped once rpm-ostree because module-aware. # https://github.com/projectatomic/rpm-ostree/issues/1542#issuecomment-419684977 # https://github.com/projectatomic/rpm-ostree/issues/1435 @@ -69,12 +73,12 @@ postprocess: for x in /etc/yum.repos.d/*modular.repo; do sed -i -e 's,enabled=[01],enabled=0,' ${x} done - # Enable SELinux booleans used by OpenShift # https://github.com/coreos/fedora-coreos-tracker/issues/284 - | #!/usr/bin/env bash set -xeuo pipefail + #setsebool -P -N container_use_cephfs on # RHBZ#1692369 setsebool -P -N virt_use_samba on # RHBZ#1754825 # Mask dnsmasq. We include dnsmasq for host services that use the dnsmasq @@ -93,25 +97,33 @@ postprocess: # Neuter systemd-resolved for now. # https://github.com/coreos/fedora-coreos-tracker/issues/649#issuecomment-743219353 - # Note: When removing this, we likely also want to remove - # coreos-reset-stub-resolv-selinux-context.{path,service} and their presets. + # Remove when on F35+ as NM now handles rdns + resolved better + # https://github.com/coreos/fedora-coreos-tracker/issues/834 + # https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/601 + # https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/877 - | #!/usr/bin/env bash set -xeuo pipefail + # Only operate on F34 since F35+ has been fixed + source /etc/os-release + [ ${VERSION_ID} -eq 34 ] || exit 0 # Get us back to Fedora 32's nsswitch.conf settings sed -i 's/^hosts:.*/hosts: files dns myhostname/' /etc/nsswitch.conf mkdir -p /usr/lib/systemd/resolved.conf.d/ cat > /usr/lib/systemd/resolved.conf.d/nestos-stub-listener.conf <<'EOF' + # Fedora CoreOS is electing to not use systemd-resolved's internal + # logic for now because of issues with setting hostnames via reverse DNS. # https://github.com/coreos/fedora-coreos-tracker/issues/649#issuecomment-736104003 [Resolve] DNSStubListener=no EOF - # Set the fallback hostname to `localhost`. This piggybacks on the - # postprocess script above which neuters systemd-resolved, because - # currently, a fallback hostname of `localhost` + systemd-resolved breaks - # rDNS. Eventually, we should be able to drop this at the same time as we drop - # the above. See: https://bugzilla.redhat.com/show_bug.cgi?id=1892235#c25 + # Set the fallback hostname to `localhost`. This was needed in F33/F34 + # because a fallback hostname of `fedora` + systemd-resolved broke + # rDNS. It's now fixed in F35+ NetworkManager to handle the corner cases + # around synthetized hostnames and systemd-resolved, but the question + # remains on what is a more appropriate default hostname for a server like + # host. https://github.com/coreos/fedora-coreos-tracker/issues/902 - | #!/usr/bin/env bash source /etc/os-release @@ -125,8 +137,11 @@ postprocess: packages: # Container tooling - crun + # Security - polkit + # System setup - afterburn-dracut + # SSH - ssh-key-dir # Containers - systemd-container catatonit @@ -138,11 +153,12 @@ packages: # Remote IPC for podman - libvarlink-util # Minimal NFS client - - nfs-utils-coreos + - nfs-utils-nestos # Active Directory support - adcli # Additional firewall support; we aren't including these in RHCOS or they # don't exist in RHEL + #- iptables-nft iptables-services # WireGuard https://github.com/coreos/fedora-coreos-tracker/issues/362 - wireguard-tools # Storage diff --git a/config/manifests/nestos.yaml b/nestos-config/manifests/nestos.yaml similarity index 81% rename from config/manifests/nestos.yaml rename to nestos-config/manifests/nestos.yaml index 1708604..3dcdd93 100644 --- a/config/manifests/nestos.yaml +++ b/nestos-config/manifests/nestos.yaml @@ -1,16 +1,29 @@ - +# This manifest file defines things that should really only go +# into "official" builds of Fedora CoreOS (such as including `fedora-release-coreos`) +# or are very "opinionated" like disabling SSH passwords by default. include: nestos-base.yaml automatic-version-prefix: "${releasever}..dev" mutate-os-release: "${releasever}" +# All NestOS streams share the same pool for locked files. +lockfile-repos: + - nestos + packages: - openEuler-release-nestos - openEuler-repos-ostree + # Continue to include it in case users want to use it. - openEuler-repos-modular + # the archive repo for more reliable package layering + # https://github.com/coreos/fedora-coreos-tracker/issues/400 - openEuler-repos-archive + # CL ships this. - docker-engine + # User metrics + + # Updates - zincati etc-group-members: @@ -19,15 +32,14 @@ etc-group-members: # This will be no longer needed when systemd-sysusers has been implemented: # https://github.com/projectatomic/rpm-ostree/issues/49 - docker - - isulad - - podman -# XXX: this is used by coreos-assembler for artifact naming... +# XXX: this is used by nestos-assembler for artifact naming... rojig: license: MIT name: nestos summary: NestOS base image + # âš âš âš  ONLY TEMPORARY HACKS ALLOWED HERE; ALL ENTRIES NEED TRACKER LINKS âš âš âš  # See also the version of this in fedora-coreos-base.yaml postprocess: @@ -78,12 +90,16 @@ exclude-packages: - python - python2 - python2-libs + - python3 - python3-libs + - perl - nodejs - dnf - - cowsay + #- grubby + - cowsay # Just in case # Let's make sure initscripts doesn't get pulled back in # https://github.com/coreos/fedora-coreos-tracker/issues/220#issuecomment-611566254 + #- initscripts # For (datacenter/cloud oriented) servers, we want to see the details by default. # https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/HSMISZ3ETWQ4ETVLWZQJ55ARZT27AAV3/ - plymouth diff --git a/config/manifests/networking-tools.yaml b/nestos-config/manifests/networking-tools.yaml similarity index 87% rename from config/manifests/networking-tools.yaml rename to nestos-config/manifests/networking-tools.yaml index ee8e408..29cf58d 100644 --- a/config/manifests/networking-tools.yaml +++ b/nestos-config/manifests/networking-tools.yaml @@ -9,14 +9,14 @@ packages: - NetworkManager-tui # Teaming https://github.com/coreos/fedora-coreos-config/pull/289 # and http://bugzilla.redhat.com/1758162 - - NetworkManager-team teamd + - NetworkManager-team + #teamd # Support for cloud quirks and dynamic config in real rootfs: # https://github.com/coreos/fedora-coreos-tracker/issues/320 - - NetworkManager-cloud-setup + #- NetworkManager-cloud-setup # Route manipulation and QoS - - iproute iproute-tc + - iproute # Firewall manipulation - - iptables - - nftables + - iptables nftables # Interactive network tools for admins - socat net-tools bind-utils diff --git a/config/manifests/passwd b/nestos-config/manifests/passwd similarity index 96% rename from config/manifests/passwd rename to nestos-config/manifests/passwd index b05ebdb..285f5e7 100644 --- a/config/manifests/passwd +++ b/nestos-config/manifests/passwd @@ -30,4 +30,4 @@ systemd-timesync:x:993:991:systemd Time Synchronization:/:/sbin/nologin systemd-network:x:991:990:systemd Network Management:/:/sbin/nologin systemd-resolve:x:990:989:systemd Resolver:/:/sbin/nologin systemd-bus-proxy:x:989:988:systemd Bus Proxy:/:/sbin/nologin -cockpit-ws:x:988:987:User for cockpit-ws:/:/sbin/nologin +cockpit-ws:x:988:987:User for cockpit-ws:/:/sbin/nologin \ No newline at end of file diff --git a/nestos-config/manifests/shared-workarounds.yaml b/nestos-config/manifests/shared-workarounds.yaml new file mode 100644 index 0000000..29ff05a --- /dev/null +++ b/nestos-config/manifests/shared-workarounds.yaml @@ -0,0 +1,64 @@ +# This manifest is a list of shared workarounds that are needed in both Fedora CoreOS +# and downstreams (i.e. Red Hat CoreOS). + +postprocess: + # Put in the fix for multipathd.socket on releases that haven't been fixed yet. + # https://bugzilla.redhat.com/show_bug.cgi?id=2008098 + # https://github.com/coreos/fedora-coreos-config/pull/1246 + - | + #!/usr/bin/env bash + set -xeuo pipefail + # Operate on RHCOS and FCOS. + source /etc/os-release + if [[ ${NAME} =~ "Fedora" ]]; then + # FCOS: Only operate on releases before F36. The fix has landed + # in F36+ and there is no need for a workaround. + [ ${VERSION_ID} -le 35 ] || exit 0 + else + # RHCOS: The fix hasn't landed in any version of RHEL yet + true + fi + mkdir /usr/lib/systemd/system/multipathd.socket.d + cat > /usr/lib/systemd/system/multipathd.socket.d/50-start-conditions.conf <<'EOF' + # Temporary workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2008098 + [Unit] + ConditionKernelCommandLine=!multipath=off + ConditionKernelCommandLine=!nompath + ConditionPathExists=/etc/multipath.conf + ConditionVirtualization=!container + EOF + + # Put in the fix for multipathd.service in dracut on releases that haven't + # been fixed yet. + # https://github.com/dracutdevs/dracut/pull/1606 + # https://github.com/coreos/fedora-coreos-config/pull/1233 + - | + #!/usr/bin/env bash + set -xeuo pipefail + source /etc/os-release + if [[ ${NAME} =~ "Fedora" ]]; then + # FCOS: This fix hasn't landed in rawhide (F36) yet, + # but hopefully will soon. + [ ${VERSION_ID} -le 36 ] || exit 0 + else + # RHCOS: The fix hasn't landed in any version of RHEL yet + true + fi + mkdir /usr/lib/dracut/modules.d/36coreos-multipath-fix + cat > /usr/lib/dracut/modules.d/36coreos-multipath-fix/90-multipathd-remove-execstop.conf <<'EOF' + # Temporary workaround for https://github.com/dracutdevs/dracut/pull/1606. + [Service] + ExecStop= + EOF + cat > /usr/lib/dracut/modules.d/36coreos-multipath-fix/module-setup.sh <<'EOF' + #!/bin/bash + # -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- + # ex: ts=8 sw=4 sts=4 et filetype=sh + install() { + # Temporary workaround for https://github.com/dracutdevs/dracut/pull/1606. + mkdir -p "$systemdsystemunitdir/multipathd.service.d" + inst_simple "$moddir/90-multipathd-remove-execstop.conf" \ + "$systemdsystemunitdir/multipathd.service.d/90-multipathd-remove-execstop.conf" + } + EOF + chmod +x /usr/lib/dracut/modules.d/36coreos-multipath-fix/module-setup.sh diff --git a/config/manifests/system-configuration.yaml b/nestos-config/manifests/system-configuration.yaml similarity index 93% rename from config/manifests/system-configuration.yaml rename to nestos-config/manifests/system-configuration.yaml index 2958201..8c21954 100644 --- a/config/manifests/system-configuration.yaml +++ b/nestos-config/manifests/system-configuration.yaml @@ -8,7 +8,7 @@ packages: # NTP support - chrony # Installing CoreOS itself - - coreos-installer coreos-installer-bootinfra + - nestos-installer nestos-installer-bootinfra # Storage configuration/management ## cloud-utils-growpart - For growing root partition - cifs-utils @@ -16,7 +16,7 @@ packages: - cryptsetup - device-mapper-multipath - e2fsprogs - - iscsi-initiator-utils + #- open-iscsi - lvm2 - mdadm - sg3_utils diff --git a/config/manifests/user-experience.yaml b/nestos-config/manifests/user-experience.yaml similarity index 96% rename from config/manifests/user-experience.yaml rename to nestos-config/manifests/user-experience.yaml index 6cd01ef..b24b911 100644 --- a/config/manifests/user-experience.yaml +++ b/nestos-config/manifests/user-experience.yaml @@ -7,9 +7,9 @@ packages: # Basic user tools ## jq - parsing/interacting with JSON data - bash-completion - - wget - coreutils - jq + #- nano - less - sudo - vim-minimal @@ -30,6 +30,8 @@ packages: - openssh-clients openssh-server # Container tooling - podman + - crio + - cri-tools - docker-runc - skopeo - toolbox diff --git a/config/nestos-pool.repo b/nestos-config/nestos-pool.repo similarity index 46% rename from config/nestos-pool.repo rename to nestos-config/nestos-pool.repo index ae37c27..7986b1b 100644 --- a/config/nestos-pool.repo +++ b/nestos-config/nestos-pool.repo @@ -1,10 +1,7 @@ [nestos] name= extra repository - $basearch -baseurl=http://10.1.110.88/nestos/nestos_x86 +baseurl=Èí¼þ°üÔ´µØÖ· enabled=1 -#repo_gpgcheck=0 type=rpm-md gpgcheck=0 -#skip_if_unavailable=True - diff --git a/config/overlay.d/05core/etc/security/pwquality.conf.d/20-disable-dict.conf b/nestos-config/overlay.d/05core/etc/security/pwquality.conf.d/20-disable-dict.conf old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/etc/security/pwquality.conf.d/20-disable-dict.conf rename to nestos-config/overlay.d/05core/etc/security/pwquality.conf.d/20-disable-dict.conf diff --git a/config/overlay.d/05core/etc/sudoers.d/coreos-sudo-group b/nestos-config/overlay.d/05core/etc/sudoers.d/coreos-sudo-group old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/etc/sudoers.d/coreos-sudo-group rename to nestos-config/overlay.d/05core/etc/sudoers.d/coreos-sudo-group diff --git a/nestos-config/overlay.d/05core/statoverride b/nestos-config/overlay.d/05core/statoverride new file mode 100755 index 0000000..9769b8c --- /dev/null +++ b/nestos-config/overlay.d/05core/statoverride @@ -0,0 +1,6 @@ +# Config file for overriding permission bits on overlay files/dirs +# Format: = + +# Some security scanners complain if /etc/sudoers.d files have 0044 mode bits +# https://bugzilla.redhat.com/show_bug.cgi?id=1981979 +=384 /etc/sudoers.d/coreos-sudo-group diff --git a/config/overlay.d/05core/usr/lib/NetworkManager/conf.d/20-client-id-from-mac.conf b/nestos-config/overlay.d/05core/usr/lib/NetworkManager/conf.d/20-client-id-from-mac.conf old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/NetworkManager/conf.d/20-client-id-from-mac.conf rename to nestos-config/overlay.d/05core/usr/lib/NetworkManager/conf.d/20-client-id-from-mac.conf diff --git a/config/overlay.d/05core/usr/lib/coreos/generator-lib.sh b/nestos-config/overlay.d/05core/usr/lib/coreos/generator-lib.sh old mode 100644 new mode 100755 similarity index 64% rename from config/overlay.d/05core/usr/lib/coreos/generator-lib.sh rename to nestos-config/overlay.d/05core/usr/lib/coreos/generator-lib.sh index b133e5a..dd19ad8 --- a/config/overlay.d/05core/usr/lib/coreos/generator-lib.sh +++ b/nestos-config/overlay.d/05core/usr/lib/coreos/generator-lib.sh @@ -17,3 +17,14 @@ have_karg() { done return 1 } + +karg() { + local name="$1" value="${2:-}" + local cmdline=( $(&2 + exit 1 + fi + rdcore kargs --boot-mount ${bootmnt} --append boot=UUID=${UUID} + # but also put it in /run for the first boot real root mount + mkdir -p /run/coreos + echo "${UUID}" > /run/coreos/bootfs_uuid fi diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-diskful-generator b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-diskful-generator old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-diskful-generator rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-diskful-generator diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.service old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.service rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.service diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh old mode 100644 new mode 100755 similarity index 98% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh index ee2fc4f..dc55409 --- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh +++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh @@ -39,4 +39,4 @@ fi echo "Randomizing disk GUID" sgdisk --disk-guid=R --move-second-header "$PKNAME" -udevadm settle +udevadm settle || : diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-ignition-setup-user.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-ignition-setup-user.service old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-ignition-setup-user.service rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-ignition-setup-user.service diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-ignition-setup-user.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-ignition-setup-user.sh old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-ignition-setup-user.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-ignition-setup-user.sh diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs-reboot.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs-reboot.service old mode 100644 new mode 100755 similarity index 73% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs-reboot.service rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs-reboot.service index 4f50823..6ac57ff --- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs-reboot.service +++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs-reboot.service @@ -1,7 +1,7 @@ [Unit] Description=CoreOS Kernel Arguments Reboot ConditionPathExists=/etc/initrd-release -ConditionPathExists=/run/ignition-modified-kargs +ConditionPathExists=/run/coreos-kargs-reboot DefaultDependencies=false Before=ignition-complete.target @@ -18,4 +18,6 @@ OnFailureJobMode=isolate [Service] Type=oneshot RemainAfterExit=yes -ExecStart=/usr/bin/systemctl reboot +# --force causes a rapid reboot. Without it, systemd continues running +# Ignition stages in parallel with shutting down. +ExecStart=/usr/bin/systemctl reboot --force diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs.sh old mode 100644 new mode 100755 similarity index 65% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs.sh index 3744eb6..adad195 --- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs.sh +++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs.sh @@ -1,4 +1,4 @@ #!/bin/bash set -euo pipefail -/usr/bin/rdcore kargs --boot-device /dev/disk/by-label/boot --create-if-changed /run/ignition-modified-kargs "$@" +/usr/bin/rdcore kargs --boot-device /dev/disk/by-label/boot --create-if-changed /run/coreos-kargs-reboot "$@" diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.service old mode 100644 new mode 100755 similarity index 90% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.service rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.service index feb3993..060530e --- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.service +++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.service @@ -1,6 +1,6 @@ # Clean up the initramfs networking on first boot # so the real network is being brought up - +# https://github.com/coreos/fedora-coreos-tracker/issues/394#issuecomment-599721763 [Unit] Description=CoreOS Tear Down Initramfs @@ -14,7 +14,7 @@ DefaultDependencies=false # The only other one right now is ignition-mount that has an ExecStop # for doing an unmount. Since the ordering for ExecStop is the # opposite of ExecStart we need to use `Before=ignition-mount.service`. - +# https://github.com/coreos/fedora-coreos-tracker/issues/440 Before=ignition-mount.service Before=ignition-complete.target diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh old mode 100644 new mode 100755 similarity index 95% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh index 96f1ffc..8fea202 --- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh +++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh @@ -66,9 +66,9 @@ are_default_NM_configs() { # defaults (trying dhcp/dhcp6 on everything). If it's just the # defaults then we want to avoid a slight behavior diff between # propagating configs and just booting with no configuration. See -# +# https://github.com/coreos/fedora-coreos-tracker/issues/696 # - +# See https://github.com/coreos/fedora-coreos-tracker/issues/394#issuecomment-599721173 propagate_initramfs_networking() { # Check for any real root config in the two locations where a user could have # provided network configuration. On FCOS we only support keyfiles, but on RHCOS @@ -85,7 +85,7 @@ propagate_initramfs_networking() { # Did the user tell us to force initramfs networking config # propagation even if real root networking config exists? # Hopefully we only need this in rare circumstances. - + # https://github.com/coreos/fedora-coreos-tracker/issues/853 forcepropagate=0 if dracut_func getargbool 0 'coreos.force_persist_ip'; then forcepropagate=1 @@ -155,7 +155,8 @@ down_interface() { # Iterate through the interfaces in the machine and take them down. # Note that in the futre we would like to possibly use `nmcli` networking off` # for this. See the following two comments for details: - +# https://github.com/coreos/fedora-coreos-tracker/issues/394#issuecomment-599721763 +# https://github.com/coreos/fedora-coreos-tracker/issues/394#issuecomment-599746049 down_interfaces() { if ! [ -z "$(ls /sys/class/net)" ]; then for f in /sys/class/net/*; do diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh old mode 100644 new mode 100755 similarity index 92% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh index 52abd13..a42bcc3 --- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh +++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh @@ -12,7 +12,7 @@ install_ignition_unit() { local instantiated="${1:-$unit}"; shift inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit" # note we `|| exit 1` here so we error out if e.g. the units are missing - + # see https://github.com/coreos/fedora-coreos-config/issues/799 systemctl -q --root="$initdir" add-requires "$target" "$instantiated" || exit 1 } @@ -34,7 +34,7 @@ install() { "/usr/sbin/coreos-ignition-setup-user" # For consistency tear down the network and persist multipath between the initramfs and - # real root. + # real root. See https://github.com/coreos/fedora-coreos-tracker/issues/394#issuecomment-599721763 inst_script "$moddir/coreos-teardown-initramfs.sh" \ "/usr/sbin/coreos-teardown-initramfs" install_ignition_unit coreos-teardown-initramfs.service diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-clear-sssd-cache.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-clear-sssd-cache.service old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-clear-sssd-cache.service rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-clear-sssd-cache.service diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-unmount-tmpfs-var.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-unmount-tmpfs-var.service old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-unmount-tmpfs-var.service rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-unmount-tmpfs-var.service diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-unmount-tmpfs-var.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-unmount-tmpfs-var.sh old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-unmount-tmpfs-var.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-unmount-tmpfs-var.sh diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-liveiso-persist-osmet.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-liveiso-persist-osmet.service old mode 100644 new mode 100755 similarity index 77% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-liveiso-persist-osmet.service rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-liveiso-persist-osmet.service index 9568410..c6ca789 --- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-liveiso-persist-osmet.service +++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-liveiso-persist-osmet.service @@ -9,7 +9,7 @@ Before=initrd-switch-root.target [Service] Type=oneshot RemainAfterExit=yes -ExecStart=/usr/bin/mkdir -p /run/coreos-installer/osmet +ExecStart=/usr/bin/mkdir -p /run/nestos-installer/osmet # bsdtar reads cpio archives, and unlike cpio(1L), knows how to seek over # members it isn't reading -ExecStart=/usr/bin/bsdtar -x -C /run/coreos-installer/osmet -f /run/media/iso/images/pxeboot/rootfs.img *.osmet +ExecStart=/usr/bin/bsdtar -x -C /run/nestos-installer/osmet -f /run/media/iso/images/pxeboot/rootfs.img *.osmet diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-persist-osmet.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-persist-osmet.service old mode 100644 new mode 100755 similarity index 80% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-persist-osmet.service rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-persist-osmet.service index 17484e6..75250d2 --- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-persist-osmet.service +++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-persist-osmet.service @@ -10,5 +10,5 @@ Before=initrd-switch-root.target [Service] Type=oneshot RemainAfterExit=yes -ExecStart=/usr/bin/mkdir -p /run/coreos-installer/osmet -ExecStart=/usr/bin/sh -c "if ls /*.osmet &>/dev/null; then cp /*.osmet /run/coreos-installer/osmet; fi" +ExecStart=/usr/bin/mkdir -p /run/nestos-installer/osmet +ExecStart=/usr/bin/sh -c "if ls /*.osmet &>/dev/null; then cp /*.osmet /run/nestos-installer/osmet; fi" diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.service old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.service rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.service diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.sh old mode 100644 new mode 100755 similarity index 88% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.sh index 483587e..9f59a8d --- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.sh +++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.sh @@ -26,8 +26,9 @@ elif [[ -n "${rootfs_url}" ]]; then if [[ ${rootfs_url} != http:* && ${rootfs_url} != https:* ]]; then # Don't commit to supporting protocols we might not want to expose in # the long term. - echo "coreos.live.rootfs_url= supports HTTP and HTTPS only." >&2 - echo "Please fix your PXE configuration." >&2 + echo "Unsupported scheme for image specified by:" >&2 + echo "coreos.live.rootfs_url=${rootfs_url}" >&2 + echo "Only HTTP and HTTPS are supported. Please fix your PXE configuration." >&2 exit 1 fi @@ -39,7 +40,8 @@ elif [[ -n "${rootfs_url}" ]]; then # We retry forever, matching Ignition's semantics. curl_common_args="--silent --show-error --insecure --location" while ! curl --head $curl_common_args "${rootfs_url}" >/dev/null; do - echo "Couldn't establish connectivity with the server specified by coreos.live.rootfs_url=" >&2 + echo "Couldn't establish connectivity with the server specified by:" >&2 + echo "coreos.live.rootfs_url=${rootfs_url}" >&2 echo "Retrying in 5s..." >&2 sleep 5 done @@ -54,14 +56,15 @@ elif [[ -n "${rootfs_url}" ]]; then if ! curl $curl_common_args --retry 5 "${rootfs_url}" | \ rdcore stream-hash /etc/coreos-live-want-rootfs | \ bsdtar -xf - -C / ; then - echo "Couldn't fetch, verify, and unpack image specified by coreos.live.rootfs_url=" >&2 + echo "Couldn't fetch, verify, and unpack image specified by:" >&2 + echo "coreos.live.rootfs_url=${rootfs_url}" >&2 echo "Check that the URL is correct and that the rootfs version matches the initramfs." >&2 exit 1 fi else # Nothing. Fail. echo "No rootfs image found. Modify your PXE configuration to add the rootfs" >&2 - echo "image as a second initrd, or use the coreos.live.rootfs_url= kernel parameter" >&2 + echo "image as a second initrd, or use the coreos.live.rootfs_url kernel parameter" >&2 echo "to specify an HTTP or HTTPS URL to the rootfs." >&2 exit 1 fi diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/is-live-image.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/is-live-image.sh old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/is-live-image.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/is-live-image.sh diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator old mode 100644 new mode 100755 similarity index 98% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator index 3f137a5..560b0b6 --- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator +++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator @@ -86,7 +86,7 @@ EOF [Unit] DefaultDependencies=false - +# HACK for https://github.com/coreos/fedora-coreos-config/issues/437 Wants=systemd-udev-settle.service # Note that bootup(7) implies that initrd-root-device is After=basic.target # but that appears to not be the case. We explicitly order after sysinit.target @@ -123,7 +123,7 @@ fi # It turns out that `tmpfs` currently munches all SELinux labels # we set before policy is loaded, so we make an XFS filesystem # loopback mounted that's sized the same as /run. - +# https://github.com/coreos/fedora-coreos-config/pull/499 cat >"${UNIT_DIR}/sysroot-xfs-ephemeral-mkfs.service" <<'EOF' [Unit] DefaultDependencies=false diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/module-setup.sh old mode 100644 new mode 100755 similarity index 91% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/module-setup.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/module-setup.sh index f9b1b83..6a91048 --- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/module-setup.sh +++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/module-setup.sh @@ -8,10 +8,15 @@ install_and_enable_unit() { target="$1"; shift inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit" # note we `|| exit 1` here so we error out if e.g. the units are missing - + # see https://github.com/coreos/fedora-coreos-config/issues/799 systemctl -q --root="$initdir" add-requires "$target" "$unit" || exit 1 } +installkernel() { + # we do loopmounts + instmods -c loop +} + install() { inst_multiple \ bsdtar \ diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/ostree-cmdline.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/ostree-cmdline.sh old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/ostree-cmdline.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/ostree-cmdline.sh diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-generator b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-generator old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-generator rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-generator diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-trigger.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-trigger.service old mode 100644 new mode 100755 similarity index 91% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-trigger.service rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-trigger.service index 60ab199..524dc91 --- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-trigger.service +++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-trigger.service @@ -4,7 +4,7 @@ # here to make sure it's re-added. # # This is tracked at: - +# https://bugzilla.redhat.com/show_bug.cgi?id=1963242 [Unit] Description=CoreOS Trigger Multipath diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-wait.target b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-wait.target old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-wait.target rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-wait.target diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.service old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.service rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.service diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.sh old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.sh diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/module-setup.sh old mode 100644 new mode 100755 similarity index 94% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/module-setup.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/module-setup.sh index d467dd4..4ab4bc4 --- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/module-setup.sh +++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/module-setup.sh @@ -7,7 +7,7 @@ install_ignition_unit() { local target=${1:-complete} inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit" # note we `|| exit 1` here so we error out if e.g. the units are missing - + # see https://github.com/coreos/fedora-coreos-config/issues/799 systemctl -q --root="$initdir" add-requires "ignition-${target}.target" "$unit" || exit 1 } diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-afterburn-network-kargs-default.conf b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-afterburn-network-kargs-default.conf old mode 100644 new mode 100755 similarity index 80% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-afterburn-network-kargs-default.conf rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-afterburn-network-kargs-default.conf index 44735dd..bad6d14 --- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-afterburn-network-kargs-default.conf +++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-afterburn-network-kargs-default.conf @@ -1,7 +1,7 @@ # This contains the default kargs for firstboot network configuration. # Default values can be dynamically overridden by platform-specific # logic (e.g. injected via a back-channel). - +# https://github.com/coreos/fedora-coreos-tracker/issues/460 [Service] Environment=AFTERBURN_NETWORK_KARGS_DEFAULT='ip=dhcp,dhcp6' diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service old mode 100644 new mode 100755 similarity index 96% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service index af9c020..7dfbc59 --- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service +++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service @@ -49,7 +49,7 @@ After=coreos-multipath-wait.target After=coreos-enable-network.service # We've seen races with ignition-kargs.service, which accesses /boot rw. # Let's introduce some ordering here. Need to use `Before` because otherwise - +# we get a systemd ordering cycle. https://github.com/coreos/fedora-coreos-tracker/issues/883 Before=ignition-kargs.service [Service] diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.sh old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.sh diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.sh old mode 100644 new mode 100755 similarity index 89% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.sh index 2bb4fcf..6c54f49 --- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.sh +++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.sh @@ -20,7 +20,7 @@ if ! dracut_func getargbool 0 'rd.neednet'; then # Hack: we need to rerun the NM cmdline hook because we run after # dracut-cmdline.service because we need udev. We should be able to move # away from this once we run NM as a systemd unit. See also: - + # https://github.com/coreos/fedora-coreos-config/pull/346#discussion_r409843428 set +euo pipefail . /usr/lib/dracut/hooks/cmdline/99-nm-config.sh set -euo pipefail diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh old mode 100644 new mode 100755 similarity index 94% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh index 58052ee..7c910b1 --- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh +++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh @@ -3,7 +3,7 @@ install_and_enable_unit() { target="$1"; shift inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit" # note we `|| exit 1` here so we error out if e.g. the units are missing - + # see https://github.com/coreos/fedora-coreos-config/issues/799 systemctl -q --root="$initdir" add-requires "$target" "$unit" || exit 1 } diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/00-core.ign b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/00-core.ign old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/00-core.ign rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/00-core.ign diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/README.md b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/README.md old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/README.md rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/README.md diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/module-setup.sh old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/module-setup.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/module-setup.sh diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-check-rootfs-size b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-check-rootfs-size old mode 100644 new mode 100755 similarity index 82% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-check-rootfs-size rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-check-rootfs-size index d758ac4..2c320be --- a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-check-rootfs-size +++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-check-rootfs-size @@ -2,7 +2,7 @@ set -euo pipefail # See also ignition-ostree-check-rootfs-size.service - +# https://github.com/coreos/fedora-coreos-tracker/issues/586#issuecomment-777220000 srcdev=$(findmnt -nvr -o SOURCE /sysroot | tail -n1) size=$(lsblk --nodeps --noheadings --bytes -o SIZE "${srcdev}") @@ -22,7 +22,8 @@ ${YELLOW} ############################################################################ WARNING: The root filesystem is too small. It is strongly recommended to allocate at least ${MINIMUM_GB} GiB of space to allow for upgrades. From June 2021, this -condition will trigger a failure in some cases. +condition will trigger a failure in some cases. For more information, see: +https://docs.fedoraproject.org/en-US/fedora-coreos/storage/ You may delete this warning using: sudo rm ${MOTD_DROPIN} diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-relabel b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-relabel old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-relabel rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-relabel diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-rootflags.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-rootflags.sh old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-rootflags.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-rootflags.sh diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-check-rootfs-size.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-check-rootfs-size.service old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-check-rootfs-size.service rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-check-rootfs-size.service diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid old mode 100644 new mode 100755 similarity index 90% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid index e780953..b217735 --- a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid +++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid @@ -1,6 +1,6 @@ #!/bin/bash set -euo pipefail - +# https://github.com/coreos/fedora-coreos-tracker/issues/465 # coreos-assembler generates disk images which are installed bit-for-bit # or booted directly in the cloud. # Generate new UUID on firstboot; this is general best practice, but in the future @@ -8,7 +8,7 @@ set -euo pipefail label=$1 - +# Keep this in sync with https://github.com/coreos/coreos-assembler/blob/e3905fd2e138de04184c1cd86b99b0fd83cbe5cf/src/create_disk.sh#L17 bootfs_uuid="96d15588-3596-4b3c-adca-a2ff7279ea63" rootfs_uuid="910678ff-f77e-4a7d-8d53-86f2ac47a823" @@ -43,6 +43,7 @@ if [ "${TYPE}" == "${orig_type}" ] && [ "${UUID}" == "${orig_uuid}" ]; then # complain. It will still error if the last checked timestamp (just # set by the e2fsck above) is older than the last mount timestamp (happens # on systems with out of date or non-functioning hardware clocks). + # See https://github.com/coreos/fedora-coreos-tracker/issues/735#issuecomment-859605953 # Potentially fixed in future by: https://www.spinics.net/lists/linux-ext4/msg78012.html tune2fsinfo="$(tune2fs -l ${target})" lastmount=$(echo "$tune2fsinfo" | grep '^Last mount time:' | cut -d ':' -f 2,3,4) @@ -60,7 +61,7 @@ if [ "${TYPE}" == "${orig_type}" ] && [ "${UUID}" == "${orig_uuid}" ]; then xfs) xfs_admin -U generate "${target}" ;; *) echo "unexpected filesystem type ${TYPE}" 1>&2; exit 1 ;; esac - udevadm settle + udevadm settle || : echo "Regenerated UUID for ${target}" else echo "No changes required for ${target} TYPE=${TYPE} UUID=${UUID}" diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh old mode 100644 new mode 100755 similarity index 97% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh index 90f9595..d20b6a0 --- a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh +++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh @@ -61,6 +61,7 @@ esac # Now, go through the hierarchy, growing everything. Note we go one device at a # time using --nodeps, because ordering is buggy in el8: +# https://bugzilla.redhat.com/show_bug.cgi?id=1940607 current_blkdev=${partition} while true; do eval "$(lsblk --paths --nodeps --pairs -o NAME,TYPE,PKNAME "${current_blkdev}")" @@ -71,7 +72,7 @@ while true; do if [ -n "${DM_MPATH:-}" ]; then # Since growpart does not understand device mapper, we have to use sfdisk. echo ", +" | sfdisk --no-reread --no-tell-kernel --force -N "${DM_PART}" "/dev/mapper/${DM_MPATH}" - udevadm settle # Wait for udev-triggered kpartx to update mappings + udevadm settle || : # Wait for udev-triggered kpartx to update mappings else partnum=$(cat "/sys/dev/block/${MAJMIN}/partition") # XXX: ideally this'd be idempotent and we wouldn't `|| :` diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-firstboot-sysroot.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-firstboot-sysroot.service old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-firstboot-sysroot.service rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-firstboot-sysroot.service diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-subsequent-sysroot.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-subsequent-sysroot.service old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-subsequent-sysroot.service rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-subsequent-sysroot.service diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-sysroot.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-sysroot.sh old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-sysroot.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-sysroot.sh diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-var.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-var.service old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-var.service rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-var.service diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-var.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-var.sh old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-var.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-var.sh diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-populate-var.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-populate-var.service old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-populate-var.service rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-populate-var.service diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-populate-var.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-populate-var.sh old mode 100644 new mode 100755 similarity index 90% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-populate-var.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-populate-var.sh index fb5092d..01212db --- a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-populate-var.sh +++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-populate-var.sh @@ -29,7 +29,7 @@ for varsubdir in lib log home roothome opt srv usrlocal mnt media; do # (though... we *could* import them from the sysroot, and have # nss-altfiles in the initrd, but meh... let's just wait for # systemd-sysusers which will make this way easier: - + # https://github.com/coreos/fedora-coreos-config/pull/56/files#r262592361). mkdir -p /sysroot/var/${varsubdir} else systemd-tmpfiles --create --boot --root=/sysroot --prefix="/var/${varsubdir}" @@ -37,7 +37,7 @@ for varsubdir in lib log home roothome opt srv usrlocal mnt media; do if [[ $varsubdir == roothome ]]; then # TODO move this to tmpfiles.d once systemd-tmpfiles handles C! with --root correctly. - + # See https://github.com/coreos/fedora-coreos-config/pull/137 cp /sysroot/etc/skel/.bash* /sysroot/var/${varsubdir} fi diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-detect.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-detect.service old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-detect.service rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-detect.service diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-restore.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-restore.service old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-restore.service rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-restore.service diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-save.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-save.service old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-save.service rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-save.service diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-root.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-root.service old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-root.service rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-root.service diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh old mode 100644 new mode 100755 similarity index 97% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh index ccaf8cc..bf9a787 --- a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh +++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh @@ -11,6 +11,7 @@ install_ignition_unit() { local target=${1:-complete} inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit" # note we `|| exit 1` here so we error out if e.g. the units are missing + # see https://github.com/coreos/fedora-coreos-config/issues/799 systemctl -q --root="$initdir" add-requires "ignition-${target}.target" "$unit" || exit 1 } diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/coreos-check-kernel.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/coreos-check-kernel.service old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/coreos-check-kernel.service rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/coreos-check-kernel.service diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/module-setup.sh old mode 100644 new mode 100755 similarity index 85% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/module-setup.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/module-setup.sh index 6c278a9..cac7b64 --- a/config/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/module-setup.sh +++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/module-setup.sh @@ -3,6 +3,7 @@ install_unit() { target="$1"; shift inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit" # note we `|| exit 1` here so we error out if e.g. the units are missing + # see https://github.com/coreos/fedora-coreos-config/issues/799 systemctl -q --root="$initdir" add-requires "$target" "$unit" || exit 1 } diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/coreos-touch-run-agetty.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/coreos-touch-run-agetty.service old mode 100644 new mode 100755 similarity index 68% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/coreos-touch-run-agetty.service rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/coreos-touch-run-agetty.service index 195b392..743670e --- a/config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/coreos-touch-run-agetty.service +++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/coreos-touch-run-agetty.service @@ -1,4 +1,6 @@ # Temporary hack to work around agetty SELinux denials. +# https://github.com/coreos/fedora-coreos-config/pull/859#issuecomment-783713383 +# https://bugzilla.redhat.com/show_bug.cgi?id=1932053 [Unit] Description=CoreOS: Touch /run/agetty.reload Documentation=https://bugzilla.redhat.com/show_bug.cgi?id=1932053 diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/module-setup.sh old mode 100644 new mode 100755 similarity index 78% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/module-setup.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/module-setup.sh index cce3ace..1423fd5 --- a/config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/module-setup.sh +++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/module-setup.sh @@ -2,11 +2,13 @@ # -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*- # ex: ts=8 sw=4 sts=4 et filetype=sh +# Temporary workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1932053. install_unit() { local unit=$1; shift inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit" # note we `|| exit 1` here so we error out if e.g. the units are missing + # see https://github.com/coreos/fedora-coreos-config/issues/799 systemctl -q --root="$initdir" add-requires initrd.target "$unit" || exit 1 } diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/ignition-virtio-dump-journal.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/ignition-virtio-dump-journal.service old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/ignition-virtio-dump-journal.service rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/ignition-virtio-dump-journal.service diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/ignition-virtio-dump-journal.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/ignition-virtio-dump-journal.sh old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/ignition-virtio-dump-journal.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/ignition-virtio-dump-journal.sh diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/module-setup.sh old mode 100644 new mode 100755 similarity index 91% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/module-setup.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/module-setup.sh index d8ba3c0..63907da --- a/config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/module-setup.sh +++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/module-setup.sh @@ -8,6 +8,7 @@ install_unit_wants() { local instantiated="${1:-$unit}"; shift inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit" # note we `|| exit 1` here so we error out if e.g. the units are missing + # see https://github.com/coreos/fedora-coreos-config/issues/799 systemctl -q --root="$initdir" add-wants "$target" "$instantiated" || exit 1 } diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/timeout.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/timeout.sh old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/timeout.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/timeout.sh diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/99journal-conf/00-journal-log-forwarding.conf b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99journal-conf/00-journal-log-forwarding.conf old mode 100644 new mode 100755 similarity index 87% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/99journal-conf/00-journal-log-forwarding.conf rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99journal-conf/00-journal-log-forwarding.conf index f66ea93..091a114 --- a/config/overlay.d/05core/usr/lib/dracut/modules.d/99journal-conf/00-journal-log-forwarding.conf +++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99journal-conf/00-journal-log-forwarding.conf @@ -7,6 +7,6 @@ # ring buffer using `dmesg`). In the future we will rely on kernel # console multiplexing (link below) for this and will not use kmsg. # - +# https://github.com/coreos/fedora-coreos-tracker/issues/136 ForwardToKMsg=yes MaxLevelKMsg=info diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/99journal-conf/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99journal-conf/module-setup.sh old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/dracut/modules.d/99journal-conf/module-setup.sh rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99journal-conf/module-setup.sh diff --git a/config/overlay.d/05core/usr/lib/sysctl.d/10-coreos-ratelimit-kmsg.conf b/nestos-config/overlay.d/05core/usr/lib/sysctl.d/10-coreos-ratelimit-kmsg.conf old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/sysctl.d/10-coreos-ratelimit-kmsg.conf rename to nestos-config/overlay.d/05core/usr/lib/sysctl.d/10-coreos-ratelimit-kmsg.conf diff --git a/config/overlay.d/05core/usr/lib/systemd/journald.conf.d/10-coreos-persistent.conf b/nestos-config/overlay.d/05core/usr/lib/systemd/journald.conf.d/10-coreos-persistent.conf old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/systemd/journald.conf.d/10-coreos-persistent.conf rename to nestos-config/overlay.d/05core/usr/lib/systemd/journald.conf.d/10-coreos-persistent.conf diff --git a/config/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator b/nestos-config/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator old mode 100644 new mode 100755 similarity index 60% rename from config/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator rename to nestos-config/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator index c1beaeb..5724fdc --- a/config/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator +++ b/nestos-config/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator @@ -61,14 +61,50 @@ EOF add_wants "${unit_name}" } +# Copied from +# https://github.com/dracutdevs/dracut/blob/9491e599282d0d6bb12063eddbd192c0d2ce8acf/modules.d/99base/dracut-lib.sh#L586 +# rather than sourcing it. +label_uuid_to_dev() { + local _dev + _dev="${1#block:}" + case "$_dev" in + LABEL=*) + echo "/dev/disk/by-label/$(echo "${_dev#LABEL=}" | sed 's,/,\\x2f,g;s, ,\\x20,g')" + ;; + PARTLABEL=*) + echo "/dev/disk/by-partlabel/$(echo "${_dev#PARTLABEL=}" | sed 's,/,\\x2f,g;s, ,\\x20,g')" + ;; + UUID=*) + echo "/dev/disk/by-uuid/$(echo "${_dev#UUID=}" | tr "[:upper:]" "[:lower:]")" + ;; + PARTUUID=*) + echo "/dev/disk/by-partuuid/$(echo "${_dev#PARTUUID=}" | tr "[:upper:]" "[:lower:]")" + ;; + esac +} + # If the root device is multipath, hook up /boot to use that too, # based on our custom udev rules in 90-coreos-device-mapper.rules # that creates "label found on mpath" links. # Otherwise, use the usual by-label symlink. +# See discussion in https://github.com/coreos/fedora-coreos-config/pull/1022 bootdev=/dev/disk/by-label/boot -# TODO add equivalent of getargbool() so we handle rd.multipath=0 -if have_karg rd.multipath; then +bootkarg=$(karg boot) +mpath=$(karg rd.multipath) +if [ -n "${mpath}" ] && [ "${mpath}" != 0 ]; then bootdev=/dev/disk/by-label/dm-mpath-boot +# Newer nodes inject boot=UUID=..., but we support a larger subset of the dracut/fips API +elif [ -n "${bootkarg}" ]; then + # Adapted from https://github.com/dracutdevs/dracut/blob/9491e599282d0d6bb12063eddbd192c0d2ce8acf/modules.d/01fips/fips.sh#L17 + case "$bootkarg" in + LABEL=* | UUID=* | PARTUUID=* | PARTLABEL=*) + bootdev="$(label_uuid_to_dev "$bootkarg")";; + /dev/*) bootdev=$bootkarg;; + *) echo "Unknown boot karg '${bootkarg}'; falling back to ${bootdev}";; + esac +# This is used for the first boot only +elif [ -f /run/coreos/bootfs_uuid ]; then + bootdev=/dev/disk/by-uuid/$(cat /run/coreos/bootfs_uuid) fi # We mount read-only by default mostly to protect diff --git a/config/overlay.d/05core/usr/lib/systemd/system-generators/coreos-liveiso-autologin-generator b/nestos-config/overlay.d/05core/usr/lib/systemd/system-generators/coreos-liveiso-autologin-generator old mode 100644 new mode 100755 similarity index 89% rename from config/overlay.d/05core/usr/lib/systemd/system-generators/coreos-liveiso-autologin-generator rename to nestos-config/overlay.d/05core/usr/lib/systemd/system-generators/coreos-liveiso-autologin-generator index 9e177ce..ef61594 --- a/config/overlay.d/05core/usr/lib/systemd/system-generators/coreos-liveiso-autologin-generator +++ b/nestos-config/overlay.d/05core/usr/lib/systemd/system-generators/coreos-liveiso-autologin-generator @@ -40,15 +40,15 @@ write_interactive_live_motd() { Welcome to the NestOS live environment. This system is running completely from memory, making it a good candidate for hardware discovery and installing persistently to disk. Here is an example of running an install -to disk via coreos-installer: +to disk via nestos-installer: -sudo coreos-installer install /dev/sda \\ - --ignition-file config.ign +sudo nestos-installer install /dev/sda \\ + --ignition-url https://example.com/example.ign You may configure networking via 'sudo nmcli' or 'sudo nmtui' and have that configuration persist into the installed system by passing the -'--copy-network' argument to 'coreos-installer install'. Please run -'coreos-installer install --help' for more information on the possible +'--copy-network' argument to 'nestos-installer install'. Please run +'nestos-installer install --help' for more information on the possible install options. ########################################################################### @@ -85,9 +85,7 @@ fi # If the user supplied an Ignition config, they have the ability to enable # autologin themselves. Don't automatically render them insecure, since # they might be running in production and booting via e.g. IPMI. - -ign_usercfg_msg=$(journalctl -q MESSAGE_ID=57124006b5c94805b77ce473e92a8aeb IGNITION_CONFIG_TYPE=user) -if [ -n "${ign_usercfg_msg}" ]; then +if jq -e .userConfigProvided /etc/.ignition-result.json &>/dev/null; then exit 0 fi diff --git a/config/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos-systemd.preset b/nestos-config/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos-systemd.preset old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos-systemd.preset rename to nestos-config/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos-systemd.preset diff --git a/config/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset b/nestos-config/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset old mode 100644 new mode 100755 similarity index 46% rename from config/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset rename to nestos-config/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset index 1510094..13963ef --- a/config/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset +++ b/nestos-config/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset @@ -1,10 +1,11 @@ +# Presets here that eventually should live in the generic fedora presets - +# console-login-helper-messages - https://github.com/coreos/console-login-helper-messages enable console-login-helper-messages-gensnippet-os-release.service enable console-login-helper-messages-gensnippet-ssh-keys.service - +# CA certs (probably to add to base fedora eventually) enable coreos-update-ca-trust.service - +# https://github.com/coreos/ignition/issues/1125 enable coreos-ignition-firstboot-complete.service # Boot checkin services for cloud providers. enable afterburn-checkin.service @@ -17,7 +18,10 @@ enable zincati.service enable coreos-liveiso-success.service # See bootupd.yaml enable bootupd.socket - - +# Enable rtas_errd for ppc64le to discover dynamically attached pci devices - https://bugzilla.redhat.com/show_bug.cgi?id=1811537 +# The event for the attached device comes as a diag event. +# Ideally it should have been added as part of base Fedora - but since it was arch specific, it was not added: https://bugzilla.redhat.com/show_bug.cgi?id=1433859 enable rtas_errd.service enable clevis-luks-askpass.path +# Provide information if no ignition is provided +enable coreos-check-ignition-config.service diff --git a/config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ignition-config.service b/nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-check-ignition-config.service old mode 100644 new mode 100755 similarity index 42% rename from config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ignition-config.service rename to nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-check-ignition-config.service index 1a91853..569de69 --- a/config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ignition-config.service +++ b/nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-check-ignition-config.service @@ -2,15 +2,13 @@ # no Ignition config is provided. [Unit] Description=Check if Ignition config is provided -# Only perform checks on the first (Ignition) boot as they are -# mostly useful only on that boot. This ensures systems started -# before Ignition/Afterburn started logging structured data don't -# get misleading messages. Also handles the case where the journal -# gets rotated and no longer has the structured log messages. -ConditionKernelCommandLine=ignition.firstboot +Before=systemd-user-sessions.service +ConditionPathExists=/etc/.ignition-result.json + [Service] Type=oneshot ExecStart=/usr/libexec/coreos-check-ignition-config RemainAfterExit=yes + [Install] WantedBy=multi-user.target diff --git a/config/overlay.d/05core/usr/lib/systemd/system/coreos-ignition-firstboot-complete.service b/nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-ignition-firstboot-complete.service old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/systemd/system/coreos-ignition-firstboot-complete.service rename to nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-ignition-firstboot-complete.service diff --git a/config/overlay.d/05core/usr/lib/systemd/system/coreos-liveiso-success.service b/nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-liveiso-success.service old mode 100644 new mode 100755 similarity index 49% rename from config/overlay.d/05core/usr/lib/systemd/system/coreos-liveiso-success.service rename to nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-liveiso-success.service index e7dc061..d148d12 --- a/config/overlay.d/05core/usr/lib/systemd/system/coreos-liveiso-success.service +++ b/nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-liveiso-success.service @@ -15,14 +15,12 @@ ConditionPathExists=/dev/virtio-ports/coreos.liveiso-success [Service] Type=simple -# https://stackoverflow.com/questions/44358723/systemd-unit-file-problems-with-tr -IgnoreSIGPIPE=false -# See https://cgit.freedesktop.org/systemd/systemd/plain/src/systemd/sd-messages.h for the MESSAGE_ID source. -# The logic here is that we're doing a streaming journalctl query (-f to follow) -# and the `| head` bit will cause the pipeline to wait until at least one line is -# emitted, which will happen when a user login starts. We then just write a static -# knows how to read. -ExecStart=/bin/sh -c 'journalctl -b -q -f --no-tail -o cat -u systemd-logind.service MESSAGE_ID=8d45620c1a4348dbb17410da57c60c66 | head -1; echo coreos-liveiso-success > /dev/virtio-ports/coreos.liveiso-success' +# Wait for a user session to start, then write a static message to the +# virtio channel, which https://github.com/coreos/coreos-assembler/pull/1330 +# knows how to read. We previously did "journalctl -f ... | head -1" here, +# but RHEL 8 has systemd 239, which has +# https://github.com/systemd/systemd/issues/9374. +ExecStart=/bin/sh -c 'while [ -z "$(loginctl list-sessions --no-legend)" ]; do sleep 1; done; echo coreos-liveiso-success > /dev/virtio-ports/coreos.liveiso-success' [Install] WantedBy=multi-user.target diff --git a/config/overlay.d/05core/usr/lib/systemd/system/coreos-update-ca-trust.service b/nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-update-ca-trust.service old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/systemd/system/coreos-update-ca-trust.service rename to nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-update-ca-trust.service diff --git a/config/overlay.d/05core/usr/lib/systemd/system/emergency.service.d/coreos-sulogin-force.conf b/nestos-config/overlay.d/05core/usr/lib/systemd/system/emergency.service.d/coreos-sulogin-force.conf old mode 100644 new mode 100755 similarity index 77% rename from config/overlay.d/05core/usr/lib/systemd/system/emergency.service.d/coreos-sulogin-force.conf rename to nestos-config/overlay.d/05core/usr/lib/systemd/system/emergency.service.d/coreos-sulogin-force.conf index 7300c85..390f727 --- a/config/overlay.d/05core/usr/lib/systemd/system/emergency.service.d/coreos-sulogin-force.conf +++ b/nestos-config/overlay.d/05core/usr/lib/systemd/system/emergency.service.d/coreos-sulogin-force.conf @@ -1,4 +1,4 @@ - +# https://github.com/coreos/coreos-installer/commit/15a79263d0bd5d72056a6080f6687dc10cba2dda # https://github.com/systemd/systemd/pull/10397 # We want things like `systemd.unit=emergency.target` and `single` on the # kernel command line to just work even with our locked root account. diff --git a/nestos-config/overlay.d/05core/usr/lib/systemd/system/rescue.service.d/coreos-sulogin-force.conf b/nestos-config/overlay.d/05core/usr/lib/systemd/system/rescue.service.d/coreos-sulogin-force.conf new file mode 100755 index 0000000..a8a1f7a --- /dev/null +++ b/nestos-config/overlay.d/05core/usr/lib/systemd/system/rescue.service.d/coreos-sulogin-force.conf @@ -0,0 +1 @@ +../emergency.service.d/coreos-sulogin-force.conf \ No newline at end of file diff --git a/nestos-config/overlay.d/05core/usr/lib/systemd/system/systemd-backlight@.service.d/45-after-ostree-remount.conf b/nestos-config/overlay.d/05core/usr/lib/systemd/system/systemd-backlight@.service.d/45-after-ostree-remount.conf new file mode 100755 index 0000000..fc1c821 --- /dev/null +++ b/nestos-config/overlay.d/05core/usr/lib/systemd/system/systemd-backlight@.service.d/45-after-ostree-remount.conf @@ -0,0 +1,4 @@ +# Temporary fix for https://github.com/coreos/fedora-coreos-tracker/issues/975 +# until https://github.com/ostreedev/ostree/issues/2115 is fixed. +[Unit] +After=ostree-remount.service diff --git a/config/overlay.d/05core/usr/lib/systemd/system/systemd-firstboot.service.d/fcos-disable.conf b/nestos-config/overlay.d/05core/usr/lib/systemd/system/systemd-firstboot.service.d/fcos-disable.conf old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/systemd/system/systemd-firstboot.service.d/fcos-disable.conf rename to nestos-config/overlay.d/05core/usr/lib/systemd/system/systemd-firstboot.service.d/fcos-disable.conf diff --git a/config/overlay.d/05core/usr/lib/udev/rules.d/65-gce-disk-naming.rules b/nestos-config/overlay.d/05core/usr/lib/udev/rules.d/65-gce-disk-naming.rules old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/udev/rules.d/65-gce-disk-naming.rules rename to nestos-config/overlay.d/05core/usr/lib/udev/rules.d/65-gce-disk-naming.rules diff --git a/config/overlay.d/05core/usr/lib/udev/rules.d/68-azure-sriov-nm-unmanaged.rules b/nestos-config/overlay.d/05core/usr/lib/udev/rules.d/68-azure-sriov-nm-unmanaged.rules old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/udev/rules.d/68-azure-sriov-nm-unmanaged.rules rename to nestos-config/overlay.d/05core/usr/lib/udev/rules.d/68-azure-sriov-nm-unmanaged.rules diff --git a/config/overlay.d/05core/usr/lib/udev/rules.d/90-coreos-device-mapper.rules b/nestos-config/overlay.d/05core/usr/lib/udev/rules.d/90-coreos-device-mapper.rules old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/05core/usr/lib/udev/rules.d/90-coreos-device-mapper.rules rename to nestos-config/overlay.d/05core/usr/lib/udev/rules.d/90-coreos-device-mapper.rules diff --git a/nestos-config/overlay.d/05core/usr/libexec/coreos-check-ignition-config b/nestos-config/overlay.d/05core/usr/libexec/coreos-check-ignition-config new file mode 100755 index 0000000..794efe9 --- /dev/null +++ b/nestos-config/overlay.d/05core/usr/libexec/coreos-check-ignition-config @@ -0,0 +1,47 @@ +#!/usr/bin/bash +set -euo pipefail + +IGNITION_RESULT=/etc/.ignition-result.json + +WARN='\033[0;33m' # yellow +RESET='\033[0m' # reset + +mkdir -p /run/issue.d +touch /run/issue.d/30_coreos_ignition_provisioning.issue + +d=$(date --date "$(jq -r .provisioningDate "${IGNITION_RESULT}")" +"%Y/%m/%d %H:%M:%S %Z") +ignitionBoot=$(jq -r .provisioningBootID "${IGNITION_RESULT}") +if [ $(cat /proc/sys/kernel/random/boot_id) = "${ignitionBoot}" ]; then + echo "Ignition: ran on ${d} (this boot)" \ + > /run/issue.d/30_coreos_ignition_provisioning.issue + + # checking for /run/ostree-live as the live system with persistent storage can run Ignition more than once + if ! test -f /run/ostree-live && jq -e .previousReport.provisioningDate "${IGNITION_RESULT}" &>/dev/null; then + prevdate=$(date --date "$(jq -r .previousReport.provisioningDate "${IGNITION_RESULT}")" +"%Y/%m/%d %H:%M:%S %Z") + cat << EOF > /etc/issue.d/30_coreos_ignition_run_more_than_once.issue +${WARN} +############################################################################ +WARNING: Ignition previously ran on ${prevdate}. Unexpected +behavior may occur. Ignition is not designed to run more than once per system. +############################################################################ +${RESET} +EOF + fi +else + nreboots=$(($(journalctl --list-boots | wc -l) - 1)) + [ "${nreboots}" -eq 1 ] && boot="boot" || boot="boots" + echo "Ignition: ran on ${d} (at least $nreboots $boot ago)" \ + > /run/issue.d/30_coreos_ignition_provisioning.issue +fi + +if jq -e .userConfigProvided "${IGNITION_RESULT}" &>/dev/null; then + echo "Ignition: user-provided config was applied" \ + >> /run/issue.d/30_coreos_ignition_provisioning.issue +else + echo -e "${WARN}Ignition: no config provided by user${RESET}" \ + >> /run/issue.d/30_coreos_ignition_provisioning.issue +fi + +# Our makeshift way of getting /run/issue.d semantics. See: +# https://github.com/coreos/console-login-helper-messages/blob/e06fc88ae8fbcc3a422bc8c686f70c15aebb9d9a/usr/lib/console-login-helper-messages/issue.defs#L8-L17 +ln -sf /run/issue.d/30_coreos_ignition_provisioning.issue /etc/issue.d/ diff --git a/config/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete b/nestos-config/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete old mode 100644 new mode 100755 similarity index 88% rename from config/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete rename to nestos-config/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete index b9d105c..3973d11 --- a/config/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete +++ b/nestos-config/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete @@ -9,7 +9,7 @@ fi # We're done provisioning. Remove the whole /boot/ignition directory if present, # which may include a baked Ignition config. See - +# https://github.com/coreos/fedora-coreos-tracker/issues/889. rm -rf /boot/ignition # Regarding the lack of `-f` for rm ; we should have only run if GRUB detected diff --git a/config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/LICENSE b/nestos-config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/LICENSE old mode 100644 new mode 100755 similarity index 96% rename from config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/LICENSE rename to nestos-config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/LICENSE index 660c822..b81e261 --- a/config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/LICENSE +++ b/nestos-config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/LICENSE @@ -1,4 +1,4 @@ -Copyright 2021 NestOS Authors. +Copyright 2018 Fedora CoreOS Authors. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the diff --git a/config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/README.md b/nestos-config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/README.md old mode 100644 new mode 100755 similarity index 64% rename from config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/README.md rename to nestos-config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/README.md index c966244..ba7a326 --- a/config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/README.md +++ b/nestos-config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/README.md @@ -1,12 +1,13 @@ -# nestos-config +# fedora-coreos-config -Today most components of NestOS are built as RPMs; this -is the main exception. nest-config is "architecture-independent glue" +Today most components of Fedora CoreOS are built as RPMs; this +is the main exception. fedora-coreos-config is "architecture-independent glue" and the overhead of building an RPM for each change is onerous. It's also *the* central point of management (e.g. it contains lockfiles), so having it be an RPM too would become circular. Instead, coreos-assembler directly consumes it. +The upstream git repository is: https://github.com/coreos/fedora-coreos-config From a running system, to find the source commit use: ``` diff --git a/nestos-config/overlay.d/08nouveau/etc/modprobe.d/blacklist-nouveau.conf b/nestos-config/overlay.d/08nouveau/etc/modprobe.d/blacklist-nouveau.conf new file mode 100755 index 0000000..0cc994e --- /dev/null +++ b/nestos-config/overlay.d/08nouveau/etc/modprobe.d/blacklist-nouveau.conf @@ -0,0 +1,2 @@ +# See https://bugzilla.redhat.com/show_bug.cgi?id=1700056 +blacklist nouveau diff --git a/nestos-config/overlay.d/08nouveau/statoverride b/nestos-config/overlay.d/08nouveau/statoverride new file mode 100755 index 0000000..27a95af --- /dev/null +++ b/nestos-config/overlay.d/08nouveau/statoverride @@ -0,0 +1,2 @@ +# Config file for overriding permission bits on overlay files/dirs +# Format: = diff --git a/config/overlay.d/09misc/etc/sysconfig/README b/nestos-config/overlay.d/09misc/etc/sysconfig/README old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/09misc/etc/sysconfig/README rename to nestos-config/overlay.d/09misc/etc/sysconfig/README diff --git a/nestos-config/overlay.d/09misc/statoverride b/nestos-config/overlay.d/09misc/statoverride new file mode 100755 index 0000000..27a95af --- /dev/null +++ b/nestos-config/overlay.d/09misc/statoverride @@ -0,0 +1,2 @@ +# Config file for overriding permission bits on overlay files/dirs +# Format: = diff --git a/nestos-config/overlay.d/14NetworkManager-plugins/statoverride b/nestos-config/overlay.d/14NetworkManager-plugins/statoverride new file mode 100755 index 0000000..27a95af --- /dev/null +++ b/nestos-config/overlay.d/14NetworkManager-plugins/statoverride @@ -0,0 +1,2 @@ +# Config file for overriding permission bits on overlay files/dirs +# Format: = diff --git a/config/overlay.d/14NetworkManager-plugins/usr/lib/NetworkManager/conf.d/10-disable-default-plugins.conf b/nestos-config/overlay.d/14NetworkManager-plugins/usr/lib/NetworkManager/conf.d/10-disable-default-plugins.conf old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/14NetworkManager-plugins/usr/lib/NetworkManager/conf.d/10-disable-default-plugins.conf rename to nestos-config/overlay.d/14NetworkManager-plugins/usr/lib/NetworkManager/conf.d/10-disable-default-plugins.conf diff --git a/config/overlay.d/15fcos/etc/ssh/sshd_config.d/40-disable-passwords.conf b/nestos-config/overlay.d/15fcos/etc/ssh/sshd_config.d/40-disable-passwords.conf old mode 100644 new mode 100755 similarity index 70% rename from config/overlay.d/15fcos/etc/ssh/sshd_config.d/40-disable-passwords.conf rename to nestos-config/overlay.d/15fcos/etc/ssh/sshd_config.d/40-disable-passwords.conf index f0faa50..5785acd --- a/config/overlay.d/15fcos/etc/ssh/sshd_config.d/40-disable-passwords.conf +++ b/nestos-config/overlay.d/15fcos/etc/ssh/sshd_config.d/40-disable-passwords.conf @@ -1,4 +1,5 @@ # Disable password logins by default. +# https://github.com/coreos/fedora-coreos-tracker/issues/138 # This file must sort before 50-redhat.conf, which enables # PasswordAuthentication. PasswordAuthentication no diff --git a/nestos-config/overlay.d/15fcos/statoverride b/nestos-config/overlay.d/15fcos/statoverride new file mode 100755 index 0000000..27a95af --- /dev/null +++ b/nestos-config/overlay.d/15fcos/statoverride @@ -0,0 +1,2 @@ +# Config file for overriding permission bits on overlay files/dirs +# Format: = diff --git a/config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-aws-nm-cloud-setup.ign b/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-aws-nm-cloud-setup.ign old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-aws-nm-cloud-setup.ign rename to nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-aws-nm-cloud-setup.ign diff --git a/config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-azure-nm-cloud-setup.ign b/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-azure-nm-cloud-setup.ign old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-azure-nm-cloud-setup.ign rename to nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-azure-nm-cloud-setup.ign diff --git a/config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-gcp-nm-cloud-setup.ign b/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-gcp-nm-cloud-setup.ign old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-gcp-nm-cloud-setup.ign rename to nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-gcp-nm-cloud-setup.ign diff --git a/config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/30-afterburn-sshkeys-core.ign b/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/30-afterburn-sshkeys-core.ign old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/30-afterburn-sshkeys-core.ign rename to nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/30-afterburn-sshkeys-core.ign diff --git a/config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/README.md b/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/README.md old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/README.md rename to nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/README.md diff --git a/config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/module-setup.sh b/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/module-setup.sh old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/module-setup.sh rename to nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/module-setup.sh diff --git a/config/overlay.d/15fcos/usr/lib/motd.d/tracker.motd b/nestos-config/overlay.d/15fcos/usr/lib/motd.d/tracker.motd old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/15fcos/usr/lib/motd.d/tracker.motd rename to nestos-config/overlay.d/15fcos/usr/lib/motd.d/tracker.motd diff --git a/config/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset b/nestos-config/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset old mode 100644 new mode 100755 similarity index 74% rename from config/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset rename to nestos-config/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset index eec4287..ad082ac --- a/config/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset +++ b/nestos-config/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset @@ -1,9 +1,8 @@ # User metrics client enable fedora-coreos-pinger.service -# Provide information if no ignition is provided -enable coreos-check-ignition-config.service enable coreos-check-ssh-keys.service # Check if cgroupsv1 is still being used enable coreos-check-cgroups.service # Clean up injected Ignition config in /boot on upgrade +# https://github.com/coreos/fedora-coreos-tracker/issues/889 enable coreos-cleanup-ignition-config.service diff --git a/config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-cgroups.service b/nestos-config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-cgroups.service old mode 100644 new mode 100755 similarity index 100% rename from config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-cgroups.service rename to nestos-config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-cgroups.service diff --git a/config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ssh-keys.service b/nestos-config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ssh-keys.service old mode 100644 new mode 100755 similarity index 85% rename from config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ssh-keys.service rename to nestos-config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ssh-keys.service index 793b26c..858e7ed --- a/config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ssh-keys.service +++ b/nestos-config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ssh-keys.service @@ -4,7 +4,7 @@ Description=Check that ssh-keys are added by Afterburn/Ignition # It allows other units to synchronize around any instance # of `afterburn-sshkeys@` and not just the `core` user. - +# See https://github.com/coreos/afterburn/pull/481 After=afterburn-sshkeys.target # Only perform checks on the first (Ignition) boot as they are # mostly useful only on that boot. This ensures systems started @@ -12,6 +12,8 @@ After=afterburn-sshkeys.target # get misleading messages. Also handles the case where the journal # gets rotated and no longer has the structured log messages. ConditionKernelCommandLine=ignition.firstboot +# Run before user sessions to avoid reloading agetty +Before=systemd-user-sessions.service [Service] Type=oneshot diff --git a/config/overlay.d/15fcos/usr/lib/systemd/system/coreos-cleanup-ignition-config.service b/nestos-config/overlay.d/15fcos/usr/lib/systemd/system/coreos-cleanup-ignition-config.service old mode 100644 new mode 100755 similarity index 86% rename from config/overlay.d/15fcos/usr/lib/systemd/system/coreos-cleanup-ignition-config.service rename to nestos-config/overlay.d/15fcos/usr/lib/systemd/system/coreos-cleanup-ignition-config.service index 2df7e2d..bb92341 --- a/config/overlay.d/15fcos/usr/lib/systemd/system/coreos-cleanup-ignition-config.service +++ b/nestos-config/overlay.d/15fcos/usr/lib/systemd/system/coreos-cleanup-ignition-config.service @@ -6,8 +6,6 @@ Documentation=https://github.com/coreos/fedora-coreos-tracker/issues/889 ConditionKernelCommandLine=!ignition.firstboot RequiresMountsFor=/boot ConditionPathExists=/boot/ignition -# We ship a kdump.service dropin that remounts /boot rw; avoid conflicts -Before=kdump.service [Service] Type=oneshot diff --git a/config/overlay.d/15fcos/usr/libexec/coreos-check-cgroups b/nestos-config/overlay.d/15fcos/usr/libexec/coreos-check-cgroups old mode 100644 new mode 100755 similarity index 92% rename from config/overlay.d/15fcos/usr/libexec/coreos-check-cgroups rename to nestos-config/overlay.d/15fcos/usr/libexec/coreos-check-cgroups index 8dfaf0c..39a68b7 --- a/config/overlay.d/15fcos/usr/libexec/coreos-check-cgroups +++ b/nestos-config/overlay.d/15fcos/usr/libexec/coreos-check-cgroups @@ -16,6 +16,7 @@ WARNING: This system is using cgroups v1. For increased reliability it is strongly recommended to migrate this system and your workloads to use cgroups v2. For instructions on how to adjust kernel arguments to use cgroups v2, see: +https://docs.fedoraproject.org/en-US/fedora-coreos/kernel-args/ To disable this warning, use: sudo systemctl disable coreos-check-cgroups.service diff --git a/config/overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys b/nestos-config/overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys old mode 100644 new mode 100755 similarity index 88% rename from config/overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys rename to nestos-config/overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys index f7182f5..7a7bc35 --- a/config/overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys +++ b/nestos-config/overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys @@ -7,7 +7,7 @@ main() { # No color nc='\033[0m' - + # See https://github.com/coreos/ignition/pull/964 for the MESSAGE_ID # source. It will track the authorized-ssh-keys entries in journald # provided via Ignition. ignitionusers=$( @@ -15,7 +15,7 @@ main() { jq -r '.MESSAGE' | \ xargs -I{} echo "Ignition: {}") - + # See https://github.com/coreos/afterburn/pull/397 for the MESSAGE_ID # source. It will track the authorized-ssh-keys entries in journald # provided via Afterburn. afterburnusers=$( @@ -41,10 +41,6 @@ main() { echo -e "${warn}No SSH authorized keys provided by Ignition or Afterburn${nc}" \ > /etc/issue.d/30_ssh_authorized_keys.issue fi - - # Ask all running agetty instances to reload and update their - # displayed prompts in case this script was run before agetty. - /usr/sbin/agetty --reload } main diff --git a/config/overlay.d/15fcos/usr/libexec/coreos-cleanup-ignition-config b/nestos-config/overlay.d/15fcos/usr/libexec/coreos-cleanup-ignition-config old mode 100644 new mode 100755 similarity index 78% rename from config/overlay.d/15fcos/usr/libexec/coreos-cleanup-ignition-config rename to nestos-config/overlay.d/15fcos/usr/libexec/coreos-cleanup-ignition-config index 172fb48..ee76687 --- a/config/overlay.d/15fcos/usr/libexec/coreos-cleanup-ignition-config +++ b/nestos-config/overlay.d/15fcos/usr/libexec/coreos-cleanup-ignition-config @@ -2,6 +2,7 @@ # # Clean up existing nodes that have a world-readable /boot/ignition/config.ign. # Remove this after the next barrier release on all streams. +# https://github.com/coreos/fedora-coreos-tracker/issues/889 set -euo pipefail diff --git a/nestos-config/overlay.d/20platform-chrony/statoverride b/nestos-config/overlay.d/20platform-chrony/statoverride new file mode 100755 index 0000000..27a95af --- /dev/null +++ b/nestos-config/overlay.d/20platform-chrony/statoverride @@ -0,0 +1,2 @@ +# Config file for overriding permission bits on overlay files/dirs +# Format: = diff --git a/config/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony b/nestos-config/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony old mode 100644 new mode 100755 similarity index 84% rename from config/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony rename to nestos-config/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony index d6136e8..958c6e1 --- a/config/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony +++ b/nestos-config/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony @@ -5,7 +5,14 @@ set -euo pipefail # that doesn't work for us because we have a single update stream. Hence # this generator dynamically inspects the platform and reconfigures chrony. # +# AWS: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html +# Azure: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/time-sync +# GCP: https://cloud.google.com/compute/docs/instances/managing-instances#configure-ntp +# +# Originally spawned from discussion in https://github.com/openshift/installer/pull/3513 +# Generators don't have logging right now +# https://github.com/systemd/systemd/issues/15638 exec 1>/dev/kmsg; exec 2>&1 self=$(basename $0) @@ -41,7 +48,7 @@ if [ ! -e /etc/sysconfig/network ] || ! grep -q "PEERNTP" /etc/sysconfig/network cat <> /etc/sysconfig/network # PEERNTP=no is automatically added by default when a platform-provided time # source is available, but this behavior may be overridden through an Ignition - +# config specifying PEERNTP=yes. See https://github.com/coreos/fedora-coreos-config/pull/412. PEERNTP=no EOF fi @@ -52,7 +59,7 @@ cat <