Skip to content

Commit

Permalink
15coreos-network: Add new unit to remove firstboot networking config
Browse files Browse the repository at this point in the history
We would like to mount `/boot` read-only in the real root, so add a
new unit in 15coreos-network to temporarily mount /boot rw and clean
up firstboot networking configuration files late in the initramfs.
Remove the current 15-coreos-firstboot-network.conf since it would
not work once `/boot` is mounted ro.

xref #659
  • Loading branch information
kelvinfan001 committed Nov 19, 2020
1 parent 599311b commit 416b77c
Show file tree
Hide file tree
Showing 4 changed files with 52 additions and 4 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
# This unit will run late in the initrd process and clean up firstboot
# networking config files if the user copied them into the installed
# system (most likely by using `coreos-installer install --copy-network`).
# We want to make sure the firstboot networking config files in /boot are
# cleaned up only after Ignition completed successfully.

[Unit]
Description=CoreOS Clean Up Firstboot Networking Config
ConditionPathExists=/usr/lib/initrd-release
OnFailure=emergency.target
OnFailureJobMode=isolate

# Since we are mounting /boot/, require the device first
Requires=dev-disk-by\x2dlabel-boot.device
After=dev-disk-by\x2dlabel-boot.device
# Start after Ignition has finished
After=ignition-files.service

[Service]
Type=oneshot
ExecStart=/usr/sbin/coreos-cleanup-firstboot-network
RemainAfterExit=no
# MountFlags=slave is so the umount of /boot is guaranteed to happen.
# /boot will only be mounted for the lifetime of the unit.
MountFlags=slave
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
#!/bin/bash
set -euo pipefail

# For a description of how this is used, see coreos-cleanup-firstboot-network.service

bootmnt=/mnt/boot_partition
mkdir -p ${bootmnt}
bootdev=/dev/disk/by-label/boot
firstboot_network_dir_basename="coreos-firstboot-network"
initramfs_firstboot_network_dir="${bootmnt}/${firstboot_network_dir_basename}"

# Mount /boot. Note that we mount /boot but we don't unmount it because we
# are run in a systemd unit with MountFlags=slave so it is unmounted for us.
mount -o rw ${bootdev} ${bootmnt}

if [ -n "$(ls -A ${initramfs_firstboot_network_dir} 2>/dev/null)" ]; then
# Clean up the files that were placed into boot (most likely by coreos-installer)
rm -r ${initramfs_firstboot_network_dir}
else
echo "info: no firstboot networking config files to clean from /boot. skipping"
fi
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,6 @@ if [ -n "$(ls -A ${initramfs_firstboot_network_dir} 2>/dev/null)" ]; then
echo "info: copying files from ${initramfs_firstboot_network_dir} to ${initramfs_network_dir}"
mkdir -p ${initramfs_network_dir}
cp -v ${initramfs_firstboot_network_dir}/* ${initramfs_network_dir}/
# If we make it to the realroot (successfully ran ignition) then
# clean up the files in the firstboot network dir
echo "R ${realroot_firstboot_network_dir} - - - - -" > \
/run/tmpfiles.d/15-coreos-firstboot-network.conf
else
echo "info: no files to copy from ${initramfs_firstboot_network_dir}. skipping"
fi
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,12 @@ install() {
install_and_enable_unit "coreos-copy-firstboot-network.service" \
"ignition-diskful.target"

inst_simple "$moddir/coreos-cleanup-firstboot-network.sh" \
"/usr/sbin/coreos-cleanup-firstboot-network"
# Similar to above, only run when the system has disks.
install_and_enable_unit "coreos-cleanup-firstboot-network.service" \
"ignition-diskful.target"

# Dropin with firstboot network configuration kargs, applied via
# Afterburn.
inst_simple "$moddir/50-afterburn-network-kargs-default.conf" \
Expand Down

0 comments on commit 416b77c

Please sign in to comment.