-
Notifications
You must be signed in to change notification settings - Fork 159
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
15coreos-network: Add new unit to remove firstboot networking config
We would like to mount `/boot` read-only in the real root, so add a new unit in 15coreos-network to temporarily mount /boot rw and clean up firstboot networking configuration files late in the initramfs. Remove the current 15-coreos-firstboot-network.conf since it would not work once `/boot` is mounted ro. xref #659
- Loading branch information
1 parent
599311b
commit 416b77c
Showing
4 changed files
with
52 additions
and
4 deletions.
There are no files selected for viewing
25 changes: 25 additions & 0 deletions
25
...05core/usr/lib/dracut/modules.d/15coreos-network/coreos-cleanup-firstboot-network.service
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
# This unit will run late in the initrd process and clean up firstboot | ||
# networking config files if the user copied them into the installed | ||
# system (most likely by using `coreos-installer install --copy-network`). | ||
# We want to make sure the firstboot networking config files in /boot are | ||
# cleaned up only after Ignition completed successfully. | ||
|
||
[Unit] | ||
Description=CoreOS Clean Up Firstboot Networking Config | ||
ConditionPathExists=/usr/lib/initrd-release | ||
OnFailure=emergency.target | ||
OnFailureJobMode=isolate | ||
|
||
# Since we are mounting /boot/, require the device first | ||
Requires=dev-disk-by\x2dlabel-boot.device | ||
After=dev-disk-by\x2dlabel-boot.device | ||
# Start after Ignition has finished | ||
After=ignition-files.service | ||
|
||
[Service] | ||
Type=oneshot | ||
ExecStart=/usr/sbin/coreos-cleanup-firstboot-network | ||
RemainAfterExit=no | ||
# MountFlags=slave is so the umount of /boot is guaranteed to happen. | ||
# /boot will only be mounted for the lifetime of the unit. | ||
MountFlags=slave |
21 changes: 21 additions & 0 deletions
21
...ay.d/05core/usr/lib/dracut/modules.d/15coreos-network/coreos-cleanup-firstboot-network.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
#!/bin/bash | ||
set -euo pipefail | ||
|
||
# For a description of how this is used, see coreos-cleanup-firstboot-network.service | ||
|
||
bootmnt=/mnt/boot_partition | ||
mkdir -p ${bootmnt} | ||
bootdev=/dev/disk/by-label/boot | ||
firstboot_network_dir_basename="coreos-firstboot-network" | ||
initramfs_firstboot_network_dir="${bootmnt}/${firstboot_network_dir_basename}" | ||
|
||
# Mount /boot. Note that we mount /boot but we don't unmount it because we | ||
# are run in a systemd unit with MountFlags=slave so it is unmounted for us. | ||
mount -o rw ${bootdev} ${bootmnt} | ||
|
||
if [ -n "$(ls -A ${initramfs_firstboot_network_dir} 2>/dev/null)" ]; then | ||
# Clean up the files that were placed into boot (most likely by coreos-installer) | ||
rm -r ${initramfs_firstboot_network_dir} | ||
else | ||
echo "info: no firstboot networking config files to clean from /boot. skipping" | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters