40ignition-ostree/ignition-ostree-growfs: Fix Secure Execution firstb…

…oot error

Ensure that /dev/disk/by-label/root is present before running service.
Do not try to mount disk when running in Secure Execution mode.

Fixes: openshift/os#1264

Signed-off-by: Jan Schintag <[email protected]>

overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service

@@ -3,6 +3,7 @@ Description=Ignition OSTree: Grow Root Filesystem
 DefaultDependencies=false
 ConditionKernelCommandLine=ostree
 ConditionPathExists=!/run/ostree-live
+Require=/dev/disk/by-label/root
 Before=initrd-root-fs.target
 Before=sysroot.mount ignition-ostree-mount-firstboot-sysroot.service
 After=ignition-ostree-uuid-root.service
@@ -12,4 +13,4 @@ Type=oneshot
 ExecStart=/usr/sbin/ignition-ostree-growfs
 RemainAfterExit=yes
 # So we can transiently mount sysroot
-MountFlags=slave
+MountFlags=slave

overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh

@@ -35,19 +35,19 @@ fi
 # partition *before* ignition-disks.
 saved_partstate=/run/ignition-ostree-rootfs-partstate.sh
 
+# In the IBM Secure Execution case we use Ignition to grow and reencrypt rootfs
+# see overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-diskful-generator
+if [[ -f /run/coreos/secure-execution ]]; then
+    exit 0
+fi
+
 # We run before the rootfs is mounted at /sysroot, but we still need to mount it
 # (in a private namespace) since XFS and Btrfs can only do resizing online (EXT4
 # can do either).
 path=/sysroot
 src=/dev/disk/by-label/root
 mount "${src}" "${path}"
 
-# In the IBM Secure Execution case we use Ignition to grow and reencrypt rootfs
-# see overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-diskful-generator
-if [[ -f /run/coreos/secure-execution ]]; then
-    exit 0
-fi
-
 if [ ! -f "${saved_partstate}" ]; then
     partition=$(realpath /dev/disk/by-label/root)
 else