diff --git a/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset b/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset index 9c0a2761c4..4f332211f4 100644 --- a/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset +++ b/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset @@ -10,6 +10,8 @@ enable coreos-ignition-firstboot-complete.service # Delete Ignition config from provider on platforms where it's possible # https://github.com/coreos/ignition/pull/1350 enable ignition-delete-config.service +# Delete Ignition config from provider when upgrading existing nodes +enable coreos-ignition-delete-config.service # Boot checkin services for cloud providers. enable afterburn-checkin.service enable afterburn-firstboot-checkin.service diff --git a/overlay.d/05core/usr/lib/systemd/system/coreos-ignition-delete-config.service b/overlay.d/05core/usr/lib/systemd/system/coreos-ignition-delete-config.service new file mode 100644 index 0000000000..cdcea6200a --- /dev/null +++ b/overlay.d/05core/usr/lib/systemd/system/coreos-ignition-delete-config.service @@ -0,0 +1,28 @@ +# Can be removed from FCOS in Fedora 37 or after the next barrier release, +# whichever comes first. Can be removed from RHCOS in the first release +# after every node is guaranteed to have booted at least once with 4.11 or +# higher. + +[Unit] +Description=CoreOS Delete Ignition Config From Hypervisor +Documentation=https://coreos.github.io/ignition/ + +ConditionKernelCommandLine=|ignition.platform.id=virtualbox +ConditionKernelCommandLine=|ignition.platform.id=vmware +ConditionPathExists=!/var/lib/coreos-ignition-delete-config.stamp +# Hack: if the user masked ignition-delete-config.service, we shouldn't run +# either. +ConditionPathIsSymbolicLink=!/etc/systemd/system/ignition-delete-config.service + +# We check a stamp file written by ignition-delete-config.service. That +# service runs Before=sysinit.target, on which we have a default dependency, +# so this is really just documentation. +After=ignition-delete-config.service + +[Service] +Type=oneshot +ExecStart=/usr/libexec/coreos-ignition-delete-config +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/overlay.d/05core/usr/lib/systemd/system/ignition-delete-config.service.d/10-flag-file.conf b/overlay.d/05core/usr/lib/systemd/system/ignition-delete-config.service.d/10-flag-file.conf new file mode 100644 index 0000000000..e501d74dab --- /dev/null +++ b/overlay.d/05core/usr/lib/systemd/system/ignition-delete-config.service.d/10-flag-file.conf @@ -0,0 +1,7 @@ +# Create a flag file to notify coreos-ignition-delete-config.service that +# we've run, and put it in /run because /var isn't mounted yet. +# coreos-ignition-delete-config.service will then avoid trying to delete +# the config again, and will create a persistent stamp file in /var/lib. + +[Service] +ExecStart=/bin/touch /run/coreos-ignition-delete-config.stamp diff --git a/overlay.d/05core/usr/libexec/coreos-ignition-delete-config b/overlay.d/05core/usr/libexec/coreos-ignition-delete-config new file mode 100755 index 0000000000..59d4f0cf60 --- /dev/null +++ b/overlay.d/05core/usr/libexec/coreos-ignition-delete-config @@ -0,0 +1,23 @@ +#!/bin/bash + +set -euo pipefail + +cmdline=( $(