Add fsck to dracut modules #1352
Conversation
| @@ -29,7 +29,7 @@ install() { | |||
| # Include utilities required for cos-setup services, | |||
| # probably a devoted cos-setup dracut module makes sense | |||
| inst_multiple -o \ | |||
| partprobe sync udevadm lsblk sgdisk parted mkfs.ext2 mkfs.ext3 mkfs.ext4 mkfs.vfat mkfs.fat mkfs.xfs blkid e2fsck resize2fs mount xfs_growfs umount | |||
| /usr/lib/systemd/systemd-fsck partprobe sync udevadm lsblk sgdisk parted mkfs.ext2 mkfs.ext3 mkfs.ext4 mkfs.vfat mkfs.fat mkfs.xfs blkid e2fsck resize2fs mount xfs_growfs umount | |||
There was a problem hiding this comment.
this should be already included - BUT - I feel more safe being explicit here. I'm not sure if there is any reason to NOT do it.
There was a problem hiding this comment.
I don't think there is any reason not to do it. However this is part of the 00systemd module here https://github.com/dracutdevs/dracut/blob/1befc6416743a527824f0f2cc25471e86a6f8a79/modules.d/00systemd/module-setup.sh#L33-L41 so from a dracut perspective I guess the proper way of enforcing it would be to require systemd module in depends function. I doubt we explicitly require systemd module anywhere, assuming it is already there, which could not be the case.
So, I'd suggest adding systemd in depends, then keep this systemd-fsckinclusion here is good to explicitly tell we make use of systemd-fsck. I am wondering if shouldn't we use the ${systemdutildir} variable instead of the absolute path, just incase there are divergences on distros or the installation path of systemd evolves.
There was a problem hiding this comment.
Fixed, thanks for the pointers!
|
mmm seems the tpm.mount in tumbleweed is in /usr/lib/systemd/system/tmp.mount as opposed to leap where is in /usr/share/systemd/tmp.mount |
| exit 0 | ||
| else | ||
| umount "${cos_state}" | ||
| fi | ||
| done | ||
| } | ||
|
|
||
| function dofsCheck { | ||
| # Iterate over current partitions |
There was a problem hiding this comment.
@davidcassany here while testing I corrupted COS_PERSISTENT in a way that no labels were properly detected anymore, but by running efsck on the disk id manually I could restore them just fine. When no labels are identified, it just skips all our loops, as we loop over labels
Since this could happen, I'm back at scanning all the partitions found. I'm not sure if this is maybe too invasive on some front and maybe better to make it opt-in - but on the other hand I don't see why someone would disable a fscheck integrity utility running on boot. I guess, in that case fsck.mode=skip could be passed, so I didn't felt to add any option to instrument it even more.
ee3d14c to
1399503
Compare
|
who did forgot to bump initrd? me! |
|
ok, tested locally and seems to work just fine, I've enabled it now by default on the default |
|
Just waiting for tests to pass, but should be good for review as I've checked locally and works |
|
oh my, tests went green |
Signed-off-by: Ettore Di Giacinto <edigiacinto@suse.com>
Signed-off-by: Ettore Di Giacinto <edigiacinto@suse.com>
Signed-off-by: Ettore Di Giacinto <edigiacinto@suse.com>
Derivatives can opt-out from it by specifying a custom bootargs.cfg Signed-off-by: Ettore Di Giacinto <edigiacinto@suse.com>
Signed-off-by: Ettore Di Giacinto <edigiacinto@suse.com>
Signed-off-by: Ettore Di Giacinto <edigiacinto@suse.com>
Signed-off-by: Ettore Di Giacinto <edigiacinto@suse.com>
| - | | ||
| /bin/bash -c " \ | ||
| if [ -e /usr/share/systemd/tmp.mount ]; then \ | ||
| cp /usr/share/systemd/tmp.mount /etc/systemd/system; \ |
There was a problem hiding this comment.
is this something to do with the underlying distro change?
There was a problem hiding this comment.
could be, note that TW alreay has this mountpoint by default, probably SLE for rancher too. The old logic was valid when opensuse meant leap, if we include TW, this logic is safer.
There was a problem hiding this comment.
yup exactly, this happens to be in two different places - tw and leap have it differently
Yes this is just because Leap has not done the switch to tmpfs mount in |
| @@ -2,4 +2,4 @@ hostonly_cmdline="no" | |||
| hostonly="no" | |||
| compress="xz" | |||
| omit_dracutmodules+=" multipath " | |||
| add_dracutmodules+=" livenet dmsquash-live " | |||
| add_dracutmodules+=" fs-lib livenet dmsquash-live " | |||
There was a problem hiding this comment.
mmm I am not so sure about it. If this is a dependency of systemd-fsck I doubt it should be here. Instead better add it in depends() in packages/immutable-rootfs/30cos-immutable-rootfs/module-setup.sh, so each installation of the immutable-rootfs module will also pull and include this dracut module.
|
|
||
| # FSCHECK if cos_root_perm == "ro" on both | ||
| if [ "$cos_root_perm" == "ro" ]; then | ||
| /usr/lib/systemd/systemd-fsck "/dev/disk/by-label/${label}" |
There was a problem hiding this comment.
This absolute path frightens me... I am not sure if we have the ${systemdutilsdir} variable here, I doubt it though. Probably we could install a symlink under /sbin in module_setup.sh and just use systemd-fsck here?
There was a problem hiding this comment.
I know, it frightens me as well, but the fact that systemd-fsck is not having a binary in /sbin etc hold me off from doing any special setup. I just wonder why is not installed as a normal binary to begin with ?!
There was a problem hiding this comment.
There was a problem hiding this comment.
mmh but might not be just available when calling it inside scripts. I just wonder how dracut handles it as its used already?
There was a problem hiding this comment.
should be fixed now!
| depends() { | ||
| echo rootfs-block dm | ||
| echo rootfs-block dm fs-lib |
There was a problem hiding this comment.
If fs-lib is here, then it should not be needed in dracut.conf file.
There was a problem hiding this comment.
ouch good catch, I think it slipped in while I was testing
| - | | ||
| /bin/bash -c " \ | ||
| if [ -e /usr/share/systemd/tmp.mount ]; then \ | ||
| cp /usr/share/systemd/tmp.mount /etc/systemd/system; \ |
There was a problem hiding this comment.
could be, note that TW alreay has this mountpoint by default, probably SLE for rancher too. The old logic was valid when opensuse meant leap, if we include TW, this logic is safer.
| @@ -2,7 +2,7 @@ set kernel=/boot/vmlinuz | |||
| if [ -n "$recoverylabel" ]; then | |||
| set kernelcmd="console=tty1 console=ttyS0 root=live:LABEL=$recoverylabel rd.live.dir=/ rd.live.squashimg=$img panic=5 rd.neednet=1 rd.cos.oemlabel=@OEM_LABEL@" | |||
| else | |||
| set kernelcmd="console=tty1 console=ttyS0 root=LABEL=$label cos-img/filename=$img panic=5 security=selinux selinux=1 rd.neednet=1 rd.cos.oemlabel=@OEM_LABEL@" | |||
| set kernelcmd="console=tty1 console=ttyS0 root=LABEL=$label cos-img/filename=$img panic=5 security=selinux selinux=1 rd.neednet=1 rd.cos.oemlabel=@OEM_LABEL@ fsck.mode=force fsck.repair=yes" | |||
There was a problem hiding this comment.
I don't see any fsck.repair definition, hence I guess this is something that systemd-fsck parses, right? If this something custom from our side I'd suggest defining it with the rd.cos... prefix, I think it is not the case though, just to double check.
There was a problem hiding this comment.
yup, those are read by systemd-fsck directly, so we don't need to do any special handling ourselves 🥳
Signed-off-by: Ettore Di Giacinto <edigiacinto@suse.com>
Signed-off-by: Ettore Di Giacinto <edigiacinto@suse.com>
Signed-off-by: Ettore Di Giacinto <edigiacinto@suse.com>
Also sets up fsck.repair=yes and fsck.mode=force by default.
Derivatives can opt-out by providing their own bootargs.cfg
Fixes: #1323
Signed-off-by: Ettore Di Giacinto edigiacinto@suse.com