From ed4d12fe33e2eb2d09e4cd70e3e550ff8861d75d Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Mon, 27 Feb 2023 10:00:50 +0100 Subject: [PATCH] ignition: enable systemd firstboot condition through kargs This is a workaround to make the systemd believe it's firstboot when ignition runs on real firstboot. Right now, since we ship /etc/machine-id, systemd thinks it's not firstboot and ignition depends on it to run on the real firstboot to enable services from presets. Since this only applies to artifacts with ignition and changing machineid-compat at commit creation time may have undesiderable effect, we're doing it here as a stopgap. We may revisit this in the future. This patch also pins the version of osbuild because it depends on a fix for the ignition stage. Signed-off-by: Antonio Murdaca --- Schutzfile | 26 +++++++++---------- internal/manifest/commit_deployment.go | 12 ++++++++- internal/osbuild/ignition_stage.go | 1 + osbuild-composer.spec | 8 +++--- test/data/ansible/check_ostree.yaml | 23 ++++++++++++++++ .../centos_9-aarch64-edge_raw_image-boot.json | 7 ++++- ...arch64-edge_simplified_installer-boot.json | 7 ++++- .../centos_9-x86_64-edge_raw_image-boot.json | 7 ++++- ...x86_64-edge_simplified_installer-boot.json | 7 ++++- .../rhel_92-aarch64-edge_raw_image-boot.json | 7 ++++- ...arch64-edge_simplified_installer-boot.json | 7 ++++- .../rhel_92-x86_64-edge_raw_image-boot.json | 7 ++++- ...x86_64-edge_simplified_installer-boot.json | 7 ++++- 13 files changed, 100 insertions(+), 26 deletions(-) diff --git a/Schutzfile b/Schutzfile index 24eb54dae..ef342ee72 100644 --- a/Schutzfile +++ b/Schutzfile @@ -2,7 +2,7 @@ "fedora-36": { "dependencies": { "osbuild": { - "commit": "200c2b0129877c5b0c61a0c31fd3f663e1d39952" + "commit": "345b2a599788e0ce3090025c06a7480e7497a94d" } }, "repos": [ @@ -79,7 +79,7 @@ "fedora-37": { "dependencies": { "osbuild": { - "commit": "200c2b0129877c5b0c61a0c31fd3f663e1d39952" + "commit": "345b2a599788e0ce3090025c06a7480e7497a94d" } }, "repos": [ @@ -156,28 +156,28 @@ "rhel-8.4": { "dependencies": { "osbuild": { - "commit": "200c2b0129877c5b0c61a0c31fd3f663e1d39952" + "commit": "345b2a599788e0ce3090025c06a7480e7497a94d" } } }, "rhel-8.6": { "dependencies": { "osbuild": { - "commit": "200c2b0129877c5b0c61a0c31fd3f663e1d39952" + "commit": "345b2a599788e0ce3090025c06a7480e7497a94d" } } }, "rhel-8.7": { "dependencies": { "osbuild": { - "commit": "200c2b0129877c5b0c61a0c31fd3f663e1d39952" + "commit": "345b2a599788e0ce3090025c06a7480e7497a94d" } } }, "rhel-8.8": { "dependencies": { "osbuild": { - "commit": "200c2b0129877c5b0c61a0c31fd3f663e1d39952" + "commit": "345b2a599788e0ce3090025c06a7480e7497a94d" } }, "repos": [ @@ -223,21 +223,21 @@ "rhel-9.0": { "dependencies": { "osbuild": { - "commit": "200c2b0129877c5b0c61a0c31fd3f663e1d39952" + "commit": "345b2a599788e0ce3090025c06a7480e7497a94d" } } }, "rhel-9.1": { "dependencies": { "osbuild": { - "commit": "200c2b0129877c5b0c61a0c31fd3f663e1d39952" + "commit": "345b2a599788e0ce3090025c06a7480e7497a94d" } } }, "rhel-9.2": { "dependencies": { "osbuild": { - "commit": "200c2b0129877c5b0c61a0c31fd3f663e1d39952" + "commit": "345b2a599788e0ce3090025c06a7480e7497a94d" } }, "repos": [ @@ -283,21 +283,21 @@ "centos-8": { "dependencies": { "osbuild": { - "commit": "200c2b0129877c5b0c61a0c31fd3f663e1d39952" + "commit": "345b2a599788e0ce3090025c06a7480e7497a94d" } } }, "centos-9": { "dependencies": { "osbuild": { - "commit": "200c2b0129877c5b0c61a0c31fd3f663e1d39952" + "commit": "345b2a599788e0ce3090025c06a7480e7497a94d" } } }, "centos-stream-9": { "dependencies": { "osbuild": { - "commit": "200c2b0129877c5b0c61a0c31fd3f663e1d39952" + "commit": "345b2a599788e0ce3090025c06a7480e7497a94d" } }, "repos": [ @@ -343,7 +343,7 @@ "centos-stream-8": { "dependencies": { "osbuild": { - "commit": "200c2b0129877c5b0c61a0c31fd3f663e1d39952" + "commit": "345b2a599788e0ce3090025c06a7480e7497a94d" } }, "repos": [ diff --git a/internal/manifest/commit_deployment.go b/internal/manifest/commit_deployment.go index 80e58e3fb..71c535176 100644 --- a/internal/manifest/commit_deployment.go +++ b/internal/manifest/commit_deployment.go @@ -184,7 +184,17 @@ func (p *OSTreeDeployment) serialize() osbuild.Pipeline { } if p.ignition { - pipeline.AddStage(osbuild.NewIgnitionStage(&osbuild.IgnitionStageOptions{})) + pipeline.AddStage(osbuild.NewIgnitionStage(&osbuild.IgnitionStageOptions{ + // This is a workaround to make the systemd believe it's firstboot when ignition runs on real firstboot. + // Right now, since we ship /etc/machine-id, systemd thinks it's not firstboot and ignition depends on it + // to run on the real firstboot to enable services from presets. + // Since this only applies to artifacts with ignition and changing machineid-compat at commit creation time may + // have undesiderable effect, we're doing it here as a stopgap. We may revisit this in the future. + Network: []string{ + "systemd.firstboot=off", + "systemd.condition-first-boot=true", + }, + })) } // if no root password is set, lock the root account diff --git a/internal/osbuild/ignition_stage.go b/internal/osbuild/ignition_stage.go index e21c689d3..e7d7f5132 100644 --- a/internal/osbuild/ignition_stage.go +++ b/internal/osbuild/ignition_stage.go @@ -6,6 +6,7 @@ import ( ) type IgnitionStageOptions struct { + Network []string `json:"network,omitempty"` } func (IgnitionStageOptions) isStageOptions() {} diff --git a/osbuild-composer.spec b/osbuild-composer.spec index 8893cc39a..39c526dde 100644 --- a/osbuild-composer.spec +++ b/osbuild-composer.spec @@ -295,10 +295,10 @@ The core osbuild-composer binary. This is suitable both for spawning in containe Summary: The worker for osbuild-composer Requires: systemd Requires: qemu-img -Requires: osbuild >= 80 -Requires: osbuild-ostree >= 80 -Requires: osbuild-lvm2 >= 80 -Requires: osbuild-luks2 >= 80 +Requires: osbuild >= 81 +Requires: osbuild-ostree >= 81 +Requires: osbuild-lvm2 >= 81 +Requires: osbuild-luks2 >= 81 Requires: %{name}-dnf-json = %{version}-%{release} %description worker diff --git a/test/data/ansible/check_ostree.yaml b/test/data/ansible/check_ostree.yaml index 40faa9801..f8a035999 100644 --- a/test/data/ansible/check_ostree.yaml +++ b/test/data/ansible/check_ostree.yaml @@ -71,6 +71,29 @@ when: ignition == "true" and ((ansible_facts['distribution'] == 'RedHat' and ansible_facts['distribution_version'] is version('9.2', '>=')) or (ansible_facts['distribution'] == 'CentOS' and (ansible_facts['distribution_version'] == '9'))) + - name: check systemd service correctly started on firstboot + block: + + - name: check hello.service logs + command: journalctl -b -0 -u hello.service + register: result_hello_service_log + + - assert: + that: + - "'Hello, World!' in result_hello_service_log.stdout" + fail_msg: "hello.service doesn't have the correct log" + success_msg: "hello.service started and working" + + always: + - set_fact: + total_counter: "{{ total_counter | int + 1 }}" + rescue: + - name: failed count + 1 + set_fact: + failed_counter: "{{ failed_counter | int + 1 }}" + when: ignition == "true" and ((ansible_facts['distribution'] == 'RedHat' and ansible_facts['distribution_version'] is version('9.2', '>=')) or + (ansible_facts['distribution'] == 'CentOS' and (ansible_facts['distribution_version'] == '9'))) + - name: wait for FDO onboarding block: - wait_for: diff --git a/test/data/manifests/centos_9-aarch64-edge_raw_image-boot.json b/test/data/manifests/centos_9-aarch64-edge_raw_image-boot.json index ba42928f8..3d25bdb81 100644 --- a/test/data/manifests/centos_9-aarch64-edge_raw_image-boot.json +++ b/test/data/manifests/centos_9-aarch64-edge_raw_image-boot.json @@ -2263,7 +2263,12 @@ }, { "type": "org.osbuild.ignition", - "options": {} + "options": { + "network": [ + "systemd.firstboot=off", + "systemd.condition-first-boot=true" + ] + } }, { "type": "org.osbuild.users", diff --git a/test/data/manifests/centos_9-aarch64-edge_simplified_installer-boot.json b/test/data/manifests/centos_9-aarch64-edge_simplified_installer-boot.json index 5f84ed40a..fd61b1dd6 100644 --- a/test/data/manifests/centos_9-aarch64-edge_simplified_installer-boot.json +++ b/test/data/manifests/centos_9-aarch64-edge_simplified_installer-boot.json @@ -2647,7 +2647,12 @@ }, { "type": "org.osbuild.ignition", - "options": {} + "options": { + "network": [ + "systemd.firstboot=off", + "systemd.condition-first-boot=true" + ] + } }, { "type": "org.osbuild.users", diff --git a/test/data/manifests/centos_9-x86_64-edge_raw_image-boot.json b/test/data/manifests/centos_9-x86_64-edge_raw_image-boot.json index 0e48c56eb..24c53cebb 100644 --- a/test/data/manifests/centos_9-x86_64-edge_raw_image-boot.json +++ b/test/data/manifests/centos_9-x86_64-edge_raw_image-boot.json @@ -2390,7 +2390,12 @@ }, { "type": "org.osbuild.ignition", - "options": {} + "options": { + "network": [ + "systemd.firstboot=off", + "systemd.condition-first-boot=true" + ] + } }, { "type": "org.osbuild.users", diff --git a/test/data/manifests/centos_9-x86_64-edge_simplified_installer-boot.json b/test/data/manifests/centos_9-x86_64-edge_simplified_installer-boot.json index 5fcbd2ce0..47f1a397e 100644 --- a/test/data/manifests/centos_9-x86_64-edge_simplified_installer-boot.json +++ b/test/data/manifests/centos_9-x86_64-edge_simplified_installer-boot.json @@ -2702,7 +2702,12 @@ }, { "type": "org.osbuild.ignition", - "options": {} + "options": { + "network": [ + "systemd.firstboot=off", + "systemd.condition-first-boot=true" + ] + } }, { "type": "org.osbuild.users", diff --git a/test/data/manifests/rhel_92-aarch64-edge_raw_image-boot.json b/test/data/manifests/rhel_92-aarch64-edge_raw_image-boot.json index 9ce68872b..90736ecee 100644 --- a/test/data/manifests/rhel_92-aarch64-edge_raw_image-boot.json +++ b/test/data/manifests/rhel_92-aarch64-edge_raw_image-boot.json @@ -2271,7 +2271,12 @@ }, { "type": "org.osbuild.ignition", - "options": {} + "options": { + "network": [ + "systemd.firstboot=off", + "systemd.condition-first-boot=true" + ] + } }, { "type": "org.osbuild.users", diff --git a/test/data/manifests/rhel_92-aarch64-edge_simplified_installer-boot.json b/test/data/manifests/rhel_92-aarch64-edge_simplified_installer-boot.json index a5991042a..f3fee36b2 100644 --- a/test/data/manifests/rhel_92-aarch64-edge_simplified_installer-boot.json +++ b/test/data/manifests/rhel_92-aarch64-edge_simplified_installer-boot.json @@ -2655,7 +2655,12 @@ }, { "type": "org.osbuild.ignition", - "options": {} + "options": { + "network": [ + "systemd.firstboot=off", + "systemd.condition-first-boot=true" + ] + } }, { "type": "org.osbuild.users", diff --git a/test/data/manifests/rhel_92-x86_64-edge_raw_image-boot.json b/test/data/manifests/rhel_92-x86_64-edge_raw_image-boot.json index b67c4e3e9..6b241c10c 100644 --- a/test/data/manifests/rhel_92-x86_64-edge_raw_image-boot.json +++ b/test/data/manifests/rhel_92-x86_64-edge_raw_image-boot.json @@ -2391,7 +2391,12 @@ }, { "type": "org.osbuild.ignition", - "options": {} + "options": { + "network": [ + "systemd.firstboot=off", + "systemd.condition-first-boot=true" + ] + } }, { "type": "org.osbuild.users", diff --git a/test/data/manifests/rhel_92-x86_64-edge_simplified_installer-boot.json b/test/data/manifests/rhel_92-x86_64-edge_simplified_installer-boot.json index bb294d384..f8b3c5984 100644 --- a/test/data/manifests/rhel_92-x86_64-edge_simplified_installer-boot.json +++ b/test/data/manifests/rhel_92-x86_64-edge_simplified_installer-boot.json @@ -2703,7 +2703,12 @@ }, { "type": "org.osbuild.ignition", - "options": {} + "options": { + "network": [ + "systemd.firstboot=off", + "systemd.condition-first-boot=true" + ] + } }, { "type": "org.osbuild.users",