add new features to file injector

This commit ads: - File permission support for IPA file injector - Adds the ability to start services on a live IPA - Configures file injector to run before the basic.target as this is a more robust way to ensure that the injector runs before IPA. Signed-off-by: Adam Rozman <adam.rozman@est.tech>
Nordix · Jan 22, 2024 · ac0b635 · ac0b635
1 parent 33b7a61
commit ac0b635
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 21 deletions.
diff --git a/..._scripts/ipa_builder_elements/ipa-file-injector/root.d/ipa-file-injector.service.template b/..._scripts/ipa_builder_elements/ipa-file-injector/root.d/ipa-file-injector.service.template
@@ -1,18 +1,15 @@
 [Unit]
 Description=IPA file injection process
-Before=network-pre.target
-Wants=network-pre.target
-After=local-fs.target
+After=network-pre.target
 
 [Service]
 Type=oneshot
 User=root
 ExecStart=/usr/bin/ipa-file-injector.sh
 RemainAfterExit=true
-
 StandardOutput=journal+console
 Environment=
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=basic.target
 
diff --git a/ci/scripts/image_scripts/ipa_builder_elements/ipa-file-injector/root.d/ipa-file-injector.sh b/ci/scripts/image_scripts/ipa_builder_elements/ipa-file-injector/root.d/ipa-file-injector.sh
@@ -7,19 +7,43 @@ set -eu
 # config-drive.
 
 copy_files_from_drive() {
- local MOUNT_POINT="$1"
- local MANIFEST="$2"
- local RETURN_VAL="0"
- if ! [ -f "${MANIFEST}" ]; then
- echo "ERROR: The config-drive's file injection manifest is not present here: ${MANIFEST}"
+ local mount_point="$1"
+ local manifest="$2"
+ if ! [[ -f "${manifest}" ]]; then
+ echo "ERROR: The config-drive's file injection manifest is not present here: ${manifest}"
  exit 1
  fi
- while IFS=":" read -r src dst; do
- if ! cp -r "${MOUNT_POINT}/${src}" "${dst}"; then
- RETURN_VAL="1"
+ while IFS=":" read -r src dst perm; do
+ # Copy file based on manifest definition.
+ if ! cp -r "${mount_point}/${src}" "${dst}"; then
+ echo "ERROR: command 'cp -r ${mount_point}/${src} ${dst}' has failed!"
+ exit 1
  fi
- done < "${MANIFEST}"
- return "${RETURN_VAL}"
+ # Set permissions for newly copied file.
+ if ! chmod "${perm:-644}" "${dst}"; then
+ echo "ERROR: command 'chmod ${perm:-644} ${dst}' has failed!"
+ exit 1
+ fi
+ done < "${manifest}"
+}
+
+configure_services() {
+ local mount_point="$1"
+ local manifest="$2"
+ if ! [[ -f "${manifest}" ]]; then
+ echo "INFO: The config-drive's service configuration manifest is not present here: ${manifest}"
+ echo "INFO: skipping systemd service configuration step."
+ return 0
+ fi
+ # Refresh the list of available unit files.
+ systemctl daemon-reload
+ while IFS=":" read -r service action; do
+ # Execute state transition on service.
+ if ! systemctl "${action}" "${service}"; then
+ echo "ERROR: command 'systemctl ${action} ${service}' has failed!"
+ exit 1
+ fi
+ done < "${manifest}"
 }
 
 # In case tehre is no config-drive label specifed, the script will
@@ -30,14 +54,14 @@ copy_files_from_drive() {
 CONFIG_DRIVE_LABEL="${FILE_INJECTOR_CONFIG_DRIVE_LABEL:-}"
 MOUNT_POINT="/mnt/config"
 
-if [ -z "${CONFIG_DRIVE_LABEL}" ]; then
+if [[ -z "${CONFIG_DRIVE_LABEL}" ]]; then
  if blkid -t LABEL="config-2" ; then
  CONFIG_DRIVE_LABEL="config-2"
  elif blkid -t LABEL="CONFIG-2" ; then
  CONFIG_DRIVE_LABEL="CONFIG-2"
  else
  echo "ERROR: There is no config-drive label specified and the default label is not present!"
- exit 1
+ exit 1
  fi
 fi
 
@@ -47,22 +71,22 @@ fi
 # blkid failures are ignored as they are handled explicitly later to help with debugging.
 mkdir -p "${MOUNT_POINT}"
 BLOCKDEV=$(blkid -L "${CONFIG_DRIVE_LABEL}") || true
-if [ -z "${BLOCKDEV}" ]; then
+if [[ -z "${BLOCKDEV}" ]]; then
  echo "ERROR: The block device with the ${CONFIG_DRIVE_LABEL} label can't be found!"
  exit 1
 fi
 TYPE=$(blkid -t LABEL="${CONFIG_DRIVE_LABEL}" -s TYPE -o value || true )
 
 # Mounting won't fail if the mount already exists
 # If the mount didn't exists at all it is expected to fail in the copy_files_from_drive function
-if [ "${TYPE}" == 'vfat' ]; then
+if [[ "${TYPE}" == 'vfat' ]]; then
  mount -t vfat -o umask=0077 "${BLOCKDEV}" "${MOUNT_POINT}" || true
-elif [ "${TYPE}" == 'iso9660' ]; then
+elif [[ "${TYPE}" == 'iso9660' ]]; then
  mount -t iso9660 -o ro,mode=0700 "${BLOCKDEV}" "${MOUNT_POINT}" || true
 else
  mount -o mode=0700 "${BLOCKDEV}" "${MOUNT_POINT}" || true
 fi
 
 # Execute the copying process
 copy_files_from_drive "${MOUNT_POINT}" "${MOUNT_POINT}/file_injection.manifest"
-
+configure_services "${MOUNT_POINT}" "${MOUNT_POINT}/service_config.manifest"