providers: setup network kernel arguments in initrd #390
Conversation
|
This only contains CLI glue, but no actual logic (neither a default nor platform-specific one), in order to first land some scaffolding which I already have in other WIP patches. /cc @jlebon |
This comment has been minimized.
This comment has been minimized.
lucab
force-pushed
the
ups/rd-network-kargs
branch
2 times, most recently
from
0a840d7 to
be5e1a7
Compare
|
From the |
|
Ahh and we need to update ignition in Fedora to pick up coreos/ignition-dracut#146 - that would have made debugging this instant and obvious. |
lucab
force-pushed
the
ups/rd-network-kargs
branch
from
be5e1a7 to
3b8c4fe
Compare
lucab
force-pushed
the
ups/rd-network-kargs
branch
from
3b8c4fe to
8c00f24
Compare
lucab
force-pushed
the
ups/rd-network-kargs
branch
from
8c00f24 to
c4c38de
Compare
|
@jlebon ack, good suggestions. I've rebased this on master, it should contain all the basic logic required for the default-juggling in coreos/fedora-coreos-tracker#460. |
src/initrd/mod.rs
Outdated
| use std::io::Write; | ||
|
|
||
| /// Path to cmdline.d fragment for network kernel arguments. | ||
| static KARGS_PATH: &str = "/etc/cmdline.d/50-afterburn-network-kargs"; |
There was a problem hiding this comment.
Self-note: .conf suffix was missing here.
lucab
force-pushed
the
ups/rd-network-kargs
branch
from
c4c38de to
f78f03a
Compare
|
Spot one silly issue when testing manually with coreos/coreos-assembler#1373. Fixed that, I didn't notice other issues and changing |
| OnFailureJobMode=isolate | ||
|
|
||
| [Service] | ||
| Environment=AFTERBURN_OPT_DEFAULT_VALUE=--default-value=ip=dhcp,dhcp6 |
There was a problem hiding this comment.
The kernel networking defaults are critically important value, and this feels like a rather obscure place for them to live.
How about we add them to fedora-coreos-config in e.g. /usr/share/coreos-default-network-kargs or something, and then here do:
EnvironmentFile=/usr/share/coreos-default-network-kargs
?
There was a problem hiding this comment.
I agree.
Though, this introduces an hard-requirement on a file which only lives in some -config repo.
Should I keep this current line and just add the EnvironmentFile=- afterwards, so that the explicit entry under -config is only overriding it if it exists?
There was a problem hiding this comment.
But then we have (potentially) two versions; we'd silently use this one if the other one happened to not exist or we typo'd a path.
Perhaps a build-time option is best? Would help enable other distributions.
There was a problem hiding this comment.
Yes, that's how overriding works by design.
There is also an in-code default here (which can be turned into a build-time option, yes, but I think the unit override is more useful and with lower complexity).
Unless you are actually thinking of making this a required parameter and dropping all the defaults from this repo. In which case, I can rework some bits so that the unit will actually fail if --default-value is missing, and inject that only via a -config dropin.
Is this UX closer to the flow you had in mind? That is, your preference is for a single definition with hard-fail, not multiple levels of overrides?
There was a problem hiding this comment.
I can rework some bits so that the unit will actually fail if --default-value is missing, and inject that only via a -config dropin.
Is this UX closer to the flow you had in mind? That is, your preference is for a single definition with hard-fail, not multiple levels of overrides?
I think so yes. This feels like a global property of the operating system that I wouldn't expect to be hardcoded in afterburn.
Think about how many gyrations we went through with the switch from dhcp to dhcp,dhcp6, having that be revs to afterburn.rpm just feels weird.
So yes, my proposal is that this is a file in some format (text, env foo=bar, JSON, whatever) that we ship in fedora-coreos-config.
(Although, complicating things is that it needs to end up in the initramfs so we'd need a new dracut "module" just to copy the file, but eh.)
This all said...I'm not opposed to landing this as is either to unblock further work and iterating on this as a followup.
There was a problem hiding this comment.
No worries, I'd rather get the integration/design part right upfront. I've pushed a fixup for the flow above. Thanks for the feedback!
|
@cgwalters @jlebon I've pushed a fixup to align the default-flow as suggested in review. It goes together with coreos/fedora-coreos-config#362. Feel free to review either here or there. |
lucab
force-pushed
the
ups/rd-network-kargs
branch
from
c386684 to
9367282
Compare
| # This service may produce additional kargs fragments, | ||
| # which are then consumed by dracut-cmdline(8). | ||
| DefaultDependencies=no | ||
| Before=dracut-cmdline.service |
There was a problem hiding this comment.
is there anything complicated that needs to happen before this service runs (i.e. device loading or anything to query information (like VMware guestinfo)? If so this might be pretty early.
There was a problem hiding this comment.
For VMware specifically, no (it goes via an IOPort, the logic here does not require the vm-tool daemon running).
In general yes, this is very-painfully-early. But this needs to run before the cmdline is assembled by dracut and then fed into the initqueue networking.
I didn't find any better locations given the current status of things, do you have alternative places?
There was a problem hiding this comment.
This is fine for now. If we hit a constraint in the future we can do what I do in the copy_firstboot_network code where we run after cmdline, but before initqueue and then just blank out the results of the earlier call to nm-initrd-generator. If we switch to that model we'll need to add some more ordering to the copy_firstboot_network service to run after afterburn.
There was a problem hiding this comment.
(Or, rework NM to run as a unit and not in the initqueue)
|
is the case where a user provides their own |
|
@dustymabe if the bootloader command line already contains an |
lucab
force-pushed
the
ups/rd-network-kargs
branch
from
9367282 to
71cca18
Compare
lucab
force-pushed
the
ups/rd-network-kargs
branch
from
71cca18 to
538a66b
Compare
lucab
force-pushed
the
ups/rd-network-kargs
branch
2 times, most recently
from
9ac90fc to
01b0a9e
Compare
|
Bump. May I ask for another review round and making sure that everybody is happy with the new approach to default kargs? If so, I think we can start merging coreos/fedora-coreos-config#362 to make CI happy here. |
This adds initial/experimental support for providing supplemental network kernel arguments in the initrd. It is meant to support environment where custom network kargs may be provided via a back-channel. Such arguments are only retrieved and applied on first boot, and their format is defined by dracut [0]. The feature is currently reachable as a dedicated subcommand, but this does not contain any platform-specific implementation. [0] https://mirrors.edge.kernel.org/pub/linux/utils/boot/dracut/dracut.html#_network
lucab
force-pushed
the
ups/rd-network-kargs
branch
from
01b0a9e to
bd6e461
Compare
|
The default config landed in both FCOS and RHCOS -config repos. I manually tested this on both with static and DHCP configuration, it works as designed. Merging. |
This adds initial/experimental support for providing supplemental
network kernel arguments in the initrd.
It is meant to support environment where custom network kargs may
be provided via a back-channel.
Such arguments are only retrieved and applied on first boot, and
their format is defined by dracut [0].
The feature is currently reachable as a dedicated subcommand,
but this does not contain any platform-specific implementation.
[0] https://mirrors.edge.kernel.org/pub/linux/utils/boot/dracut/dracut.html#_network