Skip to content

Commit

Permalink
35coreos-live/coreos-livepxe-rootfs: add in connectivity check before…
Browse files Browse the repository at this point in the history 
… downloading

This should help us get around some race conditions on startup
where we've seen curl exit with "No route to host" errors. This
most likely happens because the Networking in the kernel is still
being brought up (seen more in complex networking scenarios) and
curl hits that error the first time it tries. Since "No route to
host" isn't considered retryable, curl exits.

Instead let's just verify we can get to the remote at all in an
initial `curl --head` call. In this one we'll use --retry-all-errors
so that we will retry all errors. Once the connectivity to the remote
is verified then it should be safe to start downloading.

(cherry picked from commit b4a6586)
  • Loading branch information
@dustymabe @miabbott
dustymabe authored and miabbott committed May 17, 2021
1 parent 58fdf52 commit c8c74ac
Showing 1 changed file with 14 additions and 1 deletion.
15 changes: 14 additions & 1 deletion overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,24 @@ elif [[ -n "${rootfs_url}" ]]; then
echo "Please fix your PXE configuration." >&2
exit 1
fi

# First, reach out to the server to verify connectivity before
# trying to download and pipe content through other programs.
# Doing this allows us to retry all errors (including transient
# "no route to host" errors during startup), without using the
# --retry-all-errors, which is problematic (see curl man page)
# when piping the output.
curl_common_args="--silent --show-error --insecure --location --retry 5"
if ! curl --head --retry-all-errors $curl_common_args "${rootfs_url}" >/dev/null; then
echo "Couldn't establish connectivity with the server specified by coreos.live.rootfs_url=" >&2
echo "Check that the URL is correct and can be reached." >&2
exit 1
fi
# We don't need to verify TLS certificates because we're checking the
# image hash.
# bsdtar can read cpio archives and we already depend on it for
# coreos-liveiso-persist-osmet.service, so use it instead of cpio.
if ! curl --silent --show-error --insecure --location --retry 5 "${rootfs_url}" | \
if ! curl $curl_common_args "${rootfs_url}" | \
rdcore stream-hash /etc/coreos-live-want-rootfs | \
bsdtar -xf - -C / ; then
echo "Couldn't fetch, verify, and unpack image specified by coreos.live.rootfs_url=" >&2
Expand Down

0 comments on commit c8c74ac

Please sign in to comment.