overlay/ignition-ostree: Initial support for rootfs replacement

This adds basic infrastructure units for "re-provisioning"
the root filesystem.  See:
coreos/fedora-coreos-tracker#94

A unit first detects if the Ignition configuration has a filesystem
with the label `root` - if so, we save the rootfs into RAM, let
`ignition-disks.service` run, then restore it from RAM.

Earlier attempts copied the files into `tmpfs`; this instead
uses the `brd` kernel module which is a RAM-backed block
device so we can just `dd`.  This a faster and more reliable way
to save the rootfs.  However, `brd` doesn't support discards,
so we require at minimum $rootfs_size RAM (e.g. 3G) until reprovisioning
is complete.  In the future I might investigate trying a `tmpfs`
again as that better integrates with the page cache and doesn't
have the discard issue.  But it requires more work to save the rootfs.

Future work here will likely more the `restore` phase into
`rpm-ostree`.

overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-dracut-rootfs.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+set -euo pipefail
+
+rootdisk=/dev/disk/by-label/root
+rootmnt=/sysroot
+tmproot=/run/ignition-ostree-rootfs
+saved_rootmnt=${tmproot}/orig-sysroot
+memdev=/dev/ram0
+
+case "${1:-}" in
+    detect)
+        # This is obviously crude; perhaps in the future we could change ignition's `fetch`
+        # stage to write out a file if the rootfs is being replaced or so.  But eh, it
+        # works for now.
+        has_rootfs=$(jq '.storage?.filesystems? // [] | map(select(.label == "root")) | length' < /run/ignition.json)
+        if [ "${has_rootfs}" = "0" ]; then
+            exit 0
+        fi
+        echo "Detected rootfs replacement in fetched Ignition config: /run/ignition.json"
+        mkdir "${tmproot}"
+        ;;
+    save)
+        size=$(lsblk -bn -o SIZE "${rootdisk}")
+        sizekbs="$(($size / 1024 + 1))"
+        if lsmod | grep -q brd; then
+            echo 'error: brd module is already loaded' 1>&2; exit 1
+        fi
+        modprobe brd rd_nr=1 rd_size="$sizekbs" max_part=1
+        echo "Moving rootfs to RAM..."
+        dd "if=${rootdisk}" "of=${memdev}" bs=8M
+        echo "Moved rootfs to RAM, pending redeployment: ${memdev}"
+        ;;
+    restore)
+        # This one is in a private mount namespace since we're not "offically" mounting
+        mount "$rootdisk" $rootmnt
+        # This can occur when specifying `wipeFilesystem: false`; TODO detect that above
+        if [ -d "${rootmnt}/boot" ]; then
+            echo "NOTE: Detected Ignition rootfs replacement, but filesystem is not empty"
+            exit 0
+        fi
+        echo "Restoring rootfs from RAM..."
+        mkdir "${saved_rootmnt}"
+        mount "${memdev}" "${saved_rootmnt}"
+        # Remove the immutable bits so we can use `mv`
+        chattr -i ${saved_rootmnt} ${saved_rootmnt}/ostree/deploy/*/deploy/*.0
+        for x in .coreos-aleph-version.json boot ostree; do
+            mv -Tn ${saved_rootmnt}/${x} ${rootmnt}/${x}
+        done
+        # And restore the immutable bits
+        chattr +i ${rootmnt}/ostree/deploy/*/deploy/*.0 ${rootmnt}
+        echo "...done"
+        umount $rootmnt
+        umount $saved_rootmnt
+        rmmod brd
+        rm -rf "${tmproot}"
+        ;;
+    *)
+        echo "Unsupported operation: ${1:-}"
+        ;;
+esac

overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-rootfs-detect.service

@@ -0,0 +1,18 @@
+[Unit]
+Description=Ignition OSTree: detect rootfs replacement
+DefaultDependencies=false
+After=ignition-fetch.service
+Before=ignition-disks.service
+Before=initrd-root-fs.target
+Before=sysroot.mount
+ConditionKernelCommandLine=ostree
+
+# This stage requires udevd to detect disks
+Requires=systemd-udevd.service
+After=systemd-udevd.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+EnvironmentFile=/run/ignition.env
+ExecStart=/usr/libexec/ignition-ostree-dracut-rootfs detect

overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-rootfs-restore.service

@@ -0,0 +1,17 @@
+[Unit]
+Description=Ignition OSTree: restore rootfs
+DefaultDependencies=false
+After=ignition-disks.service
+Before=ignition-ostree-growfs.service
+Before=ignition-ostree-mount-firstboot-sysroot.service
+
+ConditionKernelCommandLine=ostree
+ConditionPathIsDirectory=/run/ignition-ostree-rootfs
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+EnvironmentFile=/run/ignition.env
+# So we can transiently mount sysroot
+MountFlags=slave
+ExecStart=/usr/libexec/ignition-ostree-dracut-rootfs restore

overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-rootfs-save.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=Ignition OSTree: save rootfs
+DefaultDependencies=false
+After=ignition-ostree-rootfs-detect.service
+Before=ignition-disks.service
+ConditionKernelCommandLine=ostree
+ConditionPathIsDirectory=/run/ignition-ostree-rootfs
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+EnvironmentFile=/run/ignition.env
+# So we can transiently mount sysroot
+MountFlags=slave
+ExecStart=/usr/libexec/ignition-ostree-dracut-rootfs save

overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh

@@ -31,6 +31,12 @@ install() {
         inst_script "$moddir/ignition-ostree-${x}-var.sh" "/usr/sbin/ignition-ostree-${x}-var"
     done
 
+    inst_multiple jq chattr getfattr lsmod dd modprobe
+    inst_script "$moddir/ignition-ostree-dracut-rootfs.sh" "/usr/libexec/ignition-ostree-dracut-rootfs"
+    for x in detect save restore; do
+        install_ignition_unit ignition-ostree-rootfs-${x}.service
+    done
+
     install_ignition_unit ignition-ostree-mount-firstboot-sysroot.service
     install_ignition_unit ignition-ostree-mount-subsequent-sysroot.service subsequent
     inst_script "$moddir/ignition-ostree-mount-sysroot.sh" \