Enable the use of the OverlayFS for the LiveOS root filesystem. #107
Conversation
|
Mailing list post: http://article.gmane.org/gmane.linux.kernel.initramfs/4308 |
|
This is worth exploring, but if it can't support SELinux it can't be used for live installations. We also need to make sure that /dev/mapper/live-base or something similar points to the original base filesystem so that local changes don't get copied to the target during installation. |
|
This version continues to provide The purpose of this version is to provide a means to optionally boot an OverlayFS version of LiveOS in Fedora Rawhide so that others can test its features and limitations, with the hope that those with expertise in SELinux and other affected components could explore adaptations to complete the integration. |
|
Can one of the admins verify this patch? |
1 similar comment
|
Can one of the admins verify this patch? |
|
ok to test |
|
Can one of the admins verify this patch? |
FGrose
force-pushed
the
overlayfs
branch
3 times, most recently
from
ce9fe44 to
52fb5cf
Compare
|
@centos-ci |
|
@centos-ci |
|
I force pushed amended commits to simplify checking the overlayfs commandline argument for those cases where only one check is needed. |
|
I force pushed a couple of fixes: 1. to better deal with the readonly_overlay code path for OverlayFS, and 2. to take advantage of the $sz variable while setting up live-osimg-min. diff --git a/modules.d/90dmsquash-live/dmsquash-live-root.sh b/modules.d/90dmsquash-live/dmsquash-live-root.sh
index 987065b..60ef6c1 100755
--- a/modules.d/90dmsquash-live/dmsquash-live-root.sh
+++ b/modules.d/90dmsquash-live/dmsquash-live-root.sh
@@ -164,13 +164,15 @@ do_live_overlay() {
# set up the snapshot
sz=$(blockdev --getsz $BASE_LOOPDEV)
- if [ -n "$readonly_overlay" ]; then
- echo 0 $sz snapshot $BASE_LOOPDEV $OVERLAY_LOOPDEV P 8 | dmsetup create --readonly live-ro
- base="/dev/mapper/live-ro"
- over=$RO_OVERLAY_LOOPDEV
- else
- base=$BASE_LOOPDEV
- over=$OVERLAY_LOOPDEV
+ if [ -z "$overlayfs" ]; then
+ if [ -n "$readonly_overlay" ]; then
+ echo 0 $sz snapshot $BASE_LOOPDEV $OVERLAY_LOOPDEV P 8 | dmsetup create --readonly live-ro
+ base="/dev/mapper/live-ro"
+ over=$RO_OVERLAY_LOOPDEV
+ else
+ base=$BASE_LOOPDEV
+ over=$OVERLAY_LOOPDEV
+ fi
fi
if [ -n "$thin_snapshot" ]; then
@@ -295,7 +297,7 @@ fi
if [ -b "$OSMIN_LOOPDEV" ]; then
# set up the devicemapper snapshot device, which will merge
# the normal live fs image, and the delta, into a minimzied fs image
- echo "0 $( blockdev --getsz $BASE_LOOPDEV ) snapshot $BASE_LOOPDEV $OSMIN_LOOPDEV P 8" | dmsetup create --readonly live-osimg-min
+ echo "0 $sz snapshot $BASE_LOOPDEV $OSMIN_LOOPDEV P 8" | dmsetup create --readonly live-osimg-min
fi
ROOTFLAGS="$(getarg rootflags)"
@@ -306,8 +308,8 @@ fi
if [ -n "$overlayfs" ]; then
mkdir -m 0755 /run/rootfsbase
if [ -n "$reset_overlay" ] && [ -L /run/overlayfs ]; then
- rm -r -- $(readlink /run/overlayfs)
- mkdir -m 0755 $(readlink /run/overlayfs)
+ ovlfs=$(readlink /run/overlayfs)
+ rm -r -- ${ovlfs}/* ${ovlfs}/.*
fi
if [ -n "$readonly_overlay" ]; then
mkdir -m 0755 /run/rootfsbase-r |
|
Wouldn't that lead to error messages like: |
|
@centos-ci |
|
@centos-ci |
FGrose
force-pushed
the
overlayfs
branch
2 times, most recently
from
e818087 to
ea30a6d
Compare
|
@haraldh re: I've force pushed a couple more fixes: 1. to deal properly with a missing OverlayFS overlay or an empty/zeroed DM overlay, and 2. to die if diff --git a/usr/lib/dracut/modules.d/90dmsquash-live/dmsquash-live-root.sh b/modules.d/90dmsquash-live/dmsquash-live-root.sh
index 6a5d0c2..0933130 100755
--- a/usr/lib/dracut/modules.d/90dmsquash-live/dmsquash-live-root.sh
+++ b/modules.d/90dmsquash-live/dmsquash-live-root.sh
@@ -118,8 +118,12 @@ do_live_overlay() {
losetup $opt $OVERLAY_LOOPDEV /run/initramfs/overlayfs$pathspec
umount -l /run/initramfs/overlayfs || :
oltype=$(det_img_fs $OVERLAY_LOOPDEV)
- if [ $oltype = DM_snapshot_cow ]; then
- if [ -n "$reset_overlay" ]; then
+ if [ -z "$oltype" ] || [ "$oltype" = DM_snapshot_cow ]; then
+ if [ -n "$overlayfs" ]; then
+ die "Found a Device-mapper overlay--not OverlayFS... " \
+ "rd.live.overlay.overlayfs is not valid."
+ elif [ -n "$reset_overlay" ]; then
+ info "Resetting the Device-mapper overlay."
dd if=/dev/zero of=$OVERLAY_LOOPDEV bs=64k count=1 conv=fsync 2>/dev/null
fi
else
@@ -127,11 +131,12 @@ do_live_overlay() {
ln -s /run/initramfs/overlayfs/overlayfs /run/overlayfs$opt
ln -s /run/initramfs/overlayfs/ovlwork /run/ovlwork$opt
fi
+ setup="yes"
elif [ -d /run/initramfs/overlayfs$pathspec ]; then
ln -s /run/initramfs/overlayfs$pathspec /run/overlayfs$opt
ln -s /run/initramfs/overlayfs$pathspec/../ovlwork /run/ovlwork$opt
+ setup="yes"
fi
- setup="yes"
fi
if [ -n "$overlayfs" ]; then
modprobe overlay
@@ -230,8 +235,7 @@ fi
if [ -e /run/initramfs/live/${live_dir}/${squash_image} ]; then
SQUASHED="/run/initramfs/live/${live_dir}/${squash_image}"
fi
-
-if [ -e "$SQUASHED" ] ; then
+if [ -e "$SQUASHED" ]; then
if [ -n "$live_ram" ]; then
echo 'Copying live image to RAM...' > /dev/kmsg
echo ' (this may take a minute)' > /dev/kmsg
@@ -245,17 +249,17 @@ if [ -e "$SQUASHED" ] ; then
mkdir -m 0755 -p /run/initramfs/squashfs
mount -n -t squashfs -o ro $SQUASHED_LOOPDEV /run/initramfs/squashfs
- if [ -f /run/initramfs/squashfs/LiveOS/ext3fs.img ]; then
- FSIMG="/run/initramfs/squashfs/LiveOS/ext3fs.img"
- elif [ -f /run/initramfs/squashfs/LiveOS/rootfs.img ]; then
+ if [ -f /run/initramfs/squashfs/LiveOS/rootfs.img ]; then
FSIMG="/run/initramfs/squashfs/LiveOS/rootfs.img"
+ elif [ -f /run/initramfs/squashfs/LiveOS/ext3fs.img ]; then
+ FSIMG="/run/initramfs/squashfs/LiveOS/ext3fs.img"
fi
else
# we might have an embedded fs image to use as rootfs (uncompressed live)
- if [ -e /run/initramfs/live/${live_dir}/ext3fs.img ]; then
- FSIMG="/run/initramfs/live/${live_dir}/ext3fs.img"
- elif [ -e /run/initramfs/live/${live_dir}/rootfs.img ]; then
+ if [ -e /run/initramfs/live/${live_dir}/rootfs.img ]; then
FSIMG="/run/initramfs/live/${live_dir}/rootfs.img"
+ elif [ -e /run/initramfs/live/${live_dir}/ext3fs.img ]; then
+ FSIMG="/run/initramfs/live/${live_dir}/ext3fs.img"
fi
if [ -n "$live_ram" ]; then
echo 'Copying live image to RAM...' > /dev/kmsg
@@ -309,7 +313,8 @@ if [ -n "$overlayfs" ]; then
mkdir -m 0755 /run/rootfsbase
if [ -n "$reset_overlay" ] && [ -L /run/overlayfs ]; then
ovlfs=$(readlink /run/overlayfs)
- rm -r -- ${ovlfs}/* ${ovlfs}/.*
+ info "Resetting the OverlayFS overlay directory."
+ rm -r -- ${ovlfs}/* ${ovlfs}/.* >/dev/null 2>&1
fi
if [ -n "$readonly_overlay" ]; then
mkdir -m 0755 /run/rootfsbase-r
(END) |
FGrose
force-pushed
the
overlayfs
branch
5 times, most recently
from
d04c836 to
37d150c
Compare
|
@centos-ci |
FGrose
force-pushed
the
overlayfs
branch
5 times, most recently
from
4a4a876 to
572a6e2
Compare
|
@centos-ci |
|
Added documentation for the OverlayFS overlays. Added feedback for missing overlays. But I couldn't find a more generic test for an active plymouth splash, such as rhgb, in the DRACUT_SYSTEMD case. To avoid two separate plymouth calls, I tried: I also tried cat > /run/systemd/ask-password/ask.0000<<EOF
[Ask]
Socket=/dev/null
Message=${m[*]}
timeout=0
EOFbut the message is limited to a single line and the notification doesn't pause and is lost in a lot of other messages at the startup console. The revised commit below, covers the case where plymouth is not available. |
FGrose
force-pushed
the
overlayfs
branch
2 times, most recently
from
6a60a4c to
d906d66
Compare
Integrate the option to use an OverlayFS as the root filesystem into the 90dmsquash-live module for testing purposes. The rd.live.overlay.overlayfs option allows one to request an OverlayFS overlay. If a persistent overlay is detected at the standard LiveOS path, the overlay & type detected will be used. Tested primarily with transient, in-RAM overlay boots on vfat- formatted Live USB devices, with persistent overlay directories on ext4-formatted Live USB devices, and with embedded, persistent overlay directories on vfat-formatted devices. (Persistent overlay directories on a vfat-formatted device must be in an embedded filesystem that supports the creation of trusted.* extended attributes, and must provide valid d_type in readdir responses.) The rd.live.overlay.readonly option, which allows a persistent overlayfs to be mounted read only through a higher level transient overlay directory, has been implemented through the multiple lower layers feature of OverlayFS. The default transient DM overlay size has been adjusted up to 32 GiB. This change supports comparison of transient Device-mapper vs. transient OverlayFS overlay performance. A transient DM overlay is a sparse file in memory, so this setting does not consume more RAM for legacy applications. It does permit a user to use all of the available root filesystem storage, and fails gently when it is consumed, as the available free root filesystem storage on a typical LiveOS build is only a few GiB. Thus, when booted on other- than-small RAM systems, the transient DM overlay should not overflow. OverlayFS offers the potential to use all of the available free RAM or all of the available free disc storage (on non-vfat-devices) in its overlay, even beyond the root filesystem available space, because the OverlayFS root filesystem is a union of directories on two different partitions. This patch also cleans up some message spew at shutdown, shortens the execution path in a couple of places, and uses persistent DM targets where required. Documentation is updated for these changes.
Provide a more prominent alert to the user if an overlay is missing or the overlay module is not available and a temporary overlay will be provided. This, to avoid losing data intended to persist.
Support the rd.live.overlay.readonly option for writable images, such as rd.live.overlay=none and rd.writable.fsimg.
|
@haraldh It looks like the current test failures are not related to this PR, and the latest test run in master appears to be broken on the same tests. At this point, could you consider it acceptable to merge so that it could be available in Fedora 26? @FGrose has prepared changes for my project (livecd-tools) to be able to leverage overlayfs for live media, and I'd like to pull that in and make it available for livecd-tools v26. |
|
tested locally and pushed manually |
|
See pull request #217 for a fix needed for newer mount utilities on Fedora 26. |
Integrate the option to use an OverlayFS as the root filesystem
into the 90dmsquash-live module for testing purposes.
The rd.live.overlay.overlayfs option allows one to request an
OverlayFS overlay. If a persistent overlay is detected at the
standard LiveOS path, the overlay & type detected will be used.
Tested primarily with transient in-RAM overlay boots on vfat-
formatted Live USB devices, with persistent overlay directories
on ext4-formatted Live USB devices, and with embedded, persistent
overlay directories on vfat-formatted devices. (Persistent overlay
directories on a vfat-formatted device must be in an embedded
filesystem that supports the creation of trusted.* extended attributes,
and must provide valid d_type in readdir responses.)
The rd.live.overlay.readonly option, which allows a persistent
overlayfs to be mounted read only through a higher level transient
overlay directory, has been implemented through the multiple lower
layers feature of OverlayFS.
This implementation currently requires the enforcing=0 kernel commandline option. Further SELinux tuning may change this limitation.
(SELinux is supported in OverlayFS since kernel 4.8.)
The default transient DM overlay size has been adjusted up to 32 GiB.
This change supports comparison of transient Device-mapper vs.
transient OverlayFS overlay performance. A transient DM overlay
is a sparse file in memory, so this setting does not consume more
RAM for legacy applications. It does permit a user to use all of
the available root filesystem storage, and fails gently when it is
consumed, as the available free root filesystem storage on a typical
LiveOS build is only a few GiB. Thus, when booted on other-
than-small RAM systems, the transient DM overlay should not overflow.
OverlayFS offers the potential to use all of the available free RAM
or all of the available free disc storage (on non-vfat-devices)
in its overlay, even beyond the root filesystem available space,
because the OverlayFS root filesystem is a union of directories on
two different partitions.