While on some systems (like Fedora) rpc_pipefs is mounted
automatically when sunrpc module is loaded, on Debian based systems it
needs to be mounted manually.
Every image gets handled the same way regardless of filesystem, so
let's use a filesystem-neutral name (rather than adding new
lines for every fstype anyone might want to use).
Otherwise there is no way to skip pasword prompt. --has-active-vt
seems to correctly catch also the case when plymouthd is started
but splash is disabled.
Signed-off-by: Andrey Borzenkov <arvidjaar@gmail.com>
This adds the following parameters:
rd.caps=1
turn the caps module on/off
rd.caps.initdrop=cap_sys_module,cap_sys_rawio
drop the specified comma seperated capabilities
rd.caps.disablemodules=1
turn off module loading
rd.caps.disablekexec=1
turn off the kexec functionality
If module loading is turned off, all modules have to be loaded in the
initramfs, which are used later on. This can be done with
"rd.driver.pre="
rd.driver.pre=autofs4,sunrpc,ipt_REJECT,nf_conntrack_ipv4,....
Because the kernel command line would get huge with all those drivers, I
recommend to make use of $initramfs/etc/cmdline.
So, all rd.caps.* and rd.driver.pre arguments are in caps.conf can be
copied to $initramfs/etc/cmdline with "-i caps.conf /etc/cmdline".
Also all modules have to be loaded in the initramfs via "--add-drivers".
The resulting initramfs creation would look like this:
--add-drivers "autofs4 sunrpc ipt_REJECT nf_conntrack_ipv4 \
nf_defrag_ipv4 iptable_filter ip_tables
ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack
ip6table_filter ip6_tables dm_mirror dm_region_hash dm_log uinput ppdev
parport_pc parport ipv6 sg 8139too 8139cp mii i2c_piix4 i2c_core ext3
jbd mbcache sd_mod crc_t10dif sr_mod cdrom ata_generic pata_acpi ata_piix
dm_mod" \
/boot/initramfs-caps.img
We want all "/var/run" information to live in /dev/.run, until the real
root is mounted.
Therefore we mount a tmpfs on /dev/.run, which can/will be bind/move mounted
on /var/run later on.
This allows creation of initramfs images which contain a Live system.
The primary use for this is keeping very large initramfs-based systems
(e.g. anaconda, the Fedora installer) compressed in-memory, by using a
compressed filesystem image like squashfs or btrfs.
dmsquash-live-genrules.sh will initqueue dmsquash-live-root itself
(rather than making udev rules) if the given live "device" is actually
an existing, plain file.
parse-dmsquash-live.sh will only accept paths that end in ".img".
dmsquash-live-root will only handle images named "*squashfs.img",
"*ext3fs.img", or "*btrfs.img".
btrfsctl is being replaced by the btrfs command in the upstream
tools, so change accordingly. Also, if we're using the btrfs module
we should probably make sure the btrfs driver gets installed.
Some versions of dash don't behave as expected with code like this:
while IFS=: read a b c; do
blah
done
Thanks to Eric Mertens who identified the issue.
Let inst_key_val usage agree with above patch :)
Also UNICODE is rather global console property, not font specific
(and if anything, is rather keyboard specific). Let it be just
vconsole.unicode
Signed-off-by: Andrey Borzenkov <arvidjaar@gmail.com>
Cc: initramfs@vger.kernel.org
In Fedora selinux is now handled by systemd. If you want to enable
selinux by default, just add it to your /etc/dracut.conf.d/01-dist.conf
with:
add_dracutmodules+=" selinux "
`modules.builtin.bin' is installed like a regular file, thereby ending
up in the wrong place when `--kmoddir' is in effect. Fix this by
specifying the installation destination.
New kernel argument syntax for LUKS-keydev is introduced:
rd.luks.key=<key_path>[:<key_dev>[:<luks_dev>]]
Unfolding <key_dev> in BNF:
<key_dev> ::= "UUID=" <uuid> | "LABEL=" <label> | <kname>
Where <kname> matches following regular expression:
^/dev/.*
<kname> need to be a character device and not a symlink for now.
For every rd.luks.key argument udev rule is created. That rule runs
test to check whether matching device contains <key_path>. If it does
it's applied to matching <luks_dev>.
New:
str_starts, str_replace
funiq - print new unique file name
mkuniqdir - create and print new unique dir
splitsep - splits given string 'str' with separator 'sep' into vars
udevmatch - create udev rule match for a device
Modified:
foreach_uuid_until - use $___ as a place holder
It is not clearly documented, but apparently fsck
(or, probably, getmntent) is using backslash as
escape character.
Label containing slash is converted to \x2f but '\'
is eaten by fsck later. Escape '\' before writing
into fstab.
v2:
- fix sed expression
- use printf instead of echo because echo eats '\' as well
Signed-off-by: Andrey Borzenkov <arvidjaar@gmail.com>
systemd-vconsole-setup was not designed to be run from udevd.
It checks locale environment to decide, whether UNICODE should
be enabled or disabled. Normally environment is setup by
systemd; but the only environment available in udev rules is
those from device properties. It means systemd-vconsole-setup
always assumes default C locale and disables UNICODE.
Revert to using built-in console_init which explicitly
imports locale settings from /etc/vconsole.conf. Alternative
is to revert 6545b9d7 and call console_init directly :)
Additionally patch fixes console_init to use new namespace as
well as ensures that default font is always installed.
Signed-off-by: Andrey Borzenkov <arvidjaar@gmail.com>
On the OLPC XO-1, there is a noticable delay during boot while the
initramfs is loaded from disk and uncompressed, so we have an interest
in making it small. We are also pushed for disk space.
Using busybox instead of all the regular tools saves a lot of space.
I have not tried every module but the basics are working with busybox's
replacements. Our initramfs is now down to 1.9mb.
Format:
bond=<bondname>[:<bondslaves>:[:<options>]]
bondslaves is a comma-separated list of physical (ethernet) interfaces.
options is a comma-separated list on bonding options (modinfo bonding for
details) in format compatible with initscripts.
If options include multi-valued arp_ip_target option, then its values
should be separated by semicolon.
bond without parameters assumes bond=bond0:eth0,eth1:balance-rr
Install /lib/modules/$kv/modules.builtin.bin to suppress modprobe error
messages saying module was not found, while it's built-in.
Credits go to Kay Sievers who enlighten us about meaning of this cool
file.
Let take a look at Linux sources, /usr/src/linux-2.6.35/init/main.c:
204: char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, };
857: run_init_process("/sbin/init");
817: static void run_init_process(char *init_filename)
818: {
819: argv_init[0] = init_filename;
820: kernel_execve(init_filename, argv_init, envp_init);
821: }
As we can see HOME=/ and TERM=linux are provided for init and this might be
expected on some systems (Gentoo comes to my mind, here ;-)). That's why we
should give to init the same set of env. vars as Linux kernel does.
A new dracut module to implement fstab.sys handling
This module implements fstab.sys handling. This has to happen after the root
mount and before the nfsroot-cleanup pre-pivot at least. I've made to happen at
the beginning of the pre-pivot scripts, although it should maybe be at the end
of the mount scripts. This latter would be harder to do because the actual
mount is currently done by 99mount-root.sh and there is no 2 digit integer
higher than 99 :-(
There are perhaps other ways of achieving this end, such as having the
nfsroot-cleanup trawl through the newroot's /etc/fstab and auto-magically
figure out if there are any mounts which are pre-requisites for the
/var/lib/nfs/rpc_pipefs mount and do them first. Likewise post pivot,
/etc/rc.sysinit could figure out of there are any pre-requisite mounts for
/var/lib/stateless/{writeable,state} before doing those mounts. In short, make
it the responsibility of anything doing a mount to check if there are any
pre-requisites in /etc/fstab and mount them first. However, this spreads the
changes needed over more places, so I favour the fstab.sys approach. Also, who
knows what other uses administartors may have put fstab.sys to? and this undoes
a regression caused by the move from mkinitrd to dracut.
I'm looking for a way to have a system with disposable storage that can be
rebooted and all filesystem changes are thrown away. After reboot, the system
starts with a fresh root volume again. The use case is for automated testing.
We run test scripts that could potentially not clean up after themselves.
This is almost like stateless, but the storage is local to the system (not
iSCSI, NFS or NBB).
1. Install Fedora 13 using default partition layout
NOTE: modify the layout to leave extra room in the LVM volume group
2. Apply attached patch
3. Update grub.conf to enable dracut LVM snapshot support. Add the following
boot arguments
rd_LVM_SNAPSHOT=vg_test1055/lv_snap (note the VG name will depend on your
system).
rd_LVM_SNAPSIZE= (optional, defaults to size of volume specified with by
rd_LVM_SNAPSHOT)
4. Adjust grub.conf and fstab to use LVM snapshot
$ sed -i -e 's|lv_root|lv_snap|' /boot/grub/grub.conf
$ sed -i -e 's|lv_root|lv_snap|' /etc/fstab
5. Reboot system
Expected results (no value provided for rd_LVM_SNAPSIZE):
dracut: Starting plymouth daemon
dracut: rd_NO_DM: removing DM RAID activation
dracut: rd_NO_MD: removing MD RAID activation
dracut: Removing existing LVM snapshot vg_test1055/lv_snap
dracut: Logical volume "lv_snap" successfully removed
dracut: No LVM snapshot size provided, using size of vg_test1055/lv_root (
9024.00m)
dracut: Creating LVM snapshot vg_test1055/lv_snap ( 9024.00m)
dracut: Logical volume "lv_snap" created
dracut: Scanning devices sda2 for LVM logical volumes vg_test1055/lv_root
vg_test1055/lv_swap
dracut: inactive Original '/dev/vg_test1055/lv_root' [8.81 GiB] inherit
dracut: inactive '/dev/vg_test1055/lv_swap' [1.00 GiB] inherit
dracut: inactive Snapshot '/dev/vg_test1055/lv_snap' [8.81 GiB] inherit
dracut: Mounted root filesystem /dev/mapper/vg_test1055-lv_snap
dracut: Loading SELinux policy
dracut: Switching root
Expected results (rd_LVM_SNAPSIZE=100m):
dracut: Starting plymouth daemon
dracut: rd_NO_DM: removing DM RAID activation
dracut: rd_NO_MD: removing MD RAID activation
dracut: Removing existing LVM snapshot vg_test1055/lv_snap
dracut: Logical volume "lv_snap" successfully removed
dracut: Creating LVM snapshot vg_test1055/lv_snap (100m )
dracut: Rounding up size to full physical extent 128.00 MiB
dracut: Logical volume "lv_snap" created
dracut: Scanning devices sda2 for LVM logical volumes vg_test1055/lv_root
vg_test1055/lv_swap
dracut: inactive Original '/dev/vg_test1055/lv_root' [8.81 GiB] inherit
dracut: inactive '/dev/vg_test1055/lv_swap' [1.00 GiB] inherit
dracut: inactive Snapshot '/dev/vg_test1055/lv_snap' [128.00 MiB] inherit
dracut: Mounted root filesystem /dev/mapper/vg_test1055-lv_snap
dracut: Loading SELinux policy
dracut: Switching root
set $RDTIMESTAMP for init, if rd.timestamp is specified on the
kernel command line, so that systemd can print out:
"systemd: Boot finished after 15s = 3s (kernel) + 2s (initrd) + 10s
(userspace)"
- create /lib/bootchart in initramfs, not in live filesystem
- use proper dracut API to install files
Signed-off-by: Andrey Borzenkov <arvidjaar@mail.ru>
First, it's duplicate code.
Second, it did not allow those who had plymouth installed to use other
methods, like the new usb key file. When building the initram,
it would install the plymouth cryptroot-ask script, and not
the crypt module one.
Added these new items to crypt module's cryptroot-ask.sh:
- 'unset' for used variables
- udevsettle
The non-plymouth cryptsetup prompt was using $1 instead of $device.
Changed prompt number from 1 to 5, as this is much nicer.
I believe plymouth already does infinite prompts.
Also added unset for usb key. Just saw it didn't unset its vars.
Kernel 2.6.35 (may be, earlier) split ahci into libahci.ko and ahci.ko
and added ahci_platform.ko. As a result, drivers ahci and ahci_platform
do not contain any symbol that are checked for storage modules (it is
libahci.ko that references ata_scsi_ioctl now). So add additional
symbol ahci_init_controller; it seems this is expected to be called by
every driver based on libahci.ko.
Signed-off-by: Andrey Borzenkov <arvidjaar@mail.ru>
Instead of adding modprobe and rmmod, create symlinks to /bin/true to
don't produce unnecessary errors. Anyway it's a workaround for
following desired behaviour: modprobe tries to insert module only if
it's not built into kernel
install /etc/multipath/wwids
With the proper 40-multipath.rules and new udev device-mapper mechanism,
we don't need the multipath scan anymore.
rhbz#595719
Note that there are still some patches queued upstream for fcoe-utils to
enable it to work with the new lldpad and to add support to fipvlan to
bring up FCoE connections without requiring fcoemon to run.
The invocations of the various tools as in this patch should be final though,
see the discussion in:
http://bugzilla.redhat.com/show_bug.cgi?id=563794
This is the second revision of this patch, which no longer adds /etc/fcoe
to the initrd as that is not needed.
lvchange and vgchange '--monitor n' will not prevent lvm from
attempting to dlopen the libdevmapper-event library.
dracut git commit 47ab3b6c5e introduced the use of '--monitor n' but
'--ignoremonitoring' is needed now that the libdevmapper-event library
isn't copied into the initramfs (ever since 0fae59d6eb)
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
On debian systems xen-detect does not resite somewhere in $PATH,
but under /usr/lib/xen-default/bin. This patch ensures that this
is searched as well when locating and installing xen-detect.
Common wisdom to enter single user on Linux is to edit command
line and add "single". This was not possible because switch_root
was always called with empty init arguments. Collect them from
command line and pass to real init when switching root.
Signed-off-by: Andrey Borzenkov <arvidjaar@mail.ru>
Adds the readonly_overlay karg for cases where the dm snapshot should be set to readonly. Use case would be a livecd that is configured to have a readonly root where filling up the dm snapshot would cause a problem.
If multipath isn't installed, don't use it. If we're in hostonly mode,
only install the multipath module if it's used for / . Otherwise, if
the user was dumb enough to install it, they get it during bootup.
- the use of sed is placeholder "hack" until lvm2 provides a proper
tool for changing lvm.conf
- lvm_scan.sh should run lvm commands with --ignorelockingfailure to
re-use lvm's existing initrd-specific logic; future lvm2 changes
will split this flag out into various new command-line switches
- no monitoring should be started from within initramfs
- NOTE: the same should apply to 90dmraid/install
- the correct types would be: '[ "blkext", 1 , "cciss0", 16 ]'
but lvm2 (>= 2.02.52) already properly supports both 'blkext' and
'cciss' (including cciss0 -> cciss7)
This patch adds support for user mode suspend to disk. It is installed
in parallel to kernel mode suspend module; either will fail if
system was not suspended using correct tool so next one can be tried.
Signed-off-by: Andrey Borzenkov <arvidjaar@mail.ru>
/lib/udev/cosole_init will load either non-unicode or unicode versions
of keyboard layout for the same value of KEYMAP depending on language
setting. The simplest solution is to install both versions in initrd;
it does not take much space.
While on it, copy some additional maps to ensure emergency shell
has the same keyboard layout as full system.
Signed-off-by: Andrey Borzenkov <arvidjaar@mail.ru>
Signed-off-by: Luca Berra <bluca@vodka.it>
for some unknown reason the emergency shell
starts with stderr closed, at first I even tought it was not working at
all, then I came up with this hack, which seems to work properly. I also
change the prompt to remind which step are we breaking to.
Harald Hoyer