In Fedora selinux is now handled by systemd. If you want to enable
selinux by default, just add it to your /etc/dracut.conf.d/01-dist.conf
with:
add_dracutmodules+=" selinux "
`modules.builtin.bin' is installed like a regular file, thereby ending
up in the wrong place when `--kmoddir' is in effect. Fix this by
specifying the installation destination.
New kernel argument syntax for LUKS-keydev is introduced:
rd.luks.key=<key_path>[:<key_dev>[:<luks_dev>]]
Unfolding <key_dev> in BNF:
<key_dev> ::= "UUID=" <uuid> | "LABEL=" <label> | <kname>
Where <kname> matches following regular expression:
^/dev/.*
<kname> need to be a character device and not a symlink for now.
For every rd.luks.key argument udev rule is created. That rule runs
test to check whether matching device contains <key_path>. If it does
it's applied to matching <luks_dev>.
New:
str_starts, str_replace
funiq - print new unique file name
mkuniqdir - create and print new unique dir
splitsep - splits given string 'str' with separator 'sep' into vars
udevmatch - create udev rule match for a device
Modified:
foreach_uuid_until - use $___ as a place holder
It is not clearly documented, but apparently fsck
(or, probably, getmntent) is using backslash as
escape character.
Label containing slash is converted to \x2f but '\'
is eaten by fsck later. Escape '\' before writing
into fstab.
v2:
- fix sed expression
- use printf instead of echo because echo eats '\' as well
Signed-off-by: Andrey Borzenkov <arvidjaar@gmail.com>
systemd-vconsole-setup was not designed to be run from udevd.
It checks locale environment to decide, whether UNICODE should
be enabled or disabled. Normally environment is setup by
systemd; but the only environment available in udev rules is
those from device properties. It means systemd-vconsole-setup
always assumes default C locale and disables UNICODE.
Revert to using built-in console_init which explicitly
imports locale settings from /etc/vconsole.conf. Alternative
is to revert 6545b9d7 and call console_init directly :)
Additionally patch fixes console_init to use new namespace as
well as ensures that default font is always installed.
Signed-off-by: Andrey Borzenkov <arvidjaar@gmail.com>
On the OLPC XO-1, there is a noticable delay during boot while the
initramfs is loaded from disk and uncompressed, so we have an interest
in making it small. We are also pushed for disk space.
Using busybox instead of all the regular tools saves a lot of space.
I have not tried every module but the basics are working with busybox's
replacements. Our initramfs is now down to 1.9mb.
Format:
bond=<bondname>[:<bondslaves>:[:<options>]]
bondslaves is a comma-separated list of physical (ethernet) interfaces.
options is a comma-separated list on bonding options (modinfo bonding for
details) in format compatible with initscripts.
If options include multi-valued arp_ip_target option, then its values
should be separated by semicolon.
bond without parameters assumes bond=bond0:eth0,eth1:balance-rr
Install /lib/modules/$kv/modules.builtin.bin to suppress modprobe error
messages saying module was not found, while it's built-in.
Credits go to Kay Sievers who enlighten us about meaning of this cool
file.
Let take a look at Linux sources, /usr/src/linux-2.6.35/init/main.c:
204: char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, };
857: run_init_process("/sbin/init");
817: static void run_init_process(char *init_filename)
818: {
819: argv_init[0] = init_filename;
820: kernel_execve(init_filename, argv_init, envp_init);
821: }
As we can see HOME=/ and TERM=linux are provided for init and this might be
expected on some systems (Gentoo comes to my mind, here ;-)). That's why we
should give to init the same set of env. vars as Linux kernel does.
A new dracut module to implement fstab.sys handling
This module implements fstab.sys handling. This has to happen after the root
mount and before the nfsroot-cleanup pre-pivot at least. I've made to happen at
the beginning of the pre-pivot scripts, although it should maybe be at the end
of the mount scripts. This latter would be harder to do because the actual
mount is currently done by 99mount-root.sh and there is no 2 digit integer
higher than 99 :-(
There are perhaps other ways of achieving this end, such as having the
nfsroot-cleanup trawl through the newroot's /etc/fstab and auto-magically
figure out if there are any mounts which are pre-requisites for the
/var/lib/nfs/rpc_pipefs mount and do them first. Likewise post pivot,
/etc/rc.sysinit could figure out of there are any pre-requisite mounts for
/var/lib/stateless/{writeable,state} before doing those mounts. In short, make
it the responsibility of anything doing a mount to check if there are any
pre-requisites in /etc/fstab and mount them first. However, this spreads the
changes needed over more places, so I favour the fstab.sys approach. Also, who
knows what other uses administartors may have put fstab.sys to? and this undoes
a regression caused by the move from mkinitrd to dracut.
I'm looking for a way to have a system with disposable storage that can be
rebooted and all filesystem changes are thrown away. After reboot, the system
starts with a fresh root volume again. The use case is for automated testing.
We run test scripts that could potentially not clean up after themselves.
This is almost like stateless, but the storage is local to the system (not
iSCSI, NFS or NBB).
1. Install Fedora 13 using default partition layout
NOTE: modify the layout to leave extra room in the LVM volume group
2. Apply attached patch
3. Update grub.conf to enable dracut LVM snapshot support. Add the following
boot arguments
rd_LVM_SNAPSHOT=vg_test1055/lv_snap (note the VG name will depend on your
system).
rd_LVM_SNAPSIZE= (optional, defaults to size of volume specified with by
rd_LVM_SNAPSHOT)
4. Adjust grub.conf and fstab to use LVM snapshot
$ sed -i -e 's|lv_root|lv_snap|' /boot/grub/grub.conf
$ sed -i -e 's|lv_root|lv_snap|' /etc/fstab
5. Reboot system
Expected results (no value provided for rd_LVM_SNAPSIZE):
dracut: Starting plymouth daemon
dracut: rd_NO_DM: removing DM RAID activation
dracut: rd_NO_MD: removing MD RAID activation
dracut: Removing existing LVM snapshot vg_test1055/lv_snap
dracut: Logical volume "lv_snap" successfully removed
dracut: No LVM snapshot size provided, using size of vg_test1055/lv_root (
9024.00m)
dracut: Creating LVM snapshot vg_test1055/lv_snap ( 9024.00m)
dracut: Logical volume "lv_snap" created
dracut: Scanning devices sda2 for LVM logical volumes vg_test1055/lv_root
vg_test1055/lv_swap
dracut: inactive Original '/dev/vg_test1055/lv_root' [8.81 GiB] inherit
dracut: inactive '/dev/vg_test1055/lv_swap' [1.00 GiB] inherit
dracut: inactive Snapshot '/dev/vg_test1055/lv_snap' [8.81 GiB] inherit
dracut: Mounted root filesystem /dev/mapper/vg_test1055-lv_snap
dracut: Loading SELinux policy
dracut: Switching root
Expected results (rd_LVM_SNAPSIZE=100m):
dracut: Starting plymouth daemon
dracut: rd_NO_DM: removing DM RAID activation
dracut: rd_NO_MD: removing MD RAID activation
dracut: Removing existing LVM snapshot vg_test1055/lv_snap
dracut: Logical volume "lv_snap" successfully removed
dracut: Creating LVM snapshot vg_test1055/lv_snap (100m )
dracut: Rounding up size to full physical extent 128.00 MiB
dracut: Logical volume "lv_snap" created
dracut: Scanning devices sda2 for LVM logical volumes vg_test1055/lv_root
vg_test1055/lv_swap
dracut: inactive Original '/dev/vg_test1055/lv_root' [8.81 GiB] inherit
dracut: inactive '/dev/vg_test1055/lv_swap' [1.00 GiB] inherit
dracut: inactive Snapshot '/dev/vg_test1055/lv_snap' [128.00 MiB] inherit
dracut: Mounted root filesystem /dev/mapper/vg_test1055-lv_snap
dracut: Loading SELinux policy
dracut: Switching root
set $RDTIMESTAMP for init, if rd.timestamp is specified on the
kernel command line, so that systemd can print out:
"systemd: Boot finished after 15s = 3s (kernel) + 2s (initrd) + 10s
(userspace)"
- create /lib/bootchart in initramfs, not in live filesystem
- use proper dracut API to install files
Signed-off-by: Andrey Borzenkov <arvidjaar@mail.ru>
First, it's duplicate code.
Second, it did not allow those who had plymouth installed to use other
methods, like the new usb key file. When building the initram,
it would install the plymouth cryptroot-ask script, and not
the crypt module one.
Added these new items to crypt module's cryptroot-ask.sh:
- 'unset' for used variables
- udevsettle
The non-plymouth cryptsetup prompt was using $1 instead of $device.
Changed prompt number from 1 to 5, as this is much nicer.
I believe plymouth already does infinite prompts.
Also added unset for usb key. Just saw it didn't unset its vars.
Kernel 2.6.35 (may be, earlier) split ahci into libahci.ko and ahci.ko
and added ahci_platform.ko. As a result, drivers ahci and ahci_platform
do not contain any symbol that are checked for storage modules (it is
libahci.ko that references ata_scsi_ioctl now). So add additional
symbol ahci_init_controller; it seems this is expected to be called by
every driver based on libahci.ko.
Signed-off-by: Andrey Borzenkov <arvidjaar@mail.ru>
Instead of adding modprobe and rmmod, create symlinks to /bin/true to
don't produce unnecessary errors. Anyway it's a workaround for
following desired behaviour: modprobe tries to insert module only if
it's not built into kernel
install /etc/multipath/wwids
With the proper 40-multipath.rules and new udev device-mapper mechanism,
we don't need the multipath scan anymore.
rhbz#595719
Note that there are still some patches queued upstream for fcoe-utils to
enable it to work with the new lldpad and to add support to fipvlan to
bring up FCoE connections without requiring fcoemon to run.
The invocations of the various tools as in this patch should be final though,
see the discussion in:
http://bugzilla.redhat.com/show_bug.cgi?id=563794
This is the second revision of this patch, which no longer adds /etc/fcoe
to the initrd as that is not needed.
lvchange and vgchange '--monitor n' will not prevent lvm from
attempting to dlopen the libdevmapper-event library.
dracut git commit 47ab3b6c5e introduced the use of '--monitor n' but
'--ignoremonitoring' is needed now that the libdevmapper-event library
isn't copied into the initramfs (ever since 0fae59d6eb)
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
On debian systems xen-detect does not resite somewhere in $PATH,
but under /usr/lib/xen-default/bin. This patch ensures that this
is searched as well when locating and installing xen-detect.
Common wisdom to enter single user on Linux is to edit command
line and add "single". This was not possible because switch_root
was always called with empty init arguments. Collect them from
command line and pass to real init when switching root.
Signed-off-by: Andrey Borzenkov <arvidjaar@mail.ru>
Adds the readonly_overlay karg for cases where the dm snapshot should be set to readonly. Use case would be a livecd that is configured to have a readonly root where filling up the dm snapshot would cause a problem.
If multipath isn't installed, don't use it. If we're in hostonly mode,
only install the multipath module if it's used for / . Otherwise, if
the user was dumb enough to install it, they get it during bootup.
- the use of sed is placeholder "hack" until lvm2 provides a proper
tool for changing lvm.conf
- lvm_scan.sh should run lvm commands with --ignorelockingfailure to
re-use lvm's existing initrd-specific logic; future lvm2 changes
will split this flag out into various new command-line switches
- no monitoring should be started from within initramfs
- NOTE: the same should apply to 90dmraid/install
- the correct types would be: '[ "blkext", 1 , "cciss0", 16 ]'
but lvm2 (>= 2.02.52) already properly supports both 'blkext' and
'cciss' (including cciss0 -> cciss7)
This patch adds support for user mode suspend to disk. It is installed
in parallel to kernel mode suspend module; either will fail if
system was not suspended using correct tool so next one can be tried.
Signed-off-by: Andrey Borzenkov <arvidjaar@mail.ru>
/lib/udev/cosole_init will load either non-unicode or unicode versions
of keyboard layout for the same value of KEYMAP depending on language
setting. The simplest solution is to install both versions in initrd;
it does not take much space.
While on it, copy some additional maps to ensure emergency shell
has the same keyboard layout as full system.
Signed-off-by: Andrey Borzenkov <arvidjaar@mail.ru>
Signed-off-by: Luca Berra <bluca@vodka.it>
for some unknown reason the emergency shell
starts with stderr closed, at first I even tought it was not working at
all, then I came up with this hack, which seems to work properly. I also
change the prompt to remind which step are we breaking to.
Install all modules that are any of:
- scsi device handler
- dm log handler
- dm path selector
- dm target
It would be nice if we could tell which log handlers and targets are
multipath related, but we really can't.
The primary source for dasd initialization script and udev rules is
now in s390utils package. The s390utils-base subpackage, that carries
the required files, is always installed on s390/s390x, because it's
part of the Core group in comps.
Signed-off-by: Dan Horák <dan@danny.cz>
New "filesystems" command line/config file option is added with the ability to
control the list of kernel filesystem modules that are included in the generic
initramfs.
Signed-off-by: Dan Horák <dan@danny.cz>
The new rd_DASD parameter allows dracut to handle multiple rd_DASD
options. One parameter per DASD. The syntax is:
rd_DASD=<device path>[,readonly=X][,erplog=X][,use_diag=X][,failfast=X]
The device path is a CCW device path, such as 0.0.0200. The optional
parameters are sysfs attributes for the DASD. The X value can be 0 or
1. Dracut will write out each of the rd_DASD settings to
/etc/dasd.conf and on bootup, the dasdconf.sh script will parse this
file and bring each DASD online with the specified attribute settings.
Some distros, including debian unstable with 2.6.30, still ship
old style ide drivers. These should be installed as well.
Sadly there are no symbols to use for nm, so a simple =ide needs
to suffice.
The manpage for dhclient-script says:
Before actually configuring the address, dhclient-script should
somehow ARP for it and exit with a nonzero status if it receives a
reply.
By using arping in dracut this is very easy, since arping has a
specific option to do just that.
This patch adds STP timeout error handling with arping. It's rather
simple since it only cares about the primary interface and blindly
assumes that if no gateway is available the root server is on the
same subnet.
The usual approach to setting mtus is to set the interface down,
set the mtu then set the interface back up again. Modern hardware
and/or drivers may support setting this on the fly, so we try
this and fall back to the old behaviour it it doesn't work.
In addition this patch only allows mtus greater than 576, this is
taken from debian/ubuntu dhclient-script.
When assembling containers + embedded arrays from mdadm.conf,
mdadm needs the /dev/md# node for the container to assemble the
arrays within the container. Stopping the udev exec queue, results in
this node not getting created and mdadm failing to online the
arrays within the container.
Not having stop / start udev exec-queue around "mdadm -As --run" should
be safe as the exact same command is run from rc.sysinit without
any queue locking.
This is a more sane solution, than ignoring subsequent "change" events.
The only danger is that we could loop, if a lvm scan triggers a broken
md partition, which triggers a broken PV and so on.
Better fix the scanning tools, not to emit change events for devices,
if no action was taken.
ifname=<interface>:<MAC>
Assign network device name <interface> (ie eth0) to the NIC
with MAC <MAC>.
Note that if you use this option you *must* specify an ifname=
argument for all interfaces used in ip= or fcoe= arguments
ifname=<interface>:<MAC>
Assign network device name <interface> (ie eth0) to the NIC with MAC <MAC>.
Note that if you use this option you *must* specify an ifname= argument
for all interfaces used in ip= or fcoe= arguments
Copy /etc/mdadm.conf to initramfs (even for non-hostonly) if
mdadmconf="yes" is set in dracut.conf or --mdadmconf is specified on the
dracut command line.
This was done, because there seems _no_ sane way to autoassemble md raid
arrays.
also moved rd_NO_MD to an udev ENV
I've looked at the LVM rules used in dracut just recently
and it needs fixing - we should react to change events only
for DM devices, so we have to skip vol_id/blkid call on ADD:
KERNEL=="dm-[0-9]*", ACTION=="add", GOTO="lvm_end"
Also, MD devices have their own rules, where vol_id/blkid
is called and where the symlinks are created (when looking
into raw initrd, this is in 64-md-raid.rules).
Also, if those rules are meant to be for DM devices only,
maybe we should skip symlink creation for the other devices
there, to keep the rules clean and straightforward. I think
we shouldn't create/recreate symlinks for non-dm devices in
LVM/DM rules (..should be in appropriate rules for that type
of device):
KERNEL!="dm-[0-9]*", GOTO="lvm_end"
Having it unconditionally pass pulls in all the networking cruft even
for systems that do not need it, and that sorta defeats the purpose of
hostonly mode.
Supported cmdline formats:
fcoe=<networkdevice>:<dcb|nodcb>
fcoe=<macaddress>:<dcb|nodcb>
Note currently only nodcb is supported, the dcb option is reserved for
future use.
Note letters in the macaddress must be lowercase!
Examples:
fcoe=eth0:nodcb
fcoe=4A:3F:4C:04:F8:D7:nodcb
This introduces filter_kernel_modules, which should be used to install
all kernel modules that match whatever criteria you want.
If running in --hostonly, filter_kernel_modules will only consider
modules that are loaded in the kernel, otherwise it will consider
all the modules installed on the system for the appropriate kernel.
This drastically reduces initramfs generation time when using --hostonly
by eliminating lots of unneeded filesystem activity.
Instead of grovelling through all the modules available for the
kernel looking for block devices, only look at the modules that are
actually loaded. This speeds things up by a rather large amount
when generating the initramfs with --hostonly.
While we are at it, only load the filesystem module that will actually
be used for the root filesystem when running in --hostonly instead
of all the filesystem modules that happen to be loaded at the time.
Since different distros may or may not use vol_id in udev, and blkid
is generally replacing vol_id, abstract them out into a function which
tries to use vol_id first and blkid second, on the assumption that
blkid can take over for vol_id if vol_id is no longer there.
This module provides syslog functionality in the initrd.
This is especially interesting when complex configuration being
used to provide access to the device the rootfs resides on.
When this module is installed into the ramfs it is triggered by
the udev event from the nic being setup (online).
Then if syslog is configured it is started and will forward all
kernel messages to the given syslog server.
The syslog implementation is detected automatically by finding the
apropriate binary with the following order:
rsyslogd
syslogd
syslog-ng
Then if detected the syslog.conf is generated and syslog is started.
Bootparameters:
syslogserver=ip Where to syslog to
sysloglevel=level What level has to be logged
syslogtype=rsyslog|syslog|syslogng
Don't auto detect syslog but set it
Harald Hoyer