To eliminate a race condition that occurs when unlocking one device
depends on the result of unlocking a device before it, the crypt
module must wait for udev to settle between each unlock attempt.
Example
/etc/crypttab:
keyfile /dev/md1 none luks
sda4_crypt /dev/sda4 /dev/mapper/keyfile luks
sdb4_crypt /dev/sdb4 /dev/mapper/keyfile luks
Without this patch, sometimes /dev/sda4 fails to unlock because udev
doesn't have time to create /dev/mapper/keyfile before it's needed.
Prevents following error message:
I: *** Including module: crypt ***
/usr/lib/dracut/modules.d/90crypt/module-setup.sh: line 31: /etc/crypttab: No such file or directory
kernel-tegra is now part of the base kernel package, so bits and pieces
ended up modular, and as a result, if you boot off the internal USB, you
drop to a dracut shell with no way of getting to root.
In the kernel comments PARTUUID is shown using uppercase A-F:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/init/do_mounts.c?id=HEAD#n183
However, dracut tries to use the value of PARTUUID directly in
/dev/disks/by-partuuid/ which expects the hex to be lowercase. This will
cause root to never be found, oops!
Fix dracut so it can, like the Kernel, accept either casing.
Untested but I added a hack on my local system that was similar.
$NEWROOT/dev and its submounts should be umounted after we use it.
Otherwise it fails other scripts that umount /sysroot only.
Signed-off-by: WANG Chao <chaowang@redhat.com>
configured_ifaces is a function that returns the names of each interface
that the user wanted configured.
Currently, this is accomplished by reading the list from
/tmp/net.ifaces. But if we want to allow the user to specify an
interface by its MAC address or IP or something, we need a function that
will read the cache and convert the MACs etc. to names.
(Obviously this conversion only works once udev starts, so it will warn
you if you try it too early.)
Now that we can use a MAC as a device identifier, we can just bring up
the device specified by BOOTIF as a normal interface.
So instead of ignoring everything but BOOTIF, we'll put BOOTIF in the
IFACES list and bring it up as normal, defaulting to DHCP if nothing
else is specified.
We can also handle anaconda-style 'ksdevice=bootif' this way.
A MAC address is a unique identifier for a particular network interface.
We can use the MAC to generate udev rules to bring up that interface,
like we currently do with BOOTIF.
This patch allows interfaces to be specified as a MAC address, either
in the usual colon-separated form or the PXE-style dash-separated form.
(The latter is more useful on the commandline, since it allows for
arguments like: "ip=77-77-6f-6f-64-73:dhcp")
This is useful since it's common for a user who is booting a new OS for
the first time to know the MAC of the device, but not know what the
kernel name will be.
To set the default font for your distribution, add
i18n_default_font="latarcyrheb-sun16"
to your /lib/dracut/dracut.conf.d/01-dist.conf distribution config.
Scripts in dracut initqueue hooks are placed under
/usr/lib/dracut/hooks/initqueue/*/ directory.
And also start initqueue service when kernel cmdline has
rd.break=initqueue
Signed-off-by: WANG Chao <chaowang@redhat.com>
Currently in initrd, hardware clock is always considered to use UTC time
format and system time zone is also UTC. Thus system time isn't correct
if hw clock is localtime or we're using other time zone in real root.
To fix this, install /etc/adjtime and /etc/localtime to initrd. If not
using systemd, install /usr/sbin/hwclock for dracut init to setup system
time.
[harald: combined the two hostonly if's]
Signed-off-by: WANG Chao <chaowang@redhat.com>
Signed-off-by: Harald Hoyer <harald@redhat.com>
chroot load_policy will use selinuxfs which should be mounted
in $NEWROOT/sys/fs/selinux for Fedora 19, but because there's
no $NEWROOT/sys/fs, so later process will fail.
Fixing this by bind mount /sys to $NEWROOT/sys.
Signed-off-by: Dave Young <dyoung@redhat.com>
FIPS can work well in 1st kernel, but failed in kdump kernel. the
libssl.so.10 and related hmac file are needed. Now add it and it
works.
Signed-off-by: Baoquan He <bhe@redhat.com>
As per RHBZ #966162, parted stopped unconditionally using "p" as a
separator for dmraid device names in version 3.1, so other things need
to fall in line with that convention now.
This causes the root FS options to be incorrectly applied to to /usr
In some cases this can cause boot failure e.g. due to and XFS /usr
not supporting the 'acl' option from the ext4 root FS.
https://bugs.mageia.org/show_bug.cgi?id=9884
When dropped to emergency shell, for example, use rd.break=pre-pivot,
the PS1 won't correctly show current directory we're in:
pre-pivot:/# cd /sysroot/
pre-pivot:/#
(still shows "/")
Let's take a look at PS1 variable:
(I'm adding prefix/suffix 'x' to make it clear):
pre-pivot:/# echo x${PS1}x
xpre-pivot:/# x
(PS1 isn't dynamic)
Regarding the current dracut code, it should be:
pre-pivot:/# cd /sysroot/etc
pre-pivot:/sysroot/etc#
With this patch:
pre-pivot:/# echo x${PS1}x
xpre-pivot:${PWD}# x
(Now PS1 is dynamic, it will show the directory correctly)
I tested for both normal boot and kdump boot.
Signed-off-by: WANG Chao <chaowang@redhat.com>
now you can write grub entries like
set isofile="/Fedora-live.iso"
loopback loop $isofile
linux loop)/isolinux/vmlinuz iso-scan/filename=$isofile root=live:CDLABEL=Fedora-...
initrd (loop)/isolinux/initrd0.img
Currently the default action is emergency_shell when failure happened
during system boot. In kdump, this default may not be expected. E.g,
if dump target is not rootfs, it does not matter if mount root failed.
Adding an action which allow dracut always go ahead though failure
happens is needed by kdump.
So here add a function action_on_fail() and cmdline parameter
action_on_fail=<shell | continue>. Use action_to_fail() to replace
emergency_shell which was called after failure. By $(getarg action_on_fail=),
decide to drop into shell, or to leave away the failure and go ahead.
v3->v4:
add handling of selinux policy loaded failure, and change code format to
be consitent
Signed-off-by: Baoquan He <bhe@redhat.com>
[Edited by harald@redhat.com]
Currently dracut only support 1 bond, namyly bond0 by default. However multiple
bonds configuration may be needed. For example in kdump, in 1st kernel, more
than one bonds may be configured, and bondX other than bond0 is used as output
interface to remote host which will store dump core. This patch can solve this
problem, to write real bond information to initramfs, 2nd kdump kernel will
use it to create the relevant bondX interface.
Tested-by: Baoquan He <bhe@redhat.com>
Signed-off-by: Baoquan He <bhe@redhat.com>
Team is the same network stack as bonding. Therefore give ifup the ability to
handle bridge over team and vlan tagged team as bonding too.
Signed-off-by: WANG Chao <chaowang@redhat.com>
Start the systemd-cryptsetup@luks-*.service for the detected crypto_LUKS
device in the initqueue, so we block in the initqueue and wait for the
password entry.
Previously I added several trace point to the begin of several
init hooks of systemd, old init script also need this debug info.
Doing same here as what's added in the systemd service scripts:
At cmdline hooks adding trace of "1+:mem 1+:iomem 3+:slab"
For other hooks adding trace of "1:shortmem 2+:mem 3+:slab"
Signed-off-by: Dave Young <dyoung@redhat.com>
The following change makes the check for the nbd port or named export
more robust.
I wasn't sure whether to include sed in the dracut_install() of
module-setup.sh since net already does that (and nbd depends on that).
To use vlan for net boot, you need to specify vlan and ip kernel options
for the boot interface. For example,
vlan=eth1.1:eth1 bootdev=eth1.1
ip=1.2.3.4:1.2.3.4::255.255.255.0:my-hostname:eth1:none
To use bridge for net boot, you need to specify bridge and ip kernel
option for the boot interface. For example
bridge=br1:eth1 bootdev=br1
ip=1.2.3.4:1.2.3.4::255.255.255.0:my-hostname:eth1:none
In my environment, I needs to boot machines from network within
a vlan or on a bridged network. I found curent dracut release
if-up.sh script in 40network module bypass ip setting for both
bridge and vlan interface.
When dracut-lib.sh is sourced it checks the command line (when not using systemd)
as part of the check_quiet() call.
Therefore mount /proc earlier in init.
Avoids the error:
init: 77: /lib/dracut-lib.sh: /proc/cmdline: No such file or directory
Just like btrfs, xfs now requires CRC module that cannot be resolved via
normal module resolving.
Move this hack into fs-lib and remove it from btrfs module.
https://bugs.mageia.org/show_bug.cgi?id=8676
For cmdline argument with numeric value, add a new function getargnum
It will get proper value with default value as $1, min value as $2,
max value as $3, and param name as $4. valid result will be echo to stdout.
for nul or value not valid it will just echo the default value.
Note: The values should be >=0
[v1->v2]: add arg <minval>
[v2->v3]: do not use bash string match =~
Signed-off-by: Dave Young <dyoung@redhat.com>
linkup is a wrapper function for waiting interface ready and up.
change to use linkup as what we do in ifup script.
Signed-off-by: Dave Young <dyoung@redhat.com>
In case that configuration file did not include name of team device,
teamd would not start. Fix this by adding "-t" parameter.
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
In case long delay of network driver initqueue will exit before net dev is
ready. We have no chance to setup it then.
For dhcp, when we finish the setup there will be a setup_net_<dev>.ok. Doing
same for static ip case. Also add a check to initqueue when we generate udev
rules to ensure it's early enough.
[v1->v2]: only wait for bootdev or it's possible to cause boot fail for
waiting for non-bootdev. For example bond0->eth0, set bond0 as bootdev and
dhcp, we only need to wait bond0 setup ok.
Signed-off-by: Dave Young <dyoung@redhat.com>
In case BOOTIF is not set and IFACES are not set in bonding/vlan/bridge code,
net-genrule.sh will fall to bring up all net interfaces.
Here add a failsafe option to read IFACES from /tmp/net.ifaces
[v1->v2]: move IFACES reading from net.ifaces after bonding/vlan/bridge info
code chunks.
[v2->v3]: [ -n "$IFACES" ] should be [ -z "$IFACES" ]
Signed-off-by: Dave Young <dyoung@redhat.com>
Some network driver will take long time to initialize. We have an example
in a HP machine which take about one minute for this. The callback such as
"ip link set <dev> up" will fail, afterwards setup for network will also
fail.
Fix this by add a new function wait_for_if_link, wait the link ready before
use it.
Signed-off-by: Dave Young <dyoung@redhat.com>
set link up usually include two steps, ip link set <dev> up and
wait_for_if_up <dev>. Now do these two steps in one function linkup.
Later patch will add other code into it.
Signed-off-by: Dave Young <dyoung@redhat.com>
V2: merge patch 2/2
fix active-backup mode by adding slaves one by one
sync with the latest teamd
improve the comments
wait for team ports to come up
install /etc/libnl/classid too
This patch adds the initial support for team device [1].
A new cmdline team= is introduced for it.
Note, currently we don't support stacked devices
on/under team, it is tricky and can be added on request.
1. http://www.libteam.org/
Cc: Harald Hoyer <harald@redhat.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Cong Wang <amwang@redhat.com>
Starting with commit 24a38bc1cb dracut
uses udev builtins but still depends on >=udev-166 in dracut.spec. This
patch makes dracut work with older udev again.
All credits go to Alexander Tsoy <alexander@tsoy.me>; see
https://bugs.gentoo.org/show_bug.cgi?id=437700
This bug was reported as http://bugzilla.redhat.com/873220#c2
As the /etc/modprobe.d isn't created in the boot process
nor bundled within the initramfs, the initramfsblacklist.conf
cannot be created.
Instead, the /usr/lib/modprobe.d directory is available and using it
will restore the blacklist behavior.
Kdump module will need the drm and kms kernel modules so user can see the
emergency shell at least.
Fix this by split 50plymouth module to 50drm and 50plymouth. Moving the
installkernel part to 50drm so user can use drm directly without adding
extra plymouth utils.
Signed-off-by: Dave Young <dyoung@redhat.com>
Tested-by: Chao Wang <chaowang@redhat.com>
1) strstr " $discarduuids " did not remove the optional
'luks-' prefix from the argument as the documentation says.
2) The lookup seems backwards. $luksdev ($luks in the other code copy)
is the full uuid and thus one should check whether the user-supplied
argument (short form) is contained therein, not the other way around.
Before this commit, the only way to trigger allow-discards was to
specify the full uuid without the 'luks-' prefix.
Commit a0be1ed removes some lines from do_static() and do_ipv6auto().
When $hostname is empty, do_static() and do_ipv6auto() will return 1
and fails to run setup_net at the last of ifup.sh
Signed-off-by: WANG Chao <chaowang@redhat.com>
If the user defines FONT in /etc/vconsole.conf as the same font
defined in DEFAULT_FONT, when creating her initd she will get a
message similar to this one:
gzip: /var/tmp/initramfs.wzl9Qt/usr/share/consolefonts/LatArCyrHeb-16.psfu
already exists; do you wish to overwrite (y or n)?
Signed-off-by: Canek Peláez <canek@ciencias.unam.mx>
cttyhack was removed and ctty is supported by default, so no need to
check it in ssh-client module any more.
Signed-off-by: Dave Young <dyoung@redhat.com>
No automatic assembly is done anymore by default. You will have to
specify exactly what devices to assemble
("rd.md.uuid=" "rd.luks.uuid" ...)
or use "rd.auto=1" or "rd.auto" on the kernel command line.
For big servers with thousands of disks we don't want to assemble
everything by default (error prone, slow).
"inst busybox" no longer seems to work when busybox is at
/sbin/busybox. Reproduced on Fedora 18 (dracut-023-39.git20120910).
Use type -P to find the full path to busybox to solve this problem.
ismounted handles both find-by-dev and find-by-mnt, but there's two issues:
1. for find-by-dev, it use readlink to get the canonical dev name, but
lvm is different with other devices, the canonical name for lvm devices
are symlinks like /dev/mapper/vg-lv00
2. for nfs mounting, just use [ -b $dev ] is not enough, it need being handled
seperately.
Per Karel Zak's suggestion, findmnt util is suitable for this purpose, it
handles these cases well, so just use findmnt instead of implement all the
logic by ourselves. Thanks, Karel.
Signed-off-by: Dave Young <dyoung@redhat.com>
kdump module also need to convert dev name to udev symlinks.
So better to move function get_persistent_dev() to dracut-functions.sh
Also in this patch improvement and fix the original function:
a) use udevadm info --query=name to get the kernel name.
This will fix the issue caused by passing symbolic link of a device.
b) fix a bug to compare $_tmp instead of $i with $_dev. Really sorry,
should have tested more carefully.
Signed-off-by: Dave Young <dyoung@redhat.com>
/run will get mounted at $NEWROOT/run after switch_root, but it's not
there yet. bind-mount it in place so updates for /run actually land in
/run.
(also: remove a redundant check for existing directories. mkdir -p
doesn't do anything if the directory already exists.)
When emergency_shell() happens, it does 'setsid --help' to figure out if
the setsid binary supports the '-c' flag (to set the controlling tty).
This output shows up in the logs (and on-screen if you're using
rd.debug), which keeps confusing people looking for other problems.
Using "case" instead of "strstr" lets us avoid this.
It looks like ip=ibft has been busted since
25aa3c5 network: refactor stuff from netroot/parse-ip-opts to net-lib
which moved ibft parsing code out to the ibft_to_cmdline function.
The use of ifname_mac was partially replaced by a local mac, but not
completely, causing ibft_to_cmdline to abort without generating network
configuration options.
Signed-off-by: Chris Leech <cleech@redhat.com>
Name based connects fail because of the quotes around the $nbdport.
For name based connects, the -N option also gets included. For
instance nbd-client 192.168.0.1 '-N ltsp' /dev/nbd0.
I believe the quotes are not necessary for actual port numbers.
Currently anaconda provides rd.md=0 on kernel's command line as a boot
time optimization if root is not on md device. But this leads to kdump
failure. We copy the command line from first kernel and if dump target
is on md device, it fails as we never try to assemble md devices as
rd.md=0.
We have already set rd.md.uuid though in /etc/cmdlind.d/ dir providing
dracut the info about what md devices to assemble. So this patch overrides
rd.md settings if rd.md.uuid is provided.
This is a stop gap measure to get kdump working on software raid
devices. Harald seems to have bigger cleanup plans for rd.md. Once
that happens, this patch will not be needed and things should
automatically be fixed.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
splitsep() would drop escapes from its inputs. For example:
splitsep ':' 'first:middle:\e\s\c\a\p\e\d' a b c
gave a='first', b='middle', c='escaped'. Even worse:
splitsep ':' '\e\s\c\a\p\e\d:middle:last' a b c
gave a='escaped', b='escaped', c='escaped:middle:last'.
This fixes the quoting so both calls return the values you'd expect
(e.g. 'first', 'middle', '\e\s\c\a\p\e\d').
To properly perform verification in FIPS mode,
we need to install fipscheck and libssl explicitly.
(cryptsetup seems to be the first user of this verification in ramdisk...)
Signed-off-by: Milan Broz <mbroz@redhat.com>
For lvm, multipath, iscsi modules they do not care about the filesystem,
Also there could be devcie in host_devs but it does not get formated.
For these kind of modules, use for_each_host_dev_and_slaves will be better than use
for_each_host_dev_fs, here add a new function to iterate the host_devs and
their slave devices.
In original for_each_host_dev_fs, it will call check_block_and_slaves which
will return once helper function return 0, but this is not enough for kdump
iscsi setup. For kdump iscsi case, it need setup each slave devices so that
the iscsi target can be properly setuped in initramfs.
Thus, this patch also add new functions check_block_and_slaves_all and
for_each_host_dev_and_slaves_all.
Signed-off-by: Dave Young <dyoung@redhat.com>
Tested-by: WANG Chao <chaowang@redhat.com>
each dev in host_devs[] should be waited in initqueue to make sure they
are oneline before initqueue finish.
Add a new wait_host_devs.sh in base module to make this a generic thing.
Because all the devs in fstab lines are also added to host_devs, so no need
do same wait in fstab-sys module anymore.
[v2->v3]: do not add slave devices to host_devs
wait for persistent dev name in initramfs
Signed-off-by: Dave Young <dyoung@redhat.com>
If users had switched to systemd-183+ but have not completed
the usrmove, then the variable ${systemdutildir} will likely
refer to /usr/lib/systemd NOT /lib/systemd and thus the
systemd-udevd daemon may not be found.
So let's try a little harder and add another hard coded path
and if we don't find it, then bail out hard.
otherwise sha512hmac will error out with:
sha512hmac -c /sysroot/boot/.vmlinuz-2.6.32-220.el6.x86_64.hmac
Error opening "/boot/vmlinuz-2.6.32-220.el6.x86_64": No such file or directory.
Kdump dracut hooks need to enter emergency shell, currently it directly call
"sh -i -l", with recent dracut this does not work anymore without proper ctty.
It will be convinient to seperate a standalone function _emergency_shell for
dracut modules to call.
Due to bug in module-setup.sh in the i18n module includes from the main
keymap are not working and not added to the initrd image.
Only one quotation per line is removed. Needs to remove all.
find_mount is really the same thing as ismounted with two additions:
1) uses "readlink" so "ismounted /dev/disk/by-label/LABEL" works
2) returns the mountpoint of the device
And ismounted is now just "find_mount $dev >/dev/null".
xfs and reiserfs (among other) supports storing journal data to a
separate device. Unfortunately, XFS requires this information to boot
properly (reiserfs can embed the information in its metadata but you
might want to override it).
Frederic Crozat <fcrozat@suse.com>
xfs and reiserfs (among other) supports storing journal data to a
separate device. Unfortunately, XFS requires this information to boot
properly (reiserfs can embed the information in its metadata but you
might want to override it).
Attached patch ensure host information are stored in initramfs and also
allows to give data over kernel commandline.
--
Frederic Crozat <fcrozat@suse.com>
SUSE
>From a7c592b9bb7de0d7874ae51d02944a7eee2ec75b Mon Sep 17 00:00:00 2001
From: Frederic Crozat <fcrozat@suse.com>
Date: Tue, 24 Jul 2012 18:52:17 +0200
Subject: [PATCH] Add support for separate journal on reiserfs and xfs
rflags is no longer guaranteed to be non empty. / is mounted according
to rootflags parameter but forced ro at first. Later it is remounted
according to /etc/fstab + rootflags parameter and "ro"/"rw". If
parameters are still the same as for first mount, / isn't remounted.
Conflicts:
modules.d/95rootfs-block/mount-root.sh
modules.d/99base/parse-root-opts.sh
A multipath partition's uuid will be presented like:
# cat /sys/dev/block/$_dev/dm/uuid
part1-mpath-360060e801047103004f2c4b300000008
So in this case, change the match regexp from '^mpath-' to 'mpath-'.
Signed-off-by: Chao Wang <chaowang@redhat.com>
Combining $keydev and $keypath should result in a unique, re-usable keydev
mountpoint. mkuniqdir doesn't seem to have any an advantage here and lacks
reusability. Is there ever a use case where these are true:
* there are more than one rd.luks.key=$keypath:$keydev
* one is actually different from the other
If dracut is build only with fips/fips-aesni (no crypto module),
FIPS mode fails because of missing GCM modules.
Just add proper modules to list (kernel have both maker as FIPS compliant already).
Signed-off-by: Milan Broz <mbroz@redhat.com>
install nfs modprobe config file
For nfs4, in case nfs.ko is not loaded mount.nfs4 will try to load
nfs4.ko instead of nfs.ko. Fedora nfs-utils creates a lib/modprobe.d/nfs.conf
in which there's below alias:
alias nfs4 nfs
Dracut also need this file to auto load nfs kernel module.
Tested booting to a fedora 17 nfsroot share.
Signed-off-by: Dave Young <dyoung@redhat.com>
All custom units, which should appear in the system later on should be
installed in /etc/systemd. They should have a guard like:
ConditionPathExists=/etc/initrd-release
So, we can later query via systemctl:
$ systemctl status dracut-initqueue.service
dracut-initqueue.service - Dracut initqueue hook
Loaded: loaded (/run/systemd/system/dracut-initqueue.service; enabled-runtime)
Active: inactive (dead) since Tue, 10 Jul 2012 16:01:22 +0200; 1min 37s ago
start condition failed at Tue, 10 Jul 2012 16:01:23 +0200; 1min 36s ago
Main PID: 173 (code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/dracut-initqueue.service
Jul 10 16:01:22 lenovo dracut-initqueue[173]: Checking, if btrfs device complete
Jul 10 16:01:22 lenovo dracut-initqueue[173]: Remounting /dev/disk/by-uuid/ade13292-d23f-45be-b732-fa9a391a56b0 with -o compress=lzo,ssd,rw
Jul 10 16:01:22 lenovo dracut-initqueue[173]: Mounted root filesystem /dev/sda3
The latest plymouth no longer relies on dracut to provide functions
needed to install binaries/libs so the check for a variable name
no longer works and the old, built-in script is used instead thus
breaking the new drm and framebuffer plymouth module installation.
dhclient initqueue hook fix
setup_net is scheduled in initqueue, sometimes it does not get chance to run
So the default route will not be set properly
Add a check in initqueue/finished to resolve this issue.
Signed-off-by: Dave Young <dyoung@redhat.com>
02caps: do not create /bin/sh link
caps.sh use !/bin/bash explictly, so no need to ln -sf bash /bin/sh
OTOH, 00dash will create the symlink /bin/sh, 99base will create it if
there's no /bin/sh symlink. It looks bad to creat /bin/sh in other modules.
If a script want to use bash as command interpreter it should use !/bin/bash
or !/bin/sh in case dash is not installed.
Signed-off-by: Dave Young <dyoung@redhat.com>
We do not support renaming in the kernel namespace anymore (as udev does
that not anymore). So, if a user wants to use ifname, he has to rename
to a custom namespace. "eth[0-9]+" is not allowed anymore.
Harald Hoyer