This patch adds support of vlan tagged bonding, for example,
bond0.2. In case of regression, I also tested bond0 and eth0.2,
all work fine.
Cc: Harald Hoyer <harald@redhat.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
"brd +" is not valid for ipv6. This causes the 'ip addr add' command to
fail with the message "Broadcast can be set only for IPv4 addresses".
So: don't use "brd +" for ipv6.
Don't try to be smarter than the admin configuring the machine.
Does also conflict with other methods trying to setup the interfaces,
like cmsifup.sh from the cms module.
A bridge device with only one underlying ethernet device is almost
useless, for sure we want to support a bridge with multiple
underlying devices.
This patch adds the support by extending <ethname> in the original
bridge= cmdline to a comma-separated list of ethernet interfaces.
Cc: Harald Hoyer <harald@redhat.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Depending on how the dasd_mod module was loaded, our device could have
already been marked as online or offline. We need to make the sysecho
sensitive to this and not fail if the attribute we're trying to set has
already been set.
Anaconda used arguments of the form:
ip=<ip> gateway=<gw> netmask=<nm>
for static IP configuration. So if we get a value for "ip" that's an IP
address, look for gateway= and netmask= and related args to fill in the
ip config vars.
wait_for_loginit ends the log; this is unhelpful if you're using
emergency_shell to do debugging.
Just leave loginit running. It doesn't hurt anything.
copytree() recursively copies the contents of SRC into DEST.
If DEST doesn't exist it is created; if it exists the contents of SRC
get merged into it (duplicate files are overwritten).
rd.neednet could be removed, as we can check /tmp/net.ifaces.
After this patch, kdump can bring up the NIC without
rd.neednet.
Cc: Harald Hoyer <harald@redhat.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
ifenslave is an old tool, and could be dropped,
we can use the /sys interface.
Cc: Harald Hoyer <harald@redhat.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Relax the rules for kdump, we don't specify netroot in kdump.
Cc: Harald Hoyer <harald@redhat.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
This patch adds basic vlan support in network module.
The cmdline syntax for vlan is:
vlan=<vlanname>:<phydevice>
for an example:
vlan=eth0.2:eth0
or
vlan=vlan2:eth0
See also patch 2/8.
Cc: Harald Hoyer <harald@redhat.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
In some cases (at least in mine) mount(8) is in /usr/bin/mount and
not in /bin/mount as dmsquash-live-root.sh expects. PATH is set to
/usr/bin:/usr/sbin:/sbin:/bin in that script anyway.
The legacy argument is DASD=, and the new arguments should be the same
as the arguments for populating dasd.conf. If multiple arguments are
passed we can stack them by inserting a ',' between them.
This is obviously wrong, ifenslave instead of brctl is needed for bonding.
Cc: Harald Hoyer <harald@redhat.com>
Signed-off-by: WANG Cong <xiyou.wangcong@gmail.com>
dracut allows passing --mount option which mounts the specified devices.
But it does not wait for these devices to show up and mounting will fail
if devices do not show up by the time "mount" was called.
I am writing some patches to support kdump on iscsi target and I noticed
that one of the initqueue script was not called as we found the root
device and broke out of main loop.
There are two possible enancements to this patch.
- Introduce a time limited wait (rd.timeout something along the lines of
rd.retry). That will allow kdump to try to dump to a backup target if
primary targets fails to come up.
- Wait for UUID= and LABEL= to show up too. Right now kdump converts
UUID= and LABEL= to respective devices and passes /dev/* to dracut
--mount option. So I am not introducing the wait for UUID= or LABEL=
in this patch.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
This patch adds check of kernel module existance and
propagate errors to upper callers.
In case of break other callers of instmods(), this patch
adds an option '-c' to it, only when "-c" is specified
we fail, otherwise, errors are ignored.
Reported-by: Dave Young <dyoung@redhat.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Cc: Harald Hoyer <harald@redhat.com>
do not require shutdown.target and final.target
After switch-root isolate to the default target. This will load the
default target in the real root after systemd deserializes.
If you unset CMDLINE to make _getcmdline re-read /etc/cmdline and
/etc/cmdline.d/*, CMDLINE_ETC and CMDLINE_ETC_D would keep their
contents.
This is a serious problem if you have (e.g.) "ip=eth0:dhcp" in
/etc/cmdline.d/net.conf, because getargs ip= will return
"ip=eth0:dhcp ip=eth0:dhcp" and then parse-ip-opts.sh will die() because
you have two configurations for eth0.
If you're using a static network config, you'll want to keep your
nameservers around when NM starts. Write DNS1 (and DNS2, DNS3, etc..)
into the ifcfg file.
Thanks to Mark Hamzy <hamzy@us.ibm.com>
and Will Woods <wwoods@redhat.com> for the patch.
Basically, s390 is the only place I've ever seen TERM=dumb, and it's too
dumb to handle '\r', so --progress-bar produces waaaaay too much output.
The normal progress meter only prints something once per second, so
that's reasonable on terminals where '\r' doesn't work.
See also: https://bugzilla.redhat.com/show_bug.cgi?id=814713
Every time url-lib gets imported we end up making the list of handlers
longer with redundant entries. That's silly - we shouldn't add items
that already exist.
Note that this means you'll have to manipulate the handler list yourself
if you want to change the position/priority of existing handlers.
Sometimes some hook script will need to be before the cleanup hook scripts
For example dhclient killing, nfs cleanup, etc. must not happen before kdump
because it will use their fuctionalities.
So here introduce a new hook pre-pivot-cleanup, all cleanup scripts will go there.
that means pre-pivot hook is splited to two hooks pre-pivot and pre-pivot-cleanup
Signed-off-by: Dave Young <dyoung@redhat.com>
Qemu/KVM provides virtfs, a paravirtualised filesystem that is
implemented by running the Plan 9 folder sharing protocol over
virtio.
Make booting with root=virtfs:foobar use the virtfs filesystem
with mount tag 'foobar' as root filesystem, to allow booting
virtual machines off virtfs.
Note that this only handles 9p over virtio (i.e. virtfs), and
doesn't attempt to handle mounting 9p filesystems over TCP/IP,
for example.
Signed-off-by: Lennert Buytenhek <buytenh@wantstofly.org>
Currently dracut uses lvm.conf as found in the system and modifies only
global/locking_type setting. As there's a new feature introduced - the lvmetad
daemon, dracut should disable its use as well by setting "global/use_lvmetad=0"
(patch attached).
Otherwise, there's a warning message issued:
dracut: WARNING: Failed to connect to lvmetad: No such file or directory.
Falling back to internal scanning.
@@ -, +, @@
modules.d/90lvm/lvm_scan.sh | 2 ++
modules.d/90lvm/module-setup.sh | 1 +
2 files changed, 3 insertions(+), 0 deletions(-)
Another solution could be searching in directories found at
/etc/ld.so.conf.d/*.conf or adding a new parameter. Here is a patch
which adds a new --libdirs parameter, and also a new inst_libdir_file
function which will try to expand metacharacters on each lib
directory:
inst_libdir_file "libdevmapper-event-lvm*.so"
Mounting, unmounting and then mounting a disk partition takes some
time.
On embedded systems such as OLPC XO where we disable fsck and fstab
reading, the root options are not going to change throughout the
mount_root() function, so remounting is time consuming and without
change.
Detect and optimize for this case so that the filesystem is only
mounted once.
According to its comment in dracut-lib.sh:
splitsep ":" "one:all:the:rest" one two
should set two="all:the:rest". But there's no check to see if the
current field is the last field, so it just gets "all".
For NetworkManager to properly take over a NFS-root system, we need to
have the interface name(s) in /tmp/net.ifaces and save the dhclient
lease. This lets the ifcfg module do its magic.
save_netinfo should properly write out /tmp/net.ifaces when needed, and
copies the dhclient files into place.
This makes sure the network is active and ready to use during the
initqueue/online hook.
It also makes it so you can run setup_net repeatedly without causing
error messages.
also fixup the logic what and when to mount.
first initramfs/etc/fstab is mounted
$NEWROOT/etc/fstab.sys takes precendence over initramfs/etc/fstab.sys
"export -n" is a bash extension, not part of POSIX, and is hence
incompatible with the busybox shell.
This was breaking boot when the busybox module was used.
Reimplement the scope change in a few lines of standard shell code.
wait_for_loginit does set +x (to turn off debugging temporarily), but
sometimes it would return before turning it back on. Move the set +x
line to fix that, then use 'setdebug' to make sure we don't turn it back
on unless it was needed.
live.updates allows you to specify the URL for an "updates image" that
should be applied to the live runtime before switch_root.
The URL can be anything supported by url-lib (http, https, ftp, possibly
nfs) and the image can be anything supported by img-lib (xz/gzip
compressed cpio/tar, uncompressed cpio/tar, filesystem image, etc.)
For curl_fetch_url (http/https/ftp):
- use --progress-bar (the output is less messy)
- print the URL we're fetching so the user know's what's happening
For curl and nfs:
- don't echo the filename if it was provided by the user
The "online" hook runs whenever a network interface comes online (that
is, once it's actually up and configured).
The initqueue --env argument is used to set "$netif" to the name of the
newly-online network interface.
Add new functions: all_ifaces_up, get_netroot_ip, ip_is_local, ifdown,
setup_net, set_ifname, ibft_to_cmdline
Use them in netroot.sh and parse-ip-opts.sh.
There's also a couple little unrelated cleanups.
Since cp won't copy a directory over a symlink, any updates that were
supposed to go into e.g. /lib would get dropped if you had /updates/lib
as an actual directory, but the target system had /lib->/usr/lib.
As described in https://bugzilla.redhat.com/show_bug.cgi?id=541410#c2,
if you want NetworkManager to take over an interface that you're using
for NFS root (or other network root device), you need to:
a) set UUID=<uuid> in ifcfg-<iface>, and
b) save the lease file as /var/lib/dhclient-<uuid>-<iface>.lease
This patch should make write-ifcfg handle both these things.
In kernel_only mode, we don't want to write /etc/cmdline.d
Correctly return the check functions, so we have a valid return of
for_each_host_dev_fs().
mdraid and dmraid functions had wrong checkings for the filesystem
type.
Due to the way the main loop runs to detect partions, the same one
might be included twice (albeit via different symlinks.
This code simply prevents the same combo being activated twice.
A better fix might simply be to not include duplicate (after
resolving symlinks) entries in the host_fs_types variable.
If you do "fetch_url $url/.somefile", fetch_url would return failure,
because "$outdir/*" wouldn't match the file.
Use ls -A (which busybox ls supports) to actually find possible dotfiles
in the created output dir.
Signed-off-by: Will Woods <wwoods@redhat.com>
commit 38164332e1 try to
disallow ssh-client install for without proper options.
But ssh-client will fail installation with --sshkey for
publickey mode
Fix it by refusing to install only when both --ctty and --sshkey
are not added in options.
Signed-off-by: Dave Young <dyoung@redhat.com>
Manually setuping nic through udev is not always done when
we want network access. Here add a function wait_for_route_ok to
wait and make sure the network is accesible
[v1 -> v2]:
Harald: don't use bash syntax
Add check for [ -n "$li" ] because `ip route show` will show nothing probably
Signed-off-by: Dave Young <dyoung@redhat.com>
img-lib handles identifying and unpacking archives (uncompressed or
compressed) and filesystem images.
Currently tar and gzip are required; cpio and xz are optional, and bzip2
is supported but unused.
Signed-off-by: Will Woods <wwoods@redhat.com>
This adds nfs_fetch_url to allow fetching arbitrary files from NFS.
This means that livenet can now run using an NFS-mounted live image,
which reduces memory usage by a lot.
Signed-off-by: Will Woods <wwoods@redhat.com>
This makes the livenetroot module use url-lib for fetching its root
image/filesystem. There's also some minor tweaks for POSIX compliance.
Signed-off-by: Will Woods <wwoods@redhat.com>
url-lib adds some functions for dealing with URLs (mostly for fetching
files, for the moment).
It uses curl to handle http/https/ftp URLs, but it can be extended by other
modules at runtime by using the "add_url_handler" function.
Signed-off-by: Will Woods <wwoods@redhat.com>
nfs-lib.sh contains a bunch of functions used to parse NFS "url"s of
various types, pull nfs information out of dhcp info, and actually
perform nfs mounts sanely.
Signed-off-by: Will Woods <wwoods@redhat.com>
net-lib.sh is a library of useful functions for network stuff.
More things may get added/moved here in the future.
Signed-off-by: Will Woods <wwoods@redhat.com>
if you add realinitpath="<path1> <path2>" to dracut.conf, then it will
be written to $initdir/etc/cmdline.d/distroinit.conf with
"rd.distroinit=<path1> rd.distroinit=<path2>" and evaluated by
99base/init, when it searches for init.
Current dracut network only will be setup when netroot is used. But there are
some cases we need network even without netroot. For example kdump will need
copy vmcore to remote machine via scp or nfs mount. OTOH, if we use dracut as
a recovery system the network is helpful even root is not a network device.
This implementation is based on the manually bring up method. Here add a kernel
cmdline argument rd.neednet. If rd.neednet is set dracut will bring up network
with ifup $INTERFACE -m. If netroot is used we still keep original behavior.
Signed-off-by: Dave Young <dyoung@redhat.com>
fstab-sys will mount nonroot nfs as well, so we need to split the necessary
code from nfsroot to start rpc daemon as hook script.
Signed-off-by: Dave Young <dyoung@redhat.com>
If /etc/fstab.sys does not exist installing fstab-sys module will fail.
Fix this by checking use_fstab and fstab_lines as well
Signed-off-by: Dave Young <dyoung@redhat.com>
For kdump we need scp vmcore to remote machine, the nic to be used is
not limited to netroot one. we need a feature for manually bringing up
network interface. Also it is useful for emergency shell with
ssh-client for recovery or test purpose
I implement this by adding one argument to ifup script, user can use
`/sbin/ifup eth0 -m` to bring up eth0, note ifup will regard it a
manual operation for the nic specified in 1st argument if there's
the 2nd argument.
If same nic is used for netroot the 2nd argument will be ignored,
in this case we will leave netroot bring up it automatically to
avoid side effect. And in this case hooks such as kdump will need to
execute after netroot mounted.
`ifup eth0 -m` will create /tmp/net.eth0.manualup stamp file,
later dhclient-script can check this and pass $2 to netroot,
then netroot script will bring eth0 up
Thanks for comments and suggestions from David Dillow.
Signed-off-by: Dave Young <dyoung@redhat.com>
First, $host_fs_types is an array.
Second, use strstr to match btrfs type.
Cc: Harald Hoyer <harald@redhat.com>
Signed-off-by: WANG Cong <xiyou.wangcong@gmail.com>
The line "source_all netroot" was trying to source netroot hooks from
/netroot, which doesn't exist, so netroot hooks were never executed.
Signed-off-by: Will Woods <wwoods@redhat.com>
When booting with nfsroot, dracut doesn't necessarily set the initial
hostname correctly.
According to dhcp-options(5), the name may or may not be qualified with
the local domain. It goes on to say "it is preferable to use the
domain-name option to specify the domain name".
So dhclient-script needs to be able to handle the cases: a) where
host-name is fully qualified and domain name is also specified; b)
where hostname is fully qualified and the domain is not separately
specified; c) where host-name is "short" and domain-name is also
specified; and d) do its best where host-name is short but domain-name
is not specified.
The dhclient-script in initramfs does not handle case "c", apparently
the preferred situation properly, setting hostname to "short".
https://bugzilla.redhat.com/show_bug.cgi?id=756347
This rewrites a portion of the module to support xz, as well as allow
an easier expansion should future compression methods for kernel
modules ever materialize.
Add ssh client module which support ssh key mode and interactive mode.
with --sshkey option you can provide the ssh key to be installed
>why not call it "ssh" module?
ssh-client is better, maybe future there will be ssh-server come in.
In debian these are also two different packages.
Usage:
1. sshkey mode:
transfer your public key to remote machine with ssh-copy-id or do it mannaully
example of options:
./dracut -l -H -a ssh-client --sshkey /root/.ssh/id_rsa i.img
2. interactive mode:
need use --ctty option, ie.:
./dracut -l -H -a ssh-client --ctty i.img
[v2 changes]:
per wangcong: add patch description about module name
add help line in usage()
remove useless comment
Signed-off-by: Dave Young <dyoung@redhat.com>
Option --ctty will optionally add setsid binary to dracut's image.
During runtime, if rd.ctty is set and is a character device,
emergency shells will be spawned with job control.
in case no ctty was provided, shell was spawned without caring about
/dev/console. Also, the ctty is more opportunistic. If the image was
generated with --ctty, we will fallback to /dev/tty1 if rc.ctty is
invalid or missing. Otherwise we spawn standard shell on /dev/console
[dyoung@redhat.com: Rebased to usrmove branch]
Signed-off-by: Michal Soltys <soltys@ziu.info>
Signed-off-by: Dave Young <dyoung@redhat.com>
ssh module will need root user in /etc/passwd, so add root and nobody
to /etc/passwd in 99base instead of nfs module
Signed-off-by: Dave Young <dyoung@redhat.com>
While the documentation states that ifname MAC addresses must be
lower case, we silently accept upper case ones and fail later on
when udev doesn't rename the device.
Instead of adding sanity checking on the MAC address just convert
it to lower case and remove the requirement completely.
fstab-sys now also handles device passed by dracut argument "--mount"
The "--mount" mount point is possible not exist in $NEWROOT. Thus mount it
in initramfs if mount point is not exist in real rootfs
It is useful to know that loop device that the live image's / is mounted
from. Make a /run/initramfs/live-baseloop symlink that points to it.
Edited-By: harald@redhat.com: changed /dev/live-baseloop
to /run/initramfs/live-baseloop
Like -H, we need to poll every module to check if it is needed
to mount a specific device in '--mount'.
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
When the initqueue cannot be processed, it might be about an invalid
root device (in which case a separate message produced via
wait_for_dev() should be displayed anyway), but it could also
be for any other reason (e.g. /dev/resume not existing).
Therefore, it is best to use a more generic error message.
Also a minor tab->space conversion in the near vacinity of
the real change.
This commit allows the waiting for a device to be cancelled.
When the resume partition does not exist, it becomes quite hard
to work out what to do (you have to either create the
/dev/resume symlink manually, or remove the 'finished' job
that is waiting for it). Additionally dracut incorrectly
displays a message about not being able to find the root
device, which is bogus and misleading.
This commit should just bail on the whole resume thing
if the device cannot be found and proceed with a normal boot.
This should fix initial initrd generation during install.
If the modules are not desired to be used, the nokmsboot kernel
command line should disable them.
--add-fstab [FILE] Add file to the initramfs fstab
--mount "[DEV] [MP] [FSTYPE] [FSOPTS]"
Mount device [DEV] on mountpoint [MP] with filesystem
[FSTYPE] and options [FSOPTS] in the initramfs
inst_mount_hook <mountpoint> <prio> <name> <script>
Install a mount hook with priority <prio>,
which executes <script> as soon as <mountpoint> is mounted.
add_mount_point <dev> <mountpoint> <filesystem> <fsopts>
Mount <dev> on <mountpoint> with <filesystem> and <fsopts>
and call any mount hooks, as soon, as it is mounted
Unlike "ifconfig", the "ip" command does not set a broadcast address
unless explicitly requested.
add "brd +" to make "ip" calculate the broadcast address on the fly
To start bnx2fc, we need to run fipvlan only and not dcbtool. DCBX is run
automatically in the hardware, but VLAN discovery needs to be started by
fipvlan.
https://bugzilla.redhat.com/show_bug.cgi?id=736094
The dm module, which lvm and dmraid depend on, installed dmraid
shared libs. The lvm module installed udev rules, which were
already installed by the dm module.
Cleaned up those issues.
The kernel's primary console device is determined by the last "console="
argument on the kernel command line. This setting should be respected by
dracut-generated initial RAM disks.
Steps to Reproduce:
(Easiest using a KVM VM, virt-manager and "virsh console")
1. Boot with a kernel command line ending in
console=tty0 console=ttyS0,115200
2. Observe both tty0 and ttyS0.
The output of init scripts is sent to ttyS0, as the final "console="
argument determines the primary console device as per
Documentation/serial-console.txt in the kernel sources.
https://bugzilla.redhat.com/show_bug.cgi?id=752073
The Xen module is unnecessary and it has been for a while.
Most Xen systems will not be using the module, even now, because
xen-detect is not installed by default on most Xen systems, and
dracut uses xen-detect to decide whether to include the module.
It also has some problems:
1) it does not try loading xen_platform_pci;
2) it loads modules unnecessarily; modules.alias is where all Xen support
should reside. Assuming xenbus_probe_frontend and xen_platform_pci
are loaded so that Xen devices are probed, other modules are picked up
automatically thanks to aliases such as
alias xen:vbd xen_blkfront
3) Even not-so-recent kernels (say 2.6.32) require the xen_platform_pci
and xenbus_probe_frontend modules even for non-paravirtualized guests.
60xen/module-setup.sh picks the module only for PV guests.
So, just require xenbus_probe_frontend to be builtin, and also
xen_platform_pci for fully-virtualized guests, and remove the module.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
- in 10i18n - do stty -iutf8 on non-utf8 consoles, for consistency with
iutf8 on utf8 ones
- vim modeline in xml file
Signed-off-by: Michal Soltys <soltys@ziu.info>
This is from the following thread:
http://thread.gmane.org/gmane.linux.raid/35753/focus=35795
Additional tests + more specific info.
Signed-off-by: Michal Soltys <soltys@ziu.info>
[harald@redhat.com: usable_root(): relaxed check for root]
The "read" shell builtin consumes backslashes, which is a problem if
your root device is something like "LABEL=Fedora\x2016".
Using "read -r" tells the shell to leave backslashes alone.
This patch replaces:
- {var}>... redirections with functionally identical eval construct +
explicit FDs
- ^^ and ,, case modifiers with temporary shopt
This allows us to lower minimum required bash version
to at least 3.1 (with current code).
Signed-off-by: Michal Soltys <soltys@ziu.info>
in dracut.conf:
fscks="<tools>"
nofscks="yes"
and similary on command line:
--fscks [LIST] (in addition to conf's, if defined there)
--nofscks
Signed-off-by: Michal Soltys <soltys@ziu.info>
Filtering modules requires enough work that instmods() in the
next pipeline stage was rarely busy. Parallelize the two
filters which do the most work. Also fix a filename-vs-contents
mistake in net_module_filter.
--
John Reiser, jreiser@BitWagon.com
>From f4533a2ceca52c443ddebec01eeaa35d51c39c1b Mon Sep 17 00:00:00 2001
From: John Reiser <jreiser@BitWagon.com>
Date: Tue, 13 Sep 2011 17:41:43 -0700
Subject: [PATCH 1/3] Parallelize block_module_filter
ID_FS_TYPE can be much more than just ddf/imsm/linux raid member, so
do the proper checks.
This reverts certain changes from:
cf5891424e
Signed-off-by: Michal Soltys <soltys@ziu.info>
Whitespace removal in:
out="${out}${chop# }$r"
will damage certain strings, for example the following call:
str_replace ' aax aaxaa' x y
would return 'aayaayaa' instead of ' aay aayaa'.
Signed-off-by: Michal Soltys <soltys@ziu.info>
Reworked the flow of the rules file a bit, removed redundant tests, also
should be easier to follow. It's much shorter now as well, a bit more
similar to 90lvm script - both revolve around same concepts after all.
There's no reason to treat conf-assembled arrays differently from
incremental ones. Once we hit timeout in init's udev loop, we can use
common script (mdraid_start.sh) to try force inactive arrays
into degraded mode.
md-finished.sh was kind-of out of place - it didn't really wait for any
particular device(s) to show up, just watched if onetime mdadm scripts
are still in place. Furthermore, after moving mdraid_start to --timeout
initqueue, it didn't really have too much to watch at all, besides
mdadm_auto (and that served no purpose, as we do wait for concrete
devices).
Either way, with stock 64-md fixes, current version of 65-md*.rules does
the following:
- limits assembly to certain uuids, if specified
- watch for no ddf/imsm
- if mdadm.conf => setup onetime -As script, without forced --run option
- if !mdadm.conf => incrementally assemble
- for both cases, setup timeout script, run-forcing arrays as a last resort
Signed-off-by: Michal Soltys <soltys@ziu.info>
1) mdadm -As --auto=yes --run 2>&1 | vinfo (removed)
Currently such auto assembly will not complete or force-run partially
assembled arrays. It might assemble "concurrent" separate array and
force-run it, if possible (though the chances of suddenly showing
missing components in this scenario - a script run after udev timeout -
are pretty thin). See [1] for details. Also see #3 below.
2) mdadm -Is --run 2>&1 (removed)
This will only force-run native arrays - arrays in containers will not
be affected. See [1] for details. Also see #3 below.
3) mdadm -R run loop (implicitly handles #1 & #2)
This loop does everywthing that #1 & #2 are expected to do. Thus, the
above invocations are simply redundant and this is the most safe and
flexible option.
Also, it shouldn't be necessary to go under md/ directory, as those are
just symlinks to /dev/md[0-9]*.
Certain checks were changed to strict ones (array state, degraded state)
instead of relying on env tricks.
'cat' was added explicitly to installed programs (it has been used
implicitly in shutdown script either way)
4) mdmon bug
See [1] for details as well. In short - force-run arrays in containers
will not have mdmon started, so we do that manually.
5) stop/run queue magic
Also removed. mdadm -R will only cause change events to the array
itself, and they should not be an issue.
[1] http://article.gmane.org/gmane.linux.raid/35133
Signed-off-by: Michal Soltys <soltys@ziu.info>
Stop both arrays (first pass) and containers (second pass).
Loop only over /dev/md[0-9]*
Call cleanup script only once, make sure it's after crypt cleanup.
Signed-off-by: Michal Soltys <soltys@ziu.info>
Remove whole "start a container logic".
Containers once assembled, always remain in 'inactive' state.
Any attempt to run a container with mdadm -IR is a no-op, and any
attempt with just mdadm -R ends with an error.
Signed-off-by: Michal Soltys <soltys@ziu.info>
Currently shipped mdadm rules incrementally assemble all imsm and native
raids, and do so unconditionally. This causes few issues:
- fine-grained controls in 65-md* are shadowed - for example,
mdadm.conf's presence tests or uuid checks
- 90dmraid might also conflict with 90mdraid, if user prefers the former
to handle containers
- possibly other subtle issues
This patch adjusts the behaviour.
Signed-off-by: Michal Soltys <soltys@ziu.info>
Use bash "[[ string =~ pattern ]]" instead of "egrep -q".
Replace control-dominated serial fondling
for var in $(proc1); do proc2 var; done
with data-dominated parallel pipeline
proc1 | while read var; do proc2 var; done
Together this is a large savings.
[harald@redhat.com: fixed network kernel module filter]
This asks for the luks passphrase if key is not found for defined time (if defined with rd.luks.tout cmd line):
modules.d/90crypt/cryptroot-ask.sh | 21 ++++++++++++++++++---
modules.d/90crypt/parse-crypt.sh | 5 +++--
2 files changed, 21 insertions(+), 5 deletions(-)
If we're about to start a Live image (i.e. if /dev/mapper/live-rw
exists) this script will take any files found in /updates (inside the
initramfs!) and and copy them into $NEWROOT.
This allows for hotfixes to be applied to existing Live images without
rebuilding the entire image.
Signed-off-by: Will Woods <wwoods@redhat.com>
Currently dmsquash-live-root requires that squashfs images be named
"squashfs.img" and all others be "ext3fs.img" or "rootfs.img".
If we've got a live image in initramfs, this patch will make dracut use
losetup and det_fs to determine the actual filesystem type of the image.
Signed-off-by: Will Woods <wwoods@redhat.com>
- use last ro/rw cmdline arg rather than favoring 'rw' over 'ro'
- don't bother with useless RES variable for holding $?
- only do fs check when $livedev is a block device
Signed-off-by: Will Woods <wwoods@redhat.com>
fsck_single() operates directly on the device, so fstab is not
necessary. fs-lib functions make sure fscks don't complain.
Code is only commented out just in case I missed something.
To not pollute dracut-lib.sh, all the fsck related functions were moved
to fs-lib.sh. The functions available are as follows:
- fsck_single
this will detect/verify filesystem, check if it has necessary tools and
check the filesystem respecting additional flags (if any), using
specific "driver" (or falling back to generic one). Currently
available: fsck_drv_{com,xfs,std}. 'com' is used for tools following
typical subset of options/return codes (e.g. ext, jfs), 'std' is used
for "unknown" fs and doesn't assume it can be run non-interactively.
Please see comments around the code for more info.
- fsck_batch
this will check provided list of the devices;
Both of the above functions will fake empty fstab, to make generic fsck
not complain too much (excact devices are always provided on the command
line).
"Known" filesystems currently: ext234, reiser, jfs, xfs
- det_fs
Small bug fixed - as this function is meant to be called in $(), it may
not be verbose.
Current behaviour is:
- if detection is successful, use its result
- if detection is not successful, and filesystem is provided, return
the provided one; otherwise use auto
Previously, '-a' was added for ext[234] filesystems if other
conflicting flag were not present. It's being done automatically
in fsck_drv_com() now (also for jfs and reiser).
The livenet module allows you to use a root arg like:
root=live:http://server.name/path/to/live.img ip=dhcp
The named live image will be downloaded with wget and then set up as the
root device.
It currently supports FTP, HTTP, and HTTPS. dracut will try to install
the CA bundle (/etc/ssl/certs/ca-bundle.crt) into the initramfs so that
SSL certificate checking will work properly.
If an HTTPS URL is given and the site fails the certificate check, the
file will be rejected and the system will not boot into it.
Signed-off-by: Will Woods <wwoods@redhat.com>
if a value of a key on the kernel command line includes wildcards, these
would be expanded.
E.g., if you have "key=/dev/sd*" the value would be substituted with
"/dev/sda /dev/sda1 /dev/sda2" instead of returning "/dev/sd*"
The script that was generated always returned the status of the last test
condition, potentially missing any earlier non-existing devices.
The change assures, that the script returns 0 only if all expected
devices are found.
Signed-off-by: Michal Soltys <soltys@ziu.info>
This module mounts an eCryptfs filesystem from the initial ramdisk using an
encrypted key.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Acked-by: Gianluca Ramunno <ramunno@polito.it>
This module initializes the EVM software and permits to load a custom IMA
policy.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Acked-by: Gianluca Ramunno <ramunno@polito.it>
This module initializes a trusted/user kernel master key that will be used
to decrypt other encrypted keys.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Acked-by: Gianluca Ramunno <ramunno@polito.it>
Mount the securityfs filesystem and make available its location through the
exported variable SECURITYFSDIR.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Acked-by: Gianluca Ramunno <ramunno@polito.it>
Currently in dracut busybox module, we hard-code the list of binaries
available in busybox. Actually we can get this list by running busybox
without any arguments.
Also, if find_binary() finds nothing, we would symlink $initdir/
which is not we expect.
Signed-off-by: WANG Cong <xiyou.wangcong@gmail.com>
As Ray Strode explains, plymouth --has-active-vt may fail if the user
passes console=ttyS0 or something other not corresponding to
console=tty0, because plymouth is outputing to the serial console and
not a VT in this case.
In the initrd, the init script and the sbin/cryptroot-ask script use
flock with different lock files for the console: /.console_lock and
/.console.lock respectively
Use common fsck and det_fs code. Verify filesystem type more
aggressively, which has a chance to be more resistant to
accidental mistakes.
Also, there's no need to generate custom fstab for the sake of fsck
anymore.
Signed-off-by: Michal Soltys <soltys@ziu.info>
This patch mainly adds fsck functionality to fstab-sys, with additional
sanity checks (checking for device existence, verifying fstype via
det_fs).
Signed-off-by: Michal Soltys <soltys@ziu.info>
Both functions will be used by rootfs-block and fstab-sys modules.
Both are based on code present in mount-root.sh, though few changes are
present.
det_fs:
will try to determine filesystem type for supplied device, even if it's
not auto. If fs cannot be detected, or if the detected one differs from
the supplied one - a warning is issued (so user can fix its stuff later)
wrap_fsck:
will call fsck for specific device with optionally additional
fsckoptions. The function returns fsck return value.
Signed-off-by: Michal Soltys <soltys@ziu.info>
If /proc/cmdline is empty (like if root=... is set in /etc/cmdline),
modules.d/99base/init will crash with a message saying "can't shift that
many" right before switch_root. The problem is in the block of code that
tries to look for init args. It does something like:
read CMDLINE </proc/cmdline
[...]
set $CMDLINE
shift
If CMDLINE="" then "set $CMDLINE" will dump all the variables to stdout.
(That should be "set -- $CMDLINE" instead.) Since there's no $1, the
"shift" causes an error, and dracut crashes.
The 'shift' was copy-and-pasted from the previous block. It doesn't
belong here; remove it.
[Harald Hoyer <harald@redhat.com>: corrected commit message]
[Harald Hoyer <harald@redhat.com>: fixed indention]
Signed-off-by: Will Woods <wwoods@redhat.com>
- also support FIPS on separate LVM partition
- use small settle loop to get /boot
- "set -e" has no effect, if we use "||"
- make fips work with encrypted root and seperate boot
- moved to pre-pivot to support /boot in /
Given that we boot into a modern Linux distribution with the "/run" toplevel
directory, we can easily mount move the whole /run directory to the real
root in the end and have the complete initramfs later on in
/run/initramfs. All log files and /run states are still accessible and
to save space /run/initramfs can be removed later on.
Because the kernel does not mount a tmpfs on /run prior to unpacking the
initramfs cpio image, we have to copy ourselves very early to a tmpfs
and mount it on /run.
Due to lazy umount the old initramfs binaries should
be removed in the end by switch_root.
This feature can be turned on with "--prefix".
Fixes long-standing FIXME
Latest isomd5sum added an option to abort media check with ESC key,
but that key is taken by plymouth for switching to the detailed log
messages, making it impossible to abort checkisomd5.
Tested in text mode.
While on some systems (like Fedora) rpc_pipefs is mounted
automatically when sunrpc module is loaded, on Debian based systems it
needs to be mounted manually.
Every image gets handled the same way regardless of filesystem, so
let's use a filesystem-neutral name (rather than adding new
lines for every fstype anyone might want to use).
Otherwise there is no way to skip pasword prompt. --has-active-vt
seems to correctly catch also the case when plymouthd is started
but splash is disabled.
Signed-off-by: Andrey Borzenkov <arvidjaar@gmail.com>
This adds the following parameters:
rd.caps=1
turn the caps module on/off
rd.caps.initdrop=cap_sys_module,cap_sys_rawio
drop the specified comma seperated capabilities
rd.caps.disablemodules=1
turn off module loading
rd.caps.disablekexec=1
turn off the kexec functionality
If module loading is turned off, all modules have to be loaded in the
initramfs, which are used later on. This can be done with
"rd.driver.pre="
rd.driver.pre=autofs4,sunrpc,ipt_REJECT,nf_conntrack_ipv4,....
Because the kernel command line would get huge with all those drivers, I
recommend to make use of $initramfs/etc/cmdline.
So, all rd.caps.* and rd.driver.pre arguments are in caps.conf can be
copied to $initramfs/etc/cmdline with "-i caps.conf /etc/cmdline".
Also all modules have to be loaded in the initramfs via "--add-drivers".
The resulting initramfs creation would look like this:
--add-drivers "autofs4 sunrpc ipt_REJECT nf_conntrack_ipv4 \
nf_defrag_ipv4 iptable_filter ip_tables
ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack
ip6table_filter ip6_tables dm_mirror dm_region_hash dm_log uinput ppdev
parport_pc parport ipv6 sg 8139too 8139cp mii i2c_piix4 i2c_core ext3
jbd mbcache sd_mod crc_t10dif sr_mod cdrom ata_generic pata_acpi ata_piix
dm_mod" \
/boot/initramfs-caps.img
We want all "/var/run" information to live in /dev/.run, until the real
root is mounted.
Therefore we mount a tmpfs on /dev/.run, which can/will be bind/move mounted
on /var/run later on.
This allows creation of initramfs images which contain a Live system.
The primary use for this is keeping very large initramfs-based systems
(e.g. anaconda, the Fedora installer) compressed in-memory, by using a
compressed filesystem image like squashfs or btrfs.
dmsquash-live-genrules.sh will initqueue dmsquash-live-root itself
(rather than making udev rules) if the given live "device" is actually
an existing, plain file.
parse-dmsquash-live.sh will only accept paths that end in ".img".
dmsquash-live-root will only handle images named "*squashfs.img",
"*ext3fs.img", or "*btrfs.img".
btrfsctl is being replaced by the btrfs command in the upstream
tools, so change accordingly. Also, if we're using the btrfs module
we should probably make sure the btrfs driver gets installed.
Some versions of dash don't behave as expected with code like this:
while IFS=: read a b c; do
blah
done
Thanks to Eric Mertens who identified the issue.
Let inst_key_val usage agree with above patch :)
Also UNICODE is rather global console property, not font specific
(and if anything, is rather keyboard specific). Let it be just
vconsole.unicode
Signed-off-by: Andrey Borzenkov <arvidjaar@gmail.com>
Cc: initramfs@vger.kernel.org
In Fedora selinux is now handled by systemd. If you want to enable
selinux by default, just add it to your /etc/dracut.conf.d/01-dist.conf
with:
add_dracutmodules+=" selinux "
`modules.builtin.bin' is installed like a regular file, thereby ending
up in the wrong place when `--kmoddir' is in effect. Fix this by
specifying the installation destination.
New kernel argument syntax for LUKS-keydev is introduced:
rd.luks.key=<key_path>[:<key_dev>[:<luks_dev>]]
Unfolding <key_dev> in BNF:
<key_dev> ::= "UUID=" <uuid> | "LABEL=" <label> | <kname>
Where <kname> matches following regular expression:
^/dev/.*
<kname> need to be a character device and not a symlink for now.
For every rd.luks.key argument udev rule is created. That rule runs
test to check whether matching device contains <key_path>. If it does
it's applied to matching <luks_dev>.
New:
str_starts, str_replace
funiq - print new unique file name
mkuniqdir - create and print new unique dir
splitsep - splits given string 'str' with separator 'sep' into vars
udevmatch - create udev rule match for a device
Modified:
foreach_uuid_until - use $___ as a place holder
It is not clearly documented, but apparently fsck
(or, probably, getmntent) is using backslash as
escape character.
Label containing slash is converted to \x2f but '\'
is eaten by fsck later. Escape '\' before writing
into fstab.
v2:
- fix sed expression
- use printf instead of echo because echo eats '\' as well
Signed-off-by: Andrey Borzenkov <arvidjaar@gmail.com>
systemd-vconsole-setup was not designed to be run from udevd.
It checks locale environment to decide, whether UNICODE should
be enabled or disabled. Normally environment is setup by
systemd; but the only environment available in udev rules is
those from device properties. It means systemd-vconsole-setup
always assumes default C locale and disables UNICODE.
Revert to using built-in console_init which explicitly
imports locale settings from /etc/vconsole.conf. Alternative
is to revert 6545b9d7 and call console_init directly :)
Additionally patch fixes console_init to use new namespace as
well as ensures that default font is always installed.
Signed-off-by: Andrey Borzenkov <arvidjaar@gmail.com>
On the OLPC XO-1, there is a noticable delay during boot while the
initramfs is loaded from disk and uncompressed, so we have an interest
in making it small. We are also pushed for disk space.
Using busybox instead of all the regular tools saves a lot of space.
I have not tried every module but the basics are working with busybox's
replacements. Our initramfs is now down to 1.9mb.
Format:
bond=<bondname>[:<bondslaves>:[:<options>]]
bondslaves is a comma-separated list of physical (ethernet) interfaces.
options is a comma-separated list on bonding options (modinfo bonding for
details) in format compatible with initscripts.
If options include multi-valued arp_ip_target option, then its values
should be separated by semicolon.
bond without parameters assumes bond=bond0:eth0,eth1:balance-rr
Install /lib/modules/$kv/modules.builtin.bin to suppress modprobe error
messages saying module was not found, while it's built-in.
Credits go to Kay Sievers who enlighten us about meaning of this cool
file.
Let take a look at Linux sources, /usr/src/linux-2.6.35/init/main.c:
204: char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, };
857: run_init_process("/sbin/init");
817: static void run_init_process(char *init_filename)
818: {
819: argv_init[0] = init_filename;
820: kernel_execve(init_filename, argv_init, envp_init);
821: }
As we can see HOME=/ and TERM=linux are provided for init and this might be
expected on some systems (Gentoo comes to my mind, here ;-)). That's why we
should give to init the same set of env. vars as Linux kernel does.
A new dracut module to implement fstab.sys handling
This module implements fstab.sys handling. This has to happen after the root
mount and before the nfsroot-cleanup pre-pivot at least. I've made to happen at
the beginning of the pre-pivot scripts, although it should maybe be at the end
of the mount scripts. This latter would be harder to do because the actual
mount is currently done by 99mount-root.sh and there is no 2 digit integer
higher than 99 :-(
There are perhaps other ways of achieving this end, such as having the
nfsroot-cleanup trawl through the newroot's /etc/fstab and auto-magically
figure out if there are any mounts which are pre-requisites for the
/var/lib/nfs/rpc_pipefs mount and do them first. Likewise post pivot,
/etc/rc.sysinit could figure out of there are any pre-requisite mounts for
/var/lib/stateless/{writeable,state} before doing those mounts. In short, make
it the responsibility of anything doing a mount to check if there are any
pre-requisites in /etc/fstab and mount them first. However, this spreads the
changes needed over more places, so I favour the fstab.sys approach. Also, who
knows what other uses administartors may have put fstab.sys to? and this undoes
a regression caused by the move from mkinitrd to dracut.
I'm looking for a way to have a system with disposable storage that can be
rebooted and all filesystem changes are thrown away. After reboot, the system
starts with a fresh root volume again. The use case is for automated testing.
We run test scripts that could potentially not clean up after themselves.
This is almost like stateless, but the storage is local to the system (not
iSCSI, NFS or NBB).
1. Install Fedora 13 using default partition layout
NOTE: modify the layout to leave extra room in the LVM volume group
2. Apply attached patch
3. Update grub.conf to enable dracut LVM snapshot support. Add the following
boot arguments
rd_LVM_SNAPSHOT=vg_test1055/lv_snap (note the VG name will depend on your
system).
rd_LVM_SNAPSIZE= (optional, defaults to size of volume specified with by
rd_LVM_SNAPSHOT)
4. Adjust grub.conf and fstab to use LVM snapshot
$ sed -i -e 's|lv_root|lv_snap|' /boot/grub/grub.conf
$ sed -i -e 's|lv_root|lv_snap|' /etc/fstab
5. Reboot system
Expected results (no value provided for rd_LVM_SNAPSIZE):
dracut: Starting plymouth daemon
dracut: rd_NO_DM: removing DM RAID activation
dracut: rd_NO_MD: removing MD RAID activation
dracut: Removing existing LVM snapshot vg_test1055/lv_snap
dracut: Logical volume "lv_snap" successfully removed
dracut: No LVM snapshot size provided, using size of vg_test1055/lv_root (
9024.00m)
dracut: Creating LVM snapshot vg_test1055/lv_snap ( 9024.00m)
dracut: Logical volume "lv_snap" created
dracut: Scanning devices sda2 for LVM logical volumes vg_test1055/lv_root
vg_test1055/lv_swap
dracut: inactive Original '/dev/vg_test1055/lv_root' [8.81 GiB] inherit
dracut: inactive '/dev/vg_test1055/lv_swap' [1.00 GiB] inherit
dracut: inactive Snapshot '/dev/vg_test1055/lv_snap' [8.81 GiB] inherit
dracut: Mounted root filesystem /dev/mapper/vg_test1055-lv_snap
dracut: Loading SELinux policy
dracut: Switching root
Expected results (rd_LVM_SNAPSIZE=100m):
dracut: Starting plymouth daemon
dracut: rd_NO_DM: removing DM RAID activation
dracut: rd_NO_MD: removing MD RAID activation
dracut: Removing existing LVM snapshot vg_test1055/lv_snap
dracut: Logical volume "lv_snap" successfully removed
dracut: Creating LVM snapshot vg_test1055/lv_snap (100m )
dracut: Rounding up size to full physical extent 128.00 MiB
dracut: Logical volume "lv_snap" created
dracut: Scanning devices sda2 for LVM logical volumes vg_test1055/lv_root
vg_test1055/lv_swap
dracut: inactive Original '/dev/vg_test1055/lv_root' [8.81 GiB] inherit
dracut: inactive '/dev/vg_test1055/lv_swap' [1.00 GiB] inherit
dracut: inactive Snapshot '/dev/vg_test1055/lv_snap' [128.00 MiB] inherit
dracut: Mounted root filesystem /dev/mapper/vg_test1055-lv_snap
dracut: Loading SELinux policy
dracut: Switching root
set $RDTIMESTAMP for init, if rd.timestamp is specified on the
kernel command line, so that systemd can print out:
"systemd: Boot finished after 15s = 3s (kernel) + 2s (initrd) + 10s
(userspace)"
- create /lib/bootchart in initramfs, not in live filesystem
- use proper dracut API to install files
Signed-off-by: Andrey Borzenkov <arvidjaar@mail.ru>
First, it's duplicate code.
Second, it did not allow those who had plymouth installed to use other
methods, like the new usb key file. When building the initram,
it would install the plymouth cryptroot-ask script, and not
the crypt module one.
Added these new items to crypt module's cryptroot-ask.sh:
- 'unset' for used variables
- udevsettle
The non-plymouth cryptsetup prompt was using $1 instead of $device.
Changed prompt number from 1 to 5, as this is much nicer.
I believe plymouth already does infinite prompts.
Also added unset for usb key. Just saw it didn't unset its vars.
Kernel 2.6.35 (may be, earlier) split ahci into libahci.ko and ahci.ko
and added ahci_platform.ko. As a result, drivers ahci and ahci_platform
do not contain any symbol that are checked for storage modules (it is
libahci.ko that references ata_scsi_ioctl now). So add additional
symbol ahci_init_controller; it seems this is expected to be called by
every driver based on libahci.ko.
Signed-off-by: Andrey Borzenkov <arvidjaar@mail.ru>
Instead of adding modprobe and rmmod, create symlinks to /bin/true to
don't produce unnecessary errors. Anyway it's a workaround for
following desired behaviour: modprobe tries to insert module only if
it's not built into kernel
Harald Hoyer