The recently upstreamed virtualbox video driver (vboxvideo) is shipped
in the staging directory. We need to probe it before Xorg is loaded to
avoid a corrupted X.
In general it is a good practice to look also in the staging directory
for DRM drivers.
Signed-off-by: Carlo Caione <carlo@endlessm.com>
This was removed from systemd almost two years ago in
c550f7a9b89d017215af084288bc44f736f774fe, so dracut should drop support
as well.
Reference: bsc#1067279
Although no device uses multipath, the module checks
for presence of the multipath binary first, printing a
warning if not present. This patch fixes the wrong ordering.
Fix issue #279 supercede PR #299
Fix bug https://issues.openmandriva.org/show_bug.cgi?id=2219
Replace Bashisms in the boot message for a missing overlay.
Verify presence of plymouth before calling it.
(Rework of commit f1b65e92af5e3f9df79f99e55d5aa936c9bca940.)
Previously, dracut would only copy the first one found. However,
with legacy maps for some locales around, there is a chance we
pick the wrong one. Pick all matching keymaps instead
Reference: boo#1065058
If no iscsi session information can be retrieved from the firmware
then skip the iscsi attachment and allow the boot process to continue.
Ensure the timeout scripts don't hit their timeout waiting for
/tmp/iscsistarted-firmware to be created.
This will allow a common image to be used for servers with both a
local and iscsi root with rd.iscsi.firmware set.
Some of the more complex devices now need rpmsg and hwspinlock in the early boot
process to start, and these to the initrd, and pull in usb/misc because
apparently non standard usb hubs are a thing.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Type=oneshot, as currently set in dracut's emergency service file,
causes an awkward situation if emergency mode is entered e.g. because
of a root device timeout, and the root device appears later because it
just has taken longer than the timeout. In that situation, my
expectation (backed by past positive experience) is that the user should
be able to simply exit the emergency shell and resume normal boot.
:/# systemctl status sysroot.mount
● sysroot.mount - /sysroot
Loaded: loaded (/proc/cmdline; bad; vendor preset: enabled)
Active: active (mounted) since Mon 2017-10-09 14:32:15 CEST; 16s ago
Where: /sysroot
What: /dev/mapper/3600601600a30200024fbbaf3f500e411-part5
Docs: man:fstab(5)
man:systemd-fstab-generator(8)
Process: 1873 ExecMount=/usr/bin/mount /dev/disk/by-uuid/63751805-6abc-46a3-a66f-427920dece4d /sysroot -o ro (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 512)
:/# systemctl list-jobs
JOB UNIT TYPE STATE
56 emergency.target start waiting
57 emergency.service start running
2 jobs listed.
:/# exit
logout
Failed to start default.target: Transaction is destructive.
(system keeps idling from this point on, user has no chance to
do anything).
This results from the combination of two effects:
1) initrd-root-fs.target sets "OnFailureJobMode=replace-irreversibly",
2) emergency.service's Type=oneshot causes the start jobs for both
emergency.service and emergency.target to persist while the user is in
the emergency shell.
When the shell is exited, systemd tries to isolate "initrd.target"
again, but this fails with "the transaction is destructive" error
because of the still pending jobs.
This patch fixes this by changing the Type of "emergency.service" from
"oneshot" to "idle".
JobRunningTimeoutSec now affects how long can start jobs for device
units stay in the "running" state. Disabling default job timeout via
JobTimeoutSec=0 doesn't disable running state timeout. We need to set
running state timeout as well.
Note that doing this the other way around has effect on generic timeout,
i.e. disabling running state timeout disables generic timeout. But doing
it this way we would create implicit dependency on fairly new
systemd-234. However, by setting both options we don't create dependency
on specific systemd version.
A LUKS root volume with a detached header on a device without partitioning will not have a UUID and will not have an attribute ENV{ID_FS_TYPE}=="crypto_LUKS".
Therefore, several areas need to be addressed: identification of the LUKS device, inclusion of entries within crypttab, and provision of the detached header file.
- Added support for an option (4th column: "force") in /etc/crypttab to force the inclusion of the entry in the initramfs version (avoiding the fs type test).
- Added support for an option (4th column: "header=/path/to/file") in /etc/crypttab to provide a path to a detached header file embedded within the initramfs.
- Added ID and PARTUUID support to the device (2nd column) in /etc/crypttab (complementing the existing UUID functionality).
- Added cmdline support to indicate LUKS device ("rd.luks.serial=") that refers to the attribute ENV{ID_SERIAL_SHORT}.
Tested successfully on Void Linux (x86_64 musl) (no systemd) with a LUKS root volume accessed with a keyfile and using a detached header.
Not tested on systemd, or on a LUKS root volume with a passphrase rather than a keyfile.
Some Combined Network Adapters(CNAs) implement DCB protocol
in firmware, it is recommended that do not run software-based
DCB or LLDP on CNAs that implement DCB, but we have to start
the lldpad service anyway(there might be other software DCB).
If the network interface provides hardware DCB/DCBX capabilities,
the field DCB_REQUIRED in "/etc/fcoe/cfg-xxx" is expected to
be set to "no".
We met an issue on "QLogic BCM57810" with DCB firmware support,
and found dracut still generated "fcoe=<mac>:dcb" which caused
kdump boot failure when using that fcoe dump target.
This patch parses /etc/fcoe/cfg-xxx to detect DCB_REQUIRED="no",
and force "nodcb" if it is the case.
Also improved some coding style in passing.
Signed-off-by: Xunlei Pang <xlpang@redhat.com>
Prior to this commit, the MTU setting was applied to a bond slave
interface. In older versions of the Linux kernel, this setting
propagated to the bond master and the other bond slaves associated with
the master. In recent versions of the kernel (observed in Linux 4.12),
increasing the MTU of a slave does not automatically increase the MTU of
the master. This allows for more flexibility but requires the MTU of
the master to be changed manually.
Ideally, the MTU setting should be applied to the bond master and the
setting will propagate to the bond slaves, since the slaves are required
to have a MTU that is greater than or equal to the bond master.
systemd sets /proc/sys/kernel/core_pattern to use systemd-coredump.
However, systemd-coredump is missing from initrd, making dumping
the core in initrd impossible by default.
Reference: bsc#1054809
In case of "--no-hostonly-default-device", we do not need
the root device, thus add this check.
Also fixed the stale "root_dev" export.
Signed-off-by: Xunlei Pang <xlpang@redhat.com>
SSH uses passwd database and thus need various NSS plugin libraries,
depending upon setting in nsswitch.conf.
SSH binary fails within the dracut environment without the libraries:
#:/ ssh
No user exist for uid 0
The dracut network module is only supposed to be used for wired interfaces
but if driver modules for wireless devices are wrongly copied, these will
be loaded and the available interfaces brought up.
If the rd.neednet=1 command line parameter is used, dhclient will attempt
to request an IP address for the interfaces and these requests will fail.
But other dracut modules that depend on the network to be settled, will
have to wait for the DHCP requests to timeout. Which can be a lot of time
since the dhclient default timeout value is 60 seconds.
Instead of trying to blacklist all possible kernel modules for wireless
devices, only bring up network interfaces if these are for wired devices.
Suggested-by: Harald Hoyer <harald@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
We tell dhclient to name 121 option "classless-routes",
but in dhclient-script we parse classless_static_routes.
So either have to change the configuration or the script.
And since dhclient uses by default classless_static_routes,
let's change the configuration
hardcoding the wwid of the drives in the initramfs causes problems
when the drives are cloned to a system with the same hardware, but
different disk wwid's
https://bugzilla.redhat.com/show_bug.cgi?id=1457311
Support booting from USB media with NTFS filesystem (optionally),
which removes the FAT32 related 4 GB file size limit for LiveOS/
squashfs.img (and any other file on the same USB media).
On s390 BOOT_IMAGE only denotes the number of the boot record that
was selected in the bootloader and not the path to the kernel image.
Also only bail out, if the kernel hmac checking relies on that path.
blkid is not available when this function is called, so block_uuid.map is put into
the initrd, mapping block devices from /etc/crypttab to UUIDs.
This fixes a bug where udev rules were created by mistake as crypttab_contains()
returned false for devices specified by path in /etc/crypttab which resulted in
error messages during boot.
Signed-off-by: Julian Wolf <juwolf@suse.de>
Previously our dhclient-script expected that $new_classless_static_routes
will have all values separated by a whitespace. But at least on F25
dhclient will put there the destination descriptor in the same format
as it is used by ISC dhcp-server.
For example:
new_classless_static_routes=32.10.198.122.47 192.168.78.4
while our current code expects
new_classless_static_routes=32 10 198 122 47 192 168 78 4
So let's just accept both of these formats by adding "." to IFS.
For details plesse see https://tools.ietf.org/html/rfc3442
"Classless Route Option Format"
When NPIV is enabled and the allow_lun_scan parameter is set to 'Y'
the HBA will initiate a LUN scan automatically, so there is no need
to specify the WWPN and LUN number manually.
References: bsc#964456
Signed-off-by: Hannes Reinecke <hare@suse.com>
module_setup.sh has a typo preventing it from saving the correct
dracut commandline.
References: bnc#887582
Signed-off-by: Hannes Reinecke <hare@suse.de>
For creating dynamic udev rules parse-dasd.sh look for the device
type in sysfs, which of course does not exist if cio_ignore is
active. So first enable the device before checking.
Signed-off-by: Hannes Reinecke <hare@suse.de>
'for_each_host_dev_and_slaves' would stop at the first found
device, so the cmdline() call would never list all required
devices. Use 'for_each_host_dev_and_slaves_all' instead and
filter out duplicates.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Setting and unsetting the IFS variable is tricky. To be on the
safe side we should always reset the IFS variable to its original
value after parsing.
Signed-off-by: Hannes Reinecke <hare@suse.de>
For creating dynamic udev rules parse-dasd.sh look for the device
type in sysfs, which of course does not exist if cio_ignore is
active. So first enable the device before checking.
Signed-off-by: Hannes Reinecke <hare@suse.de>
'for_each_host_dev_and_slaves' would stop at the first found
device, so the cmdline() call would never list all required
devices. Use 'for_each_host_dev_and_slaves_all' instead and
filter out duplicates.
Signed-off-by: Hannes Reinecke <hare@suse.de>
When a DASD is found to be required for the rootfs we should
be printing out a 'rd.dasd' commandline parameter. This not
only enables us to correctly enable the device with cio_ignore,
we can also inspect the resulting initrd to figure out which
devices are required to mount the rootfs.
Signed-off-by: Hannes Reinecke <hare@suse.de>
There were some errors when rd.dasd parsing, resulting in the
device never to be activated. And we should check for
cio_ignore even if a udev rules has been found.
Signed-off-by: Hannes Reinecke <hare@suse.de>
When converting 'rd.zfcp' and 'rd.dasd' into udev rules we
need to make sure the enable those device ids via cio_ignore,
otherwise the rules might never be called.
Signed-off-by: Hannes Reinecke <hare@suse.de>
With the new s390x configuration tool the naming of the udev
rules files have changed. So add these to the existing ones
to be compatible with existing and new installations.
References: bnc#856585
Signed-off-by: Hannes Reinecke <hare@suse.de>
When converting 'rd.zfcp' and 'rd.dasd' into udev rules we
need to make sure the enable those device ids via cio_ignore,
otherwise the rules might never be called.
Signed-off-by: Hannes Reinecke <hare@suse.de>
This used to work only when specified via the command line
or if systemd was not being used. However, the exisistence of
20_force_driver.conf also requires dracut-pre-udev.service
to be run.
Reference: bsc#986216
removed copy&paste artifact "modify_routes add"
there is no modify_routes() function, and we simply want the output
of the parse function.
(cherry picked from commit 33710dfbfc)
If a hisi_sas storage device is used as / during system install, the
resulting installation will not boot because the hisi_sas driver is not
included in the initramfs.
The Hisilicon storage driver needs to be added to the initramfs image for
aarch64 kernels.
Signed-off-by: Prarit Bhargava <prarit@redhat.com>
Cc: dzickus@redhat.com
Cc: dmarlin@redhat.com
Cc: wefu@redhat.com
Cc: harald@redhat.com
This patch uses wait_for_dev "/dev/disk/by-id/md-uuid-${uuid}" for the
specified uuids.
On timeout only md devices are force started which are specified by
uuid, or all, if rd.auto was specified.
Fixes https://github.com/dracutdevs/dracut/issues/227
At least on x86 on Bay and Cherry Trail devices the pmw-lpss modules must
be in the initrd too, otherwise the i915 driver will still load, but
it will report the following error:
[drm:pwm_setup_backlight [i915]] *ERROR* Failed to own the pwm chip
And not register /sys/class/backlight/intel_backlight and users will
not be able to control their backlight.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
curl in Fedora recently changed its default CA trust store. The
Fedora package no longer specifies an OpenSSL-format bundle file
during build, and curl itself has been patched to use an NSS
plugin called libnssckbi.so when no bundle file or directory is
specified. There are (at present) two possible providers of the
libnssckbi.so module: the original NSS implementation, which
uses a trust bundle built in at build time, and a compatible
implementation from the p11-kit project, which reads a trust
bundle at run time. So if we find a string in libcurl.so that
suggests libnssckbi might be in use, we must both install it and
make an effort to install any trust bundle files it may use.
The p11-kit libnssckbi implementation does include a string that
lists the top-level trust directories it will use, so we try to
find that string, though the best effort I can come up with will
also find many false positives too. To weed out the false
positives, we check whether the matches actually exist as dirs,
and if so, whether they contain some specific subdirectories we
know p11-kit trust dirs must have (thanks, @kaie). For the NSS
libnssckbi implementation, we will likely wind up not finding any
dirs that match the requirements, so we will simply install the
libnssckbi.so file itself, which is the correct action.
This fixes TLS transactions in the initramfs environment when
using a curl that's built this new way; it's significant for
use of kickstarts and update images with the Fedora / RHEL
installer, as these are retrieved in the initramfs environment,
and are frequently retrieved via HTTPS.
The --ignoreactivationskip/-K switch was added to LVM2 in 2.02.99
(July 2013) and is used to control the activation of volumes with
the activation skip flag set: without -K these volumes will be
ignored when 'lvchange -ay $LV' is issued.
This prevents an LVM2 thin-privisioned snapshot from being used
as the root device when booting with rd.lvm.lv=vg/lv since the
activation skip flag is set for these snapshots by default (the
legacy non-thinp snapshots do not set this flag and can already
be activated and used as a root device by specifying appropriate
values for rd.lvm.lv).
This is only used in the rd.lvm.lv case since in that situation
we are activating one or more named LVs specified by the user:
the flag is not given when calling 'vgchange' since this may
cause many unwanted volumes to be activated during early user
space. Users wishing to use a specific snapshot volume should
specify it with 'rd.lvm.lv'.
The newer mount utilities are more strict about directly shared
devices. For OverlayFS boots, which mount $BASE_LOOPDEV directly,
avoid a mount error by indirectly sharing the read-only base
filesystem through a second, over-attached $BASE_LOOPDEV for
the DM live-base target.
Install ifcfg-* files with team configuration in the initramfs.
Improve the slave configuration of the team interface, by looking up
ifcfg files in the initramfs.
Create a default loadbalance team config, if none present in the
initramfs.
forward port of
4c88c2859e
This adds the same list of drivers we use for arm platforms for
aarch64 too, also add the DMA drivers there too as they can add
sigficant performance for some storage/usb and often need to be
present when the storage drivers load.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Provide a more prominent alert to the user if an overlay is
missing or the overlay module is not available and a temporary
overlay will be provided. This, to avoid losing data intended to
persist.
Integrate the option to use an OverlayFS as the root filesystem
into the 90dmsquash-live module for testing purposes.
The rd.live.overlay.overlayfs option allows one to request an
OverlayFS overlay. If a persistent overlay is detected at the
standard LiveOS path, the overlay & type detected will be used.
Tested primarily with transient, in-RAM overlay boots on vfat-
formatted Live USB devices, with persistent overlay directories
on ext4-formatted Live USB devices, and with embedded, persistent
overlay directories on vfat-formatted devices. (Persistent overlay
directories on a vfat-formatted device must be in an embedded
filesystem that supports the creation of trusted.* extended
attributes, and must provide valid d_type in readdir responses.)
The rd.live.overlay.readonly option, which allows a persistent
overlayfs to be mounted read only through a higher level transient
overlay directory, has been implemented through the multiple lower
layers feature of OverlayFS.
The default transient DM overlay size has been adjusted up to 32 GiB.
This change supports comparison of transient Device-mapper vs.
transient OverlayFS overlay performance. A transient DM overlay
is a sparse file in memory, so this setting does not consume more
RAM for legacy applications. It does permit a user to use all of
the available root filesystem storage, and fails gently when it is
consumed, as the available free root filesystem storage on a typical
LiveOS build is only a few GiB. Thus, when booted on other-
than-small RAM systems, the transient DM overlay should not overflow.
OverlayFS offers the potential to use all of the available free RAM
or all of the available free disc storage (on non-vfat-devices)
in its overlay, even beyond the root filesystem available space,
because the OverlayFS root filesystem is a union of directories on
two different partitions.
This patch also cleans up some message spew at shutdown, shortens
the execution path in a couple of places, and uses persistent
DM targets where required.
Documentation is updated for these changes.
Commit cf376023e6 moved writing .resolv.conf and .override
after dhcp_do, because dhcp_do was overwriting .resolv.conf. But .override does not have
such problem and on the contrary dhcp_do reads .override file if it is present. So let\'s
move it back.
https://bugzilla.redhat.com/show_bug.cgi?id=1415004
There's a number of usb controllers that are common yet aren't
contained in the host directory. Include these for generic host.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
The phy and power modules are needed by some of the recent ARM
devices that have appeared like CHIP and some exynos devices.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Bug related to this issue: https://bugzilla.redhat.com/show_bug.cgi?id=1360131
Now dracut only attempts to copy GlobalKnownHostsFile while generating kdump's
initramfs. This method will cause kdump's failure if users set customized
UserKnownHostsFile in /etc/ssh/ssh_config. This patch simply attempts to copy
those files too while going through /etc/ssh/ssh_config. Note that we need to
make sure ~/foo will be copied as /root/foo in kdump's initramfs.
Extend "rd.memdebug" to "4", and "make_trace_mem" to "4+:komem".
Add new "cleanup_trace_mem" to cleanup the trace if active.
Signed-off-by: Xunlei Pang <xlpang@redhat.com>
The current method for memory debug is to use "rd.memdebug=[0-3]",
it is not enough for debugging kernel modules. For example, when we
want to find out which kernel module consumes a large amount of memory,
"rd.memdebug=[0-3]" won't help too much.
A better way is needed to achieve this requirement, this is useful for
kdump OOM debugging.
The principle of this patch is to use kernel trace to track slab and
buddy allocation calls during kernel module loading(module_init), thus
we can analyze all the trace data and get the total memory consumption.
As for large slab allocation, it will probably fall into buddy allocation,
thus tracing "mm_page_alloc" alone should be enough for the purpose(this
saves quite some trace buffer memory, also large free is quite unlikey
during module loading, we neglect those memory free events).
The trace events include memory calls under "tracing/events/":
kmem/mm_page_alloc
We also inpect the following events to detect the module loading:
module/module_load
module/module_put
Since we use filters to trace events, the final trace data size won't
be too big. Users can adjust the trace buffer size via "trace_buf_size"
kernel boot command line as needed.
We can get the module name and task pid from "module_load" event which
also mark the beginning of the loading, and module_put called by the
same task pid implies the end of the loading. So the memory events
recorded in between by the same task pid are consumed by this module
during loading(i.e. modprobe or module_init()).
With these information, we can record the rough total memory(the larger,
the more precise the result will be) consumption involved by each kernel
module loading.
Thus we introduce this shell script to find out which kernel module
consumes a large amount of memory during loading. Use "rd.memdebug=4"
as the tigger.
After applying this patch and specifying "rd.memdebug=4", during booting
it will print out something extra like below:
0 pages consumed by "pata_acpi"
0 pages consumed by "ata_generic"
1 pages consumed by "drm"
0 pages consumed by "ttm"
0 pages consumed by "drm_kms_helper"
835 pages consumed by "qxl"
0 pages consumed by "mii"
6 pages consumed by "8139cp"
0 pages consumed by "virtio"
0 pages consumed by "virtio_ring"
9 pages consumed by "virtio_pci"
1 pages consumed by "8139too"
0 pages consumed by "serio_raw"
0 pages consumed by "crc32c_intel"
199 pages consumed by "virtio_console"
0 pages consumed by "libcrc32c"
9 pages consumed by "xfs"
From the print, we see clearly that "qxl" consumed the most memory.
This file will be installed as a separate executable named "tracekomem"
in the following patch.
Signed-off-by: Xunlei Pang <xlpang@redhat.com>
Some crashkernel targets still use legacy NTLM auth, which
require those (bsc#869496). This patch enumerates all dependent
hash algorithems, because even though most of them are probably
compiled in, older ones (e.g. md4 and arc4) usually aren't.
Contrary to previous intel pinctrl drivers, the cherryview driver can be
and usually is built as a module. However, it sets up the SDIO pinout
so sdhci can make use of the SD card reader, which may subsequently
hold a root file system on a card (bsc#998440).
IMA validates file signatures based on the security.ima xattr. As of
Linux-4.7, instead of cat'ing the IMA policy into the securityfs policy,
the IMA policy pathname can be written, allowing the IMA policy file
signature to be validated.
This patch first attempts to write the pathname, but on failure falls
back to cat'ing the IMA policy contents .
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
bnx2x can take no longer than 3 seconds to initialize the link in some setups
which can cause fipvlan to fail and thus the fcoe interface(s) won't be
created.
Add another 10 seconds to give the link enough time to initialize.
Signed-off-by: Chad Dupuis <chad.dupuis@cavium.com>
This is a further improvement on PR #105 which re-adds support for nfs:// urls to root=live:nfs://... Symptoms prior to applying this patch are that sysroot.mount times out when following the nfs:// syntax for the path to the live image. An additional case is added to livenet-generator to support the nfs protocol.
ip=2620:0052:0000:2220:0226:b9ff:fe81:cde4::[2620:0052:0000:2220:0000:0000:0000:03fe]:64::ibft0:none
should be
ip=[2620:0052:0000:2220:0226:b9ff:fe81:cde4]::[2620:0052:0000:2220:0000:0000:0000:03fe]:64::ibft0:none
https://bugzilla.redhat.com/show_bug.cgi?id=1322592#c19
(cherry picked from commit b8e6c051c6)
use inst() instead of inst_simple()
/etc/pki/tls/certs/ca-bundle.crt is a symlink to
../../ca-trust/extracted/pem/tls-ca-bundle.pem
with inst() we install the original file also.
https://bugzilla.redhat.com/show_bug.cgi?id=1341280
(cherry picked from commit 1b23c6c65c)
Carlo Caione