This adds support for virtio-mem devices, which provide a dynamic
amount of memory in a VM. Right now, the driver gets loaded and any
memory gets added to the system when loading the kernel module from disk.
While not strictly required to boot, we want to be able to
1) add virito-mem provided memory to the system early while booting up
2) add virtio-mem provided memory even when booting without a disk
3) add virtio-mem devices without adding actual memory in kdump
environments such that we can query things like:
a) is a certain PFN currently plugged in the hypervisor and, therefore,
should actually be read when creating a system dump. (kexec-tools
prepares the vmcore header, like on x86-64)
b) which ranges of a virtio-mem device are currently plugged in the
hypervisor and, therefore, should be added to the dump. (vmcore header
gets prepared by the crashkernel, like on s390x)
Note that loading virtio-mem in kdump environments currently fails with
-EBUSY -- but there are plans to install proper hooks instead to support
especially a) in the near future.
1) and 2) are only really effective when memory hotplug is configured to
automatically online all added system RAM in the kernel (and not late,
via udev rules): e.g., via "mhp_default_state=online" on the kernel
cmdline or via CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE in the kernel.
Especially 2) and 3) require the module to be present inside the initial
ramdisk. The primary use case for including it in the initial ramdisk
is 3).
Signed-off-by: David Hildenbrand <david@redhat.com>
The kernel has an odd way to handle `"` surrounded parameters.
To handle the parameters as the kernel would do, no simple shell script
suffices, so a new utility `dracut-util` is introduced. Written in "C"
it handles `dracut-getarg` and `dracut-getargs` as the old shell script
functions `_dogetarg` and `_dogetargs` would.
Simplify the squash mount layout. Instead of overlay on each top
directory (/etc, /usr), just mount and switch_root into the squash
image, with a overlay on top of it.
Also install the binaries and setup scripts separately, so the squash
setup code and the squash image content is independent of each other,
all squash setup script and binaries can be deleted safely upon
switch_root.
With this change, previous squash clean up service and other tricky
implementations are all gone.
This commit depends on systemd commits from:
https://github.com/systemd/systemd/pull/18124
Previouly systemd doesn't recognize non-ramfs initramfs, now this is
doable with SYSTEMD_IN_INITRD=lenient
Signed-off-by: Kairui Song <kasong@redhat.com>
The squasn mount points are recorded in text file so later clean up
script can umount them, this is not needed, the mount points are fixed
so just detect the umount by hardcoded pattern.
Separately install the modules required for squash image setup.
These modules can be deleted after squash image setup to save
memory.
Signed-off-by: Kairui Song <kasong@redhat.com>
on my system (ThinkPad X201s) I have several modalias entries that are
empty:
/sys/bus/platform/devices/dock.0/modalias
/sys/bus/platform/devices/dock.1/modalias
/sys/bus/platform/devices/dock.2/modalias
executing the drm module setup thus results in the following errors
dracut-install: No SOURCE argument given
when calling dracut_instmods and hostonly mode is enabled.
Skip those entries, as there are no modules to load in this case
anyways.
Note: it is not sufficient to use [['s -s test (file size is greater
than zero), as all those files are 4096B if you stat them.
In the current state, services that depend on network need to
use dracut hooks, since nothing with pull in the network
targets into the transaction.
In the future, it would be nice to provide developers on systemd-only
systems the possibility to not use dracut hooks at all, but simply put
normal systemd services into the initrd.
Also, some modules even right now depend on systemd ordering, like
cryptsetup, so let's make sure, that the ordering inside systemd work
properly as well.
Instead of running directly NM with --debug, create a drop-in in
nm-config.sh. This will make sure, that we can get the debug output
regardless the way how NM will be started.
The current name of this bool is kinda stupid. Based on the manpage
setting it to 0 turns off fcoe, which means that nofcoe=1 should mean
that it is on.
Let's just do the same thing as with rd.lvm=0, rd.luks=0,....
Invalid space broke the creation of the keyboard subdirectories,
leading to a symbolic link
usr/share/consolefonts,consoletrans,keymaps,unimaps ->
/usr/lib/kbd/consolefonts,consoletrans,keymaps,unimaps
in the created initramfs.
With this fix the correct symlinks are created again:
usr/share/consolefonts -> /usr/lib/kbd/consolefonts
usr/share/consoletrans -> /usr/lib/kbd/consoletrans
usr/share/keymaps -> /usr/lib/kbd/keymaps
usr/share/unimaps -> /usr/lib/kbd/unimaps
This rephrases a comment in the check() as requested on another PR
and generalizes the install() section comments on par with other recent
module changes.
Introducing systemd-ask-password module which is used to query a
system password or passphrase from the user.
This module can be used standalone ( systemd-ask-password )
( which is without plymouth & wall support )
With plymouth module ( systemd-ask-password + plymouth )
With wall module ( systemd-ask-password + wall ), which is currently
commented out since there is no forceable usecase for it or even exiting
wall module.
This is a standalone systemd module which means it depends on no other module than systemd.
systemd-run runs nbd-client in parallel. This introduces a possible
race condition when /dev/nbd0 is not directly used by /sysroot mount
but used by another dracut module as in:
netroot=nbd:ip:port:fstype root=live:/dev/nbd0
Before nbd0 usages are synchronized, it is better to keep it serial.
This reverts commit 9fd0461b7d.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Introducing systemd-sysctl module which is an early boot
service that configures sysctl.
The systemd-sysctl module has dependency's on systemd and
systemd-modules-load module.
Introducing systemd-modules-load which is an early boot service
that loads kernel modules from a static list, which is required for
kernel modules that do for example not support automatic module loading
( like key type parsers ).
When terminating a system, the shutdown module attempts to unmount all
file systems from under /oldroot. This reaps remaining file systems that
systemd cannot unmount and detaches /oldroot itself.
In case that running umount for some file system repeatedly fails, the
module reports this error and continues the processing in order to
shutdown the system. This handles a condition when the umount command
actually terminates but it can happen in some cases that it waits
indefinitely.
An example with NFS mounts:
# mount -t nfs 192.168.0.1:/srv/nfs/dir /mnt/nfs
# mkdir /mnt/nfs/dir2
# mount -t nfs 192.168.0.1:/srv/nfs/dir2 /mnt/nfs/dir2
# touch /mnt/nfs/dir2/file
# systemd-run -pKillMode=none -pSendSIGKILL=no tail -f /mnt/nfs/dir2/file
Running as unit: run-r367825c967ca4d88a793ae4793c02f8b.service
# systemctl poweroff
The invoked tail command escapes normal termination by systemd and
prevents stopping mnt-nfs.mount and mnt-nfs-dir2.mount as it makes the
mounts busy. Systemd then again attempts to unmount these file systems
in systemd-shutdown but this fails as well. The utility tries to unmount
/mnt/nfs/dir2 but the kernel waits indefinitely doing a path lookup for
/mnt/nfs because network is no longer available at that point. The
systemd-shutdown gives up after 90 seconds. Finally, the control is
transferred to dracut which tries to unmount the file systems in the
same way and ends up indefinitely waiting on umount to finish.
This situation causes that the system hangs during shutdown. The patch
improves the shutdown module to add a timeout of 90 seconds for the
umount operation and continue with the shutdown if it gets reached,
similarly to what systemd-shutdown does.
Reset controllers might be needed by some of the devices used in the
initrd. Particularly on the Raspberry Pi 4, 'xhci-pci' depends on a
platform specific reset controller.
Signed-off-by: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>
This command prints
RTNETLINK answers: Network is unreachable
to stderr if IP is not assigned yet, but that's the thing we are
checking for, so there's no point in showing the message.
If plymouth is used then its own installation script is preferred.
While plymouth's own variant of inst_binary resolves the library
dependencies properly, its inst_library shell function doesn't
actually install them in some cases properly.
Make sure to install both the required binaries and their
dependencies. In the worst case, it's a NOP.
Signed-off-by: Zoltán Böszörményi <zboszor@pr.hu>
With dracutsysrootdir set and foreign binaries in sysroot,
running NetworkManager --version is not possible and it may be
different than the one installed on the host.
NM_VERSION can be used to override it.
Signed-off-by: Zoltán Böszörményi <zboszor@pr.hu>
Allow overriding the systemctl command for sysroot with $SYSTEMCTL
Modified every modules' module-setup.sh to use the envvar instead
of the hardcoded command name.
Signed-off-by: Zoltán Böszörményi <zboszor@pr.hu>
This used to cause some echo write/invalid argument errors. Simplest fix is to use readlink with -f for absolute path and -n to remove trailing newline.
See previous discussion here:
https://github.com/void-linux/void-packages/issues/13024
External Memory Controller (EMC) drivers can be built as a module.
On Tegra, this allows tegra_drm to load faster and without deferred
probes, instead of waiting for the rootfs for the tegra*_emc dependencies.
Tested on jetson-tk1 and ac100.
Signed-off-by: Nicolas Chauvet <kwizart@gmail.com>
This modules introduces systemd-repart which can be used
to generate partition(s), via a simple systemd-repart
drop-in(s), which can be useful in wide varity of usecase.
feat(systemd-repart): adding module to spec file
feat(systemd-repart): removing unessary requirement on type unit
fix: spelling error
Introdusing dbus-daemon which is based on but superseeds
the previous 06dbus implementation with various enhancements and fixes.
fix: adding new modules to rpm spec file
fix: missed an echo
commit 5840c466d tried to make it create the right directory according
to the directory layout on current host, but added "$initdir" prefix
to the if statement by accident, so the installation code have no
effect now. Just fix it.
We can drastically improve boot times on some machines, or BM or VM
shapes, if we send DHCP requests in parallel on all interfaces
Add ip=single-dhcp as a kernel boot parameter, to send DHCP requests in
parallel on all interfaces. Thus, DHCP on each interface is overlapped
thereby reducing boot times for multiple interface machines.
This can help reduce the boot time by 1 minute per interface.
In addition, we may also save another 40 secs delay per interface, if
the link on which we try to send DHCP is in DOWN state. This can be
reduced by giving the following kernel command line parameter while
booting - rd.net.timeout.carrier=<timeout>.
Added manpage for ip=single-dhcp with the caveat that it does not
apply to Network Manager or SUSE wicked.
Signed-off-by: Anjali Kulkarni <anjali.k.kulkarni@oracle.com>
During raid assembly mdadm will call mdadm-grow-continue.service if
reshape is in progress.
If service doesn't exist then it is done via fork and systemd will kill
it unconditionally after processing all events.
Add proper service to allow systemd to manage reshape correctly.
Signed-off-by: Mariusz Tkaczyk <mariusz.tkaczyk@linux.intel.com>
A recent change in Linux kernel v5.10 split the MDIO drivers from the PHY
subdirectory into a new MDIO subdirectory [0]. This caused MDIO drivers
to not be included in the initramfs.
Also include the modules of this new subdirectory to prevent this issue.
[0]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a9770eac511
Suggested-by: Peter Robinson <pbrobinson@gmail.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Otherwise e.g. the xts(aes) implementation provided by the vmx_crypto
module (which does usually get included on ppc64le) fails to initialize
when xts is built as a module (CONFIG_CRYPTO_XTS=m), because it can't
instantiate the fallback generic xts(aes) implementation (needs the
generic xts module).
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
On EL8.3 the NetworkManager keep restarting even if it exits successfully while waiting for Clevis to unlock. This patch ensures NetworkManager runs only once in initrd.
The underlying issues this was trying to solve is to get a cheap
workaround for the fact that (open)SUSE with atomic support moved
/etc stock files to /usr/etc in order to improve compatibility. But
now that even nsswitch.conf moved, this is no longer enough. And it
might be more trouble to support once it's in an official release.
So let's rather drop it now.
This reverts commit e0524af2bf.
From shellcheck:
/usr/lib/dracut/modules.d/90multipath/multipathd.sh:3:32: warning[SC2039]: In POSIX sh, == in place of = is undefined.
/usr/lib/dracut/modules.d/90multipath/multipathd.sh:3:32: warning[SC2193]: The arguments to this comparison can never be equal.
When in hostonly mode, 95fcoe module will still be installed even there
is no FCoE hostonly device. So use the new block_is_fcoe helper to check
for hostonly device in hostonly mode, avoid installing unneccessary module.
Signed-off-by: Kairui Song <kasong@redhat.com>
If fcoe module is loaded, the initramfs will always try load libfcoe
and bnx2fc, so also ensure they are installed if needed.
Signed-off-by: Kairui Song <kasong@redhat.com>
Library file modules.d/99base/dracut-lib.sh contains initialization code
that makes sure certain directories and links are created when a system
runs from the produced initramfs. This file is normally sourced only
from initramfs scripts. However, modules.d/99base/module-setup.sh
includes it also when an initramfs image is being created to gain access
to some of the functions in this library. This can result in creating
unexpected directories and links on the current root file system when
the dracut command is executed.
For instance, during a system installation when dracut is invoked to
create an initial initramfs, the target sysroot might not contain
directory /run/initramfs but have /var/log. This situation results in
the code in modules.d/99base/dracut-lib.sh creating an unexpected link
/var/log/log that points to /run/initramfs/log. This link is then also
present on the installed system.
The patch fixes the problem by skipping the described logic in
modules.d/99base/dracut-lib.sh when the PREFIX variable is non-empty
which indicates that a target initramfs is being prepared. The variable
is set by modules.d/99base/module-setup.sh prior to including
dracut-lib.sh.
Sometimes, systems have more elaborate backends in nsswitch.conf,
the complexity of which we do not want in the initrd. SUSE systems
with atomic for instance, where those files may also reside in /usr/etc.
With this change, the unavaiable nsswitch.conf backends will be silently
ignored, and we still end up with all the information we need.
Reference: boo#1165366
dracutinstall picks up interpreters and includes bash despite
the users' wishes or expectations, as modules should not require
bashisms at runtime.
Fixes#951
This should've been part of #964. As mentioned there, the
`initrd-cryptsetup.target` approach was reverted in the end, and we went
back to relying in `remote-cryptsetup.target`:
https://github.com/systemd/systemd/pull/17467
So we do need to ship the enablement symlink for it.
For strict hostonly mode, only install currently loaded modules instead
of a bunch of driver that may not be needed.
Signed-off-by: Kairui Song <kasong@redhat.com>
Currently when network is enabled, dracut will install all network
drivers that are currently loaded, but some time only one NIC is needed
for the initramfs.
So for strict hostonly mode, add a --hostonly-nics option, user can
provide a list of NICs to be enabled, and only needed drivers for
specifed NICs will be installed so save space.
Signed-off-by: Kairui Song <kasong@redhat.com>
This was added in https://github.com/systemd/systemd/pull/17149 and is
the designated cryptsetup target for all encrypted volumes that need to
be opened in the initrd.
So it effectively replaces `cryptsetup.target` and
`remote-cryptsetup.target` there. I've removed the latter since it was
added recently (by me) in #930, but kept `cryptsetup.target` since we've
been shipping it for a long time now.
With commit 3c8c807, /run/initramfs/isoscan and /run/initramfs/live
mountpoints are unmounted upon rd.live.ram boots. Save a link to
the iso-scan device in /run/initramfs/isoscandev to easily remount
the source, if desired.
This is a plain and simple hack around dependency issues between dracut
and systemd.
When using Tang-pinned LUKS root devices, we want to rely on
`systemd-cryptsetup@.service` to unlock it. However, that service only
runs `After=remote-fs-pre.target`, while `dracut-initqueue.service` has
`Before=remote-fs-pre.target` (which makes sense because we don't want
to attempt networked root devices before networking is up).
However, the rootfs-generator here wants to make sure that the root
device exists *before* exiting the initqueue via an initqueue/finished
"devexists" hook. This will never work though because by design
`systemd-cryptsetup@.service`, which unlocks the root device, won't run
until after we exit.
So we have a dependency cycle:
initqueue -> devexists hook -> root device ->
systemd-cryptsetup@.service -> remote-fs-pre.target -> initqueue
There's no clean way to break this. The root issue is that there's no
way right now to split sequencing of systemd services across the
initqueue/online and initqueue/finished events because it's all bundled
in a single service. (The deeper root issue of course is that we have
two init systems. :) ).
Here we do a tactical fix: if there's a `systemd-cryptsetup@.service`
instance, let's assume it's for the root device and skip waiting for it
to show up if it depends on `remote-fs-pre.target`.
dracut feeds whatever it receives in password field of
crypttab(5) to `cryptsetup -d`, treating them as plain-text key file.
Meanwhile, dracut treats the key file from `rd.luks.key` differently,
by have some special rules to decrypt those key files that has extension of
`gpg` and `img`.
Let's begin to treat them the same.
This is a backward-incompatible change for those people
that uses plain-text key-file that has extension of `gpg` and `img`.
However, those setup is questionable to begin with.
In the case of the s805x the drivers/hwmon directory contains the
scpi_hwmon kernel module.
On a running system, lsmod would output the following dependencies:
arm_scpi 24576 2 clk_scpi,scpi_hwmon
It means that if the clock driver is bundled in the initramfs it will
bring arm_scpi. But if scpi_hwmon is missing the scpi will be incomplete
and it can lead to crashes.
When the hwmon is bundled, no crash occurs
Signed-off-by: Nicolas Chauvet <kwizart@gmail.com>
Some filesystem (e.g. ZFS, and btrfs subvolumes) don't use block
devices. Should they be mounted as `/`, `find_root_block_device`
yields nothing, hence dracut will append this problematic argument
to kernel cmdline:
root=/dev/block
On a machine that employ root ZFS on LUKS, which was setup with
an OpenPGP-encrypted key file, this argument renders that machine
unbootable. Remove that `root=/dev/block` manually could boot the
machine.
Let check if that device is a block device before write down `root`
argument. This is consistent with the check for block device in
`find_block_device`.
Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
D-Bus doesn't run in the initrd, so our usual trick of activating
custom systemd services from udev doesn't work.
So add a rule to create initqueue entries for each possible
connection.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Always add the nvmf.discover parameters to /etc/nvme/discovery
when parsing the dracut commandline, and rely on NVMe autodiscovery
when no parameters are given.
And modify the syntax to use a comma ',' as a separator for nvmf.discover
as the semicolon ':' is already used for the FC-NVMe transport address format.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Some modules are involved in the display output without to rely on
drm_crtc_init.
This is the case for the meson_dw_hdmi. This module need to be included
into the initramfs in both hostonly and generic modes.
Signed-off-by: Nicolas Chauvet <kwizart@gmail.com>
On arm, many drm drivers are located in the plaform bus.
Adding the platform bus will allow drm drivers to be included in the
initramfs when using hostonly mode.
Signed-off-by: Nicolas Chauvet <kwizart@gmail.com>
If i contains a space, there is a need to protect the variable usage in some cases.
This will occurs when a next patch will enable platform bus with such case:
'/sys/bus/platform/devices/Fixed MDIO bus.0'
Signed-off-by: Nicolas Chauvet <kwizart@gmail.com>
Some SoCs now have drivers that user devfreq in early init and fail
if the drivers are missing so make sure we have them in the initrd.
Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
Introduce prefix `keysource:` for the values of `rd.luks.partuuid`,
`rd.luks.serial` and `rd.luks.uuid`.
If specified, ask for passphrase instead of waiting for keydevs to come
online.
In some cases, user only want to include the watchdog module, not the
wdctl or any other userspace helper. For example, systemd have a
RebootWatchdogSec option that use watchdog to prevent reboot hangs. And
it can help prevent machines hangs when reboot directly within the
initramfs stage. So split the module installation to a standlone module.
Also when watchdog-module get included, install driver for all loaded
watchdog instaed of only install driver for active watchdog. Both
watchdog and watchdog-module return 255 in check(), so it's enabled only
when manually included, the watchdog may get configured/activated later.
Signed-off-by: Kairui Song <kasong@redhat.com>
systemd lets stdout go to journal only. Usually, this is desired
behavior to ensure that plymouth does not get disrupted.
However in the 01fips case, the system has to halt when the integrity
check fails to satisfy FIPS requirements. So the user will not be able
to inspect the journal.
As this is special to the fips module, we introduce a fips_info() which
works like info(), but deviates the output to stderr when running with
systemd.
Reference: bsc#1164076
Users might see
"modprobe: FATAL: Module xyz not found in directory"
The output from modprobe is semantically wrong in this case and
confuses users. Keep the warning for debugging purposes, but reduce
the severeness.
It now reads "Module xyz not found in directory"
Reference: bsc#1169997
osmin.img is no longer used by anaconda or generated by
livemedia-creator. livecd-creator will soon drop it as well.
Removing this code will allow OverlayFS boots to proceed when
osmin.img is present in the .iso image.
suppress redundant calls to network setup
combine code for "no ip option directed at our interface" and
"No ip lines default to dhcp"
correct evaluation of return code for creating did-setup files
fix application of "load_ipv6" call to ipv6 setup only
Reference: bsc#1173402
Currently when initqueue timeout, it span the console with
"dracut-initqueue timeout - starting timeout scripts", which isn't very
helpful as we still don't know what actually happened. Try to improve
this by print what is actually being waited.
Besides, only print "starting timeout scripts" when there are
actual timeout scripts to use.
Signed-off-by: Kairui Song <kasong@redhat.com>
if the kernel argument rootflags is set, then dracut will
not parse the rootfs fstab and rootfsck wil not be set.
if the filesystem can be fsck'ed then its unmounted,
and an entry to the local fstab is written, omitting the last
field.
mounting /sysroot using fstab will then fail.
This change makes sure that the filed is always written.
Signed-off-by: Norbert Lange <norbert.lange@andritz.com>
Currently systemd will always start the tracking service, it will
exit early if rd.memdebug<=3 so there is no issue here, but it
leave a message of: "Started Memstrack Anylazing Service.".
Better to avoid such message if it's not used.
Signed-off-by: Kairui Song <kasong@redhat.com>
The iSCSI configuration is started after dracut checks for resume,
so we run into a timeout here. Additionally it's questionable if
resume on iSCSI makes sense (or is even supported on the platform).
Same holds true for Network Block Devices and FcOE, cover those as well
References: bsc#999663
Original-patch-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Daniel Molkentin <daniel.molkentin@suse.com>
Add support to boot from an NVMe over TCP device.
Example of supported command line formats:
nvme.discover=tcp:192.168.1.3::4420
nvme.discover=tcp:192.168.1.3 # will use 4420 as default svcid
- Create is_nvmf() function to handle all fabrics types
- Fix parse_nvmf_discover() to correctly use the default values
- Auxiliary function to validate an IP connection
- Fix inverted result for getargbool when reading "rd.nonvmf" command line parameter
Requires rd.neednet=1
Requires adding/replacing STARTMODE in /etc/sysconfig/network/ifcfg-ethX to "nfsroot"
to avoid shutdown hanging in initiator
Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
ipv6 addresses need square brackets, otherwise the iscsi discovery and log-in,
which adds the iscsi port after another colon will get confused and fail.
After changing the kernel command line, the cmsifup script calls ifup
to activate the interface. However, ifup is only available in the
network-legacy module; when using the network-manager module, we
should regenerate connections according to the command line; then
later NM will be run and will activate the device.
Most rpc services are not needed for NFSv4, so skip these components
to save space. rpc.idmapd is still needed in case of
nfs4_disable_idmapping is set to 0.
Since commit ff70adf873ef ("initrd: save hostname to a file in /run"),
the initrd generator of NetworkManager parses the hostname from 'ip='
options of the kernel command line and writes it to
/run/NetworkManager/initrd/hostname.
When that file exists, set the kernel hostname.
In presence of multiple hostnames in the command line, the last one
wins. Hostnames from command line always have precedence over ones
received through DHCP. This is a bit different from the legacy network
module that gives higher precedence to the hostname (from DHCP or
command line) of the last interface that is brought up, which depends
on the udev order.
In commit 49c4172 all shell based memory tracing functions are removed,
there are some left over. Remove them as well.
Signed-off-by: Kairui Song <kasong@redhat.com>
With memstrack module, rd.break may not work because the hook scripts
are sourced, not executed, so the exit call will make pre-pivot queue
exit early. See 98dracut-systemd/dracut-pre-pivot.sh, everything after
"source_hook cleanup" will be ignored.
Replace with return instead.
Credits go to Lukas Nykryn <lnykryn@redhat.com> who helped discover and
debug this issue.
Signed-off-by: Kairui Song <kasong@redhat.com>
The first line in crypttab with a "force" option causes all subsequent
lines to be included as if they also had it set because the variable
used to track it is not reset between loop iterations. So fix that by
just setting it to empty before the check for the force option.
If a crypto kernel module changes from compiled in to module, the
encrypted disk might fail to open, because the kernel module was
not included in the initramfs.
This patch tries heuristically to catch such modules.
Fixes https://github.com/dracutdevs/dracut/issues/706
This feature could be off loaded to memstrack, which have better
accurecy, better performance, and have more detailed tracing features.
Also simplify make_trace_mem a bit.
And currently rd.memdebug=4 is unstable, fails from time to time.
Install libnss_dns.so and libnss_mdns4_minimal.so plugins for the Name
Service Switch (NSS) functionality of glibc so that name resolution
through /etc/resolv.conf and mDNS works in the initrd.
Fixes: #772
/etc/vconsole.conf must be installed always, even in generic initrds, not only host-only ones.
systemd-vconsole-setup is run at initrd stage and expects either /etc/vconsole.conf or kernel cmdline options to exist.
I have also proposed a change in systemd-vconsole-setup that makes it behave better if /etc/vconsole.conf does not exist:
https://github.com/systemd/systemd/pull/15479
But it is just a fallback. If /etc/vconsole.conf does not exist in initrd and if that patch is applied on systemd,
then the default consoel font is set despite the one being set in /etc/vconsole.conf and this setting is inherited
when new TTYs are opened. This leads to full ignorance of settings in /etc/vconsole.conf.
It is incorrect, and that is why this file must be copied to initrds always, but not only on host-only initrds.
Fixes: https://github.com/dracutdevs/dracut/issues/796
Signed-off-by: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
According to POSIX.1-2017, 2.6.2 Parameter Expansion:
${parameter%[word]} [...] The word shall be expanded to produce a
pattern.
This means if word contains variables that itself contain special
characters like asterisks or backslashes, these are treated as pattern
characters unless the variable is quoted. Try e.g. the following example
in bash, dash or (busybox) ash:
i='a\c'; j='\'; echo "${i%$j*}"
This prints "a\c" because "$j*" is expanded to "\*", escaping the
asterisk. In contrast,
i='a\c'; j='\'; echo "${i%"$j"*}"
produces the expected result "a" because the backslash is not specially
treated any more after quoting.
The quotes that this commit adds have been previously removed in commit
f9c96cf56f, citing issues with busybox
hush without further specifying the actual error. I tested a recent
busybox build (upstream commit 9aa751b08ab03d6396f86c3df77937a19687981b)
and couldn't find any problems. Note that the above example always
produces "a\c" in hush regardless of quoting $j, making hush unsuitable
for use with dracut, but using quotes in parameter expansions generally
works.
The unquoted variables break the "rd.luks.uuid/name" kernel command line
options in dracut 050 because
str_replace "$luksname" '\' '\\'
in modules.d/90crypt/parse-crypt.sh is not able to escape the
backslashes any more, see GH-723, GH-727: backslashes in the
systemd-cryptsetup@.service unit name stay unescaped for use in udev
(cf. commit 0f6d93eb9d), leading to
failures in starting the unit.
This partially reverts commit f9c96cf56f.
qeth device may have a different IP for each boot, so the rd.ifname=
option will no longer work. So for znet device, introduce a
rd.znet_ifname= options, to subchannel id instead of MAC address as the
identifier and rename the interface.
Signed-off-by: Kairui Song <kasong@redhat.com>
Add support for 'rd.multipath=default' for using the default
configuration on boot. The intended purpose for this is to help support
ostree-based image boots from multipathed devices (such as Fedora and
Red Hat CoreOS).
`dasd.conf` needn't be present on system even if modules have been loaded.
Check if file exists to avoid error message during kernel update
```bash
dracut-install: ERROR: installing '/etc/dasd.conf'
dracut: FAILED: /usr/lib/dracut/dracut-install -D /var/tmp/dracut.YvVRx5/initramfs -H /etc/dasd.conf
```
In either case:
- encrypted device is decrypted, udev will trigger device changes again,
- multiple encrypted device,
cryptroot-ask will run multiple time, then report:
> mkdir: cannot create directory '/run/cryptsetup': File exists
Pass `-p` into mkdir to ignore that warning.
In this case we want to cover three cases
1) ip_address:ip_address
2) number:macaddress
3) :macaddress
We consider something an IPv6 address if it starts with number and
contains ":", but IPv6 addresses are in hexa.
The network-manager command line hook must install a
initqueue/finished hook to ensure that nm-run.sh is executed when
there are network connections to activate.
Fixes: #694
Detection of persistent memory devices works mostly out of the box
already. Only the "provider" modules for ndbus devices, which are responsible
to extract information of available NVDIMM devices and their configuration
from system firmware, are only indirectly linked into the module stack.
Examples for such modules are nfit.ko, nd_e820.ko, and virtio-pmem.ko.
Add a module that resolves these dependencies.
DRM drivers are filtered for drm_crtc_init symbol,
but not all drivers use it. Especially, cirrus driver
doesn't use it since Linux 5.2.
The practical result is text plymouth theme instead of graphical when in qemu.
Fix it by looking also for drm_dev_register symbol.
Suggested by @haraldh
Fixes#712
Currently there is no usb support on RPi4 in the
initrd phase as the pcie-brcmstb module is missing.
If part of the boot is handled from a USB stick
(e.g. with Ignition), the stick cannot be accessed.
Reference: boo#1162669
systemd provides its own cryptsetup facilities, and the
cryptsetup binary might not even exist, failing
to execute the discard flag processing.
Fixes#602
The original behavior of $env{INTERFACE} was undocumented and changed in
the recent udev versions, breaking the ability to bring up networking
reliably. Switching to $name directive should fix this issue.
Related links:
- systemd/systemd#12700 (udev PR)
- systemd/systemd#12291 (related udev issue)
- systemd/systemd#14935 (this issue, udev side)
- #732 (this issue, dracut side)
Fixes: #732
Previously, we were doing `setup_net` from `ifup` for any setup that
wasn't DHCP, since those are already taken care of by `dhclient-script`.
The issue is that the case-statement we use to detect this doesn't catch
options like `ip=dhcp,dhcp6`.
Fix this by reworking the logic here to just check if a
`setup_net_$netif.sh` hook exists. If so, then we know that `setup_net`
will be called for this interface later.
This was causing issues in RHCOS which now ships with `ip=dhcp,dhcp6` to
support IPv6 environments[1]. The code here would make us do `setup_net`
pre-emptively which IIUC would then cause the initqueue to finish
earlier even if we had more udev netif events to process.
[1] https://github.com/coreos/coreos-assembler/pull/1067
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1803926
This reverts commit c603419030.
wait_for_ipv6_dad_link is only called from dhclient script,
so the original intent "wait for IPv6 RA if using none/static IPv6 assignment"
does not seem to be correct.
Anyway, this brings an issue on isolated networks, where you don't
have any routes outside. dhclient-script hangs on this check
and after it times out, dhclient is able to set the address normally.
Otherwise we won't retry dhclient again on that interface. In
FCOS/RHCOS, we want to bake in `ip=dhcp,dhcp6` so we automatically try
getting a DHCPv6 lease if DHCPv4 failed.
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1793591
If hostonly mode is in use, and there isn't any block device included
as hostonly device, then the initramfs won't need any block driver.
Eg. for kdump built image, there could be only one nfs mount point,
or the initramfs may only execute some network operation then reboot.
In such case, skip block driver installation to save space and time.
Signed-off-by: Kairui Song <kasong@redhat.com>
This is a simple trick to honor RFC 3442:
If the DHCP server returns both a Classless Static Routes option and
a Router option, the DHCP client MUST ignore the Router option.
Signed-off-by: Jacob Wen <jian.w.wen@oracle.com>
Previous all files are installed with inst_dir, which will not install
the files under /etc/iscsi/, and it create folders with the same of the
files which is wrong.
Now only use inst_dir to install the config dir and ensure it
exists, and use inst_multiple to install the config files.
Signed-off-by: Kairui Song <kasong@redhat.com>
NetworkManager would unnecessarily bring up the devices, colliding with
further attempts to rename the devices.
This is arguably a NetworkManager bug and should eventually be fixed there.
Running NetworkManager without the connection is unnecessary regardless.
Instead of carrying the kernel and hmac in the install.img (which takes
up more space) use the vmlinuz installed under /images/pxeboot/ and the
.hmac in the install.img /boot.
This check is triggered by the presence of /run/install/repo/images/pxeboot/vmlinuz
Related: rhbz#1782737
since we handle the retries explicitly via rd.net.dhcp.retry
Without -1 if user sets ip=dhcp6 and there is no dhcp on the network,
dhclient seems to wait indefinitely, ignoring rd.net.timeout.dhcp
The actual syntax of nsswitch.conf is slightly different from the
current regular expression:
- A comment can appear anywhere, not just at the beginning of a
line.
- Action items take the general form [STATUS=ACTION] or
[!STATUS=ACTION] (with some optional whitespace).
- A service name cannot include a colon. This is a nitpick,
because there should never be more than a single colon per
line.
Signed-off-by: Petr Tesarik <ptesarik@suse.com>
dmraid requires kpartx to activate device mapper.
But kpartx is only a recommend dependency.
Check for kpartx's existent first.
Signed-off-by: Doan Tran Cong Danh <congdanhqx@gmail.com>
multipath requires kpartx to activate device mapper.
But kpartx is only a recommend dependency.
Check for kpartx's existent first.
Signed-off-by: Doan Tran Cong Danh <congdanhqx@gmail.com>
commit 5e0f8c8a4c ('network-manager: remove useless use of basename')
somewhat carelessly didn't take into account that $_i has a slash at
the end which made the result of the ## substitution be just an empty
string.
The slash was put to the end of /sys/class/net/*/ to make sure we're only
iterating directories, but it's not strictly necessary. In an unlikely case
something else than a directory appears in /sys/class/net/, we'll already deal
with it gracefully. Remove it.
This fixes the TEST-30-ISCSI test.
E.g. in RHCOS, the `BOOT_IMAGE` from the cmdline is:
(hd0,gpt1)/ostree/rhcos-e493371e5ee8407889029ec979955a2b86fd7e3cae5a0591b9db1cd248d966e8/vmlinuz-4.18.0-146.el8.x86_64
Which of course is a GRUB thing, not an actual pathname we'll be able to
resolve. In fact, we can simply scrap it off from the variable. Our code
is already able to handle both cases: whether the device refers to a
separate boot partition, or just the root filesystem with a regular
`/boot` directory.
It's already the case the `BOOT_IMAGE_PATH` today, in the non-empty
case, includes a trailing `/`, but let's add it to the path we build
here too to make it more obvious.
That way, the HMAC file can contain a relative path instead of an
absolute one. The issue is that right now the kernel RPM bakes the
`/boot/vmlinuz-${kver}` path into the HMAC file which poses an issue for
rpm-ostree systems (and any other system where the kernel isn't simply
in the top-level `/boot`.
For now, we're hacking around this in rpm-ostree:
https://github.com/coreos/rpm-ostree/pull/1934
Though I'd like to propose the same change in the kernel spec file.
There is a small regression in #343: when handling the 'separate boot
partition' case, we're checking for the kernel image in the wrong
location: `BOOT_IMAGE` is the `/boot`-relative path to the kernel image,
so `/boot/${BOOT_IMAGE_PATH}/${BOOT_IMAGE}` expands to e.g.
`/boot/mysubdir1/mysubdir2/mysubdir1/mysubdir2/vmlinuz...`.
We should be using `BOOT_IMAGE_NAME` here instead (and in fact, the next
if-statement does this correctly, so it might've just been accidentally
left out of #343).
For the shell scripts, new environment variables were introduced.
dracutsysrootdir is the root directory, file existence checks use it.
DRACUT_LDCONFIG can override ldconfig with a different one that works
on the sysroot with foreign binaries.
DRACUT_LDD can override ldd with a different one that works
with foreign binaries.
DRACUT_TESTBIN can override /bin/sh. A cross-compiled sysroot
may use symlinks that are valid only when running on the target
so a real file must be provided that exist in the sysroot.
DRACUT_INSTALL now supports debugging dracut-install in itself
when run by dracut but without debugging the dracut scripts.
E.g. DRACUT_INSTALL="valgrind dracut-install or
DRACUT_INSTALL="dracut-install --debug".
DRACUT_COMPRESS_BZIP2, DRACUT_COMPRESS_LBZIP2, DRACUT_COMPRESS_LZMA,
DRACUT_COMPRESS_XZ, DRACUT_COMPRESS_GZIP, DRACUT_COMPRESS_PIGZ,
DRACUT_COMPRESS_LZOP, DRACUT_COMPRESS_ZSTD, DRACUT_COMPRESS_LZ4,
DRACUT_COMPRESS_CAT: All of the compression utilities may be
overridden, to support the native binaries in non-standard places.
DRACUT_ARCH overrides "uname -m".
SYSTEMD_VERSION overrides "systemd --version".
The dracut-install utility was overhauled to support sysroot via
a new option -r and fixes for clang-analyze. It supports
cross-compiler-ldd from
https://gist.github.com/jerome-pouiller/c403786c1394f53f44a3b61214489e6f
DRACUT_INSTALL_PATH was introduced so dracut-install can work with
a different PATH. In a cross-compiled environment (e.g. Yocto), PATH
points to natively built binaries that are not in the host's /bin,
/usr/bin, etc. dracut-install still needs plain /bin and /usr/bin
that are relative to the cross-compiled sysroot.
The hashmap pool allocate_tile/deallocate_tile code was removed
because clang-analyze showed errors in it. hashmap_copy was removed
because it wasn't used and clang-analyze showed errors in it.
DRACUT_INSTALL_LOG_TARGET and DRACUT_INSTALL_LOG_LEVEL were
introduced so dracut-install can use different settings from
DRACUT_LOG_TARGET and DRACUT_LOG_LEVEL.
Signed-off-by: Böszörményi Zoltán <zboszor@pr.hu>
It looks like only the 'fips=1' is really supported and it is working
correctly. So instead of failing on 'fips' not clear way give user
information why we are failing.
The new qedi driver needs to be handled just like
the bnx2i driver, so update 95iscsi scripts to do this.
References: bsc#1113712
Signed-off-by: Lee Duncan <lduncan@suse.com>
Unmounting the image iso, detaching its loop device, and unmounting
its parent partition can simplify installation to the parent disk.
Note that programs or scripts using the /run/initramfs/live mount
point will fail.
Fixes these error messages during intird build:
cat: '/sys/devices/platform/host2/flashnode_sess-*/is_boot_target': No such file or directory
/usr/lib/dracut/modules.d/95iscsi/module-setup.sh: line 91: [: -eq: unary operator expected
cat: '/sys/devices/platform/host3/flashnode_sess-*/is_boot_target': No such file or directory
/usr/lib/dracut/modules.d/95iscsi/module-setup.sh: line 91: [: -eq: unary operator expected
The goal of this module is to enable automatic loading of the
thermal/fan control modules on PowerPC based Macs, as on some
modular kernel configurations this will not happen automatically
which will result in the fans spinning up to 100% until they are
manually loaded.
This is especially a problem in live systems where it takes some
time to boot up and the spin-up happens before the system even
leaves initramfs.
Commmit 8a33e52e2f94 assumes that dracut's work is done if a root device
is found. This holds usually for booting computers, but it may be wrong
for other environments.
Only short-cut the waiting if $netroot is also set.
Fixes: 8a33e52e2f94 ("network: stop waiting for interfaces if root device is present")
References: bsc#1152006
On SLE15-SP1 at least, iscsiadm doesn't support combining --op and --login":
> # iscsiadm -m node -T iqn.2018-06.de.suse.zeus:01 --op=update --name=node.startup --value=onboot --login
> iscsiadm: Invalid parameters. Login/logout and op passed in
This breaks iSCSI login in initrd, and thus, iSCSI boot.
Fix it by not coalescing everything into a single iscsiadm command.
Fixes: a59b776bc215 ("Dracut: only login to one target at a time")
References: bsc#1152650
According to the dracut README, module code to be run in
the initrd must be POSIX-compliant. Replace remaining
bashisms (as reported by checkbashisms) with POSIX compliant
code.
The use of "type" is not strictly POSIX compliant, but it's
all over the place in dracut code. dash supports it, anyway.
In multipath scenarios, "iscsiadm -m node" may contain
several records with the same target.
There's no point in trying "iscsiadm --login" multiple
time for the same target, through the same portal.
Moreover, warn if the desired target is not on the node
list.
dracut waits for every iscsiroot connection to be established
before switching root. This is not necessary in multipath scenarios,
where a single path is usually sufficient to set up the root device,
and where users expect booting to succeed unless all paths are down.
Don't wait for the iscsi portal to start if the root device has
already been found.
For handling the configuration where there are two
paths to an iscsi root target, each using a different
NIC. In such a case, the initramfs was trying to configure
the first NIC, then call iscsiroot to login to both targets,
which would fail for the 2nd target, since the path to the
2nd target was not yet configured. This would eventually
work after a timeout. But it's better to login to just
one target at a time.
This change makes the initramfs handle multiple paths to an
iscsi target better by logging into only one target at a time,
rather than trying to login to all targets when only one of
several NICs is up.
This can be further optimized by using the initrd parameter
"rd.iscsi.testroute", which would skip iscsiadm login attempts
for targets to which no route exists.
If the script is called again via the timeout initqueue,
we try "iscsiadm -L onboot" again, hoping that some targets
may now have become reachable.
Currently it starts the cleaner early and do the clean up job if switch
root is called. It's better to just start the service only on switch
root to avoid any risk of service dependency failure and make is
simpler.
Signed-off-by: Kairui Song <kasong@redhat.com>
Before we check if dad is done we should first make sure,
that there is a link local address where we do the check.
Due to this issue, on ipv6 only setups sometimes dhclient started
asking for ip address, before the link local address was present
and failed immediately.
I'd like to rework CoreOS Ignition (which runs in the initramfs)
to include some values from the *real* `/etc/os-release` in
HTTP headers.
Looking at this, it turns out dracut eats almost all of the useful
information from it. I don't think `dracut` should be the `ID`
here...dracut's not an OS itself, it's a way to *build* little
operating systems. It'd be kind of like if Fedora's Koji
injected itself into `/etc/os-release`.
This code dates back a long time; not sure of all the rationale
behind it.
I changed it so that we keep extending the VERSION/PRETTY_NAME
with the dracut version, but otherwise "pass through" the
rest of the real `/etc/os-release` we were built from unchanged.
Starting with the 0.7.7 release of the multipath tools, the multipath
udev rules always set a value in ENV{DM_MULTIPATH_DEVICE_PATH} for any
device that multipath scans. A value of 0 means that the device is not
claimed by multipath, and a value of 1 means that it is. Because of
this, udev rules that check ENV{DM_MULTIPATH_DEVICE_PATH}=="?*" will
always return True, and act as if every scanned device is claimed by
multipath. Checking ENV{DM_MULTIPATH_DEVICE_PATH}=="1" will work
correctly for both the old and new versions of the multipath tools.
For LUKS2 partitions cryptsetup needs a locking directory. If it does
not exist, cryptsetup will create it, but produce a warning
WARNING: Locking directory /run/cryptsetup is missing!
in the process that we do not want to see in the dracut output.
Default value of EVMKEYDESC (in evm-enable.sh) is "evm-key" and it's
also specified previously in this README file.
Signed-off-by: Petr Vorel <pvorel@suse.cz>
When you install a third-party driver, you will probably end in a
situation, where the module will be in a different directory and
in $depmod_module_dir you will only have symlink. If we resolve the
symlink before we pass the module path to instmod, the dracut-install
will only include the module with its original path, but not the
symlink. Hence the module can't be automatically loaded.
Dracut-install is clever enough to handle symlinks and will include both
the symlink and the module to the initrd.
In e54ab383 we moved the fips script to a later pahse of boot, since
the /boot might not be available early on.
The problem is that systemd-cryptsetup* services could be run now
started before the do_fips is executed and need the crypto modules
to decrypted the devices.
So let's split the do_fips and load the module before udev does the
trigger.
When DRACUT_SYSTEMD is set and DRACUT_QUIET=yes, vinfo returns 1. This
is a problem for hooks which end with vinfo, as then the hook returns 1.
Especially problematic if this is a shutdown hook, as it will be
restarted again and again.
This commit fixes that.
Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com>
If the root is on network, let nm-initrd-generator create configuration
even if none was explicitly specified on the command line.
Also do the same if /tmp/net.ifaces exists, because the anaconda plugin
creates an empty file in that location in hopes that will make us
configure the network.
The kernel may only enable 'libfcoe' module. Some modules like bnx2fc
provides FCoE but only depend on 'libfcoe'. Loading 'fcoe' module may
fail but the kernel do support FCoE.
'libfcoe' will be installed as a dependency when installing block device
drivers if it's required. So no need to install it in installkernel.
Signed-off-by: Kairui Song <kasong@redhat.com>
Bash 5 apparently longer propagates variable assignments to local variables
in front of function calls when in POSIX mode:
[lkundrak@demiurge ~]$ cat feh.sh
print_VAR () {
echo "$VAR";
}
testfunc () {
local VAR="OLD"
VAR=NEW print_VAR
}
testfunc
[lkundrak@demiurge ~]$ bash4 --posix feh.sh
NEW
[lkundrak@demiurge ~]$ bash5 --posix feh.sh
OLD
[lkundrak@demiurge ~]$ bash5 feh.sh
NEW
[lkundrak@demiurge ~]$
It works the way it did in Bash 4 in non-POSIX mode, for external programs,
or for non-local variables. Don't ask me why -- it's probably some
compatibility thing for some sad old people.
However, this precisely happens when fsck_single() is calling into the
fsck_drv_com(), assigned to _drv by fsck_able(). That ruins the
TEST-70-BONDBRIDGETEAMVLAN test's server and probably more.
Let's pass the fsck driver binary via the function argument instead. It's
less messy anyway.
- The network script and config could be in
"/etc/sysconfig/network-scripts", so try look for network config in
all possible path.
- The regex used for sed is not working, so fix it too.
- Make bootproto a local variable
Signed-off-by: Kairui Song <kasong@redhat.com>
Harald Hoyer