Merge pull request #2029 from etungsten/dasboot

models, sundog, prairiedog: add kernel boot config support

README.md

@@ -561,6 +561,43 @@ Here are the metrics settings:
     "vm.max_map_count" = "262144"
     ```
 
+#### Boot-related settings
+
+*Please note that boot settings only exist for bare-metal variants at the moment*
+
+Specifying either of the following settings will generate a kernel boot config file to be loaded on subsequent boots:
+* `settings.boot.kernel-parameters`: This allows additional kernel parameters to be specified on the kernel command line during boot.
+* `settings.boot.init-parameters`: This allows additional init parameters to be specified on the kernel command line during boot.
+
+You can learn more about kernel boot configuration [here](https://www.kernel.org/doc/html/latest/admin-guide/bootconfig.html).
+
+Example user data for specifying boot settings:
+
+```toml
+[settings.boot.kernel-parameters]
+"console" = [
+  "tty0",
+  "ttyS1,115200n8",
+]
+"crashkernel" = [
+  "2G-:256M",
+]
+"slub_debug" = [
+  "options,slabs",
+]
+"usbcore.quirks" = [
+  "0781:5580:bk",
+  "0a5c:5834:gij",
+]
+
+[settings.boot.init-parameters]
+"log_level" = ["debug"]
+"splash" = []
+```
+
+If boot config data exists at `/proc/bootconfig`, it will be used to generate these API settings on first boot.
+Please note that Bottlerocket only supports boot configuration for `kernel` and `init`. If any other boot config key is specified, the settings generation will fail.
+
 #### Custom CA certificates settings
 
 By default, Bottlerocket ships with the Mozilla CA certificate store, but you can add self-signed certificates through the API using these settings:

Release.toml

@@ -114,3 +114,7 @@ version = "1.7.2"
 ]
 "(1.7.0, 1.7.1)" = []
 "(1.7.1, 1.7.2)" = []
+"(1.7.2, 1.8.0)" = [
+    "migrate_v1.8.0_boot-setting.lz4",
+    "migrate_v1.8.0_boot-setting-metadata.lz4",
+]

packages/os/Cargo.toml

@@ -13,7 +13,6 @@ source-groups = [
     "metricdog",
     "parse-datetime",
     "ghostdog",
-    "prairiedog",
     "growpart",
     "updater",
     "webpki-roots-shim",

packages/selinux-policy/fs.cil

@@ -45,6 +45,7 @@
 (filecon "/.*/usr/bin/migrator" file api_exec)
 (filecon "/.*/usr/bin/storewolf" file api_exec)
 (filecon "/.*/usr/bin/cfsignal" file api_exec)
+(filecon "/.*/usr/bin/thar-be-settings" file api_exec)
 (filecon "/.*/usr/bin/dbus-broker.*" file bus_exec)
 (filecon "/.*/usr/sbin/chronyd" file clock_exec)
 (filecon "/.*/usr/sbin/wicked.*" file network_exec)

sources/Cargo.toml

@@ -23,6 +23,7 @@ members = [
     "api/migration/migrator",
     "api/migration/migration-helpers",
     "api/shibaken",
+    "api/prairiedog",
 
     # "api/migration/migrations/vX.Y.Z/..."
     "api/migration/migrations/v1.3.0/etc-hosts-service",
@@ -47,6 +48,8 @@ members = [
     "api/migration/migrations/v1.7.0/aws-control-container-v0-6-0",
     "api/migration/migrations/v1.7.0/public-admin-container-v0-8-0",
     "api/migration/migrations/v1.7.0/public-control-container-v0-6-0",
+    "api/migration/migrations/v1.8.0/boot-setting",
+    "api/migration/migrations/v1.8.0/boot-setting-metadata",
 
     "bottlerocket-release",
 
@@ -58,8 +61,6 @@ members = [
 
     "growpart",
 
-    "prairiedog",
-
     "metricdog",
 
     "cfsignal",

sources/api/migration/migrations/v1.8.0/boot-setting-metadata/Cargo.toml

@@ -0,0 +1,12 @@
+[package]
+name = "boot-setting-metadata"
+version = "0.1.0"
+edition = "2018"
+authors = ["Erikson Tung <etung@amazon.com>"]
+license = "Apache-2.0 OR MIT"
+publish = false
+# Don't rebuild crate just because of changes to README.
+exclude = ["README.md"]
+
+[dependencies]
+migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"}

sources/api/migration/migrations/v1.8.0/boot-setting-metadata/src/main.rs

@@ -0,0 +1,23 @@
+#![deny(rust_2018_idioms)]
+
+use migration_helpers::common_migrations::{AddMetadataMigration, SettingMetadata};
+use migration_helpers::{migrate, Result};
+use std::process;
+
+/// We added a new setting and generator for kernel boot configuration
+fn run() -> Result<()> {
+    migrate(AddMetadataMigration(&[SettingMetadata {
+        metadata: &["affected-services"],
+        setting: "settings.boot",
+    }]))
+}
+
+// Returning a Result from main makes it print a Debug representation of the error, but with Snafu
+// we have nice Display representations of the error, so we wrap "main" (run) and print any error.
+// https://github.com/shepmaster/snafu/issues/110
+fn main() {
+    if let Err(e) = run() {
+        eprintln!("{}", e);
+        process::exit(1);
+    }
+}

sources/api/migration/migrations/v1.8.0/boot-setting/Cargo.toml

@@ -0,0 +1,12 @@
+[package]
+name = "boot-setting"
+version = "0.1.0"
+edition = "2018"
+authors = ["Erikson Tung <etung@amazon.com>"]
+license = "Apache-2.0 OR MIT"
+publish = false
+# Don't rebuild crate just because of changes to README.
+exclude = ["README.md"]
+
+[dependencies]
+migration-helpers = { path = "../../../migration-helpers", version = "0.1.0"}

sources/api/migration/migrations/v1.8.0/boot-setting/src/main.rs

@@ -0,0 +1,23 @@
+#![deny(rust_2018_idioms)]
+
+use migration_helpers::common_migrations::AddPrefixesMigration;
+use migration_helpers::{migrate, Result};
+use std::process;
+
+/// We added a new setting and generator for kernel boot configuration
+fn run() -> Result<()> {
+    migrate(AddPrefixesMigration(vec![
+        "settings.boot",
+        "services.bootconfig",
+    ]))
+}
+
+// Returning a Result from main makes it print a Debug representation of the error, but with Snafu
+// we have nice Display representations of the error, so we wrap "main" (run) and print any error.
+// https://github.com/shepmaster/snafu/issues/110
+fn main() {
+    if let Err(e) = run() {
+        eprintln!("{}", e);
+        process::exit(1);
+    }
+}

sources/api/prairiedog/Cargo.toml

@@ -0,0 +1,29 @@
+[package]
+name = "prairiedog"
+version = "0.1.0"
+authors = ["Arnaldo Garcia Rincon <agarrcia@amazon.com>"]
+license = "Apache-2.0 OR MIT"
+edition = "2018"
+publish = false
+# Don't rebuild crate just because of changes to README.
+exclude = ["README.md"]
+
+[dependencies]
+argh = "0.1.3"
+bytes = "1.1"
+constants = { path = "../../constants", version = "0.1.0" }
+log = "0.4"
+nix = "0.23"
+models =  { path = "../../models", version = "0.1.0" }
+schnauzer = { path = "../schnauzer", version = "0.1.0" }
+signpost = { path = "../../updater/signpost", version = "0.1.0" }
+simplelog = "0.11"
+snafu = "0.7"
+serde_json = "1.0"
+tokio = { version = "~1.14", default-features = false, features = ["macros", "rt-multi-thread"] } # LTS
+
+[dev-dependencies]
+maplit = "1.0"
+
+[build-dependencies]
+cargo-readme = "3.1"

sources/prairiedog/README.md → sources/api/prairiedog/README.md

@@ -2,11 +2,15 @@
 
 Current version: 0.1.0
 
-  prairiedog is a tool to provide kdump support in Bottlerocket. It performs three operations:
+  prairiedog is a tool for providing kernel boot related support in Bottlerocket.
 
+It does the following:
   - _digs_ to find the active boot partition and mounts it in /boot
   - loads the crash kernel from /boot
   - creates memory dumps when the kernel panics
+  - generates kernel boot config from settings
+  - generates settings from the existing kernel boot config file
+
 
 ## Colophon