WIP: Add coreos-inject-rootmap.service, unlock root-on-RAID

This implements the rootmap code that figures out all the dependencies required to find `/sysroot`, and injects them into the BLS config. For more information, see: coreos/fedora-coreos-tracker#94 (comment) This supports RAID and LUKS devices, though the latter needs outstanding work in Ignition to actually be fully supported. This also implements the `root=UUID=$uuid` inject patch proposed in coreos/fedora-coreos-tracker#465. With this, it's now possible to configure FCOS with root on a RAID device! Closes: #465
coreos · Jun 29, 2020 · 2b2bf2c · 2b2bf2c
1 parent 7969117
commit 2b2bf2c
Show file tree

Hide file tree

Showing 3 changed files with 93 additions and 0 deletions.
diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-inject-rootmap b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-inject-rootmap
@@ -0,0 +1,75 @@
+#!/bin/bash
+set -euo pipefail
+
+BOOT_DEV="/dev/disk/by-label/boot"
+ROOT_MOUNT="/sysroot"
+
+main() {
+    local root_dev rootfs_uuid rootmap_kargs
+    root_dev=$(get_mount_dev "${ROOT_MOUNT}")
+    rootfs_uuid=$(get_rootfs_uuid "${root_dev}")
+    rootmap_kargs=$(get_rootmap_kargs "${root_dev}")
+    inject_bls_kargs "${rootmap_kargs}" "root=UUID=${rootfs_uuid}" rw
+}
+
+get_mount_dev() {
+    findmnt -nvr -o SOURCE "$1" | tail -n1
+}
+
+get_rootfs_uuid() {
+    local root_dev=$1; shift
+    # shellcheck disable=SC2153
+    (eval "$(blkid -o export "${root_dev}")" && echo "${UUID}")
+}
+
+get_rootmap_kargs() {
+    local root_dev=$1; shift
+    lsblk --pairs -o NAME,TYPE --inverse "${root_dev}" | while IFS= read -r line; do
+        # note this is a pipeline, so we're in a subprocess
+        eval "${line}"
+        # shellcheck disable=SC2153
+        case "${TYPE}" in
+            raid*) get_raid_karg "${NAME}";;
+            crypt) get_luks_karg "${NAME}";;
+            part|disk) ;;
+            *) fatal "unknown block device type ${TYPE}";;
+        esac
+    done
+}
+
+get_raid_karg() {
+    local name=$1; shift
+    local uuid
+    uuid=$(eval "$(mdadm --detail --export "/dev/${name}")" && echo "${MD_UUID}")
+    [ -n "${uuid}" ] || fatal "couldn't find UUID for RAID device ${name}"
+    echo -n " rd.md.uuid=${uuid}"
+}
+
+get_luks_karg() {
+    local name=$1; shift
+    echo -n " rd.luks.uuid=${name}"
+}
+
+inject_bls_kargs() {
+    local tmpf
+
+    # Note we mount /boot but don't unmount since we run with MountFlags=slave
+    mkdir -p /boot
+    mount -o rw ${BOOT_DEV} /boot
+    for f in /boot/loader/entries/*.conf; do
+        tmpf=$(mktemp -p /boot)
+        sed -e "/^options / s|$| $*|" < "${f}" > "${tmpf}"
+        mv "${tmpf}" "${f}"
+    done
+}
+
+err() {
+    echo "$@" >&2
+}
+
+fatal() {
+    err "$@"
+    exit 1
+}
+
+main "$@"
diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-inject-rootmap.service b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-inject-rootmap.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=CoreOS Inject Rootmap
+DefaultDependencies=false
+# If root is specified, assume rootmap is already configured
+ConditionKernelCommandLine=!root
+OnFailure=emergency.target
+OnFailureJobMode=isolate
+
+After=initrd-root-fs.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/libexec/coreos-inject-rootmap
+RemainAfterExit=yes
+MountFlags=slave
diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh
@@ -90,4 +90,7 @@ install() {
     inst_script "$moddir/coreos-growpart" /usr/libexec/coreos-growpart
 
     inst_script "$moddir/coreos-relabel" /usr/bin/coreos-relabel
+
+    install_ignition_unit coreos-inject-rootmap.service diskful
+    inst_script "$moddir/coreos-inject-rootmap" /usr/libexec/coreos-inject-rootmap
 }