diff --git a/image.yaml b/image.yaml index 653342ddd2..a91ab32025 100644 --- a/image.yaml +++ b/image.yaml @@ -9,9 +9,9 @@ extra-kargs: # https://fedoraproject.org/wiki/Changes/CGroupsV2 - systemd.unified_cgroup_hierarchy=0 -# Kernel arguments to be used on first-boot. -ignition-network-kcmdline: - - 'rd.neednet=1' +# Disable networking by default on firstboot. We can drop this once cosa stops +# defaulting to `ip=dhcp,dhcp6 rd.neednet=1` when it doesn't see this key. +ignition-network-kcmdline: [] # Optional remote by which to prefix the deployed OSTree ref ostree-remote: fedora diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/15coreos-firstboot-network/coreos-copy-firstboot-network.service b/overlay.d/05core/usr/lib/dracut/modules.d/15coreos-firstboot-network/coreos-copy-firstboot-network.service index 2762042128..2fd6151b01 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/15coreos-firstboot-network/coreos-copy-firstboot-network.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/15coreos-firstboot-network/coreos-copy-firstboot-network.service @@ -43,6 +43,10 @@ After=coreos-gpt-setup@dev-disk-by\x2dlabel-root.service # Since we are mounting /boot/, require the device first Requires=dev-disk-by\x2dlabel-boot.device After=dev-disk-by\x2dlabel-boot.device +# Need to run after fetch-offline stage since it may re-run the NM cmdline +# hook which will generate NM configs from the network kargs, but we want to +# have precedence. +After=ignition-fetch-offline.service [Service] Type=oneshot diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-liveiso-network-kargs.service b/overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-liveiso-network-kargs.service index 72ac3c3cf5..a774914fb2 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-liveiso-network-kargs.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-liveiso-network-kargs.service @@ -24,6 +24,10 @@ # prompt without requiring networking on boot. The user can # then configure the networking interactively. # +# Note that this script is only used on RHCOS now. We should be able to remove +# it once RHCOS moves to spec3. On FCOS/spec3, this is replaced by the +# conditional networking work: +# https://github.com/coreos/fedora-coreos-config/pull/426 [Unit] Description=Request live ISO networking DefaultDependencies=no diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-liveiso-network-kargs.sh b/overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-liveiso-network-kargs.sh index 9049686ad4..d989243b36 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-liveiso-network-kargs.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-liveiso-network-kargs.sh @@ -2,6 +2,11 @@ # For a description of how this is used see coreos-liveiso-network-kargs.service +# Note that this script is only used on RHCOS now. We should be able to remove +# it once RHCOS moves to spec3. On FCOS/spec3, this is replaced by the +# conditional networking work: +# https://github.com/coreos/fedora-coreos-config/pull/426 + # Load the dracut library for getarg source /usr/lib/dracut-lib.sh diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/20live/live-generator b/overlay.d/05core/usr/lib/dracut/modules.d/20live/live-generator index 2a9c91e62c..82819d4f6b 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/20live/live-generator +++ b/overlay.d/05core/usr/lib/dracut/modules.d/20live/live-generator @@ -31,7 +31,11 @@ add_requires sysroot.mount initrd-root-fs.target add_requires sysroot-etc.mount initrd-root-fs.target add_requires sysroot-var.mount initrd-root-fs.target -add_requires coreos-liveiso-network-kargs.service initrd.target +# Need to be flexible here until RHCOS moves to spec3. +if ! (ignition -help || :) |& grep -q 'fetch-offline'; then + add_requires coreos-liveiso-network-kargs.service initrd.target +fi + add_requires coreos-liveiso-reconfigure-nm-wait-online.service initrd.target mkdir -p "${UNIT_DIR}/ostree-prepare-root.service.d" diff --git a/overlay.d/05core/usr/lib/systemd/system/coreos-liveiso-success.service b/overlay.d/05core/usr/lib/systemd/system/coreos-liveiso-success.service index befc41e790..a3db8673a6 100644 --- a/overlay.d/05core/usr/lib/systemd/system/coreos-liveiso-success.service +++ b/overlay.d/05core/usr/lib/systemd/system/coreos-liveiso-success.service @@ -4,8 +4,7 @@ [Unit] Description=CoreOS Live ISO virtio success Documentation=https://github.com/coreos/fedora-coreos-config -# Only run on the Live ISO, and only if there's no Ignition config; -# the second bits here invert the conditionals in coreos-liveiso-network-kargs.service. +# Only run on the Live ISO, and only if there's no Ignition config ConditionKernelCommandLine=coreos.liveiso ConditionPathExists=!/config.ign ConditionVirtualization=|kvm diff --git a/tests/kola/misc-ro b/tests/kola/misc-ro index fab7731db2..9f0ed720d4 100755 --- a/tests/kola/misc-ro +++ b/tests/kola/misc-ro @@ -11,6 +11,15 @@ fatal() { exit 1 } +on_platform() { + grep -q " ignition.platform.id=$1 " /proc/cmdline +} + +get_journal_msg_timestamp() { + journalctl -o json -b 0 --grep "$1" \ + | jq -r --slurp '.[0]["__MONOTONIC_TIMESTAMP"]' +} + systemctl is-enabled logrotate.service ok logrotate @@ -19,3 +28,16 @@ if ip link | grep -o -e " eth[0-9]:"; then fatal "detected eth* NIC naming on node" fi ok nic naming + +switchroot_ts=$(get_journal_msg_timestamp 'Switching root.') +nm_ts=$(get_journal_msg_timestamp 'NetworkManager .* starting') +# by default, kola on QEMU shouldn't need to bring up networking +# https://github.com/coreos/fedora-coreos-config/pull/426 +if [[ $nm_ts -lt $switchroot_ts ]] && on_platform qemu; then + fatal "NetworkManager started in initramfs!" +# and as a sanity-check that this test works, verify that on AWS +# we did bring up networking in the initrd +elif [[ $nm_ts -gt $switchroot_ts ]] && on_platform aws; then + fatal "NetworkManager not started in initramfs!" +fi +ok conditional initrd networking