From c54b68e8b6edda59b5b6b50e3be3f7d7c59bc2ba Mon Sep 17 00:00:00 2001
From: Jonathan Lebon <jonathan@jlebon.com>
Date: Tue, 14 Jul 2020 17:35:19 -0400
Subject: [PATCH] Move to conditional networking

We have all the piece in place now to move to conditional networking. So
let's drop the `rd.neednet=1` firstboot karg.

Also don't enable coreos-liveiso-network-kargs.service on FCOS since
it's no longer needed (i.e.  the live ISO will now enable initrd
networking as required given the embedded Ignition config).

On RHCOS, we still need it for now until we move to spec3. Then we can
remove the service and script completely.

Fixes: https://github.com/coreos/fedora-coreos-tracker/issues/443
---
 image.yaml                                    |  6 ++---
 .../coreos-copy-firstboot-network.service     |  4 ++++
 .../coreos-liveiso-network-kargs.service      |  4 ++++
 .../20live/coreos-liveiso-network-kargs.sh    |  5 +++++
 .../dracut/modules.d/20live/live-generator    |  6 ++++-
 .../system/coreos-liveiso-success.service     |  3 +--
 tests/kola/misc-ro                            | 22 +++++++++++++++++++
 7 files changed, 44 insertions(+), 6 deletions(-)

diff --git a/image.yaml b/image.yaml
index 653342ddd2..a91ab32025 100644
--- a/image.yaml
+++ b/image.yaml
@@ -9,9 +9,9 @@ extra-kargs:
     # https://fedoraproject.org/wiki/Changes/CGroupsV2
     - systemd.unified_cgroup_hierarchy=0
 
-# Kernel arguments to be used on first-boot.
-ignition-network-kcmdline:
-    - 'rd.neednet=1'
+# Disable networking by default on firstboot. We can drop this once cosa stops
+# defaulting to `ip=dhcp,dhcp6 rd.neednet=1` when it doesn't see this key.
+ignition-network-kcmdline: []
 
 # Optional remote by which to prefix the deployed OSTree ref
 ostree-remote: fedora
diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/15coreos-firstboot-network/coreos-copy-firstboot-network.service b/overlay.d/05core/usr/lib/dracut/modules.d/15coreos-firstboot-network/coreos-copy-firstboot-network.service
index 2762042128..2fd6151b01 100644
--- a/overlay.d/05core/usr/lib/dracut/modules.d/15coreos-firstboot-network/coreos-copy-firstboot-network.service
+++ b/overlay.d/05core/usr/lib/dracut/modules.d/15coreos-firstboot-network/coreos-copy-firstboot-network.service
@@ -43,6 +43,10 @@ After=coreos-gpt-setup@dev-disk-by\x2dlabel-root.service
 # Since we are mounting /boot/, require the device first
 Requires=dev-disk-by\x2dlabel-boot.device
 After=dev-disk-by\x2dlabel-boot.device
+# Need to run after fetch-offline stage since it may re-run the NM cmdline
+# hook which will generate NM configs from the network kargs, but we want to
+# have precedence.
+After=ignition-fetch-offline.service
 
 [Service]
 Type=oneshot
diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-liveiso-network-kargs.service b/overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-liveiso-network-kargs.service
index 72ac3c3cf5..a774914fb2 100644
--- a/overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-liveiso-network-kargs.service
+++ b/overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-liveiso-network-kargs.service
@@ -24,6 +24,10 @@
 # prompt without requiring networking on boot. The user can
 # then configure the networking interactively.
 #
+# Note that this script is only used on RHCOS now. We should be able to remove
+# it once RHCOS moves to spec3. On FCOS/spec3, this is replaced by the
+# conditional networking work:
+# https://github.com/coreos/fedora-coreos-config/pull/426
 [Unit]
 Description=Request live ISO networking
 DefaultDependencies=no
diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-liveiso-network-kargs.sh b/overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-liveiso-network-kargs.sh
index 9049686ad4..d989243b36 100755
--- a/overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-liveiso-network-kargs.sh
+++ b/overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-liveiso-network-kargs.sh
@@ -2,6 +2,11 @@
 
 # For a description of how this is used see coreos-liveiso-network-kargs.service
 
+# Note that this script is only used on RHCOS now. We should be able to remove
+# it once RHCOS moves to spec3. On FCOS/spec3, this is replaced by the
+# conditional networking work:
+# https://github.com/coreos/fedora-coreos-config/pull/426
+
 # Load the dracut library for getarg
 source /usr/lib/dracut-lib.sh
 
diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/20live/live-generator b/overlay.d/05core/usr/lib/dracut/modules.d/20live/live-generator
index 2a9c91e62c..82819d4f6b 100755
--- a/overlay.d/05core/usr/lib/dracut/modules.d/20live/live-generator
+++ b/overlay.d/05core/usr/lib/dracut/modules.d/20live/live-generator
@@ -31,7 +31,11 @@ add_requires sysroot.mount     initrd-root-fs.target
 add_requires sysroot-etc.mount initrd-root-fs.target
 add_requires sysroot-var.mount initrd-root-fs.target
 
-add_requires coreos-liveiso-network-kargs.service              initrd.target
+# Need to be flexible here until RHCOS moves to spec3.
+if ! (ignition -help || :) |& grep -q 'fetch-offline'; then
+    add_requires coreos-liveiso-network-kargs.service              initrd.target
+fi
+
 add_requires coreos-liveiso-reconfigure-nm-wait-online.service initrd.target
 
 mkdir -p "${UNIT_DIR}/ostree-prepare-root.service.d"
diff --git a/overlay.d/05core/usr/lib/systemd/system/coreos-liveiso-success.service b/overlay.d/05core/usr/lib/systemd/system/coreos-liveiso-success.service
index befc41e790..a3db8673a6 100644
--- a/overlay.d/05core/usr/lib/systemd/system/coreos-liveiso-success.service
+++ b/overlay.d/05core/usr/lib/systemd/system/coreos-liveiso-success.service
@@ -4,8 +4,7 @@
 [Unit]
 Description=CoreOS Live ISO virtio success
 Documentation=https://github.com/coreos/fedora-coreos-config
-# Only run on the Live ISO, and only if there's no Ignition config;
-# the second bits here invert the conditionals in coreos-liveiso-network-kargs.service.
+# Only run on the Live ISO, and only if there's no Ignition config
 ConditionKernelCommandLine=coreos.liveiso
 ConditionPathExists=!/config.ign
 ConditionVirtualization=|kvm
diff --git a/tests/kola/misc-ro b/tests/kola/misc-ro
index fab7731db2..9f0ed720d4 100755
--- a/tests/kola/misc-ro
+++ b/tests/kola/misc-ro
@@ -11,6 +11,15 @@ fatal() {
     exit 1
 }
 
+on_platform() {
+    grep -q " ignition.platform.id=$1 " /proc/cmdline
+}
+
+get_journal_msg_timestamp() {
+    journalctl -o json -b 0 --grep "$1" \
+        | jq -r --slurp '.[0]["__MONOTONIC_TIMESTAMP"]'
+}
+
 systemctl is-enabled logrotate.service
 ok logrotate
 
@@ -19,3 +28,16 @@ if ip link | grep -o -e " eth[0-9]:"; then
     fatal "detected eth* NIC naming on node"
 fi
 ok nic naming
+
+switchroot_ts=$(get_journal_msg_timestamp 'Switching root.')
+nm_ts=$(get_journal_msg_timestamp 'NetworkManager .* starting')
+# by default, kola on QEMU shouldn't need to bring up networking
+# https://github.com/coreos/fedora-coreos-config/pull/426
+if [[ $nm_ts -lt $switchroot_ts ]] && on_platform qemu; then
+    fatal "NetworkManager started in initramfs!"
+# and as a sanity-check that this test works, verify that on AWS
+# we did bring up networking in the initrd
+elif [[ $nm_ts -gt $switchroot_ts ]] && on_platform aws; then
+    fatal "NetworkManager not started in initramfs!"
+fi
+ok conditional initrd networking