From 1cfb0dd4f391e44f14722bbf103f99814861b4c5 Mon Sep 17 00:00:00 2001
From: Jonathan Lebon <jonathan@jlebon.com>
Date: Mon, 30 Mar 2020 12:07:24 -0400
Subject: [PATCH] Add new ignition-fetch-offline.service

Make use of the new `fetch-offline` stage:

https://github.com/coreos/ignition/issues/979

We run this between the `setup` and `fetch` stages (the latter possibly
being skipped if networking is not required).

We hit the same issue here that `coreos-copy-firstboot-network.service`
hit, which is that we can't run before the `cmdline` hook because that
runs *before* udev, but we want the `by-*` symlinks for
`ignition-setup-user.service`.

The hack we do here is to rerun the NM cmdline hook in case ignition
dropped a snippet in `/etc/cmdline.d`. As mentioned in
https://github.com/coreos/fedora-coreos-config/pull/346, we'll be able
to do this more cleanly once we run NM as a systemd service directly.
---
 dracut/30ignition/ignition-check-neednet.sh   | 27 ++++++++++++++++++
 dracut/30ignition/ignition-disks.service      |  2 +-
 .../30ignition/ignition-fetch-offline.service | 28 +++++++++++++++++++
 dracut/30ignition/ignition-fetch.service      |  8 +++---
 dracut/30ignition/ignition-files.service      |  2 +-
 dracut/30ignition/ignition-mount.service      | 14 +++++-----
 dracut/30ignition/ignition-setup-base.service |  4 +--
 dracut/30ignition/ignition-setup-user.service |  4 +--
 dracut/30ignition/module-setup.sh             |  3 ++
 9 files changed, 75 insertions(+), 17 deletions(-)
 create mode 100755 dracut/30ignition/ignition-check-neednet.sh
 create mode 100644 dracut/30ignition/ignition-fetch-offline.service

diff --git a/dracut/30ignition/ignition-check-neednet.sh b/dracut/30ignition/ignition-check-neednet.sh
new file mode 100755
index 0000000..12dd73b
--- /dev/null
+++ b/dracut/30ignition/ignition-check-neednet.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+set -euo pipefail
+
+set +euo pipefail
+. /usr/lib/dracut-lib.sh
+set -euo pipefail
+
+dracut_func() {
+    # dracut is not friendly to set -eu
+    set +euo pipefail
+    "$@"; local rc=$?
+    set -euo pipefail
+    return $rc
+}
+
+# If we need networking and it hasn't been requested yet, request it.
+if [ -f /run/ignition/neednet ] && ! dracut_func getargbool 0 'rd.neednet'; then
+    echo "rd.neednet=1" > /etc/cmdline.d/40-ignition-neednet.conf
+
+    # Hack: we need to rerun the NM cmdline hook because we run after
+    # dracut-cmdline.service because we need udev. We should be able to move
+    # away from this once we run NM as a systemd unit. See also:
+    # https://github.com/coreos/fedora-coreos-config/pull/346#discussion_r409843428
+    set +euo pipefail
+    . /usr/lib/dracut/hooks/cmdline/99-nm-config.sh
+    set -euo pipefail
+fi
diff --git a/dracut/30ignition/ignition-disks.service b/dracut/30ignition/ignition-disks.service
index 8d58639..c046d3c 100644
--- a/dracut/30ignition/ignition-disks.service
+++ b/dracut/30ignition/ignition-disks.service
@@ -5,7 +5,7 @@ ConditionPathExists=/etc/initrd-release
 DefaultDependencies=false
 Before=ignition-complete.target
 
-# Stage order: setup -> fetch -> disks -> mount -> files.
+# Stage order: setup -> fetch-offline [-> fetch] -> disks -> mount -> files.
 After=ignition-fetch.service
 Before=ignition-mount.service
 
diff --git a/dracut/30ignition/ignition-fetch-offline.service b/dracut/30ignition/ignition-fetch-offline.service
new file mode 100644
index 0000000..3096d42
--- /dev/null
+++ b/dracut/30ignition/ignition-fetch-offline.service
@@ -0,0 +1,28 @@
+[Unit]
+Description=Ignition (fetch-offline)
+Documentation=https://github.com/coreos/ignition
+ConditionPathExists=/etc/initrd-release
+DefaultDependencies=false
+Before=ignition-complete.target
+After=basic.target
+
+# Stage order: setup -> fetch-offline [-> fetch] -> disks -> mount -> files.
+# We run after the setup stage has run because it may copy in new/different
+# ignition configs for us to consume.
+After=ignition-setup-base.service
+After=ignition-setup-user.service
+Before=ignition-fetch.service
+
+OnFailure=emergency.target
+OnFailureJobMode=isolate
+
+# See hack in ignition-check-neednet, as well as coreos-copy-firstboot-network.service.
+After=dracut-cmdline.service
+Before=dracut-initqueue.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+EnvironmentFile=/run/ignition.env
+ExecStart=/usr/bin/ignition --root=/sysroot --platform=${PLATFORM_ID} --stage=fetch-offline
+ExecStart=/usr/sbin/ignition-check-neednet
diff --git a/dracut/30ignition/ignition-fetch.service b/dracut/30ignition/ignition-fetch.service
index 8ccf196..815208b 100644
--- a/dracut/30ignition/ignition-fetch.service
+++ b/dracut/30ignition/ignition-fetch.service
@@ -5,18 +5,18 @@ ConditionPathExists=/etc/initrd-release
 DefaultDependencies=false
 Before=ignition-complete.target
 After=basic.target
+ConditionPathExists=/run/ignition/neednet
 
-# Stage order: setup -> fetch -> disks -> mount -> files.
+# Stage order: setup -> fetch-offline [-> fetch] -> disks -> mount -> files.
 # We run after the setup stage has run because it may copy in new/different
 # ignition configs for us to consume.
-After=ignition-setup-base.service
-After=ignition-setup-user.service
+After=ignition-fetch-offline.service
 Before=ignition-disks.service
 
 OnFailure=emergency.target
 OnFailureJobMode=isolate
 
-# Network may be used to fetch userdata content.
+# If we run, we definitely need network, so make sure we run after.
 After=network.target
 
 [Service]
diff --git a/dracut/30ignition/ignition-files.service b/dracut/30ignition/ignition-files.service
index 9f4b124..b1601f2 100644
--- a/dracut/30ignition/ignition-files.service
+++ b/dracut/30ignition/ignition-files.service
@@ -8,7 +8,7 @@ Before=ignition-complete.target
 OnFailure=emergency.target
 OnFailureJobMode=isolate
 
-# Stage order: setup -> fetch -> disks -> mount -> files.
+# Stage order: setup -> fetch-offline [-> fetch] -> disks -> mount -> files.
 After=ignition-mount.service
 
 # Run before initrd-parse-etc so that we can drop files it then picks up.
diff --git a/dracut/30ignition/ignition-mount.service b/dracut/30ignition/ignition-mount.service
index f222826..a733d1a 100644
--- a/dracut/30ignition/ignition-mount.service
+++ b/dracut/30ignition/ignition-mount.service
@@ -5,6 +5,13 @@ ConditionPathExists=/etc/initrd-release
 DefaultDependencies=false
 Before=ignition-complete.target
 
+# Stage order: setup -> fetch-offline [-> fetch] -> disks -> mount -> files.
+# We need to make sure the partitions and filesystems are set up before
+# mounting. This is also guaranteed through After=initrd-root-fs.target but
+# just to be explicit.
+After=ignition-disks.service
+Before=ignition-files.service
+
 # Make sure ExecStop= runs before we switch root
 Before=initrd-switch-root.target
 
@@ -18,13 +25,6 @@ After=initrd-root-fs.target
 # Make sure root filesystem is remounted read-write if needed
 After=ignition-remount-sysroot.service
 
-# Stage order: setup -> fetch -> disks -> mount -> files.
-# We need to make sure the partitions and filesystems are set up before
-# mounting. This is also guaranteed through After=initrd-root-fs.target but
-# just to be explicit.
-After=ignition-disks.service
-Before=ignition-files.service
-
 [Service]
 Type=oneshot
 RemainAfterExit=yes
diff --git a/dracut/30ignition/ignition-setup-base.service b/dracut/30ignition/ignition-setup-base.service
index 6a43b44..aec6207 100644
--- a/dracut/30ignition/ignition-setup-base.service
+++ b/dracut/30ignition/ignition-setup-base.service
@@ -8,8 +8,8 @@ Before=ignition-complete.target
 OnFailure=emergency.target
 OnFailureJobMode=isolate
 
-# Stage order: setup -> fetch -> disks -> mount -> files.
-Before=ignition-fetch.service
+# Stage order: setup -> fetch-offline [-> fetch] -> disks -> mount -> files.
+Before=ignition-fetch-offline.service
 
 [Service]
 Type=oneshot
diff --git a/dracut/30ignition/ignition-setup-user.service b/dracut/30ignition/ignition-setup-user.service
index 0b7eddf..7da195b 100644
--- a/dracut/30ignition/ignition-setup-user.service
+++ b/dracut/30ignition/ignition-setup-user.service
@@ -8,8 +8,8 @@ Before=ignition-complete.target
 OnFailure=emergency.target
 OnFailureJobMode=isolate
 
-# Stage order: setup -> fetch -> disks -> mount -> files.
-Before=ignition-fetch.service
+# Stage order: setup -> fetch-offline [-> fetch] -> disks -> mount -> files.
+Before=ignition-fetch-offline.service
 
 # We want to make sure we're not racing with multipath taking ownership of the
 # boot device.
diff --git a/dracut/30ignition/module-setup.sh b/dracut/30ignition/module-setup.sh
index c8c1148..7943d36 100755
--- a/dracut/30ignition/module-setup.sh
+++ b/dracut/30ignition/module-setup.sh
@@ -49,6 +49,8 @@ install() {
         "/usr/sbin/ignition-setup-base"
     inst_script "$moddir/ignition-setup-user.sh" \
         "/usr/sbin/ignition-setup-user"
+    inst_script "$moddir/ignition-check-neednet.sh" \
+        "/usr/sbin/ignition-check-neednet"
 
     # Distro packaging is expected to install the ignition binary into the
     # module directory.
@@ -72,6 +74,7 @@ install() {
     install_ignition_unit ignition-setup-base.service
     install_ignition_unit ignition-setup-user.service
     install_ignition_unit ignition-fetch.service
+    install_ignition_unit ignition-fetch-offline.service
     install_ignition_unit ignition-disks.service
     install_ignition_unit ignition-mount.service
     install_ignition_unit ignition-files.service