From d9e892f0d7f7063a71862f6a20ca152a9d68442f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hozza?= Date: Tue, 22 Aug 2023 17:12:59 +0200 Subject: [PATCH] ostree_deployment: enable/disable services also using presets MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Extend the `OSTreeDeployment` pipeline implementation to enable / disable services also using systemd presets in case Ignition is being used. The pipeline already enables / disables services using the Systemd stage, which calls `systemctl`, but on some systems (since Fedora 37), Systemd will reset all enabled / disabled services based on system presets on first boot. This is not a problem for our images in general, since they contain fake machine-id, which makes systemd think that the system is not booting for the first time. This is however not the case when Ignition is being used, since it signals to systemd to treat the first boot as an actual first boot. Enabling systemd services using `systemctl` is still kept in the pipeline, since the end result will be the same even if services are enabled / disabled multiple times via different means. Related to: https://github.com/osbuild/osbuild-composer/pull/3634 https://fedoraproject.org/wiki/Changes/Preset_All_Systemd_Units_on_First_Boot Signed-off-by: Tomáš Hozza --- pkg/manifest/ostree_deployment.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/pkg/manifest/ostree_deployment.go b/pkg/manifest/ostree_deployment.go index 87a2ed446e..c480275289 100644 --- a/pkg/manifest/ostree_deployment.go +++ b/pkg/manifest/ostree_deployment.go @@ -247,6 +247,18 @@ func (p *OSTreeDeployment) serialize() osbuild.Pipeline { "systemd.condition-first-boot=true", }, })) + + // We enable / disable services below using the systemd stage, but its effect + // may be overridden by systemd which may reset enabled / disabled services on + // firstboot (which happend on F37+). This behavior, if available, is triggered + // only when Ignition is used. To prevent this and to not have a special cases + // in the code based on distro version, we enable / disable services also by + // creating a preset file. + if len(p.EnabledServices) != 0 || len(p.DisabledServices) != 0 { + presetsStage := osbuild.GenServicesPresetStage(p.EnabledServices, p.DisabledServices) + presetsStage.MountOSTree(p.osName, commit.Ref, 0) + pipeline.AddStage(presetsStage) + } } // if no root password is set, lock the root account