At kubevirt one can configure the cloud init as config drive or nocloud,
with config drive is the current approch, this change add the nocloud
that spect a device mount with "cidata" label and tue user data file at
/user-data there, also the main different if that on those cases the
network data follows the netplan v1 or v2 that's is better format than
the openstack meta data network service one.
Signed-off-by: Enrique Llorente <ellorent@redhat.com>
When run ignition on a device mapper, ie, multipath, it fails because
the function blockDevHeld returns true as the block device
contains holders. A block device with holders do not necessary means
the block device is in use (like mounted).
The function blockDevInUse will not check if it is a device mapper
and if so, do not check for blockDevHeld.
Signed-off-by: Tiago Bueno <tiago.bueno@gmail.com>
Ignition internal machinery relies on being able to match against an
error directly, in this case, `ErrNeedNet`. By wrapping errors from
FetchToBuffer, ignition would not be able to detect the lack of
networking during `fetch-offline` phase and fail to run.
Signed-off-by: Leorize <leorize+oss@disroot.org>
This commit introduces a new TMT tests and a GitHub Actions workflow to
run it.
TMT (Test Management Tool) is a tool for managing and executing tests
in a structured and efficient manner. It allows users to define test
plans, organize test cases, and execute them in a consistent manner. TMT is
particularly useful for testing software projects, as it provides a
framework for managing the entire testing process, from planning to
execution and reporting.
The workflow is set up to run on every push to the main branch and on
pull requests, providing continuous integration for the project.
The core test added is designed to verify the basic functionality of
the application using TMT, ensuring that it can successfully execute a
simple test case.
The smoke plan is defined in the `tests/tmt/plans/smoke.fmf` file and
is configure to run all tests with smoke tag.
The `tests/tmt/plans/main.fmf` file is the main plan that includes
common configurations and settings for the plans. Currently, it prepare
the test environment.
The workflow is defined in the `.github/workflows/tmt-tests.yml` file
and includes steps to set up the environment, install dependencies, and
run tests. It is allowed to execute on pull requests, pushes to the
main branch, and on demand. By default all tests are executed, but it
can be executed on demand with a TMT plan filter. As part of the
workflow, TMT will be executed inside a container.
JIRA: https://issues.redhat.com/browse/COS-2284
Signed-off-by: Tiago Bueno <tiago.bueno@gmail.com>
Since a bug preventing special mode bits from being applied properly
has been fixed. Move masking of the bits for configs that are in use
which have special mode bits do not suddenly function different.
From https://man7.org/linux/man-pages/man2/lchown.2.html:
> When the owner or group of an executable file is changed by an
> unprivileged user, the S_ISUID and S_ISGID mode bits are cleared.
> POSIX does not specify whether this also should happen when root
> does the chown(); the Linux behavior depends on the kernel version,
> and since Linux 2.2.13, root is treated like other users.
Fixes: #2042
When bootupd/grub2-static/configs.d was introduced,
blscfg was after every config. Some config need to be after blscfg,
so rename to 05_ignition.cfg so we can align bootupd numbering with
legacy grub (blscfg is in 10_linux).
Alpine Linux does not include systemd’s journal, which causes Ignition
to emit warnings when attempting to log. This PR introduces a check to
determine if the journal is available on the current distribution, and
skips logging to the journal when it is not present.
Signed-off-by: Kevin Cui <bh@bugs.cc>
On some providers (like Equinix Metal), there is a network dependency
for the umount stage, network must be still around when ExecStop is
executed.
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Co-authored-by: Dusty Mabe <dusty@dustymabe.com>
The sgdisk tool does not update the kernel partition table with BLKPG in
contrast to other similar tools but only uses BLKRRPART which fails as
soon as one partition of the disk is mounted.
Update the kernel partition table with partx when we know that a
partition of the disk is in use.
trailing \x00 character was making Ignition to fail parsing the config.
It is not always the case, that is why we did not catch it earlier: when
there is no padding in the base64 payload, everything was working.
https://pkg.go.dev/encoding/base64#Encoding.Decode
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Extend the `luks` schema to support a new `cex` key. When enabled, the
volume key of the LUKS device uses a secure key generated using a CEX
card. The keyfile to unlock the volume is not considered confidential.
Closes: #1693
Co-authored-by: Jonathan Lebon <jonathan@jlebon.com>
The code that handles systemd unit enablement via preset will no op if
disabling a systemd unit that is already disabled, which means that we
wouldn't create a preset file in that case. But we did mark the preset
file as needing relabeling unconditionally. Since `setfiles` errors out
if you pass it a path that doesn't exist, this would break boot.
Fix this by filtering out all entries that don't exist right before we
call `setfiles`. Another approach would've been to only mark the file
for relabeling if we actually did write the file, but this is more
complex than it seems because the relabeling logic needs to know what
is the first component in the path that had to be created. So we'd need
logic both before and after file creation.
This isn't user-reported; we hit this in a CI test.
When `wipeTable` is enabled, we run `sgdisk --zap-all`. But if the table
was corrupted in the first place, `sgdisk` will exit with code 2 which
then breaks boot.
As a workaround, Ignition used to retry the invocation but the context
around it was lost in #544 and #1149 and the retry was removed and
the error-checking was added.
So this patch effectively re-applies 94c98bcb ("sgdisk: retry zap-all
operation on failure"), but now with a comment and a test to make sure
we don't regress again.
Closes: https://github.com/coreos/fedora-coreos-tracker/issues/1596
