Harald Hoyer [Fri, 3 Jul 2015 12:24:50 +0000 (14:24 +0200)]
multipath: install all multipath path selector kernel modules
By default, dracut only builds in dm-service-time into the initramfs as
that is the default multipath.conf path selector. If the user changes
the path selector to "round robin" on the fly and runs dracut, multipath
does not find any paths on boot and the user will be dropped into a
shell.
Apparently, in RHEL7 dracut defaults to "hostonly" mode, i.e. modules
not currently in use at the time dracut runs do not get built into
initramfs. This is definitely one case where this doesn't work. A change
to reconfigure multipath probably should not render the system
unbootable.
Once lvm2 starts using /run (bug 742554), it should be no longer
necessary to disable file-based locking in the vgchange call in
fedora-storage-init.
Removing '--sysinit' will make it safe to call LVM operations
concurrently from other units.
The --sysinit is a compound option consisting of:
-> --ignorelockingfailure - not needed anymore, the /run/lock/lvm is
available rw soon in boot process
-> --ignoremonitoring - not needed since /run is available, this would
require the dm-event.service to be run before
fedora-storage-init.service (and new lvm2-activation.service when
deployed). But that's a one line change - I'll have a look whether it
plays well with other services and if yes, I'll commit the change. N.B.:
This has a consequence that all volumes activated on vgchange -ay will
be monitored at the same time they're activated (which is a plus I
think). The lvm2-monitor will just grab all the other volumes not
activated at the time of the boot's vgchange -ay call. But that's not an
issue (for already monitored volumes, calling vgchange --monitor y will
just be a NOOP).
-> --poll n - not needed, we can run the polldaemon as the /run is
available and rw (in case there's unfinished merge or mirror sync from
previous system run, the poll-daemon will be triggered at boot now).
Actually, the polldaemon should be triggered as a service like dmeventd
is, not forked off from the LVM command itself, like from vgchange in
this case - we still need to change this - there's a bug open for this
request already (bug #814857). However, we don't have this feature ready
yet so I need to check whether this is OK with the early boot process
with the current state.
Frederick Grose [Mon, 9 Nov 2015 18:46:27 +0000 (10:46 -0800)]
dmsquash-live-root: Use non-persistent metadata snapshots.
Transient snapshots can take advantage of smaller,
non-persistent metadata structures.
Make the --readonly option explicit rather than inferred
for the readonly_overlay target.
Assure that the live-base target is on the BASE_LOOPDEV.
Silvio Fricke [Sun, 8 Nov 2015 11:53:36 +0000 (12:53 +0100)]
PKGFILE: prevent out of tree builds
With makepkg is it possible to build sources away from the PKGFILE. The
previous behavior was crash on build if this was setup. With this
patch we prevent this possibility.
On systemd, SIGPIPE is ignored by default; see man 5 systemd.exec for
IgnoreSIGPIPE=. As a result, lsinitrd.sh under a systemd service
outputs "cat: write error: Broken pipe" in the processing of
determining a compression format of a given initramfs file using cat
command in the write part of a pipeline processing.
For example, this is a log message of kdump.service in RHEL7.1,
-- Logs begin at Wed 2015-11-04 09:57:33 JST, end at Wed 2015-11-04 09:58:28 JST. --
Nov 04 09:57:33 localhost systemd[1]: Stopping Crash recovery kernel arming...
Nov 04 09:57:33 localhost kdumpctl[22545]: kexec: unloaded kdump kernel
Nov 04 09:57:33 localhost kdumpctl[22545]: Stopping kdump: [OK]
Nov 04 09:57:33 localhost systemd[1]: Starting Crash recovery kernel arming...
Nov 04 09:57:36 localhost kdumpctl[22553]: Detected change(s) in the following file(s):
Nov 04 09:57:36 localhost kdumpctl[22553]: /etc/kdump.conf
Nov 04 09:57:36 localhost kdumpctl[22553]: Rebuilding /boot/initramfs-3.10.0-229.el7.x86_64kdump.img
Nov 04 09:57:40 localhost dracut[24914]: Executing: /usr/sbin/dracut --hostonly --hostonly-cmdline -o "plymouth dash resume" -f /boot/initramfs-3.10.0-229.el7.x86_64kdump.img 3.10.0-229.el7.x86_64
...<cut>...
Nov 04 09:58:12 localhost dracut[24914]: *** Creating image file done ***
Nov 04 09:58:12 localhost dracut[24914]: Image: /boot/initramfs-3.10.0-229.el7.x86_64kdump.img: 18M
Nov 04 09:58:12 localhost kdumpctl[22553]: cat: write error: Broken pipe
Nov 04 09:58:12 localhost dracut[24914]: ========================================================================
Nov 04 09:58:12 localhost dracut[24914]: Version: dracut-033-240.el7
Nov 04 09:58:12 localhost dracut[24914]:
Nov 04 09:58:12 localhost dracut[24914]: Arguments: --hostonly --hostonly-cmdline -o 'plymouth dash resume' -f
Nov 04 09:58:13 localhost dracut[24914]:
Nov 04 09:58:13 localhost dracut[24914]: dracut modules:
Nov 04 09:58:13 localhost dracut[24914]: bash
kdump.service builds and loads an initramfs for kdump kernel using
kdumpctl command which uses dracut command and so lsinitrd command,
too.
Although there's no actual harm except for the error message, there
has been several inquiries from customers about this message so
far. We should suppress this message to reduce needless
communications.
To suppress the message, this commit cleans up the processing of
reading the first 6 bytes of a given initramfs file without cat
command.
Frederick Grose [Fri, 9 Oct 2015 20:23:58 +0000 (16:23 -0400)]
dmsquash-live-root: Use non-persistent metadata snapshots for transient overlays.
Temporary snapshots can take advantage of smaller, non-persistent metadata structures.
Make the --readonly option explicit rather than inferred for the readonly_overlay target.
Assure that the live-base target is on the BASE_LOOPDEV.
Stijn Hoop [Sun, 23 Aug 2015 12:45:53 +0000 (14:45 +0200)]
The default gateway might need a static route
Some hosting providers need a static route set in order to be
able to reach the default gateway. Be sure to retry adding
the default gateway after setting the static routes.
Define new script to load keys on the IMA keyring (update)
This patch supports loading keys either on the _ima keyring or, as of
Linux 3.17, on the trusted .ima keyring. Only certificates signed by
a key on the system keyring can be loaded onto the trusted .ima keyring.