On EL8.3 the NetworkManager keep restarting even if it exits successfully while waiting for Clevis to unlock. This patch ensures NetworkManager runs only once in initrd.
Adam Williamson [Thu, 26 Nov 2020 19:29:45 +0000 (11:29 -0800)]
Drop 51-dracut-rescue-postinst.sh entirely
It is only installed on RHEL 8+, but as noted in the first commit
that tried to do this - 0bb9a683 - we already have branches for
all RHEL releases, so there's no point keeping such a conditional
on the master branch. After 0bb9a683, 51-dracut-rescue-postinst.sh
was re-added because Fedora 30 needed it, with a FIXME saying to
remove it after F30 was released. But instead of that happening, it
got changed to a conditional to install it on Fedora <= 30 or RHEL
<= 8 in 9e68789d and the FIXME was removed, then in 9eb1d1ed that
conditional was simplified to only refer to RHEL, so we wound up
with this situation.
Note the last two commits were never ported to the RHEL-8 branch,
so it's broken, I will send a separate PR for that.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Daniel Molkentin [Mon, 14 Dec 2020 11:05:06 +0000 (12:05 +0100)]
Revert "Retrieve service, rpc and protcol entries via getent in hostonly mode"
The underlying issues this was trying to solve is to get a cheap
workaround for the fact that (open)SUSE with atomic support moved
/etc stock files to /usr/etc in order to improve compatibility. But
now that even nsswitch.conf moved, this is no longer enough. And it
might be more trouble to support once it's in an official release.
Lukas Nykryn [Fri, 27 Nov 2020 08:32:20 +0000 (09:32 +0100)]
multipathd: fix the comparison
From shellcheck:
/usr/lib/dracut/modules.d/90multipath/multipathd.sh:3:32: warning[SC2039]: In POSIX sh, == in place of = is undefined.
/usr/lib/dracut/modules.d/90multipath/multipathd.sh:3:32: warning[SC2193]: The arguments to this comparison can never be equal.
Kairui Song [Fri, 13 Nov 2020 10:08:47 +0000 (18:08 +0800)]
95fcoe: don't install if there is no FCoE hostonly devices
When in hostonly mode, 95fcoe module will still be installed even there
is no FCoE hostonly device. So use the new block_is_fcoe helper to check
for hostonly device in hostonly mode, avoid installing unneccessary module.
Petr Pavlu [Thu, 17 Sep 2020 14:18:44 +0000 (16:18 +0200)]
Prevent creating unexpected files on the host when running dracut
Library file modules.d/99base/dracut-lib.sh contains initialization code
that makes sure certain directories and links are created when a system
runs from the produced initramfs. This file is normally sourced only
from initramfs scripts. However, modules.d/99base/module-setup.sh
includes it also when an initramfs image is being created to gain access
to some of the functions in this library. This can result in creating
unexpected directories and links on the current root file system when
the dracut command is executed.
For instance, during a system installation when dracut is invoked to
create an initial initramfs, the target sysroot might not contain
directory /run/initramfs but have /var/log. This situation results in
the code in modules.d/99base/dracut-lib.sh creating an unexpected link
/var/log/log that points to /run/initramfs/log. This link is then also
present on the installed system.
The patch fixes the problem by skipping the described logic in
modules.d/99base/dracut-lib.sh when the PREFIX variable is non-empty
which indicates that a target initramfs is being prepared. The variable
is set by modules.d/99base/module-setup.sh prior to including
dracut-lib.sh.
Colin Walters [Fri, 16 Oct 2020 21:04:45 +0000 (21:04 +0000)]
Don't print when a module is explicitly omitted (by default)
dracut builds today are fairly verbose to start, but on top of
that many of the messages tend to liberally use the
exclamation point `!` which calls attention to them.
I see these a lot when looking at rpm-ostree build logs
and it'd be nicer if we were quiet when there wasn't
an actual problem.
In this specific case, if the builder is explicitly adding
`--omit=foo`, there's no reason for us to say:
`dracut: dracut module 'foo' will not be installed, because it's in the list to be omitted!`
We already print the command line to start, so the information
is there.
Daniel Molkentin [Fri, 27 Mar 2020 13:22:37 +0000 (14:22 +0100)]
Retrieve service, rpc and protcol entries via getent in hostonly mode
Sometimes, systems have more elaborate backends in nsswitch.conf,
the complexity of which we do not want in the initrd. SUSE systems
with atomic for instance, where those files may also reside in /usr/etc.
With this change, the unavaiable nsswitch.conf backends will be silently
ignored, and we still end up with all the information we need.
Jonathan Lebon [Thu, 12 Nov 2020 16:27:39 +0000 (11:27 -0500)]
90crypt: pull in remote-cryptsetup.target enablement
This should've been part of #964. As mentioned there, the
`initrd-cryptsetup.target` approach was reverted in the end, and we went
back to relying in `remote-cryptsetup.target`:
https://github.com/systemd/systemd/pull/17467
So we do need to ship the enablement symlink for it.
Kairui Song [Mon, 12 Oct 2020 07:18:45 +0000 (15:18 +0800)]
dracut-init.sh: Add a helper for detect device kernel modules
Use udevadm to detect the required kernel modules to load a given
device. udevadm will follow the device chain, help detect all required
parent device drivers as well.
check_block_and_slaves_all $func $dev should return 0, if $func return 0
for any checked device. Currently if any device don't have any sub
device, 1 is returned instead.
So remove the sub device checking statement. Also remove the same
statement in check_block_and_slaves, the "[[ -f $_x/dev ]]" in the for
loop is enought to ensure sub device exists.
Kairui Song [Wed, 21 Oct 2020 08:18:07 +0000 (16:18 +0800)]
Add a --hostonly-nics option
Currently when network is enabled, dracut will install all network
drivers that are currently loaded, but some time only one NIC is needed
for the initramfs.
So for strict hostonly mode, add a --hostonly-nics option, user can
provide a list of NICs to be enabled, and only needed drivers for
specifed NICs will be installed so save space.
Jonathan Lebon [Tue, 20 Oct 2020 20:41:00 +0000 (16:41 -0400)]
90crypt: ship initrd-cryptsetup.target
This was added in https://github.com/systemd/systemd/pull/17149 and is
the designated cryptsetup target for all encrypted volumes that need to
be opened in the initrd.
So it effectively replaces `cryptsetup.target` and
`remote-cryptsetup.target` there. I've removed the latter since it was
added recently (by me) in #930, but kept `cryptsetup.target` since we've
been shipping it for a long time now.
Frederick Grose [Tue, 20 Oct 2020 00:39:37 +0000 (20:39 -0400)]
dmsquash-live/iso-scan: Provide an easy reference to iso-scan device.
With commit 3c8c807, /run/initramfs/isoscan and /run/initramfs/live
mountpoints are unmounted upon rd.live.ram boots. Save a link to
the iso-scan device in /run/initramfs/isoscandev to easily remount
the source, if desired.
Jonathan Lebon [Fri, 9 Oct 2020 23:44:35 +0000 (19:44 -0400)]
98dracut-systemd: don't wait for root device if remote cryptsetup active
This is a plain and simple hack around dependency issues between dracut
and systemd.
When using Tang-pinned LUKS root devices, we want to rely on
`systemd-cryptsetup@.service` to unlock it. However, that service only
runs `After=remote-fs-pre.target`, while `dracut-initqueue.service` has
`Before=remote-fs-pre.target` (which makes sense because we don't want
to attempt networked root devices before networking is up).
However, the rootfs-generator here wants to make sure that the root
device exists *before* exiting the initqueue via an initqueue/finished
"devexists" hook. This will never work though because by design
`systemd-cryptsetup@.service`, which unlocks the root device, won't run
until after we exit.
There's no clean way to break this. The root issue is that there's no
way right now to split sequencing of systemd services across the
initqueue/online and initqueue/finished events because it's all bundled
in a single service. (The deeper root issue of course is that we have
two init systems. :) ).
Here we do a tactical fix: if there's a `systemd-cryptsetup@.service`
instance, let's assume it's for the root device and skip waiting for it
to show up if it depends on `remote-fs-pre.target`.
cryptroot-ask: unify /etc/crypttab and rd.luks.key
dracut feeds whatever it receives in password field of
crypttab(5) to `cryptsetup -d`, treating them as plain-text key file.
Meanwhile, dracut treats the key file from `rd.luks.key` differently,
by have some special rules to decrypt those key files that has extension of
`gpg` and `img`.
Let's begin to treat them the same.
This is a backward-incompatible change for those people
that uses plain-text key-file that has extension of `gpg` and `img`.
However, those setup is questionable to begin with.
Nicolas Chauvet [Wed, 7 Oct 2020 13:39:23 +0000 (15:39 +0200)]
90kernel-modules: arm: add drivers/hwmon for arm/arm64
In the case of the s805x the drivers/hwmon directory contains the
scpi_hwmon kernel module.
On a running system, lsmod would output the following dependencies:
arm_scpi 24576 2 clk_scpi,scpi_hwmon
It means that if the clock driver is bundled in the initramfs it will
bring arm_scpi. But if scpi_hwmon is missing the scpi will be incomplete
and it can lead to crashes.
When the hwmon is bundled, no crash occurs
Signed-off-by: Nicolas Chauvet <kwizart@gmail.com>
rootfs-block: only write root argument for block device
Some filesystem (e.g. ZFS, and btrfs subvolumes) don't use block
devices. Should they be mounted as `/`, `find_root_block_device`
yields nothing, hence dracut will append this problematic argument
to kernel cmdline:
root=/dev/block
On a machine that employ root ZFS on LUKS, which was setup with
an OpenPGP-encrypted key file, this argument renders that machine
unbootable. Remove that `root=/dev/block` manually could boot the
machine.
Let check if that device is a block device before write down `root`
argument. This is consistent with the check for block device in
`find_block_device`.
Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
Hannes Reinecke [Mon, 28 Sep 2020 11:39:07 +0000 (13:39 +0200)]
95nvmf: Fixup FC connections
D-Bus doesn't run in the initrd, so our usual trick of activating
custom systemd services from udev doesn't work.
So add a rule to create initqueue entries for each possible
connection.
Hannes Reinecke [Mon, 28 Sep 2020 09:25:53 +0000 (11:25 +0200)]
95nvmf: rework parameter handling
Always add the nvmf.discover parameters to /etc/nvme/discovery
when parsing the dracut commandline, and rely on NVMe autodiscovery
when no parameters are given.
And modify the syntax to use a comma ',' as a separator for nvmf.discover
as the semicolon ':' is already used for the FC-NVMe transport address format.
dracut-install: fix edge-case regression with weak modules
This was introduced with 6dafdda4a6bdb8721133e4267553c5d86564f9e8, but
is actually caused by the fact that modules that have already been
installed cause dracut_install() to return without adding the module
to the hashmap. This can happen if an earlier-run dracut module chose
to install the same module. Now modprobe statements like:
(which look weird, but are perfectly valid), cause
dracut_install() to enter an infinite recursion if and only if
at least one of the files has previously been installed by another
module.
Fix this by also adding already installed modules to the hashmap.
Antz [Sat, 29 Aug 2020 12:54:19 +0000 (14:54 +0200)]
90crypt: make `rd.luks.key` usable with encrypted keydev.
Introduce prefix `keysource:` for the values of `rd.luks.partuuid`,
`rd.luks.serial` and `rd.luks.uuid`.
If specified, ask for passphrase instead of waiting for keydevs to come
online.
Kairui Song [Wed, 9 Sep 2020 18:18:02 +0000 (02:18 +0800)]
04watchdog: split the watchdog module install
In some cases, user only want to include the watchdog module, not the
wdctl or any other userspace helper. For example, systemd have a
RebootWatchdogSec option that use watchdog to prevent reboot hangs. And
it can help prevent machines hangs when reboot directly within the
initramfs stage. So split the module installation to a standlone module.
Also when watchdog-module get included, install driver for all loaded
watchdog instaed of only install driver for active watchdog. Both
watchdog and watchdog-module return 255 in check(), so it's enabled only
when manually included, the watchdog may get configured/activated later.
projects / thirdparty / dracut.git / log
