<listitem><para>The system hostname</para></listitem>
+ <listitem><para>The machine tags</para></listitem>
+
<listitem><para>The kernel command line used when installing kernel images</para></listitem>
<listitem><para>The root user's password and shell</para></listitem>
<xi:include href="version-info.xml" xpointer="v216"/></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>--machine-tags=<replaceable>TAG</replaceable><optional>:<replaceable>TAG</replaceable>…</optional></option></term>
+
+ <listitem><para>Set the machine tags to the specified colon-separated list. Machine tags are short
+ labels that may be used to classify and group machines for management purposes, for example to
+ identify the role a machine plays in a deployment, the fleet or organizational unit it belongs to, or
+ any other administrator-defined attribute. Each individual tag must be 1…255 characters long and
+ consist only of ASCII alphanumeric characters, <literal>-</literal> and <literal>.</literal>. This
+ controls the <varname>TAGS=</varname> field of
+ <citerefentry><refentrytitle>machine-info</refentrytitle><manvolnum>5</manvolnum></citerefentry>. The
+ tags may later be queried and changed with the <command>tags</command> command of
+ <citerefentry><refentrytitle>hostnamectl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, and
+ matched against with the <varname>ConditionMachineTag=</varname>/<varname>AssertMachineTag=</varname>
+ unit settings, see
+ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
+
+ <para>Unlike most other settings, machine tags are not prompted for interactively.</para>
+
+ <xi:include href="version-info.xml" xpointer="v261"/></listitem>
+ </varlistentry>
+
<varlistentry>
<term><option>--root-password=<replaceable>PASSWORD</replaceable></option></term>
<term><option>--root-password-file=<replaceable>PATH</replaceable></option></term>
<xi:include href="version-info.xml" xpointer="v261"/></listitem>
</varlistentry>
+
+ <varlistentry>
+ <term><varname>firstboot.machine-tags</varname></term>
+
+ <listitem><para>This credential specifies the machine tags to set during first boot, as a
+ colon-separated list, equivalent to the <option>--machine-tags=</option> switch described above. The
+ tags are written into the <varname>TAGS=</varname> field of <filename>/etc/machine-info</filename>
+ (if that file is not already present), and only have an effect on first boot. If the list contains
+ invalid tags it is ignored in its entirety.</para>
+
+ <xi:include href="version-info.xml" xpointer="v261"/></listitem>
+ </varlistentry>
</variablelist>
<para>Note that by default the <filename>systemd-firstboot.service</filename> unit file is set up to
static char *arg_timezone = NULL;
static char *arg_hostname = NULL;
static sd_id128_t arg_machine_id = {};
+static char **arg_machine_tags = NULL;
static char *arg_root_password = NULL;
static char *arg_root_shell = NULL;
static char *arg_kernel_cmdline = NULL;
STATIC_DESTRUCTOR_REGISTER(arg_keymap, freep);
STATIC_DESTRUCTOR_REGISTER(arg_timezone, freep);
STATIC_DESTRUCTOR_REGISTER(arg_hostname, freep);
+STATIC_DESTRUCTOR_REGISTER(arg_machine_tags, strv_freep);
STATIC_DESTRUCTOR_REGISTER(arg_root_password, erase_and_freep);
STATIC_DESTRUCTOR_REGISTER(arg_root_shell, freep);
STATIC_DESTRUCTOR_REGISTER(arg_kernel_cmdline, freep);
return 0;
}
+static int process_machine_tags(int rfd) {
+ int r;
+
+ assert(rfd >= 0);
+
+ _cleanup_free_ char *f = NULL;
+ _cleanup_close_ int pfd = chase_and_open_parent_at(
+ /* root_fd= */ rfd,
+ /* dir_fd= */ rfd,
+ "/etc/machine-info",
+ CHASE_MKDIR_0755|CHASE_WARN|CHASE_NOFOLLOW,
+ &f);
+ if (pfd < 0)
+ return log_error_errno(pfd, "Failed to chase /etc/machine-info parent: %m");
+
+ r = should_configure(pfd, f);
+ if (r == 0)
+ log_debug("Found /etc/machine-info, assuming machine tags have been configured.");
+ if (r <= 0)
+ return r;
+
+ if (!arg_machine_tags) {
+ _cleanup_free_ char *tags = NULL;
+ r = read_credential("firstboot.machine-tags", (void**) &tags, /* ret_size= */ NULL);
+ if (r < 0)
+ log_debug_errno(r, "Failed to read credential firstboot.machine-tags, ignoring: %m");
+ else {
+ _cleanup_strv_free_ char **l = NULL;
+ r = machine_tags_from_string(tags, /* graceful= */ false, &l);
+ if (r < 0)
+ log_warning_errno(r, "Failed to parse machine tags '%s', ignoring credential: %m", tags);
+ else {
+ strv_free_and_replace(arg_machine_tags, l);
+ log_debug("Acquired machine tags list from credentials.");
+ }
+ }
+ }
+
+ /* NB: We do not prompt for machine tags, at least not for now */
+
+ if (!arg_machine_tags) {
+ log_debug("Initialization of machine tags was not requested, skipping.");
+ return 0;
+ }
+
+ _cleanup_free_ char *j = strv_join(arg_machine_tags, ":");
+ if (!j)
+ return log_oom();
+
+ _cleanup_free_ char *c = strjoin("TAGS=\"", j, "\"\n");
+ if (!c)
+ return log_oom();
+
+ r = write_string_file_at(
+ pfd,
+ "machine-info",
+ c,
+ WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_SYNC|WRITE_STRING_FILE_ATOMIC|WRITE_STRING_FILE_LABEL);
+ if (r < 0)
+ return log_error_errno(r, "Failed to write /etc/machine-info: %m");
+
+ log_info("/etc/machine-info written.");
+ return 0;
+}
+
static int prompt_root_password(int rfd, sd_varlink **mute_console_link) {
const char *msg1, *msg2;
int r;
return log_error_errno(r, "Failed to parse machine id %s.", opts.arg);
break;
+ OPTION_LONG("machine-tags", "TAG[:…]", "Set machine tags"): {
+ _cleanup_strv_free_ char **tags = NULL;
+ r = machine_tags_from_string(opts.arg, /* graceful= */ false, &tags);
+ if (r < 0)
+ return log_error_errno(r, "Failed to parse machine tags '%s': %m", opts.arg);
+
+ strv_free_and_replace(arg_machine_tags, tags);
+ break;
+ }
+
OPTION_LONG("root-password", "PASSWORD", "Set root password from plaintext password"):
r = free_and_strdup_warn(&arg_root_password, opts.arg);
if (r < 0)
if (r < 0)
return r;
+ r = process_machine_tags(rfd);
+ if (r < 0)
+ return r;
+
return 0;
}
projects / thirdparty / systemd.git / commitdiff
