osbuild/systemd-unit-create: fix DefaultDependencies option#668
Merged
achilleas-k merged 10 commits intoosbuild:mainfrom Jun 6, 2024
Merged
osbuild/systemd-unit-create: fix DefaultDependencies option#668achilleas-k merged 10 commits intoosbuild:mainfrom
achilleas-k merged 10 commits intoosbuild:mainfrom
Conversation
Member
Author
|
This needs more work. The systemd service needs fixing both in the things it runs and its ordering. |
Member
Author
|
The systemd unit in its current form doesn't do what we want. We need to be very specific about unit ordering for the There's a simple (ish) way to experiment with the problem this service is trying to solve.
{
"name": "ostree-filesystem-customizations-42000",
"blueprint": {
"customizations": {
"user": [
{
"name": "root",
"key": "<SSHKEY>",
"password": "<PASSWORD>"
}
],
"filesystem": [
{
"mountpoint": "/data",
"minsize": 2147483648
},
{
"mountpoint": "/data/secondary",
"minsize": 2147483648
},
{
"mountpoint": "/stuff",
"minsize": 2147483648
},
{
"mountpoint": "/var/mydata",
"minsize": 1073741824
}
]
}
},
"options": {
"ostree": {
"ref": "rhel/9/x86_64/edge",
"url": "http://127.0.0.1:42000/repo"
}
}
}
With the service disabled, the mount should fail on boot. If the service looks like this though, everything should work (you can just plop it down in |
achilleas-k
force-pushed
the
systemd/default-dependencies/unset
branch
from
c0692e7 to
f40111c
Compare
achilleas-k
force-pushed
the
systemd/default-dependencies/unset
branch
from
8046905 to
3d3399f
Compare
mvo5
reviewed
May 29, 2024
Contributor
mvo5
left a comment
mvo5
left a comment
There was a problem hiding this comment.
Thank you! This is very nice! Some quick drive-by feedback, I wanted to go full-review but only managed the first few lines and then got distracted. Feel free to ignore, it's mostly rambling.
The default value of DefaultDependencies in systemd is 'true' so we need to make it a pointer with 'omitempty' to be able to represent the 'unset' state. Signed-off-by: Sayan Paul <paul.sayan@gmail.com>
Update the options of the org.osbuild.systemd.unit.create stage with the new Before option.
Adding more paths that are denied for mountpoint creation for ostree-based images. In a booted ostree system, these paths are symlinks, so it makes no sense (and will cause problems) to create mountpoints at those locations. The list has been sorted to make it simpler to modify consistently going forward.
- The [ -z ... ] is redundant. We can condition on the exit code of grep itself and don't need a subshell. - Double quoting was wrong.
With RemainAfterExit enabled, the service is not considered "stopped" when the execution ends, so the ExecStopPost is never executed. Disabling RemainAfterExit ensures that ExecStopPost is run always, even when the execution of the unit fails.
The mountpoint creation should happen after the ostree-remount.service is run so that the ostree mounts are all set up and directories are created in the correct location for the *live* system.
A new helper function that shells out to systemd-escape to determine the mount unit name for a mountpoint. See systemd-escape(1) for details.
- Add comment explaining why we disable DefaultDependencies. - Drop the unnecessary [:] from the mountpoints slice.
achilleas-k
force-pushed
the
systemd/default-dependencies/unset
branch
from
3d3399f to
49d8e81
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The original purpose of this PR was to make the DefaultDependencies option an optional property that defaults to 'true'. The original PR also had a small fix for the mountpoint creation service. While working on updating the previous PR, I found that the mountpoint creation service for ostree-based images needed more work, including additions to the osbuild stage that creates it.
Replaces #608.
Changes to the systemd unit:
chattr +i /command inExecStartPostisn't run becauseRemainAfterExitis enabled, so the service doesn't "stop".RemainAfterExitshould be disabled.Instead of checking forcomposefsby grepping a binary, perhaps it's more reliable to check for the symptom, the thing we want to toggle, withlsattr -ld / | grep -q Immutable.The last item was abandoned because we don't have a clean way of toggling the immutable flag back on without communicating info from the Pre command to the Post command.
This PR also updates the mountpoint policy for ostree-based systems to disallow paths that are top-level symlinks on a booted system.
Requires osbuild/osbuild#1782