From 58d386253dcf6eea38e12d1973ef1f2d9a15636d Mon Sep 17 00:00:00 2001 From: CoreOS Bot Date: Tue, 11 Apr 2023 16:52:23 +0000 Subject: [PATCH] tree: promote changes from next-devel at 8e484886a87acbc1701b10da777159708ba4726b --- manifest-lock.aarch64.json | 52 +-- manifest-lock.overrides.yaml | 14 +- manifest-lock.ppc64le.json | 52 +-- manifest-lock.s390x.json | 48 +-- manifest-lock.x86_64.json | 50 +-- manifests/fedora-coreos-base.yaml | 1 + .../coreos-teardown-initramfs.service | 8 + .../ignition-ostree-growfs.service | 8 +- .../ignition-ostree-growfs.sh | 40 ++- ...on-ostree-transposefs-autosave-xfs.service | 19 ++ ...gnition-ostree-transposefs-restore.service | 2 +- .../ignition-ostree-transposefs.sh | 113 +++++-- .../40ignition-ostree/module-setup.sh | 4 +- .../lib/udev/rules.d/65-gce-disk-naming.rules | 38 --- .../coreos-platform-chrony-config.service | 1 + .../usr/libexec/coreos-platform-chrony-config | 24 +- overlay.d/30gcp-udev-rules/statoverride | 2 + .../usr/lib/udev/google_nvme_id | 308 ++++++++++++++++++ .../udev/rules.d/64-gce-disk-removal.rules | 19 ++ .../lib/udev/rules.d/65-gce-disk-naming.rules | 41 +++ overlay.d/README.md | 14 + tests/kola/disks/growfs | 20 ++ ...enerator => coreos-platform-chrony-config} | 8 +- .../autosave-xfs/data/commonlib.sh | 1 + .../root-reprovision/autosave-xfs/test.sh | 26 ++ tests/kola/root-reprovision/linear/test.sh | 5 + .../luks/autosave-xfs/config.ign | 1 + .../root-reprovision/luks/autosave-xfs/data | 1 + .../luks/autosave-xfs/test.sh | 34 ++ tests/kola/root-reprovision/luks/config.ign | 4 +- .../root-reprovision/luks/data/luks-test.sh | 59 ++++ tests/kola/root-reprovision/luks/test.sh | 51 +-- tests/kola/root-reprovision/raid1/test.sh | 5 + tests/kola/upgrade/extended/test.sh | 7 +- tests/kola/var-mount/luks/test.sh | 9 + 35 files changed, 854 insertions(+), 235 deletions(-) create mode 100644 overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-autosave-xfs.service delete mode 100644 overlay.d/05core/usr/lib/udev/rules.d/65-gce-disk-naming.rules create mode 100644 overlay.d/30gcp-udev-rules/statoverride create mode 100644 overlay.d/30gcp-udev-rules/usr/lib/udev/google_nvme_id create mode 100644 overlay.d/30gcp-udev-rules/usr/lib/udev/rules.d/64-gce-disk-removal.rules create mode 100644 overlay.d/30gcp-udev-rules/usr/lib/udev/rules.d/65-gce-disk-naming.rules create mode 100755 tests/kola/disks/growfs rename tests/kola/ntp/chrony/{coreos-platform-chrony-generator => coreos-platform-chrony-config} (57%) create mode 120000 tests/kola/root-reprovision/autosave-xfs/data/commonlib.sh create mode 100755 tests/kola/root-reprovision/autosave-xfs/test.sh create mode 120000 tests/kola/root-reprovision/luks/autosave-xfs/config.ign create mode 120000 tests/kola/root-reprovision/luks/autosave-xfs/data create mode 100755 tests/kola/root-reprovision/luks/autosave-xfs/test.sh create mode 100755 tests/kola/root-reprovision/luks/data/luks-test.sh diff --git a/manifest-lock.aarch64.json b/manifest-lock.aarch64.json index da275c4ca3..bfbccfd7cb 100644 --- a/manifest-lock.aarch64.json +++ b/manifest-lock.aarch64.json @@ -136,7 +136,7 @@ "evra": "0.21.3-4.fc38.noarch" }, "container-selinux": { - "evra": "2:2.206.0-1.fc38.noarch" + "evra": "2:2.209.0-1.fc38.noarch" }, "containerd": { "evra": "1.6.19-1.fc38.aarch64" @@ -175,7 +175,7 @@ "evra": "3.17.1-5.fc38.aarch64" }, "crun": { - "evra": "1.8.1-1.fc38.aarch64" + "evra": "1.8.3-2.fc38.aarch64" }, "crypto-policies": { "evra": "20230301-1.gita12f7b2.fc38.noarch" @@ -283,13 +283,13 @@ "evra": "38-0.5.noarch" }, "fedora-release-common": { - "evra": "38-0.32.noarch" + "evra": "38-0.33.noarch" }, "fedora-release-coreos": { - "evra": "38-0.32.noarch" + "evra": "38-0.33.noarch" }, "fedora-release-identity-coreos": { - "evra": "38-0.32.noarch" + "evra": "38-0.33.noarch" }, "fedora-repos": { "evra": "38-0.5.noarch" @@ -343,7 +343,7 @@ "evra": "3.13.1-1.fc38.aarch64" }, "fwupd": { - "evra": "1.8.12-1.fc38.aarch64" + "evra": "1.8.14-1.fc38.aarch64" }, "gawk": { "evra": "5.1.1-5.fc38.aarch64" @@ -490,16 +490,16 @@ "evra": "2.5.1-5.fc38.noarch" }, "kernel": { - "evra": "6.2.8-300.fc38.aarch64" + "evra": "6.2.9-300.fc38.aarch64" }, "kernel-core": { - "evra": "6.2.8-300.fc38.aarch64" + "evra": "6.2.9-300.fc38.aarch64" }, "kernel-modules": { - "evra": "6.2.8-300.fc38.aarch64" + "evra": "6.2.9-300.fc38.aarch64" }, "kernel-modules-core": { - "evra": "6.2.8-300.fc38.aarch64" + "evra": "6.2.9-300.fc38.aarch64" }, "kexec-tools": { "evra": "2.0.26-3.fc38.aarch64" @@ -541,7 +541,7 @@ "evra": "2.5.5-6.fc38.aarch64" }, "libatomic": { - "evra": "13.0.1-0.8.fc38.aarch64" + "evra": "13.0.1-0.12.fc38.aarch64" }, "libattr": { "evra": "2.5.1-6.fc38.aarch64" @@ -607,7 +607,7 @@ "evra": "1.5-2.fc38.aarch64" }, "libgcc": { - "evra": "13.0.1-0.8.fc38.aarch64" + "evra": "13.0.1-0.12.fc38.aarch64" }, "libgcrypt": { "evra": "1.10.1-7.fc38.aarch64" @@ -652,7 +652,7 @@ "evra": "1.6.3-2.fc38.aarch64" }, "libldb": { - "evra": "2.7.1-1.fc38.aarch64" + "evra": "2.7.2-1.fc38.aarch64" }, "libluksmeta": { "evra": "9-15.fc38.aarch64" @@ -754,7 +754,7 @@ "evra": "2.38.1-4.fc38.aarch64" }, "libsmbclient": { - "evra": "2:4.18.0-12.fc38.aarch64" + "evra": "2:4.18.1-0.fc38.aarch64" }, "libsolv": { "evra": "0.7.22-4.fc38.aarch64" @@ -775,7 +775,7 @@ "evra": "2.8.2-4.fc38.aarch64" }, "libstdc++": { - "evra": "13.0.1-0.8.fc38.aarch64" + "evra": "13.0.1-0.12.fc38.aarch64" }, "libtalloc": { "evra": "2.4.0-2.fc38.aarch64" @@ -823,7 +823,7 @@ "evra": "0.3.2-5.fc38.aarch64" }, "libwbclient": { - "evra": "2:4.18.0-12.fc38.aarch64" + "evra": "2:4.18.1-0.fc38.aarch64" }, "libxcrypt": { "evra": "4.4.33-7.fc38.aarch64" @@ -1003,10 +1003,10 @@ "evra": "1.8.0-6.fc38.aarch64" }, "podman": { - "evra": "5:4.4.2-2.fc38.aarch64" + "evra": "5:4.4.4-3.fc38.aarch64" }, "podman-plugins": { - "evra": "5:4.4.2-2.fc38.aarch64" + "evra": "5:4.4.4-3.fc38.aarch64" }, "policycoreutils": { "evra": "3.5-1.fc38.aarch64" @@ -1033,7 +1033,7 @@ "evra": "23.6-2.fc38.aarch64" }, "publicsuffix-list-dafsa": { - "evra": "20221208-2.fc38.noarch" + "evra": "20230318-1.fc38.noarch" }, "qemu-user-static-x86": { "evra": "2:7.2.0-6.fc38.aarch64" @@ -1069,13 +1069,13 @@ "evra": "2:1.1.4-2.fc38.aarch64" }, "samba-client-libs": { - "evra": "2:4.18.0-12.fc38.aarch64" + "evra": "2:4.18.1-0.fc38.aarch64" }, "samba-common": { - "evra": "2:4.18.0-12.fc38.noarch" + "evra": "2:4.18.1-0.fc38.noarch" }, "samba-common-libs": { - "evra": "2:4.18.0-12.fc38.aarch64" + "evra": "2:4.18.1-0.fc38.aarch64" }, "sed": { "evra": "4.8-12.fc38.aarch64" @@ -1198,7 +1198,7 @@ "evra": "4.0.1-3.fc38.aarch64" }, "tzdata": { - "evra": "2022g-2.fc38.noarch" + "evra": "2023c-1.fc38.noarch" }, "userspace-rcu": { "evra": "0.13.2-2.fc38.aarch64" @@ -1253,13 +1253,13 @@ } }, "metadata": { - "generated": "2023-04-02T00:00:00Z", + "generated": "2023-04-08T00:00:00Z", "rpmmd_repos": { "fedora-coreos-pool": { - "generated": "2023-04-01T22:32:25Z" + "generated": "2023-04-08T14:19:34Z" }, "fedora-next": { - "generated": "2023-04-01T17:05:06Z" + "generated": "2023-04-07T09:35:37Z" }, "fedora-next-updates": { "generated": "2018-02-20T19:13:29Z" diff --git a/manifest-lock.overrides.yaml b/manifest-lock.overrides.yaml index 55386e6c82..5795a297ab 100644 --- a/manifest-lock.overrides.yaml +++ b/manifest-lock.overrides.yaml @@ -9,9 +9,15 @@ # for FCOS-specific packages (ignition, afterburn, etc.). packages: - nmstate: - evr: 2.2.9-1.fc38 + podman: + evr: 5:4.4.4-3.fc38 metadata: - bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2023-a226c4298d - reason: https://github.com/coreos/coreos-assembler/pull/3397 + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2023-c6f82ee005 + reason: https://github.com/coreos/fedora-coreos-tracker/issues/1455 + type: fast-track + podman-plugins: + evr: 5:4.4.4-3.fc38 + metadata: + bodhi: https://bodhi.fedoraproject.org/updates/FEDORA-2023-c6f82ee005 + reason: https://github.com/coreos/fedora-coreos-tracker/issues/1455 type: fast-track diff --git a/manifest-lock.ppc64le.json b/manifest-lock.ppc64le.json index e9eac57ef1..804a0f614a 100644 --- a/manifest-lock.ppc64le.json +++ b/manifest-lock.ppc64le.json @@ -136,7 +136,7 @@ "evra": "0.21.3-4.fc38.noarch" }, "container-selinux": { - "evra": "2:2.206.0-1.fc38.noarch" + "evra": "2:2.209.0-1.fc38.noarch" }, "containerd": { "evra": "1.6.19-1.fc38.ppc64le" @@ -175,7 +175,7 @@ "evra": "3.17.1-5.fc38.ppc64le" }, "crun": { - "evra": "1.8.1-1.fc38.ppc64le" + "evra": "1.8.3-2.fc38.ppc64le" }, "crypto-policies": { "evra": "20230301-1.gita12f7b2.fc38.noarch" @@ -274,13 +274,13 @@ "evra": "38-0.5.noarch" }, "fedora-release-common": { - "evra": "38-0.32.noarch" + "evra": "38-0.33.noarch" }, "fedora-release-coreos": { - "evra": "38-0.32.noarch" + "evra": "38-0.33.noarch" }, "fedora-release-identity-coreos": { - "evra": "38-0.32.noarch" + "evra": "38-0.33.noarch" }, "fedora-repos": { "evra": "38-0.5.noarch" @@ -334,7 +334,7 @@ "evra": "3.13.1-1.fc38.ppc64le" }, "fwupd": { - "evra": "1.8.12-1.fc38.ppc64le" + "evra": "1.8.14-1.fc38.ppc64le" }, "gawk": { "evra": "5.1.1-5.fc38.ppc64le" @@ -484,16 +484,16 @@ "evra": "2.5.1-5.fc38.noarch" }, "kernel": { - "evra": "6.2.8-300.fc38.ppc64le" + "evra": "6.2.9-300.fc38.ppc64le" }, "kernel-core": { - "evra": "6.2.8-300.fc38.ppc64le" + "evra": "6.2.9-300.fc38.ppc64le" }, "kernel-modules": { - "evra": "6.2.8-300.fc38.ppc64le" + "evra": "6.2.9-300.fc38.ppc64le" }, "kernel-modules-core": { - "evra": "6.2.8-300.fc38.ppc64le" + "evra": "6.2.9-300.fc38.ppc64le" }, "kexec-tools": { "evra": "2.0.26-3.fc38.ppc64le" @@ -535,7 +535,7 @@ "evra": "2.5.5-6.fc38.ppc64le" }, "libatomic": { - "evra": "13.0.1-0.8.fc38.ppc64le" + "evra": "13.0.1-0.12.fc38.ppc64le" }, "libattr": { "evra": "2.5.1-6.fc38.ppc64le" @@ -601,7 +601,7 @@ "evra": "1.5-2.fc38.ppc64le" }, "libgcc": { - "evra": "13.0.1-0.8.fc38.ppc64le" + "evra": "13.0.1-0.12.fc38.ppc64le" }, "libgcrypt": { "evra": "1.10.1-7.fc38.ppc64le" @@ -646,7 +646,7 @@ "evra": "1.6.3-2.fc38.ppc64le" }, "libldb": { - "evra": "2.7.1-1.fc38.ppc64le" + "evra": "2.7.2-1.fc38.ppc64le" }, "libluksmeta": { "evra": "9-15.fc38.ppc64le" @@ -754,7 +754,7 @@ "evra": "2.38.1-4.fc38.ppc64le" }, "libsmbclient": { - "evra": "2:4.18.0-12.fc38.ppc64le" + "evra": "2:4.18.1-0.fc38.ppc64le" }, "libsolv": { "evra": "0.7.22-4.fc38.ppc64le" @@ -775,7 +775,7 @@ "evra": "2.8.2-4.fc38.ppc64le" }, "libstdc++": { - "evra": "13.0.1-0.8.fc38.ppc64le" + "evra": "13.0.1-0.12.fc38.ppc64le" }, "libtalloc": { "evra": "2.4.0-2.fc38.ppc64le" @@ -823,7 +823,7 @@ "evra": "0.3.2-5.fc38.ppc64le" }, "libwbclient": { - "evra": "2:4.18.0-12.fc38.ppc64le" + "evra": "2:4.18.1-0.fc38.ppc64le" }, "libxcrypt": { "evra": "4.4.33-7.fc38.ppc64le" @@ -1003,10 +1003,10 @@ "evra": "1.8.0-6.fc38.ppc64le" }, "podman": { - "evra": "5:4.4.2-2.fc38.ppc64le" + "evra": "5:4.4.4-3.fc38.ppc64le" }, "podman-plugins": { - "evra": "5:4.4.2-2.fc38.ppc64le" + "evra": "5:4.4.4-3.fc38.ppc64le" }, "policycoreutils": { "evra": "3.5-1.fc38.ppc64le" @@ -1039,7 +1039,7 @@ "evra": "23.6-2.fc38.ppc64le" }, "publicsuffix-list-dafsa": { - "evra": "20221208-2.fc38.noarch" + "evra": "20230318-1.fc38.noarch" }, "qemu-user-static-x86": { "evra": "2:7.2.0-6.fc38.ppc64le" @@ -1075,13 +1075,13 @@ "evra": "2:1.1.4-2.fc38.ppc64le" }, "samba-client-libs": { - "evra": "2:4.18.0-12.fc38.ppc64le" + "evra": "2:4.18.1-0.fc38.ppc64le" }, "samba-common": { - "evra": "2:4.18.0-12.fc38.noarch" + "evra": "2:4.18.1-0.fc38.noarch" }, "samba-common-libs": { - "evra": "2:4.18.0-12.fc38.ppc64le" + "evra": "2:4.18.1-0.fc38.ppc64le" }, "sed": { "evra": "4.8-12.fc38.ppc64le" @@ -1204,7 +1204,7 @@ "evra": "4.0.1-3.fc38.ppc64le" }, "tzdata": { - "evra": "2022g-2.fc38.noarch" + "evra": "2023c-1.fc38.noarch" }, "userspace-rcu": { "evra": "0.13.2-2.fc38.ppc64le" @@ -1259,13 +1259,13 @@ } }, "metadata": { - "generated": "2023-04-02T00:00:00Z", + "generated": "2023-04-08T00:00:00Z", "rpmmd_repos": { "fedora-coreos-pool": { - "generated": "2023-04-01T22:31:46Z" + "generated": "2023-04-08T14:20:08Z" }, "fedora-next": { - "generated": "2023-04-01T17:05:02Z" + "generated": "2023-04-07T09:35:43Z" }, "fedora-next-updates": { "generated": "2018-02-28T16:06:00Z" diff --git a/manifest-lock.s390x.json b/manifest-lock.s390x.json index 5433df4602..5e9c66898b 100644 --- a/manifest-lock.s390x.json +++ b/manifest-lock.s390x.json @@ -133,7 +133,7 @@ "evra": "0.21.3-4.fc38.noarch" }, "container-selinux": { - "evra": "2:2.206.0-1.fc38.noarch" + "evra": "2:2.209.0-1.fc38.noarch" }, "containerd": { "evra": "1.6.19-1.fc38.s390x" @@ -172,7 +172,7 @@ "evra": "3.17.1-5.fc38.s390x" }, "crun": { - "evra": "1.8.1-1.fc38.s390x" + "evra": "1.8.3-2.fc38.s390x" }, "crypto-policies": { "evra": "20230301-1.gita12f7b2.fc38.noarch" @@ -271,13 +271,13 @@ "evra": "38-0.5.noarch" }, "fedora-release-common": { - "evra": "38-0.32.noarch" + "evra": "38-0.33.noarch" }, "fedora-release-coreos": { - "evra": "38-0.32.noarch" + "evra": "38-0.33.noarch" }, "fedora-release-identity-coreos": { - "evra": "38-0.32.noarch" + "evra": "38-0.33.noarch" }, "fedora-repos": { "evra": "38-0.5.noarch" @@ -451,16 +451,16 @@ "evra": "2.5.1-5.fc38.noarch" }, "kernel": { - "evra": "6.2.8-300.fc38.s390x" + "evra": "6.2.9-300.fc38.s390x" }, "kernel-core": { - "evra": "6.2.8-300.fc38.s390x" + "evra": "6.2.9-300.fc38.s390x" }, "kernel-modules": { - "evra": "6.2.8-300.fc38.s390x" + "evra": "6.2.9-300.fc38.s390x" }, "kernel-modules-core": { - "evra": "6.2.8-300.fc38.s390x" + "evra": "6.2.9-300.fc38.s390x" }, "kexec-tools": { "evra": "2.0.26-3.fc38.s390x" @@ -562,7 +562,7 @@ "evra": "1.12.0-3.fc38.s390x" }, "libgcc": { - "evra": "13.0.1-0.8.fc38.s390x" + "evra": "13.0.1-0.12.fc38.s390x" }, "libgcrypt": { "evra": "1.10.1-7.fc38.s390x" @@ -598,7 +598,7 @@ "evra": "1.6.3-2.fc38.s390x" }, "libldb": { - "evra": "2.7.1-1.fc38.s390x" + "evra": "2.7.2-1.fc38.s390x" }, "libluksmeta": { "evra": "9-15.fc38.s390x" @@ -700,7 +700,7 @@ "evra": "2.38.1-4.fc38.s390x" }, "libsmbclient": { - "evra": "2:4.18.0-12.fc38.s390x" + "evra": "2:4.18.1-0.fc38.s390x" }, "libsolv": { "evra": "0.7.22-4.fc38.s390x" @@ -721,7 +721,7 @@ "evra": "2.8.2-4.fc38.s390x" }, "libstdc++": { - "evra": "13.0.1-0.8.fc38.s390x" + "evra": "13.0.1-0.12.fc38.s390x" }, "libtalloc": { "evra": "2.4.0-2.fc38.s390x" @@ -766,7 +766,7 @@ "evra": "0.3.2-5.fc38.s390x" }, "libwbclient": { - "evra": "2:4.18.0-12.fc38.s390x" + "evra": "2:4.18.1-0.fc38.s390x" }, "libxcrypt": { "evra": "4.4.33-7.fc38.s390x" @@ -934,10 +934,10 @@ "evra": "1.8.0-6.fc38.s390x" }, "podman": { - "evra": "5:4.4.2-2.fc38.s390x" + "evra": "5:4.4.4-3.fc38.s390x" }, "podman-plugins": { - "evra": "5:4.4.2-2.fc38.s390x" + "evra": "5:4.4.4-3.fc38.s390x" }, "policycoreutils": { "evra": "3.5-1.fc38.s390x" @@ -964,7 +964,7 @@ "evra": "23.6-2.fc38.s390x" }, "publicsuffix-list-dafsa": { - "evra": "20221208-2.fc38.noarch" + "evra": "20230318-1.fc38.noarch" }, "qemu-user-static-x86": { "evra": "2:7.2.0-6.fc38.s390x" @@ -1003,13 +1003,13 @@ "evra": "2:2.25.0-4.fc38.s390x" }, "samba-client-libs": { - "evra": "2:4.18.0-12.fc38.s390x" + "evra": "2:4.18.1-0.fc38.s390x" }, "samba-common": { - "evra": "2:4.18.0-12.fc38.noarch" + "evra": "2:4.18.1-0.fc38.noarch" }, "samba-common-libs": { - "evra": "2:4.18.0-12.fc38.s390x" + "evra": "2:4.18.1-0.fc38.s390x" }, "sed": { "evra": "4.8-12.fc38.s390x" @@ -1126,7 +1126,7 @@ "evra": "4.0.1-3.fc38.s390x" }, "tzdata": { - "evra": "2022g-2.fc38.noarch" + "evra": "2023c-1.fc38.noarch" }, "userspace-rcu": { "evra": "0.13.2-2.fc38.s390x" @@ -1184,13 +1184,13 @@ } }, "metadata": { - "generated": "2023-04-02T00:00:00Z", + "generated": "2023-04-08T00:00:00Z", "rpmmd_repos": { "fedora-coreos-pool": { - "generated": "2023-04-01T22:31:14Z" + "generated": "2023-04-08T14:18:50Z" }, "fedora-next": { - "generated": "2023-04-01T17:05:00Z" + "generated": "2023-04-07T09:35:26Z" }, "fedora-next-updates": { "generated": "2018-02-28T16:06:49Z" diff --git a/manifest-lock.x86_64.json b/manifest-lock.x86_64.json index d5b275f7fb..f34c407c99 100644 --- a/manifest-lock.x86_64.json +++ b/manifest-lock.x86_64.json @@ -136,7 +136,7 @@ "evra": "0.21.3-4.fc38.noarch" }, "container-selinux": { - "evra": "2:2.206.0-1.fc38.noarch" + "evra": "2:2.209.0-1.fc38.noarch" }, "containerd": { "evra": "1.6.19-1.fc38.x86_64" @@ -175,7 +175,7 @@ "evra": "3.17.1-5.fc38.x86_64" }, "crun": { - "evra": "1.8.1-1.fc38.x86_64" + "evra": "1.8.3-2.fc38.x86_64" }, "crypto-policies": { "evra": "20230301-1.gita12f7b2.fc38.noarch" @@ -283,13 +283,13 @@ "evra": "38-0.5.noarch" }, "fedora-release-common": { - "evra": "38-0.32.noarch" + "evra": "38-0.33.noarch" }, "fedora-release-coreos": { - "evra": "38-0.32.noarch" + "evra": "38-0.33.noarch" }, "fedora-release-identity-coreos": { - "evra": "38-0.32.noarch" + "evra": "38-0.33.noarch" }, "fedora-repos": { "evra": "38-0.5.noarch" @@ -343,7 +343,7 @@ "evra": "3.13.1-1.fc38.x86_64" }, "fwupd": { - "evra": "1.8.12-1.fc38.x86_64" + "evra": "1.8.14-1.fc38.x86_64" }, "gawk": { "evra": "5.1.1-5.fc38.x86_64" @@ -496,16 +496,16 @@ "evra": "2.5.1-5.fc38.noarch" }, "kernel": { - "evra": "6.2.8-300.fc38.x86_64" + "evra": "6.2.9-300.fc38.x86_64" }, "kernel-core": { - "evra": "6.2.8-300.fc38.x86_64" + "evra": "6.2.9-300.fc38.x86_64" }, "kernel-modules": { - "evra": "6.2.8-300.fc38.x86_64" + "evra": "6.2.9-300.fc38.x86_64" }, "kernel-modules-core": { - "evra": "6.2.8-300.fc38.x86_64" + "evra": "6.2.9-300.fc38.x86_64" }, "kexec-tools": { "evra": "2.0.26-3.fc38.x86_64" @@ -610,7 +610,7 @@ "evra": "1.5-2.fc38.x86_64" }, "libgcc": { - "evra": "13.0.1-0.8.fc38.x86_64" + "evra": "13.0.1-0.12.fc38.x86_64" }, "libgcrypt": { "evra": "1.10.1-7.fc38.x86_64" @@ -655,7 +655,7 @@ "evra": "1.6.3-2.fc38.x86_64" }, "libldb": { - "evra": "2.7.1-1.fc38.x86_64" + "evra": "2.7.2-1.fc38.x86_64" }, "libluksmeta": { "evra": "9-15.fc38.x86_64" @@ -757,7 +757,7 @@ "evra": "2.38.1-4.fc38.x86_64" }, "libsmbclient": { - "evra": "2:4.18.0-12.fc38.x86_64" + "evra": "2:4.18.1-0.fc38.x86_64" }, "libsolv": { "evra": "0.7.22-4.fc38.x86_64" @@ -778,7 +778,7 @@ "evra": "2.8.2-4.fc38.x86_64" }, "libstdc++": { - "evra": "13.0.1-0.8.fc38.x86_64" + "evra": "13.0.1-0.12.fc38.x86_64" }, "libtalloc": { "evra": "2.4.0-2.fc38.x86_64" @@ -826,7 +826,7 @@ "evra": "0.3.2-5.fc38.x86_64" }, "libwbclient": { - "evra": "2:4.18.0-12.fc38.x86_64" + "evra": "2:4.18.1-0.fc38.x86_64" }, "libxcrypt": { "evra": "4.4.33-7.fc38.x86_64" @@ -1009,10 +1009,10 @@ "evra": "1.8.0-6.fc38.x86_64" }, "podman": { - "evra": "5:4.4.2-2.fc38.x86_64" + "evra": "5:4.4.4-3.fc38.x86_64" }, "podman-plugins": { - "evra": "5:4.4.2-2.fc38.x86_64" + "evra": "5:4.4.4-3.fc38.x86_64" }, "policycoreutils": { "evra": "3.5-1.fc38.x86_64" @@ -1039,7 +1039,7 @@ "evra": "23.6-2.fc38.x86_64" }, "publicsuffix-list-dafsa": { - "evra": "20221208-2.fc38.noarch" + "evra": "20230318-1.fc38.noarch" }, "readline": { "evra": "8.2-3.fc38.x86_64" @@ -1072,13 +1072,13 @@ "evra": "2:1.1.4-2.fc38.x86_64" }, "samba-client-libs": { - "evra": "2:4.18.0-12.fc38.x86_64" + "evra": "2:4.18.1-0.fc38.x86_64" }, "samba-common": { - "evra": "2:4.18.0-12.fc38.noarch" + "evra": "2:4.18.1-0.fc38.noarch" }, "samba-common-libs": { - "evra": "2:4.18.0-12.fc38.x86_64" + "evra": "2:4.18.1-0.fc38.x86_64" }, "sed": { "evra": "4.8-12.fc38.x86_64" @@ -1201,7 +1201,7 @@ "evra": "4.0.1-3.fc38.x86_64" }, "tzdata": { - "evra": "2022g-2.fc38.noarch" + "evra": "2023c-1.fc38.noarch" }, "userspace-rcu": { "evra": "0.13.2-2.fc38.x86_64" @@ -1256,13 +1256,13 @@ } }, "metadata": { - "generated": "2023-04-02T00:00:00Z", + "generated": "2023-04-08T00:00:00Z", "rpmmd_repos": { "fedora-coreos-pool": { - "generated": "2023-04-01T22:33:14Z" + "generated": "2023-04-08T14:19:57Z" }, "fedora-next": { - "generated": "2023-04-01T17:05:27Z" + "generated": "2023-04-07T09:36:00Z" }, "fedora-next-updates": { "generated": "2018-02-20T19:18:14Z" diff --git a/manifests/fedora-coreos-base.yaml b/manifests/fedora-coreos-base.yaml index 512fb43bf3..cf39cbb75d 100644 --- a/manifests/fedora-coreos-base.yaml +++ b/manifests/fedora-coreos-base.yaml @@ -21,6 +21,7 @@ ostree-layers: - overlay/09misc - overlay/20platform-chrony - overlay/25azure-udev-rules + - overlay/30gcp-udev-rules # Be minimal recommends: false diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.service b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.service index 060530e721..b08c827bc5 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.service @@ -18,6 +18,14 @@ DefaultDependencies=false Before=ignition-mount.service Before=ignition-complete.target +# Since we are tearing down networking we need to make sure +# NetworkManager has been stopped, otherwise it'll be trying +# to react to our delete/down operations. Since the ordering +# for ExecStop is the opposite of ExecStart we need to use +# `Before=nm-initrd.service`. +# https://issues.redhat.com/browse/OCPBUGS-11052 +Before=nm-initrd.service + # Make sure ExecStop= runs before we switch root Conflicts=initrd-switch-root.target umount.target Before=initrd-switch-root.target diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service index 0599484824..da47d6660c 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service @@ -4,12 +4,12 @@ DefaultDependencies=false ConditionKernelCommandLine=ostree ConditionPathExists=!/run/ostree-live Before=initrd-root-fs.target -After=sysroot.mount ignition-ostree-mount-firstboot-sysroot.service -# This shouldn't be strictly necessary, but it's cleaner to not have OSTree muck -# around with moving mounts while we're still resizing the filesystem. -Before=ostree-prepare-root.service +Before=sysroot.mount ignition-ostree-mount-firstboot-sysroot.service +After=ignition-ostree-uuid-root.service [Service] Type=oneshot ExecStart=/usr/sbin/ignition-ostree-growfs RemainAfterExit=yes +# So we can transiently mount sysroot +MountFlags=slave \ No newline at end of file diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh index 161c91165b..862cace7d5 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh @@ -5,17 +5,42 @@ set -euo pipefail # partition, unless it determines that either the rootfs was moved or the # partition was already resized (e.g. via Ignition). +# This is copied from ignition-ostree-transposefs.sh. +# Sometimes, for some reason the by-label symlinks aren't updated. Detect these +# cases, and explicitly `udevadm trigger`. +# See: https://bugzilla.redhat.com/show_bug.cgi?id=1908780 +udev_trigger_on_label_mismatch() { + local label=$1; shift + local expected_dev=$1; shift + local actual_dev + expected_dev=$(realpath "${expected_dev}") + # We `|| :` here because sometimes /dev/disk/by-label/$label is missing. + # We've seen this on Fedora kernels with debug enabled (common in `rawhide`). + # See https://github.com/coreos/fedora-coreos-tracker/issues/1092 + actual_dev=$(realpath "/dev/disk/by-label/$label" || :) + if [ "$actual_dev" != "$expected_dev" ]; then + echo "Expected /dev/disk/by-label/$label to point to $expected_dev, but points to $actual_dev; triggering udev" + udevadm trigger --settle "$expected_dev" + fi +} + +# This is also similar to bits from transposefs.sh. +ignition_cfg=/run/ignition.json +expected_dev=$(jq -r '.storage?.filesystems? // [] | map(select(.label == "root")) | .[0].device // ""' "${ignition_cfg}") +if [ -n "${expected_dev}" ]; then + udev_trigger_on_label_mismatch root "${expected_dev}" +fi + # If root reprovisioning was triggered, this file contains state of the root # partition *before* ignition-disks. saved_partstate=/run/ignition-ostree-rootfs-partstate.sh -# We run after the rootfs is mounted at /sysroot, but before ostree-prepare-root -# moves it to /sysroot/sysroot. +# We run before the rootfs is mounted at /sysroot, but we still need to mount it +# (in a private namespace) since XFS and Btrfs can only do resizing online (EXT4 +# can do either). path=/sysroot - -# The use of tail is to avoid errors from duplicate mounts; -# this shouldn't happen for us but we're being conservative. -src=$(findmnt -nvr -o SOURCE "$path" | tail -n1) +src=/dev/disk/by-label/root +mount "${src}" "${path}" # In the IBM Secure Execution case we use Ignition to grow and reencrypt rootfs # see overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-diskful-generator @@ -122,5 +147,6 @@ case "${ROOTFS_TYPE}" in btrfs) btrfs filesystem resize max ${path} ;; esac -# this is useful for tests +# The ignition-ostree-transposefs-xfsauto.service unit needs to know if we +# actually run. This is also useful for tests. touch /run/ignition-ostree-growfs.stamp diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-autosave-xfs.service b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-autosave-xfs.service new file mode 100644 index 0000000000..b914e98c72 --- /dev/null +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-autosave-xfs.service @@ -0,0 +1,19 @@ +[Unit] +Description=Ignition OSTree: Autosave XFS Rootfs Partition +DefaultDependencies=false +After=ignition-disks.service +# Avoid racing with UUID regeneration +After=ignition-ostree-uuid-root.service +After=ignition-ostree-growfs.service +Before=ignition-ostree-transposefs-restore.service +OnFailure=emergency.target +OnFailureJobMode=isolate + +ConditionKernelCommandLine=ostree +# only run if ignition-ostree-growfs ran since that's when pathological cases occur +ConditionPathExists=/run/ignition-ostree-growfs.stamp + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/libexec/ignition-ostree-transposefs autosave-xfs diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-restore.service b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-restore.service index 4eca578934..b64858ffd7 100644 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-restore.service +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-restore.service @@ -4,7 +4,7 @@ DefaultDependencies=false After=ignition-disks.service # Avoid racing with UUID regeneration After=ignition-ostree-uuid-root.service -Before=ignition-ostree-growfs.service +After=ignition-ostree-growfs.service Before=ignition-ostree-mount-firstboot-sysroot.service OnFailure=emergency.target OnFailureJobMode=isolate diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh index 9ec484c88c..244a6a5bc2 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh @@ -54,6 +54,7 @@ mount_verbose() { mount -o "${mode}" "${srcdev}" "${destdir}" } +# A copy of this exists in ignition-ostree-growfs.sh. # Sometimes, for some reason the by-label symlinks aren't updated. Detect these # cases, and explicitly `udevadm trigger`. # See: https://bugzilla.redhat.com/show_bug.cgi?id=1908780 @@ -95,8 +96,12 @@ mount_and_restore_filesystem_by_label() { local mountpoint=$1; shift local saved_fs=$1; shift local new_dev - new_dev=$(jq -r "$(query_fslabel "${label}") | .[0].device" "${ignition_cfg}") - udev_trigger_on_label_mismatch "${label}" "${new_dev}" + new_dev=$(jq -r "$(query_fslabel "${label}") | .[0].device // \"\"" "${ignition_cfg}") + # in the autosave-xfs path, it's not driven by the Ignition config so we + # don't expect a new device there + if [ -n "${new_dev}" ]; then + udev_trigger_on_label_mismatch "${label}" "${new_dev}" + fi mount_verbose "/dev/disk/by-label/${label}" "${mountpoint}" rw find "${saved_fs}" -mindepth 1 -maxdepth 1 -exec mv -t "${mountpoint}" {} + } @@ -124,6 +129,64 @@ mount_and_save_filesystem_by_label() { fi } +# This implements https://github.com/coreos/fedora-coreos-tracker/issues/1183. +should_autosave_rootfs() { + local fstype + fstype=$(lsblk -no FSTYPE "${root_part}") + if [ "$fstype" != xfs ]; then + echo "Filesystem is not XFS (found $fstype); skipping" >&2 + echo 0 + return + fi + local agcount + eval $(xfs_info "${root_part}" | grep -o 'agcount=[0-9]*') + # Semi-arbitrarily chosen: this is roughly ~64G currently (based on initial + # ag sizing at build time) which seems like a good rootfs size at which to + # discriminate between "throwaway/short-lived systems" and "long-running + # workload systems". It's not like XFS performance is way worse at 128. + if [ "$agcount" -lt 128 ]; then + echo "Filesystem agcount is $agcount; skipping" >&2 + echo 0 + return + fi + echo 1 +} + +ensure_zram_dev() { + if test -d "${saved_data}"; then + return 0 + fi + mem_available=$(grep MemAvailable /proc/meminfo | awk '{print $2}') + # Just error out early if we don't even have 1G to work with. This + # commonly happens if you `cosa run` but forget to add `--memory`. That + # way you get a nicer error instead of the spew of EIO errors from `cp`. + # The amount we need is really dependent on a bunch of factors, but just + # ballpark it at 3G. + if [ "${mem_available}" -lt $((1*1024*1024)) ] && [ "${wipes_root}" != 0 ]; then + echo "Root reprovisioning requires at least 3G of RAM" >&2 + exit 1 + fi + modprobe zram num_devices=0 + read dev < /sys/class/zram-control/hot_add + # disksize is set arbitrarily large, as zram is capped by mem_limit + echo 10G > /sys/block/zram"${dev}"/disksize + # Limit zram to 90% of available RAM: we want to be greedy since the + # boot breaks anyway, but we still want to leave room for everything + # else so it hits ENOSPC and doesn't invoke the OOM killer + echo $(( mem_available * 90 / 100 ))K > /sys/block/zram"${dev}"/mem_limit + mkfs.xfs -q /dev/zram"${dev}" + mkdir "${saved_data}" + mount /dev/zram"${dev}" "${saved_data}" + # save the zram device number created for when called to cleanup + echo "${dev}" > "${zram_dev}" +} + +print_zram_mm_stat() { + echo "zram usage:" + read dev < "${zram_dev}" + cat /sys/block/zram"${dev}"/mm_stat +} + # In Secure Execution case user is not allowed to modify partition table check_and_set_secex_config() { if [[ -f /run/coreos/secure-execution ]]; then @@ -162,29 +225,8 @@ case "${1:-}" in echo "Found duplicate or missing ESP, BIOS-BOOT, or PReP labels in config" >&2 exit 1 fi - mem_available=$(grep MemAvailable /proc/meminfo | awk '{print $2}') - # Just error out early if we don't even have 1G to work with. This - # commonly happens if you `cosa run` but forget to add `--memory`. That - # way you get a nicer error instead of the spew of EIO errors from `cp`. - # The amount we need is really dependent on a bunch of factors, but just - # ballpark it at 3G. - if [ "${mem_available}" -lt $((1*1024*1024)) ] && [ "${wipes_root}" != 0 ]; then - echo "Root reprovisioning requires at least 3G of RAM" >&2 - exit 1 - fi - modprobe zram num_devices=0 - read dev < /sys/class/zram-control/hot_add - # disksize is set arbitrarily large, as zram is capped by mem_limit - echo 10G > /sys/block/zram"${dev}"/disksize - # Limit zram to 90% of available RAM: we want to be greedy since the - # boot breaks anyway, but we still want to leave room for everything - # else so it hits ENOSPC and doesn't invoke the OOM killer - echo $(( mem_available * 90 / 100 ))K > /sys/block/zram"${dev}"/mem_limit - mkfs.xfs -q /dev/zram"${dev}" - mkdir "${saved_data}" - mount /dev/zram"${dev}" "${saved_data}" - # save the zram device number created for when called to cleanup - echo "${dev}" > "${zram_dev}" + + ensure_zram_dev if [ "${wipes_root}" != "0" ]; then mkdir "${saved_root}" @@ -202,6 +244,23 @@ case "${1:-}" in mkdir "${saved_prep}" fi ;; + autosave-xfs) + should_autosave=$(should_autosave_rootfs) + if [ "${should_autosave}" = "1" ]; then + wipes_root=1 + ensure_zram_dev + # in the in-place reprovisioning case, the rootfs was already saved + if [ ! -d "${saved_root}" ]; then + mkdir "${saved_root}" + echo "Moving rootfs to RAM..." + mount_and_save_filesystem_by_label root "${saved_root}" + print_zram_mm_stat + fi + mkfs.xfs "${root_part}" -L root -f + # for tests + touch /run/ignition-ostree-autosaved-xfs.stamp + fi + ;; save) # Mounts happen in a private mount namespace since we're not "offically" mounting if [ -d "${saved_root}" ]; then @@ -233,9 +292,7 @@ case "${1:-}" in echo "Moving PReP partition to RAM..." cat "${prep_part}" > "${saved_prep}/partition" fi - echo "zram usage:" - read dev < "${zram_dev}" - cat /sys/block/zram"${dev}"/mm_stat + print_zram_mm_stat ;; restore) # Mounts happen in a private mount namespace since we're not "offically" mounting diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh index d0a4c89a9b..f8450b38c0 100755 --- a/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh +++ b/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh @@ -28,6 +28,8 @@ install() { systemd-sysusers \ systemd-tmpfiles \ sort \ + xfs_info \ + xfs_spaceman \ uniq if [[ $(uname -m) = s390x ]]; then @@ -81,7 +83,7 @@ install() { inst_multiple jq chattr inst_script "$moddir/ignition-ostree-transposefs.sh" "/usr/libexec/ignition-ostree-transposefs" - for x in detect save restore; do + for x in detect save autosave-xfs restore; do install_ignition_unit ignition-ostree-transposefs-${x}.service done diff --git a/overlay.d/05core/usr/lib/udev/rules.d/65-gce-disk-naming.rules b/overlay.d/05core/usr/lib/udev/rules.d/65-gce-disk-naming.rules deleted file mode 100644 index e19c1c5b91..0000000000 --- a/overlay.d/05core/usr/lib/udev/rules.d/65-gce-disk-naming.rules +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright 2016 Google Inc. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Name the attached disks as the specified by deviceName. - -ACTION!="add|change", GOTO="gce_disk_naming_end" -SUBSYSTEM!="block", GOTO="gce_disk_naming_end" - -# SCSI naming -KERNEL=="sd*|vd*", ENV{ID_VENDOR}=="Google", IMPORT{program}="scsi_id --export --whitelisted -d $tempnode" - -# NVME naming -KERNEL=="nvme0n1*", ENV{ID_VENDOR}=="Google", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-0" -KERNEL=="nvme0n2*", ENV{ID_VENDOR}=="Google", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-1" -KERNEL=="nvme0n3*", ENV{ID_VENDOR}=="Google", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-2" -KERNEL=="nvme0n4*", ENV{ID_VENDOR}=="Google", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-3" -KERNEL=="nvme0n5*", ENV{ID_VENDOR}=="Google", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-4" -KERNEL=="nvme0n6*", ENV{ID_VENDOR}=="Google", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-5" -KERNEL=="nvme0n7*", ENV{ID_VENDOR}=="Google", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-6" -KERNEL=="nvme0n8*", ENV{ID_VENDOR}=="Google", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-7" -KERNEL=="nvme*", ENV{ID_VENDOR}=="Google", ENV{ID_SERIAL}="Google_EphemeralDisk_$env{ID_SERIAL_SHORT}" - -# Symlinks -KERNEL=="sd*|vd*|nvme*", ENV{DEVTYPE}=="disk", ENV{ID_VENDOR}=="Google", SYMLINK+="disk/by-id/google-$env{ID_SERIAL_SHORT}" -KERNEL=="sd*|vd*|nvme*", ENV{DEVTYPE}=="partition", ENV{ID_VENDOR}=="Google", SYMLINK+="disk/by-id/google-$env{ID_SERIAL_SHORT}-part%n" - -LABEL="gce_disk_naming_end" diff --git a/overlay.d/20platform-chrony/usr/lib/systemd/system/coreos-platform-chrony-config.service b/overlay.d/20platform-chrony/usr/lib/systemd/system/coreos-platform-chrony-config.service index f64f84da58..6a1bce8823 100644 --- a/overlay.d/20platform-chrony/usr/lib/systemd/system/coreos-platform-chrony-config.service +++ b/overlay.d/20platform-chrony/usr/lib/systemd/system/coreos-platform-chrony-config.service @@ -4,6 +4,7 @@ ConditionKernelCommandLine=|ignition.platform.id=azurestack ConditionKernelCommandLine=|ignition.platform.id=azure ConditionKernelCommandLine=|ignition.platform.id=aws ConditionKernelCommandLine=|ignition.platform.id=gcp +ConditionKernelCommandLine=|ignition.platform.id=qemu Before=NetworkManager.service Before=chronyd.service diff --git a/overlay.d/20platform-chrony/usr/libexec/coreos-platform-chrony-config b/overlay.d/20platform-chrony/usr/libexec/coreos-platform-chrony-config index 41e6c0b951..b91f880bac 100755 --- a/overlay.d/20platform-chrony/usr/libexec/coreos-platform-chrony-config +++ b/overlay.d/20platform-chrony/usr/libexec/coreos-platform-chrony-config @@ -23,9 +23,6 @@ if ! cmp {/usr,}/etc/sysconfig/chronyd >/dev/null; then exit 0 fi -mkdir -p /run/coreos -confpath=/run/coreos/platform-chrony.conf -altenvfilepath=/run/coreos/sysconfig-chrony cmdline=( $(> /etc/sysconfig/network + # Historically on QEMU, we haven't been disabling PEERNTP. Let's keep doing + # that even if we have ptp_kvm. chrony will just use the NTP servers as + # additional sources. + if [[ ${platform} != "qemu" ]]; then + cat <> /etc/sysconfig/network # PEERNTP=no is automatically added by default when a platform-provided time # source is available, but this behavior may be overridden through an Ignition # config specifying PEERNTP=yes. See https://github.com/coreos/fedora-coreos-config/pull/412. PEERNTP=no EOF + fi fi (echo "# Generated by $self - do not edit directly" @@ -81,6 +92,11 @@ case "${platform}" in echo '# and https://cloud.google.com/compute/docs/images/configuring-imported-images' echo 'server metadata.google.internal prefer iburst' ) >> "${confpath}" ;; + qemu) + sed -i s,'^#pool,pool,' "${confpath}" + (echo '# KVM virtual PHC' + echo 'refclock PHC /dev/ptp0 poll 2' + ) >> "${confpath}" ;; *) echo "should not be reached" 1>&2; exit 1 ;; esac # Policy doesn't allow chronyd to read run_t diff --git a/overlay.d/30gcp-udev-rules/statoverride b/overlay.d/30gcp-udev-rules/statoverride new file mode 100644 index 0000000000..27a95affe2 --- /dev/null +++ b/overlay.d/30gcp-udev-rules/statoverride @@ -0,0 +1,2 @@ +# Config file for overriding permission bits on overlay files/dirs +# Format: = diff --git a/overlay.d/30gcp-udev-rules/usr/lib/udev/google_nvme_id b/overlay.d/30gcp-udev-rules/usr/lib/udev/google_nvme_id new file mode 100644 index 0000000000..a41cd340e3 --- /dev/null +++ b/overlay.d/30gcp-udev-rules/usr/lib/udev/google_nvme_id @@ -0,0 +1,308 @@ +#!/bin/bash +# ATTENTION: This is a copy from https://github.com/GoogleCloudPlatform/guest-configs/blob/18fbc050b135461879e631a5ec2dd2cd7259d8e2/src/lib/udev/google_nvme_id + +# Copyright 2020 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Used to generate symlinks for NVMe devices (both local SSD and +# persistent disk) using the disk names reported by the metadata server. + + + +# Locations of the script's dependencies +readonly nvme_cli_bin=/usr/sbin/nvme + +# Bash regex to parse device paths and controller identification +readonly PD_CONTROLLER_REGEX="nvme_card-pd" +readonly SSD_CONTROLLER_REGEX="nvme_card[0-9]*" +readonly CONTROLLER_NUMBER_REGEX="nvme_card([[:digit:]]+)" +readonly NAMESPACE_NUMBER_REGEX="/dev/nvme[[:digit:]]+n([[:digit:]]+).*" +readonly PARTITION_NUMBER_REGEX="/dev/nvme[[:digit:]]+n[[:digit:]]+p([[:digit:]]+)" +readonly PD_NVME_REGEX="sn[[:space:]]+:[[:space]]+nvme_card-pd" + +# Globals used to generate the symlinks for a NVMe disk. These are populated +# by the identify_pd_disk function and exported for consumption by udev rules. +ID_SERIAL='' +ID_SERIAL_SHORT='' + +####################################### +# Helper function to log an error message to stderr. +# Globals: +# None +# Arguments: +# String to print as the log message +# Outputs: +# Writes error to STDERR +####################################### +function err() { + echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')]: $*" >&2 +} + +####################################### +# Retrieves the device name for an NVMe namespace using nvme-cli. +# Globals: +# Uses nvme_cli_bin +# Arguments: +# The path to the nvme namespace (/dev/nvme0n?) +# Outputs: +# The device name parsed from the JSON in the vendor ext of the ns-id command. +# Returns: +# 0 if the device name for the namespace could be retrieved, 1 otherwise +####################################### +function get_namespace_device_name() { + local nvme_json + nvme_json="$("$nvme_cli_bin" id-ns -b "$1" | xxd -p -seek 384 | xxd -p -r)" + if [[ $? -ne 0 ]]; then + return 1 + fi + + if [[ -z "$nvme_json" ]]; then + err "NVMe Vendor Extension disk information not present" + return 1 + fi + + local device_name + device_name="$(echo "$nvme_json" | grep device_name | sed -e 's/.*"device_name":[ \t]*"\([a-zA-Z0-9_-]\+\)".*/\1/')" + + # Error if our device name is empty + if [[ -z "$device_name" ]]; then + err "Empty name" + return 1 + fi + + echo "$device_name" + return 0 +} + +####################################### +# Retrieves the nsid for an NVMe namespace +# Globals: +# None +# Arguments: +# The path to the nvme namespace (/dev/nvme0n*) +# Outputs: +# The namespace number/id +# Returns: +# 0 if the namespace id could be retrieved, 1 otherwise +####################################### +function get_namespace_number() { + local dev_path="$1" + local namespace_number + if [[ "$dev_path" =~ $NAMESPACE_NUMBER_REGEX ]]; then + namespace_number="${BASH_REMATCH[1]}" + else + return 1 + fi + + echo "$namespace_number" + return 0 +} + +####################################### +# Retrieves the partition number for a device path if it exists +# Globals: +# None +# Arguments: +# The path to the device partition (/dev/nvme0n*p*) +# Outputs: +# The value after 'p' in the device path, or an empty string if the path has +# no partition. +####################################### +function get_partition_number() { + local dev_path="$1" + local partition_number + if [[ "$dev_path" =~ $PARTITION_NUMBER_REGEX ]]; then + partition_number="${BASH_REMATCH[1]}" + echo "$partition_number" + else + echo '' + fi + return 0 +} + +####################################### +# Retrieves the controller number from the device model if it exists +# Globals: +# None +# Arguments: +# The NVMe device model (nvme_card or nvme_card1/2/3/...) +# Outputs: +# The controller id/number +####################################### +function get_controller_number() { + local dev_model="$1" + local controller_number + if [[ "$dev_model" =~ $CONTROLLER_NUMBER_REGEX ]]; then + controller_number="${BASH_REMATCH[1]}" + echo "$controller_number" + else + # if it's 'nvme_card', echo 0. This is for backward compatibility. + echo '0' + fi + return 0 +} + +####################################### +# Generates a symlink for a PD-NVMe device using the metadata's disk name. +# Primarily used for testing but can be used if the script is directly invoked. +# Globals: +# Uses ID_SERIAL_SHORT (can be populated by identify_pd_disk) +# Arguments: +# The device path for the disk +####################################### +function gen_symlink() { + local dev_path="$1" + local partition_number="$(get_partition_number "$dev_path")" + + if [[ -n "$partition_number" ]]; then + ln -s "$dev_path" /dev/disk/by-id/google-"$ID_SERIAL_SHORT"-part"$partition_number" > /dev/null 2>&1 + else + ln -s "$dev_path" /dev/disk/by-id/google-"$ID_SERIAL_SHORT" > /dev/null 2>&1 + fi + + return 0 +} + +####################################### +# Populates the ID_* global variables with a disk's device name and namespace +# Globals: +# Populates ID_SERIAL_SHORT, and ID_SERIAL +# Arguments: +# The device path for the disk +# Returns: +# 0 on success and 1 if an error occurs +####################################### +function identify_pd_disk() { + local dev_path="$1" + local dev_name + dev_name="$(get_namespace_device_name "$dev_path")" + if [[ $? -ne 0 ]]; then + return 1 + fi + + ID_SERIAL_SHORT="$dev_name" + ID_SERIAL="Google_PersistentDisk_${ID_SERIAL_SHORT}" + return 0 +} + +####################################### +# Populates the ID_* global variables with a disk's device name and namespace +# Globals: +# Populates ID_SERIAL_SHORT, and ID_SERIAL +# Arguments: +# The device path for the disk +# Returns: +# 0 on success and 1 if an error occurs +####################################### +function identify_local_ssd_disk() { + local dev_model="$1" + local dev_path="$2" + local controller_number + controller_number="$(get_controller_number "$dev_model")" + if [[ $? -ne 0 ]]; then + return 1 + fi + + local namespace_number + namespace_number="$(get_namespace_number "$dev_path")" + if [[ $? -ne 0 ]]; then + return 1 + fi + + ID_SERIAL_SHORT="local-nvme-ssd-$(($controller_number+$namespace_number-1))" + ID_SERIAL="Google_EphemeralDisk_${ID_SERIAL_SHORT}" + return 0 +} + +function print_help_message() { + echo "Usage: google_nvme_id [-s] [-h] -d device_path" + echo " -d (Required): Specifies the path to generate a name" + echo " for. This needs to be a path to an nvme device or namespace" + echo " -s: Create symbolic link for the disk under /dev/disk/by-id." + echo " Otherwise, the disk name will be printed to STDOUT" + echo " -h: Print this help message" +} + +function main() { + local opt_gen_symlink='false' + local device_path='' + + while getopts :d:sh flag; do + case "$flag" in + d) device_path="$OPTARG";; + s) opt_gen_symlink='true';; + h) print_help_message + return 0 + ;; + :) echo "Invalid option: ${OPTARG} requires an argument" 1>&2 + return 1 + ;; + *) return 1 + esac + done + + if [[ -z "$device_path" ]]; then + echo "Device path (-d) argument required. Use -h for full usage." 1>&2 + exit 1 + fi + + # Ensure the nvme-cli command is installed + command -v "$nvme_cli_bin" > /dev/null 2>&1 + if [[ $? -ne 0 ]]; then + err "The nvme utility (/usr/sbin/nvme) was not found. You may need to run \ +with sudo or install nvme-cli." + return 1 + fi + + # Ensure the passed device is actually an NVMe device + "$nvme_cli_bin" id-ctrl "$device_path" &>/dev/null + if [[ $? -ne 0 ]]; then + err "Passed device was not an NVMe device. (You may need to run this \ +script as root/with sudo)." + return 1 + fi + + # Detect the type of attached nvme device + local controller_id + controller_id=$("$nvme_cli_bin" id-ctrl "$device_path") + if [[ "$controller_id" =~ $PD_CONTROLLER_REGEX ]] ; then + # Fill the global variables for the id command for the given disk type + # Error messages will be printed closer to error, no need to reprint here + identify_pd_disk "$device_path" + if [[ $? -ne 0 ]]; then + return $? + fi + elif [[ "$controller_id" =~ $SSD_CONTROLLER_REGEX ]] ; then + identify_local_ssd_disk "$controller_id" "$device_path" + if [[ $? -ne 0 ]]; then + return $? + fi + else + err "Device is not a NVMe device" + return 1 + fi + + # Gen symlinks or print out the globals set by the identify command + if [[ "$opt_gen_symlink" == 'true' ]]; then + gen_symlink "$device_path" + else + # These will be consumed by udev + echo "ID_SERIAL_SHORT=${ID_SERIAL_SHORT}" + echo "ID_SERIAL=${ID_SERIAL}" + fi + + return $? + +} +main "$@" diff --git a/overlay.d/30gcp-udev-rules/usr/lib/udev/rules.d/64-gce-disk-removal.rules b/overlay.d/30gcp-udev-rules/usr/lib/udev/rules.d/64-gce-disk-removal.rules new file mode 100644 index 0000000000..052d636b21 --- /dev/null +++ b/overlay.d/30gcp-udev-rules/usr/lib/udev/rules.d/64-gce-disk-removal.rules @@ -0,0 +1,19 @@ +# ATTENTION: It is a copy from https://github.com/GoogleCloudPlatform/guest-configs/blob/18fbc050b135461879e631a5ec2dd2cd7259d8e2/src/lib/udev/rules.d/64-gce-disk-removal.rules +# Copyright 2016 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# When a disk is removed, unmount any remaining attached volumes. + +ACTION=="remove", SUBSYSTEM=="block", KERNEL=="sd*|vd*|nvme*", RUN+="/bin/sh -c '/bin/umount -fl /dev/$name && /usr/bin/logger -p daemon.warn -s WARNING: hot-removed /dev/$name that was still mounted, data may have been corrupted'" diff --git a/overlay.d/30gcp-udev-rules/usr/lib/udev/rules.d/65-gce-disk-naming.rules b/overlay.d/30gcp-udev-rules/usr/lib/udev/rules.d/65-gce-disk-naming.rules new file mode 100644 index 0000000000..5c62b7564d --- /dev/null +++ b/overlay.d/30gcp-udev-rules/usr/lib/udev/rules.d/65-gce-disk-naming.rules @@ -0,0 +1,41 @@ +# ATTENTION: It is a copy from https://github.com/GoogleCloudPlatform/guest-configs/blob/18fbc050b135461879e631a5ec2dd2cd7259d8e2/src/lib/udev/rules.d/65-gce-disk-naming.rules +# Copyright 2016 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Name the attached disks as the specified by deviceName. + +ACTION!="add|change", GOTO="gce_disk_naming_end" +SUBSYSTEM!="block", GOTO="gce_disk_naming_end" + +# SCSI naming +KERNEL=="sd*|vd*", IMPORT{program}="scsi_id --export --whitelisted -d $tempnode" + +# NVME Local SSD naming +KERNEL=="nvme*n*", ATTRS{model}=="nvme_card", PROGRAM="/bin/sh -c 'nsid=$$(echo %k|sed -re s/nvme[0-9]+n\([0-9]+\).\*/\\1/); echo $$((nsid-1))'", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-%c" +KERNEL=="nvme*", ATTRS{model}=="nvme_card", ENV{ID_SERIAL}="Google_EphemeralDisk_$env{ID_SERIAL_SHORT}" +# Support for local SSD multi-controller +KERNEL=="nvme*n*", ATTRS{model}=="nvme_card[0-9]*", IMPORT{program}="google_nvme_id -d $tempnode" + +# NVME Persistent Disk IO Timeout +KERNEL=="nvme*n*", ENV{DEVTYPE}=="disk", ATTRS{model}=="nvme_card-pd", ATTR{queue/io_timeout}="4294967295" + +# NVME Persistent Disk Naming +KERNEL=="nvme*n*", ATTRS{model}=="nvme_card-pd", IMPORT{program}="google_nvme_id -d $tempnode" + +# Symlinks +KERNEL=="sd*|vd*|nvme*", ENV{DEVTYPE}=="disk", SYMLINK+="disk/by-id/google-$env{ID_SERIAL_SHORT}" +KERNEL=="sd*|vd*|nvme*", ENV{DEVTYPE}=="partition", SYMLINK+="disk/by-id/google-$env{ID_SERIAL_SHORT}-part%n" + +LABEL="gce_disk_naming_end" diff --git a/overlay.d/README.md b/overlay.d/README.md index 1e5eed2da1..8d9a53edb5 100644 --- a/overlay.d/README.md +++ b/overlay.d/README.md @@ -66,3 +66,17 @@ bits to include the rules in the initramfs too. [1] https://github.com/coreos/fedora-coreos-tracker/issues/1383 [2] https://github.com/Azure/WALinuxAgent/pull/1622 [3] https://src.fedoraproject.org/rpms/WALinuxAgent/pull-request/4 + + +30gcp-udev-rules +------------------- + +Add udev rules and scripts needed from google-guest-configs [1] for disk +configuration in GCP, such as local SSD controllers (nvme and scsi). + +There is an opened BZ [2] requesting a subpackage of google-compute-engine-guest-configs +containing only what we need. Once we get it, we can include this rpm in the +OS (Fedora/RHEL) and drop this module entirely. + +[1] https://github.com/GoogleCloudPlatform/guest-configs/tree/master/src/lib/udev +[2] https://bugzilla.redhat.com/show_bug.cgi?id=218286 diff --git a/tests/kola/disks/growfs b/tests/kola/disks/growfs new file mode 100755 index 0000000000..a423837112 --- /dev/null +++ b/tests/kola/disks/growfs @@ -0,0 +1,20 @@ +#!/bin/bash +## kola: +## exclusive: false + +# This test verifies that the rootfs is automatically grown on first boot in the +# default case and that the autosave-xfs logic didn't kick in. + +set -xeuo pipefail + +. $KOLA_EXT_DATA/commonlib.sh + +if [ ! -f /run/ignition-ostree-growfs.stamp ]; then + fatal "rootfs was not grown on first boot" +fi +ok "rootfs grown on first boot" + +if [ -f /run/ignition-ostree-autosaved-xfs.stamp ]; then + fatal "unexpected autosaved XFS" +fi +ok "rootfs wasn't automatically reprovisioned" diff --git a/tests/kola/ntp/chrony/coreos-platform-chrony-generator b/tests/kola/ntp/chrony/coreos-platform-chrony-config similarity index 57% rename from tests/kola/ntp/chrony/coreos-platform-chrony-generator rename to tests/kola/ntp/chrony/coreos-platform-chrony-config index 7460509dc1..04ad465a73 100755 --- a/tests/kola/ntp/chrony/coreos-platform-chrony-generator +++ b/tests/kola/ntp/chrony/coreos-platform-chrony-config @@ -1,7 +1,7 @@ #!/bin/bash ## kola: ## exclusive: false -## platforms: "aws azure gce" +## platforms: "aws azure gce qemu" # # Test the coreos-platform-chrony generator. @@ -14,5 +14,11 @@ case "${platform}" in aws) chronyc sources |grep '169.254.169.123'; echo "ok chrony aws" ;; azure) chronyc sources |grep 'PHC'; echo "ok chrony azure" ;; gcp) chronyc sources | grep '169.254.169.254'; echo "ok chrony gcp" ;; + qemu) + # ptp_kvm isn't available on all arches nor all hosts, so don't assume it's always there; see + # https://github.com/coreos/fedora-coreos-config/pull/2263#discussion_r1157694192 + if lsmod | grep -q ptp_kvm; then + chronyc sources | grep 'PHC0'; echo "ok chrony qemu" + fi ;; *) echo "unhandled platform ${platform} ?"; exit 1 ;; esac diff --git a/tests/kola/root-reprovision/autosave-xfs/data/commonlib.sh b/tests/kola/root-reprovision/autosave-xfs/data/commonlib.sh new file mode 120000 index 0000000000..b8dcbdca1a --- /dev/null +++ b/tests/kola/root-reprovision/autosave-xfs/data/commonlib.sh @@ -0,0 +1 @@ +../../../data/commonlib.sh \ No newline at end of file diff --git a/tests/kola/root-reprovision/autosave-xfs/test.sh b/tests/kola/root-reprovision/autosave-xfs/test.sh new file mode 100755 index 0000000000..e4c5b3405c --- /dev/null +++ b/tests/kola/root-reprovision/autosave-xfs/test.sh @@ -0,0 +1,26 @@ +#!/bin/bash +## kola: +## # This test reprovisions the rootfs automatically. +## tags: "platform-independent reprovision" +## # Trigger automatic XFS reprovisioning +## minDisk: 100 +## # Root reprovisioning requires at least 4GiB of memory. +## minMemory: 4096 +## # This test includes a lot of disk I/O and needs a higher +## # timeout value than the default. +## timeoutMin: 15 + +set -xeuo pipefail + +. $KOLA_EXT_DATA/commonlib.sh + +if [ ! -f /run/ignition-ostree-autosaved-xfs.stamp ]; then + fatal "expected autosaved XFS" +fi +ok "autosaved XFS on large disk" + +eval $(xfs_info / | grep -o 'agcount=[0-9]*') +if [ "$agcount" -gt 4 ]; then + fatal "expected agcount of at most 4, got ${agcount}" +fi +ok "low agcount on large disk" diff --git a/tests/kola/root-reprovision/linear/test.sh b/tests/kola/root-reprovision/linear/test.sh index 3aaa6c865b..83bad0d232 100755 --- a/tests/kola/root-reprovision/linear/test.sh +++ b/tests/kola/root-reprovision/linear/test.sh @@ -39,6 +39,11 @@ case "${AUTOPKGTEST_REBOOT_MARK:-}" in fatal "ignition-ostree-growfs ran" fi + # check that autosave-xfs didn't run + if [ -e /run/ignition-ostree-autosaved-xfs.stamp ]; then + fatal "unexpected autosaved XFS" + fi + # reboot once to sanity-check we can find root on second boot /tmp/autopkgtest-reboot rebooted ;; diff --git a/tests/kola/root-reprovision/luks/autosave-xfs/config.ign b/tests/kola/root-reprovision/luks/autosave-xfs/config.ign new file mode 120000 index 0000000000..f72ce41f73 --- /dev/null +++ b/tests/kola/root-reprovision/luks/autosave-xfs/config.ign @@ -0,0 +1 @@ +../config.ign \ No newline at end of file diff --git a/tests/kola/root-reprovision/luks/autosave-xfs/data b/tests/kola/root-reprovision/luks/autosave-xfs/data new file mode 120000 index 0000000000..4909e06efb --- /dev/null +++ b/tests/kola/root-reprovision/luks/autosave-xfs/data @@ -0,0 +1 @@ +../data \ No newline at end of file diff --git a/tests/kola/root-reprovision/luks/autosave-xfs/test.sh b/tests/kola/root-reprovision/luks/autosave-xfs/test.sh new file mode 100755 index 0000000000..ab4e7a9528 --- /dev/null +++ b/tests/kola/root-reprovision/luks/autosave-xfs/test.sh @@ -0,0 +1,34 @@ +#!/bin/bash +## kola: +## # This test reprovisions the rootfs. +## tags: "platform-independent reprovision" +## # Root reprovisioning requires at least 4GiB of memory. +## minMemory: 4096 +## # A TPM backend device is not available on s390x to suport TPM. +## architectures: "!s390x" +## # This test includes a lot of disk I/O and needs a higher +## # timeout value than the default. +## timeoutMin: 15 +## # Trigger automatic XFS reprovisioning +## minDisk: 100 + +set -xeuo pipefail + +. $KOLA_EXT_DATA/commonlib.sh + +# check that we ran automatic XFS reprovisioning +if [ -z "${AUTOPKGTEST_REBOOT_MARK:-}" ]; then + if [ ! -f /run/ignition-ostree-autosaved-xfs.stamp ]; then + fatal "expected autosaved XFS" + fi + ok "autosaved XFS on large disk" + + eval $(xfs_info / | grep -o 'agcount=[0-9]*') + if [ "$agcount" -gt 4 ]; then + fatal "expected agcount of at most 4, got ${agcount}" + fi + ok "low agcount on large disk" +fi + +# run the rest of the tests +. $KOLA_EXT_DATA/luks-test.sh diff --git a/tests/kola/root-reprovision/luks/config.ign b/tests/kola/root-reprovision/luks/config.ign index 950aa670d8..07317d10b4 100644 --- a/tests/kola/root-reprovision/luks/config.ign +++ b/tests/kola/root-reprovision/luks/config.ign @@ -1,6 +1,6 @@ { "ignition": { - "version": "3.2.0" + "version": "3.4.0" }, "storage": { "luks": [ @@ -10,6 +10,8 @@ "clevis": { "tpm2": true }, + "discard": true, + "openOptions": ["--perf-no_read_workqueue"], "label": "root", "wipeVolume": true } diff --git a/tests/kola/root-reprovision/luks/data/luks-test.sh b/tests/kola/root-reprovision/luks/data/luks-test.sh new file mode 100755 index 0000000000..fe4b0dc3fe --- /dev/null +++ b/tests/kola/root-reprovision/luks/data/luks-test.sh @@ -0,0 +1,59 @@ +# This file is sourced by both `ext.config.root-reprovision.luks` +# and `ext.config.root-reprovision.luks.autosave-xfs`. + +. $KOLA_EXT_DATA/commonlib.sh + +srcdev=$(findmnt -nvr / -o SOURCE) +[[ ${srcdev} == /dev/mapper/myluksdev ]] + +blktype=$(lsblk -o TYPE "${srcdev}" --noheadings) +[[ ${blktype} == crypt ]] + +fstype=$(findmnt -nvr / -o FSTYPE) +[[ ${fstype} == xfs ]] +ok "source is XFS on LUKS device" + +rootflags=$(findmnt /sysroot -no OPTIONS) +if ! grep prjquota <<< "${rootflags}"; then + fatal "missing prjquota in root mount flags: ${rootflags}" +fi +ok "root mounted with prjquota" + +table=$(dmsetup table myluksdev) +if ! grep -q allow_discards <<< "${table}"; then + fatal "missing allow_discards in root DM table: ${table}" +fi +if ! grep -q no_read_workqueue <<< "${table}"; then + fatal "missing no_read_workqueue in root DM table: ${table}" +fi +ok "discard and custom option enabled for root LUKS" + +# while we're here, sanity-check that boot is mounted by UUID +if ! systemctl cat boot.mount | grep -q What=/dev/disk/by-uuid; then + systemctl cat boot.mount + fatal "boot mounted not by UUID" +fi +ok "boot mounted by UUID" + +case "${AUTOPKGTEST_REBOOT_MARK:-}" in + "") + # check that ignition-ostree-growfs ran + if [ ! -e /run/ignition-ostree-growfs.stamp ]; then + fatal "ignition-ostree-growfs did not run" + fi + + # reboot once to sanity-check we can find root on second boot + /tmp/autopkgtest-reboot rebooted + ;; + + rebooted) + grep root=UUID= /proc/cmdline + grep rd.luks.name= /proc/cmdline + ok "found root kargs" + + # while we're here, sanity-check that we have a boot=UUID karg too + grep boot=UUID= /proc/cmdline + ok "found boot karg" + ;; + *) fatal "unexpected mark: ${AUTOPKGTEST_REBOOT_MARK}";; +esac diff --git a/tests/kola/root-reprovision/luks/test.sh b/tests/kola/root-reprovision/luks/test.sh index 2532f65425..58fd00ba7d 100755 --- a/tests/kola/root-reprovision/luks/test.sh +++ b/tests/kola/root-reprovision/luks/test.sh @@ -14,48 +14,13 @@ set -xeuo pipefail . $KOLA_EXT_DATA/commonlib.sh -srcdev=$(findmnt -nvr / -o SOURCE) -[[ ${srcdev} == /dev/mapper/myluksdev ]] - -blktype=$(lsblk -o TYPE "${srcdev}" --noheadings) -[[ ${blktype} == crypt ]] - -fstype=$(findmnt -nvr / -o FSTYPE) -[[ ${fstype} == xfs ]] -ok "source is XFS on LUKS device" - -rootflags=$(findmnt /sysroot -no OPTIONS) -if ! grep prjquota <<< "${rootflags}"; then - fatal "missing prjquota in root mount flags: ${rootflags}" -fi -ok "root mounted with prjquota" - -# while we're here, sanity-check that boot is mounted by UUID -if ! systemctl cat boot.mount | grep -q What=/dev/disk/by-uuid; then - systemctl cat boot.mount - fatal "boot mounted not by UUID" +# check that we didn't run automatic XFS reprovisioning +if [ -z "${AUTOPKGTEST_REBOOT_MARK:-}" ]; then + if [ -f /run/ignition-ostree-autosaved-xfs.stamp ]; then + fatal "unexpected autosaved XFS" + fi + ok "no autosaved XFS on large disk" fi -ok "boot mounted by UUID" - -case "${AUTOPKGTEST_REBOOT_MARK:-}" in - "") - # check that ignition-ostree-growfs ran - if [ ! -e /run/ignition-ostree-growfs.stamp ]; then - fatal "ignition-ostree-growfs did not run" - fi - - # reboot once to sanity-check we can find root on second boot - /tmp/autopkgtest-reboot rebooted - ;; - - rebooted) - grep root=UUID= /proc/cmdline - grep rd.luks.name= /proc/cmdline - ok "found root kargs" - # while we're here, sanity-check that we have a boot=UUID karg too - grep boot=UUID= /proc/cmdline - ok "found boot karg" - ;; - *) fatal "unexpected mark: ${AUTOPKGTEST_REBOOT_MARK}";; -esac +# run the rest of the tests +. $KOLA_EXT_DATA/luks-test.sh diff --git a/tests/kola/root-reprovision/raid1/test.sh b/tests/kola/root-reprovision/raid1/test.sh index 15c15b3ca1..607c9877b0 100755 --- a/tests/kola/root-reprovision/raid1/test.sh +++ b/tests/kola/root-reprovision/raid1/test.sh @@ -39,6 +39,11 @@ case "${AUTOPKGTEST_REBOOT_MARK:-}" in fatal "ignition-ostree-growfs ran" fi + # check that autosave-xfs didn't run + if [ -e /run/ignition-ostree-autosaved-xfs.stamp ]; then + fatal "unexpected autosaved XFS" + fi + # reboot once to sanity-check we can find root on second boot /tmp/autopkgtest-reboot rebooted ;; diff --git a/tests/kola/upgrade/extended/test.sh b/tests/kola/upgrade/extended/test.sh index 3bd7b43efc..d69e2c35ae 100755 --- a/tests/kola/upgrade/extended/test.sh +++ b/tests/kola/upgrade/extended/test.sh @@ -57,8 +57,11 @@ if [ -f /etc/zincati/config.d/90-disable-auto-updates.toml ]; then systemctl restart zincati fi -version=$(rpm-ostree status --json | jq -r '.deployments[0].version') -stream=$(rpm-ostree status --json | jq -r '.deployments[0]["base-commit-meta"]["fedora-coreos.stream"]') +get_booted_deployment_json() { + rpm-ostree status --json | jq -r '.deployments[] | select(.booted == true)' +} +version=$(get_booted_deployment_json | jq -r '.version') +stream=$(get_booted_deployment_json | jq -r '.["base-commit-meta"]["fedora-coreos.stream"]') # Pick up the last release for the current stream test -f /srv/releases.json || \ diff --git a/tests/kola/var-mount/luks/test.sh b/tests/kola/var-mount/luks/test.sh index 0bc5a6b008..e27b263175 100755 --- a/tests/kola/var-mount/luks/test.sh +++ b/tests/kola/var-mount/luks/test.sh @@ -27,6 +27,15 @@ blktype=$(lsblk -o TYPE "${src}" --noheadings) fstype=$(findmnt -nvr /var/log -o FSTYPE) [[ $fstype == ext4 ]] +table=$(dmsetup table varlog) +if grep -q allow_discards <<< "${table}"; then + fatal "found allow_discards in /var/log DM table: ${table}" +fi +if grep -q no_read_workqueue <<< "${table}"; then + fatal "found no_read_workqueue in /var/log DM table: ${table}" +fi +ok "discard and custom option not enabled for /var/log" + case "${AUTOPKGTEST_REBOOT_MARK:-}" in "") ok "mounted on first boot"