overlay.d/05core: Writeable root fs for Live ISOs booted from RAM

Previously, karg coreos.liveiso.fromram would cause live-generator to copy rootfs.img to a tmpfs and then mount it to /sysroot. Because rootfs.img contains a squashfs, /sysroot will be mounted read-only, preventing rpm-ostree operations such as install and rebase which are required by OKD/FCOS [0]. Now, with karg coreos.liveiso.fromram (Live ISO) or coreos.live.\ fromram (PXE boot) the rootfs.img will be mounted to /isoroot. The contents of /isoroot will be copied to /run/ephemeral and the latter will be bind-\ mounted to /sysroot. Because /run/ephemeral is a writeable xfs, both sysroot-etc.mount and sysroot-var.mount are not required in this case. For example, to rebase a FCOS/OKD bootimage first boot a Live ISO with Fedora 39 from RAM and then rebase and soft-reboot [1] (requires systemd v254) it with: rpm-ostree rebase fedora:fedora/x86_64/coreos/next rpm-ostree apply-live --allow-replacement systemctl soft-reboot [0] coreos/rpm-ostree#4547 [1] https://www.freedesktop.org/software/systemd/man/systemd-soft-reboot.service.html
JM1 · Oct 3, 2023 · 0a4afa3 · 0a4afa3
1 parent 61d7b8c
commit 0a4afa3
Showing 1 changed file with 78 additions and 48 deletions.
diff --git a/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator b/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator
@@ -28,8 +28,6 @@ fi
 > /run/ostree-live
 
 add_requires sysroot.mount     initrd-root-fs.target
-add_requires sysroot-etc.mount initrd-root-fs.target
-add_requires sysroot-var.mount initrd-root-fs.target
 # make sure we enable network if required for coreos-livepxe-rootfs
 # https://github.com/coreos/fedora-coreos-tracker/issues/1423
 add_requires coreos-enable-network.service initrd-root-fs.target
@@ -53,12 +51,22 @@ ExecStartPre=/usr/sbin/ostree-cmdline start
 ExecStartPost=/usr/sbin/ostree-cmdline stop
 EOF
 
+# Determine what to mount in sysroot.mount based on if we were asked to run
+# completely from RAM via coreos.liveiso.fromram or coreos.live.fromram karg.
+if getargbool 0 coreos.liveiso.fromram || getargbool 0 coreos.live.fromram; then
+    isorootmount=isoroot
+    isorootwhere=/isoroot
+else
+    isorootmount=sysroot
+    isorootwhere=/sysroot
+fi
+
 isoroot=$(getarg coreos.liveiso= ||:)
 
 if [ -z "${isoroot}" ]; then
     # In this case, the rootfs is already unpacked into the initrd, or we need
     # to retrieve it
-    cat >"${UNIT_DIR}/sysroot.mount" <<EOF
+    cat >"${UNIT_DIR}/${isorootmount}.mount" <<EOF
 # Automatically generated by live-generator
 
 [Unit]
@@ -69,7 +77,7 @@ Before=initrd-root-fs.target
 
 [Mount]
 What=/root.squashfs
-Where=/sysroot
+Where=${isorootwhere}
 Type=squashfs
 Options=loop
 EOF
@@ -109,45 +117,17 @@ Options=ro
 Type=iso9660
 EOF
 
-    # Determine what to mount in sysroot.mount based on if we were asked to run
-    # completely from RAM via coreos.liveiso.fromram karg.
-    if getargbool 0 coreos.liveiso.fromram; then
-        sysrootrequiresmountsfor=""
-        sysrootfsimg=/rootfs.img
-        # Add service to copy the rootfs.img from the ISO to memory
-        cat >"${UNIT_DIR}/coreos-liveiso-run-media-iso-cp-rootfsimg.service" <<EOF
-# Automatically generated by live-generator
-
-[Unit]
-RequiresMountsFor=/run/media/iso
-Before=sysroot.mount
-# DefaultDependencies=true so this unit gets stopped on switchroot to
-# allow for /run/media/iso to get unmounted.
-DefaultDependencies=true
-
-[Service]
-Type=oneshot
-ExecStart=cp -v /run/media/iso/images/pxeboot/rootfs.img /rootfs.img
-RemainAfterExit=yes
-EOF
-        add_requires coreos-liveiso-run-media-iso-cp-rootfsimg.service default.target
-    else
-        sysrootrequiresmountsfor="RequiresMountsFor=/run/media/iso"
-        sysrootfsimg=/run/media/iso/images/pxeboot/rootfs.img
-    fi
-
-    cat >"${UNIT_DIR}/sysroot.mount" <<EOF
+    cat >"${UNIT_DIR}/${isorootmount}.mount" <<EOF
 # Automatically generated by live-generator
 
 [Unit]
 DefaultDependencies=false
 Before=initrd-root-fs.target
-After=coreos-liveiso-run-media-iso-cp-rootfsimg.service
-${sysrootrequiresmountsfor}
+RequiresMountsFor=/run/media/iso
 
 [Mount]
-What=${sysrootfsimg}
-Where=/sysroot
+What=/run/media/iso/images/pxeboot/rootfs.img
+Where=${isorootwhere}
 Type=squashfs
 # Offset of the squashfs within the rootfs cpio.  Assumes newc format
 # and that a file named "root.squashfs" is the first member.  This offset
@@ -205,7 +185,56 @@ Type=xfs
 Options=loop,discard
 EOF
 
-cat >"${UNIT_DIR}/sysroot-xfs-ephemeral-setup.service" <<EOF
+if getargbool 0 coreos.liveiso.fromram || getargbool 0 coreos.live.fromram; then
+    cat >"${UNIT_DIR}/sysroot-xfs-ephemeral-setup.service" <<EOF
+[Unit]
+DefaultDependencies=false
+RequiresMountsFor=/run/ephemeral
+RequiresMountsFor=/isoroot
+ConditionPathExists=/usr/lib/initrd-release
+ConditionPathExists=!/run/ephemeral/usr
+# We want to run before ostree will be set up
+Before=ostree-prepare-root.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/bin/cp -a ${isorootwhere}/. /run/ephemeral/
+EOF
+
+    cat >>"${UNIT_DIR}/sysroot.mount" <<EOF
+# Automatically generated by live-generator
+[Unit]
+DefaultDependencies=false
+# Make sure our tmpfs is available
+Requires=sysroot-xfs-ephemeral-setup.service
+After=sysroot-xfs-ephemeral-setup.service
+# We're part of assembling the root fs
+Before=initrd-root-fs.target
+
+[Mount]
+What=/run/ephemeral
+Where=/sysroot
+Type=none
+Options=bind
+EOF
+    cat >>"${UNIT_DIR}/sysroot-relabel.service" <<EOF
+[Unit]
+DefaultDependencies=false
+RequiresMountsFor=/sysroot
+Before=initrd-root-fs.target
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+# We don't need the full relabeling spam by default for these
+StandardOutput=null
+ExecStart=/bin/coreos-relabel /
+EOF
+    add_requires sysroot-relabel.service initrd-root-fs.target
+
+else # ! getargbool 0 coreos.liveiso.fromram && ! getargbool 0 coreos.live.fromram
+
+    cat >"${UNIT_DIR}/sysroot-xfs-ephemeral-setup.service" <<EOF
 [Unit]
 DefaultDependencies=false
 RequiresMountsFor=/run/ephemeral
@@ -222,8 +251,8 @@ ExecStart=/bin/cp -a /sysroot/etc /run/ephemeral/etc
 ExecStart=/bin/mkdir /run/ephemeral/var
 EOF
 
-common_etcvar_unit() {
-    cat << EOF
+    common_etcvar_unit() {
+        cat << EOF
 # Automatically generated by live-generator
 [Unit]
 DefaultDependencies=false
@@ -233,29 +262,29 @@ After=sysroot-xfs-ephemeral-setup.service
 # We're part of assembling the root fs
 Before=initrd-root-fs.target
 EOF
-}
+    }
 
-common_etcvar_unit > "${UNIT_DIR}/sysroot-etc.mount"
-cat >>"${UNIT_DIR}/sysroot-etc.mount" <<EOF
+    common_etcvar_unit > "${UNIT_DIR}/sysroot-etc.mount"
+    cat >>"${UNIT_DIR}/sysroot-etc.mount" <<EOF
 [Mount]
 What=/run/ephemeral/etc
 Where=/sysroot/etc
 Type=none
 Options=bind
 EOF
-add_requires sysroot-etc.mount initrd-root-fs.target
+    add_requires sysroot-etc.mount initrd-root-fs.target
 
-common_etcvar_unit >"${UNIT_DIR}/sysroot-var.mount"
-cat >>"${UNIT_DIR}/sysroot-var.mount" <<EOF
+    common_etcvar_unit >"${UNIT_DIR}/sysroot-var.mount"
+    cat >>"${UNIT_DIR}/sysroot-var.mount" <<EOF
 [Mount]
 What=/run/ephemeral/var
 Where=/sysroot/var
 Type=none
 Options=bind
 EOF
-add_requires sysroot-var.mount initrd-root-fs.target
+    add_requires sysroot-var.mount initrd-root-fs.target
 
-cat >>"${UNIT_DIR}/sysroot-relabel.service" <<EOF
+    cat >>"${UNIT_DIR}/sysroot-relabel.service" <<EOF
 [Unit]
 DefaultDependencies=false
 RequiresMountsFor=/sysroot/etc /sysroot/var
@@ -268,4 +297,5 @@ StandardOutput=null
 ExecStart=/bin/coreos-relabel /etc
 ExecStart=/bin/coreos-relabel /var
 EOF
-add_requires sysroot-relabel.service initrd-root-fs.target
+    add_requires sysroot-relabel.service initrd-root-fs.target
+fi