Initial support for live PXE and ISO images

live/EFI/fedora/grub.cfg

@@ -0,0 +1,33 @@
+# Note this file mostly matches the grub.cfg file from within the
+# efiboot.img on the Fedora Server DVD iso. Diff this file with that
+# file in the future to pick up changes.
+#
+# One diff to note is we use linux and initrd instead of linuxefi and
+# initrdefi. We do this because it works and allows us to use this same
+# file on other architecutres. https://github.com/coreos/fedora-coreos-config/issues/63
+#
+# This file gets embedded into the efiboot.img on our Fedora CoreOS ISO.
+set default="1"
+
+function load_video {
+  insmod efi_gop
+  insmod efi_uga
+  insmod video_bochs
+  insmod video_cirrus
+  insmod all_video
+}
+
+load_video
+set gfxpayload=keep
+insmod gzio
+insmod part_gpt
+insmod ext2
+
+set timeout=1
+### END /etc/grub.d/00_header ###
+
+### BEGIN /etc/grub.d/10_linux ###
+menuentry 'Fedora CoreOS (Live)' --class fedora --class gnu-linux --class gnu --class os {
+	linux /images/vmlinuz mitigations=auto,nosmt rd.neednet=1 ip=dhcp ignition.firstboot ignition.platform.id=metal
+	initrd /images/initramfs.img
+}

live/README.md

@@ -0,0 +1,13 @@
+These files will be copied to the target live ISO
+via the CoreOS Assembler buildextend-live call. It
+picks up all files in the coreos/fedora-coreos-config/live/
+directory and copies them to the base of the ISO. 
+
+Files currently copied are:
+
+- isolinux/boot.msg
+- isolinux/isolinux.cfg
+
+Files that get copied into efiboot.img in the ISO:
+
+- EFI/grub.cfg 

live/isolinux/boot.msg

@@ -0,0 +1,5 @@
+
+splash.lss
+
+ -  Press the 01<ENTER>07 key to boot.
+

live/isolinux/isolinux.cfg

@@ -0,0 +1,73 @@
+# Note this file mostly matches the isolinux.cfg file from the Fedora 
+# Server DVD iso. Diff this file with that file in the future to pick up
+# changes.
+serial 0
+default vesamenu.c32
+timeout 10
+
+display boot.msg
+
+# Clear the screen when exiting the menu, instead of leaving the menu displayed.
+# For vesamenu, this means the graphical background is still displayed without
+# the menu itself for as long as the screen remains in graphics mode.
+menu clear
+menu background splash.png
+menu title Fedora CoreOS
+menu vshift 8
+menu rows 18
+menu margin 8
+#menu hidden
+menu helpmsgrow 15
+menu tabmsgrow 13
+
+# Border Area
+menu color border * #00000000 #00000000 none
+
+# Selected item
+menu color sel 0 #ffffffff #00000000 none
+
+# Title bar
+menu color title 0 #ff7ba3d0 #00000000 none
+
+# Press [Tab] message
+menu color tabmsg 0 #ff3a6496 #00000000 none
+
+# Unselected menu item
+menu color unsel 0 #84b8ffff #00000000 none
+
+# Selected hotkey
+menu color hotsel 0 #84b8ffff #00000000 none
+
+# Unselected hotkey
+menu color hotkey 0 #ffffffff #00000000 none
+
+# Help text
+menu color help 0 #ffffffff #00000000 none
+
+# A scrollbar of some type? Not sure.
+menu color scrollbar 0 #ffffffff #ff355594 none
+
+# Timeout msg
+menu color timeout 0 #ffffffff #00000000 none
+menu color timeout_msg 0 #ffffffff #00000000 none
+
+# Command prompt text
+menu color cmdmark 0 #84b8ffff #00000000 none
+menu color cmdline 0 #ffffffff #00000000 none
+
+# Do not display the actual menu unless the user presses a key. All that is displayed is a timeout message.
+
+menu tabmsg Press Tab for full configuration options on menu items.
+
+menu separator # insert an empty line
+menu separator # insert an empty line
+
+label linux
+  menu label ^Fedora CoreOS (Live)
+  menu default
+  kernel /images/vmlinuz
+  append initrd=/images/initramfs.img mitigations=auto,nosmt rd.neednet=1 ip=dhcp ignition.firstboot ignition.platform.id=metal
+
+menu separator # insert an empty line
+
+menu end

live/zipl.prm

@@ -0,0 +1 @@
+mitigations=auto,nosmt rd.neednet=1 ip=dhcp ignition.firstboot ignition.platform.id=metal

overlay.d/05core/usr/lib/dracut/modules.d/20live/coreos-populate-writable.service

@@ -0,0 +1,10 @@
+[Unit]
+DefaultDependencies=false
+RequiresMountsFor=/writable
+Before=sysroot-etc.mount sysroot-var.mount
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/bin/mkdir -m 755 -p /writable/etc/upper /writable/var
+ExecStart=/usr/bin/mkdir -m 700 -p /writable/etc/work

overlay.d/05core/usr/lib/dracut/modules.d/20live/is-live-image.sh

@@ -0,0 +1,5 @@
+#!/bin/sh
+# Script invoked by ignition-dracut generator to detect whether this is a
+# live system without a root device.  We can't test for /run/ostree-live
+# because it may not have been created yet.
+[ -e /root.squashfs ]

overlay.d/05core/usr/lib/dracut/modules.d/20live/live-generator

@@ -0,0 +1,101 @@
+#!/bin/bash
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+
+set -e
+
+UNIT_DIR="${1:-/tmp}"
+
+add_requires() {
+    local name="$1"
+    local requires_dir="${UNIT_DIR}/initrd-root-fs.target.requires"
+    mkdir -p "${requires_dir}"
+    ln -sf "../${name}" "${requires_dir}/${name}"
+}
+
+if [ -e /root.squashfs ]; then
+    # Create stamp file that everything else should use to detect a live boot
+    > /run/ostree-live
+
+    add_requires sysroot.mount
+    add_requires sysroot-etc.mount
+    add_requires sysroot-var.mount
+
+    mkdir -p "${UNIT_DIR}/ostree-prepare-root.service.d"
+    cat > "${UNIT_DIR}/ostree-prepare-root.service.d/10-live.conf" <<EOF
+# With live PXE there's no ostree= argument on the kernel command line, so
+# we need to find the tree path and pass it to ostree-prepare-root.  But
+# ostree-prepare-root only knows how to read the path from
+# /proc/cmdline, so we need to synthesize the proper karg and bind-mount
+# it over /proc/cmdline.
+# https://github.com/ostreedev/ostree/issues/1920
+
+[Unit]
+# The base unit conditions on the ostree karg, which won't exist until
+# ExecStartPre runs
+ConditionKernelCommandLine=
+
+[Service]
+ExecStartPre=/usr/sbin/ostree-cmdline start
+ExecStartPost=/usr/sbin/ostree-cmdline stop
+EOF
+
+    cat >"${UNIT_DIR}/sysroot.mount" <<EOF
+# Automatically generated by live-generator
+
+[Unit]
+DefaultDependencies=false
+Before=initrd-root-fs.target
+
+[Mount]
+What=/root.squashfs
+Where=/sysroot
+Type=squashfs
+EOF
+
+    cat >"${UNIT_DIR}/sysroot-etc.mount" <<EOF
+# Automatically generated by live-generator
+[Unit]
+DefaultDependencies=false
+
+# Make sure /sysroot is mounted first, since we're mounting under there
+Requires=initrd-root-fs.target
+After=initrd-root-fs.target
+
+# Make sure our upperdir is available
+RequiresMountsFor=/writable
+
+# Need to do this before Ignition mounts any other filesystems (potentially
+# shadowing our own mount).
+Before=ignition-mount.service
+
+[Mount]
+What=overlay
+Where=/sysroot/etc
+Type=overlay
+Options=lowerdir=/sysroot/etc,upperdir=/writable/etc/upper,workdir=/writable/etc/work,redirect_dir=on,index=on,xino=on
+EOF
+
+    cat >"${UNIT_DIR}/sysroot-var.mount" <<EOF
+# Automatically generated by live-generator
+[Unit]
+DefaultDependencies=false
+
+# Make sure /sysroot is mounted first, since we're mounting under there
+Requires=initrd-root-fs.target
+After=initrd-root-fs.target
+
+# Make sure our tmpfs is available
+RequiresMountsFor=/writable
+
+# Need to do this before Ignition mounts any other filesystems (potentially
+# shadowing our own bind mount).
+Before=ignition-mount.service
+
+[Mount]
+What=/writable/var
+Where=/sysroot/var
+Type=none
+Options=bind
+EOF
+fi

overlay.d/05core/usr/lib/dracut/modules.d/20live/module-setup.sh

@@ -0,0 +1,16 @@
+install() {
+    inst_script "$moddir/is-live-image.sh" \
+        "/usr/bin/is-live-image"
+
+    inst_script "$moddir/ostree-cmdline.sh" \
+        "/usr/sbin/ostree-cmdline"
+
+    inst_simple "$moddir/live-generator" \
+        "$systemdutildir/system-generators/live-generator"
+
+    inst_simple "$moddir/coreos-populate-writable.service" \
+        "$systemdsystemunitdir/coreos-populate-writable.service"
+
+    inst_simple "$moddir/writable.mount" \
+        "$systemdsystemunitdir/writable.mount"
+}

overlay.d/05core/usr/lib/dracut/modules.d/20live/ostree-cmdline.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+# With live PXE there's no ostree= argument on the kernel command line, so
+# we need to find the tree path and pass it to ostree-prepare-root.  But
+# ostree-prepare-root only knows how to read the path from
+# /proc/cmdline, so we need to synthesize the proper karg and bind-mount
+# it over /proc/cmdline.
+# https://github.com/ostreedev/ostree/issues/1920
+
+set -euo pipefail
+
+case "${1:-unset}" in
+    start)
+        treepath="$(echo /sysroot/ostree/boot.1/*/*/0)"
+        echo "$(cat /proc/cmdline) ostree=${treepath#/sysroot}" > /tmp/cmdline
+        mount --bind /tmp/cmdline /proc/cmdline
+        ;;
+    stop)
+        umount /proc/cmdline
+        rm /tmp/cmdline
+        ;;
+    *)
+        echo "Usage: $0 {start|stop}" >&2
+        exit 1
+        ;;
+esac

overlay.d/05core/usr/lib/dracut/modules.d/20live/writable.mount

@@ -0,0 +1,10 @@
+[Unit]
+DefaultDependencies=false
+Requires=coreos-populate-writable.service
+Before=coreos-populate-writable.service
+
+[Mount]
+What=tmpfs
+Where=/writable
+Type=tmpfs
+Options=mode=0700

overlay.d/05core/usr/lib/dracut/modules.d/40coreos-var/coreos-mount-var.service

@@ -1,6 +1,7 @@
 [Unit]
 Description=Mount OSTree /var
 DefaultDependencies=false
+ConditionPathExists=!/run/ostree-live
 
 # Make sure ExecStop= runs before we switch root
 Before=initrd-switch-root.target

overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator

@@ -0,0 +1,48 @@
+#!/bin/bash
+
+set -euo pipefail
+
+UNIT_DIR="${1:-/tmp}"
+
+add_wants() {
+    local name="$1"; shift
+    local wants_dir="${UNIT_DIR}/local-fs.target.wants"
+    mkdir -p "${wants_dir}"
+    ln -sf "../${name}" "${wants_dir}/${name}"
+}
+
+# Don't create mount units for /boot or /boot/efi on live systems.
+# ConditionPathExists won't work here because conditions don't affect
+# the dependency on the underlying device unit.
+if [ ! -f /run/ostree-live ]; then
+    add_wants boot.mount
+    cat > "${UNIT_DIR}/boot.mount" <<EOF
+# Automatically created by coreos-boot-mount-generator
+[Unit]
+Description=Boot partition
+Documentation=https://github.com/coreos/fedora-coreos-config
+Before=local-fs.target
+
+[Mount]
+What=/dev/disk/by-label/boot
+Where=/boot
+EOF
+
+    # Only mount the EFI System Partition on machines where it exists,
+    # which are 1) machines actually booted through EFI, and 2) x86_64
+    # when booted through BIOS.
+    if [ "$(uname -m)" = "x86_64" -o -d /sys/firmware/efi ]; then
+        add_wants boot-efi.mount
+        cat > "${UNIT_DIR}/boot-efi.mount" <<EOF
+# Automatically created by coreos-boot-mount-generator
+[Unit]
+Description=EFI System Partition
+Documentation=https://github.com/coreos/fedora-coreos-config
+Before=local-fs.target
+
+[Mount]
+What=/dev/disk/by-label/EFI-SYSTEM
+Where=/boot/efi
+EOF
+    fi
+fi

overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset

@@ -11,7 +11,5 @@ enable afterburn-checkin.service
 enable afterburn-firstboot-checkin.service
 # Service to write SSH key snippets from cloud providers.
 enable afterburn-sshkeys@.service
-# mount /boot/efi
-enable boot-efi.mount
 # Update agent
 enable zincati.service

overlay.d/05core/usr/lib/systemd/system/coreos-growpart.service

@@ -1,6 +1,7 @@
 # See also coreos-growpart script.
 
 [Unit]
+ConditionPathExists=!/run/ostree-live
 ConditionPathExists=!/var/lib/coreos-growpart.stamp
 Before=sshd.service