tree: various tweaks

These are tweaks we worked on together to get iSCSI booting working.

I didn't reflect the changes back in the main README. Will let you do
that. :)

For posterity, notes on some of the things we changed:
- delete `saveconfig.json`; we recreate the config imperatively from
  scratch each time for more clarity
- put `targetcli_script` in `/usr/local/bin`; we can't write files
  directly in `/`
- drop the virtiofs mount unit; we rely on cosa to do that (this assumes
  then that we're running this from a cosa workdir, likely we'll want to
  make this more generic in the future)
- order against `target.service`, not `target.container`; the latter is
  just an input file to the quadlet generator and is foreign to systemd
- add `ConditionFirstBoot=true` since we only need to set up the iSCSI
  target on first boot
- move `network-online.target` ordering to `[Unit]` section
- make all the `targetcli` commands run in the same `podman exec`
  invocation
- cargo-cult a bunch more ACL-related targetcli settings

Containerfile

@@ -1,7 +1,5 @@
 FROM quay.io/centos/centos:stream9
 
-COPY saveconfig.json /etc/target/saveconfig.json
-
 RUN dnf install -y targetcli kmod && dnf clean all
 RUN systemctl enable target
 

ignition/target.bu

@@ -5,34 +5,24 @@ storage:
     - path: /etc/containers/systemd/target.container
       contents:
         local: target.container
-    - path: /targetcli_script
+    - path: /usr/local/bin/targetcli_script
       contents:
         local: targetcli_script
       mode: 0755
 systemd:
   units:
-    - name: var-shared-virtiofs.mount
-      enabled: true
-      contents: |
-          [Unit]
-          Description=Mount virtiofs shared filesystem
-          [Mount]
-          What=var-shared
-          Where=/var/shared/
-          Type=virtiofs
-          [Install]
-          WantedBy=multi-user.target
     - name: setup-targetcli.service
       enabled: true
       contents: |
           [Unit]
           Description=Setup targetcli
-          ConditionPathExists=/var/shared/fcos.raw
-          Requires=target.container
-          After=target.container
+          ConditionPathExists=/var/mnt/workdir-tmp/fcos.raw
+          Requires=target.service
+          After=target.service
+          ConditionFirstBoot=true
           [Service]
           Type=oneshot
           RemainAfterExit=yes
-          ExecStart=/targetcli_script
+          ExecStart=/usr/local/bin/targetcli_script
           [Install]
           WantedBy=multi-user.target

ignition/target.container

@@ -2,24 +2,23 @@
 Description=Targetd container
 Documentation=https://github.com/jbtrystram/targetcli-containers
 After=local-fs.target
-ConditionPathExists=/var/shared/
+ConditionPathExists=/var/mnt/workdir-tmp
+After=network-online.target
+Wants=network-online.target
 
 [Container]
 Image=quay.io/jbtrystram/targetcli:latest
 ContainerName=target
 AddCapability=CAP_SYS_MODULE
 Network=host
 Volume=/lib/modules:/lib/modules
-Volume=/var/run/dbus:/var/run/dbus
 Volume=/sys/kernel/config:/sys/kernel/config
-Volume=/var/shared:/var/shared/
+Volume=/var/mnt/workdir-tmp/:/var/mnt/workdir-tmp/
 PodmanArgs=--privileged
 
 [Install]
 # Start by default on boot
-WantedBy=multi-user.target default.target
-After=network-online.target, shared-virtiofs.mount
-Wants=network-online.target, shared-virtiofs.mount
+WantedBy=multi-user.target
 
 [Service]
 # Extend Timeout to allow time to pull the image

ignition/targetcli_script

@@ -1,6 +1,9 @@
 #!/bin/bash
 
-podman exec target targetcli /backstores/fileio create coreos /fcos.raw
-podman exec target targetcli iscsi/ create iqn.2023-10.coreos.target.vm:coreos
-podman exec target targetcli iscsi/iqn.2023-10.coreos.target.vm:coreos/tpg1/ set attribute authentication=0
-podman exec target targetcli iscsi/iqn.2023-10.coreos.target.vm:coreos/tpg1/luns create /backstores/fileio/coreos
+podman exec target bash -exc "
+  targetcli /backstores/fileio create coreos /var/mnt/workdir-tmp/fcos.raw
+  targetcli iscsi/ create iqn.2023-10.coreos.target.vm:coreos
+  targetcli iscsi/iqn.2023-10.coreos.target.vm:coreos/tpg1/luns create /backstores/fileio/coreos
+  targetcli iscsi/iqn.2023-10.coreos.target.vm:coreos/tpg1/ set attribute authentication=0 demo_mode_write_protect=0 generate_node_acls=1 cache_dynamic_acls=1
+"
+