From e9e18875b35eae102609a420c823f2a54bc9d5be Mon Sep 17 00:00:00 2001 From: Jakob Meng Date: Wed, 13 Sep 2023 14:56:11 +0200 Subject: [PATCH] [DNM][DRAFT] Changed OKD/FCOS workaround to also support rendezvous host of Agent-based Installer --- .../usr/local/bin/bootstrap-pivot.sh.template | 42 ++++++++++++------- .../release-image-pivot.service.template | 4 -- 2 files changed, 26 insertions(+), 20 deletions(-) diff --git a/data/data/bootstrap/files/usr/local/bin/bootstrap-pivot.sh.template b/data/data/bootstrap/files/usr/local/bin/bootstrap-pivot.sh.template index 86a42bb9cc2..8abc79fbf45 100644 --- a/data/data/bootstrap/files/usr/local/bin/bootstrap-pivot.sh.template +++ b/data/data/bootstrap/files/usr/local/bin/bootstrap-pivot.sh.template @@ -42,25 +42,35 @@ if [ ! -f /opt/openshift/.pivot-done ]; then record_service_stage_start "rebase-to-okd-os-image" {{if .IsFCOS -}} mnt="$(podman image mount "${MACHINE_OS_IMAGE}")" -{{- if .BootstrapInPlace }} - # SNO setup boots into Live ISO which cannot be rebased + + # The bootstrap host during SNO installation and the rendezvous host of Agent-based Installer both boot into a Live + # ISO which cannot be rebased. Until this rpm-ostree issue has been fixed, this workaround will mount the proper + # OKD/FCOS Machine OS image over the existing mount at /usr and copy new config files to /etc. # https://github.com/coreos/rpm-ostree/issues/4547 - mkdir /var/mnt/{upper,worker} - mount -t overlay overlay -o "lowerdir=/usr:$mnt/usr" /usr - mount -t overlay overlay -o "lowerdir=/etc:$mnt/etc,upperdir=/var/mnt/upper,workdir=/var/mnt/worker" /etc - systemctl daemon-reload + if grep -q coreos.liveiso= /proc/cmdline; then + mount -t tmpfs -o size=50% none /var/mnt/ + rsync -aHAXx "$mnt/" /var/mnt/ + mount -t overlay overlay -o lowerdir=/usr:/var/mnt/usr /usr + rsync -rlt --ignore-existing /var/mnt/etc/ /etc/ + + # HACK + mkdir -p /etc/mcc/bootstrap/ + cp -av /var/mnt/manifests/*.* /etc/mcc/bootstrap/ - # Workaround for SELinux denials when launching crio.service from overlayfs - setenforce Permissive + systemctl daemon-reload - systemctl start crio.service - # No reboot necessary because SNO setup will reboot system -{{ else }} - pushd "${mnt}/bootstrap" - # shellcheck disable=SC1091 - . ./pre-pivot.sh - popd -{{ end -}} + # Workaround for SELinux denials when launching crio.service from overlayfs + setenforce Permissive + + systemctl start crio.service + # No reboot necessary because setup will reboot the system automatically + else + pushd "${mnt}/bootstrap" + # shellcheck disable=SC1091 + . ./pre-pivot.sh + popd + fi + record_service_stage_success {{else if .IsSCOS -}} chmod 0644 /etc/containers/registries.conf rpm-ostree rebase --experimental "ostree-unverified-registry:${MACHINE_OS_IMAGE}" diff --git a/data/data/bootstrap/systemd/units/release-image-pivot.service.template b/data/data/bootstrap/systemd/units/release-image-pivot.service.template index e278091cc50..fd3763f44c2 100644 --- a/data/data/bootstrap/systemd/units/release-image-pivot.service.template +++ b/data/data/bootstrap/systemd/units/release-image-pivot.service.template @@ -3,11 +3,7 @@ Description=Pivot bootstrap to the OpenShift Release Image Wants=release-image.service After=release-image.service -{{- if .BootstrapInPlace }} Before=bootkube.service kubelet.service -{{ else }} -Before=bootkube.service -{{ end -}} [Service] Type=oneshot