butane
butane copied to clipboard
coreos
Fail if mountpoint path is forbidden by FCOS
Bug
Operating System Version
fedora-coreos-34.20210503.1.1-live.x86_64 - current next stream
Ignition Version
2.9.0
Environment
bare-metal
Expected Behavior
Mounting succeeds.
Actual Behavior
The last line in the log of journalctl -t ignition, even after printing the whole Ignition config is:
}CRITICAL : Ignition failed: Mount path "/sysroot//mnt/external" contains non-directory component "/sysroot/mnt"
BTW yes the } at the start is really there, as it is the end of the Ignition config output it does there and in this case it seems to merge with that message…
This results in:
ignition-complete.target: Job ignition-complete.target/start failed with result 'dependency'.
Doing an ls on /sysroot/mnt, I can see this is somewhat correct as it's a symbolic link:
$ ls -la /sysroot/mnt
[…] /sysroot/mnt -> var/mnt
As you can see, it links to var/mnt (without a leading slash! – ~~also wonder whether that's intended~~).
~~In any case, in my emergency dracut shell I at least also cannot see any /var/mnt directory…~~
Edit: Ah of course it's intended by rpm-ostree's file layout. However, in the link's target, i.e. /sysroot/var there is also only a lib folder, no other folder, i.e. no mnt it actually expects.
Reproduction Steps
variant: fcos
version: 1.3.0
storage:
luks:
# external disk (already exists!)
- name: external
label: luks-external
device: /dev/disk/by-id/[…]:0-part1
key_file:
inline: |-
********
wipe_volume: false
filesystems:
- path: /mnt/external
device: /dev/mapper/external
format: btrfs
wipe_filesystem: false
with_mount_unit: true
BTW the filesystems -> systemd service for mounting the file is filesystem is correctly generated.
Other Information
I continue my challenge to mount an existing LUKS drive from https://github.com/coreos/ignition/issues/1210 (originally here)
FYI: When I then just reboot, it cannot even mount /root anymore, which is basically just configured as in the doc here (I did not include that part in the config above): It cannot find /dev/disk/by-label/root.
On FCOS you can't create mountpoints directly in /; see docs here. If you set path to /var/mnt/external it should work, and will automatically create the mountpoint.
Oh thanks a lot! That works.
Given this seems to be a limitation of FCOS, do you think a pre-check in Butane could be implemented so this error is catched before when transpiling to an Ignition file? (As the current error message that does not really pinpoint the actual problem at Ignition at the near end of provisioning is not too good – UX-wise.)
How about extending this to a more generalized path validation, i.e. not just limited to mount points? For example, Ignition will bail if a storage config for /usr is present, or if one tries to create a /some-file. Butane can (and should) deny this config from the beginning.
How about extending this to a more generalized path validation, i.e. not just limited to mount points? For example, Ignition will bail if a storage config for
/usris present, or if one tries to create a/some-file. Butane can (and should) deny this config from the beginning.
One thing with this is that Butane is also being used as input for CoreOS layering and there we do want to support changing things in /usr.
https://github.com/coreos/fedora-coreos-config/pull/1879 aims to provide a way to create paths in the root directory. We might want to provide Butane sugar for that, but it doesn't completely obviate this issue, since there will still be forbidden paths (like /usr).