Check firstboot flag in initramfs (helps s390x zipl) #84
Comments
|
I think the same helps with the bare metal on Power with petitboot as the bootloader. AFAIK it only parses the other bootloaders configs (grub, syslinux, BootLoaderSpec, ...). |
|
When using the initrd to read the flag file all of the dependencies (e.g. network) would have to go into the generator. Apart from that I guess it should work and would also help to solve #39. |
|
cc @bgilbert @ajeddeloh @jlebon for thoughts |
|
Grub not supporting s390x is problematic. We want to have one unified grub config that does the boot selection based on successes and failures. If we don't have the ability to do scripting we lose that. Does zipl support bls? |
I would suggest to have a generic way to deal with boot configuration instead of basing it on a particular implementation, i.e. grub.
Yes. Support has been added with ibm-s390-linux/s390-tools@b8a9f0d#diff-f957eeda4ae1e6a34e9b0c581afe6b9e |
The bootloader needs smarts in order to support automatic rollback. It needs a way of tracking if it's tried and failed to boot a kernel/initramfs so if an update has a bad kernel it can automatically roll back. |
|
After talking with @sharkcz and javier__ on freenode, one possible path forward is to use zipl to load petitboot which can then interpret the grub script. Haven't tested this (haven't even tested just petitboot) but it seems like it could work in theory and would mean everything could use the same unified grub config. |
Petitboot already has support for grub's built-in scripting language. The only missing piece that's used by the 02_ignition_firstboot fragment will be the |
Instead of Petitboot, I think that will make more sense to use For |
|
With martinezjavier's suggestion on So in the mean time, I suggest we move the firstboot check into initramfs. We need it for |
So to summarize, we do the firstboot check in initramfs for s390x. For others, we keep doing in grub. |
|
Hrm there's a wrinkle in this: The first boot detection happens in a systemd generator. This means that we don't have udev available and devices are still being enumerated. We can't use |
|
Alternative idea for the short term (since this is only a stopgap until we get proper 2 stage bootloading on s390x): Install with a zipl config that sets the ignition.firstboot karg, then on ignition-complete recreate the zipl config without it. It's hacky, but it's confined to s390x and we should be able to rip it out soon. |
I agree that could be a way to workaround this. |
- add zipl code in create_disk.sh We need to implement removal of ignition.firstboot and re-run zipl in ignition-dracut hooks. See coreos/ignition-dracut#84. Signed-off-by: Tuan Hoang <[email protected]>
- add zipl code in create_disk.sh. We need to implement removal of ignition.firstboot and re-run zipl in ignition-dracut hooks. See coreos/ignition-dracut#84. Signed-off-by: Tuan Hoang <[email protected]>
|
@hbrueckner: mentioned that grub2-emu might be a problem: how do we update the never-fail grub2-emu's kernel (and initramfs). |
We don't unless we really have to. Or make it a manual process. |
- add zipl code in create_disk.sh. We need to implement removal of ignition.firstboot and re-run zipl in ignition-dracut hooks. See coreos/ignition-dracut#84. Signed-off-by: Tuan Hoang <[email protected]>
I have a possible suggestion that might work for all architectures: coreos/fedora-coreos-tracker#191 (comment) |
- add zipl code in create_disk.sh. We need to implement removal of ignition.firstboot and re-run zipl in ignition-dracut hooks. See coreos/ignition-dracut#84. Signed-off-by: Tuan Hoang <[email protected]>
zipl records need to be updated, because ignition.firstboot is burned into target disk during coreos-installer As a short-term solution for: coreos#84 Depends on: ibm-s390-linux/s390-tools#71 ibm-s390-linux/s390-tools#74 Related: coreos/coreos-installer#61 coreos/coreos-assembler#780
zipl records need to be updated, because ignition.firstboot is burned into target disk during coreos-installer As a short-term solution for: coreos#84 Depends on: ibm-s390-linux/s390-tools#71 ibm-s390-linux/s390-tools#74 Related: coreos/coreos-installer#61 coreos/coreos-assembler#780
zipl records need to be updated, because ignition.firstboot is burned into target disk during coreos-installer As a short-term solution for: coreos#84 Depends on: ibm-s390-linux/s390-tools#71 ibm-s390-linux/s390-tools#74 Related: coreos/coreos-installer#61 coreos/coreos-assembler#780
zipl records need to be updated, because ignition.firstboot is burned into target disk during coreos-installer As a short-term solution for: #84 Depends on: ibm-s390-linux/s390-tools#71 ibm-s390-linux/s390-tools#74 Related: coreos/coreos-installer#61 coreos/coreos-assembler#780
zipl records need to be updated, because ignition.firstboot is burned into target disk during coreos-installer As a short-term solution for: coreos#84 Depends on: ibm-s390-linux/s390-tools#71 ibm-s390-linux/s390-tools#74 Related: coreos/coreos-installer#61 coreos/coreos-assembler#780 (cherry picked from commit 38af701)
zipl records need to be updated, because ignition.firstboot is burned into target disk during coreos-installer As a short-term solution for: #84 Depends on: ibm-s390-linux/s390-tools#71 ibm-s390-linux/s390-tools#74 Related: coreos/coreos-installer#61 coreos/coreos-assembler#780 (cherry picked from commit 38af701)
|
Based on the discussion and the commits, I'm going to call this closed. If that assessment is incorrect @cgwalters please feel free to re-open against Ignition. |
The s390x bootloader zipl doesn't have a full interpreted programming language like GRUB that would allow an equivalent of our grub fragment.
Why again can't we mount
/bootin the initramfs? We need to do that for FIPS handling anyways tooThat said I also do think it makes sense to have the bootloaders support passing other data; they have code sufficient to read the kernel/initramfs so reading other files shouldn't be hard.
The text was updated successfully, but these errors were encountered: