Rework dracut defaults into separate subpackages for more granular image configuration

[Camelron]

Merge Checklist

All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)

• The toolchain has been rebuilt successfully (or no changes were made to it)
• The toolchain/worker package manifests are up-to-date
• Any updated packages successfully build (or no packages were changed)
• Packages depending on static components modified in this PR (Golang, *-static subpackages, etc.) have had their Release tag incremented.
• Package tests (%check section) have been verified with RUN_CHECK=y for existing SPEC files, or added to new SPEC files
• All package sources are available
• cgmanifest files are up-to-date and sorted (./cgmanifest.json, ./toolkit/scripts/toolchain/cgmanifest.json, .github/workflows/cgmanifest.json)
• LICENSE-MAP files are up-to-date (./SPECS/LICENSES-AND-NOTICES/data/licenses.json, ./SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md, ./SPECS/LICENSES-AND-NOTICES/LICENSE-EXCEPTIONS.PHOTON)
• All source files have up-to-date hashes in the *.signatures.json files
• sudo make go-tidy-all and sudo make go-test-coverage pass
• Documentation has been updated to match any changes to the build system
• If you are adding/removing a .spec file that has multiple-versions supported, please add @microsoft/cbl-mariner-multi-package-reviewers team as reviewer (Eg. golang has 2 versions 1.18, 1.21+)
• Ready to merge

---

Summary

What does the PR accomplish, why was it needed?
Due to a change in 3.0 which has us using dracut instead of mkinitrd (#8126), we now have a required set of kernel modules which must be present for a given kernel to generate an initramfs. kernel-mshv has a much more minimal set of kernel drivers built; it by definition does not need to support being virtualized over xen, for example. Because we have this universally required set of modules and it is the superset required for all scenarios, kernel-mshv is unable to generate an initramfs which breaks our Dom0 boot.

Mariner has historically installed the superset of kernel modules needed for all scenarios. Now, we care about installing only the relevant set of kernel modules needed for early boot in a given image's scenario. We accomplish this by separating out our dracut's defaults.conf into multiple smaller .conf files.

Change Log

• Split dracut defaults into separate packages.
• Flag new dracut subpackages as relevant to initramfs regeneration
• Configure existing image configs with reasonable sets of dracut modules

Does this affect the toolchain?

NO

Test Methodology

• Tested a wide set of scenarios to ensure that images are booting in all cases.
• Core-efi image:
  • Local hyper-v vm - success
  • bvt tests - success
  • kdump - success
  • fips enablement of core image - success
  • full iso image install - success
• Marketplace image:
  - AKS image - success
  - lisa tests - success, see above summary
  - x86 image - success
  - Arm image - success
  - kdump - success
  Baremetal images - success

[christopherco]

Curious what would change if we had #9333 to regenerate the crash kernel initrd rather than using the host system's version

[Camelron]

I think we would make the kdump initrd gen logic pass -H to explictly turn on hostonly. We would then not install hostonly.conf in our image configs.

[christopherco]

Makes sense - I'll add this in my kdump changes

[christopherco]

Isn't there an implied linkage between these dracut subpackages and whether the kernel supplies the underlying modules? Should each kernels "Requires" their relevant dracut subpackages?

[Camelron]

A given kernel doesn't require any module to go in initramfs. A given image being deployed on a certain platform is what defines the need for certain modules. Hence, we are choosing to compose the set of dracut packages in the image at the imageconfig level.

[christopherco]

Makes sense about platforms defining what modules are in the initramfs. As we were chatting offline and you should consider if a "Requires: dracut >= X" in the kernel spec would help protect against regressions due to kernel module changes in kernel package updates

[christopherco]

Makes sense about platforms defining what modules are in the initramfs. As we were chatting offline and you should consider if a "Requires: dracut >= X" in the kernel spec would help protect against regressions due to kernel module changes in kernel package updates

[christopherco]

Makes sense - I'll add this in my kdump changes