-
Notifications
You must be signed in to change notification settings - Fork 542
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rework dracut defaults into separate subpackages for more granular image configuration #9326
Conversation
snip unneeded dracut modules from baremetal scenario base images
b8cf338
to
09ac4b4
Compare
09ac4b4
to
4cda15b
Compare
@@ -0,0 +1,4 @@ | |||
# kdump currently uses the host system's initrd when enrolling a crash kernel |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Curious what would change if we had #9333 to regenerate the crash kernel initrd rather than using the host system's version
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we would make the kdump initrd gen logic pass -H to explictly turn on hostonly. We would then not install hostonly.conf in our image configs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense - I'll add this in my kdump changes
@@ -75,6 +79,20 @@ Requires: nss | |||
This package requires everything which is needed to build an | |||
initramfs with dracut, which does an integrity check. | |||
|
|||
%package hostonly |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't there an implied linkage between these dracut subpackages and whether the kernel supplies the underlying modules? Should each kernels "Requires" their relevant dracut subpackages?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A given kernel doesn't require any module to go in initramfs. A given image being deployed on a certain platform is what defines the need for certain modules. Hence, we are choosing to compose the set of dracut packages in the image at the imageconfig level.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense about platforms defining what modules are in the initramfs. As we were chatting offline and you should consider if a "Requires: dracut >= X" in the kernel spec would help protect against regressions due to kernel module changes in kernel package updates
45453f0
to
65b9b57
Compare
@@ -75,6 +79,20 @@ Requires: nss | |||
This package requires everything which is needed to build an | |||
initramfs with dracut, which does an integrity check. | |||
|
|||
%package hostonly |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense about platforms defining what modules are in the initramfs. As we were chatting offline and you should consider if a "Requires: dracut >= X" in the kernel spec would help protect against regressions due to kernel module changes in kernel package updates
@@ -0,0 +1,4 @@ | |||
# kdump currently uses the host system's initrd when enrolling a crash kernel |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense - I'll add this in my kdump changes
…age configuration (#9326) Co-authored-by: Chris Gunn <[email protected]>
…age configuration (#9326) Co-authored-by: Chris Gunn <[email protected]>
Merge Checklist
All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)
*-static
subpackages, etc.) have had theirRelease
tag incremented../cgmanifest.json
,./toolkit/scripts/toolchain/cgmanifest.json
,.github/workflows/cgmanifest.json
)./SPECS/LICENSES-AND-NOTICES/data/licenses.json
,./SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md
,./SPECS/LICENSES-AND-NOTICES/LICENSE-EXCEPTIONS.PHOTON
)*.signatures.json
filessudo make go-tidy-all
andsudo make go-test-coverage
passSummary
What does the PR accomplish, why was it needed?
Due to a change in 3.0 which has us using dracut instead of mkinitrd (#8126), we now have a required set of kernel modules which must be present for a given kernel to generate an initramfs. kernel-mshv has a much more minimal set of kernel drivers built; it by definition does not need to support being virtualized over xen, for example. Because we have this universally required set of modules and it is the superset required for all scenarios, kernel-mshv is unable to generate an initramfs which breaks our Dom0 boot.
Mariner has historically installed the superset of kernel modules needed for all scenarios. Now, we care about installing only the relevant set of kernel modules needed for early boot in a given image's scenario. We accomplish this by separating out our dracut's defaults.conf into multiple smaller .conf files.
Change Log
Does this affect the toolchain?
NO
Test Methodology
- AKS image - success
- lisa tests - success, see above summary
- x86 image - success
- Arm image - success
- kdump - success
Baremetal images - success