diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/afterburn-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/afterburn-9999.ebuild index 45d9f7fa7b..e15fffc360 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/afterburn-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/afterburn-9999.ebuild @@ -220,6 +220,12 @@ RDEPEND=" !coreos-base/coreos-metadata " +PATCHES=( + "${FILESDIR}"/0001-Revert-remove-cl-legacy-feature.patch + "${FILESDIR}"/0002-util-cmdline-Handle-the-cmdline-flags-as-list-of-sup.patch + "${FILESDIR}"/0003-encode-information-for-systemd-networkd-wait-online.patch +) + src_unpack() { cros-workon_src_unpack "$@" coreos-cargo_src_unpack "$@" diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/files/0001-Revert-remove-cl-legacy-feature.patch b/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/files/0001-Revert-remove-cl-legacy-feature.patch new file mode 100644 index 0000000000..d6aa8814ab --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/files/0001-Revert-remove-cl-legacy-feature.patch @@ -0,0 +1,188 @@ +From cb9d27d40fe7b34bdabe846764c0290fd9d36b8c Mon Sep 17 00:00:00 2001 +From: Mathieu Tortuyaux +Date: Wed, 30 Mar 2022 09:17:45 +0200 +Subject: [PATCH 1/3] Revert "*: remove cl-legacy feature" + +This reverts commit 3e4b623b390ab756a6be963eec7198b3e7f44e20. + +Signed-off-by: Mathieu Tortuyaux +--- + Cargo.toml | 3 + + src/metadata.rs | 8 +++ + src/providers/mod.rs | 2 + + src/providers/vagrant_virtualbox/mod.rs | 79 +++++++++++++++++++++++++ + src/util/cmdline.rs | 4 ++ + 5 files changed, 96 insertions(+) + create mode 100644 src/providers/vagrant_virtualbox/mod.rs + +diff --git a/Cargo.toml b/Cargo.toml +index e5b3dc3..f9b3e46 100644 +--- a/Cargo.toml ++++ b/Cargo.toml +@@ -26,6 +26,9 @@ lto = true + # We assume we're being delivered via e.g. RPM which supports split debuginfo + debug = true + ++[features] ++cl-legacy = [] ++ + [dependencies] + anyhow = "1.0" + base64 = "0.13" +diff --git a/src/metadata.rs b/src/metadata.rs +index 758bb1e..8544de9 100644 +--- a/src/metadata.rs ++++ b/src/metadata.rs +@@ -30,6 +30,8 @@ use crate::providers::openstack; + use crate::providers::openstack::network::OpenstackProviderNetwork; + use crate::providers::packet::PacketProvider; + use crate::providers::powervs::PowerVSProvider; ++#[cfg(feature = "cl-legacy")] ++use crate::providers::vagrant_virtualbox::VagrantVirtualboxProvider; + use crate::providers::vmware::VmwareProvider; + use crate::providers::vultr::VultrProvider; + +@@ -48,6 +50,8 @@ pub fn fetch_metadata(provider: &str) -> Result box_result!(AliyunProvider::try_new()?), + "aws" => box_result!(AwsProvider::try_new()?), ++ #[cfg(feature = "cl-legacy")] ++ "ec2" => box_result!(AwsProvider::try_new()?), + "azure" => box_result!(Azure::try_new()?), + "azurestack" => box_result!(AzureStack::try_new()?), + "cloudstack-metadata" => box_result!(CloudstackNetwork::try_new()?), +@@ -55,6 +59,8 @@ pub fn fetch_metadata(provider: &str) -> Result box_result!(DigitalOceanProvider::try_new()?), + "exoscale" => box_result!(ExoscaleProvider::try_new()?), + "gcp" => box_result!(GcpProvider::try_new()?), ++ #[cfg(feature = "cl-legacy")] ++ "gce" => box_result!(GcpProvider::try_new()?), + // IBM Cloud - VPC Generation 2. + "ibmcloud" => box_result!(IBMGen2Provider::try_new()?), + // IBM Cloud - Classic infrastructure. +@@ -63,6 +69,8 @@ pub fn fetch_metadata(provider: &str) -> Result box_result!(OpenstackProviderNetwork::try_new()?), + "packet" => box_result!(PacketProvider::try_new()?), + "powervs" => box_result!(PowerVSProvider::try_new()?), ++ #[cfg(feature = "cl-legacy")] ++ "vagrant-virtualbox" => box_result!(VagrantVirtualboxProvider::new()), + "vmware" => box_result!(VmwareProvider::try_new()?), + "vultr" => box_result!(VultrProvider::try_new()?), + _ => bail!("unknown provider '{}'", provider), +diff --git a/src/providers/mod.rs b/src/providers/mod.rs +index f684d22..a67546c 100644 +--- a/src/providers/mod.rs ++++ b/src/providers/mod.rs +@@ -35,6 +35,8 @@ pub mod microsoft; + pub mod openstack; + pub mod packet; + pub mod powervs; ++#[cfg(feature = "cl-legacy")] ++pub mod vagrant_virtualbox; + pub mod vmware; + pub mod vultr; + +diff --git a/src/providers/vagrant_virtualbox/mod.rs b/src/providers/vagrant_virtualbox/mod.rs +new file mode 100644 +index 0000000..d7a9e0e +--- /dev/null ++++ b/src/providers/vagrant_virtualbox/mod.rs +@@ -0,0 +1,79 @@ ++// Copyright 2017 CoreOS, Inc. ++// ++// Licensed under the Apache License, Version 2.0 (the "License"); ++// you may not use this file except in compliance with the License. ++// You may obtain a copy of the License at ++// ++// http://www.apache.org/licenses/LICENSE-2.0 ++// ++// Unless required by applicable law or agreed to in writing, software ++// distributed under the License is distributed on an "AS IS" BASIS, ++// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++// See the License for the specific language governing permissions and ++// limitations under the License. ++ ++//! vagrant/virtualbox metadata fetcher ++ ++use std::collections::HashMap; ++use std::net::IpAddr; ++use std::thread; ++use std::time::Duration; ++ ++use anyhow::{anyhow,Context,Result}; ++use slog_scope::info; ++ ++use crate::providers::MetadataProvider; ++ ++#[derive(Clone, Copy, Debug)] ++pub struct VagrantVirtualboxProvider; ++ ++impl VagrantVirtualboxProvider { ++ pub fn new() -> Self { ++ Self ++ } ++ ++ fn get_ip() -> Result { ++ let max_attempts = 30; ++ for _ in 0..max_attempts { ++ if let Some(iface) = Self::find_eth1() { ++ for a in iface.ips { ++ if let IpAddr::V4(a) = a.ip() { ++ return Ok(format!("{}", a)); ++ } ++ } ++ } ++ info!("eth1 not found or is lacking an ipv4 address; waiting 2 seconds"); ++ thread::sleep(Duration::from_secs(2)); ++ } ++ Err(anyhow!("eth1 was not found!")) ++ } ++ ++ fn find_eth1() -> Option { ++ pnet_datalink::interfaces() ++ .into_iter() ++ .find(|i| i.name == "eth1") ++ } ++ ++ /// Get the hostname from local system settings. ++ fn system_hostname() -> Result { ++ let hostname = hostname::get() ++ .context("unable to get hostname")? ++ .to_string_lossy() ++ .into_owned(); ++ Ok(hostname) ++ } ++} ++ ++impl MetadataProvider for VagrantVirtualboxProvider { ++ fn attributes(&self) -> Result> { ++ let hostname = Self::system_hostname()?; ++ let ip = Self::get_ip()?; ++ ++ let attributes = maplit::hashmap! { ++ "VAGRANT_VIRTUALBOX_HOSTNAME".to_string() => hostname, ++ "VAGRANT_VIRTUALBOX_PRIVATE_IPV4".to_string() => ip, ++ }; ++ ++ Ok(attributes) ++ } ++} +diff --git a/src/util/cmdline.rs b/src/util/cmdline.rs +index 8821265..e7b5550 100644 +--- a/src/util/cmdline.rs ++++ b/src/util/cmdline.rs +@@ -23,7 +23,11 @@ use anyhow::{bail, Context, Result}; + use slog_scope::trace; + + /// Platform key. ++#[cfg(not(feature = "cl-legacy"))] + const CMDLINE_PLATFORM_FLAG: &str = "ignition.platform.id"; ++/// Platform key (CL and RHCOS legacy name: "OEM"). ++#[cfg(feature = "cl-legacy")] ++const CMDLINE_PLATFORM_FLAG: &str = "coreos.oem.id"; + + /// Get platform/OEM value from cmdline file. + pub fn get_platform(fpath: &str) -> Result { +-- +2.34.1 + diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/files/0002-util-cmdline-Handle-the-cmdline-flags-as-list-of-sup.patch b/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/files/0002-util-cmdline-Handle-the-cmdline-flags-as-list-of-sup.patch new file mode 100644 index 0000000000..1bb0fe0240 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/files/0002-util-cmdline-Handle-the-cmdline-flags-as-list-of-sup.patch @@ -0,0 +1,111 @@ +From 4ba9549019683e4ece7bd1ddb27da67f8b260ea7 Mon Sep 17 00:00:00 2001 +From: Mathieu Tortuyaux +Date: Tue, 29 Mar 2022 16:01:19 +0200 +Subject: [PATCH 2/3] util/cmdline: Handle the cmdline flags as list of + supported names + +Flatcar Container Linux uses flatcar.oem.id as kernel parameter and has +support for coreos.oem.id. Afterburn's ignition.oem.id is not supported +and even if, it would not be the sole option. +Handle both flatcar.oem.id and coreos.oem.id. The first name in the +list takes precedence, any other present names are ignored. +--- + src/util/cmdline.rs | 64 +++++++++++++++++++++++++-------------------- + 1 file changed, 36 insertions(+), 28 deletions(-) + +diff --git a/src/util/cmdline.rs b/src/util/cmdline.rs +index e7b5550..5c1cfda 100644 +--- a/src/util/cmdline.rs ++++ b/src/util/cmdline.rs +@@ -24,29 +24,36 @@ use slog_scope::trace; + + /// Platform key. + #[cfg(not(feature = "cl-legacy"))] +-const CMDLINE_PLATFORM_FLAG: &str = "ignition.platform.id"; +-/// Platform key (CL and RHCOS legacy name: "OEM"). ++const CMDLINE_PLATFORM_FLAGS: [&'static str; 1] = ["ignition.platform.id"]; ++/// Backwards-compatible platform keys, the first name takes precedence. + #[cfg(feature = "cl-legacy")] +-const CMDLINE_PLATFORM_FLAG: &str = "coreos.oem.id"; ++const CMDLINE_PLATFORM_FLAGS: [&'static str; 2] = ["flatcar.oem.id", "coreos.oem.id"]; + + /// Get platform/OEM value from cmdline file. + pub fn get_platform(fpath: &str) -> Result { + let content = std::fs::read_to_string(fpath) + .with_context(|| format!("Failed to read cmdline file ({})", fpath))?; + +- match find_flag_value(CMDLINE_PLATFORM_FLAG, &content) { +- Some(platform) => { +- trace!("found '{}' flag: {}", CMDLINE_PLATFORM_FLAG, platform); +- Ok(platform) ++ for flagname in &CMDLINE_PLATFORM_FLAGS { ++ match find_flag_value(flagname, &content) { ++ Some(platform) => { ++ trace!("found '{}' flag: {}", flagname, platform); ++ return Ok(platform); ++ } ++ None => { ++ continue; ++ } + } +- None => bail!( +- "Couldn't find flag '{}' in cmdline file ({})", +- CMDLINE_PLATFORM_FLAG, +- fpath +- ), + } ++ ++ bail!( ++ "Couldn't find one of the flags '{:?}' in cmdline file ({})", ++ CMDLINE_PLATFORM_FLAGS, ++ fpath ++ ) + } + ++ + /// Check whether kernel cmdline file contains flags for network configuration. + #[allow(unused)] + pub fn has_network_kargs(fpath: &str) -> Result { +@@ -99,22 +106,23 @@ mod tests { + + #[test] + fn test_find_flag() { +- let flagname = "coreos.oem.id"; +- let tests = vec![ +- ("", None), +- ("foo=bar", None), +- ("coreos.oem.id", None), +- ("coreos.oem.id=", None), +- ("coreos.oem.id=\t", None), +- ("coreos.oem.id=ec2", Some("ec2".to_string())), +- ("coreos.oem.id=\tec2", Some("ec2".to_string())), +- ("coreos.oem.id=ec2\n", Some("ec2".to_string())), +- ("foo=bar coreos.oem.id=ec2", Some("ec2".to_string())), +- ("coreos.oem.id=ec2 foo=bar", Some("ec2".to_string())), +- ]; +- for (tcase, tres) in tests { +- let res = find_flag_value(flagname, tcase); +- assert_eq!(res, tres, "failed testcase: '{}'", tcase); ++ for flagname in &CMDLINE_PLATFORM_FLAGS { ++ let tests = vec![ ++ ("".to_string(), None), ++ ("foo=bar".to_string(), None), ++ (format!("{}", flagname), None), ++ (format!("{}=", flagname), None), ++ (format!("{}=\t", flagname), None), ++ (format!("{}=ec2", flagname), Some("ec2".to_string())), ++ (format!("{}=\tec2", flagname), Some("ec2".to_string())), ++ (format!("{}=ec2\n", flagname), Some("ec2".to_string())), ++ (format!("foo=bar {}=ec2", flagname), Some("ec2".to_string())), ++ (format!("{}=ec2 foo=bar", flagname), Some("ec2".to_string())), ++ ]; ++ for (tcase, tres) in tests { ++ let res = find_flag_value(flagname, &tcase); ++ assert_eq!(res, tres, "failed testcase: '{}'", &tcase); ++ } + } + } + +-- +2.34.1 + diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/files/0003-encode-information-for-systemd-networkd-wait-online.patch b/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/files/0003-encode-information-for-systemd-networkd-wait-online.patch new file mode 100644 index 0000000000..33a434c7d4 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/files/0003-encode-information-for-systemd-networkd-wait-online.patch @@ -0,0 +1,368 @@ +From f88600293ee1c3e7d08ee724b18944dd1c40deff Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Kai=20L=C3=BCke?= +Date: Thu, 15 Oct 2020 15:49:02 +0900 +Subject: [PATCH 3/3] network: Encode information for + systemd-networkd-wait-online + +The network-online.target can use systemd-networkd-wait-online.service +to wait for all interfaces to come up. It will fail if the interfaces +didn't came up but sometimes it is actually ok for some interfaces to +be down because they are unused or they are just one of two parts of a +bond. We should encode when interfaces will never come up and when it +is acceptable to have interfaces in a degraded state and which. +Extend the network logic to handle this additional configuration. For +Packet we expect the metadata to specify all interfaces, and any other +physical NICs can be set to "unmanaged" so that we don't wait for them. +Introduce "Path" matching in the networkd unit file for that. +We also allow bonds to operate with only one working link, and we don't +wait for all bonded interfaces to be configured. +This is a port of https://github.com/flatcar-linux/afterburn/pull/10 +to afterburn's main branch. +--- + src/network.rs | 99 +++++++++++++++++++++++++-- + src/providers/digitalocean/mod.rs | 2 + + src/providers/ibmcloud_classic/mod.rs | 2 + + src/providers/packet/mod.rs | 30 ++++++++ + 4 files changed, 128 insertions(+), 5 deletions(-) + +diff --git a/src/network.rs b/src/network.rs +index abf36f2..40f18a8 100644 +--- a/src/network.rs ++++ b/src/network.rs +@@ -72,6 +72,8 @@ pub struct Interface { + pub name: Option, + /// Interface MAC address. + pub mac_address: Option, ++ /// Path as identifier ++ pub path: Option, + /// Relative priority for interface configuration. + pub priority: u8, + pub nameservers: Vec, +@@ -79,6 +81,8 @@ pub struct Interface { + pub routes: Vec, + pub bond: Option, + pub unmanaged: bool, ++ /// Optional requirement setting instead of the default ++ pub required_for_online: Option, + } + + /// A virtual network interface. +@@ -126,10 +130,11 @@ impl NetDevKind { + impl Interface { + /// Return a deterministic `systemd.network` unit name for this device. + pub fn sd_network_unit_name(&self) -> Result { +- let iface_name = match (&self.name, &self.mac_address) { +- (Some(ref name), _) => name.clone(), +- (None, Some(ref addr)) => addr.to_string(), +- (None, None) => bail!("network interface without name nor MAC address"), ++ let iface_name = match (&self.name, &self.mac_address, &self.path) { ++ (Some(ref name), _, _) => name.clone(), ++ (None, Some(ref addr), _) => addr.to_string(), ++ (None, None, Some(ref path)) => path.to_string(), ++ (None, None, None) => bail!("network interface without name nor MAC address"), + }; + let unit_name = format!("{:02}-{}.network", self.priority, iface_name); + Ok(unit_name) +@@ -146,6 +151,9 @@ impl Interface { + if let Some(mac) = self.mac_address { + config.push_str(&format!("MACAddress={}\n", mac)); + } ++ if let Some(path) = &self.path { ++ config.push_str(&format!("Path={}\n", path)); ++ } + + // [Network] section + config.push_str("\n[Network]\n"); +@@ -157,8 +165,14 @@ impl Interface { + } + + // [Link] section ++ if self.unmanaged || self.required_for_online.is_some() { ++ config.push_str("\n[Link]\n"); ++ } + if self.unmanaged { +- config.push_str("\n[Link]\nUnmanaged=yes\n"); ++ config.push_str("Unmanaged=yes\n"); ++ } ++ if let Some(operational_state) = &self.required_for_online { ++ config.push_str(&format!("RequiredForOnline={}\n", operational_state)); + } + + // [Address] sections +@@ -225,12 +239,14 @@ mod tests { + Interface { + name: Some(String::from("lo")), + mac_address: Some(MacAddr(0, 0, 0, 0, 0, 0)), ++ path: None, + priority: 20, + nameservers: vec![], + ip_addresses: vec![], + routes: vec![], + bond: None, + unmanaged: false, ++ required_for_online: None, + }, + "20-lo.network", + ), +@@ -238,12 +254,14 @@ mod tests { + Interface { + name: Some(String::from("lo")), + mac_address: Some(MacAddr(0, 0, 0, 0, 0, 0)), ++ path: None, + priority: 10, + nameservers: vec![], + ip_addresses: vec![], + routes: vec![], + bond: None, + unmanaged: false, ++ required_for_online: None, + }, + "10-lo.network", + ), +@@ -251,12 +269,14 @@ mod tests { + Interface { + name: None, + mac_address: Some(MacAddr(0, 0, 0, 0, 0, 0)), ++ path: None, + priority: 20, + nameservers: vec![], + ip_addresses: vec![], + routes: vec![], + bond: None, + unmanaged: false, ++ required_for_online: None, + }, + "20-00:00:00:00:00:00.network", + ), +@@ -264,15 +284,32 @@ mod tests { + Interface { + name: Some(String::from("lo")), + mac_address: None, ++ path: None, + priority: 20, + nameservers: vec![], + ip_addresses: vec![], + routes: vec![], + bond: None, + unmanaged: false, ++ required_for_online: None, + }, + "20-lo.network", + ), ++ ( ++ Interface { ++ name: None, ++ mac_address: None, ++ path: Some("pci-*".to_owned()), ++ priority: 20, ++ nameservers: vec![], ++ ip_addresses: vec![], ++ routes: vec![], ++ bond: None, ++ unmanaged: false, ++ required_for_online: None, ++ }, ++ "20-pci-*.network", ++ ), + ]; + + for (iface, expected) in cases { +@@ -286,12 +323,14 @@ mod tests { + let i = Interface { + name: None, + mac_address: None, ++ path: None, + priority: 20, + nameservers: vec![], + ip_addresses: vec![], + routes: vec![], + bond: None, + unmanaged: false, ++ required_for_online: None, + }; + i.sd_network_unit_name().unwrap_err(); + } +@@ -333,6 +372,7 @@ mod tests { + Interface { + name: Some(String::from("lo")), + mac_address: Some(MacAddr(0, 0, 0, 0, 0, 0)), ++ path: None, + priority: 20, + nameservers: vec![ + IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1)), +@@ -352,6 +392,7 @@ mod tests { + }], + bond: Some(String::from("james")), + unmanaged: false, ++ required_for_online: None, + }, + "[Match] + Name=lo +@@ -380,16 +421,64 @@ Gateway=127.0.0.1 + Interface { + name: None, + mac_address: None, ++ path: None, + priority: 10, + nameservers: vec![], + ip_addresses: vec![], + routes: vec![], + bond: None, + unmanaged: false, ++ required_for_online: None, + }, + "[Match] + + [Network] ++", ++ ), ++ // test the path and required_for_online settings ++ ( ++ Interface { ++ name: None, ++ mac_address: None, ++ path: Some("pci-*".to_owned()), ++ priority: 10, ++ nameservers: vec![], ++ ip_addresses: vec![], ++ routes: vec![], ++ bond: None, ++ unmanaged: false, ++ required_for_online: Some("no".to_owned()), ++ }, ++ "[Match] ++Path=pci-* ++ ++[Network] ++ ++[Link] ++RequiredForOnline=no ++", ++ ), ++ // test the unmanaged setting ++ ( ++ Interface { ++ name: Some("*".to_owned()), ++ mac_address: None, ++ path: None, ++ priority: 10, ++ nameservers: vec![], ++ ip_addresses: vec![], ++ routes: vec![], ++ bond: None, ++ unmanaged: true, ++ required_for_online: None, ++ }, ++ "[Match] ++Name=* ++ ++[Network] ++ ++[Link] ++Unmanaged=yes + ", + ), + ]; +diff --git a/src/providers/digitalocean/mod.rs b/src/providers/digitalocean/mod.rs +index 3d74d29..381b90b 100644 +--- a/src/providers/digitalocean/mod.rs ++++ b/src/providers/digitalocean/mod.rs +@@ -159,8 +159,10 @@ impl DigitalOceanProvider { + routes, + bond: None, + name: None, ++ path: None, + priority: 10, + unmanaged: false, ++ required_for_online: None, + }, + ); + } +diff --git a/src/providers/ibmcloud_classic/mod.rs b/src/providers/ibmcloud_classic/mod.rs +index 25e83b5..d8f0086 100644 +--- a/src/providers/ibmcloud_classic/mod.rs ++++ b/src/providers/ibmcloud_classic/mod.rs +@@ -243,12 +243,14 @@ impl IBMClassicProvider { + let iface = network::Interface { + name: Some(name), + mac_address: Some(mac_addr), ++ path: None, + priority: 10, + nameservers: nameservers.clone(), + ip_addresses: vec![ip_net], + routes, + bond: None, + unmanaged: false, ++ required_for_online: None, + }; + output.push(iface); + } +diff --git a/src/providers/packet/mod.rs b/src/providers/packet/mod.rs +index 7a643e8..e789773 100644 +--- a/src/providers/packet/mod.rs ++++ b/src/providers/packet/mod.rs +@@ -219,6 +219,7 @@ impl PacketProvider { + mac_address: Some(mac), + bond: i.bond.clone(), + name: None, ++ path: None, + priority: 10, + nameservers: Vec::new(), + ip_addresses: Vec::new(), +@@ -226,6 +227,15 @@ impl PacketProvider { + // the interface should be unmanaged if it doesn't have a bond + // section + unmanaged: i.bond.is_none(), ++ required_for_online: if i.bond.is_none() { ++ // use the default requirement ++ None ++ } else { ++ // We care about the state of the bond interface and accept if any of the bonded ++ // interfaces are down. Actually the desired minimal state is "no-carrier" but ++ // systemd-networkd-wait-online does not work well with it currently, thus "no". ++ Some("no".to_owned()) ++ }, + }); + + // if there is a bond key, make sure we have a bond device for it +@@ -235,10 +245,12 @@ impl PacketProvider { + priority: 5, + nameservers: dns_servers.clone(), + mac_address: None, ++ path: None, + bond: None, + ip_addresses: Vec::new(), + routes: Vec::new(), + unmanaged: false, ++ required_for_online: Some("degraded-carrier".to_owned()), + }; + if !bonds + .iter() +@@ -319,6 +331,24 @@ impl PacketProvider { + interfaces.push(bond) + } + ++ // Create a fallback rule for all physical NICs that haven't been configured ++ // because otherwise systemd-networkd-wait-online will wait for them and even if told ++ // to only wait for bond0 this won't work with systemd 246 because the bond0 interface ++ // never leaves the "configuring" phase when the other NICs are also still configuring. ++ let fallback = Interface { ++ path: Some("pci-*".to_owned()), ++ unmanaged: true, ++ priority: 80, ++ name: None, ++ mac_address: None, ++ bond: None, ++ nameservers: Vec::new(), ++ ip_addresses: Vec::new(), ++ routes: Vec::new(), ++ required_for_online: None, ++ }; ++ interfaces.push(fallback); ++ + Ok((interfaces, network_devices)) + } + } +-- +2.34.1 + diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/files/coreos-metadata-sshkeys@.service b/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/files/coreos-metadata-sshkeys@.service index 6faa004e86..4818dadc37 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/files/coreos-metadata-sshkeys@.service +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/files/coreos-metadata-sshkeys@.service @@ -8,7 +8,9 @@ Restart=on-failure RestartSec=10 Environment=COREOS_METADATA_OPT_PROVIDER=--cmdline ExecStart=/usr/bin/coreos-metadata ${COREOS_METADATA_OPT_PROVIDER} --ssh-keys=%i +ExecStartPost=/usr/bin/update-ssh-keys -u %i [Install] DefaultInstance=core RequiredBy=multi-user.target +Alias=afterburn-sshkeys@.service diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/files/coreos-metadata.service b/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/files/coreos-metadata.service index 9204dedffc..20098d1be3 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/files/coreos-metadata.service +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/afterburn/files/coreos-metadata.service @@ -8,7 +8,9 @@ Restart=on-failure RestartSec=10 Environment=COREOS_METADATA_OPT_PROVIDER=--cmdline ExecStart=/usr/bin/coreos-metadata ${COREOS_METADATA_OPT_PROVIDER} --attributes=/run/metadata/flatcar +ExecStartPost=/usr/bin/sed --in-place "s/AFTERBURN/COREOS/g ; s/AWS/EC2/g ; s/GCP/GCE/g" /run/metadata/flatcar ExecStartPost=/usr/bin/ln -fs /run/metadata/flatcar /run/metadata/coreos [Install] RequiredBy=metadata.target +Alias=afterburn.service