The systemd service unit shipped with the containerd sysext was still referring to TORCX variables. Since TORCX has been removed years ago, this is no longer required.
rclone was previously called from the Mantle image but it's not the
case anymore because we need some environment variables (CHANNEL, ARCH,
etc.)
Let's switch to the `rclone` Docker image.
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
The Intel microcode wasn't applied anymore after it was reworked to be
in the initrd instead of being built-in as part of the kernel image.
This was due to how the kernel build system can't handle combined
initrds and skip the early cpio when compressing. The AMD microcode was
still built-in as part of the kernel image.
Let the kernel build system pick up the Intel microcode by installing it
to the firmware directory. Disable the inclusion of microcode in the
initrd. Also, we can drop the preservation of the early cpio when
generating the minimal initrd.
Signed-off-by: Kai Lueke <kailuke@microsoft.com>
When /etc way kept busy through, e.g., a process using it as CWD, then
even in the temporary namespace unmounting failed unless it was done
with the lazy option.
This pulls in https://github.com/flatcar/update_engine/pull/52 to
address this.
Signed-off-by: Kai Lueke <kailuke@microsoft.com>
This pulls in https://github.com/flatcar/bootengine/pull/112 to support
kernel cmdline parameters that specify a custom release server URL to
use for downloading Flatcar extensions.
Signed-off-by: Kai Lueke <kailuke@microsoft.com>
The code was tripping up over whitespace, resulting in scary error
messages, and was more cumbersome than it needed to be.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
KV_FULL wasn't being set before, so it was actually scanning all modules
under /lib/modules, not just the ones for the current kernel version.
Hopefully, we can eventually create an env file so that we can use the
upstream ebuild directly, but this at least brings them closer in line.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
The default rootfs size for the .bin raw iamge is a bit smaller now
because we still want to be able to flash to 8 GB storage. However, the
VM images still have the 6 GB rootfs as before. Some cloud images
weren't using the larger VM rootfs size though but the raw image rootfs
size.
Specify that AWS and Akamai images should use the larger VM rootfs size.
Signed-off-by: Kai Lueke <kailuke@microsoft.com>
The /usr partition was too small some time ago and we gained space again
by switching to btrfs with compression and also removing/splitting out
content. The /boot partition is too small all the time and we added
many hacks to fit the kernel+initrd under 60 MB. To handle the case
where the /oem partition is too small for the A/B-updated OEM extensions
we added the workaround to write the inactive one (or both) to the
rootfs. All this would not be needed if we had increased the partition
sizes a few years ago so that we could now assume that most nodes have
the increased sizes and we can make use of them. Still, we can do it now
to prepare for the next time when in five or ten years we have serious
size problems and run out of workarounds. We have to do the change now
and wait a few years so that most nodes have been provisioned with the
new layout. Then we can drop the workarounds and have a full featured
kernel and initrd, and we can also increase the /usr filesystem to make
use of the larger partition. Ideally we use large enough sizes that we
never have to worry again but since we also want to support small ARM
boards which might only have 8 GB internal storage, let's target this
when increasing the partition sizes. With 1 GB /boot, two 2 GB /usr, and
1 GB /oem partitions we are already at 6 GB, leaving 2 GB for the
rootfs. For now, reduce the extracted /usr update payload size to the
current combined filesystem and verity data usage (same size as before).
The rootfs size was also reduced for the initial .bin image so that we
don't overshoot 8 GB - it will be resized to fit the disk anyway on
first boot.
Signed-off-by: Adrian Vladu <avladu@cloudbasesolutions.com>
Signed-off-by: Kai Lueke <kailuke@microsoft.com>
