The increased /boot and /usr partitions meant that we grew all images
types. The raw image had the root partition decreased a bit but the VM
images not, and AWS and Akamai images even got aligned to also have the
larger VM rootfs instead of the raw rootfs. All image types are way
smaller than Azure with its 30 GB size and thus the size had to be
increased. For Azure, however, we already have enough free space and it
is good to avoid increasing the image size because this requires action
for those cases where users had assumed that the image fits into a
hardcoded 30 GB disk.
Reduce the root partition by the amount of blocks that is the difference
between the old and current full disk image size for Azure.
Signed-off-by: Kai Lueke <kailuke@microsoft.com>
This pulls https://github.com/flatcar/bootengine/pull/113 to fix a
kernel boot warning being printed for three modules that are loaded
explicitly.
Signed-off-by: Kai Lueke <kailuke@microsoft.com>
This is consistent with other sysexts. Note that the sysext must be
enabled at boot time for this to happen, otherwise you need to call
`systemd-tmpfiles --create` and `systemctl daemon-reload` first.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
This pulls in https://github.com/flatcar/init/pull/136 to prevent the
default network setup to conflict with TUN/TAP device configuration
from other tools.
Signed-off-by: Kai Lueke <kailuke@microsoft.com>
The Intel microcode wasn't applied anymore after it was reworked to be
in the initrd instead of being built-in as part of the kernel image.
This was due to how the kernel build system can't handle combined
initrds and skip the early cpio when compressing. The AMD microcode was
still built-in as part of the kernel image.
Let the kernel build system pick up the Intel microcode by installing it
to the firmware directory. Disable the inclusion of microcode in the
initrd. Also, we can drop the preservation of the early cpio when
generating the minimal initrd.
Signed-off-by: Kai Lueke <kailuke@microsoft.com>
This pulls in https://github.com/flatcar/bootengine/pull/112 to support
kernel cmdline parameters that specify a custom release server URL to
use for downloading Flatcar extensions.
Signed-off-by: Kai Lueke <kailuke@microsoft.com>
The /usr partition was too small some time ago and we gained space again
by switching to btrfs with compression and also removing/splitting out
content. The /boot partition is too small all the time and we added
many hacks to fit the kernel+initrd under 60 MB. To handle the case
where the /oem partition is too small for the A/B-updated OEM extensions
we added the workaround to write the inactive one (or both) to the
rootfs. All this would not be needed if we had increased the partition
sizes a few years ago so that we could now assume that most nodes have
the increased sizes and we can make use of them. Still, we can do it now
to prepare for the next time when in five or ten years we have serious
size problems and run out of workarounds. We have to do the change now
and wait a few years so that most nodes have been provisioned with the
new layout. Then we can drop the workarounds and have a full featured
kernel and initrd, and we can also increase the /usr filesystem to make
use of the larger partition. Ideally we use large enough sizes that we
never have to worry again but since we also want to support small ARM
boards which might only have 8 GB internal storage, let's target this
when increasing the partition sizes. With 1 GB /boot, two 2 GB /usr, and
1 GB /oem partitions we are already at 6 GB, leaving 2 GB for the
rootfs. For now, reduce the extracted /usr update payload size to the
current combined filesystem and verity data usage (same size as before).
The rootfs size was also reduced for the initial .bin image so that we
don't overshoot 8 GB - it will be resized to fit the disk anyway on
first boot.
Signed-off-by: Adrian Vladu <avladu@cloudbasesolutions.com>
Signed-off-by: Kai Lueke <kailuke@microsoft.com>
The growth of binaries over time and the inclusion of new features
filled the available boot partition space, so that the kernel+initrd
almost couldn't fit twice anymore as required for updates. We employed
workarounds such as wrapper scripts for ignition, afterburn and other
binaries so that they are loaded from /usr. However, this was still not
enough and we would have to do the same for (network) kernel modules and
firmware. To avoid making this ever more complex we can use a dedicated
initrd focused on loading the full initrd from /usr and then this full
initrd can use dracut as before and even drop all the workarounds we
accumulated.
Generate a minimal initrd to use instead of the full bootengine initrd.
The bootengine initrd gets stored as squashfs on /usr. The minimal
initrd still includes the early_cpio for amd64 microcode updates.
We have a fixed list of modules or module directories to include, only
focused on loading /usr and any emergency console interaction. This
requires also checking for module dependencies to copy over.
The busybox, veritysetup, and kmod binaries are needed and get their
required libraries resolved and copied over. They are not static and
use shared libraries which should be ok for now. The resulting vmlinuz
file is 27 MB for amd64, down from ~60 MB, so we have enough room to
include more kernel modules and so on for the next years while we also
grow the boot partition and wait for users to redeploy until we can rely
on a larger boot partition and eventually drop the minimal initrd again.
Pulls in https://github.com/flatcar/bootengine/pull/110 for the
minimal initrd script and https://github.com/flatcar/seismograph/pull/12
for making the device mapper discovery for the "rootdev" command more
reliable.
This also requied a backport of a kernel patch from 2017 that exposes
the PARTUUID in the /sys uevent file.
Co-authored-by: James Le Cuirot <jlecuirot@microsoft.com>
Signed-off-by: Kai Lueke <kailuke@microsoft.com>
