[PATCH] add fake root support

[PATCH] add fake root support

[Vladislav Bogdanov]

[-- Attachment #1: Type: text/plain, Size: 1337 bytes --]

Hi,

Attached is a patch for "fake" root functionality,
I'm (mostly) duplicating issue's description from my previous e-mail
(for commit message if this is to be pushed):

===============
fakeroot use case -
* initramfs includes ext3 filesystem wrapped into squashfs (like
ovirt-node-image has)
* that filesystem is used as a live root (initramfs is pulled from TFTP)
* kernel cmdline has CLIENTSTATE variable set to address of NFS mount.
Then rc.sysinit will mount $CLIENTSTATE/$HOSTNAME (as a last resort
case) and will use it as a STATE_MOUNT.

Thus, we have read-only root in RAM and all state files mounted from
NFS. So server can operate totally diskless (opposed to ovirt-node which
has to be set-up on a local disk or iSCSI target, both of which seem to
be an overkill if one has 16+ servers). An adding new servers to a pool
requires only correct DHCP server settings, nothing more (probably some
files on a nfs server too, but that's another story).

What we need from dracut is to set up networking and pass ifcfg's to a
system via /dev/.initramfs (for DHCP). But then we need to some-how
"simulate" networked root because otherwise there is no chance to bring
network up.

To achieve this we could pass "netroot=fake root=live:blablabla
CLIENTSTATE=xxx.yyy.zzz.www:/mnt" via kernel's cmdline.
==============

Best,
Vladislav

[-- Attachment #2: dracut-fakeroot.patch --]
[-- Type: text/x-patch, Size: 2927 bytes --]

diff --git a/modules.d/95fakeroot/check b/modules.d/95fakeroot/check
new file mode 100755
index 0000000..1829b66
--- /dev/null
+++ b/modules.d/95fakeroot/check
@@ -0,0 +1,8 @@
+#!/bin/bash
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+
+# We depend on network modules being loaded
+[ "$1" = "-d" ] && echo network
+
+exit 0
diff --git a/modules.d/95fakeroot/fakeroot b/modules.d/95fakeroot/fakeroot
new file mode 100755
index 0000000..caae40c
--- /dev/null
+++ b/modules.d/95fakeroot/fakeroot
@@ -0,0 +1,41 @@
+#!/bin/sh
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+#
+
+. /lib/dracut-lib.sh
+
+PATH=$PATH:/sbin:/usr/sbin
+
+# Huh? Empty $1?
+[ -z "$1" ] && exit 1
+
+# Huh? Empty $2?
+[ -z "$2" ] && exit 1
+
+# Huh? Empty $3? This isn't really necessary, since NEWROOT isn't 
+# used here. But let's be consistent
+[ -z "$3" ] && exit 1
+
+netif="$1"
+root="$2"
+
+# This is for NFS RW state partition, just set a variable
+[ -z "$CLIENTSTATE" ] && CLIENTSTATE=$(getarg CLIENTSTATE=)
+
+echo
+echo "****"
+echo "** Allowing network to start without real networked root."
+echo "** This makes possible to use readonly root with nfs-mounted RW state partition."
+echo "** Real root will be mounted from $root."
+echo "** Network interface $netif will be passed to a real system."
+if [ -n "$CLIENTSTATE" ] ;then
+    echo "** RW state partition will be mounted by a real system from $CLIENTSTATE."
+else
+    echo "** Warning: nothing is passed in CLIENTSTATE variable."
+fi
+echo
+echo "****"
+echo
+
+exit 0
diff --git a/modules.d/95fakeroot/install b/modules.d/95fakeroot/install
new file mode 100755
index 0000000..79abdf7
--- /dev/null
+++ b/modules.d/95fakeroot/install
@@ -0,0 +1,5 @@
+#!/bin/bash
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+inst_hook cmdline 90 "$moddir/parse-fakeroot.sh"
+inst "$moddir/fakeroot" "/sbin/fakeroot"
diff --git a/modules.d/95fakeroot/parse-fakeroot.sh b/modules.d/95fakeroot/parse-fakeroot.sh
new file mode 100755
index 0000000..9d22dd2
--- /dev/null
+++ b/modules.d/95fakeroot/parse-fakeroot.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+#
+# Format:
+#       netroot=fake root=*
+#
+# both netroot=fake and root= should be set
+#
+# Note: this differs from other netroot handlers which usually replace netroot's value with
+# what root is set too.
+#
+
+# This script is sourced, so root should be set. But let's be paranoid
+[ -z "$root" ] && root=$(getarg root=)
+[ -z "$netroot" ] && netroot=$(getarg netroot=)
+
+if [ "${netroot%%:*}" = "fake" ] ; then
+    if [ -z "$root" ] ; then
+        echo "Warning: both root and netroot should be set for a 'fake' netroot"
+    fi
+fi
+

Re: [PATCH] add fake root support

[Vladislav Bogdanov]

19.10.2010 17:49, Vladislav Bogdanov wrote:
> Attached is a patch for "fake" root functionality,
> I'm (mostly) duplicating issue's description from my previous e-mail
> (for commit message if this is to be pushed):
> 

Sorry for being annoying, but... Any comments?

Best,
Vladislav

Re: [PATCH] add fake root support

[Harald Hoyer]

On 11/01/2010 03:16 PM, Vladislav Bogdanov wrote:
> 19.10.2010 17:49, Vladislav Bogdanov wrote:
>> Attached is a patch for "fake" root functionality,
>> I'm (mostly) duplicating issue's description from my previous e-mail
>> (for commit message if this is to be pushed):
>>
>
> Sorry for being annoying, but... Any comments?
>
> Best,
> Vladislav
>

I like it, but I don't like the parameters...

Maybe we can express it like this:

netroot=fake:xxx.yyy.zzz.www:/mnt root=live:blablabla

and find another name for "fake".. maybe "container"?

netroot=container:nfs:xxx.yyy.zzz.www:/mnt root=live:blablabla

Which reminds me, that we should probably have the possibility to concatenate 
several stages.

root=nfs:xxx.yyy.zzz.www:/mnt|loop:test.img|live:blablabla

comments?

Re: [PATCH] add fake root support

[Vladislav Bogdanov]

10.11.2010 16:21, Harald Hoyer wrote:
> On 11/01/2010 03:16 PM, Vladislav Bogdanov wrote:
>> 19.10.2010 17:49, Vladislav Bogdanov wrote:
>>> Attached is a patch for "fake" root functionality,
>>> I'm (mostly) duplicating issue's description from my previous e-mail
>>> (for commit message if this is to be pushed):
>>>
>>
>> Sorry for being annoying, but... Any comments?
>>
>> Best,
>> Vladislav
>>
> 
> I like it, but I don't like the parameters...
> 
> Maybe we can express it like this:
> 
> netroot=fake:xxx.yyy.zzz.www:/mnt root=live:blablabla

This can be used not only with nfs I think...
nfs is just one use case which I needed for my project.

And information after fake: should be some-how handled in dracut, but I
currently do not see any use-cases for that. Do you see them? iSCSI? Is
it really needed so early if it is not for root?

And, I'd not mount not-root nfs from within dracut, we need to know
mount point on a real system for that. Additionally, I've already had
much fun with nfs4 and root user access to files. This requires
rpcidmapd, and it has too many dependencies (and properly configured
resolver).

I'd keep it generic, thus making it possible to start network-enabled
node solely from PXE. It is much easier to exploit generic solutions
(IMHO) for own needs.

> 
> and find another name for "fake".. maybe "container"?
Hmmm....
The main idea was to have networking configured without real networked root.
Current dracut policy is to skip networking if no networked root is
configured. That's why I called it 'fake' - I'm cheating with this policy.
I agree that 'fake' is not a best name.
Container... then there should be some contents, but I do not see it...

netroot=force?
networking=force?
Later would require additional efforts, but sounds quite nice for me.

> 
> netroot=container:nfs:xxx.yyy.zzz.www:/mnt root=live:blablabla
> 
> Which reminds me, that we should probably have the possibility to
> concatenate several stages.
> 
> root=nfs:xxx.yyy.zzz.www:/mnt|loop:test.img|live:blablabla

This is quite interesting. But this is from another story.

> 
> comments?

Re: [PATCH] add fake root support

[Jon Ander Hernandez]

2010/11/10 Harald Hoyer <harald-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>:
> On 11/01/2010 03:16 PM, Vladislav Bogdanov wrote:
>>
>> 19.10.2010 17:49, Vladislav Bogdanov wrote:
>>>
>>> Attached is a patch for "fake" root functionality,
>>> I'm (mostly) duplicating issue's description from my previous e-mail
>>> (for commit message if this is to be pushed):
>>>
>>
>> Sorry for being annoying, but... Any comments?
>>
>> Best,
>> Vladislav
>>
>
> I like it, but I don't like the parameters...
>
> Maybe we can express it like this:
>
> netroot=fake:xxx.yyy.zzz.www:/mnt root=live:blablabla
>
> and find another name for "fake".. maybe "container"?
>
> netroot=container:nfs:xxx.yyy.zzz.www:/mnt root=live:blablabla
>
> Which reminds me, that we should probably have the possibility to
> concatenate several stages.
>
> root=nfs:xxx.yyy.zzz.www:/mnt|loop:test.img|live:blablabla
>
> comments?

I like this idea, it would be really useful.

But wouldn't this require some kind of union mount? I ask this because
I have read Vladislav's patch, but I've been able to figure out how it
sets/links the writable overlay. I'm missing something?

And if that is the case, I suppose that dracut will have to support
different kind of union mount (unionfs, aufs, ...) till Valerie's
Union Mount gets pushed into the kernel. Or could something be
archived only using COW?

Regards,

Jon Ander.

Re: [PATCH] add fake root support

[Vladislav Bogdanov]

10.11.2010 18:09, Jon Ander Hernandez wrote:
...
>> Which reminds me, that we should probably have the possibility to
>> concatenate several stages.
>>
>> root=nfs:xxx.yyy.zzz.www:/mnt|loop:test.img|live:blablabla
>>
>> comments?
> 
> I like this idea, it would be really useful.
> 
> But wouldn't this require some kind of union mount? I ask this because
> I have read Vladislav's patch, but I've been able to figure out how it
> sets/links the writable overlay. I'm missing something?

BTW I have a patch which skips writable overlay in liveimg completely if
'readonlyroot' is set in cmdline.

Will send it later when I port it to a git.

> 
> And if that is the case, I suppose that dracut will have to support
> different kind of union mount (unionfs, aufs, ...) till Valerie's
> Union Mount gets pushed into the kernel. Or could something be
> archived only using COW?
> 
> Regards,
> 
> Jon Ander.
> --
> To unsubscribe from this list: send the line "unsubscribe initramfs" in
> the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html