From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 03 Sep 2024 20:06:01 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-io1-f57.google.com (mail-io1-f57.google.com [209.85.166.57]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 483I60tB031164 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 3 Sep 2024 20:06:00 +0200 Received: by mail-io1-f57.google.com with SMTP id ca18e2360f4ac-82a5e277079sf168117639f.1 for ; Tue, 03 Sep 2024 11:06:00 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1725386754; cv=pass; d=google.com; s=arc-20240605; b=iBp4ZhHgUK0ZMaylfcVpuRrDPkJFGvBsY/nzlLW5O6JZE8i+C0T07zy+OqAnqSGenu KbKsGdE9PEgxC5MfC9OYJevfr62Z7bJyo/XHnKbqU98dT+fopfRQd1VoC8efFiTAJQlD O3B/4KtJh2RaAO+wNSKct/uuBuFgVfRAXMjYwXTitA3ruu2qUtwrdN5LxkPnscN90gnz 7CEI9Seqx5fAtBidwNPuVM7Xn9nP/rRQWcizOGhZVPhaWbxblVEEAMHkeSfMmIA9IyDs z2U/9tbsxdo+2LX5Yt7GBTrS1egoxG2Hz3twdG/zhq5+OF74VEMxIhLRIdvRSbKle9XD clGg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :content-transfer-encoding:references:in-reply-to:date:cc:to:from :subject:message-id:dkim-signature; bh=kFlXoPKL7YbMJgjP71F3bjY1k2LsF+dZrvVW6PLl7Ow=; fh=324+R/eK2xR0C7ThONnY5R0W5RH0BN58LESrPxXp/LU=; b=PAwRSwJBhMfM41Ga3HwFNFi0mubQg7Bg5wMI5HjOCaBpHGyi33DPVTxBDazy8hTj+q Gzox3blSoD3RFEczt14vwQzNCHhs4gkbbG3C6xI5noo0/tzqcWA3H3IszL2qasl9pXFn HwEzv6ijZv90Kl2vytYuyCFUb8uoqyZpZb/vfIJThtFQMgr4PvAYlI3+P/wwo9UKAWJD YpZo21eDHP9deMTq1LnsMQdcybT3eeYZNfPDEPvVlTgIixnKfF2uJP9p/ZbbthvvKL0R esHNC/UQYIJ7cPCHttKF2d/IzTsjXr5MnXFVTPwUjs9kBDHt/jkRzY/BRkfIU8/nxFmX 9zuQ==; darn=ilbers.de ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=gYmfZVXG; spf=pass (google.com: domain of fm-68982-202409031805518c2b65069797e43461-vrahvx@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) smtp.mailfrom=fm-68982-202409031805518c2b65069797e43461-vrahvx@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1725386754; x=1725991554; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:content-transfer-encoding:references:in-reply-to:date :cc:to:from:subject:message-id:from:to:cc:subject:date:message-id :reply-to; bh=kFlXoPKL7YbMJgjP71F3bjY1k2LsF+dZrvVW6PLl7Ow=; b=TZbBReA+0fy6xqH2YCzjQE4kZq3GKQlgzQD7rTFG7LI1eLlftMiPx7AThTyAW7rMch m57DoSU6/HsNIXv3yR7a/Xj/lLzu5TNSe0m+i8cbZvEvgQd4dtu+9IYJr6f2Ha4kuNDY JaRj2vgp1nB9rZF29/xjHEECvVKYCd2Vi8davD+g8d+LKhPw+LYNQzx7ayka/WD65Yvx LID05uzbdTHlzH+xu6hyc6RkXohslS6r0M63fB2LBK8izZLHoKdIHtbFbiqNqsljSkql urGZt40/ZSxQkLIZFrWbWyHuwR+joX2zprRjjuCJvlx0ZZMyrsd783R0J9DdHcNUliAL LAKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725386754; x=1725991554; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:content-transfer-encoding:references:in-reply-to:date :cc:to:from:subject:message-id:x-beenthere:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=kFlXoPKL7YbMJgjP71F3bjY1k2LsF+dZrvVW6PLl7Ow=; b=fAQA8TIR45qM7MBKgY9/KrY67AZCP4ZUvuOhuBxpMEIgkozVWyqTA2zE8TjkqqkqS6 jXH1rPoP4WDpw+QdT0d9vRR4QZuj9eiyBjVEV6YHKbGqAPd/XfY6qPPA1LtnsG9dYVAa 7uNR/0vJl1ebGiGFoAjpHMVy8E6Ksef2kBhjxTI/5KFa2vWzji54P/iwNwzjR3KM0ODX y948LoIlDRN7G1t5pjKJiE7jVhRRg99IwY5q5psLzPjG+JUYX6Kv3BdgpIX3/3Vnn2DY eGBUa0QQR7IAso3mURCZdbU7+qrl3GSUZdYF1AkgNwpDsFO0qFD2/OxerJParYMon+m0 ENFA== X-Forwarded-Encrypted: i=2; AJvYcCUJVeQ5oKonR/ujamdfk3SMH4Sq2KlGn4wGuMWhDXlvFgn5+YMLOM3bD4y8nlQwzx3AJBou@ilbers.de X-Gm-Message-State: AOJu0YwW3nsXXZUtBAlY7zjABpzD0JNg4fE4Moz/3UaIH4xaPpCIqlCR /gxfhfuufgQmXiEtbgasnLFLYKsWf5CzAlT3f17xqvM8sJr7zB6/ X-Google-Smtp-Source: AGHT+IHFSMvwc/qU48alVATleQdIBKf1n8OfX/xJxRK5dJUwBp7OULDUAXYxbmX5IZwhf0CVJ12ObA== X-Received: by 2002:a05:6e02:1d9b:b0:39d:4995:b2a3 with SMTP id e9e14a558f8ab-39f37994f41mr201979975ab.24.1725386754183; Tue, 03 Sep 2024 11:05:54 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:6e02:1547:b0:39d:28a3:8030 with SMTP id e9e14a558f8ab-39f377940afls39461615ab.0.-pod-prod-09-us; Tue, 03 Sep 2024 11:05:53 -0700 (PDT) X-Received: by 2002:a05:6602:2c0f:b0:824:e864:569 with SMTP id ca18e2360f4ac-82a1107a833mr2510951439f.11.1725386753341; Tue, 03 Sep 2024 11:05:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1725386753; cv=none; d=google.com; s=arc-20240605; b=HZ+MnAg27hI0QsNU4CcaecRvemWt9C//SDZysahl+Sw57HOyMSnmB38XWDjaEs1MxU PK1dd2i4ykcgh4mllw3SQa6k3gYQDunyFcJ1O00cagZjQKrLt/wE1slJeN5zKMw+CnxJ TIVL+ky16XKYZ+2PNjRRupgNBFLkpnJb9csbIkBCCS7+7m7FS4CxdEFwUGWnkBmtUNXs Ku04ji8cggTkS74zGCmiqppm6X9FqeBk3plsfgQFvmRvY0+yhqVSezJXJmf050JCvkX3 GAFHOgB8imgkkKF66IoDPB0vDXSF7gci2/Ayw0rZkK4oN4pSrnZwP+z7clmT7PetIhRE Cnow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:mime-version:content-transfer-encoding:references :in-reply-to:date:cc:to:from:subject:message-id:dkim-signature; bh=1sfkW1LydZFbI6rlisHxnmhpCbhBF4Wjieci3GGMYqM=; fh=AEml7cks56mGZCERNzSlKXY3/Vs5lDyuoQvrD3IrSlo=; b=h9PPdAEiyVJfii5iiYG+vQWFqiyRmxg0lAliysAuwG+WzEx43GEwJH2w5GxcTvV2o+ Ov6TI9b+G2Tu9WjoBztv3HY4fshe35MYQi8p+yCb5zRav/6FQOmmsBKSMLyQ018o86Y3 KJwg7QIGnK2bPOEeWvjjhYydU9houj+g1xiyupmSX9wBJhKDXlknzZsbEG61aqSfXZwq A94xE7dVP0IsnzBZaMONUaioT9HDje03rodLIG7HNwT//Xl83ppPUjkNW8wYWFhwv8Tf c68PnY89qUOb+BqcL5xvVB7kivzbTO01XK6rBJaky0J/u+uU55EhK5tek89jouBCpNaR PvDA==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=gYmfZVXG; spf=pass (google.com: domain of fm-68982-202409031805518c2b65069797e43461-vrahvx@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) smtp.mailfrom=fm-68982-202409031805518c2b65069797e43461-vrahvx@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-64-226.siemens.flowmailer.net (mta-64-226.siemens.flowmailer.net. [185.136.64.226]) by gmr-mx.google.com with ESMTPS id 8926c6da1cb9f-4ced2dcbefdsi400590173.1.2024.09.03.11.05.53 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 03 Sep 2024 11:05:53 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-68982-202409031805518c2b65069797e43461-vrahvx@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) client-ip=185.136.64.226; Received: by mta-64-226.siemens.flowmailer.net with ESMTPSA id 202409031805518c2b65069797e43461 for ; Tue, 03 Sep 2024 20:05:51 +0200 Message-ID: <9a103f6ae148f7183bea97c3493ee86e30da6b71.camel@siemens.com> Subject: Re: [PATCH v3] expand-on-first-boot: Ensure that /tmp is writable From: "'Florian Bezdeka' via isar-users" To: Jan Kiszka , "MOESSBAUER, Felix" , "ubely@ilbers.de" , "Kowalsky, Clara" Cc: "isar-users@googlegroups.com" Date: Tue, 03 Sep 2024 20:05:49 +0200 In-Reply-To: References: <20240725141729.1344298-1-clara.kowalsky@siemens.com> <14ba448c2f93d3aa98cf6326541d62c524c21831.camel@siemens.com> <28a07330fe14dadcf82f32290671ea922ab7150e.camel@ilbers.de> <5d23fe9e9adda350f5596f00d7b8bd1eb3c67ed6.camel@ilbers.de> <7009e44f4fb7730435f5f0d726f11448a94407d2.camel@siemens.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-68982:519-21489:flowmailer X-Original-Sender: florian.bezdeka@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=gYmfZVXG; spf=pass (google.com: domain of fm-68982-202409031805518c2b65069797e43461-vrahvx@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) smtp.mailfrom=fm-68982-202409031805518c2b65069797e43461-vrahvx@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Florian Bezdeka Reply-To: Florian Bezdeka Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: ZocXAB0FzQSw On Tue, 2024-09-03 at 11:05 +0200, Jan Kiszka wrote: > On 03.09.24 09:20, 'MOESSBAUER, Felix' via isar-users wrote: > > On Thu, 2024-08-15 at 07:07 +0300, Uladzimir Bely wrote: > > > On Tue, 2024-08-13 at 13:32 +0300, Uladzimir Bely wrote: > > > > On Tue, 2024-08-13 at 09:24 +0000, MOESSBAUER, Felix wrote: > > > > > On Tue, 2024-08-13 at 12:17 +0300, Uladzimir Bely wrote: > > > > > > On Thu, 2024-07-25 at 16:17 +0200, 'Clara Kowalsky' via isar- > > > > > > users > > > > > > wrote: > > > > > > > By setting PrivateTmp, a new file system namespace is created > > > > > > > for > > > > > > > this > > > > > > > service and private /tmp//tmp and > > > > > > > /var/tmp//tmp > > > > > > > subdirectories are mounted, which are only used for processes > > > > > > > of > > > > > > > this > > > > > > > namespace. The service unit receives a mount unit dependency > > > > > > > for > > > > > > > all > > > > > > > mounts required to access /tmp and /var/tmp. > > > > > > > This ensures that the /tmp directory is writable for the > > > > > > > service, > > > > > > > as > > > > > > > mktemp is used in expand-last-partition.sh and creates a > > > > > > > temporary > > > > > > > file. > > > > > > >=20 > > > > > > > Signed-off-by: Clara Kowalsky > > > > > > > --- > > > > > > > =C2=A0.../expand-on-first-boot/files/expand-on-first- > > > > > > > boot.service=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 > > > > > > > >=20 > > > > > > > 1 > > > > > > > + > > > > > > > =C2=A01 file changed, 1 insertion(+) > > > > > > >=20 > > > > > > > diff --git a/meta/recipes-support/expand-on-first- > > > > > > > boot/files/expand- > > > > > > > on-first-boot.service b/meta/recipes-support/expand-on-first- > > > > > > > boot/files/expand-on-first-boot.service > > > > > > > index 90c92a39..8e76998b 100644 > > > > > > > --- a/meta/recipes-support/expand-on-first-boot/files/expand- > > > > > > > on- > > > > > > > first-boot.service > > > > > > > +++ b/meta/recipes-support/expand-on-first-boot/files/expand- > > > > > > > on- > > > > > > > first-boot.service > > > > > > > @@ -16,6 +16,7 @@ Type=3Doneshot > > > > > > > =C2=A0ExecStart=3D/usr/share/expand-on-first-boot/expand-last= - > > > > > > > partition.sh > > > > > > > =C2=A0ExecStartPost=3D-/bin/systemctl disable expand-on-first= - > > > > > > > boot.service > > > > > > > =C2=A0ExecStopPost=3D-/bin/systemctl disable expand-on-first- > > > > > > > boot.service > > > > > > > +PrivateTmp=3Dtrue > > > > > > > =C2=A0 > > > > > > > =C2=A0[Install] > > > > > > > =C2=A0WantedBy=3Dsysinit.target > > > > > > > --=20 > > > > > > > 2.45.2 > > > > > > >=20 > > > > > >=20 > > > > > > Hello all. > > > > > >=20 > > > > > > After few days having this patch merged we at least twice faced > > > > > > the > > > > > > issue in CI with running qemuamd64 machine, probably related to > > > > > > the > > > > > > applied patch. > > > > > >=20 > > > > > > Error message is "ERROR| No resize output while expected". > > > > > > E.g., > > > > > > there > > > > > > is no btrfs resize output in VM boot log. > > > > > >=20 > > > > > > The reason of non-running expand-on-first-boot serivce is: > > > > > >=20 > > > > > > ``` > > > > > > [=C2=A0=C2=A0=C2=A0 5.578636] systemd[1]: local-fs-pre.target: = Job expand-on- > > > > > > first- > > > > > > boot.service/start deleted to break ordering cycle starting > > > > > > with > > > > > > local- > > > > > > fs-pre.target/start > > > > > > ``` > > > > >=20 > > > > > Interesting, I observed this same issue as well, but thought it > > > > > comes > > > > > from a downstream part. You're right, this cannot work: > > > > >=20 > > > > > Citing systemd.exec: > > > > >=20 > > > > > Similarly, units with PrivateTmp=3D enabled automatically get mou= nt > > > > > unit > > > > > dependencies for all mounts required to access /tmp/ and > > > > > /var/tmp/. > > > > > They will also gain an automatic After=3D dependency on systemd- > > > > > tmpfiles- > > > > > setup.service(8).=20 > > > > >=20 > > > > > If /var is the partition to be resized, this will break. > > > > >=20 > > > > > Felix > > > > >=20 > > > >=20 > > > > The dependency conflict seems to be here: > > > >=20 > > > > - expand-on-first-boot.service > > > > Before=3Dlocal-fs-pre.target > > > > PrivateTmp=3Dtrue # This means implicit "After=3Dsystemd-tmpfiles- > > > > setup.service" dependency0, according to=20 > > > > https://www.freedesktop.org/software/systemd/man/latest/systemd.exe= c.html > > > >=20 > > > > - systemd-tmpfiles-setup.service=20 > > > > After=3Dlocal-fs.target > > > >=20 > > > > - local-fs.target > > > > After=3Dlocal-fs-pre.target > > > >=20 > > > >=20 > > >=20 > > > Finally, does this all mean we need to revert this v3 patch and get > > > back to "[PATCH v2] expand-on-first-boot: Add /tmp to > > > ConditionPathIsReadWrite" variant? > >=20 > > The conditions are evaluated right before the service starts. By that, > > we might have non-deterministic behavior, depending on which service > > mounts /tmp (if at all) and when it is started relative to the expand- > > on-first-boot. > >=20 > > I'm wondering if we should better create our own tmpfs in combination > > with TMPDIR, just for that service (and drop it after execution). For > > obvious reasons, the expanding needs to happen VERY early, but at that > > point in time not much can be assumed about the rootfs. > >=20 > > CC'ing Florian. >=20 > In many cases, expansion can ran also after the system is fully booted > and operational - unless it is then already complaining about too little > disk space ;) Not sure if I can help here. expand-on-first-boot tends to explode every time we touch it. It seems that we don't have tests for most of the use cases (like encrypted disks, ...) which makes it hard to prove the correctness. Couple of things I noticed while scanning / looking at the code: - Why do we require /etc to be writable? We only read /etc/fstab right? - I think all relevant file systems support growing the file system while being active / online / mounted. Maybe we don't have to run=C2=A0 so early? Might help to reduce rootfs requirements. - Do we still need expand-on-first-boot as it is right now? Seems systemd provides x-systemd.growfs flags in /etc/fstab. Which=C2=A0use cases are not supported by that systemd feature? Could we migrate? - According to the patch description we need /tmp (or any tmpfs)=20 so that mktemp is working.=C2=A0 We use the generated tmp directory as mount point only. We never=C2=A0 add / write any files to it. Can't we just create any "random"=C2=A0 (in terms of hardcoded...) directory for that to get rid of the systemd dependency? Best regards, Florian >=20 > Jan >=20 > --=20 > Siemens AG, Technology > Linux Expert Center --=20 You received this message because you are subscribed to the Google Groups "= isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to isar-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/= isar-users/9a103f6ae148f7183bea97c3493ee86e30da6b71.camel%40siemens.com.