matthew/sonic-buildimage
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
760ac6ca74
sonic-buildimage/files/initramfs-tools/union-mount.j2

247 lines
8.4 KiB
Plaintext
Raw Normal View History

New release v1.0.0
2016-03-08 13:42:20 -06:00
#!/bin/sh -e
[baseimage]: allocate varlog disk in the initramfs stage (#936) moving to initramfs unifies disk allocate on different platforms. use fallocate instead of dd to speed up the disk allocation. By default, mkfs.ext4 has -E discard option which discards the blocks at the mkfs time, also speed up the initialization time.
2017-09-06 22:07:32 -05:00
PREREQS="varlog"
prereqs() { echo "$PREREQS"; }
New release v1.0.0
2016-03-08 13:42:20 -06:00
case $1 in
prereqs)
[baseimage]: allocate varlog disk in the initramfs stage (#936) moving to initramfs unifies disk allocate on different platforms. use fallocate instead of dd to speed up the disk allocation. By default, mkfs.ext4 has -E discard option which discards the blocks at the mkfs time, also speed up the initialization time.
2017-09-06 22:07:32 -05:00
prereqs
New release v1.0.0
2016-03-08 13:42:20 -06:00
exit 0
;;
esac
Squash merge latest code to github branch
2016-07-26 14:01:58 -05:00
[secureboot] Add secureboot support for Arista devices (#4741) * Add secureboot support in boot0 * Initramfs changes for secureboot on Aboot devices * Do not compress squashfs and gz in fs.zip It doesn't make much sense to do so since these files are already compressed. Also not compressing the squashfs has the advantage of making it mountable via a loop device. * Add loopoffset parameter to initramfs-tools
2020-06-22 11:30:31 -05:00
docker_inram=false
[202205] Implement zram compression for docker in RAM (#15137) * [Arista] Fix boot0 code for docker_inram Enable docker_inram for all systems with 4GB or less of flash. This is mandatory to allow these systems to store 2 SONiC images. This change also fixes the missing docker_inram attribute when installing a new image from SONiC. Because the SWI image can ship with additional kernel parameters within such as `sonic_fips=` this lead to a conflict. To prevent the conflict, the extra kernel parameters from the SWI are now stored in the file `kernel-cmdline-append` which isn't used anywhere. * Add optional zram compression for docker_inram Some devices running SONiC have a small storage device (2G and 4G mainly) The SONiC image growth over time has made it impossible to install 2 images on a single device. Some mitigations have been implemented in the past for some devices but there is a need to do more. One such mitigation is `docker_inram` which creates a `tmpfs` and extracts `dockerfs.tar.gz` in it. This all happens in the SONiC initramfs and by ensuring the installation process does not extract `dockerfs.tar.gz` on the flash but keep the file as is. This mitigation does a tradeoff by using more RAM to reduce the disk footprint. It however creates new issues for devices with 4G of system memory since the extracted `dockerfs.tar.gz` nears the 1.6G. Considering debian upgrades (with dual base images) and the continuous stream of features this is only going to get bigger. This change introduces an alternative to the `tmpfs` by allowing a system to extract the `dockerfs.tar.gz` inside a `zram` device thus bringing compression in play at the detriment of performance. Introduce 2 new optional kernel parameters to be consumed by SONiC initramfs. - `docker_inram_size` which represent the max physical size of the `zram` or `tmpfs` volume (defaults to DOCKER_RAMFS_SIZE) - `docker_inram_algo` which is the method to use to extract the `dockerfs.tar.gz` (defaults to `tmpfs`) other values are considered to be compression algorithm for `zram` (e.g `zstd`, `zlo-rle`, `lz4`) Refactored the logic to mount the docker fs in the SONiC initramfs under the `union-mount` script. Moved the code into a function to make it cleaner and separated the inram volume creation and docker extraction. On Arista platform with a flash smaller or equal to 4GB set `docker_inram_algo` to `zstd` which produces the best compression ratio at the detriment of a slower write performance and a similar read performance to other `zram` compression algorithms.
2023-06-02 10:36:18 -05:00
docker_inram_algo=tmpfs
docker_inram_size={{ DOCKER_RAMFS_SIZE }}
[secureboot] Add secureboot support for Arista devices (#4741) * Add secureboot support in boot0 * Initramfs changes for secureboot on Aboot devices * Do not compress squashfs and gz in fs.zip It doesn't make much sense to do so since these files are already compressed. Also not compressing the squashfs has the advantage of making it mountable via a loop device. * Add loopoffset parameter to initramfs-tools
2020-06-22 11:30:31 -05:00
logs_inram=false
secureboot=false
bootloader=generic
[kdump] Fix OOM events in crashkernel (#6447) A few issues where discovered with crashkernel on Arista platforms. 1) platforms using `docker_inram=on` would end up OOM in kdump environment. This happens because the same initramfs is used by SONiC and the crashkernel. With `docker_inram=on` the `dockerfs.tar.gz` is extracted in a `tmpfs` created for the occasion. Since `dockerfs.tar.gz` weights more than 1.5G, it doesn't fit into the kdump environment and ends up OOM. This OOM event can in turn trigger a panic. 2) Arista platforms with `secureboot` enabled would fail to load the crashkernel because the kernel parameter would be discarded on boot. This happens because the `boot0` in secureboot mode is strict about kernel parameter injection. 3) The secureboot path allowlist would remove kernel crash reports. 4) The kdump service would fail on Arista products since `/boot/` is empty in `secureboot` **- How I did it** 1) To prevent an OOM event in the crashkernel the fix is to avoid the codepaths in `union-mount` that create tmpfs and populate them. Some more codepath specific to Arista devices are also skipped to make the kdump process faster. This relies on detecting that the initramfs is starting in a kdump environment and skipping some initialization. The `/usr/sbin/kdump-config` tool appends a few kernel cmdline arguments when loading the crashkernel. The most unique one is `systemd.unit=kdump-tools.service` which is used in a few initramfs hooks to set `in_kdump`. 2) To allow `kdump` to work in `secureboot` environment the cmdline generation in boot0 was slightly modified. The codepath to load kernel parameters changed by SONiC is now running for booting in secure mode. It was altered to prevent an append only behavior which would grow the `kernel-cmdline` at every reboot. This ever growing behavior would lead `kexec` to fail to load the kernel due to a too long cmdline. 3) To get the kernel crash under /var/crash this path has to be added to `allowlist_paths` 4) The `/host/image-XXX/boot` folder is now populated in `secureboot` mode but not used. **- How to verify it** Regular boot: - enable kdump - enable docker_inram=on via kernel-params - reboot - generate a crash `echo c > /proc/sysrq-trigger` - before: witness OOM events on the console - after: crash kernel works and crash available under /var/crash Secure boot: - enable kdump - reboot - generate a crash `echo c > /proc/sysrq-trigger` - before: witness no kdump - after: crash kernel works and crash available under /var/crash Co-authored-by: Boyang Yu <byu@arista.com>
2021-02-02 03:55:09 -06:00
in_kdump=false
[aboot] use ram partition for /var/log for devices with 3.7G disks (#8400) Master/202012 image size grew quite a bit. 3.7G harddrive can no longer hold one image and safely upgrade to another image. Every bit of harddrive space is precious to save now. Also sh syntax seemingly changed, [ condition ] && action was a legit syntax in 201911 branch but it is an error when condition not met with 202012 or later images. Change the syntax to if statement to avoid the issue. Signed-off-by: Ying Xie ying.xie@microsoft.com
2021-08-13 11:01:34 -05:00
varlog_size=0
[secureboot] Add secureboot support for Arista devices (#4741) * Add secureboot support in boot0 * Initramfs changes for secureboot on Aboot devices * Do not compress squashfs and gz in fs.zip It doesn't make much sense to do so since these files are already compressed. Also not compressing the squashfs has the advantage of making it mountable via a loop device. * Add loopoffset parameter to initramfs-tools
2020-06-22 11:30:31 -05:00
# Extract kernel parameters
for x in $(cat /proc/cmdline); do
case "$x" in
Aboot=*)
bootloader=aboot
;;
docker_inram=on)
docker_inram=true
;;
[202205] Implement zram compression for docker in RAM (#15137) * [Arista] Fix boot0 code for docker_inram Enable docker_inram for all systems with 4GB or less of flash. This is mandatory to allow these systems to store 2 SONiC images. This change also fixes the missing docker_inram attribute when installing a new image from SONiC. Because the SWI image can ship with additional kernel parameters within such as `sonic_fips=` this lead to a conflict. To prevent the conflict, the extra kernel parameters from the SWI are now stored in the file `kernel-cmdline-append` which isn't used anywhere. * Add optional zram compression for docker_inram Some devices running SONiC have a small storage device (2G and 4G mainly) The SONiC image growth over time has made it impossible to install 2 images on a single device. Some mitigations have been implemented in the past for some devices but there is a need to do more. One such mitigation is `docker_inram` which creates a `tmpfs` and extracts `dockerfs.tar.gz` in it. This all happens in the SONiC initramfs and by ensuring the installation process does not extract `dockerfs.tar.gz` on the flash but keep the file as is. This mitigation does a tradeoff by using more RAM to reduce the disk footprint. It however creates new issues for devices with 4G of system memory since the extracted `dockerfs.tar.gz` nears the 1.6G. Considering debian upgrades (with dual base images) and the continuous stream of features this is only going to get bigger. This change introduces an alternative to the `tmpfs` by allowing a system to extract the `dockerfs.tar.gz` inside a `zram` device thus bringing compression in play at the detriment of performance. Introduce 2 new optional kernel parameters to be consumed by SONiC initramfs. - `docker_inram_size` which represent the max physical size of the `zram` or `tmpfs` volume (defaults to DOCKER_RAMFS_SIZE) - `docker_inram_algo` which is the method to use to extract the `dockerfs.tar.gz` (defaults to `tmpfs`) other values are considered to be compression algorithm for `zram` (e.g `zstd`, `zlo-rle`, `lz4`) Refactored the logic to mount the docker fs in the SONiC initramfs under the `union-mount` script. Moved the code into a function to make it cleaner and separated the inram volume creation and docker extraction. On Arista platform with a flash smaller or equal to 4GB set `docker_inram_algo` to `zstd` which produces the best compression ratio at the detriment of a slower write performance and a similar read performance to other `zram` compression algorithms.
2023-06-02 10:36:18 -05:00
docker_inram_algo=*)
docker_inram_algo="${x#docker_inram_algo=}"
;;
docker_inram_size=*)
docker_inram_size="${x#docker_inram_size=}"
;;
[secureboot] Add secureboot support for Arista devices (#4741) * Add secureboot support in boot0 * Initramfs changes for secureboot on Aboot devices * Do not compress squashfs and gz in fs.zip It doesn't make much sense to do so since these files are already compressed. Also not compressing the squashfs has the advantage of making it mountable via a loop device. * Add loopoffset parameter to initramfs-tools
2020-06-22 11:30:31 -05:00
logs_inram=on)
logs_inram=true
;;
[aboot] use ram partition for /var/log for devices with 3.7G disks (#8400) Master/202012 image size grew quite a bit. 3.7G harddrive can no longer hold one image and safely upgrade to another image. Every bit of harddrive space is precious to save now. Also sh syntax seemingly changed, [ condition ] && action was a legit syntax in 201911 branch but it is an error when condition not met with 202012 or later images. Change the syntax to if statement to avoid the issue. Signed-off-by: Ying Xie ying.xie@microsoft.com
2021-08-13 11:01:34 -05:00
varlog_size=*)
varlog_size="${x#varlog_size=}"
;;
[secureboot] Add secureboot support for Arista devices (#4741) * Add secureboot support in boot0 * Initramfs changes for secureboot on Aboot devices * Do not compress squashfs and gz in fs.zip It doesn't make much sense to do so since these files are already compressed. Also not compressing the squashfs has the advantage of making it mountable via a loop device. * Add loopoffset parameter to initramfs-tools
2020-06-22 11:30:31 -05:00
secure_boot_enable=[y1])
secureboot=true
docker_inram=true
;;
platform=*)
platform_flag="${x#platform=}"
;;
[kdump] Fix OOM events in crashkernel (#6447) A few issues where discovered with crashkernel on Arista platforms. 1) platforms using `docker_inram=on` would end up OOM in kdump environment. This happens because the same initramfs is used by SONiC and the crashkernel. With `docker_inram=on` the `dockerfs.tar.gz` is extracted in a `tmpfs` created for the occasion. Since `dockerfs.tar.gz` weights more than 1.5G, it doesn't fit into the kdump environment and ends up OOM. This OOM event can in turn trigger a panic. 2) Arista platforms with `secureboot` enabled would fail to load the crashkernel because the kernel parameter would be discarded on boot. This happens because the `boot0` in secureboot mode is strict about kernel parameter injection. 3) The secureboot path allowlist would remove kernel crash reports. 4) The kdump service would fail on Arista products since `/boot/` is empty in `secureboot` **- How I did it** 1) To prevent an OOM event in the crashkernel the fix is to avoid the codepaths in `union-mount` that create tmpfs and populate them. Some more codepath specific to Arista devices are also skipped to make the kdump process faster. This relies on detecting that the initramfs is starting in a kdump environment and skipping some initialization. The `/usr/sbin/kdump-config` tool appends a few kernel cmdline arguments when loading the crashkernel. The most unique one is `systemd.unit=kdump-tools.service` which is used in a few initramfs hooks to set `in_kdump`. 2) To allow `kdump` to work in `secureboot` environment the cmdline generation in boot0 was slightly modified. The codepath to load kernel parameters changed by SONiC is now running for booting in secure mode. It was altered to prevent an append only behavior which would grow the `kernel-cmdline` at every reboot. This ever growing behavior would lead `kexec` to fail to load the kernel due to a too long cmdline. 3) To get the kernel crash under /var/crash this path has to be added to `allowlist_paths` 4) The `/host/image-XXX/boot` folder is now populated in `secureboot` mode but not used. **- How to verify it** Regular boot: - enable kdump - enable docker_inram=on via kernel-params - reboot - generate a crash `echo c > /proc/sysrq-trigger` - before: witness OOM events on the console - after: crash kernel works and crash available under /var/crash Secure boot: - enable kdump - reboot - generate a crash `echo c > /proc/sysrq-trigger` - before: witness no kdump - after: crash kernel works and crash available under /var/crash Co-authored-by: Boyang Yu <byu@arista.com>
2021-02-02 03:55:09 -06:00
systemd.unit=kdump-tools.service)
in_kdump=true
;;
[secureboot] Add secureboot support for Arista devices (#4741) * Add secureboot support in boot0 * Initramfs changes for secureboot on Aboot devices * Do not compress squashfs and gz in fs.zip It doesn't make much sense to do so since these files are already compressed. Also not compressing the squashfs has the advantage of making it mountable via a loop device. * Add loopoffset parameter to initramfs-tools
2020-06-22 11:30:31 -05:00
esac
done
[tmpfs var/log] mount /var/log as tmpfs for some platforms (#2780) SONiC is a heavy writer to /var/log partition, we noticed that this behavior causes certain flash drive to become read-only over time. To avoid this issue, we mount /var/log parition on these devices as tmpfs. - Mount /var/log as tmpfs - /var/log default size is 128M - Adjust size according to existing var-log.ext4 file size. - Adjust size to between 5% to 10% of total memory size. Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-04-15 00:46:26 -05:00
set_tmpfs_log_partition_size()
{
[aboot] use ram partition for /var/log for devices with 3.7G disks (#8400) Master/202012 image size grew quite a bit. 3.7G harddrive can no longer hold one image and safely upgrade to another image. Every bit of harddrive space is precious to save now. Also sh syntax seemingly changed, [ condition ] && action was a legit syntax in 201911 branch but it is an error when condition not met with 202012 or later images. Change the syntax to if statement to avoid the issue. Signed-off-by: Ying Xie ying.xie@microsoft.com
2021-08-13 11:01:34 -05:00
if [ $varlog_size -gt 0 ]; then
# Use the varlog_size passed in from command line
varlogsize=$varlog_size
else
varlogsize=128
# set varlogsize to existing var-log.ext4 size
if [ -f ${rootmnt}/host/disk-img/var-log.ext4 ]; then
varlogsize=$(ls -l ${rootmnt}/host/disk-img/var-log.ext4 | awk '{print $5}')
varlogsize=$(($varlogsize/1024/1024))
fi
fi
# make sure varlogsize is between 5% to 10% of total memory size
memkb=$(grep MemTotal /proc/meminfo | awk '{print $2}')
memmb=$(($memkb/1024))
minsize=$(($memmb*5/100))
maxsize=$(($memmb*10/100))
if [ $minsize -ge $varlogsize ]; then
varlogsize=$minsize
fi
if [ $maxsize -le $varlogsize ]; then
varlogsize=$maxsize
fi
[tmpfs var/log] mount /var/log as tmpfs for some platforms (#2780) SONiC is a heavy writer to /var/log partition, we noticed that this behavior causes certain flash drive to become read-only over time. To avoid this issue, we mount /var/log parition on these devices as tmpfs. - Mount /var/log as tmpfs - /var/log default size is 128M - Adjust size according to existing var-log.ext4 file size. - Adjust size to between 5% to 10% of total memory size. Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-04-15 00:46:26 -05:00
}
[secure boot] Support rw files allowlist (#4585) * Support rw files allowlist for Sonic Secure Boot * Improve the performance * fix bug * Move the config description into a md file * Change to use a simple way to remove the blank line * Support chmod a-x in rw folder * Change function name * Change some unnecessary words
2020-06-13 02:10:13 -05:00
remove_not_in_allowlist_files()
{
[secureboot] Add secureboot support for Arista devices (#4741) * Add secureboot support in boot0 * Initramfs changes for secureboot on Aboot devices * Do not compress squashfs and gz in fs.zip It doesn't make much sense to do so since these files are already compressed. Also not compressing the squashfs has the advantage of making it mountable via a loop device. * Add loopoffset parameter to initramfs-tools
2020-06-22 11:30:31 -05:00
local allowlist_file="$1"
local targeted_dir="$2"
local allowlist_pattern_file=/tmp/allowlist_paths.pattern
[secure boot] Support rw files allowlist (#4585) * Support rw files allowlist for Sonic Secure Boot * Improve the performance * fix bug * Move the config description into a md file * Change to use a simple way to remove the blank line * Support chmod a-x in rw folder * Change function name * Change some unnecessary words
2020-06-13 02:10:13 -05:00
# Return if the allowlist file does not exist
if ! test -f "${allowlist_file}"; then
echo "The file ${allowlist_file} is missing, failed to mount rw folder." 1>&2
exit 1
fi
# Set the grep pattern file, remove the blank line in config file
[secureboot] Add secureboot support for Arista devices (#4741) * Add secureboot support in boot0 * Initramfs changes for secureboot on Aboot devices * Do not compress squashfs and gz in fs.zip It doesn't make much sense to do so since these files are already compressed. Also not compressing the squashfs has the advantage of making it mountable via a loop device. * Add loopoffset parameter to initramfs-tools
2020-06-22 11:30:31 -05:00
awk -v rw_dir="$targeted_dir" 'NF {print rw_dir"/"$0"$"}' ${allowlist_file} > $allowlist_pattern_file
[secure boot] Support rw files allowlist (#4585) * Support rw files allowlist for Sonic Secure Boot * Improve the performance * fix bug * Move the config description into a md file * Change to use a simple way to remove the blank line * Support chmod a-x in rw folder * Change function name * Change some unnecessary words
2020-06-13 02:10:13 -05:00
# Find the files in the rw folder, and remove the files not in the allowlist
[secureboot] Add secureboot support for Arista devices (#4741) * Add secureboot support in boot0 * Initramfs changes for secureboot on Aboot devices * Do not compress squashfs and gz in fs.zip It doesn't make much sense to do so since these files are already compressed. Also not compressing the squashfs has the advantage of making it mountable via a loop device. * Add loopoffset parameter to initramfs-tools
2020-06-22 11:30:31 -05:00
find ${targeted_dir} -type f | grep -v -f $allowlist_pattern_file | xargs /bin/rm -f
[secure boot] Support rw files allowlist (#4585) * Support rw files allowlist for Sonic Secure Boot * Improve the performance * fix bug * Move the config description into a md file * Change to use a simple way to remove the blank line * Support chmod a-x in rw folder * Change function name * Change some unnecessary words
2020-06-13 02:10:13 -05:00
rm -f $allowlist_pattern_file
}
[202205] Implement zram compression for docker in RAM (#15137) * [Arista] Fix boot0 code for docker_inram Enable docker_inram for all systems with 4GB or less of flash. This is mandatory to allow these systems to store 2 SONiC images. This change also fixes the missing docker_inram attribute when installing a new image from SONiC. Because the SWI image can ship with additional kernel parameters within such as `sonic_fips=` this lead to a conflict. To prevent the conflict, the extra kernel parameters from the SWI are now stored in the file `kernel-cmdline-append` which isn't used anywhere. * Add optional zram compression for docker_inram Some devices running SONiC have a small storage device (2G and 4G mainly) The SONiC image growth over time has made it impossible to install 2 images on a single device. Some mitigations have been implemented in the past for some devices but there is a need to do more. One such mitigation is `docker_inram` which creates a `tmpfs` and extracts `dockerfs.tar.gz` in it. This all happens in the SONiC initramfs and by ensuring the installation process does not extract `dockerfs.tar.gz` on the flash but keep the file as is. This mitigation does a tradeoff by using more RAM to reduce the disk footprint. It however creates new issues for devices with 4G of system memory since the extracted `dockerfs.tar.gz` nears the 1.6G. Considering debian upgrades (with dual base images) and the continuous stream of features this is only going to get bigger. This change introduces an alternative to the `tmpfs` by allowing a system to extract the `dockerfs.tar.gz` inside a `zram` device thus bringing compression in play at the detriment of performance. Introduce 2 new optional kernel parameters to be consumed by SONiC initramfs. - `docker_inram_size` which represent the max physical size of the `zram` or `tmpfs` volume (defaults to DOCKER_RAMFS_SIZE) - `docker_inram_algo` which is the method to use to extract the `dockerfs.tar.gz` (defaults to `tmpfs`) other values are considered to be compression algorithm for `zram` (e.g `zstd`, `zlo-rle`, `lz4`) Refactored the logic to mount the docker fs in the SONiC initramfs under the `union-mount` script. Moved the code into a function to make it cleaner and separated the inram volume creation and docker extraction. On Arista platform with a flash smaller or equal to 4GB set `docker_inram_algo` to `zstd` which produces the best compression ratio at the detriment of a slower write performance and a similar read performance to other `zram` compression algorithms.
2023-06-02 10:36:18 -05:00
mount_docker_inram()
{
if [ "$docker_inram_algo" = "tmpfs" ]; then
echo "Creating tmpfs to extract {{ FILESYSTEM_DOCKERFS }}"
mount -t tmpfs -o "rw,nodev,size=$docker_inram_size" tmpfs "${rootmnt}/var/lib/docker"
else
echo "Creating zram to extract {{ FILESYSTEM_DOCKERFS }}"
modprobe zram num_devices=0
# create new zram device
local zid="$(cat /sys/class/zram-control/hot_add)"
local zname="zram$zid"
# attempt to use desired algorithm
if ! echo $docker_inram_algo > /sys/block/$zname/comp_algorithm 2>/dev/null; then
echo "zram algorithm $docker_inram_algo is not supported"
echo "using default instead: $(cat /sys/block/$zname/comp_algorithm)"
fi
echo $docker_inram_size > /sys/block/$zname/disksize
# create filesystem on the newly created zram block device
mkfs.ext4 -m 0 -L dockerfs -O '^has_journal' -q /dev/$zname
mount -o rw,nodev /dev/$zname "${rootmnt}/var/lib/docker"
fi
}
extract_dockerfs()
{
echo "Extracting {{ FILESYSTEM_DOCKERFS }}"
if [ -f "${rootmnt}/host/$image_dir/{{ FILESYSTEM_DOCKERFS }}" ] && [ "$secureboot" = false ]; then
# Extract dockerfs.tar.gz into /var/lib/docker unless the system booted with secureboot
# In secureboot dockerfs.tar.gz cannot be trusted as it does not have a signature
tar xz --numeric-owner -f ${rootmnt}/host/$image_dir/{{ FILESYSTEM_DOCKERFS }} -C ${rootmnt}/var/lib/docker
elif [ "$bootloader" = "aboot" ] && unzip -l "$swi_path" | grep -q {{ FILESYSTEM_DOCKERFS }}; then
# Aboot swi images also support extracting dockerfs.tar.gz directly from them
unzip -qp "$swi_path" {{ FILESYSTEM_DOCKERFS }} | tar xz --numeric-owner -C ${rootmnt}/var/lib/docker
else
# Warn but allow the system to boot to at least have ssh access
echo "No {{ FILESYSTEM_DOCKERFS }} to extract, SONiC will be broken"
fi
}
mount_docker()
{
if [ "$in_kdump" = true ]; then
# There is no point in mounting the docker filesystem in kdump environment
# Especially when there is some space mitigation in place
return
fi
if [ "$docker_inram" = true ]; then
# Create an in memory filesystem (tmpfs, zram) and extract dockerfs.tar.gz
mount_docker_inram
extract_dockerfs
else
# Mount the working directory of docker engine in the raw partition, bypass the overlay
mount --bind ${rootmnt}/host/$image_dir/{{ DOCKERFS_DIR }} ${rootmnt}/var/lib/docker
fi
}
[baseimage]: build root filesystem via overlay fs instead of aufs
2017-09-02 17:32:31 -05:00
## Mount the overlay file system: rw layer over squashfs
[image]: SONiC-to-SONiC update (#464)
2017-04-21 19:23:36 -05:00
image_dir=$(cat /proc/cmdline | sed -e 's/.*loop=\(\S*\)\/.*/\1/')
[secureboot] Add secureboot support for Arista devices (#4741) * Add secureboot support in boot0 * Initramfs changes for secureboot on Aboot devices * Do not compress squashfs and gz in fs.zip It doesn't make much sense to do so since these files are already compressed. Also not compressing the squashfs has the advantage of making it mountable via a loop device. * Add loopoffset parameter to initramfs-tools
2020-06-22 11:30:31 -05:00
rw_dir=${rootmnt}/host/$image_dir/rw
work_dir=${rootmnt}/host/$image_dir/work
mkdir -p "$rw_dir"
mkdir -p "$work_dir"
[secure boot] Support rw files allowlist (#4585) * Support rw files allowlist for Sonic Secure Boot * Improve the performance * fix bug * Move the config description into a md file * Change to use a simple way to remove the blank line * Support chmod a-x in rw folder * Change function name * Change some unnecessary words
2020-06-13 02:10:13 -05:00
## Remove the files not in allowlist in the rw folder
[kdump] Fix OOM events in crashkernel (#6447) A few issues where discovered with crashkernel on Arista platforms. 1) platforms using `docker_inram=on` would end up OOM in kdump environment. This happens because the same initramfs is used by SONiC and the crashkernel. With `docker_inram=on` the `dockerfs.tar.gz` is extracted in a `tmpfs` created for the occasion. Since `dockerfs.tar.gz` weights more than 1.5G, it doesn't fit into the kdump environment and ends up OOM. This OOM event can in turn trigger a panic. 2) Arista platforms with `secureboot` enabled would fail to load the crashkernel because the kernel parameter would be discarded on boot. This happens because the `boot0` in secureboot mode is strict about kernel parameter injection. 3) The secureboot path allowlist would remove kernel crash reports. 4) The kdump service would fail on Arista products since `/boot/` is empty in `secureboot` **- How I did it** 1) To prevent an OOM event in the crashkernel the fix is to avoid the codepaths in `union-mount` that create tmpfs and populate them. Some more codepath specific to Arista devices are also skipped to make the kdump process faster. This relies on detecting that the initramfs is starting in a kdump environment and skipping some initialization. The `/usr/sbin/kdump-config` tool appends a few kernel cmdline arguments when loading the crashkernel. The most unique one is `systemd.unit=kdump-tools.service` which is used in a few initramfs hooks to set `in_kdump`. 2) To allow `kdump` to work in `secureboot` environment the cmdline generation in boot0 was slightly modified. The codepath to load kernel parameters changed by SONiC is now running for booting in secure mode. It was altered to prevent an append only behavior which would grow the `kernel-cmdline` at every reboot. This ever growing behavior would lead `kexec` to fail to load the kernel due to a too long cmdline. 3) To get the kernel crash under /var/crash this path has to be added to `allowlist_paths` 4) The `/host/image-XXX/boot` folder is now populated in `secureboot` mode but not used. **- How to verify it** Regular boot: - enable kdump - enable docker_inram=on via kernel-params - reboot - generate a crash `echo c > /proc/sysrq-trigger` - before: witness OOM events on the console - after: crash kernel works and crash available under /var/crash Secure boot: - enable kdump - reboot - generate a crash `echo c > /proc/sysrq-trigger` - before: witness no kdump - after: crash kernel works and crash available under /var/crash Co-authored-by: Boyang Yu <byu@arista.com>
2021-02-02 03:55:09 -06:00
if [ "$secureboot" = true ] && [ "$in_kdump" = false ]; then
[secureboot] Add secureboot support for Arista devices (#4741) * Add secureboot support in boot0 * Initramfs changes for secureboot on Aboot devices * Do not compress squashfs and gz in fs.zip It doesn't make much sense to do so since these files are already compressed. Also not compressing the squashfs has the advantage of making it mountable via a loop device. * Add loopoffset parameter to initramfs-tools
2020-06-22 11:30:31 -05:00
if [ "$bootloader" = "aboot" ]; then
swi_path="${rootmnt}/host/$(sed -E 's/.*loop=([^ ]+).*/\1/' /proc/cmdline)"
unzip -q "$swi_path" allowlist_paths.conf -d /tmp
allowlist_file=/tmp/allowlist_paths.conf
else
allowlist_file=${rootmnt}/host/$image_dir/allowlist_paths.conf
fi
[secureboot] only remove exec bit in secureboot Address issue #4832
2020-06-23 13:33:44 -05:00
[secureboot] Add secureboot support for Arista devices (#4741) * Add secureboot support in boot0 * Initramfs changes for secureboot on Aboot devices * Do not compress squashfs and gz in fs.zip It doesn't make much sense to do so since these files are already compressed. Also not compressing the squashfs has the advantage of making it mountable via a loop device. * Add loopoffset parameter to initramfs-tools
2020-06-22 11:30:31 -05:00
remove_not_in_allowlist_files "$allowlist_file" "$rw_dir"
[secureboot] only remove exec bit in secureboot Address issue #4832
2020-06-23 13:33:44 -05:00
## Remove the executable permission for all the files in rw folder except home folder
find ${rw_dir} -type f -not -path ${rw_dir}/home -exec chmod a-x {} +
fi
[secure boot] Support rw files allowlist (#4585) * Support rw files allowlist for Sonic Secure Boot * Improve the performance * fix bug * Move the config description into a md file * Change to use a simple way to remove the blank line * Support chmod a-x in rw folder * Change function name * Change some unnecessary words
2020-06-13 02:10:13 -05:00
[secureboot] Add secureboot support for Arista devices (#4741) * Add secureboot support in boot0 * Initramfs changes for secureboot on Aboot devices * Do not compress squashfs and gz in fs.zip It doesn't make much sense to do so since these files are already compressed. Also not compressing the squashfs has the advantage of making it mountable via a loop device. * Add loopoffset parameter to initramfs-tools
2020-06-22 11:30:31 -05:00
mount -n -o lowerdir=${rootmnt},upperdir=${rw_dir},workdir=${work_dir} -t overlay root-overlay ${rootmnt}
[union-mount] Rescan dev if root partition disapear (#298) On some platforms after the initramfs init scripts have mounted the root device its block device disapear from /dev. The union-mount script therefore can't mount the root device over the aufs. If this case happen, issue a rescan of the devices to repopulate the /dev filesystem.
2017-02-16 01:18:02 -06:00
## Check if the root block device is still there
[ -b ${ROOT} ] || mdev -s
[initramfs] Updated required tools for initramfs (#3734) * [initramfs] Updated reuired tools for initramfs Signed-off-by: Antony Rheneus <arheneus@marvell.com> * [initramfs] Updated required tools for initramfs Signed-off-by: Antony Rheneus <arheneus@marvell.com> * [Platform] [Marvell] Platform specific debian package for et6448m device Signed-off-by: Antony Rheneus <arheneus@marvell.com> * Removed auto-generated files Signed-off-by: Antony Rheneus <arheneus@marvell.com> * [initramfs] Added mtd and uboot firmware tools package required for arm arch Its been enabled to all arch including amd64 Signed-off-by: Antony Rheneus <arheneus@marvell.com> * [initramfs] Added mtd and uboot firmware tools package required for arm arch Its been enabled to all arch including amd64 Signed-off-by: Antony Rheneus <arheneus@marvell.com> * [initramfs] Marvell arm modules update and platform config update Signed-off-by: Antony Rheneus <arheneus@marvell.com> * [iniramfs] add initramfs uboot-utils hook script only for ARM Signed-off-by: Antony Rheneus <arheneus@marvell.com>
2020-01-15 10:25:01 -06:00
case "${ROOT}" in
ubi*)
mtd=$(cat /proc/cmdline | sed -e 's/.*ubi.mtd=\([0-9]\) .*/\1/')
if [ ! -f /dev/${ROOT}_0 ]; then
[platform][marvell] Arm 32-bit Arch support changes (#5749) - Added Arm 32-bit arch build fixes - Added marvell armhf platform specific changes Signed-off-by: Sabareesh Kumar Anandan <sanandan@marvell.com>
2020-12-03 14:38:50 -06:00
ubiattach /dev/ubi_ctrl -m $mtd 2>dev/null || true
[initramfs] Updated required tools for initramfs (#3734) * [initramfs] Updated reuired tools for initramfs Signed-off-by: Antony Rheneus <arheneus@marvell.com> * [initramfs] Updated required tools for initramfs Signed-off-by: Antony Rheneus <arheneus@marvell.com> * [Platform] [Marvell] Platform specific debian package for et6448m device Signed-off-by: Antony Rheneus <arheneus@marvell.com> * Removed auto-generated files Signed-off-by: Antony Rheneus <arheneus@marvell.com> * [initramfs] Added mtd and uboot firmware tools package required for arm arch Its been enabled to all arch including amd64 Signed-off-by: Antony Rheneus <arheneus@marvell.com> * [initramfs] Added mtd and uboot firmware tools package required for arm arch Its been enabled to all arch including amd64 Signed-off-by: Antony Rheneus <arheneus@marvell.com> * [initramfs] Marvell arm modules update and platform config update Signed-off-by: Antony Rheneus <arheneus@marvell.com> * [iniramfs] add initramfs uboot-utils hook script only for ARM Signed-off-by: Antony Rheneus <arheneus@marvell.com>
2020-01-15 10:25:01 -06:00
fi
mount -t ubifs /dev/${ROOT}_0 ${rootmnt}/host
;;
*)
## Mount the raw partition again
Specify the filesystem type when mounting to /host (#10169) When mounting the partition that contains `/host` during initramfs, the mount binary available there (coming from busybox) tries each filesystem in `/proc/filesystems` and sees which one succeeds. During this time, there may be some error messages logged into dmesg because some of the incorrect filesystems failed to mount the partition. Specify the filesystem type explicitly so that initramfs knows it's that type, and we know what filesystem will always get used there. Fixes #9998 Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2022-03-14 13:34:02 -05:00
mount -t ext4 ${ROOT} ${rootmnt}/host
Run tune2fs during initramfs instead of image install (#10536) If it is run during image install, it's not guaranteed that the installation environment will have tune2fs available. Therefore, run it during initramfs instead. Signed-off-by: Saikrishna Arcot <sarcot@microsoft.com>
2022-04-12 18:24:13 -05:00
tune2fs -m 0 -r 0 ${ROOT}
[initramfs] Updated required tools for initramfs (#3734) * [initramfs] Updated reuired tools for initramfs Signed-off-by: Antony Rheneus <arheneus@marvell.com> * [initramfs] Updated required tools for initramfs Signed-off-by: Antony Rheneus <arheneus@marvell.com> * [Platform] [Marvell] Platform specific debian package for et6448m device Signed-off-by: Antony Rheneus <arheneus@marvell.com> * Removed auto-generated files Signed-off-by: Antony Rheneus <arheneus@marvell.com> * [initramfs] Added mtd and uboot firmware tools package required for arm arch Its been enabled to all arch including amd64 Signed-off-by: Antony Rheneus <arheneus@marvell.com> * [initramfs] Added mtd and uboot firmware tools package required for arm arch Its been enabled to all arch including amd64 Signed-off-by: Antony Rheneus <arheneus@marvell.com> * [initramfs] Marvell arm modules update and platform config update Signed-off-by: Antony Rheneus <arheneus@marvell.com> * [iniramfs] add initramfs uboot-utils hook script only for ARM Signed-off-by: Antony Rheneus <arheneus@marvell.com>
2020-01-15 10:25:01 -06:00
;;
esac
[build]: enable docker in ram option for small disk device (#3279) when device disk is small, do not unzip dockerfs.tar.gz on disk. keep the tar file on the disk, unzip to tmpfs in the initrd phase. enabled this for 7050-qx32 Signed-off-by: Guohan Lu <gulv@microsoft.com>
2019-08-07 01:04:00 -05:00
[202205] Implement zram compression for docker in RAM (#15137) * [Arista] Fix boot0 code for docker_inram Enable docker_inram for all systems with 4GB or less of flash. This is mandatory to allow these systems to store 2 SONiC images. This change also fixes the missing docker_inram attribute when installing a new image from SONiC. Because the SWI image can ship with additional kernel parameters within such as `sonic_fips=` this lead to a conflict. To prevent the conflict, the extra kernel parameters from the SWI are now stored in the file `kernel-cmdline-append` which isn't used anywhere. * Add optional zram compression for docker_inram Some devices running SONiC have a small storage device (2G and 4G mainly) The SONiC image growth over time has made it impossible to install 2 images on a single device. Some mitigations have been implemented in the past for some devices but there is a need to do more. One such mitigation is `docker_inram` which creates a `tmpfs` and extracts `dockerfs.tar.gz` in it. This all happens in the SONiC initramfs and by ensuring the installation process does not extract `dockerfs.tar.gz` on the flash but keep the file as is. This mitigation does a tradeoff by using more RAM to reduce the disk footprint. It however creates new issues for devices with 4G of system memory since the extracted `dockerfs.tar.gz` nears the 1.6G. Considering debian upgrades (with dual base images) and the continuous stream of features this is only going to get bigger. This change introduces an alternative to the `tmpfs` by allowing a system to extract the `dockerfs.tar.gz` inside a `zram` device thus bringing compression in play at the detriment of performance. Introduce 2 new optional kernel parameters to be consumed by SONiC initramfs. - `docker_inram_size` which represent the max physical size of the `zram` or `tmpfs` volume (defaults to DOCKER_RAMFS_SIZE) - `docker_inram_algo` which is the method to use to extract the `dockerfs.tar.gz` (defaults to `tmpfs`) other values are considered to be compression algorithm for `zram` (e.g `zstd`, `zlo-rle`, `lz4`) Refactored the logic to mount the docker fs in the SONiC initramfs under the `union-mount` script. Moved the code into a function to make it cleaner and separated the inram volume creation and docker extraction. On Arista platform with a flash smaller or equal to 4GB set `docker_inram_algo` to `zstd` which produces the best compression ratio at the detriment of a slower write performance and a similar read performance to other `zram` compression algorithms.
2023-06-02 10:36:18 -05:00
## Mount the docker storage path
Squash merge latest code to github branch
2016-07-26 14:01:58 -05:00
mkdir -p ${rootmnt}/var/lib/docker
[202205] Implement zram compression for docker in RAM (#15137) * [Arista] Fix boot0 code for docker_inram Enable docker_inram for all systems with 4GB or less of flash. This is mandatory to allow these systems to store 2 SONiC images. This change also fixes the missing docker_inram attribute when installing a new image from SONiC. Because the SWI image can ship with additional kernel parameters within such as `sonic_fips=` this lead to a conflict. To prevent the conflict, the extra kernel parameters from the SWI are now stored in the file `kernel-cmdline-append` which isn't used anywhere. * Add optional zram compression for docker_inram Some devices running SONiC have a small storage device (2G and 4G mainly) The SONiC image growth over time has made it impossible to install 2 images on a single device. Some mitigations have been implemented in the past for some devices but there is a need to do more. One such mitigation is `docker_inram` which creates a `tmpfs` and extracts `dockerfs.tar.gz` in it. This all happens in the SONiC initramfs and by ensuring the installation process does not extract `dockerfs.tar.gz` on the flash but keep the file as is. This mitigation does a tradeoff by using more RAM to reduce the disk footprint. It however creates new issues for devices with 4G of system memory since the extracted `dockerfs.tar.gz` nears the 1.6G. Considering debian upgrades (with dual base images) and the continuous stream of features this is only going to get bigger. This change introduces an alternative to the `tmpfs` by allowing a system to extract the `dockerfs.tar.gz` inside a `zram` device thus bringing compression in play at the detriment of performance. Introduce 2 new optional kernel parameters to be consumed by SONiC initramfs. - `docker_inram_size` which represent the max physical size of the `zram` or `tmpfs` volume (defaults to DOCKER_RAMFS_SIZE) - `docker_inram_algo` which is the method to use to extract the `dockerfs.tar.gz` (defaults to `tmpfs`) other values are considered to be compression algorithm for `zram` (e.g `zstd`, `zlo-rle`, `lz4`) Refactored the logic to mount the docker fs in the SONiC initramfs under the `union-mount` script. Moved the code into a function to make it cleaner and separated the inram volume creation and docker extraction. On Arista platform with a flash smaller or equal to 4GB set `docker_inram_algo` to `zstd` which produces the best compression ratio at the detriment of a slower write performance and a similar read performance to other `zram` compression algorithms.
2023-06-02 10:36:18 -05:00
mount_docker
[build]: enable docker in ram option for small disk device (#3279) when device disk is small, do not unzip dockerfs.tar.gz on disk. keep the tar file on the disk, unzip to tmpfs in the initrd phase. enabled this for 7050-qx32 Signed-off-by: Guohan Lu <gulv@microsoft.com>
2019-08-07 01:04:00 -05:00
[baseimage]: build root filesystem via overlay fs instead of aufs
2017-09-02 17:32:31 -05:00
## Mount the boot directory in the raw partition, bypass the overlay
Squash merge latest code to github branch
2016-07-26 14:01:58 -05:00
mkdir -p ${rootmnt}/boot
[202205] Implement zram compression for docker in RAM (#15137) * [Arista] Fix boot0 code for docker_inram Enable docker_inram for all systems with 4GB or less of flash. This is mandatory to allow these systems to store 2 SONiC images. This change also fixes the missing docker_inram attribute when installing a new image from SONiC. Because the SWI image can ship with additional kernel parameters within such as `sonic_fips=` this lead to a conflict. To prevent the conflict, the extra kernel parameters from the SWI are now stored in the file `kernel-cmdline-append` which isn't used anywhere. * Add optional zram compression for docker_inram Some devices running SONiC have a small storage device (2G and 4G mainly) The SONiC image growth over time has made it impossible to install 2 images on a single device. Some mitigations have been implemented in the past for some devices but there is a need to do more. One such mitigation is `docker_inram` which creates a `tmpfs` and extracts `dockerfs.tar.gz` in it. This all happens in the SONiC initramfs and by ensuring the installation process does not extract `dockerfs.tar.gz` on the flash but keep the file as is. This mitigation does a tradeoff by using more RAM to reduce the disk footprint. It however creates new issues for devices with 4G of system memory since the extracted `dockerfs.tar.gz` nears the 1.6G. Considering debian upgrades (with dual base images) and the continuous stream of features this is only going to get bigger. This change introduces an alternative to the `tmpfs` by allowing a system to extract the `dockerfs.tar.gz` inside a `zram` device thus bringing compression in play at the detriment of performance. Introduce 2 new optional kernel parameters to be consumed by SONiC initramfs. - `docker_inram_size` which represent the max physical size of the `zram` or `tmpfs` volume (defaults to DOCKER_RAMFS_SIZE) - `docker_inram_algo` which is the method to use to extract the `dockerfs.tar.gz` (defaults to `tmpfs`) other values are considered to be compression algorithm for `zram` (e.g `zstd`, `zlo-rle`, `lz4`) Refactored the logic to mount the docker fs in the SONiC initramfs under the `union-mount` script. Moved the code into a function to make it cleaner and separated the inram volume creation and docker extraction. On Arista platform with a flash smaller or equal to 4GB set `docker_inram_algo` to `zstd` which produces the best compression ratio at the detriment of a slower write performance and a similar read performance to other `zram` compression algorithms.
2023-06-02 10:36:18 -05:00
# make sure that the boot folder exists before attempting a mount
mkdir -p ${rootmnt}/host/$image_dir/boot
[image]: SONiC-to-SONiC update (#464)
2017-04-21 19:23:36 -05:00
mount --bind ${rootmnt}/host/$image_dir/boot ${rootmnt}/boot
[DELL]: FTOS to SONiC fast conversion fixes (#4807) While migrating to SONiC 20181130, identified a couple of issues: 1. union-mount needs /host/machine.conf parameters for vendor specific checks : however, in case of migration, the /host/machine.conf is extracted from ONIE only in https://github.com/Azure/sonic-buildimage/blob/master/files/image_config/platform/rc.local#L127. 2. Since grub.cfg is updated to have net.ifnames=0 biosdevname=0, 70-persistent-net.rules changes are no longer required.
2020-06-19 13:02:08 -05:00
[secureboot] Add secureboot support for Arista devices (#4741) * Add secureboot support in boot0 * Initramfs changes for secureboot on Aboot devices * Do not compress squashfs and gz in fs.zip It doesn't make much sense to do so since these files are already compressed. Also not compressing the squashfs has the advantage of making it mountable via a loop device. * Add loopoffset parameter to initramfs-tools
2020-06-22 11:30:31 -05:00
## Mount loop device or tmpfs for /var/log
if $logs_inram; then
[aboot] use ram partition for /var/log for devices with 3.7G disks (#8400) Master/202012 image size grew quite a bit. 3.7G harddrive can no longer hold one image and safely upgrade to another image. Every bit of harddrive space is precious to save now. Also sh syntax seemingly changed, [ condition ] && action was a legit syntax in 201911 branch but it is an error when condition not met with 202012 or later images. Change the syntax to if statement to avoid the issue. Signed-off-by: Ying Xie ying.xie@microsoft.com
2021-08-13 11:01:34 -05:00
# NOTE: some platforms, when reaching initramfs stage, have a small
# limit of mounting tmpfs partition, potentially due to amount
# of RAM available in this stage. Therefore limiting the size
# set for tmpfs partitions.
#
# Another reason for using tmpfs /var/log partition is:
# Some platforms have a small flash and therefore the log partition takes valuable space.
# To improve the longevity of these devices storing the logs in memory will permit more
# SONiC image growth before being bottlenecked.
set_tmpfs_log_partition_size
mount -t tmpfs -o rw,nosuid,nodev,size=${varlogsize}M tmpfs ${rootmnt}/var/log
if [ -f ${rootmnt}/host/disk-img/var-log.ext4 ]; then
rm -rf ${rootmnt}/host/disk-img/var-log.ext4
fi
[tmpfs var/log] mount /var/log as tmpfs for some platforms (#2780) SONiC is a heavy writer to /var/log partition, we noticed that this behavior causes certain flash drive to become read-only over time. To avoid this issue, we mount /var/log parition on these devices as tmpfs. - Mount /var/log as tmpfs - /var/log default size is 128M - Adjust size according to existing var-log.ext4 file size. - Adjust size to between 5% to 10% of total memory size. Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-04-15 00:46:26 -05:00
else
[aboot] use ram partition for /var/log for devices with 3.7G disks (#8400) Master/202012 image size grew quite a bit. 3.7G harddrive can no longer hold one image and safely upgrade to another image. Every bit of harddrive space is precious to save now. Also sh syntax seemingly changed, [ condition ] && action was a legit syntax in 201911 branch but it is an error when condition not met with 202012 or later images. Change the syntax to if statement to avoid the issue. Signed-off-by: Ying Xie ying.xie@microsoft.com
2021-08-13 11:01:34 -05:00
if [ -f ${rootmnt}/host/disk-img/var-log.ext4 ]; then
fsck.ext4 -v -p ${rootmnt}/host/disk-img/var-log.ext4 2>&1 | gzip -c >> /tmp/fsck.log.gz
mount -t ext4 -o loop,rw ${rootmnt}/host/disk-img/var-log.ext4 ${rootmnt}/var/log
fi
[tmpfs var/log] mount /var/log as tmpfs for some platforms (#2780) SONiC is a heavy writer to /var/log partition, we noticed that this behavior causes certain flash drive to become read-only over time. To avoid this issue, we mount /var/log parition on these devices as tmpfs. - Mount /var/log as tmpfs - /var/log default size is 128M - Adjust size according to existing var-log.ext4 file size. - Adjust size to between 5% to 10% of total memory size. Signed-off-by: Ying Xie <ying.xie@microsoft.com>
2019-04-15 00:46:26 -05:00
fi
[baseimage]: Run fsck filesystem check support prior mounting filesystem (#4431) * Run fsck filesystem check support prior mounting filesystem If the filesystem become non clean ("dirty"), SONiC does not run fsck to repair and mark it as clean again. This patch adds the functionality to run fsck on each boot, prior to the filesystem being mounted. This allows the filesystem to be repaired if needed. Note that if the filesystem is maked as clean, fsck does nothing and simply return so this is perfectly fine to call fsck every time prior to mount the filesystem. How to verify this patch (using bash): Using an image without this patch: Make the filesystem "dirty" (not clean) [we are making the assumption that filesystem is stored in /dev/sda3 - Please adjust depending of the platform] [do this only on a test platform!] dd if=/dev/sda3 of=superblock bs=1 count=2048 printf "$(printf '\\x%02X' 2)" | dd of="superblock" bs=1 seek=1082 count=1 conv=notrunc &> /dev/null dd of=/dev/sda3 if=superblock bs=1 count=2048 Verify that filesystem is not clean tune2fs -l /dev/sda3 | grep "Filesystem state:" reboot and verify that the filesystem is still not clean Redo the same test with an image with this patch, and verify that at next reboot the filesystem is repaired and becomes clean. fsck log is stored on syslog, using the string FSCK as markup.
2020-04-30 02:33:20 -05:00
## fscklog file: /tmp will be lost when overlayfs is mounted
if [ -f /tmp/fsck.log.gz ]; then
mv /tmp/fsck.log.gz ${rootmnt}/var/log
fi
[initramfs]: SSD firmware upgrade in initramfs (#10748) Why I did it To upgrade SSD firmware in initramfs while rebooting from SONiC to SONiC and during NOS to SONiC migration. How I did it New option 'ssd-upgrader-part’ is introduced in grub command line, to indicate the partition and its filesystem type in which the SSD firmware updater is present. ‘ssd-upgrader-part’ syntax is ssd-upgrader-part=<partition>,<filesystem type>. Example: ssd-upgrader-part=/dev/sda8,ext4 A new initramfs script ‘ssd-upgrade’ is included in init-premount and it invokes the SSD firmware updater (ssd-fw-upgrade) present in the partition indicated by the boot option 'ssd-upgrader-part' How to verify it In SONiC, the SSD firmware updater is copied to “/host/” directory. Fast-reboot is to be initiated with the ‘-u’ option ([scripts/fast-reboot] Add option to include ssd-upgrader-part boot option with SONiC partition sonic-utilities#2150) After reboot, while booting into SONiC the SSD firmware updater will be executed in initramfs.
2022-05-12 10:11:02 -05:00
## ssd-fw-upgrade log file: /tmp will be lost when overlayfs is mounted
if [ -f /tmp/ssd-fw-upgrade.log.gz ]; then
mv /tmp/ssd-fw-upgrade.log.gz ${rootmnt}/var/log
fi
Reference in New Issue Copy Permalink