Correct way to add top-level mountpoints to disk images #814
Description
In bootc-image-builder we now support adding custom mountpoints to images, but we restrict it to mountpoints under /var/ (with some exceptions).
We're getting a lot of requests to support adding top-level mountpoints (e.g. /data) and I've been struggling to figure out the correct to do this without breaking the system. The script below sort of replicates how BIB does disk image building, for reference:
#!/usr/bin/bash
set -euo pipefail
echo ":: Creating disk file"
truncate disk.raw -s "10G"
echo ":: Partitioning disk"
sfdisk disk.raw << EOF
label: gpt
label-id: D209C89E-EA5E-4FBD-B161-B461CCE297E0
start="2048", size="2048", type="21686148-6449-6E6F-744E-656564454649", uuid="FAC7F1FB-3E8D-4137-A512-961DE09A5549", bootable
start="4096", size="1026048", type="C12A7328-F81F-11D2-BA4B-00A0C93EC93B", uuid="68B2905B-DF3E-4FB3-80FA-49D1E773AA33"
start="1030144", size="2097152", type="0FC63DAF-8483-4772-8E79-3D69D8477DE4", uuid="CB07C243-BC44-4717-853E-28852021225B"
start="3127296", size="17844191", type="0FC63DAF-8483-4772-8E79-3D69D8477DE4", uuid="6264D520-3FB9-423F-8AB8-7A0A8E3D3562"
EOF
echo ":: Attaching loop device"
loop=$(sudo losetup -f -P --show ./disk.raw)
detach() {
echo ":: Detaching ${loop}"
sudo losetup --detach "${loop}"
}
cleanup() {
detach
}
trap cleanup EXIT
espvolid="7B7795E7"
datauuid="359340b8-facf-4aeb-8a74-fed44bcfeecb"
rootuuid="3279ab06-6122-4c76-aade-692e8dc81985"
echo ":: Creating filesystems"
sudo mkfs.fat -i "${espvolid}" "${loop}p2" # ESP
# orphan_file is enabled by default on newer mkfs.ext4 versions but not
# supported by the C9S kernel and tooling
sudo mkfs.ext4 -O "^orphan_file" -U "${datauuid}" "${loop}p3" # data
sudo mkfs.ext4 -O "^orphan_file" -U "${rootuuid}" "${loop}p4" # root
echo ":: Mounting root and ESP"
sudo mkdir -p ./mnt
sudo mount "${loop}p4" ./mnt
umountroot() {
echo ":: Unmounting root"
sudo umount ./mnt
}
cleanup() {
umountroot
detach
}
trap cleanup EXIT
sudo mkdir -p ./mnt/boot/efi
sudo mount "${loop}p2" ./mnt/boot/efi
umountesp() {
echo ":: Unmounting ESP"
sudo umount ./mnt/boot/efi
}
cleanup() {
umountesp
umountroot
detach
}
trap cleanup EXIT
echo ":: Running bootc install to-filesystem"
sudo podman run --rm --privileged --pid=host \
-v /var/lib/containers:/var/lib/containers \
-v "${HOME}/.ssh/authorized_keys":/var/authorized_keys \
-v ./mnt:/var/mnt \
--security-opt label=type:unconfined_t \
quay.io/centos-bootc/centos-bootc:stream9 bootc install to-filesystem \
--root-ssh-authorized-keys /var/authorized_keys \
--skip-fetch-check /var/mnt
echo ":: Writing fstab"
sudo mount -o remount,rw ./mnt
etcpaths=(./mnt/ostree/deploy/default/deploy/*.0/etc)
etcpath=${etcpaths[0]}
echo "UUID=${datauuid} /var/data ext4 defaults 0 0" | sudo tee -a "${etcpath}/fstab"(forgive the jankiness of the script; it's just for illustrative purposes).
The /var/data mount works great, but if the fstab entry is changed to mount it to /data, the system fails to boot.
I partially understand the reasons why this is happening, with the live / mountpoint on the system being a read-only composefs overlay. I suspect this can be solved by generating a mount unit and carefully configuring it to run at the right time during boot (with After and Before directives). I wanted to ask here though to understand the details of the problem fully instead of just resorting to trial and error.