Fail if mountpoint path is forbidden by FCOS

[rugk]

Bug

Operating System Version

fedora-coreos-34.20210503.1.1-live.x86_64 - current next stream

Ignition Version

2.9.0

Environment

bare-metal

Expected Behavior

Mounting succeeds.

Actual Behavior

The last line in the log of journalctl -t ignition, even after printing the whole Ignition config is:

}CRITICAL : Ignition failed: Mount path "/sysroot//mnt/external" contains non-directory component "/sysroot/mnt"

BTW yes the } at the start is really there, as it is the end of the Ignition config output it does there and in this case it seems to merge with that message…

This results in:

ignition-complete.target: Job ignition-complete.target/start failed with result 'dependency'.

Doing an ls on /sysroot/mnt, I can see this is somewhat correct as it's a symbolic link:

$ ls -la /sysroot/mnt
[…] /sysroot/mnt -> var/mnt

As you can see, it links to var/mnt (without a leading slash! – also wonder whether that's intended).

In any case, in my emergency dracut shell I at least also cannot see any /var/mnt directory…

Edit: Ah of course it's intended by rpm-ostree's file layout. However, in the link's target, i.e. /sysroot/var there is also only a lib folder, no other folder, i.e. no mnt it actually expects.

Reproduction Steps

variant: fcos
version: 1.3.0
storage:
  luks:
    # external disk (already exists!)
    - name: external
      label: luks-external
      device: /dev/disk/by-id/[…]:0-part1
      key_file:
        inline: |-
          ********
      wipe_volume: false
  filesystems:
    - path: /mnt/external
      device: /dev/mapper/external
      format: btrfs
      wipe_filesystem: false
      with_mount_unit: true

BTW the filesystems -> systemd service for mounting the file is filesystem is correctly generated.

Other Information

I continue my challenge to mount an existing LUKS drive from coreos/ignition#1210 (originally here)

FYI: When I then just reboot, it cannot even mount /root anymore, which is basically just configured as in the doc here (I did not include that part in the config above): It cannot find /dev/disk/by-label/root.

[bgilbert]

On FCOS you can't create mountpoints directly in /; see docs here. If you set path to /var/mnt/external it should work, and will automatically create the mountpoint.

[rugk]

Oh thanks a lot! That works.

Given this seems to be a limitation of FCOS, do you think a pre-check in Butane could be implemented so this error is catched before when transpiling to an Ignition file?
(As the current error message that does not really pinpoint the actual problem at Ignition at the near end of provisioning is not too good – UX-wise.)

[bgilbert]

Actually, yeah, that's a good idea.

[PhrozenByte]

How about extending this to a more generalized path validation, i.e. not just limited to mount points? For example, Ignition will bail if a storage config for /usr is present, or if one tries to create a /some-file. Butane can (and should) deny this config from the beginning.

[jlebon]

How about extending this to a more generalized path validation, i.e. not just limited to mount points? For example, Ignition will bail if a storage config for /usr is present, or if one tries to create a /some-file. Butane can (and should) deny this config from the beginning.

One thing with this is that Butane is also being used as input for CoreOS layering and there we do want to support changing things in /usr.

[bgilbert]

coreos/fedora-coreos-config#1879 aims to provide a way to create paths in the root directory. We might want to provide Butane sugar for that, but it doesn't completely obviate this issue, since there will still be forbidden paths (like /usr).