-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
behavior if no Ignition is provided #279
Comments
Hmm, interesting. Are you able to access the logs? It might be that Ignition errored out but |
Ignition uses the GCE "user data" not the startup script iirc. See: coreos/bugs#2558 for a CL analogy. CL will boot with no ignition config and just add SSH keys from the cloud (via afterburn), which I presume is what we want for FCOS? |
Afterburn generally does handle provider SSH keys. Also, live ISO counts as bare metal, and we autologin there if we don't get an Ignition config. We could define a set of cases where it'd be reasonable to fail the boot without an Ignition config, but... does it matter? Either way you get a useless machine. |
The thing I got very frustrated about with GCP is it was not very obvious that my ssh key wasn't added. So a fix here could just be making clear in the serial console log if:
|
Maybe we can build on the work robert did. Here is what we see now on the serial console:
We could possibly add some info there by adding a new file into |
I'm in favor of the |
Yep, I have no issue with that approach. |
we discussed this in the meeting yesterday. There was mostly consensus that the issue.d approach would be a good path forward. There was a lot of discussion about how we detect if ignition ran or not. I believe there was an RFE for ignition that came out of that that @jlebon was going to open. |
|
@jlebon your coreos/ignition#903 goes in the direction of structured journal entries. I think it's a good API to have. |
I think the answer is yes. I'm working with Sohan on this part of the puzzle as well as issue.d bits that will let users know if SSH auth keys exist (which is really the information that would have helped Colin understand there was a problem (see original description of this issue)). Where will the script live that generates the issue.d snippets? I think probably either a systemd service/script in FCOS configs OR ignition-dracut. WDYT? |
Yeah, agreed we still want a banner notification for both Ignition config provided and SSH keys found. IMO that glue should live in the FCOS configs. |
I've some doubts on how coreos/afterburn#397 integrates here.
Is the plan to delay the serial console, or to accommodate false negatives by not printing anything in the "no keys" case? |
Probably...if it doesn't already do this today, the best fix would be to extend CLHM to re-render if something changes. |
How bad is it to delay the console login? I think if it only delays it by tens of seconds then we should just pop
That would work for motd, but I don't think the issue gets regenerated on the live console if the source files get updated does it? |
s/tens/tenths/? Yeah, I agree.
Well, with a serial console we can only append. If we have an actual video card we can redraw the screen. |
Sorry to have missed discussion here before.
Yes, currently CLHM issuegen will only re-generate when it is started on boot, before It'll be more reliable though specifying util-linux/util-linux#1041 was implemented - beginning util-linux v2.36 we'll be able to configure agetty so that
I hadn't thought about refreshing the console after already opening it - maybe CLHM should be calling |
…rized keys This PR addresses the concern raised in coreos/fedora-coreos-tracker#279 which talks about systems behavior when no igntion is provided. Currently, we're tracking ignitionConfig messages(coreos/fedora-coreos-tracker#279) and ssh-authorized keys info (coreos/afterburn#397) by sending the structured entry into journald log. Here, the systemd units are written to scrape through that information to display meaningful data to users.
The solution to this problem was implemented via changes to various upstream projects but ultimately will now be shown to the user because of the work @sohankunkerkar did in coreos/fedora-coreos-config#344. |
The fix for this landed upstream. It is now pending a testing stream release. |
The fix for this went into testing stream release |
The fix for this went into stable stream release |
Fixes: coreos#53 Also,related to https://bugzilla.redhat.com/show_bug.cgi?id=1851103 It will also help to address this comment: coreos/fedora-coreos-tracker#279 (comment)
Fixes: coreos#53 Also,related to https://bugzilla.redhat.com/show_bug.cgi?id=1851103 It will also help to address this comment: coreos/fedora-coreos-tracker#279 (comment)
Today, we happily boot and sit there if the user doesn't provide Ignition. I didn't read the docs and assumed I could paste Ignition into the GCP "Startup script" (Since that's how AWS works).
Also tangentially related, afterburn seems to choke on
ed25519
keys, I need to debug that.Certainly if afterburn doesn't handle SSH keys from the provider (e.g. bare metal) there's no reason to boot and sit there inaccessible, doing nothing - right?
The text was updated successfully, but these errors were encountered: