| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
| |
The 'conf' user event is functionally very similar to the 'url' event,
in that both events result in downloading a specified configuration file
and passing it to iterate_parsers().
The 'url' event additionally allows downloading files from a directory
path and is also accessed by the UI via pb-protocol, so remove the
'conf' event and associated functions in favour of 'url' and
device_handler_process_url().
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When handling an event, user_event_handle_message() creates an event
struct with relevant parameters. Once user_event_handle_message() is
finished it frees the struct.
However in the case of a dhcp or add_url event, asynchronous jobs may be
spawned that will later reference the event struct. In particular this
becomes a problem when pxe_process_pair() handles an IPAPPEND name/value
pair and tries to access event->device.
In the case of dhcp and add_url events, we avoid this by changing the
event struct's talloc parent to the discover_context struct which
persists until all async pxe jobs have completed.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
kernels and related blobs
This can be used to implement a form of organization-controlled secure boot,
whereby kernels may be loaded from a variety of sources but they will only
boot if a valid signature file is found for each component, and only if the
signature is listed in the /etc/pb-lockdown file.
Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
(Minor build fixes and gpgme.m4, comment on secure boot in gpg.c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a user event named 'sync' that causes the discover server to merge
the devicemapper snapshots of mounted devices. This is particularly
useful as a debug aid (for example, when copying logs to a USB device),
as the server will otherwise only sync changes to mounted devices in
response to parser actions.
The command can be called as
pb-event sync@device
to sync a particular device, or as
pb-event sync@all
to sync all devices with snapshots.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
| |
If one of a device's boot options is the current default boot option,
make sure the default boot is cancelled before the device is removed.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
| |
All boot options must at least have a boot image; ignore any options
that do not before trying to resolve them.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Depending on the configuration of the DHCP server and the network, tftp
requests made by the pxe parser can timeout. The pxe parser makes these
requests synchronously so several timeouts can block the server
completely for several minutes, leaving the server unresponsive to UI
requests.
Rework the pxe parser such that it handles the result of each tftp
request in a callback, which can complete after iterate_parsers() has
returned. Each callback is allocated its own conf_context which takes a
talloc reference on the discover_context so that each callback can
commit new boot options after the initial iterate loop has completed.
This also means talloc_unlink must be used instead by the original
parent of the discover_context.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Substitute load_url_async() when running tests to support direct
callers of load_url_async() who will expect to read a file in a
callback.
Stub out device_handler_discover_context_commit() since it will remove
discover_options from the given discover_context, but the tests will
check the discover_context to count boot_options.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
| |
Rename boot_status() to device_handler_boot_status() and make it
accessible by files that include device-handler.h. This enables the boot
status to be updated from additional callers, in particular within
parser functions.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows URLs of the form file:///path/to/local/file.conf to be used
in nc-add-url, in order to access configuration files relative
to the root directory. This is primarily a debugging tool aimed at
developers rather than an expected use case.
The DEVICE_TYPE_ANY enum is used in this case to represent that a
resulting boot option is not associated with any device in the
traditional sense, and in the UI is represented as a "Custom Local
Option".
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When a default boot timeout expires boot() is called via
default_timeout() rather than device_handler_boot(). default_timeout()
doesn't call platform_pre_boot() beforehand, which means steps such as
clearing a temporary boot device override are skipped.
Add a call to platform_pre_boot() immediately before boot() to ensure
these steps are performed regardless of boot type.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 6c1a9dd, "discover: Allow fs recovery if snapshot available",
forced the use of 'norecovery' for all XFS mounts to avoid failing when
a cross-endian journal existed. This is a bit heavy handed, healthy XFS
file systems can still be safely mounted, as can dirty filesystems in
the same endian as Petitboot.
This adds try_mount() which opportunistically mounts devices and falls
back to using 'norecovery' where possible on failure. This enables XFS
filesystems to be mounted read-write when possible. try_mount() contains
the logic previously described by fs_parameters(), and should be used in
place of any existing calls to mount().
Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
| |
Fixes Coverity defect #30472
Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During install some distributions[0] will create subvolumes when formatting
the root filesystem with BTRFS. In particular this can mean that
bootloader config files will appear (in the case of GRUB) under
/var/petitboot/mnt/dev/$device/@/boot/grub/
rather than the expected
/var/petitboot/mnt/dev/$device/boot/grub/
If this is the case, perform all file operations from the parser
relative to this subvolume rather than the mount point. At the moment
this only supports the trivial case where the subvolume name for root is
blank (ie. '@').
[0] In particular, Ubuntu from at least 14.04
Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The URL field currently only supports loading a particular file for
static network configurations. But it makes sense in certain static
network configurations to 'auto-discover' a file like petitboot does
with DHCP -- based off the MAC address and IP. Extend
device_handler_process_url to take those as parameters, and toggle off
the URL ending in a '/' to indicate whether to 'auto-discover' or
directly load the specified URL.
Signed-off-by: Nishanth Aravamudan <nacc@linux.vnet.ibm.com>
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
| |
|
|
|
|
|
|
| |
Fixes three unchecked return values, and one missing
initialisation.
Fixes Coverity defects #30450, #30451, #30454, and #30483
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
| |
|
|
|
|
| |
Fix the status message, and remove the newline from our translations.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
| |
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
| |
Properly call gettext for strings in discover/device-handler.c that are
user-visible, and fix the help string in ui/ncurses/nc-subset.c
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
If we have a device-mapper snapshot available we can now guarantee
filesystem recovery will not write back to a read-only mounted disk.
Allow recovery on those devices with the notable exception of XFS which
may fail to mount if the filesystem is the opposite endian of Petitboot.
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
| |
|
|
|
|
|
|
| |
Users may want to prioritise USB-attached storage devices differently to
other devices. Detect if a device is USB-attached and add a new device
type to identify it.
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
| |
|
|
|
|
|
|
| |
Create a new Petitboot option 'petitboot,write?' that specifies whether
the system is allowed to mount devices read-write. The option can be
toggled by the user in the nc-config screen.
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
| |
|
|
|
|
|
|
| |
Device-mapper snapshots are created for all disk devices prior to
being mounted. If explicit writes are made to the snapshot they are
merged back to the disk once write access is released.
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
| |
|
|
|
|
|
|
|
|
| |
Store information on available ramdisk devices when they are recognised
by udev, and add functions to 'reserve' and 'release' these devices.
This will be used to associate device-mapper snapshots with a backing
ramdisk in a following patch.
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
| |
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
| |
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
Send a short message to the UI to inform the user a device is being
parsed for boot options. This helps slightly in environments when the UI
appears well before devices are available for parsing, giving the user
an indication that work is still being done.
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Move petitboot to a more familiar 'boot-order' based autoboot system.
The discover server now reads multiple values from the petitboot,bootdev
parameter and adds them in order to config->autoboot_opts. Boot priority
is determined by the options' position in the list.
On the client, nc-config now recognises the new boot order, and allows
the user to add, remove, and reorder the devices in the list.
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Journaled filesytems may still write to their disk even if the disk is
mounted read only. Petitboot should avoid modifying any disks
automatically, and in mixed-endian systems this can also cause journal
operations to fail. Use the 'norecovery' option on filesystems that
support it to skip the journal replay.
Additionally, mounting an XFS filesystem as read-write in such a case
will cause the call to mount to hang indefinitely. Avoid this generally
by explicitly unmounting and (re)mounting when mounting read-write.
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
| |
|
|
|
|
|
| |
We want to expand the finalise_config hook to cover generic pre-boot
functionality, so rename to pre_boot.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, we expose the boot device priorities through an array in
struct config, which will either be the default (network -> disk), or a
single device type specified by the IPMI code.
Rather than hide the implementation details in this array, we'd like to
expose the details of the machine configuration instead. This allows
user visibility of the real boot configuration (for example, if an IPMI
boot preference is set).
This change removes the priority array, and replaces it with the
ipmi_bootdev data (and a persistent flag). We update the
default-conflict-resolution code to reflect the priorities between IPMI
and UUID preferences.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The SYSAPPEND/IPAPPEND option 2 in PXE configs requires
the MAC address of the booting interface to be appended
to the boot options. Previously we formatted this as
"BOOTIF=01:02:03:04:05:06",
but syslinux/pxelinux implementation use this format:
"BOOTIF=01-01-02-03-04-05-06",
where the leading '01' represents the hardware type.
The relevant part of the pxelinux doc is at:
http://www.syslinux.org/wiki/index.php/SYSLINUX#SYSAPPEND_bitmask
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
| |
|
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
| |
We use setlocale() in device-handler.c, so we need locale.h
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
|
|
| |
Adds a new option to pb-event;
./pb-event url@dev url=scheme://path/to/petitboot.conf
Specifies a remote conf file to parse for boot options
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
| |
Since we're operating in the correct locale now, we can send translated
strings in the boot status messages.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
| |
We want the discover server to respect the configured language, so we'll
need to add appropriate setlocale() calls. We use the config->lang
setting to use any previously-saved language.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
| |
If config_set fails, we don't want to send the failed config out to
clients.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Safe mode configures the discover server to not start any device
parsing; this can be used to diagnose any problems with early device
handing.
In safe mode, we don't initialise any of the device sources - udev,
network and user events are disabled.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
| |
If a default device is set, we only allow booting from that device.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We want the network code's network interfaces to (potentially) persist
remove events. For example, discover devices may be removed by a user
event (this happens during a udhcpc deconfig). In this case, we want the
boot options to be removed, but the struct interface needs to stay
present.
This change adds network_(un)_register_device functions, to allow the
device handler to detach from and attach to interfaces.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
|
|
| |
The boot status messages may be trimmed on the right-hand side; In this
case, we'll lose the boot countdown.
This change moves the boot countdown time to before the arbitrary-length
label string.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
| |
Now that we can re-initialise the device handler, allow this to be
triggered from UIs over the petitboot protocol.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, changes to settings doesn't take effect while the discover
server is running. This means we need to reboot for any changes (eg, to
network settings) to take effect.
This change introduces a reinit path. Triggered by a configuration
update, this will cause the device handler to drop all of its devices
(and boot options), and restart the discovery process from the device
sources.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the pb-discover main() function initialises the device
handler and the device sources.
We want to eventually be able to re-init the device sources, which will
be initiated by the handler. In this case, the handler will need
references to the sources.
This change moves the creation of the device sources to be internal to
the handler. This way, the device handler gets a reference to
everything, without having to pass pointers around in main().
We also remove the _destroy functions, as we handle everything through
talloc destructors, as all sources are parented to the handler. We also
change user_event_init and udev_init to take the handler as the first
('context') argument, to make them consistent with network_init.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
We used to use the mount binary to do filesystem autodetection. Since we
now know the fstype, we may as well call the mount syscall directly.
We add a log messages too, as we'll no longer get the 'running process:'
output from the process code, which is helpful is debugging discovery
issues.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, we don't hand any -t option to mount, as we expect the mount
binary to do autodetection of the filesystem type for us.
Turns out this isn't great with busybox mount, (which we're likely to be
using in petitboot builds), which implements "autodetection" by trying
the mount() syscall with every fs type in /proc/filesystems, until one
succeeds.
We expect a lot of the mount calls to fail, as we currently try to mount
everything (and abort discovery on devices that don't mount), including
non-filesystem partitions. On a test machine with 560 block devices, and
37 entries in /proc/partitions, this results in around 20,000 calls to
mount().
A better way would be to pass a -t option to mount. It turns out that
udev uses libblkid to probe the filesystem type, which is available in
the ID_FS_TYPE property. This change only attempts to mount filesystems
with this property, and passes an explicit fstype to the mount binary.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
| |
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
|
|
| |
Currently, if the read-only mount fails during device discovery, we
retry without the '-o ro' option. This was originally due to the
read-only mount failing when a device was already mounted elsewhere.
Since we check for exsiting mounts now, we can drop this retry.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
