Upgrade systemd from 255 to 256 #2145
Conversation
| @@ -254,14 +254,11 @@ src_prepare() { | |||
| "${FILESDIR}/systemd-test-process-util.patch" | |||
| # Flatcar: Adding our own patches here. | |||
| "${FILESDIR}/0001-wait-online-set-any-by-default.patch" | |||
| "${FILESDIR}/0002-networkd-default-to-kernel-IPForwarding-setting.patch" | |||
There was a problem hiding this comment.
To be investigated if the 256 changes are making this patch irelevant or not: https://github.com/systemd/systemd-stable/blob/v256/src/network/networkd-network.c#L470
|
The github actions fail with vm being emergency shelled at boot with the error: |
|
Build action triggered: https://github.com/flatcar/scripts/actions/runs/12409046532 |
|
After some investigation, it seems that From https://lists.freedesktop.org/archives/systemd-devel/2024-June/050407.html: dracut-ng/dracut-ng@a45048b80c27ee5a45a380 -> this commit shows how to fix dracut 100, not applicable, as dracut used by Flatcar is an older version 0.53. But |
|
One option, is, obviously, to disable the default ProtectSystem, as the initrd Flatcar workflow is reliant on writing to rootfs, similar to this, in bootengine, using a dracut module definition, similar to: https://github.com/flatcar/bootengine/blob/flatcar-master/dracut/99switch-root/nocgroup.conf Another would be to fix all the bootengine /usr writes and maybe move those to /etc or /var. |
ader1990
force-pushed
the
ader1990/systemd-major-version-upgrade-256
branch
from
9d88f29 to
a3f885c
Compare
|
Independently of this, I have tried to update Dracut to 060, and am having trouble with cyclic boot dependencies. I wonder if this is somehow related to the above. Here's what it looks like with the verity stuff disabled, otherwise it's a bit more complicated.
|
Last time I tried a few months ago, I also got the same cyclical dependencies and gave up. Our bootengine heavily modifies the dracut upstream logic, so things need to be modified (again) there to make the dracut upgrade. |
|
Full error for the initrd break point: |
|
To overcome the current limitation imposed by systemd 256 regarding the
I am not convinced these two ideas are the best, maybe there is another option? Thanks. |
|
With the Until dracut is updated, we need to revert this commit manually in systemd: systemd/systemd@1c585a4 |
|
Updating Dracut has proven tricky, mainly due to size issues, so I wouldn't wait for that. |
yeap, will add the patch to systemd ebuild. |
|
AMD64 Flatcar running with systemd 256 and linux 6.10: |
ader1990
force-pushed
the
ader1990/systemd-major-version-upgrade-256
branch
from
a3f885c to
af427b9
Compare
ader1990
temporarily deployed
to
development
GitHub Actions
Inactive
|
The github actions failed because of the Mantle tests using cgroupv1. See https://github.com/systemd/systemd/releases/tag/v256-rc3 -> systemd will refuse to boot in normal circumstances. |
|
We should add code to our update postinstall hook to detect if the user is still on cgroups v1 and abort the update.
…________________________________
From: Adrian Vladu ***@***.***>
Sent: Thursday, September 26, 2024 3:39:36 AM
To: flatcar/scripts ***@***.***>
Cc: Jeremi Piotrowski ***@***.***>; Review requested ***@***.***>
Subject: Re: [flatcar/scripts] Upgrade systemd from 255 to 256 (PR #2145)
The github actions failed because of the Mantle tests using cgroupv1. See https://github.com/systemd/systemd/releases/tag/v256-rc3 -> systemd will refuse to boot in normal circumstances.
Support for cgroup v1 ('legacy' and 'hybrid' hierarchies) is now
considered obsolete and systemd by default will refuse to boot under
it. To forcibly reenable cgroup v1 support,
SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 must be set on kernel command
line. The meson option 'default-hierarchy=' is also deprecated, i.e.
only cgroup v2 ('unified' hierarchy) can be selected as build-time
default.
—
Reply to this email directly, view it on GitHub<#2145 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ABXINVQUZN6IBMQMAL3GTWLZYPP6RAVCNFSM6AAAAABLKHBRBSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNZWGU4DGMZWHA>.
You are receiving this because your review was requested.Message ID: ***@***.***>
|
|
Or is it worth still letting users stay with cgroups v1 if they set this flag? we would still want to validate before commiting the update.
…________________________________
From: Jeremi Piotrowski ***@***.***>
Sent: Thursday, September 26, 2024 8:15:27 PM
To: flatcar/scripts ***@***.***>; flatcar/scripts ***@***.***>
Cc: Review requested ***@***.***>
Subject: Re: [flatcar/scripts] Upgrade systemd from 255 to 256 (PR #2145)
We should add code to our update postinstall hook to detect if the user is still on cgroups v1 and abort the update.
________________________________
From: Adrian Vladu ***@***.***>
Sent: Thursday, September 26, 2024 3:39:36 AM
To: flatcar/scripts ***@***.***>
Cc: Jeremi Piotrowski ***@***.***>; Review requested ***@***.***>
Subject: Re: [flatcar/scripts] Upgrade systemd from 255 to 256 (PR #2145)
The github actions failed because of the Mantle tests using cgroupv1. See https://github.com/systemd/systemd/releases/tag/v256-rc3 -> systemd will refuse to boot in normal circumstances.
Support for cgroup v1 ('legacy' and 'hybrid' hierarchies) is now
considered obsolete and systemd by default will refuse to boot under
it. To forcibly reenable cgroup v1 support,
SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1 must be set on kernel command
line. The meson option 'default-hierarchy=' is also deprecated, i.e.
only cgroup v2 ('unified' hierarchy) can be selected as build-time
default.
—
Reply to this email directly, view it on GitHub<#2145 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ABXINVQUZN6IBMQMAL3GTWLZYPP6RAVCNFSM6AAAAABLKHBRBSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNZWGU4DGMZWHA>.
You are receiving this because your review was requested.Message ID: ***@***.***>
|
Hello @jepio, indeed, we have just a few paths forward:
Thanks. |
I am for 1, deprecate cgroup v1 and document as much as possible. |
I agree with Dongsu to take the 1 approach, and add to the notes section in the Release notes section, and into documentation. |
ader1990
force-pushed
the
ader1990/systemd-major-version-upgrade-256
branch
from
4aa515f to
1514993
Compare
It's from Gentoo commit 473b0997ba121fcc629f94a480238f8e664f900d
Signed-off-by: Adrian Vladu <[email protected]>
ader1990
force-pushed
the
ader1990/systemd-major-version-upgrade-256
branch
from
1514993 to
120668a
Compare
There was a problem hiding this comment.
I think we can update this to pull the latest version of upstream Gentoo and we need to be sure that it's a regular copy (i.e no modification).
There was a problem hiding this comment.
it is already to the latest gentoo upstream and checked.
There was a problem hiding this comment.
Ok, I asked because I see this commit here: gentoo/gentoo@44519e4 that brings 256.9 (what we do in the next commit: "apply flatcar modification")
There was a problem hiding this comment.
While at here, can you drop the following Flatcar modification:
+ # Flatcar: Drop sec-policy/selinux-ntp from deps (under selinux use
+ # flag). The image stage fails with "Failed to resolve
+ # typeattributeset statement at
+ # /var/lib/selinux/mcs/tmp/modules/400/ntp/cil:120"
selinux? (
sec-policy/selinux-base-policy[systemd]
- sec-policy/selinux-ntpand add selinux-ntp to the selinux policies:
- Add the package to
::portage-stable - Add the package to
.github/workflows/portage-stable-packages-list - Add the package to
sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1-r316.ebuild
This will help in the SELinux effort.
There was a problem hiding this comment.
I can do it after this change in another patch, as it is already complicated to properly test as is.
| # the filesystem is already read-write. Conveniently the | ||
| # systemd Makefile sets this up completely wrong. | ||
| # | ||
| # Flatcar: TODO: Is this still a problem? |
There was a problem hiding this comment.
I see quite a few TODO here. Can we open a tracking issue and track those TODO? These can be done on the side but they will be forgot if it's not tracked somewhere.
sdk_container/src/third_party/coreos-overlay/sys-apps/systemd/systemd-256.9.ebuild
Show resolved
Hide resolved
Use flatcar/bootengine#101, that fixes systemd 256 Ignition quirk. See: coreos/fedora-coreos-config@44d0ff8
…setting.patch According to https://github.com/systemd/systemd-stable/blob/v256/src/network/networkd-network.c#L470, the forwarding settings have changed on systemd 256. From the discussions upstream, if a systemd is configured to manage an interface, it will manage it completely, and it will set that interface to not forward packets by default. From the current systemd code, it would be easy to either enable the forwarding or disable it, but there does not seem to be a way now to inherit it from the sysctl / kernel implementation.
ader1990
force-pushed
the
ader1990/systemd-major-version-upgrade-256
branch
from
120668a to
e8996b1
Compare
|
This PR is ready to be merged as-is, with the following to do items:
|
...ner/src/third_party/coreos-overlay/coreos-base/update_engine/update_engine-0.4.10-r24.ebuild
Outdated
Show resolved
Hide resolved
ader1990
force-pushed
the
ader1990/systemd-major-version-upgrade-256
branch
from
93e3768 to
089df88
Compare
|
@sayanchowdhury can you restart a CI please? I'd like to see the update test passing (as the update-engine commit was missing in this run) |
Upgrade systemd from 255 to 256
Fixes: flatcar/Flatcar#1501
Testing done
[Describe the testing you have done before submitting this PR. Please include both the commands you issued as well as the output you got.]
changelog/directory (user-facing change, bug fix, security fix, update)/bootand/usrsize, packages, list files for any missing binaries, kernel modules, config files, kernel modules, etc.Patches required on other subprojects: