install-packages: Do not prevent login

There's really no reason why *install-packages.service* needs to complete before users can log in. Indeed, being able to log in while it is running may be necessary in order to troubleshoot issues.
flash: Add option to override console spec
2024-01-25 20:49:53 -06:00 · 2024-01-25 20:06:24 -06:00 · 2024-01-25 20:06:24 -06:00 · 2024-01-25 20:06:24 -06:00 · 2024-01-25 20:06:24 -06:00 · 2024-01-25 20:06:24 -06:00
6 changed files with 106 additions and 8 deletions
--- a/common.yaml
+++ b/common.yaml
@ -5,7 +5,6 @@ ignition:
  config:
    merge:
    - local: sshkeys.ign
    - local: collectd.ign
    - local: local_exporter.ign
    - local: notify-shutdown.ign
    - local: ssh-host-certs.ign
--- a/flash.zsh
+++ b/flash.zsh
@ -67,18 +67,28 @@ function hybridize_gpt() {
 function install_coreos() {
    local ignition="$1"
    local dev="$2"
    local url="$3"
    local console="$4"
-    coreos-installer install \
+    if [ -z "${url}" ]; then
-        -a aarch64 \
+        set -- -a aarch64 -s stable
-        -s stable \
+    else
        set -- --image-url "${url}"
    fi
    if [ -n "${console}" ]; then
        set -- "$@" --console "${console}"
    fi
    coreos-installer install "$@" \
        -i "${ignition}" \
        --console ttyS0,115200n8 \
        "${dev}"
    sync; sync; sync
 }
 function parse_args() {
    pi=4
    image_url=
    console=ttyS0,115200n8
    while [ $# -gt 0 ]; do
        case "$1" in
        --pi)
@ -88,6 +98,20 @@ function parse_args() {
        --pi=*)
            pi=${1#--pi=}
            ;;
        --image-url)
            shift
            image_url=${1}
            ;;
        --image-url=*)
            image_url=${1#--image-url=}
            ;;
        --console)
            shift
            console=${1}
            ;;
        --console=*)
            console=${1#--console=}
            ;;
        *)
            if [ -z "${ignition-}" ]; then
                ignition="${1}"
@ -128,7 +152,7 @@ if [ $(id -u) -ne 0 ]; then
    exec sudo "$0" "$@"
 fi
-install_coreos "${ignition}" "${dev}"
+install_coreos "${ignition}" "${dev}" "${image_url}" "${console}"
 case "${pi}" in
 2|3)
--- a/install-packages.service
+++ b/install-packages.service
@ -4,12 +4,11 @@ Description=Install additional packages
 After=network-online.target
 Wants=network-online.target
 Before=zincati.service
 Before=systemd-user-sessions.service
 ConditionPathExists=/etc/ignition/packages.d
 ConditionPathExists=!/etc/ignition/packages.installed
 [Service]
-Type=oneshot
+Type=idle
 RemainAfterExit=yes
 ExecStart=/bin/sh /etc/ignition/install-packages.sh
 ExecStartPost=/bin/touch /etc/ignition/packages.installed
--- a/install-packages.sh
+++ b/install-packages.sh
@ -5,6 +5,8 @@ if [ ! -d /etc/ignition/packages.d ]; then
    exit 0
 fi
 set -e
 cat /etc/ignition/packages.d/* | xargs rpm-ostree install --apply-live -y
 systemctl preset-all --preset-mode=enable-only
--- a/serial-console.yaml
+++ b/serial-console.yaml
@ -0,0 +1,15 @@
 variant: fcos
 version: 1.4.0
 ignition:
  config:
    merge:
    - local: packages.ign
 storage:
  files:
  - path: /etc/ignition/packages.d/serial-console
    mode: 0644
    contents:
      inline: |
        picocom
        tmux
--- a/serial1.yaml
+++ b/serial1.yaml
@ -0,0 +1,59 @@
 variant: fcos
 version: 1.4.0
 ignition:
  config:
    merge:
    - local: fix-hybrid-mbr.ign
    - local: common.ign
    - local: zram.ign
    - local: cfg.ign
    - local: serial-console.ign
 passwd:
  users:
  - name: root
    password_hash: '$6$rounds=656000$Dwv1aYtPgIZ3qgrW$3NULGiOIBcNUwNJsk0WjaIZx2uDCapejz7A/DwYGiZWVXvm5KLjW5lAh0zhzAfF6M.rXxi/YBygaNaN2XAAj5/'
 # Attempting to add a user to any group other than adm, wheel, sudo, or
 # systemd-journal causes Ignition to fail:
 #
 #     useradd: group 'dialout' does not exist
 #
 # Work-around:
 #
 #     sed -n '/^dialout:/s/.*/\0core/p' /lib/group | sudo tee -a /etc/group
 #
 # See also: https://discussion.fedoraproject.org/t/groupadd-usermod-dont-always-work-in-coreos/41735
 # See also: https://github.com/coreos/rpm-ostree/issues/49
 #
 #  - name: core
 #    groups:
 #    - adm
 #    - wheel
 #    - sudo
 #    - dialout
 #    - systemd-journal
 storage:
  files:
  - path: /etc/hostname
    mode: 0644
    contents:
      inline: serial1.pyrocufflink.blue
  - path: /etc/NetworkManager/system-connections/enu1u1.nmconnection
    mode: 0600
    contents:
      inline: |
        [connection]
        id=enu1u1
        type=ethernet
        interface-name=enu1u1
        [ipv4]
        address1=172.30.0.13/26,172.30.0.1
        dns=172.30.0.1;
        dns-search=pyrocufflink.blue;
        method=manual
        may-fail=false
Author	SHA1	Message	Date
Dustin	3bbe380598	install-packages: Do not prevent login There's really no reason why install-packages.service needs to complete before users can log in. Indeed, being able to log in while it is running may be necessary in order to troubleshoot issues.	2024-01-25 20:49:53 -06:00
Dustin	61973c94cf	flash: Add option to override console spec The `flash.zsh` script now takes an optional `--console` argument, which can be used to override the `console=` kernel command line argument.	2024-01-25 20:06:24 -06:00
Dustin	57815bdcc5	flash: Add option to specify image URL The `flash.zsh` script now takes an optional `--image-url` argument, which can be used to specify a different FCOS base image. This could be to use a custom image or to simply avoid downloading the same image from the Internet repeatedly.	2024-01-25 20:06:24 -06:00
Dustin	eb0430392e	install-packages: Exit on error The machine gets into a pretty weird state if `install-packages.sh` fails but continues running.	2024-01-25 20:06:24 -06:00
Dustin	9e790d055c	common: Do not install collectd I think I have finally decided that I want collectd to run in a container on FCOS machines. It's much easier and quicker to deploy and configure that way. The only drawback is how filesystems are monitored, but I think I am okay with `ReportByDevice` now. In fact, I might even like it better, since container hosts have tons of redundant mounts that add noise to the disk usage charts.	2024-01-25 20:06:24 -06:00
Dustin	17ba7d9d03	serial1: Add config for serial console machine	2024-01-25 20:06:24 -06:00