-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
machine-id-setup: acquire machine ID from /run/machine-id if possible #32915
Conversation
Note We had successfully released a new major release. We are no longer in a development freeze phase. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah noticed the same thing on soft-reboot some time ago
If machine ID is previously stored at /run/machine-id, then let's reuse it. This is important on switching root and /etc/machine-id was previously a mount point. Fixes systemd#32908.
@@ -61,7 +61,7 @@ static int generate_machine_id(const char *root, sd_id128_t *ret) { | |||
return 0; | |||
} | |||
|
|||
if (isempty(root) && running_in_chroot() <= 0) { | |||
if (empty_or_root(root) && running_in_chroot() <= 0) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this really desirable? in many cases we allow --root=/
as a mechanism for forcing an "offline" mode, while still operating on the root dir. if we do the getenv_for_pid() thing below I'd claim this is very much an "online" operation, and hence --root=/
should really disable that.
/* First, try reading the D-Bus machine id, unless it is a symlink */ | ||
/* First, try reading the machine ID from /run/machine-id, which may not be mounted on | ||
* /etc/machine-id yet. This is important on switching root, Otherwise, machine ID may be changed | ||
* after the transition. */ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmm, when we run in the initrd, then we write the machine ID to /etc/machine-id, and don't bother with /run/machine-id? hence what does this actually change here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know about the initrd case, however I hit this on softreboot when /etc/machined is an empty read-only file, so we mount over it, but we lose this mount on softreboot and you get a different machine-id every time
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so i guess doing what you suggest here is OK, but the comment is misleading, since it references switch root, where this shouldn't really matter, as mentioned. I do see how it would matter for soft-reboot with immutable rootfs however.
/* First, try reading the machine ID from /run/machine-id, which may not be mounted on | ||
* /etc/machine-id yet. This is important on switching root, Otherwise, machine ID may be changed | ||
* after the transition. */ | ||
if (empty_or_root(root) && running_in_chroot() <= 0 && |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
here too, I think we should allow forcing an "offline" mode via --root=/ where we do not do things based on other system/execution properties.
This one confuses me. the commit msgs suggest this had an effect on regular initrd→host transitions, but i don't see how that could be, because regular initrds should not be initializing /run/machine-id, hence this should not have any effect. What am I missing? I mean, I see benefit in allowing the initrd's machine ID to propagate into the host if the host's is not set yet. But I doubt /run/machine-id is the way to go with that, because that seems "too strong" to me, as it it should be left to the target system to decide whether it wants to import the initrds machine id or use something else. There's a TODO list item since a long time somwhere to propagate the initrd's into the host via an env var or via a system cred. I think in particular the latter would make a ton of sense (i.e. at a reasonable place stupidly copy /etc/machine-id to /run/credentials/@initrd/system.machine_id if that doesn't exist yet). |
This is mostly for soft-reboot, rather than initrd -> host transition. Though, the same can be applied if /run/machine-id is used in initrd. But I do not think it happens in general. About 'offline' vs 'online' or |
This effectively reverts ba540e9. systemd#32915 (comment) > In many cases we allow --root=/ as a mechanism for forcing an "offline" mode, > while still operating on the root dir. if we do the getenv_for_pid() thing > below I'd claim this is very much an "online" operation, and hence --root=/ > should really disable that.
machine-id-setup: several follow-ups for #32915
If machine ID is previously stored at /run/machine-id, then let's reuse
it. This is important on switching root and /etc/machine-id was previously
a mount point.
Fixes #32908.