blob: 83b1747b873b235ec50bb8769c295d004788429a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
|
#!/bin/bash
#
# Set up readonly-root support.
#
. /etc/init.d/functions
# We need to initialize the $HOSTNAME variable by ourselves now:
# (It was previously done for RHEL-6 branch, but got lost in time.)
HOSTNAME="$(hostname)"
# Check SELinux status
SELINUX_STATE=
if [ -e "/sys/fs/selinux/enforce" ] && [ "$(cat /proc/self/attr/current)" != "kernel" ]; then
if [ -r "/sys/fs/selinux/enforce" ] ; then
SELINUX_STATE=$(cat "/sys/fs/selinux/enforce")
else
# assume enforcing if you can't read it
SELINUX_STATE=1
fi
fi
selinux_fixup() {
if [ -n "$SELINUX_STATE" ] && [ -e "$1" ]; then
restorecon -R "$1"
fi
}
# Only read this once.
[ -z "${cmdline}" ] && cmdline=$(cat /proc/cmdline)
READONLY=
if [ -f /etc/sysconfig/readonly-root ]; then
. /etc/sysconfig/readonly-root
fi
if strstr "$cmdline" readonlyroot ; then
READONLY=yes
[ -z "$RW_MOUNT" ] && RW_MOUNT=/var/lib/stateless/writable
[ -z "$STATE_MOUNT" ] && STATE_MOUNT=/var/lib/stateless/state
fi
if strstr "$cmdline" noreadonlyroot ; then
READONLY=no
fi
MOUNTS=()
if [ "$READONLY" = "yes" -o "$TEMPORARY_STATE" = "yes" ]; then
add_mount() {
mnt=${1%/}
MOUNTS=("${MOUNTS[@]}" "$mnt")
}
cp_empty() {
if [ -e "$1" ]; then
echo "$1" | cpio -p -vd "$RW_MOUNT" &>/dev/null
add_mount $1
fi
}
cp_dirs() {
if [ -e "$1" ]; then
mkdir -p "$RW_MOUNT$1"
find "$1" -type d -print0 | cpio -p -0vd "$RW_MOUNT" &>/dev/null
add_mount $1
fi
}
cp_files() {
if [ -e "$1" ]; then
cp -a --parents "$1" "$RW_MOUNT"
add_mount $1
fi
}
# Common mount options for scratch space regardless of
# type of backing store
mountopts=
# Scan partitions for local scratch storage
rw_mount_dev=$(blkid -t LABEL="$RW_LABEL" -l -o device)
bindmountopts=
[ "$SLAVE_MOUNTS" = "yes" ] && bindmountopts="--make-slave"
# First try to mount scratch storage from /etc/fstab, then any
# partition with the proper label. If either succeeds, be sure
# to wipe the scratch storage clean. If both fail, then mount
# scratch storage via tmpfs.
if mount $mountopts "$RW_MOUNT" > /dev/null 2>&1 ; then
rm -rf "$RW_MOUNT" > /dev/null 2>&1
elif [ x$rw_mount_dev != x ] && mount $rw_mount_dev $mountopts "$RW_MOUNT" > /dev/null 2>&1; then
rm -rf "$RW_MOUNT" > /dev/null 2>&1
else
mount -n -t tmpfs $RW_OPTIONS $mountopts none "$RW_MOUNT"
fi
for file in /etc/rwtab /etc/rwtab.d/* /run/initramfs/rwtab ; do
is_ignored_file "$file" && continue
[ -f $file ] && while read type path ; do
case "$type" in
empty)
cp_empty $path
;;
files)
cp_files $path
;;
dirs)
cp_dirs $path
;;
*)
;;
esac
done < <(cat $file)
done
for m in "${MOUNTS[@]}"; do
prefix=0
for mount_point in "${MOUNTS[@]}"; do
[[ $m = $mount_point ]] && continue
if [[ $m =~ ^$mount_point/.* ]] ; then
prefix=1
break
fi
done
[[ $prefix -eq 1 ]] && continue
mount -n --bind $bindmountopts "$RW_MOUNT$m" "$m"
selinux_fixup "$m"
done
# Use any state passed by initramfs
[ -d /run/initramfs/state ] && cp -a /run/initramfs/state/* $RW_MOUNT
# In theory there should be no more than one network interface active
# this early in the boot process -- the one we're booting from.
# Use the network address to set the hostname of the client. This
# must be done even if we have local storage.
ipaddr=
if [ "$HOSTNAME" = "localhost" -o "$HOSTNAME" = "localhost.localdomain" ]; then
ipaddr=$(ip addr show to 0.0.0.0/0 scope global | awk '/[[:space:]]inet / { print gensub("/.*","","g",$2) }')
for ip in $ipaddr ; do
HOSTNAME=
eval $(ipcalc -h $ipaddr 2>/dev/null)
[ -n "$HOSTNAME" ] && { hostname ${HOSTNAME} ; break; }
done
fi
# Clients with read-only root filesystems may be provided with a
# place where they can place minimal amounts of persistent
# state. SSH keys or puppet certificates for example.
#
# Ideally we'll use puppet to manage the state directory and to
# create the bind mounts. However, until that's all ready this
# is sufficient to build a working system.
# First try to mount persistent data from /etc/fstab, then any
# partition with the proper label, then fallback to NFS
state_mount_dev=$(blkid -t LABEL="$STATE_LABEL" -l -o device)
if mount $mountopts $STATE_OPTIONS "$STATE_MOUNT" > /dev/null 2>&1 ; then
/bin/true
elif [ x$state_mount_dev != x ] && mount $state_mount_dev $mountopts "$STATE_MOUNT" > /dev/null 2>&1; then
/bin/true
elif [ ! -z "$CLIENTSTATE" ]; then
# No local storage was found. Make a final attempt to find
# state on an NFS server.
mount -t nfs $CLIENTSTATE/$HOSTNAME $STATE_MOUNT -o rw,nolock
fi
if [ -w "$STATE_MOUNT" ]; then
mount_state() {
if [ -e "$1" ]; then
[ ! -e "$STATE_MOUNT$1" ] && cp -a --parents "$1" "$STATE_MOUNT"
mount -n --bind $bindmountopts "$STATE_MOUNT$1" "$1"
fi
}
for file in /etc/statetab /etc/statetab.d/* ; do
is_ignored_file "$file" && continue
[ ! -f "$file" ] && continue
if [ -f "$STATE_MOUNT/$file" ] ; then
mount -n --bind $bindmountopts "$STATE_MOUNT/$file" "$file"
fi
for path in $(grep -v "^#" "$file" 2>/dev/null); do
mount_state "$path"
selinux_fixup "$path"
done
done
if [ -f "$STATE_MOUNT/files" ] ; then
for path in $(grep -v "^#" "$STATE_MOUNT/files" 2>/dev/null); do
mount_state "$path"
selinux_fixup "$path"
done
fi
fi
if mount | grep -q /var/lib/nfs/rpc_pipefs ; then
mount -t rpc_pipefs sunrpc /var/lib/nfs/rpc_pipefs
fi
fi
|