TFTP protocol no longer supported in `coreos.inst.ignition_url` parameter

[kupson]

Bug

The ignition_url parameter no longer supports tftp:// URLs. Looks like Rust version only allows http and https. The documentation for fcct states that TFTP (plus s3:// and data://) should be allowed. Same for Fedora-CoreOS documentation.

Host Operating System Version

fedora-coreos-32.20200907.3.0 installer (via PXE boot)

Target Operating System Version

fedora-coreos-32.20200907.3.0

coreos-installer Version

Included in FCOS 32.20200907.3 installation media.

Expected Behavior

This PXEboot config used to work fine in previous versions of FCOS:

LABEL Fedora CoreOS 32.20200907.3.0 installation
    KERNEL images/fedora-coreos-32.20200907.3.0-live-kernel-x86_64
    APPEND ip=dhcp rd.neednet=1 initrd=images/fedora-coreos-32.20200907.3.0-live-initramfs.x86_64.img console=tty0 coreos.inst.install_dev=/dev/sda coreos.inst.stream=stable coreos.inst.ignition_url=tftp://192.168.0.129/ign/config.ign
    IPAPPEND 2

Actual Behavior

Installation breaks with error about unrecognised protocol in ignition_url parameter.

Reproduction Steps

1. Set up TFTP server with config.ign
2. Pass ignition_url=tftp://x.x.x.x/config.ign to the coreos-installer

Other Information

[bgilbert]

TFTP URLs were never intentionally supported in coreos.inst.ignition_url, but happened to work until 1659e126e918505e1e9184b96b7824c10e2d8d7e in FCOS 32.20200726.3.1. The URL schemes supported by Ignition and FCCT aren't directly relevant here, since coreos.inst.ignition_url is implemented by coreos-installer, not Ignition. I agree that this is confusing though.

Possible workarounds:

• Install with --firstboot-args ignition.config.url=tftp://...
• Use curl to fetch the config before the installer runs, then use --ignition-file
• Generate a stub config with an ignition.config.replace directive pointing to the real config, then load it with --ignition-file

All of these have the same limitation: they're not possible from the live system's kernel command line nor from a hook, so you'd need to override the installer unit.

If we implemented #158 and provided a kernel argument for it, users could request that config fetch be deferred to Ignition on first boot, avoiding the need to implement every Ignition URL scheme in coreos-installer. However, asking users to think about early fetch vs. late fetch doesn't seem like great UX. And we may not be able to switch the default to late fetch, since users might depend on the current behavior. (It could break users who have static network addressing and a self-contained config and don't configure network in the initramfs. It could also break anyone who delays first boot until after the hardware is installed in the field, though such users might reasonably be expected to enable an option.)

In any event, we should probably support TFTP directly in coreos-installer. Other protocols (e.g. S3 and GCS) might reasonably be deferred to Ignition.

[bgilbert]

There doesn't seem to be a maintained TFTP client library in Rust.