search

coreos / rpm-ostree

⚛📦 Hybrid image/package system with atomic upgrades and package layering
https://coreos.github.io/rpm-ostree
Other
874 stars 196 forks source link

create unit file for disabling tmpfs on tmp #820

Open dustymabe opened 7 years ago

dustymabe commented 7 years ago

Recently there was a merged PR to support /tmp as directory this has the side-effect of now making it so that our Fedora cloud images will now start using tmpfs on /tmp again. Colin attempted to keep this behavior with this patch to our cloud kickstart:

diff --git a/fedora-atomic.ks b/fedora-atomic.ks
index d28c9da..6670e3a 100644
--- a/fedora-atomic.ks
+++ b/fedora-atomic.ks
@@ -95,8 +95,23 @@ echo .
 # Because memory is scarce resource in most cloud/virt environments,
 # and because this impedes forensics, we are differing from the Fedora
 # default of having /tmp on tmpfs.
+# Adapted for: https://github.com/projectatomic/rpm-ostree/pull/778
 echo "Disabling tmpfs for /tmp."
-systemctl mask tmp.mount
+if test -L /tmp; then
+   systemctl mask tmp.mount
+else
+   cat >/etc/systemd/system/tmp.mount << EOF
+# Generated by fedora-atomic.ks in https://pagure.io/fedora-kickstarts/
+[Unit]
+Description=/tmp to /var/tmp mount
+Before=local-fs.target
+
+[Mount]
+Where=/tmp
+What=/var/tmp
+Options=bind
+EOF
+fi

 # make sure firstboot doesn't start
 echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot

Since this is something that other users could ask us how to do I think it would be worth us including the systemd unit by default on our installed systems and just leave it disabled by default. If users ask us how to disable tmpfs on tmp in the future we can just tell them to systemctl enable ostree-no-tmpfs-on-tmp.mount without having to link them to some unit file we'll have to look up every time.

Thoughts?

cgwalters commented 7 years ago

This is more of an ostree thing I'd say. Hmm, I think we want /tmp to always either be tmpfs or a bind mount to /var/tmp. That's something we could possibly hardcode effectively, so that if an admin does systemctl mask tmp.mount, we set this unit up automatically.

cgwalters commented 7 years ago

Implementation wise I think what would work best would be to add this logic to ostree-systemd-generator. That way we can parse /etc/fstab and not generate the mount if there's one for /tmp there.

dustymabe commented 7 years ago

Is fstab a 'good enough' place these days. i know it used to be but we also have mount unit files which might not make that the case any longer.

where is the ostree-systemd-generator?

cgwalters commented 7 years ago

By design, generator content goes into /run, and .mount units the admin writes into /etc take precedence.

cgwalters commented 7 years ago

The generator was introduced in https://github.com/ostreedev/ostree/pull/859