The systemd package creates /etc/machine-id when it installs (in m2 it did not create this file). If this file is populated on a vm image, every instance of that vm will have the same id. This will break networking, k8s, etc. To avoid this, we need to clear the state before creating the image. The correct first-boot behavior is to set the id to 'uninitialized' and let the system generate a new one on boot. Clearing the file is similar, systemd will generate a new id on boot, but it will not run the first-boot setup.
We will keep the current behavior with /etc/machine-id being empty. A new config flag will allow an image to use the first-boot flow.
As part of https://systemd.io/BUILDING_IMAGES several other files are listed that should be cleared out. Currently we don't seem to have them but for correctness I've also included a check that will delete them if found.
Change Log
replace addMachineId() with clearSystemdState()
Set /etc/machine-id to uninitalized\n if EnableSystemdFirstboot=true , otherwise keep the 2.0 behavior of creating an empty file
Also clear /var/lib/systemd/random-seed, boot/efi/loader/random-seed, /var/lib/systemd/credential.secret if any are in the image.
Merge Checklist
All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)
*-static
subpackages, etc.) have had theirRelease
tag incremented../cgmanifest.json
,./toolkit/scripts/toolchain/cgmanifest.json
,.github/workflows/cgmanifest.json
)./SPECS/LICENSES-AND-NOTICES/data/licenses.json
,./SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md
,./SPECS/LICENSES-AND-NOTICES/LICENSE-EXCEPTIONS.PHOTON
)*.signatures.json
filessudo make go-tidy-all
andsudo make go-test-coverage
passSummary
The systemd package creates
/etc/machine-id
when it installs (in m2 it did not create this file). If this file is populated on a vm image, every instance of that vm will have the same id. This will break networking, k8s, etc. To avoid this, we need to clear the state before creating the image. The correct first-boot behavior is to set the id to 'uninitialized' and let the system generate a new one on boot. Clearing the file is similar, systemd will generate a new id on boot, but it will not run the first-boot setup.We will keep the current behavior with
/etc/machine-id
being empty. A new config flag will allow an image to use the first-boot flow.As part of https://systemd.io/BUILDING_IMAGES several other files are listed that should be cleared out. Currently we don't seem to have them but for correctness I've also included a check that will delete them if found.
Change Log
addMachineId()
withclearSystemdState()
/etc/machine-id
touninitalized\n
ifEnableSystemdFirstboot=true
, otherwise keep the 2.0 behavior of creating an empty file/var/lib/systemd/random-seed
,boot/efi/loader/random-seed
,/var/lib/systemd/credential.secret
if any are in the image.Does this affect the toolchain?
NO
Associated issues
Test Methodology