Clear systemd state when creating an image

dmcilvaney commented 1 week ago

Merge Checklist

All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)

[x] The toolchain has been rebuilt successfully (or no changes were made to it)
[x] The toolchain/worker package manifests are up-to-date
[x] Any updated packages successfully build (or no packages were changed)
[x] Packages depending on static components modified in this PR (Golang, *-static subpackages, etc.) have had their Release tag incremented.
[x] Package tests (%check section) have been verified with RUN_CHECK=y for existing SPEC files, or added to new SPEC files
[x] All package sources are available
[x] cgmanifest files are up-to-date and sorted (./cgmanifest.json, ./toolkit/scripts/toolchain/cgmanifest.json, .github/workflows/cgmanifest.json)
[x] LICENSE-MAP files are up-to-date (./SPECS/LICENSES-AND-NOTICES/data/licenses.json, ./SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md, ./SPECS/LICENSES-AND-NOTICES/LICENSE-EXCEPTIONS.PHOTON)
[x] All source files have up-to-date hashes in the *.signatures.json files
[x] sudo make go-tidy-all and sudo make go-test-coverage pass
[x] Documentation has been updated to match any changes to the build system
[x] If you are adding/removing a .spec file that has multiple-versions supported, please add @microsoft/cbl-mariner-multi-package-reviewers team as reviewer (Eg. golang has 2 versions 1.18, 1.21+)
[x] Ready to merge

Summary

The systemd package creates /etc/machine-id when it installs (in m2 it did not create this file). If this file is populated on a vm image, every instance of that vm will have the same id. This will break networking, k8s, etc. To avoid this, we need to clear the state before creating the image. The correct first-boot behavior is to set the id to 'uninitialized' and let the system generate a new one on boot. Clearing the file is similar, systemd will generate a new id on boot, but it will not run the first-boot setup.

We will keep the current behavior with /etc/machine-id being empty. A new config flag will allow an image to use the first-boot flow.

As part of https://systemd.io/BUILDING_IMAGES several other files are listed that should be cleared out. Currently we don't seem to have them but for correctness I've also included a check that will delete them if found.

Change Log

replace addMachineId() with clearSystemdState()
- Set /etc/machine-id to uninitalized\n if EnableSystemdFirstboot=true , otherwise keep the 2.0 behavior of creating an empty file
- Also clear /var/lib/systemd/random-seed, boot/efi/loader/random-seed, /var/lib/systemd/credential.secret if any are in the image.

Does this affect the toolchain?

NO

Associated issues

https://microsoft.visualstudio.com/OS/_queries/edit/51856148/?triage=true

Test Methodology

Local builds with basic validation (boots, login possible, systemd seems ok)
- Local hyper-v test with core-efi (machine-id is generated, firstboot runs)
- MIC based dm-verity read-only test (machine-id is ephemeral but generates as expected, firstboot does not run since /etc is not writable)
- Azure marketplace gen2 (same as local hyper-v)

dmcilvaney commented 1 week ago

Some interesting data points:

Ubuntu marketplace does not enable first boot
https://github.com/ostreedev/ostree/issues/2840 Looks like preset behavior might change... https://fedoraproject.org/wiki/Changes/Preset_All_Systemd_Units_on_First_Boot But I think we use %systemd_post to set stuff so it should be ok.
Old issue on systemd github about this: https://github.com/systemd/systemd/issues/8268

tldr, first boot seems to be the preferred path in modern systemd distros

dmcilvaney commented 6 days ago

Per some discussions, going to keep old behavior (ie /etc/machine-id="")

microsoft / azurelinux