search

rancher / elemental-toolkit

:snowflake: The toolkit to build, ship and maintain cloud-init driven Linux derivatives based on container images
https://rancher.github.io/elemental-toolkit/docs/
Apache License 2.0
291 stars 53 forks source link

Persistent paths are mounted read-only #2035

Closed anmazzotti closed 7 months ago

anmazzotti commented 7 months ago

elemental-toolkit version: v2.0.0

Describe the bug The persistent paths defined in mount-layout are all mounted read-only:

name: "Elemental Rootfs Layout Settings"
stages:
  rootfs:
    - if: '[ ! -f "/run/elemental/recovery_mode" ]'
      name: "Layout configuration"
      environment_file: /run/elemental/mount-layout.env
      environment:
        OVERLAY: "tmpfs:25%"
        RW_PATHS: "/var /etc /srv"
        PERSISTENT_STATE_PATHS: >-
          /etc/systemd
          /etc/kubernetes 
          /etc/rancher
        PERSISTENT_STATE_BIND: "true"

To Reproduce The issue with the snippet above is a trailing space on the second path entry: /etc/kubernetes. PERSISTENT_STATE_BIND also has to be set, this can only be reproduced in bind mode. It will result in an empty mount: 

Mar 27 16:14:24 host-1 elemental[888]:   Persistent: types.PersistentMounts{
Mar 27 16:14:24 host-1 elemental[888]:     Mode: "bind",
Mar 27 16:14:24 host-1 elemental[888]:     Paths: []string{
Mar 27 16:14:24 host-1 elemental[888]:       "",
Mar 27 16:14:24 host-1 elemental[888]:       "/etc/systemd",
Mar 27 16:14:24 host-1 elemental[888]:       "/etc/rancher",
.
.

Ultimately this will lead to all paths mounted in read only: 

/dev/vda5 on /etc/kubernetes type ext4 (ro,relatime)
/dev/vda5 on /etc/systemd type ext4 (ro,relatime)
/dev/vda5 on /etc/rancher type ext4 (ro,relatime)

Expected behavior Trimming the blank entry should be a safe behavior. It would be also best to print a warning so that the user can fix the typo eventually.

davidcassany commented 7 months ago

I think there are few actions we could to improve this: