Open posch opened 1 week ago
I guess you have to disable the download of the "runtime" overlay in grub stage. The secure flag just means, that you can download the "runtime" only under the following conditions:
wwclient
/etc/warewulf/grub/grub.cfg.ww
.wwinit_args="root=wwinit wwinit.container=${container} wwinit.system=${system} wwinit.runtime=${runtime} init=/init"
to
wwinit_args="root=wwinit wwinit.container=${container} wwinit.system=${system} init=/init"
as work around.
Yes, that seems to work. Thanks.
This isn't downloaded by grub, but by dracut; so it might be possible to get it to use a privileged port for download.
I'll have to look into it.
It's downloaded with curl at https://github.com/warewulf/warewulf/blob/main/dracut/modules.d/90wwinit/load-wwinit.sh#L11
And the curl docs say you can specify a local port.
https://everything.curl.dev/usingcurl/connections/local-port.html
So this should be feasible, as long as the curl in the initrd isn't some stripped-down curl without that functionality.
Steps to reproduce
Using a container that includes a dracut initramfs, built with:
and a node that was configured for dracut, with:
and with "secure: true" in warewulf.conf, the node fails to boot. warewulfd.log shows:
Node boots fine with secure: false.
Error message
Information on your system
Commit 18b99353bec1d21dd53761e110e4ced58ad07b60
warewulf running on Rocky 8.9
General information
wwctl version
and reported the contents of/etc/os-release