umount modules before switch_root

src/cmd/init.rs

@@ -144,6 +144,9 @@ pub async fn run() {
         warn!("failed to copy {INIT_LOG} to system: {e}");
     }
 
+    if let Err(e) = nix::mount::umount2("/modules", nix::mount::MntFlags::MNT_DETACH) {
+        warn!("failed to umount /modules: {e}");
+    }
     retry(async || switch_root("/system").await).await;
 }
 

src/cmd/init/bootstrap.rs

@@ -17,7 +17,7 @@ use crate::{fs::walk_dir, utils};
 
 pub async fn bootstrap(cfg: Config) {
     let verifier = retry(async || Verifier::from_config(&cfg)).await;
-    let bs = cfg.bootstrap;
+    let bs = &cfg.bootstrap;
 
     mount(Some(&bs.dev), "/bootstrap", "ext4", None).await;
 
@@ -53,7 +53,7 @@ pub async fn bootstrap(cfg: Config) {
     })
     .await;
 
-    mount_system(&sys_cfg, base_dir, &verifier).await;
+    mount_system(&sys_cfg, &cfg, base_dir, &verifier).await;
 
     retry_or_ignore(async || {
         let path = "/etc/resolv.conf";
@@ -187,7 +187,12 @@ fn default_root_tmpfs_opts() -> Option<String> {
     Some(format!("size={fs_size}m"))
 }
 
-async fn mount_system(cfg: &dkl::Config, bs_dir: &str, verifier: &Verifier) {
+async fn mount_system(
+    cfg: &dkl::Config,
+    bs_cfg: &Config,
+    bs_dir: &str,
+    verifier: &Verifier,
+) {
     let opts = match utils::param("root-opts") {
         Some(s) => Some(s.to_string()),
         None => default_root_tmpfs_opts(),
@@ -201,8 +206,7 @@ async fn mount_system(cfg: &dkl::Config, bs_dir: &str, verifier: &Verifier) {
 
     for layer in &cfg.layers {
         let src = retry(async || {
-            if layer == "modules" {
-                let src = "/modules.sqfs";
+            if layer == "modules" && let Some(src) = bs_cfg.modules.as_ref() {
                 (fs::read(src).await).map_err(|e| format_err!("read {src} failed: {e}"))
             } else {
                 verifier.verify_path(&format!("{bs_dir}/{layer}.fs")).await

test-initrd/config.yaml

@@ -21,7 +21,8 @@ auths:
     sshKey:   ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICkpbU6sf4t0f6XAv9DuW3XH5iLM0AI5rc8PT2jwea1N
     password: bXlzZWVk:HMSxrg1cYphaPuUYUbtbl/htep/tVYYIQAuvkNMVpw0 # mypass
 
-signer_public_key: MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQA29glSqk7MqoUIjD+UQG+b4v59pTFkn8rYtNhOftTe7uiLUvGFsjNdzP3tW64t/c6YD2p6dtI3oQXGOVQO1vIWPEBc6Sq++BRpQ0FVna+dgNQx8/kLXN9Na0ZYbK7q0haCI7/EHWOX79JFFxJE9HJ67AOMmXwGJ2jrfa1CUnWvfCmT+E=
+signer_public_key: 'MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAd5sR4NqLtjSt8ESNlYWvuufYj7v+aYGDlgxQThcKbzDPVe639IfH94hHE0l9TAfyU94qtN/GpFyKJ68F/u2pu70A/umT1m24ELFDqXlQXqhTsH91r+nYUZ7due3EqSrvru/yjchNNRkpoCCu3QkDF25KnrYfWWHqj9ZIRlBTCJE9SwM='
+
 
 ssh:
   listen: "[::]:22"
@@ -41,8 +42,10 @@ networks:
     udev: !has ID_NET_NAME_MAC
   script: |
     ip li set $iface up
-    udhcpc -i $iface -b -t1 -T1 -A5 ||
-    ip a add 2001:41d0:306:168f::1337:2eed/64 dev $iface
+    ip a add 192.168.12.42/24 dev $iface
+    ip a add fd12:6e76:7474::1337:2eed/64 dev $iface
+    ip route add default via 192.168.12.254
+    ip route add default via fd12:6e76:7474::1 dev $iface
 
 pre_lvm_crypt:
 - name: sys-${name}
@@ -75,8 +78,13 @@ lvm:
     size: 2g
 
   - name: varlog
-    extents: 10%FREE
-    # size: 10g
+    size: 256m
+  - name: kubelet
+    size: 256m
+  - name: containerd
+    size: 1g
+  - name: etcd
+    size: 256m
 
   - name: podman
     extents: 10%FREE
@@ -91,10 +99,6 @@ lvm:
 #- dev: /dev/storage/dls
 
 bootstrap:
-  #dev: /dev/mapper/bootstrap
   dev: /dev/storage/bootstrap
-  # TODO seed: https://direktil.novit.io/bootstraps/dls-crypt
-  seed: http://192.168.10.254:7606/hosts/m1/bootstrap.tar
-  # TODO seed_sign_key: "..."
-  # TODO load_and_close: true
+  seed: http://192.168.12.254:7606/public/download-set/host/m1/bootstrap.tar?set=IDOXJLLOTHDU2UQPP7CQEBEWC4ZVHTH34BSNPBY6JUGPUVHD2MCKX46LIBOVPG46EXUNPUTYACUEVIQFC2HTIWJCMUXANM36TVKQSRAJAQRE2GDEOC4RWAAAQA3DSZJVGEZDKNT4NA5G2MJ2MJXW65DTORZGC4BOORQXEAAAAAAH4BI7JU