Order swap before systemd-fsck-root.service #258
Conversation
Grub scripts are very persistent in trying to use what is currently mounted as /. Even if currently (TemplateVM) /dev/xvda3 is mounted directly, all the configuration should use /dev/mapper/dmroot, to work also in AppVM. GRUB_DEVICE is used in various places as root device (including constructing root= parameter in some versions). Force it to /dev/mapper/dmroot QubesOS/qubes-issues#6174
Codecov Report
@@ Coverage Diff @@
## master #258 +/- ##
=======================================
Coverage 72.65% 72.65%
=======================================
Files 3 3
Lines 512 512
=======================================
Hits 372 372
Misses 140 140 Continue to review full report at Codecov.
|
OpenQA test summaryComplete test suite and dependencies: https://openqa.qubes-os.org/tests/13372#dependencies Failed tests
New failuresCompared to: https://openqa.qubes-os.org/tests/12774#dependencies
Fixed failuresCompared to: https://openqa.qubes-os.org/tests/12774#dependencies
|
|
This approach fails miserably - VM no longer boots. This is because there is ordering cycle:
And here the cycle closes. |
fsck may require significant amount of RAM, enable swap earlier to avoid out of memory condition. Implement this as a separate service unit, not a swap unit, because the latter requires udev running (implicit dependency on dev-xvdc1.device) which is not the case before remounting root filesystem read-write. QubesOS/qubes-issues#6174
We don't have systemd in dom0-provided initrd anymore, so this workaround is not needed now. Fixes QubesOS/qubes-issues#5992
|
We could also spawn the commands used by systemd ourselves, or remove the |
This is exactly what I've done in the force-pushed version.
That is unfortunately impossible. Ordering dependencies cannot be removed using drop-in. |
|
|
||
| [Service] | ||
| Type=oneshot | ||
| ExecStart=-/usr/sbin/swapon /dev/xvdc1 |
There was a problem hiding this comment.
I suggest encrypting the swap partition. We can do this using tools already in the initramfs.
|
VM Swap encryption is a good idea, yes. But there are two options:
I'd like to avoid two layers of encryption, especially for swap that should be fast. |
init/setup-rwdev.sh
Outdated
| fi | ||
| if cmp --bytes $private_size "$dev" /dev/zero >/dev/null && { blkid -p "$dev" >/dev/null; [ $? -eq 2 ]; }; then | ||
| # check if private.img (xvdb) is empty | ||
| if { blkid -p "$dev" >/dev/null; [ $? -eq 2 ]; }; then |
There was a problem hiding this comment.
This seems potentially dangerous.
There was a problem hiding this comment.
In practice we are looking for a filesystem we create ourselves, and ext4 is perfectly detected (-p makes blkid really read the device, not use cache). But also, blkid detects tens of filesystems, including quite exotic ones. Do you have some specific scenario in mind that would fail this? Perhaps compare first 10MB to /dev/zero with an assumption that any kind of FS signature would be there, even if not recognized by blkid?
Reading first 1GB on every DispVM startup is something I'd really like to avoid, as those need to start fast, ideally under 1s (we're quite far from there). But also speeding up fresh VM startup is desirable.
There was a problem hiding this comment.
Comparing the first 10MB is fine.
Check just 10 MiB of the private volume + blkid before considering it empty and calling mkfs. Avoid reading 1GB of data at the VM boot - which should speed up startup even further, especially for fresh DispVMs. QubesOS/qubes-issues#3758
When the fsck is run in the target system, make sure it is started after
enabling swap. In recent Fedora versions, it can also run in initramfs - that
part will be handled in dracut module (linux-utils repository). Here just
ensure the root= parameter is properly set in grub (in case of in-VM kernel use).
Fixes QubesOS/qubes-issues#6174