35coreos-ignition: move ignition-setup-user.service here

overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-diskful-generator

@@ -45,12 +45,15 @@ if ! $(cmdline_bool 'ignition.firstboot' 0); then
     exit 0
 fi
 
-if ! command -v is-live-image >/dev/null || ! is-live-image; then
-    # ignition-setup-user.service should depend on the boot device node
+if ! is-live-image; then
+    # coreos-ignition-setup-user.service should depend on the boot device node
     # only on diskful boots
-    mkdir -p "${UNIT_DIR}/ignition-setup-user.service.d"
-    cat > "${UNIT_DIR}/ignition-setup-user.service.d/diskful-gpt.conf" <<EOF
+    mkdir -p "${UNIT_DIR}/coreos-ignition-setup-user.service.d"
+    cat > "${UNIT_DIR}/coreos-ignition-setup-user.service.d/diskful.conf" <<EOF
 [Unit]
+Requires=dev-disk-by\x2dlabel-boot.device
+After=dev-disk-by\x2dlabel-boot.device
+
 Requires=coreos-gpt-setup.service
 After=coreos-gpt-setup.service
 EOF

overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.service

@@ -25,7 +25,7 @@ After=coreos-multipath-wait.target
 
 # Run before services that use device nodes, preventing them from racing
 # with udev activity generated by sgdisk
-Before=ignition-setup-user.service ignition-disks.service
+Before=coreos-ignition-setup-user.service ignition-disks.service
 
 OnFailure=emergency.target
 OnFailureJobMode=isolate

overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-ignition-setup-user.service

@@ -0,0 +1,23 @@
+[Unit]
+Description=CoreOS Ignition User Config Setup
+Documentation=https://github.com/coreos/ignition
+ConditionPathExists=/etc/initrd-release
+DefaultDependencies=false
+
+# We run before config fetch because we may copy in new/different configs
+# for Ignition to consume.
+Before=ignition-fetch-offline.service
+
+OnFailure=emergency.target
+OnFailureJobMode=isolate
+
+# On diskful boots, coreos-diskful-generator adds Requires/After on
+# dev-disk-by\x2dlabel-boot.device and coreos-gpt-setup.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+# The MountFlags=slave is so the umount of /boot is guaranteed to happen
+# /boot will only be mounted for the lifetime of the unit.
+MountFlags=slave
+ExecStart=/usr/sbin/coreos-ignition-setup-user

overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-ignition-setup-user.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+set -euo pipefail
+
+copy_file_if_exists() {
+    src="${1}"; dst="${2}"
+    if [ -f "${src}" ]; then
+        echo "Copying ${src} to ${dst}"
+        cp "${src}" "${dst}"
+    else
+        echo "File ${src} does not exist.. Skipping copy"
+    fi
+}
+
+destination=/usr/lib/ignition
+mkdir -p $destination
+
+if is-live-image; then
+    # Live image. If the user has supplied a config.ign via an appended
+    # initrd, put it in the right place.
+    copy_file_if_exists "/config.ign" "${destination}/user.ign"
+else
+    # We will support a user embedded config in the boot partition
+    # under $bootmnt/ignition/config.ign. Note that we mount /boot
+    # but we don't unmount boot because we are run in a systemd unit
+    # with MountFlags=slave so it is unmounted for us.
+    bootmnt=/mnt/boot_partition
+    mkdir -p $bootmnt
+    # mount as read-only since we don't strictly need write access and we may be
+    # running alongside other code that also has it mounted ro
+    mount -o ro /dev/disk/by-label/boot $bootmnt
+    copy_file_if_exists "${bootmnt}/ignition/config.ign" "${destination}/user.ign"
+fi

overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh

@@ -3,7 +3,7 @@
 # ex: ts=8 sw=4 sts=4 et filetype=sh
 
 depends() {
-    echo systemd network ignition
+    echo systemd network ignition coreos-live
 }
 
 install_ignition_unit() {
@@ -30,6 +30,9 @@ install() {
     inst_script "$moddir/coreos-gpt-setup.sh" \
         "/usr/sbin/coreos-gpt-setup"
 
+    inst_script "$moddir/coreos-ignition-setup-user.sh" \
+        "/usr/sbin/coreos-ignition-setup-user"
+
     # For consistency tear down the network and persist multipath between the initramfs and
     # real root. See https://github.com/coreos/fedora-coreos-tracker/issues/394#issuecomment-599721763
     inst_script "$moddir/coreos-teardown-initramfs.sh" \
@@ -52,4 +55,5 @@ install() {
     install_ignition_unit "coreos-boot-edit.service" \
         "ignition-diskful.target"
 
+    install_ignition_unit coreos-ignition-setup-user.service
 }

overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-wait.target

@@ -8,9 +8,9 @@ After=dev-disk-by\x2dlabel-dm\x2dmpath\x2dboot.device
 Requires=multipathd.service
 After=multipathd.service
 
-# This is already enforced transitively by coreos-gpt-setup.service, but since
-# it's an external unit, let's be more explicit and list it directly here too.
-Before=ignition-setup-user.service
+# This is already enforced transitively by coreos-gpt-setup.service, but
+# let's be more explicit and list it directly here too.
+Before=coreos-ignition-setup-user.service
 
 # This is already enforced by coreos-multipath-trigger.service, though ideally
 # eventually we can get rid of that one and then we *would* need this.

overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service

@@ -6,8 +6,8 @@ ConditionKernelCommandLine=ostree
 ConditionPathExists=!/run/ostree-live
 # We run pretty early
 Before=coreos-copy-firstboot-network.service
-Before=ignition-fetch.service
-Before=ignition-setup-user.service
+Before=coreos-ignition-setup-user.service
+Before=ignition-fetch-offline.service
 # Any services looking at mounts need to order after this
 # because it causes device re-probing.
 After=coreos-gpt-setup.service