cmdline: add support for loading config from a local device#2230
cmdline: add support for loading config from a local device#2230atd9876 wants to merge 4 commits into
Conversation
Signed-off-by: Andrew Dodds <[email protected]>
Signed-off-by: Andrew Dodds <[email protected]>
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces support for loading Ignition configurations from a local device on bare metal platforms via the ignition.config.device and ignition.config.path kernel parameters. The implementation includes documentation updates, a refactored command-line parser, and logic to mount the specified device and read the configuration file. Review feedback identifies a potential logic error where returning configErrors.ErrEmpty might cause a fatal failure instead of a fallback when a device is missing, and a path traversal vulnerability when accessing the configuration file on the mounted device.
- Use strings.Fields instead of strings.Split for proper whitespace handling - Use errors.Is for wrapped error comparison (context.DeadlineExceeded) - Rename local url variable to parsedURL to avoid shadowing net/url import - Check f.Close() error in test helper - Check url.Parse error in test assertion Signed-off-by: Andrew Dodds <[email protected]>
atd9876
force-pushed
the
add-metal-config-drive
branch
from
bab4a01 to
a13e77b
Compare
prestist
left a comment
prestist
left a comment
There was a problem hiding this comment.
This is looking good overall, thank you for working on this! Some small comments.
I think we could use some integration tests, I would add a blackbox test (in tests/positive/) that sets up a labeled disk image with a config file and boots with ignition.config.device=LABEL ignition.config.path=/config.ign, wdyt?
- Return hard error on device timeout instead of silently continuing - Wrap os.Remove in logging closure for temp mount point cleanup - Add blackbox integration test for cmdline device/path config fetch Signed-off-by: Andrew Dodds <[email protected]>
prestist
left a comment
prestist
left a comment
There was a problem hiding this comment.
Just two comments, Im not sure how I feel about them. What are your thoughts?
| } | ||
|
|
||
| return util.ParseConfig(f.Logger, data) | ||
| return types.Config{}, report.Report{}, platform.ErrNoProvider |
There was a problem hiding this comment.
Hmm, this feels like it could lead to misconfiguration, if a user sets the wrong file location, we would get an error, but then that would essentially lead to a log, and the continuation of the provisioning no?
| return types.Config{}, report.Report{}, err | ||
| } | ||
| if data == nil { | ||
| logger.Info("config file %q not found on device. Continuing without config...", opts.UserDataPath) |
There was a problem hiding this comment.
Im not sure we would want to continue if we cannot find the user specified config.
4 participants
Summary
Add support for loading Ignition configuration from a local device
specified via kernel command-line flags
ignition.config.deviceandignition.config.path. This enables bare-metal and air-gappedenvironments to provide Ignition configs on a labeled disk partition
(e.g., a config drive) without requiring network access.
Acknowledgments
The initial device-based config loading implementation (commit 6c250bc)
was authored by Jan Larwig (@tuunit). This PR builds on that work with
tests, documentation, and robustness improvements.
Changes
parseCmdlinenow recognizesignition.config.deviceandignition.config.pathflags.fetchConfiguses both to mount the labeled device read-only andread the config file at the specified path.
tryMountingfunction: Waits for the labeled device to appear(with a 30-second timeout), mounts it read-only into a temporary
directory, reads the config, and unmounts on return.
parseCmdline:strings.Fieldsinstead ofstrings.Splitto correctlyhandle tabs, multiple spaces, and trailing newlines.
urlvariable toparsedURLto avoid shadowingthe
net/urlimport.errors.Is(err, context.DeadlineExceeded)instead of==to correctly match wrapped errors.
partial flags, empty flags, invalid URLs, precedence,
fileExists,and error handling in test helpers.
Fixes #2207