Skip to content

Add possibility to add kernel drivers to initramdisk #1081

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 17, 2023
Merged

Add possibility to add kernel drivers to initramdisk #1081

merged 1 commit into from
Jul 17, 2023

Conversation

dkubek
Copy link
Member

@dkubek dkubek commented May 24, 2023
edited by pirat89
Loading

Before this change there was no possibility for developers to specify what kernel drivers should be included in the upgrade/target initramfs. This includes third-party drivers, which are necessary for system upgrades in some spefic use cases.

Changes include:

  • A new model KernelModule (analogous to the DracutModule model) has been created, to handle kernel drivers.
  • Added an include_kernel_drivers field in the UpgradeInitramfsTasks model to handle a list of these drivers.
  • Data in the include_kernel_drivers field is processed correctly to detect conflicting paths.
  • Modified the generate-iniram.sh script to accept and process the new data
  • Added checks for kernel drivers, in the CheckInitramfsTasks actor.
  • Updated the unit-tests accordingly.

Jira ref.: OAMG-4512
BZs: 2175229

Template example:

from leapp.actors import Actor
from leapp.models import (
    KernelModule,
    RpmTransactionTasks,
    TargetInitramfsTasks,
    TargetUserSpaceUpgradeTasks,
    UpgradeInitramfsTasks
)
from leapp.tags import ChecksPhaseTag, IPUWorkflowTag


class AddKernelDriverMYDRIVER(Actor):
    """
    Install the <mydriver> driver during the upgrade

    Install the <mydriver> kernel module in the upgrade & target initramfs.
    In this scenario it requires the package with the module is installed
    on the target system and inside the target userspace container.

    In case of the scenario when the module should be copied from a directory
    existing on the host system, specify the path from where it should
    be copied/installed instead, e.g.:
        KernelModule(name='<mydriver>', module_path='/path/to/the/module')
    """

    name = 'add_kernel_driver_<mydriver>'
    consumes = ()
    produces = (RpmTransactionTasks, TargetInitramfsTasks, TargetUserSpaceUpgradeTasks, UpgradeInitramfsTasks)
    tags = (IPUWorkflowTag, ChecksPhaseTag)

    def process(self):
        # IMPORTANT: For these package installations the (custom) repository
        # must be enabled! Ideal solution is to define the repos inside the
        # /etc/leapp/files/leapp_upgrade_repositories.repo file or using the
        # --enablerepo option when running leapp.
        # this will create task to install the package with desired driver
        # into the target userspace container
        # <pkg-with-driver> - could be e.g. kmod-<mydriver>
        self.produce(TargetUserSpaceUpgradeTasks(install_rpms=['<pkg-with-driver>']))

        # and we want the package to be installed also during the upgrade,
        # so the driver can be used also on the upgraded system
        self.produce(RpmTransactionTasks(to_install=['<pkg-with-driver>']))

        # this will require installation of the module in the upgrade and the
        # target initramfs
        k_module = KernelModule(name='<mydriver>')
        self.produce(UpgradeInitramfsTasks(include_kernel_modules=[k_module]))
        self.produce(TargetInitramfsTasks(include_kernel_modules=[k_module]))

@github-actions
Copy link

Thank you for contributing to the Leapp project!

Please note that every PR needs to comply with the Leapp Guidelines and must pass all tests in order to be mergeable.
If you want to request a review or rebuild a package in copr, you can use following commands as a comment:

  • review please @oamg/developers to notify leapp developers of the review request
  • /packit copr-build to submit a public copr build using packit

Packit will automatically schedule regression tests for this PR's build and latest upstream leapp build. If you need a different version of leapp from PR#42, use /packit test oamg/leapp#42

To launch regression testing public members of oamg organization can leave the following comment:

  • /rerun to schedule basic regression tests using this pr build and latest upstream leapp build as artifacts
  • /rerun 42 to schedule basic regression tests using this pr build and leapp*PR42* as artifacts
  • /rerun-sst to schedule sst tests using this pr build and latest upstream leapp build as artifacts
  • /rerun-sst 42 to schedule sst tests using this pr build and leapp*PR42* as artifacts

Please open ticket in case you experience technical problem with the CI. (RH internal only)

Note: In case there are problems with tests not being triggered automatically on new PR/commit or pending for a long time, please contact leapp-infra.

@dkubek dkubek force-pushed the add_kernel_drivers_initram branch 2 times, most recently from e2b85fc to 7762d00 Compare May 24, 2023 10:32
MichalHe
MichalHe previously requested changes May 24, 2023
View reviewed changes
@dkubek dkubek force-pushed the add_kernel_drivers_initram branch from 7762d00 to d7f37d6 Compare May 25, 2023 08:24
@dkubek dkubek force-pushed the add_kernel_drivers_initram branch 2 times, most recently from f545ef8 to f65a67d Compare May 31, 2023 08:49
@pirat89
Copy link
Member

pirat89 commented Jun 12, 2023

be aware of trailing whitespaces :)

@pirat89
Copy link
Member

pirat89 commented Jun 13, 2023

added template example for the custom actor installing the third-party driver to the description

@dkubek dkubek force-pushed the add_kernel_drivers_initram branch from f65a67d to 8cb2a7f Compare June 22, 2023 11:10
@MichalHe
Copy link
Member

MichalHe commented Jul 10, 2023
edited
Loading

I've tested the patch using my custom kernel module. The test used a simple custom actor that requested the test kernel module to be present in the upgrade initramfs and target initramfs.

Pre reboot, upgrade initramfs preprated

[root@leapp-20230707134128 ~]# lsinitrd /boot/initramfs-upgrade.x86_64.img | grep test
Arguments:  -v -v -v -v --force --conf '/dev/null' --confdir '/var/empty' --install 'systemd-nspawn' --add 'sys-upgrade-redhat' --add 'sys-upgrade' --add 'sys-upgrade-redhat' --add 'sys-upgrade' --add-drivers 'test' --nomdadmconf --nolvmconf --no-hostonly --kver '5.14.0-332.el9.x86_64' --kernel-image 'vmlinuz-upgrade.x86_64'
-rw-r--r--   1 root     root         6080 May 31 14:33 usr/lib/modules/5.14.0-332.el9.x86_64/extra/leapp/test.ko
-rw-r--r--   1 root     root         5168 May 31 14:33 usr/lib/modules/5.14.0-332.el9.x86_64/kernel/crypto/async_tx/raid6test.ko.xz

In the initramfs

cmdline:/lib/modules/5.14.0-332.el9.x86_64/extra/leapp# modprobe test
[   32.881143] test: loading out-of-tree module taints kernel.
[   32.881195] test: module verification failed: signature and/or required key missing - tainting kernel
[   32.887405] Hello World
[   32.887405]  This is a test

The module is not being added to target initramfs

However, the kernel module is not being added to the target initramfs - the include_kernel_modules field that is added to the TargetInitramfsTasks model through inheritance is not used anywhere - the target_initramfs_generator is not modified in this PR. Therefore, even if a message was emitted:

[root@leapp-20230707134128 ~]# ./leapp-inspector messages --type TargetInitramfsTasks
######################################################################
                          PRODUCED MESSAGES
######################################################################
Stamp: 2023-07-10T11:22:27.891450Z
Actor: persistentnetnamesconfig
Phase: Applications
Type: TargetInitramfsTasks
Message_data:
{
    "include_dracut_modules": [],
    "include_files": [],
    "include_kernel_modules": []
}
----------------------------------------------------------------------
Stamp: 2023-07-10T08:12:34.486155Z
Actor: add_my_kernel_driver
Phase: Checks
Type: TargetInitramfsTasks
Message_data:
{
    "include_dracut_modules": [],
    "include_files": [],
    "include_kernel_modules": [
        {
            "module_path": "/root/test.ko",
            "name": "test"
        }
    ]
}

The target_initramfs_generator ended with the following message in the logs:

Jul 10 11:22:28 localhost upgrade[61186]: 2023-07-10 11:22:28.958 DEBUG    PID: 1085 leapp.workflow.Finalization.target_initramfs_generator: No additional files or modules required to add int
o the target initramfs.

@matejmatuska
Copy link
Member

/packit copr-build

@dkubek dkubek force-pushed the add_kernel_drivers_initram branch from e7c3716 to b2c8e4a Compare July 14, 2023 11:37
@dkubek
Add possibility to add kernel drivers to initrd
6dacdd6 
Before this change there was no possibility for developers to specify what
kernel drivers should be included in the upgrade/target initramfs. This
includes third-party drivers, which are necessary for system upgrades in some
spefic use cases.

Changes include:
 - A new model `KernelModule` (analogous to the `DracutModule` model) has been
   created, to handle kernel drivers.
 - Added an `include_kernel_drivers` field in the `UpgradeInitramfsTasks` model
   to handle a list of these drivers.
 - Data in the `include_kernel_drivers` field is processed correctly to detect
   conflicting paths.
 - Modified the `generate-iniram.sh` script to accept and process the new data
 - Added checks for kernel drivers, in the `CheckInitramfsTasks` actor.
 - Updated the unit-tests accordingly.
@dkubek dkubek force-pushed the add_kernel_drivers_initram branch from b2c8e4a to 6dacdd6 Compare July 14, 2023 13:36
@MichalHe
Copy link
Member

I've retested the patch again in the same manner:

In upgrade initramfs

cmdline:/# insmod /lib/modules/5.14.0-337.el9.x86_64/extra/leapp/test.ko
[   28.164590] test: loading out-of-tree module taints kernel.
[   28.164654] test: module verification failed: signature and/or required key missing - tainting kernel
cmdline:/# [   28.172835] Hello World
[   28.172835]  This is a test

In target initramfs

cmdline:/# insmod /lib/modules/5.14.0-337.el9.x86_64/extra/leapp/test.ko
cmdline:# dmesg
....
[   55.073049] Hello World
                This is a test

Target Initramfs generator - logs

[  466.235900] upgrade[68485]: 2023-07-14 13:57:03.310 INFO     PID: 1 leapp.workflow.Finalization: Executing actor target_initramfs_generator
[  466.270903] upgrade[69578]: 2023-07-14 13:57:03.344 DEBUG    PID: 1085 leapp.workflow.Finalization.target_initramfs_generator: Copying kernel module "test" to "/lib/modules/5.14.0-337.el9.x86_64/extra/leapp/test.ko".
[  466.277399] upgrade[69578]: 2023-07-14 13:57:03.352 DEBUG    PID: 1085 leapp.workflow.Finalization.target_initramfs_generator: External command has started: ['depmod', '5.14.0-337.el9.x86_64', '-a']
[  471.014799] upgrade[69578]: 2023-07-14 13:57:08.89  DEBUG    PID: 1085 leapp.workflow.Finalization.target_initramfs_generator: External command has finished: ['depmod', '5.14.0-337.el9.x86_64', '-a']
[  471.017346] upgrade[69578]: 2023-07-14 13:57:08.90  DEBUG    PID: 1085 leapp.workflow.Finalization.target_initramfs_generator: External command has started: ['dracut', '-f', '--kver', '5.14.0-337.el9.x86_64', '--add-drivers', 'test']

lsinitrd target_initramfs

[root@leapp-20230622171431 vagrant]# lsinitrd /boot/initramfs-5.14.0-337.el9.x86_64.img | grep test
Arguments:  -f --kver '5.14.0-337.el9.x86_64' --add-drivers 'test'
-rw-r--r--   1 root     root         6080 May 31 14:33 usr/lib/modules/5.14.0-337.el9.x86_64/extra/leapp/test.ko
-rw-r--r--   1 root     root         5180 May 31 14:33 usr/lib/modules/5.14.0-337.el9.x86_64/kernel/crypto/async_tx/raid6test.ko.xz

lsinitrd upgrade_initramfs

[root@leapp-20230622171431 ~]# lsinitrd /boot/initramfs-upgrade.x86_64.img | grep test
Arguments:  -v -v -v -v --force --conf '/dev/null' --confdir '/var/empty' --install 'systemd-nspawn' --add 'sys-upgrade-redhat' --add 'sys-upgrade' --add 'sys-upgrade-redhat' --add 'sys-upgrade' --add-drivers 'test' --nomdadmconf --nolvmconf --no-hostonly --kver '5.14.0-337.el9.x86_64' --kernel-image 'vmlinuz-upgrade.x86_64'
-rw-r--r--   1 root     root         6080 May 31 14:33 usr/lib/modules/5.14.0-337.el9.x86_64/extra/leapp/test.ko
-rw-r--r--   1 root     root         5180 May 31 14:33 usr/lib/modules/5.14.0-337.el9.x86_64/kernel/crypto/async_tx/raid6test.ko.xz

MichalHe
MichalHe approved these changes Jul 14, 2023
View reviewed changes
Copy link
Member

@MichalHe MichalHe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've tested the patch and it works. LGTM

@MichalHe
Copy link
Member

@dkubek I will merge this once the integration tests are done running.

@MichalHe
Copy link
Member

/rerun

@github-actions
Copy link

Copr build succeeded: https://copr.fedorainfracloud.org/coprs/build/6177803

@github-actions
Copy link

Testing Farm request for RHEL-8.6-rhui/6177803 regression testing has been created.
Once finished, results should be available here.
Full pipeline log.

@github-actions
Copy link

Testing Farm request for RHEL-7.9-rhui/6177803 regression testing has been created.
Once finished, results should be available here.
Full pipeline log.

@MichalHe
Copy link
Member

I've performed manually a successful 8>9 upgrade using internal vagrant box.

fernflower
fernflower approved these changes Jul 17, 2023
View reviewed changes
Copy link
Member

@fernflower fernflower left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm. Given that we need the builds today and manual testing + e2e testing has been done successfully, I'd suggest we merge it.

@MichalHe MichalHe merged commit 030e1fc into oamg:master Jul 17, 2023
@pirat89 pirat89 added the changelog-checked The merger/reviewer checked the changelog draft document and updated it when relevant label Jul 17, 2023
@pirat89 pirat89 added this to the 8.9/9.3 milestone Jul 24, 2023
pirat89 added a commit to pirat89/leapp-repository that referenced this pull request Aug 23, 2023
@pirat89
Release 0.19.0
9819c7e 
## Packaging
- Requires leapp-framework 5.0

## Upgrade handling
### Fixes
- Add el8toel9 actor to handle directory -> symlink with ruby IRB. (oamg#1076)
- Do not try to update GRUB core on IBM Z systems (oamg#1117)
- Fix failing upgrades with devtmpfs file systems specified in FSTAB (oamg#1090)
- Fix the calculation of the required free space on each partitions/volume for the upgrade transactions (oamg#1097)
- Fix the generation of the report about hybrid images (oamg#1064)
- Handle correctly the installed certificates to allow upgrades with custom repositories using HTTPs with enabled SSL verification (oamg#1106)
- Minor improvements and fixes of various reports (oamg#1066, oamg#1067, oamg#1085)
- Update error messages about leapp data files to inform user how to obtain valid data files (oamg#1121)
- Update links in various reports (oamg#1062, oamg#1086)
- Update the repomap data to cover changed repoids in RHUI Azure (oamg#1087)
- [IPU 7 -> 8] Fix false positive report about invalid symlinks on RHEL 7 (oamg#1052)
- [IPU 8 -> 9] Inhibit the upgrade when unsupported x86-64 microarchitecture is detected (oamg#1059)

### Enhancements
- Include updated leapp data files in the RPM (oamg#1046, oamg#1092, oamg#1119)
- Update the set of supported upgrade paths (oamg#1077):
  - RHEL with SAP HANA 7.9 -> 8.6, 8.8 (default: 8.6)
  - RHEL with SAP HANA 8.8 -> 9.2
- Introduce new upgrade paths:
  - RHEL 7.9 -> 8.9 (default)
  - RHEL 8.9 -> 9.3
- Correctly update grub2 when /boot resides on multiple devices aggregated in RAID (oamg#1093, oamg#1115)
- Enable upgrades for machines using RHUI on AlibabaCloud (oamg#1088)
- Introduce possibility to add kernel drivers to initramfs (oamg#1081)
- Redesign handling of information about kernel (booted and target) in preparation for new changes in RHEL 9 (oamg#1107)
- Redesign source system overlay to use disk images backed by sparse files to optimize disk space consumption (oamg#1097, oamg#1103)
- Requires leapp-framework 5.0 (oamg#1061, oamg#1116)
- Use new leapp CLI API which provides better report summary output (oamg#1061, oamg#1116)
- [IPU 8 -> 9] Detect and report use of deprecated Xorg drivers (oamg#1078)
- [IPU 8 -> 9] Introduce IPU for systems with FIPS enabled (oamg#1053)

## Additional changes interesting for devels
- Deprecated `GrubInfo.orig_device_name` field in the `GrubInfo` model (replaced by `GrubInfo.orig_devices`) (oamg#1093)
- Deprecated `InstalledTargetKernelVersion` model (replaced by `InstalledTargetKernelInfo`) (oamg#1107)
- Deprecated `leapp.libraries.common.config.version.is_rhel_realtime` (check the type in msg `KernelInfo`, field `type`) (oamg#1107)
- Deprecated `leapp.libraries.common.grub.get_grub_device()` (replaced by `leapp.libraries.common.grub.get_grub_devices()`) (oamg#1093)
- Introduced new devel envar LEAPP_DEVEL_KEEP_DISK_IMGS=1 to skip the removal of the created disk images for OVL. That's sometimes handy for the debugging. (oamg#1097)
@pirat89 pirat89 mentioned this pull request Aug 23, 2023
Merged
Rezney pushed a commit that referenced this pull request Aug 23, 2023
@pirat89 @Rezney
Release 0.19.0
db25c79 
## Packaging
- Requires leapp-framework 5.0

## Upgrade handling
### Fixes
- Add el8toel9 actor to handle directory -> symlink with ruby IRB. (#1076)
- Do not try to update GRUB core on IBM Z systems (#1117)
- Fix failing upgrades with devtmpfs file systems specified in FSTAB (#1090)
- Fix the calculation of the required free space on each partitions/volume for the upgrade transactions (#1097)
- Fix the generation of the report about hybrid images (#1064)
- Handle correctly the installed certificates to allow upgrades with custom repositories using HTTPs with enabled SSL verification (#1106)
- Minor improvements and fixes of various reports (#1066, #1067, #1085)
- Update error messages about leapp data files to inform user how to obtain valid data files (#1121)
- Update links in various reports (#1062, #1086)
- Update the repomap data to cover changed repoids in RHUI Azure (#1087)
- [IPU 7 -> 8] Fix false positive report about invalid symlinks on RHEL 7 (#1052)
- [IPU 8 -> 9] Inhibit the upgrade when unsupported x86-64 microarchitecture is detected (#1059)

### Enhancements
- Include updated leapp data files in the RPM (#1046, #1092, #1119)
- Update the set of supported upgrade paths (#1077):
  - RHEL with SAP HANA 7.9 -> 8.6, 8.8 (default: 8.6)
  - RHEL with SAP HANA 8.8 -> 9.2
- Introduce new upgrade paths:
  - RHEL 7.9 -> 8.9 (default)
  - RHEL 8.9 -> 9.3
- Correctly update grub2 when /boot resides on multiple devices aggregated in RAID (#1093, #1115)
- Enable upgrades for machines using RHUI on AlibabaCloud (#1088)
- Introduce possibility to add kernel drivers to initramfs (#1081)
- Redesign handling of information about kernel (booted and target) in preparation for new changes in RHEL 9 (#1107)
- Redesign source system overlay to use disk images backed by sparse files to optimize disk space consumption (#1097, #1103)
- Requires leapp-framework 5.0 (#1061, #1116)
- Use new leapp CLI API which provides better report summary output (#1061, #1116)
- [IPU 8 -> 9] Detect and report use of deprecated Xorg drivers (#1078)
- [IPU 8 -> 9] Introduce IPU for systems with FIPS enabled (#1053)

## Additional changes interesting for devels
- Deprecated `GrubInfo.orig_device_name` field in the `GrubInfo` model (replaced by `GrubInfo.orig_devices`) (#1093)
- Deprecated `InstalledTargetKernelVersion` model (replaced by `InstalledTargetKernelInfo`) (#1107)
- Deprecated `leapp.libraries.common.config.version.is_rhel_realtime` (check the type in msg `KernelInfo`, field `type`) (#1107)
- Deprecated `leapp.libraries.common.grub.get_grub_device()` (replaced by `leapp.libraries.common.grub.get_grub_devices()`) (#1093)
- Introduced new devel envar LEAPP_DEVEL_KEEP_DISK_IMGS=1 to skip the removal of the created disk images for OVL. That's sometimes handy for the debugging. (#1097)
@pirat89 pirat89 added the report Any reports have been added / removed / changed in the PR label Nov 8, 2023
@bessonc bessonc mentioned this pull request Nov 17, 2023
Open
This was referenced Dec 11, 2023
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pirat89 pirat89 pirat89 left review comments

@fernflower fernflower fernflower approved these changes

@MichalHe MichalHe MichalHe approved these changes

Assignees
No one assigned
Labels
changelog-checked The merger/reviewer checked the changelog draft document and updated it when relevant report Any reports have been added / removed / changed in the PR
Projects
None yet
Milestone
8.9/9.3
Development

Successfully merging this pull request may close these issues.
5 participants
@dkubek @pirat89 @MichalHe @matejmatuska @fernflower