osbuild: handle extra-kargs from image.yaml

dustymabe · dustymabe · commit d3a4551d7241 · 2024-04-02T13:28:10.000-04:00
I noticed that we were missing the `mitigations=auto,nosmt` from
the kernel commandline on our FCOS built images that is defined in
image-base.yaml in the FCOS configs. With OSBuild we regressed and
weren't picking up these values.

Adjust how extra kargs are passed from cmd-buildextend-metal into
create_disk.sh and runvm-osbuild so that we can support this use case.
diff --git a/src/cmd-buildextend-metal b/src/cmd-buildextend-metal
@@ -234,8 +234,7 @@ if [ "${image_type}" == metal4k ]; then
 fi
 
 set -x
-kargs="$(python3 -c 'import sys, json; args = json.load(sys.stdin)["extra-kargs"]; print(" ".join(args))' < "${image_json}")"
-kargs="$kargs ignition.platform.id=$ignition_platform_id"
+extra_kargs="$(python3 -c 'import sys, json; args = json.load(sys.stdin)["extra-kargs"]; print(" ".join(args))' < "${image_json}")"
 
 qemu-img create -f ${image_format} "${path}.tmp" "${metal_image_size_mb}M"
 
@@ -262,6 +261,7 @@ deploy-via-container: "${deploy_via_container}"
 osname: "${name}"
 ostree-container: "${ostree_container}"
 ostree-ref: "${ref}"
+extra-kargs-string: "${extra_kargs}"
 # Used by runvm-osbuild
 image-type: "${image_type}"
 ostree-repo: "${ostree_repo}"
@@ -298,7 +298,6 @@ else
     runvm "${qemu_args[@]}" -- \
             /usr/lib/coreos-assembler/create_disk.sh \
                 --config "${image_for_disk_json}" \
-                --kargs "${kargs}" \
                 --platform "${ignition_platform_id}" \
                 --platforms-json "${platforms_json}" \
                 "${disk_args[@]}"
diff --git a/src/create_disk.sh b/src/create_disk.sh
@@ -29,7 +29,6 @@ Fedora CoreOS style disk image from an OSTree.
 Options:
     --config: JSON-formatted image.yaml
     --help: show this help
-    --kargs: kernel CLI args
     --platform: Ignition platform ID
     --platforms-json: platforms.yaml in JSON format
     --no-x86-bios-bootloader: don't install BIOS bootloader on x86_64
@@ -47,15 +46,13 @@ platforms_json=
 secure_execution=0
 ignition_pubkey=
 x86_bios_bootloader=1
-extrakargs=""
 
 while [ $# -gt 0 ];
 do
     flag="${1}"; shift;
     case "${flag}" in
         --config)                   config="${1}"; shift;;
         --help)                     usage; exit;;
-        --kargs)                    extrakargs="${extrakargs} ${1}"; shift;;
         --no-x86-bios-bootloader)   x86_bios_bootloader=0;;
         --platform)                 platform="${1}"; shift;;
         --platforms-json)           platforms_json="${1}"; shift;;
@@ -82,9 +79,6 @@ cp "${platforms_json}" /tmp/platforms.json
 platforms_json=/tmp/platforms.json
 platform_grub_cmds=$(jq -r ".${arch}.${platform}.grub_commands // [] | join(\"\\\\n\")" < "${platforms_json}")
 platform_kargs=$(jq -r ".${arch}.${platform}.kernel_arguments // [] | join(\" \")" < "${platforms_json}")
-if [ -n "${platform_kargs}" ]; then
-    extrakargs="${extrakargs} ${platform_kargs}"
-fi
 
 disk=$(realpath /dev/disk/by-id/virtio-target)
 
@@ -131,6 +125,13 @@ container_imgref=$(getconfig "container-imgref" "")
 os_name=$(getconfig "osname")
 buildid=$(getconfig "buildid")
 imgid=$(getconfig "imgid")
+extra_kargs=$(getconfig "extra-kargs-string" "")
+
+# populate remaining kargs
+extra_kargs+=" ignition.platform.id=${platform}"
+if [ -n "${platform_kargs}" ]; then
+    extra_kargs+=" ${platform_kargs}"
+fi
 
 set -x
 
@@ -148,7 +149,7 @@ if [[ ${secure_execution} -eq 1 ]]; then
     SDPART=1
     BOOTVERITYHASHPN=5
     ROOTVERITYHASHPN=6
-    extrakargs="${extrakargs} swiotlb=262144"
+    extra_kargs="${extra_kargs} swiotlb=262144"
 fi
 # shellcheck disable=SC2031
 case "$arch" in
@@ -328,7 +329,7 @@ if [ "${rootfs_type}" = "ext4verity" ] && [ -z "${composefs}" ]; then
 fi
 
 # Compute kargs
-allkargs="$extrakargs"
+allkargs="$extra_kargs"
 # shellcheck disable=SC2031
 if [ "$arch" != s390x ]; then
     # Note that $ignition_firstboot is interpreted by grub at boot time,
diff --git a/src/osbuild-manifests/coreos.osbuild.aarch64.mpp.yaml b/src/osbuild-manifests/coreos.osbuild.aarch64.mpp.yaml
@@ -137,6 +137,7 @@ pipelines:
             kernel_opts:
               - rw
               - '$ignition_firstboot'
+              - mpp-format-string: '{extra_kargs}'
           inputs:
             images:
               type: org.osbuild.containers
@@ -159,6 +160,7 @@ pipelines:
               kernel_opts:
                 - rw
                 - '$ignition_firstboot'
+                - mpp-format-string: '{extra_kargs}'
             inputs:
               images:
                 type: org.osbuild.containers
@@ -179,6 +181,7 @@ pipelines:
               kernel_opts:
                 - rw
                 - '$ignition_firstboot'
+                - mpp-format-string: '{extra_kargs}'
             inputs:
               commits:
                 type: org.osbuild.ostree
diff --git a/src/osbuild-manifests/coreos.osbuild.ppc64le.mpp.yaml b/src/osbuild-manifests/coreos.osbuild.ppc64le.mpp.yaml
@@ -131,6 +131,7 @@ pipelines:
             kernel_opts:
               - rw
               - '$ignition_firstboot'
+              - mpp-format-string: '{extra_kargs}'
           inputs:
             images:
               type: org.osbuild.containers
@@ -152,6 +153,7 @@ pipelines:
               kernel_opts:
                 - rw
                 - '$ignition_firstboot'
+                - mpp-format-string: '{extra_kargs}'
             inputs:
               images:
                 type: org.osbuild.containers
@@ -171,6 +173,7 @@ pipelines:
               kernel_opts:
                 - rw
                 - '$ignition_firstboot'
+                - mpp-format-string: '{extra_kargs}'
             inputs:
               commits:
                 type: org.osbuild.ostree
diff --git a/src/osbuild-manifests/coreos.osbuild.s390x.mpp.yaml b/src/osbuild-manifests/coreos.osbuild.s390x.mpp.yaml
@@ -117,6 +117,7 @@ pipelines:
               - rw
              ## '$ignition_firstboot' only works with GRUB, not available on s390x
              #- '$ignition_firstboot'
+              - mpp-format-string: '{extra_kargs}'
           inputs:
             images:
               type: org.osbuild.containers
@@ -138,6 +139,7 @@ pipelines:
               kernel_opts:
                 - rw
                 - '$ignition_firstboot'
+                - mpp-format-string: '{extra_kargs}'
             inputs:
               images:
                 type: org.osbuild.containers
@@ -158,6 +160,7 @@ pipelines:
                 - rw
                ## '$ignition_firstboot' only works with GRUB, not available on s390x
                #- '$ignition_firstboot'
+                - mpp-format-string: '{extra_kargs}'
             inputs:
               commits:
                 type: org.osbuild.ostree
diff --git a/src/osbuild-manifests/coreos.osbuild.x86_64.mpp.yaml b/src/osbuild-manifests/coreos.osbuild.x86_64.mpp.yaml
@@ -6,6 +6,7 @@ mpp-vars:
   container_imgref: $container_imgref
   container_repo: $container_repo
   container_tag: $container_tag
+  extra_kargs: $extra_kargs
   metal_image_size_mb: $metal_image_size_mb
   cloud_image_size_mb: $cloud_image_size_mb
   bios_boot_size_mb: 1
@@ -137,6 +138,7 @@ pipelines:
             kernel_opts:
               - rw
               - '$ignition_firstboot'
+              - mpp-format-string: '{extra_kargs}'
           inputs:
             images:
               type: org.osbuild.containers
@@ -159,6 +161,7 @@ pipelines:
               kernel_opts:
                 - rw
                 - '$ignition_firstboot'
+                - mpp-format-string: '{extra_kargs}'
             inputs:
               images:
                 type: org.osbuild.containers
@@ -179,6 +182,7 @@ pipelines:
               kernel_opts:
                 - rw
                 - '$ignition_firstboot'
+                - mpp-format-string: '{extra_kargs}'
             inputs:
               commits:
                 type: org.osbuild.ostree
diff --git a/src/runvm-osbuild b/src/runvm-osbuild
@@ -56,6 +56,7 @@ cloud_image_size_mb=$(getconfig "cloud-image-size")
 container_imgref=$(getconfig "container-imgref")
 container_repo=$(getconfig_def "container-repo" "")
 container_tag=$(getconfig_def "container-tag" "")
+extra_kargs=$(getconfig "extra-kargs-string" "")
 # If we are deploying via container let's go ahead and pull
 # the oci archive path from the config
 ostree_container=""
@@ -84,8 +85,9 @@ osbuild-mpp                                             \
     -D ociarchive=\""${ostree_container}"\"             \
     -D osname=\""${osname}"\"                           \
     -D container_imgref=\""${container_imgref}"\"       \
-    -D container_repo=\""${container_repo}"\"       \
-    -D container_tag=\""${container_tag}"\"       \
+    -D container_repo=\""${container_repo}"\"           \
+    -D container_tag=\""${container_tag}"\"             \
+    -D extra_kargs=\""${extra_kargs}"\"                 \
     -D metal_image_size_mb="${metal_image_size_mb}"     \
     -D cloud_image_size_mb="${cloud_image_size_mb}"     \
     "${mppyaml}" "${processed_json}"
