docs/operator-notes: Note paths that should not be used b/c of switch_root #1697
Conversation
|
In general, you should not directly write to For Maybe we should have a Butane lint that refuses writing files to those locations? |
|
Thanks for the feedback!
That's fair. Want me to add this to the note?
Ahh, right,
I haven't used Butane myself (I'm using Ignition indirectly, as the result of booting Flatcar Linux machines with Cluster API. Could someone help with this part? |
|
The text as written is not correct. The /proc /sys /dev paths are very much still accessible after switching from the initramfs. Users should not rely on Ignition to write value to those files because the changes are not persisted beyond the first boot. I think that whether /tmp or /run are a tmpfs mount is up to the distribution, not a requirement of Ignition. Overall there is nothing invalid with Ignition configs writing to those paths. They only don't do what you likely want. So I'd phrase this as a recommendation instead. But I'm still not sure that this is the right place for it. |
The text says that the files you write under these paths before switch_root are not accessible after switch_root. It does not say the paths are not accessible. But I can rewrite it to be more clear.
Any file written under these paths by Ignition is not accessible after switch_root. I can't think of any situation where this is what the user wants. If you can think of one, could you please share it?
I want to help other Ignition users avoid a mistake that is easy to make, especially if you are used to cloud-init, which runs after switch_root. Please let me know the right place, in case these docs are not it. |
|
@travier poke |
|
Coming back to this and re-reading it again, I think I now understand what you mean. Instead of phrasing it in a negative form, let's write what we recommend instead in a positive form. |
|
But I still think that this would be better as a check in Butane as the behavior might be distribution dependent and users are not expected to write Ignition configs directly. |
I agree with you. I won't be able to contribute this check to Butane, though. |
|
Thanks for reviewing, and for the fixes! |
|
I think that, earlier in the review, @travier made a good suggestion to give users guidance about managing files under these mount points--namely, to configure the respective systemd services that manage files under tose mount points.
|
|
Thanks everyone for working together, in good faith, to improve the docs for Ignition users 🙏. It might not be a big change, but the reviews made the text very clear, and I'm sure that will save people from frustration and wasted time. |
jlebon
force-pushed
the
ineffectual-file-paths
branch
from
a991ba5
to
c09b66a
Compare
| @@ -62,6 +62,14 @@ If `wipeFilesystem` is set to false, Ignition will then attempt to reuse the exi | |||
|
|
|||
| When resolving paths, Ignition follows symlinks on all but the last element of a path. This ensures existing symlinks on a filesystem can be overwritten while still following symlinks as expected. When writing files, links, or directories, Ignition does not allow following symlinks outside the specified filesystem. When writing files, links, or directories on the `root` filesystem, Ignition follows symlinks as if it were executing in that root; a symlink to `/etc` is followed to `/etc` on the `root` filesystem. When writing files, links, or directories to any other filesystem, Ignition fails if it tries to follow a symlink outside that filesystem. | |||
|
|
|||
| ## Making changes to `/proc`, `/sys`, `/dev`, `/tmp` or `/run` | |||
|
|
|||
| To create files, directories or symlinks in `/proc`, `/sys` or `/dev`, you should use [sysctl.d config files](https://www.mankier.com/5/sysctl.d) or [udev rules](https://www.mankier.com/7/udev). | |||
There was a problem hiding this comment.
I still find this sentence a bit weird because you wouldn't typically want to create files, directories, or symlinks in there in the first place. But fine as is too.
I learned this the hard way (see flatcar/Flatcar#1152), and thought it would be useful to have in the documentation.
Feedback and edits welcome!