From a50480ed74b44bbd1c14773bd4ad8c96682c2b5e Mon Sep 17 00:00:00 2001
From: Scott Dodson <sdodson@redhat.com>
Date: Tue, 2 Jun 2026 14:03:22 -0400
Subject: [PATCH] machine-config-daemon-firstboot: disable ostree fsync during
 bootstrap

Saves a few seconds, measured at around 4-10s. Assumes we tolerate
the outcome that corruption due to powerfailure means we have to re-ignite
a node from scratch. Suggested by @dustymabe and original analysis at
https://github.com/dustymabe/20250529-ostree-fsync-analysis

Rather than writing fsync=false to disk and re-enabling it on stop, we
bind mount a tmpfs-backed copy of the ostree repo config over the real
path. The ostree config command then writes to the bind mount instead of
the underlying file, so the on-disk config is never modified. If the host
crashes or reboots before ExecStopPost runs, the kernel tears down the
bind mount and the original config is automatically restored.
---
 .../units/machine-config-daemon-firstboot.service.yaml    | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/templates/common/_base/units/machine-config-daemon-firstboot.service.yaml b/templates/common/_base/units/machine-config-daemon-firstboot.service.yaml
index 7ef8a4a81b..7d67b39967 100644
--- a/templates/common/_base/units/machine-config-daemon-firstboot.service.yaml
+++ b/templates/common/_base/units/machine-config-daemon-firstboot.service.yaml
@@ -15,9 +15,17 @@ contents: |
   RemainAfterExit=yes
   # Disable existing repos (if any) so that OS extensions would use embedded RPMs only
   ExecStartPre=-/usr/bin/sh -c "sed -i 's/enabled=1/enabled=0/' /etc/yum.repos.d/*.repo"
+  # Bind mount a tmpfs-backed copy of the ostree repo config so that disabling fsync is ephemeral;
+  # if the host crashes or reboots the bind mount disappears and the on-disk config is unchanged.
+  # We append a second [core] section (GKeyFile merges duplicate groups) rather than using
+  # `ostree config set` because ostree uses an atomic rename which fails with EBUSY on a bind-mounted
+  # file; the bind mount must be established before `ostree config set` is called, and once it is,
+  # the rename target is a mount point and can't be replaced.
+  ExecStartPre=-/usr/bin/sh -c "cp /sysroot/ostree/repo/config /run/ostree-bootstrap-config && printf '\n[core]\nfsync = false\n' >> /run/ostree-bootstrap-config && mount --bind /run/ostree-bootstrap-config /sysroot/ostree/repo/config"
   # Run this via podman because we want to use the nmstatectl binary in our container
   ExecStart=/usr/bin/podman run --rm --privileged --net=host -v /:/rootfs  --entrypoint machine-config-daemon '{{ .Images.machineConfigOperator }}' firstboot-complete-machineconfig --persist-nics
   ExecStart=/usr/bin/podman run --rm --privileged --pid=host --net=host -v /:/rootfs  --entrypoint machine-config-daemon '{{ .Images.machineConfigOperator }}' firstboot-complete-machineconfig
+  ExecStopPost=-/usr/bin/umount /sysroot/ostree/repo/config
   {{if .Proxy -}}
   EnvironmentFile=/etc/mco/proxy.env
   {{end -}}