Skip to content

machine-config-daemon-firstboot: disable ostree fsync during bootstrap #6122

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sdodson wants to merge 1 commit into
base: main
Choose a base branch
from
+8 −0
Open

machine-config-daemon-firstboot: disable ostree fsync during bootstrap #6122

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions templates/common/_base/units/machine-config-daemon-firstboot.service.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,17 @@ contents: |
RemainAfterExit=yes
# Disable existing repos (if any) so that OS extensions would use embedded RPMs only
ExecStartPre=-/usr/bin/sh -c "sed -i 's/enabled=1/enabled=0/' /etc/yum.repos.d/*.repo"
# Bind mount a tmpfs-backed copy of the ostree repo config so that disabling fsync is ephemeral;
# if the host crashes or reboots the bind mount disappears and the on-disk config is unchanged.
# We append a second [core] section (GKeyFile merges duplicate groups) rather than using
# `ostree config set` because ostree uses an atomic rename which fails with EBUSY on a bind-mounted
# file; the bind mount must be established before `ostree config set` is called, and once it is,
# the rename target is a mount point and can't be replaced.
ExecStartPre=-/usr/bin/sh -c "cp /sysroot/ostree/repo/config /run/ostree-bootstrap-config && printf '\n[core]\nfsync = false\n' >> /run/ostree-bootstrap-config && mount --bind /run/ostree-bootstrap-config /sysroot/ostree/repo/config"
# Run this via podman because we want to use the nmstatectl binary in our container
ExecStart=/usr/bin/podman run --rm --privileged --net=host -v /:/rootfs --entrypoint machine-config-daemon '{{ .Images.machineConfigOperator }}' firstboot-complete-machineconfig --persist-nics
ExecStart=/usr/bin/podman run --rm --privileged --pid=host --net=host -v /:/rootfs --entrypoint machine-config-daemon '{{ .Images.machineConfigOperator }}' firstboot-complete-machineconfig
ExecStopPost=-/usr/bin/umount /sysroot/ostree/repo/config

@dustymabe dustymabe Jun 9, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would just drop this. A reboot is going to make this bind mount go away anyway, right?

@sdodson sdodson Jun 9, 2026

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It should yes. I don't know exactly how the bootstrap in place work happens. @openshift/openshift-team-agent would this affect bootstrap in place or any other flows there the machine may not reboot after applying machine config?

@dustymabe dustymabe Jun 9, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

even if the machine didn't reboot the change would still bound to that single boot and I'm not too worried about problems related to it.

@andfasano andfasano Jun 10, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Running specific agent compact job to double check it

{{if .Proxy -}}
EnvironmentFile=/etc/mco/proxy.env
{{end -}}
Expand Down