From Fedora Project Wiki

Revision as of 19:19, 2 February 2023 by Zbyszek (talk | contribs) (initial draft)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

mkosi-initrd

This is a proposed Change for Fedora Linux.
This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee.

Summary

mkosi-initrd is an alternative builder for initrds. It will be packaged in Fedora, so that users can use it to build initrds locally. A kernel-install plugin will be provided to build the initrd when a kernel package is installed. As a stretch goal, initrds will be build in koji and delivered via rpm packages. As a further stretch goal, pre-built initrds will be used in Unified Kernel Images that can be delivered via rpm packages.

Only a subset of installation types will be supported.

Owner

Current status

  • Targeted release: Fedora Linux 39
  • Last updated: 2023-02-02
  • FESCo issue: <will be assigned by the Wrangler>
  • Tracker bug: <will be assigned by the Wrangler>
  • Release notes tracker: <will be assigned by the Wrangler>

Detailed Description

The process by which we create initrds is complicated and inefficient. Initrds contain duplicate functionality and require a lot of maintainer effort. The aim of this proposal is to introduce a vastly simplified mechanism of initrd creation and simplified initrd contents.

Instead of building initrds by scraping the file system and figuring out dependencies again, existing packages and normal package installation via dnf/rpm is used to populate the initrd. This also means that the package manager is responsible for satisfying dependencies. At runtime, systemd is responsible for setting up the execution environment and invoking programs.

The mkosi-initrd project is a set of config files for mkosi. mkosi is a program to build operating system images from system packages. An initrd is built by invoking mkosi with the config provided by mkosi-initrd.

Currently, initrds built in this way are bigger than initrds built by dracut. They also have limited functionality: many common types of systems work just fine, but more exotic configurations are not supported. See Scope below for a list of known good/bad features.

The goal of this change is to provide an *alternative* mechanism. If the feedback is positive, we may consider using initrds built with mkosi-initrd as default in certain scenarios. There are no plans to remove dracut in the foreseeable future. This means that for any case not supported or not working well, dracut remains a natural fallback. In this way this change is similar to Changes/Unified_Kernel_Support_Phase_1, as it provides a preview of a new technology as an alternative to the current established approach.

Feedback

Benefit to Fedora

Current initrd generation with dracut is showing its age. As upstream packages evolve, repeating the dependency resolution in dracut is a constant drain of maintainer time. Our dracut initrds are already using systemd. But systemd is constantly evolving and adding new functionality related to early boot: decryption of disks, access to secrets, new configuration mechanisms, state checks and boot counting. More and more, dracut runtime scripting is a thin wrapper around systemd. We have two job queues: the dracut initqueue, and the systemd job queue. This duplication makes everything harder, both during preparation and at runtime, for little benefit.

The design principle of the new approach is to remove duplicate functionality:

  • package Requires replace dracut module dependency logic and automatic installation of libraries based on ldd output
  • systemd job management replaces the remainder of dracut runtime
  • the environment in the initrd is just a normal linux system (on a temporary root fs)
  • normal package contents replace special scripts crafted for the initrd

Generally, the new scheme requires very little new stuff. We reuse things that are already available (and used): dnf and rpm, packages for all stuff that is used in the initrd, systemd, special systemd units for the initrd.

The new component is a mechanism that builds the initrd out of packages. But it is a relatively simple step that requires very little maintenance. The biggest part of the initial work is the creation of package lists to install in the initrd, and adjusting packages to to function correctly in the initrd and not pull in unnecessary dependencies. Afterwards, there might be occasional maintenance related to bugs or package splits.

Initrds built with mkosi-initrd should be fully reproducible (in the sense of reproducible builds).

The work done in packages has external benefits: package minimization automatically benefits other "small" installations.


Scope

  • Proposal owners:
    • package mkosi-initrd (copr, review-request TBD)
    • verify (and fix if necessary) mkosi-initrd/systemd/other packages to work with:
      • root on a plain partition
      • root on LVM2
      • root on LUKS
      • root on RAID
      • root on NFS
      • hibernation
    • provide a kernel-install plugin that builds initrds locally
    • make dracut not interfere with mkosi-initrd (merge https://github.com/dracutdevs/dracut/pull/1825 or carry downstream patch)
    • work with koji developers to allow mkosi-initrd to run in koji (stretch goal 1). This requires changing koji to allow access to downloaded rpms during build.
    • add a mkosi-initrd-initrd (name TBD) package that builds a set of subpackages with initrds (stretch goal 2).
    • enhance kernel-install to accept a pre-built initrd (stretch goal 2).
    • add a separate package that takes existing kernels and existing initrds and builds a package with Unified Kernel Images (stretch goal 3).

(Out of scope: support for root on iSCSI is not planned currently. Our experiments with iSCSI show that the existing tooling is a bunch of terrible scripts that doesn't work at all outside of dracut.)

TODO: add more items to to Scope or list as not planned.

  • Other developers:
    • koji developers: help with the rpms-in-buildroot functionality and
    • koji maintainers and releng: deploy changes in koji in Fedora infra
    • anyone: Install the new packages to opt-in into testing the new initrds.
  • Policies and guidelines: N/A (not needed for this Change)
  • Trademark approval: N/A (not needed for this Change)
  • Alignment with Objectives:

Upgrade/compatibility impact

This is new functionality that will only impact people who opt-in.

How To Test

  • Right now:
  • After mkosi-initrd is packaged:
    • disable the copr and update to the distro package
    • Upgrade or reinstall kernel package and reboot
  • After stretch goal 2:
    • Install mkosi-initrd-initrd-<variant>
    • Upgrade or reinstall kernel package and reboot
  • After stretch goal 3:
    • Install kernel-uki-mkosi-initrd-<variant>
    • Reboot

User Experience

Ideally, there should be no visible change for users. Obviously, when text logs are shown the console, the output is a bit different. After stretch goals 2 and 3, installation will be quicker.

Dependencies

Support for UKIs in grub2 is planned in Changes/Unified_Kernel_Support_Phase_1. It's a requirement for people who want to use mkosi-initrd UKIs with grub2.

Contingency Plan

  • Contingency mechanism: Postpone introduction of features to a later release. If it turns out that initrds are faulty, users who installed them will need to manually switch back to dracut initrds.
  • Contingency deadline: Any time.
  • Blocks release? No.

Documentation

https://github.com/systemd/mkosi-initrd/blob/main/docs/fedora.md

Release Notes

Simplified initrds built with mkosi-initrd are available for testing.