Re: Proposed F19 Feature: Dracut HostOnly
On Fri, 01 Feb 2013 11:34:40 +0100 Harald Hoyer harald.ho...@gmail.com wrote: The rescue initramfs carries just more kernel drivers to cope with different HW and will also have more debug tools, if you really really screwed up your real root. Nothing security fancy here, besides that you might want to passwort protect this entry, either via grub or via including /etc/passwd with a rescue root password in the initramfs. So, is this 'rescue' mode the same as the current rescue mode on dvd/netinstall via anaconda? Or just similar? Is it intended to replace those? Can you easily setup network and find your installs (if any)? kevin signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
= Features/DracutHostOnly = https://fedoraproject.org/wiki/Features/DracutHostOnly ... This results in a very big initramfs, which takes a long time to load on system start and a long time to create on kernel updates. For speed in creating an initramfs, please consider Requiring the package 'pigz' (Parallel Implementation of GZip), or at least highlight this feature in the documentation. If pigz is present in $PATH, then already today dracut uses it, and this speeds up the compression by a factor equal to the number of CPUs. On my 3GHz box with 2 CPUs the gzip time is about 20 seconds, but using pigz takes only 10 seconds. -- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
Am 04.02.2013 15:47, schrieb John Reiser: = Features/DracutHostOnly = https://fedoraproject.org/wiki/Features/DracutHostOnly ... This results in a very big initramfs, which takes a long time to load on system start and a long time to create on kernel updates. For speed in creating an initramfs, please consider Requiring the package 'pigz' (Parallel Implementation of GZip), or at least highlight this feature in the documentation. If pigz is present in $PATH, then already today dracut uses it, and this speeds up the compression by a factor equal to the number of CPUs. On my 3GHz box with 2 CPUs the gzip time is about 20 seconds, but using pigz takes only 10 seconds thanks for that below the output of a HostOnly one before and after yum install pigz and so i take this package in my base-metapackage [root@rh:~]$ date; dracut -f; date Mo 4. Feb 15:47:50 CET 2013 Mo 4. Feb 15:48:02 CET 2013 [root@rh:~]$ date; dracut -f; date Mo 4. Feb 15:48:31 CET 2013 Mo 4. Feb 15:48:36 CET 2013 signature.asc Description: OpenPGP digital signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Tue, Jan 29, 2013 at 6:22 PM, Dennis Gilmore den...@ausil.us wrote: that are built at kernel build time? the issue with building it at build time was making sure we knew exactly what sourcs we needed to ship to match all the binaries in the initramfs. the initramfs's we build and ship as part of teh install tree we know exactly what sources because they match what is in the release tree rather than what was in the buildroot at build time. That _is_ a missing piece of the dracut/initramfs toolchain: we need something in dracut that scans what files have been included from the buildhost, finds what rpm they belong to and writes down the NEVRA into a file that goes _into_ the initramfs. Right now, it is impossible to trace back the origin of an arbitrary initramfs built by dracut. Unless you find the build host (and it hasn't changed!). At OLPC we've had a few incidents of where the hell did you build this initramfs? and how can I respin this initramfs with only this patch applied, no other changes whatsoever?. cheers, m -- martin.langh...@gmail.com mar...@laptop.org -- Software Architect - OLPC - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
Am 29.01.2013 17:20, schrieb John Reiser: A generic fallback image should be installed by anaconda on installation/update and never ever be removed. Also, fallback has interesting security properties… Rescue mode forces a SELinux relabel at the next boot, and relabel can take a very long time. How does fallback mode handle this, particularly if there have been updates to SELinux policy after the fallback was created? The rescue initramfs and all initramfs in general do _not_ carry any selinux policies. These are turned on later on the real root. Nothing changes here. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
Am 29.01.2013 19:28, schrieb Daniel J Walsh: On 01/29/2013 11:20 AM, John Reiser wrote: A generic fallback image should be installed by anaconda on installation/update and never ever be removed. Also, fallback has interesting security properties… Rescue mode forces a SELinux relabel at the next boot, and relabel can take a very long time. How does fallback mode handle this, particularly if there have been updates to SELinux policy after the fallback was created? The reason for this is we do not know what files were created on the system while SELinux was disabled (Policy Not Loaded). If you know you did not created files on the system you could remove the /.autorelabel file and boot without a relabel. The rescue initramfs carries just more kernel drivers to cope with different HW and will also have more debug tools, if you really really screwed up your real root. Nothing security fancy here, besides that you might want to passwort protect this entry, either via grub or via including /etc/passwd with a rescue root password in the initramfs. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
Am 29.01.2013 16:53, schrieb Dennis Gilmore: El Tue, 29 Jan 2013 14:45:34 + Jaroslav Reznik jrez...@redhat.com escribió: = Features/DracutHostOnly = https://fedoraproject.org/wiki/Features/DracutHostOnly Feature owner(s): Harald Hoyer har...@redhat.com Only create host-only initramfs images. A generic fallback image should be installed by anaconda on installation/update and never ever be removed. == Detailed description == Current initramfs images contain most of the kernel drivers to boot from any hardware. This results in a very big initramfs, which takes a long time to load on system start and a long time to create on kernel updates. Switching to host-only will improve the situation. To cope with hardware change, a boot entry Rescue System should be installed with a full fledged initramfs also containing debug tools. This boot entry can then be used to recover from hardware changes and also from unforseen software failure after updates. as legal has said we cannot pregenerate initramfses i think this should be a non-starter. even loading a 20mb initramfs from a sdcard on a slow arm box doesnt take that long, and id personally much rather be able to change hardware or yank the drive and put it into a different box without worrying about making sure i have the right initramfs bits in place. at least to me the costs outweigh the benefits. the grub timeout on my laptop/desktops is longer than the time it takes to load the initramfs. Dennis If you are running a lot of virtual machines, you will care about a) boot time b) disk size c) yum update time (including generation of the initramfs) -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
Am 30.01.2013 00:22, schrieb Dennis Gilmore: On Tue, 29 Jan 2013 16:32:12 + Matthew Garrett mj...@srcf.ucam.org wrote: On Tue, Jan 29, 2013 at 09:53:32AM -0600, Dennis Gilmore wrote: as legal has said we cannot pregenerate initramfses i think this should be a non-starter. We already ship several pre-generated initramfses. that are built at kernel build time? the issue with building it at build time was making sure we knew exactly what sourcs we needed to ship to match all the binaries in the initramfs. the initramfs's we build and ship as part of teh install tree we know exactly what sources because they match what is in the release tree rather than what was in the buildroot at build time. Dennis The problem with kernel modules is, that the system can have/need non-kernel.rpm modules and you would have to stack several initramfs images then and that leads to the problem with depmod generated files. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
Am 01.02.2013 11:37, schrieb Harald Hoyer: Am 29.01.2013 16:53, schrieb Dennis Gilmore: as legal has said we cannot pregenerate initramfses i think this should be a non-starter. even loading a 20mb initramfs from a sdcard on a slow arm box doesnt take that long, and id personally much rather be able to change hardware or yank the drive and put it into a different box without worrying about making sure i have the right initramfs bits in place. at least to me the costs outweigh the benefits. the grub timeout on my laptop/desktops is longer than the time it takes to load the initramfs. If you are running a lot of virtual machines, you will care about a) boot time b) disk size c) yum update time (including generation of the initramfs) in this case you have already the following because on virtual machines it is very unlikely that hardware fundenemtally changes - but on real hardware as DEFAULT? yes i have the same also on real hardware but i would not recommend it to any other person [root@testserver:~]$ cat /etc/dracut.conf.d/90-plymouth.conf omit_dracutmodules+=plymouth [root@testserver:~]$ cat /etc/dracut.conf.d/91-host-only.conf hostonly=yes signature.asc Description: OpenPGP digital signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Fri, 2013-02-01 at 11:46 +0100, Reindl Harald wrote: in this case you have already the following because on virtual machines it is very unlikely that hardware fundenemtally changes Porting machines from one virt system to another isn't that unusual, and that can cause the hardware to change. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
Am 01.02.2013 18:22, schrieb Adam Williamson: On Fri, 2013-02-01 at 11:46 +0100, Reindl Harald wrote: in this case you have already the following because on virtual machines it is very unlikely that hardware fundenemtally changes Porting machines from one virt system to another isn't that unusual, and that can cause the hardware to change one reson more to NOT make HostOnly DEFAULT there where i work you setup HA clusters and failover and will not change for fun the infrastructure behind the guests because the main target of virtualization is abstraction from the real hardware and so HostOnly is OK, i can live with it but i can see no sense in making it default to make others lifes harder signature.asc Description: OpenPGP digital signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Wed, Jan 30, 2013 at 1:25 AM, Matthew Garrett mj...@srcf.ucam.org wrote: On Tue, Jan 29, 2013 at 05:22:00PM -0600, Dennis Gilmore wrote: On Tue, 29 Jan 2013 16:32:12 + Matthew Garrett mj...@srcf.ucam.org wrote: On Tue, Jan 29, 2013 at 09:53:32AM -0600, Dennis Gilmore wrote: as legal has said we cannot pregenerate initramfses i think this should be a non-starter. We already ship several pre-generated initramfses. that are built at kernel build time? the issue with building it at build time was making sure we knew exactly what sourcs we needed to ship to match all the binaries in the initramfs. the initramfs's we build and ship as part of teh install tree we know exactly what sources because they match what is in the release tree rather than what was in the buildroot at build time. Yeah ok that case is a problem. Not really. We use a chroot for builds you can look at root.log to see which packages where present at buildtime so we know the sources that are needed. Does not really sound like a hard problem to me. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Tue, Jan 29, 2013 at 4:53 PM, Dennis Gilmore den...@ausil.us wrote: even loading a 20mb initramfs from a sdcard on a slow arm box doesnt take that long, and id personally much rather be able to change hardware or yank the drive and put it into a different box without worrying about making sure i have the right initramfs bits in place. at least to me the costs outweigh the benefits. the grub timeout on my laptop/desktops is longer than the time it takes to load the initramfs. This actually suggests a different way to achieve the same result: Teach grub to preload the kernel and initrd while waiting for the timeout. That gives us _even better_ speedup, and doesn't sacrifice the generic usability of the initrd. Mirek -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
Miloslav Trmač (m...@volny.cz) said: On Tue, Jan 29, 2013 at 4:53 PM, Dennis Gilmore den...@ausil.us wrote: even loading a 20mb initramfs from a sdcard on a slow arm box doesnt take that long, and id personally much rather be able to change hardware or yank the drive and put it into a different box without worrying about making sure i have the right initramfs bits in place. at least to me the costs outweigh the benefits. the grub timeout on my laptop/desktops is longer than the time it takes to load the initramfs. This actually suggests a different way to achieve the same result: Teach grub to preload the kernel and initrd while waiting for the timeout. That gives us _even better_ speedup, and doesn't sacrifice the generic usability of the initrd. Well, if the plan is to not timeout, that won't help. But it could be interesting. Although, everything I've heard about the grub code makes me entirely concerned when something that amounts to 'introduce threads' is suggested. Bill -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On 01/30/2013 02:07 PM, Bill Nottingham wrote: Miloslav Trmač (m...@volny.cz) said: Teach grub to preload the kernel and initrd while waiting for the timeout. That gives us _even better_ speedup, and doesn't sacrifice the generic usability of the initrd. Well, if the plan is to not timeout, that won't help. But it could be interesting. Although, everything I've heard about the grub code makes me entirely concerned when something that amounts to 'introduce threads' is suggested. Threads are not needed and not desired; the analog of SIGALRM works fine single-threaded. The problem is the possibility of I/O errors when reading ahead. Recovery from an I/O error can take a very long time, and may be not interruptable. For instance, the linux kernel can take _minutes_ to recover from CD/DVD errors, and grub might be no better. If read-ahead (after no wait) on the default choice always runs into trouble, then selecting some other choice might be impossible. -- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
Hi Jaroslav, I would like to raise a caution about implementing this change. Several other non-Linux systems are able to handle a variety of hardware changes after installation, and still boot afterwards. I think it would be unfortunate if, after changing hardware, it were not possible to boot other than with a rescue image. Hardware is becoming faster, and even on our small ARM boards, initramfs size is not such a huge problem, especially in the medium term. Jon. -- Sent from my iPad On Jan 29, 2013, at 10:00, Jaroslav Reznik jrez...@redhat.com wrote: = Features/DracutHostOnly = https://fedoraproject.org/wiki/Features/DracutHostOnly Feature owner(s): Harald Hoyer har...@redhat.com Only create host-only initramfs images. A generic fallback image should be installed by anaconda on installation/update and never ever be removed. == Detailed description == Current initramfs images contain most of the kernel drivers to boot from any hardware. This results in a very big initramfs, which takes a long time to load on system start and a long time to create on kernel updates. Switching to host-only will improve the situation. To cope with hardware change, a boot entry Rescue System should be installed with a full fledged initramfs also containing debug tools. This boot entry can then be used to recover from hardware changes and also from unforseen software failure after updates. ___ devel-announce mailing list devel-annou...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel-announce -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On 01/29/2013 02:45 PM, Jaroslav Reznik wrote: = Features/DracutHostOnly = https://fedoraproject.org/wiki/Features/DracutHostOnly Feature owner(s): Harald Hoyer har...@redhat.com Only create host-only initramfs images. A generic fallback image should be installed by anaconda on installation/update and never ever be removed. == Detailed description == Current initramfs images contain most of the kernel drivers to boot from any hardware. This results in a very big initramfs, which takes a long time to load on system start and a long time to create on kernel updates. Switching to host-only will improve the situation. To cope with hardware change, a boot entry Rescue System should be installed with a full fledged initramfs also containing debug tools. This boot entry can then be used to recover from hardware changes and also from unforseen software failure after updates. About time ;) JBG -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Tue, Jan 29, 2013 at 02:45:34PM +, Jaroslav Reznik wrote: Only create host-only initramfs images. A generic fallback image should be installed by anaconda on installation/update and never ever be removed. Will there be a way to opt out of this? The fallback image will consume space and not be useful in situations where one doesn't have the access to boot into it. (Eg., EC2.) -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ mat...@fedoraproject.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Tue, Jan 29, 2013 at 10:42:29AM -0500, Matthew Miller wrote: On Tue, Jan 29, 2013 at 02:45:34PM +, Jaroslav Reznik wrote: Only create host-only initramfs images. A generic fallback image should be installed by anaconda on installation/update and never ever be removed. Will there be a way to opt out of this? The fallback image will consume space and not be useful in situations where one doesn't have the access to boot into it. (Eg., EC2.) Clarification: opt out of the generic fallback image. Not the rest. :) -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ mat...@fedoraproject.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
Le Mar 29 janvier 2013 16:42, Matthew Miller a écrit : On Tue, Jan 29, 2013 at 10:42:29AM -0500, Matthew Miller wrote: On Tue, Jan 29, 2013 at 02:45:34PM +, Jaroslav Reznik wrote: Only create host-only initramfs images. A generic fallback image should be installed by anaconda on installation/update and never ever be removed. Will there be a way to opt out of this? The fallback image will consume space and not be useful in situations where one doesn't have the access to boot into it. (Eg., EC2.) Clarification: opt out of the generic fallback image. Not the rest. :) Also, fallback has interesting security properties… -- Nicolas Mailhot -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/29/2013 10:55 AM, Bryn M. Reeves wrote: On 01/29/2013 03:45 PM, Simo Sorce wrote: I guess it was in the short while I switched to Ubuntu, because from my memory I used to change hardware on my machines and always be extremely happy at how Linux was resilient to hardware changes between boots and automatically detected new hardware without the dreaded rescue mode. Hmm, not sure why Thunderbird sent my initial response without a subject. Fixing that now. I'm really not hearing any benefits from this strong enough to justify the potential issues with not keeping the full driver set in the initramfs. Boot time is nice-to-have. Boot *completion* is mandatory. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlEH8c4ACgkQeiVVYja6o6MoHwCfWKBJUKoCeM+WYbgK6sJOYSYp F+IAoJPBa0iuIPBLgn5n8uhARX0bymWZ =KxAf -END PGP SIGNATURE- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Tue, Jan 29, 2013 at 4:53 PM, Nicolas Mailhot nicolas.mail...@laposte.net wrote: Le Mar 29 janvier 2013 16:42, Matthew Miller a écrit : On Tue, Jan 29, 2013 at 10:42:29AM -0500, Matthew Miller wrote: On Tue, Jan 29, 2013 at 02:45:34PM +, Jaroslav Reznik wrote: Only create host-only initramfs images. A generic fallback image should be installed by anaconda on installation/update and never ever be removed. Will there be a way to opt out of this? The fallback image will consume space and not be useful in situations where one doesn't have the access to boot into it. (Eg., EC2.) Clarification: opt out of the generic fallback image. Not the rest. :) Also, fallback has interesting security properties… Not sure what you mean ... care to elaborate? -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Tue, Jan 29, 2013 at 4:59 PM, Stephen Gallagher sgall...@redhat.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/29/2013 10:55 AM, Bryn M. Reeves wrote: On 01/29/2013 03:45 PM, Simo Sorce wrote: I guess it was in the short while I switched to Ubuntu, because from my memory I used to change hardware on my machines and always be extremely happy at how Linux was resilient to hardware changes between boots and automatically detected new hardware without the dreaded rescue mode. Hmm, not sure why Thunderbird sent my initial response without a subject. Fixing that now. I'm really not hearing any benefits from this strong enough to justify the potential issues with not keeping the full driver set in the initramfs. Boot time is nice-to-have. Boot *completion* is mandatory. Faster bootup for free ... unless you swap out drives a lot which most people do not do there is no downside. And the generic image should boot an most hardware nowdays thanks to AHCI (so you should be able to boot the foreign host only image anyway). The only real concern so far is the cloud space issue Matthew raised ... but a opt out of the fallback image option (using a config file or whatever) would result into a net win in disk space too. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
A generic fallback image should be installed by anaconda on installation/update and never ever be removed. Also, fallback has interesting security properties… Rescue mode forces a SELinux relabel at the next boot, and relabel can take a very long time. How does fallback mode handle this, particularly if there have been updates to SELinux policy after the fallback was created? -- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 El Tue, 29 Jan 2013 14:45:34 + Jaroslav Reznik jrez...@redhat.com escribió: = Features/DracutHostOnly = https://fedoraproject.org/wiki/Features/DracutHostOnly Feature owner(s): Harald Hoyer har...@redhat.com Only create host-only initramfs images. A generic fallback image should be installed by anaconda on installation/update and never ever be removed. == Detailed description == Current initramfs images contain most of the kernel drivers to boot from any hardware. This results in a very big initramfs, which takes a long time to load on system start and a long time to create on kernel updates. Switching to host-only will improve the situation. To cope with hardware change, a boot entry Rescue System should be installed with a full fledged initramfs also containing debug tools. This boot entry can then be used to recover from hardware changes and also from unforseen software failure after updates. as legal has said we cannot pregenerate initramfses i think this should be a non-starter. even loading a 20mb initramfs from a sdcard on a slow arm box doesnt take that long, and id personally much rather be able to change hardware or yank the drive and put it into a different box without worrying about making sure i have the right initramfs bits in place. at least to me the costs outweigh the benefits. the grub timeout on my laptop/desktops is longer than the time it takes to load the initramfs. Dennis -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlEH8IAACgkQkSxm47BaWfeK0QCfbg5Sa4YKjOY53mAyVh7IK9E/ YugAoKsEGgkLroJ1ht3FT+v5gJJxYqFS =S7mz -END PGP SIGNATURE- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Tue, Jan 29, 2013 at 4:53 PM, Dennis Gilmore den...@ausil.us wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 El Tue, 29 Jan 2013 14:45:34 + Jaroslav Reznik jrez...@redhat.com escribió: = Features/DracutHostOnly = https://fedoraproject.org/wiki/Features/DracutHostOnly Feature owner(s): Harald Hoyer har...@redhat.com Only create host-only initramfs images. A generic fallback image should be installed by anaconda on installation/update and never ever be removed. == Detailed description == Current initramfs images contain most of the kernel drivers to boot from any hardware. This results in a very big initramfs, which takes a long time to load on system start and a long time to create on kernel updates. Switching to host-only will improve the situation. To cope with hardware change, a boot entry Rescue System should be installed with a full fledged initramfs also containing debug tools. This boot entry can then be used to recover from hardware changes and also from unforseen software failure after updates. as legal has said we cannot pregenerate initramfses i think this should be a non-starter. It can be generated at install time. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Tue, Jan 29, 2013 at 09:53:32AM -0600, Dennis Gilmore wrote: as legal has said we cannot pregenerate initramfses i think this should be a non-starter. We already ship several pre-generated initramfses. -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
Le Mar 29 janvier 2013 17:09, drago01 a écrit : On Tue, Jan 29, 2013 at 4:53 PM, Nicolas Mailhot nicolas.mail...@laposte.net wrote: Le Mar 29 janvier 2013 16:42, Matthew Miller a écrit : On Tue, Jan 29, 2013 at 10:42:29AM -0500, Matthew Miller wrote: On Tue, Jan 29, 2013 at 02:45:34PM +, Jaroslav Reznik wrote: Only create host-only initramfs images. A generic fallback image should be installed by anaconda on installation/update and never ever be removed. Will there be a way to opt out of this? The fallback image will consume space and not be useful in situations where one doesn't have the access to boot into it. (Eg., EC2.) Clarification: opt out of the generic fallback image. Not the rest. :) Also, fallback has interesting security properties… Not sure what you mean ... care to elaborate? Current rescue disc allow bypass of pretty much all the security controls on installed systems. (that's why some entities disable optical drive in bios and glue usb ports). Will fallback perform the security checks of the main boot path? When I see 'never ever be removed' does that mean this will make sure any Fedora box will have a boot entry to an old kernel, with known security bugs, that you only need to trick boot into to get a vulnerable system? -- Nicolas Mailhot -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On 01/29/2013 04:32 PM, Nicolas Mailhot wrote: In a Fedora context, when you do this it's because the old motherboard failed unexpectedly, you bought a new one. It's a great relief to see plugging the old drive on the new mobo just works. There is no prep in advance and old and new mobo have several years of difference so disk or network controllers have nothing in common. I'm not sure it's a good idea to optimize away such robustness. To be honest I found myself doing this sort of swap a lot more in the past when hardware was less reliable and I was more inclined to cobble systems together with parts found lying around the place: in those days the initrd was host-specific by default and I didn't find it a headache - much less of a headache than loading something with all the modules included on each boot. Maybe on modern hosts that's less of a concern for many users though (although I do see noticeable pauses during initramfs loading on quite a few systems with default configs). I've been switching this setting on my boxes since dracut first came in so I can carry on with or without the feature and it makes little difference. Regards, Bryn. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Tue, Jan 29, 2013 at 05:40:04PM +0100, Nicolas Mailhot wrote: bios and glue usb ports). Will fallback perform the security checks of the main boot path? When I see 'never ever be removed' does that mean this will make sure any Fedora box will have a boot entry to an old kernel, with known security bugs, that you only need to trick boot into to get a vulnerable system? Presumably the image is local-only, at least by default. That's not any worse than letting one provide the kernel with arbitrary parameters at boot time, which we do already by default. (I'm not sure if the new installer even has an option for password-protecting grub2, offhand.) -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ mat...@fedoraproject.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Tue, Jan 29, 2013 at 09:53:32AM -0600, Dennis Gilmore wrote: as legal has said we cannot pregenerate initramfses i think this should be a non-starter. Intriguing .. what is the objection to pre-generating an initramfs? Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming blog: http://rwmj.wordpress.com Fedora now supports 80 OCaml packages (the OPEN alternative to F#) -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Tue, Jan 29, 2013 at 5:40 PM, Nicolas Mailhot nicolas.mail...@laposte.net wrote: Le Mar 29 janvier 2013 17:09, drago01 a écrit : On Tue, Jan 29, 2013 at 4:53 PM, Nicolas Mailhot nicolas.mail...@laposte.net wrote: Le Mar 29 janvier 2013 16:42, Matthew Miller a écrit : On Tue, Jan 29, 2013 at 10:42:29AM -0500, Matthew Miller wrote: On Tue, Jan 29, 2013 at 02:45:34PM +, Jaroslav Reznik wrote: Only create host-only initramfs images. A generic fallback image should be installed by anaconda on installation/update and never ever be removed. Will there be a way to opt out of this? The fallback image will consume space and not be useful in situations where one doesn't have the access to boot into it. (Eg., EC2.) Clarification: opt out of the generic fallback image. Not the rest. :) Also, fallback has interesting security properties… Not sure what you mean ... care to elaborate? Current rescue disc allow bypass of pretty much all the security controls on installed systems. (that's why some entities disable optical drive in bios and glue usb ports). Will fallback perform the security checks of the main boot path? When I see 'never ever be removed' does that mean this will make sure any Fedora box will have a boot entry to an old kernel, with known security bugs, that you only need to trick boot into to get a vulnerable system? Why should this be the case? The initrd is generated on kernel install just generate one as fallback image and one host only for the main boot target. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Tue, Jan 29, 2013 at 4:53 PM, Dennis Gilmore den...@ausil.us wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 El Tue, 29 Jan 2013 14:45:34 + Jaroslav Reznik jrez...@redhat.com escribió: = Features/DracutHostOnly = https://fedoraproject.org/wiki/Features/DracutHostOnly Feature owner(s): Harald Hoyer har...@redhat.com Only create host-only initramfs images. A generic fallback image should be installed by anaconda on installation/update and never ever be removed. == Detailed description == Current initramfs images contain most of the kernel drivers to boot from any hardware. This results in a very big initramfs, which takes a long time to load on system start and a long time to create on kernel updates. Switching to host-only will improve the situation. To cope with hardware change, a boot entry Rescue System should be installed with a full fledged initramfs also containing debug tools. This boot entry can then be used to recover from hardware changes and also from unforseen software failure after updates. as legal has said we cannot pregenerate initramfses i think this should be a non-starter. Thinking about this some more ... that does not make sense. A initramfs does not link anything but simply put stuff into an image similar to a tarball or even an ISO image. So what exactly are the objections raised by legal? -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/29/2013 11:20 AM, John Reiser wrote: A generic fallback image should be installed by anaconda on installation/update and never ever be removed. Also, fallback has interesting security properties… Rescue mode forces a SELinux relabel at the next boot, and relabel can take a very long time. How does fallback mode handle this, particularly if there have been updates to SELinux policy after the fallback was created? The reason for this is we do not know what files were created on the system while SELinux was disabled (Policy Not Loaded). If you know you did not created files on the system you could remove the /.autorelabel file and boot without a relabel. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlEIFNgACgkQrlYvE4MpobPO/ACfcYzgUaDdnQj/Kdj2lyqCDhbu ENEAoIZLa3xWD0O+nB/bGg+pVFAfHbPN =3yRB -END PGP SIGNATURE- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
drago01 wrote: Why should this be the case? The initrd is generated on kernel install just generate one as fallback image and one host only for the main boot target. +1 Grub2 is already smart enough to handle an additional boot line for a recovery mode. Then we can have our cake and eat it, too. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Tue, 2013-01-29 at 13:28 -0500, Daniel J Walsh wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/29/2013 11:20 AM, John Reiser wrote: A generic fallback image should be installed by anaconda on installation/update and never ever be removed. Also, fallback has interesting security properties… Rescue mode forces a SELinux relabel at the next boot, and relabel can take a very long time. How does fallback mode handle this, particularly if there have been updates to SELinux policy after the fallback was created? The reason for this is we do not know what files were created on the system while SELinux was disabled (Policy Not Loaded). If you know you did not created files on the system you could remove the /.autorelabel file and boot without a relabel. Can we have a relabel mode that just searches only files changed after a specific date ? If we stored the time of last good shutdown somewhere it would mean we might be able to relabel only a minor subset of files, saving a lot of time ? Simo. -- Simo Sorce * Red Hat, Inc * New York -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Jan 29, 2013, at 6:09 AM, Jaroslav Reznik jrez...@redhat.com wrote: A generic fallback image should be installed by anaconda on installation/update and never ever be removed. FYI, this will require change/supplementing grub2, possibly with a 4x_custom file, or rescue specific, in /etc/grub.d. Without such addition, grub2-mkconfig will create a grub.cfg without the rescue entry. And grubby quickly messes up existing grub2 grub.cfgs by progressively deleting entries, so it may need to be looked at to make sure it doesn't delete either container entries, or the rescue entries themselves. Chris Murphy -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/29/2013 01:34 PM, Simo Sorce wrote: On Tue, 2013-01-29 at 13:28 -0500, Daniel J Walsh wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/29/2013 11:20 AM, John Reiser wrote: A generic fallback image should be installed by anaconda on installation/update and never ever be removed. Also, fallback has interesting security properties… Rescue mode forces a SELinux relabel at the next boot, and relabel can take a very long time. How does fallback mode handle this, particularly if there have been updates to SELinux policy after the fallback was created? The reason for this is we do not know what files were created on the system while SELinux was disabled (Policy Not Loaded). If you know you did not created files on the system you could remove the /.autorelabel file and boot without a relabel. Can we have a relabel mode that just searches only files changed after a specific date ? If we stored the time of last good shutdown somewhere it would mean we might be able to relabel only a minor subset of files, saving a lot of time ? Simo. Well you would still need to search everywhere on the file system. for those files. If the filesystem gave an easy way to find the latest fds that have been changed, then ... I guess we could compare any file created after /.autorelabel, and then get the relabel to be find / -newer /.autorelabel -print0 | restorecon -f - -0 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlEIGNcACgkQrlYvE4MpobOm0QCgmD0eaIy8arEliV2EEOg68iPE rjkAoKGTL1IhvVkqDM2phKbPqiyq+r+1 =zoBy -END PGP SIGNATURE- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Jan 29, 2013, at 9:44 AM, Matthew Miller mat...@fedoraproject.org wrote: (I'm not sure if the new installer even has an option for password-protecting grub2, offhand.) It doesn't. And this seems to be an area of confusion on the two grub lists for users and distro developers alike, looking to implement it. So I'm not certain that it's strictly an installer limitation. Chris Murphy -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Tue, 2013-01-29 at 13:45 -0500, Daniel J Walsh wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/29/2013 01:34 PM, Simo Sorce wrote: On Tue, 2013-01-29 at 13:28 -0500, Daniel J Walsh wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/29/2013 11:20 AM, John Reiser wrote: A generic fallback image should be installed by anaconda on installation/update and never ever be removed. Also, fallback has interesting security properties… Rescue mode forces a SELinux relabel at the next boot, and relabel can take a very long time. How does fallback mode handle this, particularly if there have been updates to SELinux policy after the fallback was created? The reason for this is we do not know what files were created on the system while SELinux was disabled (Policy Not Loaded). If you know you did not created files on the system you could remove the /.autorelabel file and boot without a relabel. Can we have a relabel mode that just searches only files changed after a specific date ? If we stored the time of last good shutdown somewhere it would mean we might be able to relabel only a minor subset of files, saving a lot of time ? Simo. Well you would still need to search everywhere on the file system. for those files. If the filesystem gave an easy way to find the latest fds that have been changed, then ... I guess we could compare any file created after /.autorelabel, and then get the relabel to be find / -newer /.autorelabel -print0 | restorecon -f - -0 Yeah that may be an idea, if you can insure .autorelabel is the first file that gets created. Simo. -- Simo Sorce * Red Hat, Inc * New York -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Tue, 29 Jan 2013 11:48:01 -0700 Chris Murphy li...@colorremedies.com wrote: On Jan 29, 2013, at 9:44 AM, Matthew Miller mat...@fedoraproject.org wrote: (I'm not sure if the new installer even has an option for password-protecting grub2, offhand.) It doesn't. And this seems to be an area of confusion on the two grub lists for users and distro developers alike, looking to implement it. So I'm not certain that it's strictly an installer limitation. Chris Murphy Not sure about the installer, but the one in kickstart is broken (and has been broken since GRUB2): https://bugzilla.redhat.com/show_bug.cgi?id=840160 It should be fixable though I've not yet found the time to dig into it. I only ran into this last week since I (apparently) skipped F17 / GRUB2. --Stijn -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Tue, 2013-01-29 at 09:53 -0600, Dennis Gilmore wrote: as legal has said we cannot pregenerate initramfses Really? Why? -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Jan 29, 2013, at 11:56 AM, Reindl Harald h.rei...@thelounge.net wrote: grub2 in fedora is simply broken in this case https://bugzilla.redhat.com/show_bug.cgi?id=882721 So you've built grub2 from recent gnu.org source (Bazaar), and password protection works? Just the Fedora version is broken? Chris Murphy -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
Jaroslav Reznik (jrez...@redhat.com) said: = Features/DracutHostOnly = https://fedoraproject.org/wiki/Features/DracutHostOnly Feature owner(s): Harald Hoyer har...@redhat.com Only create host-only initramfs images. A generic fallback image should be installed by anaconda on installation/update and never ever be removed. == Detailed description == Current initramfs images contain most of the kernel drivers to boot from any hardware. This results in a very big initramfs, which takes a long time to load on system start and a long time to create on kernel updates. Switching to host-only will improve the situation. To cope with hardware change, a boot entry Rescue System should be installed with a full fledged initramfs also containing debug tools. This boot entry can then be used to recover from hardware changes and also from unforseen software failure after updates. Do we actually have agreement on the anaconda/lorax side for the changes required here? What happens if the updated system (due to userspace, SELinux policy, what have you) moves beyond something that can be properly rescued? Will there be a fedup module to regenerate the rescue image on OS upgrade? Bill -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Jan 29, 2013, at 12:34 PM, Reindl Harald h.rei...@thelounge.net wrote: Am 29.01.2013 20:30, schrieb Chris Murphy: On Jan 29, 2013, at 11:56 AM, Reindl Harald h.rei...@thelounge.net wrote: grub2 in fedora is simply broken in this case https://bugzilla.redhat.com/show_bug.cgi?id=882721 So you've built grub2 from recent gnu.org source (Bazaar), and password protection works? Just the Fedora version is broken? no, but i did not decide switch to grub2 with it wobbly configuration with a shell-language at all If it's fundamentally broken upstream, then it's not really a Fedora bug. Chris Murphy -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
Am 29.01.2013 19:48, schrieb Chris Murphy: On Jan 29, 2013, at 9:44 AM, Matthew Miller mat...@fedoraproject.org wrote: (I'm not sure if the new installer even has an option for password-protecting grub2, offhand.) It doesn't. And this seems to be an area of confusion on the two grub lists for users and distro developers alike, looking to implement it. So I'm not certain that it's strictly an installer limitation. grub2 in fedora is simply broken in this case https://bugzilla.redhat.com/show_bug.cgi?id=882721 signature.asc Description: OpenPGP digital signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
Am 29.01.2013 20:30, schrieb Chris Murphy: On Jan 29, 2013, at 11:56 AM, Reindl Harald h.rei...@thelounge.net wrote: grub2 in fedora is simply broken in this case https://bugzilla.redhat.com/show_bug.cgi?id=882721 So you've built grub2 from recent gnu.org source (Bazaar), and password protection works? Just the Fedora version is broken? no, but i did not decide switch to grub2 with it wobbly configuration with a shell-language at all signature.asc Description: OpenPGP digital signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
Am 29.01.2013 16:55, schrieb Bryn M. Reeves: Again, unless you have very different storage controllers this will not break. I really don't want or need every FC HBA kernel module, firmware bin file or other junk in my laptop initramfs just in case I happen to swap the disk to a laptop with built-in fibre-channel :-) The proposal not seem to be a significant performance enhancer. Fairly stock Fedora 18, on SSD: [root@f18v ~]# systemd-analyze Startup finished in 2185ms (kernel) + 1493ms (initrd) + 5834ms (userspace) = 9513ms After making 91-host-only.conf and running dracut -f. I get a 7.2MB initramfs instead of 31MB. And: [root@f18v ~]# systemd-analyze Startup finished in 1892ms (kernel) + 769ms (initrd) + 6086ms (userspace) = 8749ms ---Same test, different CPU, HDD: Stock: [root@f18s boot]# systemd-analyze Startup finished in 1180ms (kernel) + 3538ms (initramfs) + 20934ms (userspace) = 25653ms host-only initramfs: [root@f18s ~]# systemd-analyze Startup finished in 1082ms (kernel) + 2914ms (initramfs) + 25410ms (userspace) = 29407ms Curiously, the userspace figure consistently is longer when the initramfs is smaller. (Now if someone wants to explain how the kernel has 1/2 the time on a core2duo+HDD, compared to corei7+SSD, I can accept that offline.) Chris Murphy -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
Am 29.01.2013 20:47, schrieb Chris Murphy: On Jan 29, 2013, at 12:34 PM, Reindl Harald h.rei...@thelounge.net wrote: Am 29.01.2013 20:30, schrieb Chris Murphy: On Jan 29, 2013, at 11:56 AM, Reindl Harald h.rei...@thelounge.net wrote: grub2 in fedora is simply broken in this case https://bugzilla.redhat.com/show_bug.cgi?id=882721 So you've built grub2 from recent gnu.org source (Bazaar), and password protection works? Just the Fedora version is broken? no, but i did not decide switch to grub2 with it wobbly configuration with a shell-language at all If it's fundamentally broken upstream, then it's not really a Fedora bug. it did work in F16 sometimes later the config-file where i have defined grub-pwd again after a lot of search was silently renamed to rpmsave and the password DISABLED without notice the user that his security is broken so this is a regression and it does not bother me who has made it - it was introduced after it had worked signature.asc Description: OpenPGP digital signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Tue, 29.01.13 14:06, Chris Murphy (li...@colorremedies.com) wrote: Am 29.01.2013 16:55, schrieb Bryn M. Reeves: Again, unless you have very different storage controllers this will not break. I really don't want or need every FC HBA kernel module, firmware bin file or other junk in my laptop initramfs just in case I happen to swap the disk to a laptop with built-in fibre-channel :-) The proposal not seem to be a significant performance enhancer. Fairly stock Fedora 18, on SSD: [root@f18v ~]# systemd-analyze Startup finished in 2185ms (kernel) + 1493ms (initrd) + 5834ms (userspace) = 9513ms After making 91-host-only.conf and running dracut -f. I get a 7.2MB initramfs instead of 31MB. And: [root@f18v ~]# systemd-analyze Startup finished in 1892ms (kernel) + 769ms (initrd) + 6086ms (userspace) = 8749ms ---Same test, different CPU, HDD: Stock: [root@f18s boot]# systemd-analyze Startup finished in 1180ms (kernel) + 3538ms (initramfs) + 20934ms (userspace) = 25653ms host-only initramfs: [root@f18s ~]# systemd-analyze Startup finished in 1082ms (kernel) + 2914ms (initramfs) + 25410ms (userspace) = 29407ms Curiously, the userspace figure consistently is longer when the initramfs is smaller. (Now if someone wants to explain how the kernel has 1/2 the time on a core2duo+HDD, compared to corei7+SSD, I can accept that offline.) Much of the time is saved in the bootloader, since the initrd imager is now much shorter the boot loader will require muss less time to read it into memory. systemd-analyze won't show you this data (unless you run a git version and use gummiboot as boot loader.) That userspace is slower without initrd is probably because now some jobs that the initrd already did have to be done by userspace instead. Make sure to drop /.readahead before making these tests, and then reboot at least twice (ignoring the first run) before posting any performance data. Otherwise the readahead logic will skew your results. (And 10s boot, that's bad. Do you have LVM in the loop? LVM is the primary reason why our boots are slow. If you try to analyze your boot times it's best to get LVM out of the equation entirely, as that fucks everything up due to its flawed device discovery logic.) Lennart -- Lennart Poettering - Red Hat, Inc. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Jan 29, 2013, at 2:29 PM, Lennart Poettering mzerq...@0pointer.de wrote: Much of the time is saved in the bootloader, since the initrd imager is now much shorter the boot loader will require muss less time to read it into memory. systemd-analyze won't show you this data (unless you run a git version and use gummiboot as boot loader.) There's less than 1 second improvement from GRUB timeout to login prompt on the VM backed by SSD. There's maybe 4 seconds improvement on bare metal using this same feel metric. I haven't used gummiboot, so maybe I'll do some testing in the next cycle. For now, I've had quite enough of it's a dessert topping and a floor wax Rube Goldberg method of booting a computer with a UX I could hardly imagine my Doppelgänger inventing. (And 10s boot, that's bad. Do you have LVM in the loop? No LVM in either case. The 10s result is ext4 no journal single partition, VDI, VirtualBox, on OS X, on SSD. So that's two hits (vbox and xnu). Chris Murphy -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Tue, 2013-01-29 at 14:06 -0700, Chris Murphy wrote: Am 29.01.2013 16:55, schrieb Bryn M. Reeves: Again, unless you have very different storage controllers this will not break. I really don't want or need every FC HBA kernel module, firmware bin file or other junk in my laptop initramfs just in case I happen to swap the disk to a laptop with built-in fibre-channel :-) The proposal not seem to be a significant performance enhancer. snip This is just what I was going to ask for: numbers. I don't see how we can make a reasoned decision on a feature whose primary stated basis is 'performance', when said feature provides zero data on the claimed performance improvement. Per Lennart's mail it seems Chris' attempt is flawed, but at least he made an attempt. Perhaps the feature proposers could take the time to provide some numbers, taking Lennart's feedback into account? The onus would appear to be on them. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Tue, 29 Jan 2013 16:32:12 + Matthew Garrett mj...@srcf.ucam.org wrote: On Tue, Jan 29, 2013 at 09:53:32AM -0600, Dennis Gilmore wrote: as legal has said we cannot pregenerate initramfses i think this should be a non-starter. We already ship several pre-generated initramfses. that are built at kernel build time? the issue with building it at build time was making sure we knew exactly what sourcs we needed to ship to match all the binaries in the initramfs. the initramfs's we build and ship as part of teh install tree we know exactly what sources because they match what is in the release tree rather than what was in the buildroot at build time. Dennis -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Tue, Jan 29, 2013 at 05:22:00PM -0600, Dennis Gilmore wrote: We already ship several pre-generated initramfses. that are built at kernel build time? the issue with building it at build time was making sure we knew exactly what sourcs we needed to ship to match all the binaries in the initramfs. the initramfs's we build and ship as part of teh install tree we know exactly what sources because they match what is in the release tree rather than what was in the buildroot at build time. Does the kernel source RPM matching the initrd contain the necessary sources? -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ mat...@fedoraproject.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Tue, Jan 29, 2013 at 6:53 PM, Matthew Miller mat...@fedoraproject.org wrote: On Tue, Jan 29, 2013 at 05:22:00PM -0600, Dennis Gilmore wrote: We already ship several pre-generated initramfses. that are built at kernel build time? the issue with building it at build time was making sure we knew exactly what sourcs we needed to ship to match all the binaries in the initramfs. the initramfs's we build and ship as part of teh install tree we know exactly what sources because they match what is in the release tree rather than what was in the buildroot at build time. Does the kernel source RPM matching the initrd contain the necessary sources? What? No. The kernel source RPM contains kernel sources. It has nothing to do with the initramfs. It creates a dummy file with the same name by dd'ing from /dev/zero and marks that as %ghost. The actual initramfs is built by grubby when the kernel package is installed because of the call to new-kernel-pkg. josh -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Tue, 29 Jan 2013 18:53:00 -0500 Matthew Miller mat...@fedoraproject.org wrote: On Tue, Jan 29, 2013 at 05:22:00PM -0600, Dennis Gilmore wrote: We already ship several pre-generated initramfses. that are built at kernel build time? the issue with building it at build time was making sure we knew exactly what sourcs we needed to ship to match all the binaries in the initramfs. the initramfs's we build and ship as part of teh install tree we know exactly what sources because they match what is in the release tree rather than what was in the buildroot at build time. Does the kernel source RPM matching the initrd contain the necessary sources? not for every binary in the initramfs its much more than just the kernel and its modules. Dennis -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Tue, Jan 29, 2013 at 05:22:00PM -0600, Dennis Gilmore wrote: On Tue, 29 Jan 2013 16:32:12 + Matthew Garrett mj...@srcf.ucam.org wrote: On Tue, Jan 29, 2013 at 09:53:32AM -0600, Dennis Gilmore wrote: as legal has said we cannot pregenerate initramfses i think this should be a non-starter. We already ship several pre-generated initramfses. that are built at kernel build time? the issue with building it at build time was making sure we knew exactly what sourcs we needed to ship to match all the binaries in the initramfs. the initramfs's we build and ship as part of teh install tree we know exactly what sources because they match what is in the release tree rather than what was in the buildroot at build time. Yeah ok that case is a problem. -- Matthew Garrett | mj...@srcf.ucam.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Tue, Jan 29, 2013 at 06:57:29PM -0500, Josh Boyer wrote: that are built at kernel build time? the issue with building it at build time was making sure we knew exactly what sourcs we needed to ship to match all the binaries in the initramfs. the initramfs's we build and ship as part of teh install tree we know exactly what sources because they match what is in the release tree rather than what was in the buildroot at build time. Does the kernel source RPM matching the initrd contain the necessary sources? What? No. The kernel source RPM contains kernel sources. It has nothing to do with the initramfs. It creates a dummy file with the same name by dd'ing from /dev/zero and marks that as %ghost. The actual initramfs is built by grubby when the kernel package is installed because of the call to new-kernel-pkg. I kind of feel like you're just jumping in the middle here. The discussion was about building these at kernel build time, rather than having grubby do it. Then the above would cease to be true. If we've got binary bits we can't track back to the source, I can see why legal would be concerned. -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ mat...@fedoraproject.org -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Tue, Jan 29, 2013 at 7:43 PM, Matthew Miller mat...@fedoraproject.org wrote: On Tue, Jan 29, 2013 at 06:57:29PM -0500, Josh Boyer wrote: that are built at kernel build time? the issue with building it at build time was making sure we knew exactly what sourcs we needed to ship to match all the binaries in the initramfs. the initramfs's we build and ship as part of teh install tree we know exactly what sources because they match what is in the release tree rather than what was in the buildroot at build time. Does the kernel source RPM matching the initrd contain the necessary sources? What? No. The kernel source RPM contains kernel sources. It has nothing to do with the initramfs. It creates a dummy file with the same name by dd'ing from /dev/zero and marks that as %ghost. The actual initramfs is built by grubby when the kernel package is installed because of the call to new-kernel-pkg. I kind of feel like you're just jumping in the middle here. The discussion Er... indeed. I was. I thought you were asking a different question. I misread, so apologies. was about building these at kernel build time, rather than having grubby do it. Then the above would cease to be true. If we've got binary bits we can't track back to the source, I can see why legal would be concerned. Yes. Also, that sounds horrible. josh -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: Proposed F19 Feature: Dracut HostOnly
On Tue, 29.01.13 14:17, Adam Williamson (awill...@redhat.com) wrote: On Tue, 2013-01-29 at 14:06 -0700, Chris Murphy wrote: Am 29.01.2013 16:55, schrieb Bryn M. Reeves: Again, unless you have very different storage controllers this will not break. I really don't want or need every FC HBA kernel module, firmware bin file or other junk in my laptop initramfs just in case I happen to swap the disk to a laptop with built-in fibre-channel :-) The proposal not seem to be a significant performance enhancer. snip This is just what I was going to ask for: numbers. I don't see how we can make a reasoned decision on a feature whose primary stated basis is 'performance', when said feature provides zero data on the claimed performance improvement. Per Lennart's mail it seems Chris' attempt is flawed, but at least he made an attempt. Perhaps the feature proposers could take the time to provide some numbers, taking Lennart's feedback into account? The onus would appear to be on them. Full disclosure: I am actually really hoping for Harald's feature to include something that's not on the feature page right now: and that is the strongest form of host-only initrd support -- when the root disk is on a file system and storage that is accessible with compiled-in drivers, then dracut would skip generation of an initrd entirely. I have been running Linux regularly with and without initrd in the F15-F17 cycles (simply since we needed to support both cases with systemd). Then, booting without initrd usually cut off about 20% of the boot time. (I can't give you any up-to-date numbers for that however, since after I reinstalled my machine in the F18 development cycle I chose btrfs as root fs. btrfs is currently compiled as module, which means I cannot boot without initrd. I have now filed this bug so that I can start testing initrd-less boots again: https://bugzilla.redhat.com/show_bug.cgi?id=905611 ) Hey, Harald, any chance we can get the non-initrd-where-not-necessary trick, too? That would be too cool ;-) Lennart -- Lennart Poettering - Red Hat, Inc. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
