Update ignition files

2026-02-08 11:04:02 +00:00
parent 986f18c8a5
commit 7575a1f666
6 changed files with 101 additions and 11 deletions
--- a/ignition/base.bu
+++ b/ignition/base.bu
@@ -2,6 +2,7 @@ variant: fcos
 version: 1.6.0
 storage:
  files:
+    # Make the device wary of updating, and do maintenance early in the weekend mornings
    - path: /etc/zincati/config.d/51-rollout-wariness.toml
      contents:
        inline: |
@@ -19,6 +20,48 @@ storage:

 systemd:
  units:
+    # Disable SSH (so Ansible waits until config has completed before continuing)
+    - name: ignition-start-config.service
+      enabled: true
+      contents: |
+        [Unit]
+        Description=Block SSH during configuration
+        After=network-online.target
+        Before=zincati.service
+        ConditionPathExists=!/var/lib/%N.stamp
+
+        [Service]
+        Type=oneshot
+        RemainAfterExit=yes
+        ExecStart=/usr/bin/systemctl stop sshd
+        ExecStart=/usr/bin/systemctl disable sshd
+        ExecStart=/usr/bin/touch /var/lib/%N.stamp
+        ExecStart=/usr/bin/echo "SSH currently disabled until configuration completes" | /usr/bin/tee /etc/issue.d/35-ssh-blocked.issue
+        ExecStart=/usr/bin/systemctl restart getty@tty1
+
+        [Install]
+        WantedBy=multi-user.target
+    # Enable SSH once configuration has finished so Ansible can continue 
+    - name: ignition-finish-config.service
+      enabled: true
+      contents: |
+        [Unit]
+        Description=Enable SSH after configuration
+        After=zincati.service
+        ConditionPathExists=!/var/lib/%N.stamp
+
+        [Service]
+        Type=oneshot
+        RemainAfterExit=yes
+        ExecStart=/usr/bin/systemctl start sshd
+        ExecStart=/usr/bin/systemctl enable sshd
+        ExecStart=/usr/bin/touch /var/lib/%N.stamp
+        ExecStart=/usr/bin/rm /etc/issue.d/35-ssh-blocked.issue
+        ExecStart=/usr/bin/systemctl restart getty@tty1
+
+        [Install]
+        WantedBy=multi-user.target
+
    # Install qemu-guest-agent
    - name: rpm-ostree-install-qemu-guest-agent.service
      enabled: true
@@ -26,7 +69,7 @@ systemd:
        [Unit]
        Description=Install QEMU Guest Agent
        Wants=network-online.target
-        After=network-online.target
+        After=ignition-start-config.service
        Before=zincati.service
        ConditionPathExists=!/var/lib/%N.stamp