[systemd-devel] Read-only /etc, machine-id with an overlay - journald failing

Thu Feb 27 22:53:45 UTC 2020

Le jeu. 27 févr. 2020 à 16:30, Andreas Kempe <andreas.kempe at actia.se> a
écrit :

> On Thu, Feb 27, 2020 at 10:04:37AM +0100, Jérémy ROSEN wrote:
>
> It is somewhat comforting knowing that others are seeing similar
> issues. :)
>
>
And not to far... you're a customer of ours :P
(well... actia in Toulouse is...)

> > I did a complete analysis of what's going on, with a patch that improves
> > the situation here : https://github.com/systemd/systemd/pull/14135
> > I am not sure how to deal with it in your specific case.
> > the simplest approch would be to mount your overlay in a initrd (or in a
> > small script shell that is run before systemd and exec systemd as its
> last
> > step)
> >
>
> I was contemplating whether it could be acceptable having the same
> static machine-id file pre-generated for all systems. I'm not 100% sure
> what it's used for, TBH; would it be a really bad idea?
>

As long as two machines with the same machine-id are never in contact you
should be fine...

Theoretically the machine-id should never cross the network, but you never
know what individual apps might do

The only place where that could be problematic is the journal : if you mix
the logs of multiple machines with the
same machine-id, you won't be able to tell them appart and that might have
other side-effects I wouldn't know about...

>
> > My patch wouldn't really help in your case, but maybe you can "cheat" by
> > having the underlying /etc/machine-id bein a symlink to the overlay
> > directory... that could work.
> >
>
> I had a look at your patch and as you said, it doesn't really solve
> our use case. At the moment, we decided to remove the overlay from the
> affected parts and simply require a new system image if one wants to
> change /etc.
>
> We were planning on having signed read-only overlays for configuration
> in the future so I guess we'll have to investigate this further at a
> later date.
>
> Thank you for taking the time to respond!
> Cordially,
> Andreas Kempe

-- 
[image: SMILE]  <http://www.smile.eu/>

20 rue des Jardins
92600 Asnières-sur-Seine
*Jérémy ROSEN*
Architecte technique

[image: email] jeremy.rosen at smile.fr
[image: phone]  +33 6 88 25 87 42
[image: url] http://www.smile.eu

[image: Twitter] <https://twitter.com/GroupeSmile> [image: Facebook]
<https://www.facebook.com/smileopensource> [image: LinkedIn]
<https://www.linkedin.com/company/smile> [image: Github]
<https://github.com/Smile-SA>

[image: Découvrez l’univers Smile, rendez-vous sur smile.eu]
<https://www.smile.eu/fr/publications/livres-blancs/yocto?utm_source=signature&utm_medium=email&utm_campaign=signature>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20200227/edfe55d5/attachment-0001.htm>