Uploaded image for project: 'CoreOS OCP'
  1. CoreOS OCP
  2. COS-3625

[coreos/butane] Stop adding `rd.luks.key=/etc/luks/cex.key` for CEX support in sugar/config and move logic to `rdcore rootmap`

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected

      [3080737928] Upstream Reporter: Timothée Ravier
      Upstream issue status: Open
      Upstream description:

      Right now (or soon), when CEX is enabled in the `boot_device` sugar, the user also has to add an `rd.luks.key` karg using either an Ignition karg (on non-OpenShift variants), or an OpenShift/MCO-level karg (on OpenShift; those are different right now – the MCO has its own kargs logic and doesn't yet use Ignition kargs for first boot).

      This unnecessarily incurs an additional reboot (in the case of non-OpenShift variants, upfront, in the case of OpenShift variants, by the MCO). Instead, we should probably have `rdcore rootmap` inject this karg like [it does other LUKS-related kargs](https://github.com/coreos/coreos-installer/blob/04f3e5f4c2effbc7ac6d017721ddd7b87d19b70e/src/bin/rdcore/rootmap.rs#L153).

      See:

              Unassigned Unassigned
              upstream-sync Upstream Sync
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: