Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Test-Layout s390x #483

Closed
wants to merge 8 commits into from
Closed
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion config/fcos/v1_6_exp/schema.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ type BootDevice struct {

type BootDeviceLuks struct {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Commit 561ce19 should be amended with a724048

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll create a new PR with less clutter on spaces and new line. This PR was not supposed to raised, As i need some assistance is some of the logic in coding which i am not able to meet. I'll work upon.

Discard *bool `yaml:"discard"`
Device string `yaml:"device"`
Device string `yaml:"device"`
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit:This change should have been part of the originating commit.

Tang []base.Tang `yaml:"tang"`
Threshold *int `yaml:"threshold"`
Tpm2 *bool `yaml:"tpm2"`
Expand Down
54 changes: 12 additions & 42 deletions config/fcos/v1_6_exp/translate.go
Original file line number Diff line number Diff line change
Expand Up @@ -117,17 +117,12 @@ func (c Config) processBootDevice(config *types.Config, ts *translate.Translatio

// check for high-level features
wantLuks := util.IsTrue(c.BootDevice.Luks.Tpm2) || len(c.BootDevice.Luks.Tang) > 0
wantLuksDevice := len(c.BootDevice.Luks.Device) > 0
wantMirror := len(c.BootDevice.Mirror.Devices) > 0

if !wantLuks && !wantMirror {
return r
}

if wantLuksDevice && wantLuks {
panic("can't happen")
}

// compute layout rendering options
var wantBIOSPart bool
var wantEFIPart bool
Expand All @@ -143,11 +138,11 @@ func (c Config) processBootDevice(config *types.Config, ts *translate.Translatio
wantEFIPart = true
case *layout == "ppc64le":
wantPRePPart = true
case *layout == "s390x-zfcp" && wantLuksDevice:
case *layout == "s390x-zfcp" && !wantMirror:
wantMBR = true
case *layout == "s390x-eckd" && wantLuksDevice:
case *layout == "s390x-eckd" && !wantMirror:
wantDasd = true
case *layout == "s390x-virt" && !wantLuksDevice:
case *layout == "s390x-virt":
wantBIOSPart = true
wantEFIPart = true
default:
Expand Down Expand Up @@ -254,35 +249,8 @@ func (c Config) processBootDevice(config *types.Config, ts *translate.Translatio
rendered.Storage.Filesystems = append(rendered.Storage.Filesystems, bootFilesystem)
}

// encrypted root partition
//encrypted root partition
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: why did we remove a space in the comment it makes it less readable.

if wantLuks {
luksDevice := "/dev/disk/by-partlabel/root"
if wantMirror {
luksDevice = "/dev/md/md-root"
}
clevis, ts2, r2 := translateBootDeviceLuks(c.BootDevice.Luks, options)
rendered.Storage.Luks = []types.Luks{{
Clevis: clevis,
Device: &luksDevice,
Discard: c.BootDevice.Luks.Discard,
Label: util.StrToPtr("luks-root"),
Name: "root",
WipeVolume: util.BoolToPtr(true),
}}
lpath := path.New("yaml", "boot_device", "luks")
rpath := path.New("json", "storage", "luks", 0)
renderedTranslations.Merge(ts2.PrefixPaths(lpath, rpath.Append("clevis")))
renderedTranslations.AddTranslation(lpath.Append("discard"), rpath.Append("discard"))
for _, f := range []string{"device", "label", "name", "wipeVolume"} {
renderedTranslations.AddTranslation(lpath, rpath.Append(f))
}
renderedTranslations.AddTranslation(lpath, rpath)
renderedTranslations.AddTranslation(lpath, path.New("json", "storage", "luks"))
r.Merge(r2)
}

//encrypted root partition for s390x
if wantMBR || wantDasd {
var luksDevice string
dasd := dasdRe.FindString(c.BootDevice.Luks.Device)
sd := sdRe.FindString(c.BootDevice.Luks.Device)
Expand All @@ -292,9 +260,15 @@ func (c Config) processBootDevice(config *types.Config, ts *translate.Translatio
luksDevice = sd + strconv.Itoa(2)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we get a comment explaining the luks device value?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also why strconv.Itoa()? and not "2" and is there a better way so there is not string magic?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will add the comment explaining the luks device value..

Also why strconv.Itoa()? and not "2" and is there a better way so there is not string magic?
Yes will add, sd + "2"

case wantDasd && len(dasd) != 0:
luksDevice = dasd + strconv.Itoa(2)
case wantMirror:
luksDevice = "/dev/md/md-root"
default:
panic("Incorrect Device Parameter")
luksDevice = "/dev/disk/by-partlabel/root"
}
// luksDevice := "/dev/disk/by-partlabel/root"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Commented out code is a no no.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will remove the commented out code.

// if wantMirror {
// luksDevice = "/dev/md/md-root"
// }
clevis, ts2, r2 := translateBootDeviceLuks(c.BootDevice.Luks, options)
rendered.Storage.Luks = []types.Luks{{
Clevis: clevis,
Expand All @@ -314,9 +288,8 @@ func (c Config) processBootDevice(config *types.Config, ts *translate.Translatio
renderedTranslations.AddTranslation(lpath, rpath)
renderedTranslations.AddTranslation(lpath, path.New("json", "storage", "luks"))
r.Merge(r2)

}

// create root filesystem
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see above.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will remove the extra line.

var rootDevice string
switch {
Expand All @@ -326,9 +299,6 @@ func (c Config) processBootDevice(config *types.Config, ts *translate.Translatio
case wantMirror:
// RAID without LUKS
rootDevice = "/dev/md/md-root"
case wantLuksDevice:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So we added a case and then removed it. This makes reviewing this a bit confusing, this change should have been amended to the originating commit.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll make sure that i create a new branch with PR and update without any re-write on existing code.

//Only Luks for s390x
rootDevice = "/dev/mapper/root"
default:
panic("can't happen")
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: White space after '}'

Expand Down
2 changes: 1 addition & 1 deletion docs/config-fcos-v1_3.md
Original file line number Diff line number Diff line change
Expand Up @@ -198,7 +198,7 @@ The Fedora CoreOS configuration is a YAML document conforming to the following s
* **_should_exist_** (boolean): whether or not the group with the specified `name` should exist. If omitted, it defaults to true. If false, then Ignition will delete the specified group.
* **_system_** (boolean): whether or not the group should be a system group. This only has an effect if the group doesn't exist yet.
* **_boot_device_** (object): describes the desired boot device configuration. At least one of `luks` or `mirror` must be specified.
* **_layout_** (string): the disk layout of the target OS image. Supported values are `aarch64`, `ppc64le`, and `x86_64`. Defaults to `x86_64`.
* **_layout_** (string): the disk layout of the target OS image. Supported values are `aarch64`, `ppc64le`, `s390x-zfcp`, `s390x-eckd`, `s390x-virt` and `x86_64`. Defaults to `x86_64`.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"aarch64, ppc64le, and x86_64"

ie : "aarch64, ppc64le,s390x-eckd, s390x-virt, s390x-zfcp, and x86_64. Defaults to x86_64".

I think these were alphabetical lets keep it that way :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will update that.

* **_luks_** (object): describes the clevis configuration for encrypting the root filesystem.
* **_tang_** (list of objects): describes a tang server. Every server must have a unique `url`.
* **url** (string): url of the tang server.
Expand Down
2 changes: 1 addition & 1 deletion docs/config-fcos-v1_4.md
Original file line number Diff line number Diff line change
Expand Up @@ -201,7 +201,7 @@ The Fedora CoreOS configuration is a YAML document conforming to the following s
* **_should_exist_** (list of strings): the list of kernel arguments that should exist.
* **_should_not_exist_** (list of strings): the list of kernel arguments that should not exist.
* **_boot_device_** (object): describes the desired boot device configuration. At least one of `luks` or `mirror` must be specified.
* **_layout_** (string): the disk layout of the target OS image. Supported values are `aarch64`, `ppc64le`, and `x86_64`. Defaults to `x86_64`.
* **_layout_** (string): the disk layout of the target OS image. Supported values are `aarch64`, `ppc64le`, `s390x-zfcp`, `s390x-eckd`, `s390x-virt` and `x86_64`. Defaults to `x86_64`.
* **_luks_** (object): describes the clevis configuration for encrypting the root filesystem.
* **_tang_** (list of objects): describes a tang server. Every server must have a unique `url`.
* **url** (string): url of the tang server.
Expand Down
2 changes: 1 addition & 1 deletion docs/config-fcos-v1_5.md
Original file line number Diff line number Diff line change
Expand Up @@ -207,7 +207,7 @@ The Fedora CoreOS configuration is a YAML document conforming to the following s
* **_should_exist_** (list of strings): the list of kernel arguments that should exist.
* **_should_not_exist_** (list of strings): the list of kernel arguments that should not exist.
* **_boot_device_** (object): describes the desired boot device configuration. At least one of `luks` or `mirror` must be specified.
* **_layout_** (string): the disk layout of the target OS image. Supported values are `aarch64`, `ppc64le`, and `x86_64`. Defaults to `x86_64`.
* **_layout_** (string): the disk layout of the target OS image. Supported values are `aarch64`, `ppc64le`, `s390x-zfcp`, `s390x-eckd`, `s390x-virt` and `x86_64`. Defaults to `x86_64`.
* **_luks_** (object): describes the clevis configuration for encrypting the root filesystem.
* **_tang_** (list of objects): describes a tang server. Every server must have a unique `url`.
* **url** (string): url of the tang server.
Expand Down
3 changes: 2 additions & 1 deletion docs/config-fcos-v1_6-exp.md
Original file line number Diff line number Diff line change
Expand Up @@ -209,13 +209,14 @@ The Fedora CoreOS configuration is a YAML document conforming to the following s
* **_should_exist_** (list of strings): the list of kernel arguments that should exist.
* **_should_not_exist_** (list of strings): the list of kernel arguments that should not exist.
* **_boot_device_** (object): describes the desired boot device configuration. At least one of `luks` or `mirror` must be specified.
* **_layout_** (string): the disk layout of the target OS image. Supported values are `aarch64`, `ppc64le`, and `x86_64`. Defaults to `x86_64`.
* **_layout_** (string): the disk layout of the target OS image. Supported values are `aarch64`, `ppc64le`, `s390x-zfcp`, `s390x-eckd`, `s390x-virt` and `x86_64`. Defaults to `x86_64`.
* **_luks_** (object): describes the clevis configuration for encrypting the root filesystem.
* **_tang_** (list of objects): describes a tang server. Every server must have a unique `url`.
* **url** (string): url of the tang server.
* **thumbprint** (string): thumbprint of a trusted signing key.
* **_advertisement_** (string): the advertisement JSON. If not specified, the advertisement is fetched from the tang server during provisioning.
* **_tpm2_** (boolean): whether or not to use a tpm2 device.
* **device** (string): Specifically for s390x `eckd` and `zfcp` disk without `mirror`.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If "device" is specifically for s390x maybe we can name it more explicitly rather then "device"? wdyt?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how about luks.device-s390x ?

* **_threshold_** (integer): sets the minimum number of pieces required to decrypt the device. Default is 1.
* **_discard_** (boolean): whether to issue discard commands to the underlying block device when blocks are freed. Enabling this improves performance and device longevity on SSDs and space utilization on thinly provisioned SAN devices, but leaks information about which disk blocks contain data. If omitted, it defaults to false.
* **_mirror_** (object): describes mirroring of the boot disk for fault tolerance.
Expand Down
2 changes: 1 addition & 1 deletion docs/config-openshift-v4_10.md
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ The OpenShift configuration is a YAML document conforming to the following speci
* **name** (string): the username for the account. Must be `core`.
* **_ssh_authorized_keys_** (list of strings): a list of SSH keys to be added to `.ssh/authorized_keys` (OpenShift < 4.13) or `.ssh/authorized_keys.d/ignition` (OpenShift ≥ 4.13) in the user's home directory. All SSH keys must be unique.
* **_boot_device_** (object): describes the desired boot device configuration. At least one of `luks` or `mirror` must be specified.
* **_layout_** (string): the disk layout of the target OS image. Supported values are `aarch64`, `ppc64le`, and `x86_64`. Defaults to `x86_64`.
* **_layout_** (string): the disk layout of the target OS image. Supported values are `aarch64`, `ppc64le`, `s390x-zfcp`, `s390x-eckd`, `s390x-virt` and `x86_64`. Defaults to `x86_64`.
* **_luks_** (object): describes the clevis configuration for encrypting the root filesystem.
* **_tang_** (list of objects): describes a tang server. Every server must have a unique `url`.
* **url** (string): url of the tang server.
Expand Down
2 changes: 1 addition & 1 deletion docs/config-openshift-v4_11.md
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ The OpenShift configuration is a YAML document conforming to the following speci
* **name** (string): the username for the account. Must be `core`.
* **_ssh_authorized_keys_** (list of strings): a list of SSH keys to be added to `.ssh/authorized_keys` (OpenShift < 4.13) or `.ssh/authorized_keys.d/ignition` (OpenShift ≥ 4.13) in the user's home directory. All SSH keys must be unique.
* **_boot_device_** (object): describes the desired boot device configuration. At least one of `luks` or `mirror` must be specified.
* **_layout_** (string): the disk layout of the target OS image. Supported values are `aarch64`, `ppc64le`, and `x86_64`. Defaults to `x86_64`.
* **_layout_** (string): the disk layout of the target OS image. Supported values are `aarch64`, `ppc64le`, `s390x-zfcp`, `s390x-eckd`, `s390x-virt` and `x86_64`. Defaults to `x86_64`.
* **_luks_** (object): describes the clevis configuration for encrypting the root filesystem.
* **_tang_** (list of objects): describes a tang server. Every server must have a unique `url`.
* **url** (string): url of the tang server.
Expand Down
2 changes: 1 addition & 1 deletion docs/config-openshift-v4_12.md
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ The OpenShift configuration is a YAML document conforming to the following speci
* **name** (string): the username for the account. Must be `core`.
* **_ssh_authorized_keys_** (list of strings): a list of SSH keys to be added to `.ssh/authorized_keys` (OpenShift < 4.13) or `.ssh/authorized_keys.d/ignition` (OpenShift ≥ 4.13) in the user's home directory. All SSH keys must be unique.
* **_boot_device_** (object): describes the desired boot device configuration. At least one of `luks` or `mirror` must be specified.
* **_layout_** (string): the disk layout of the target OS image. Supported values are `aarch64`, `ppc64le`, and `x86_64`. Defaults to `x86_64`.
* **_layout_** (string): the disk layout of the target OS image. Supported values are `aarch64`, `ppc64le`, `s390x-zfcp`, `s390x-eckd`, `s390x-virt` and `x86_64`. Defaults to `x86_64`.
* **_luks_** (object): describes the clevis configuration for encrypting the root filesystem.
* **_tang_** (list of objects): describes a tang server. Every server must have a unique `url`.
* **url** (string): url of the tang server.
Expand Down
2 changes: 1 addition & 1 deletion docs/config-openshift-v4_13.md
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ The OpenShift configuration is a YAML document conforming to the following speci
* **_password_hash_** (string): the hashed password for the account.
* **_ssh_authorized_keys_** (list of strings): a list of SSH keys to be added as an SSH key fragment at `.ssh/authorized_keys.d/ignition` in the user's home directory. All SSH keys must be unique.
* **_boot_device_** (object): describes the desired boot device configuration. At least one of `luks` or `mirror` must be specified.
* **_layout_** (string): the disk layout of the target OS image. Supported values are `aarch64`, `ppc64le`, and `x86_64`. Defaults to `x86_64`.
* **_layout_** (string): the disk layout of the target OS image. Supported values are `aarch64`, `ppc64le`, `s390x-zfcp`, `s390x-eckd`, `s390x-virt` and `x86_64`. Defaults to `x86_64`.
* **_luks_** (object): describes the clevis configuration for encrypting the root filesystem.
* **_tang_** (list of objects): describes a tang server. Every server must have a unique `url`.
* **url** (string): url of the tang server.
Expand Down
3 changes: 2 additions & 1 deletion docs/config-openshift-v4_14-exp.md
Original file line number Diff line number Diff line change
Expand Up @@ -158,13 +158,14 @@ The OpenShift configuration is a YAML document conforming to the following speci
* **_ssh_authorized_keys_** (list of strings): a list of SSH keys to be added as an SSH key fragment at `.ssh/authorized_keys.d/ignition` in the user's home directory. All SSH keys must be unique.
* **_ssh_authorized_keys_local_** (list of strings): a list of local paths to SSH key files, relative to the directory specified by the `--files-dir` command-line argument, to be added as SSH key fragments at `.ssh/authorized_keys.d/ignition` in the user's home directory. All SSH keys must be unique. Each file may contain multiple SSH keys, one per line.
* **_boot_device_** (object): describes the desired boot device configuration. At least one of `luks` or `mirror` must be specified.
* **_layout_** (string): the disk layout of the target OS image. Supported values are `aarch64`, `ppc64le`, and `x86_64`. Defaults to `x86_64`.
* **_layout_** (string): the disk layout of the target OS image. Supported values are `aarch64`, `ppc64le`, `s390x-zfcp`, `s390x-eckd`, `s390x-virt` and `x86_64`. Defaults to `x86_64`.
* **_luks_** (object): describes the clevis configuration for encrypting the root filesystem.
* **_tang_** (list of objects): describes a tang server. Every server must have a unique `url`.
* **url** (string): url of the tang server.
* **thumbprint** (string): thumbprint of a trusted signing key.
* **_advertisement_** (string): the advertisement JSON. If not specified, the advertisement is fetched from the tang server during provisioning.
* **_tpm2_** (boolean): whether or not to use a tpm2 device.
* **device** (string): Specifically for s390x `eckd` and `zfcp` disk without `mirror`.
* **_threshold_** (integer): sets the minimum number of pieces required to decrypt the device. Default is 1.
* **_discard_** (boolean): whether to issue discard commands to the underlying block device when blocks are freed. Enabling this improves performance and device longevity on SSDs and space utilization on thinly provisioned SAN devices, but leaks information about which disk blocks contain data. If omitted, it defaults to false.
* **_mirror_** (object): describes mirroring of the boot disk for fault tolerance.
Expand Down
2 changes: 1 addition & 1 deletion docs/config-openshift-v4_8.md
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,7 @@ The OpenShift configuration is a YAML document conforming to the following speci
* **name** (string): the username for the account. Must be `core`.
* **_ssh_authorized_keys_** (list of strings): a list of SSH keys to be added to `.ssh/authorized_keys` (OpenShift < 4.13) or `.ssh/authorized_keys.d/ignition` (OpenShift ≥ 4.13) in the user's home directory. All SSH keys must be unique.
* **_boot_device_** (object): describes the desired boot device configuration. At least one of `luks` or `mirror` must be specified.
* **_layout_** (string): the disk layout of the target OS image. Supported values are `aarch64`, `ppc64le`, and `x86_64`. Defaults to `x86_64`.
* **_layout_** (string): the disk layout of the target OS image. Supported values are `aarch64`, `ppc64le`, `s390x-zfcp`, `s390x-eckd`, `s390x-virt` and `x86_64`. Defaults to `x86_64`.
* **_luks_** (object): describes the clevis configuration for encrypting the root filesystem.
* **_tang_** (list of objects): describes a tang server. Every server must have a unique `url`.
* **url** (string): url of the tang server.
Expand Down
2 changes: 1 addition & 1 deletion docs/config-openshift-v4_9.md
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,7 @@ The OpenShift configuration is a YAML document conforming to the following speci
* **name** (string): the username for the account. Must be `core`.
* **_ssh_authorized_keys_** (list of strings): a list of SSH keys to be added to `.ssh/authorized_keys` (OpenShift < 4.13) or `.ssh/authorized_keys.d/ignition` (OpenShift ≥ 4.13) in the user's home directory. All SSH keys must be unique.
* **_boot_device_** (object): describes the desired boot device configuration. At least one of `luks` or `mirror` must be specified.
* **_layout_** (string): the disk layout of the target OS image. Supported values are `aarch64`, `ppc64le`, and `x86_64`. Defaults to `x86_64`.
* **_layout_** (string): the disk layout of the target OS image. Supported values are `aarch64`, `ppc64le`, `s390x-zfcp`, `s390x-eckd`, `s390x-virt` and `x86_64`. Defaults to `x86_64`.
* **_luks_** (object): describes the clevis configuration for encrypting the root filesystem.
* **_tang_** (list of objects): describes a tang server. Every server must have a unique `url`.
* **url** (string): url of the tang server.
Expand Down
36 changes: 36 additions & 0 deletions docs/examples.md
Original file line number Diff line number Diff line change
Expand Up @@ -281,6 +281,42 @@ boot_device:
thumbprint: REPLACE-THIS-WITH-YOUR-TANG-THUMBPRINT
```

This example uses the shortcut `boot_device` syntax to configure an encrypted root filesystem unlocked with a combination of a network Tang server in S390x.

<!-- butane-config -->
```yaml
variant: fcos
version: 1.3.0
boot_device:
layout: s390x-eckd
luks:
device: /dev/dasda
tang:
- url: https://tang.example.com
thumbprint: REPLACE-THIS-WITH-YOUR-TANG-THUMBPRINT
```
```yaml
variant: fcos
version: 1.3.0
boot_device:
layout: s390x-zfcp
luks:
device: /dev/sdb
tang:
- url: https://tang.example.com
thumbprint: REPLACE-THIS-WITH-YOUR-TANG-THUMBPRINT
```
```yaml
variant: fcos
version: 1.3.0
boot_device:
layout: s390x-virt
luks:
tang:
- url: https://tang.example.com
thumbprint: REPLACE-THIS-WITH-YOUR-TANG-THUMBPRINT
```

This example combines `boot_device` with a manually-specified filesystem `format` to create an encrypted root filesystem formatted with `ext4` instead of the default `xfs`.

<!-- butane-config -->
Expand Down
4 changes: 3 additions & 1 deletion internal/doc/butane.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -395,14 +395,16 @@ root:
desc: describes the desired boot device configuration. At least one of `luks` or `mirror` must be specified.
children:
- name: layout
desc: the disk layout of the target OS image. Supported values are `aarch64`, `ppc64le`, and `x86_64`. Defaults to `x86_64`.
desc: the disk layout of the target OS image. Supported values are `aarch64`, `ppc64le`, `s390x-zfcp`, `s390x-eckd`, `s390x-virt` and `x86_64`. Defaults to `x86_64`.
- name: luks
desc: describes the clevis configuration for encrypting the root filesystem.
children:
- name: tang
use: tang
- name: tpm2
desc: whether or not to use a tpm2 device.
- name: device
desc: Specifically for s390x `eckd` and `zfcp` disk without `mirror`.
- name: threshold
desc: sets the minimum number of pieces required to decrypt the device. Default is 1.
- name: discard
Expand Down