Unable to disable pre-enabled extensions via enabled-sysext.conf

Question

Unable to disable pre-enabled extensions via enabled-sysext.conf

2b opened this issue a month ago · comments

2b commented a month ago

Description

Adding -EXTENSION_NAME line into /etc/flatcar/enabled-sysext.conf file doesn't disable pre-enabled extensions.

Impact

Can't disable the Docker extension after enabling Podman.

Environment and steps to reproduce

NAME="Flatcar Container Linux by Kinvolk"
ID=flatcar
ID_LIKE=coreos
VERSION=3975.0.0
VERSION_ID=3975.0.0
BUILD_ID=2024-05-19-2140
SYSEXT_LEVEL=1.0
PRETTY_NAME="Flatcar Container Linux by Kinvolk 3975.0.0 (Oklo)"
ANSI_COLOR="38;5;75"
HOME_URL="https://flatcar.org/"
BUG_REPORT_URL="https://issues.flatcar.org"
FLATCAR_BOARD="amd64-usr"
CPE_NAME="cpe:2.3:o:flatcar-linux:flatcar_linux:3975.0.0:*:*:*:*:*:*:*"

Deploy Flatcar via Ignition, placing -containerd and -docker lines into /etc/flatcar/enabled-sysext.conf
systemd-sysext list still shows containerd-flatcar and docker-flatcar extensions.

Expected behavior

Extensions should be disabled with a -NAME entry in /etc/flatcar/enabled-sysext.conf, as stated in the documentation.

Additional information

Extensions can be manually disabled by removing links from /etc/extensions/

Mathieu Tortuyaux · Answer 1 · Mon Jun 24 2024 19:58:27 GMT+0800 (China Standard Time)

Hi @2b,

The file /etc/flatcar/enabled-sysext.conf can be used to control the official sysext images (currently zfs, podman and python in the next alpha). For now, none of these are enabled by default - the -NAME would be used to deactivate one of those extension in the case they would be enabled by default.

To deactivate the built-in sysext images: containerd, docker or the OEM, you might be interested to follow this: https://www.flatcar.org/docs/latest/provisioning/sysext/#supplying-your-sysext-image-from-ignition

...
storage:
  links:
    - path: /etc/extensions/docker-flatcar.raw
      target: /dev/null
      overwrite: true
    - path: /etc/extensions/containerd-flatcar.raw
      target: /dev/null
      overwrite: true

There is this tracking issue to enhance the documentation around sysext and to make it clearer for users: #1476

2b · Answer 2 · Mon Jun 24 2024 21:13:58 GMT+0800 (China Standard Time)

Hello @tormath1,

Thank you for the explanation. That indeed wasn’t clear from the documentation.

Mathieu Tortuyaux · Answer 3 · Mon Jun 24 2024 23:23:16 GMT+0800 (China Standard Time)

@2b did the suggested configuration has worked for you?

2b · Answer 4 · Mon Jun 24 2024 23:25:18 GMT+0800 (China Standard Time)

It did, thank you.

Mathieu Tortuyaux · Answer 5 · Mon Jun 24 2024 23:28:03 GMT+0800 (China Standard Time)

Ok, in this case I'm going to close this in favor of: #1476 (in which I referenced your issue). Thanks!