Merge pull request #4765 from ggiguash/usr-lib-systemd-usage

openshift-merge-bot[bot] · web-flow · commit 8782abf270f2 · 2025-04-04T09:57:41.000Z
USHIFT-5533: Switch to using immutable filesystem for installing systemd drop-ins
diff --git a/docs/config/Containerfile.bootc-embedded-rhel9 b/docs/config/Containerfile.bootc-embedded-rhel9
@@ -38,9 +38,9 @@ done < "${IMAGE_LIST_FILE}"
 EOF
 
 RUN chmod 755 /usr/bin/microshift-copy-images && \
-    mkdir -p /etc/systemd/system/microshift.service.d
+    mkdir -p /usr/lib/systemd/system/microshift.service.d
 
-RUN cat > /etc/systemd/system/microshift.service.d/microshift-copy-images.conf <<EOF
+RUN cat > /usr/lib/systemd/system/microshift.service.d/microshift-copy-images.conf <<EOF
 [Service]
 ExecStartPre=/usr/bin/microshift-copy-images
 EOF
diff --git a/docs/config/Containerfile.bootc-rhel9 b/docs/config/Containerfile.bootc-rhel9
@@ -33,7 +33,7 @@ RUN firewall-offline-cmd --zone=public --add-port=80/tcp && \
 
 # Create a systemd unit to recursively make the root filesystem subtree
 # shared as required by OVN images
-RUN cat > /etc/systemd/system/microshift-make-rshared.service <<'EOF'
+RUN cat > /usr/lib/systemd/system/microshift-make-rshared.service <<'EOF'
 [Unit]
 Description=Make root filesystem shared
 Before=microshift.service
diff --git a/docs/contributor/image_mode.md b/docs/contributor/image_mode.md
@@ -734,8 +734,8 @@ Add the following command to the MicroShift image build procedure to create a
 ```
 # Install systemd configuration drop-ins to fix potential permission problems
 # when upgrading from older rpm-ostree commits to Image Mode container layers
-RUN mkdir -p /etc/systemd/system/ovsdb-server.service.d && \
-    cat > /etc/systemd/system/ovsdb-server.service.d/microshift-ovsdb-ownership.conf <<'EOF'
+RUN mkdir -p /usr/lib/systemd/system/ovsdb-server.service.d && \
+    cat > /usr/lib/systemd/system/ovsdb-server.service.d/microshift-ovsdb-ownership.conf <<'EOF'
 # The openvswitch database files must be owned by the appropriate user and its
 # primary group. Note that the user and its group may be overwritten too, so
 # they need to be recreated in this case.
diff --git a/okd/src/microshift-okd-multi-build.Containerfile b/okd/src/microshift-okd-multi-build.Containerfile
@@ -79,5 +79,5 @@ RUN if [ -n "$EMBED_CONTAINER_IMAGES" ] ; then \
 
 # Create a systemd unit to recursively make the root filesystem subtree
 # shared as required by OVN images
-COPY ./packaging/imagemode/systemd/microshift-make-rshared.service /etc/systemd/system/microshift-make-rshared.service
+COPY ./packaging/imagemode/systemd/microshift-make-rshared.service /usr/lib/systemd/system/microshift-make-rshared.service
 RUN systemctl enable microshift-make-rshared.service
diff --git a/okd/src/microshift-okd-run.Containerfile b/okd/src/microshift-okd-run.Containerfile
@@ -30,5 +30,5 @@ RUN ${OKD_CONFIG_SCRIPT} && rm -rf ${OKD_CONFIG_SCRIPT}
 
 # Create a systemd unit to recursively make the root filesystem subtree
 # shared as required by OVN images
-COPY ./packaging/imagemode/systemd/microshift-make-rshared.service /etc/systemd/system/microshift-make-rshared.service
+COPY ./packaging/imagemode/systemd/microshift-make-rshared.service /usr/lib/systemd/system/microshift-make-rshared.service
 RUN systemctl enable microshift-make-rshared.service
diff --git a/packaging/imagemode/Containerfile.repobase b/packaging/imagemode/Containerfile.repobase
@@ -30,5 +30,5 @@ ConditionVirtualization=container\n\
 Type=oneshot\n\
 ExecStart=/usr/bin/mount --make-rshared /\n\
 [Install]\n\
-WantedBy=multi-user.target\n' > /etc/systemd/system/microshift-make-rshared.service && \
+WantedBy=multi-user.target\n' > /usr/lib/systemd/system/microshift-make-rshared.service && \
     systemctl enable microshift-make-rshared.service
diff --git a/packaging/imagemode/Containerfile.repourl b/packaging/imagemode/Containerfile.repourl
@@ -39,5 +39,5 @@ RUN firewall-offline-cmd --zone=public --add-port=22/tcp && \
 
 # Create a systemd unit to recursively make the root filesystem subtree
 # shared as required by OVN images
-COPY ./systemd/microshift-make-rshared.service /etc/systemd/system/microshift-make-rshared.service
+COPY ./systemd/microshift-make-rshared.service /usr/lib/systemd/system/microshift-make-rshared.service
 RUN systemctl enable microshift-make-rshared.service
diff --git a/packaging/imagemode/Containerfile.rhocp b/packaging/imagemode/Containerfile.rhocp
@@ -21,5 +21,5 @@ RUN firewall-offline-cmd --zone=public --add-port=22/tcp && \
 
 # Create a systemd unit to recursively make the root filesystem subtree
 # shared as required by OVN images
-COPY ./systemd/microshift-make-rshared.service /etc/systemd/system/microshift-make-rshared.service
+COPY ./systemd/microshift-make-rshared.service /usr/lib/systemd/system/microshift-make-rshared.service
 RUN systemctl enable microshift-make-rshared.service
diff --git a/test/image-blueprints-bootc/layer1-base/group2/rhel96-bootc-crel-isolated.containerfile b/test/image-blueprints-bootc/layer1-base/group2/rhel96-bootc-crel-isolated.containerfile
@@ -27,8 +27,8 @@ RUN --mount=type=secret,id=pullsecret,dst=/run/secrets/pull-secret.json \
 # In this case, it is not necessary to update /etc/containers/storage.conf with
 # the additional store path.
 # See https://issues.redhat.com/browse/RHEL-75827
-RUN mkdir -p /etc/systemd/system/microshift.service.d
-COPY --chmod=644 ./bootc-images/microshift-copy-images.conf /etc/systemd/system/microshift.service.d/microshift-copy-images.conf
+RUN mkdir -p /usr/lib/systemd/system/microshift.service.d
+COPY --chmod=644 ./bootc-images/microshift-copy-images.conf /usr/lib/systemd/system/microshift.service.d/microshift-copy-images.conf
 
 # Configure firewall
 RUN firewall-offline-cmd --zone=public --add-port=22/tcp && \
diff --git a/test/image-blueprints-bootc/layer2-source/group1/rhel96-bootc-source.containerfile b/test/image-blueprints-bootc/layer2-source/group1/rhel96-bootc-source.containerfile
@@ -35,5 +35,5 @@ RUN firewall-offline-cmd --zone=public --add-port=22/tcp && \
 
 # Install systemd configuration drop-ins to fix potential permission problems
 # when upgrading from older ostree commits to bootc container layers
-RUN mkdir -p /etc/systemd/system/ovsdb-server.service.d
-COPY --chmod=644 ./bootc-images/microshift-ovsdb-ownership.conf /etc/systemd/system/ovsdb-server.service.d/microshift-ovsdb-ownership.conf
+RUN mkdir -p /usr/lib/systemd/system/ovsdb-server.service.d
+COPY --chmod=644 ./bootc-images/microshift-ovsdb-ownership.conf /usr/lib/systemd/system/ovsdb-server.service.d/microshift-ovsdb-ownership.conf
diff --git a/test/image-blueprints-bootc/layer2-source/group2/rhel96-bootc-source-ai-model-serving.containerfile b/test/image-blueprints-bootc/layer2-source/group2/rhel96-bootc-source-ai-model-serving.containerfile
@@ -71,8 +71,8 @@ RUN --mount=type=secret,id=pullsecret,dst=/run/secrets/pull-secret.json \
 # In this case, it is not necessary to update /etc/containers/storage.conf with
 # the additional store path.
 # See https://issues.redhat.com/browse/RHEL-75827
-RUN mkdir -p /etc/systemd/system/microshift.service.d
-COPY --chmod=644 ./bootc-images/microshift-copy-images.conf /etc/systemd/system/microshift.service.d/microshift-copy-images.conf
+RUN mkdir -p /usr/lib/systemd/system/microshift.service.d
+COPY --chmod=644 ./bootc-images/microshift-copy-images.conf /usr/lib/systemd/system/microshift.service.d/microshift-copy-images.conf
 
 # Create test data
 COPY --chmod=755 ./bootc-images/ai-model-serving-test-data.sh /tmp/ai-model-serving-test-data.sh
diff --git a/test/image-blueprints-bootc/layer2-source/group2/rhel96-bootc-source-isolated.containerfile b/test/image-blueprints-bootc/layer2-source/group2/rhel96-bootc-source-isolated.containerfile
@@ -30,5 +30,5 @@ RUN --mount=type=secret,id=pullsecret,dst=/run/secrets/pull-secret.json \
 # In this case, it is not necessary to update /etc/containers/storage.conf with
 # the additional store path.
 # See https://issues.redhat.com/browse/RHEL-75827
-RUN mkdir -p /etc/systemd/system/microshift.service.d
-COPY --chmod=644 ./bootc-images/microshift-copy-images.conf /etc/systemd/system/microshift.service.d/microshift-copy-images.conf
+RUN mkdir -p /usr/lib/systemd/system/microshift.service.d
+COPY --chmod=644 ./bootc-images/microshift-copy-images.conf /usr/lib/systemd/system/microshift.service.d/microshift-copy-images.conf
diff --git a/test/image-blueprints-bootc/layer2-source/group3/cos9-bootc-source-isolated.containerfile b/test/image-blueprints-bootc/layer2-source/group3/cos9-bootc-source-isolated.containerfile
@@ -13,5 +13,5 @@ RUN --mount=type=secret,id=pullsecret,dst=/run/secrets/pull-secret.json \
 # In this case, it is not necessary to update /etc/containers/storage.conf with
 # the additional store path.
 # See https://issues.redhat.com/browse/RHEL-75827
-RUN mkdir -p /etc/systemd/system/microshift.service.d
-COPY --chmod=644 ./bootc-images/microshift-copy-images.conf /etc/systemd/system/microshift.service.d/microshift-copy-images.conf
+RUN mkdir -p /usr/lib/systemd/system/microshift.service.d
+COPY --chmod=644 ./bootc-images/microshift-copy-images.conf /usr/lib/systemd/system/microshift.service.d/microshift-copy-images.conf
diff --git a/test/kickstart-templates/includes/post-bootc-container-tweaks.cfg b/test/kickstart-templates/includes/post-bootc-container-tweaks.cfg
@@ -1,6 +1,6 @@
 # Create a systemd unit to recursively make the root filesystem subtree
 # shared as required by OVN images
-cat > /etc/systemd/system/microshift-make-rshared.service <<'EOF'
+cat > /usr/lib/systemd/system/microshift-make-rshared.service <<'EOF'
 [Unit]
 Description=Make root filesystem shared
 Before=microshift.service
