ephemeral: Add Ignition config injection support

Add support for injecting Ignition configuration files into ephemeral
VMs via QEMU's fw_cfg mechanism (x86_64/aarch64) and virtio-blk
(s390x/ppc64le). This enables first-boot provisioning for bootc-based
systems that use Ignition.

Implementation:
- Architecture-specific config delivery per FCOS docs:
  * x86_64/aarch64: fw_cfg at opt/com.coreos/config
  * s390x/ppc64le: virtio-blk with serial 'ignition', readonly
- Runtime architecture detection for correct method
- Image validation via labels (coreos.ignition or com.coreos.osname)
- Added readonly support for virtio-blk devices
- Test coverage for fw_cfg functionality

The config is successfully passed to the guest (verified via
/sys/firmware/qemu_fw_cfg/). Ignition will process it on first boot.
For ephemeral testing with pre-built FCOS images, Ignition skips as
expected (subsequent boot behavior).

Useful for custom bootc images with Ignition (see bootc initramfs
docs) and future to-disk workflows.

Closes: #228

Assisted-by: Claude Code (Sonnet 4.5)
Signed-off-by: gursewak1997 <gursmangat@gmail.com>

Author: gursewak1997

crates/bcvk-qemu/src/qemu.rs

@@ -78,6 +78,8 @@ pub struct VirtioBlkDevice {
     pub serial: String,
     /// Disk image format.
     pub format: DiskFormat,
+    /// Mount as read-only.
+    pub readonly: bool,
 }
 
 /// VM display and console configuration.
@@ -224,6 +226,9 @@ pub struct QemuConfig {
     pub systemd_notify: Option<File>,
 
     vhost_fd: Option<File>,
+
+    /// fw_cfg entries for passing config files to the guest
+    fw_cfg_entries: Vec<(String, Utf8PathBuf)>,
 }
 
 impl QemuConfig {
@@ -365,11 +370,23 @@ impl QemuConfig {
         disk_file: String,
         serial: String,
         format: DiskFormat,
+    ) -> &mut Self {
+        self.add_virtio_blk_device_ro(disk_file, serial, format, false)
+    }
+
+    /// Add a virtio-blk device with specified format and readonly flag.
+    pub fn add_virtio_blk_device_ro(
+        &mut self,
+        disk_file: String,
+        serial: String,
+        format: DiskFormat,
+        readonly: bool,
     ) -> &mut Self {
         self.virtio_blk_devices.push(VirtioBlkDevice {
             disk_file,
             serial,
             format,
+            readonly,
         });
         self
     }
@@ -440,6 +457,13 @@ impl QemuConfig {
         };
         self
     }
+
+    /// Add a fw_cfg entry to pass a file to the guest.
+    /// The file will be accessible in the guest via the fw_cfg interface.
+    pub fn add_fw_cfg(&mut self, name: String, file_path: Utf8PathBuf) -> &mut Self {
+        self.fw_cfg_entries.push((name, file_path));
+        self
+    }
 }
 
 /// Allocate a unique VSOCK CID.
@@ -560,13 +584,19 @@ fn spawn(
     // Add virtio-blk block devices
     for (idx, blk_device) in config.virtio_blk_devices.iter().enumerate() {
         let drive_id = format!("drive{}", idx);
+        let readonly_flag = if blk_device.readonly {
+            ",readonly=on"
+        } else {
+            ""
+        };
         cmd.args([
             "-drive",
             &format!(
-                "file={},format={},if=none,id={}",
+                "file={},format={},if=none,id={}{}",
                 blk_device.disk_file,
                 blk_device.format.as_str(),
-                drive_id
+                drive_id,
+                readonly_flag
             ),
             "-device",
             &format!(
@@ -723,6 +753,11 @@ fn spawn(
         cmd.args(["-smbios", &format!("type=11,value={}", credential)]);
     }
 
+    // Add fw_cfg entries
+    for (name, file_path) in &config.fw_cfg_entries {
+        cmd.args(["-fw_cfg", &format!("name={},file={}", name, file_path)]);
+    }
+
     // Configure stdio based on display mode
     match &config.display_mode {
         DisplayMode::Console => {
@@ -993,4 +1028,24 @@ mod tests {
         assert_eq!(DiskFormat::Raw.as_str(), "raw");
         assert_eq!(DiskFormat::Qcow2.as_str(), "qcow2");
     }
+
+    #[test]
+    fn test_fw_cfg_entry() {
+        let mut config = QemuConfig::new_direct_boot(
+            1024,
+            1,
+            "/test/kernel".to_string(),
+            "/test/initramfs".to_string(),
+            "/test/socket".into(),
+        );
+        config.add_fw_cfg(
+            "opt/com.coreos/config".to_string(),
+            "/test/ignition.json".into(),
+        );
+
+        // Test that the fw_cfg entry is created correctly
+        assert_eq!(config.fw_cfg_entries.len(), 1);
+        assert_eq!(config.fw_cfg_entries[0].0, "opt/com.coreos/config");
+        assert_eq!(config.fw_cfg_entries[0].1.as_str(), "/test/ignition.json");
+    }
 }

crates/kit/src/qemu.rs

@@ -39,6 +39,15 @@ pub trait QemuConfigExt {
         serial: String,
         format: F,
     ) -> &mut Self;
+
+    /// Add a virtio-blk device with specified format and readonly flag using kit's Format type.
+    fn add_virtio_blk_device_with_format_ro<F: Into<DiskFormat>>(
+        &mut self,
+        disk_file: String,
+        serial: String,
+        format: F,
+        readonly: bool,
+    ) -> &mut Self;
 }
 
 impl QemuConfigExt for QemuConfig {
@@ -50,4 +59,14 @@ impl QemuConfigExt for QemuConfig {
     ) -> &mut Self {
         self.add_virtio_blk_device(disk_file, serial, format.into())
     }
+
+    fn add_virtio_blk_device_with_format_ro<F: Into<DiskFormat>>(
+        &mut self,
+        disk_file: String,
+        serial: String,
+        format: F,
+        readonly: bool,
+    ) -> &mut Self {
+        self.add_virtio_blk_device_ro(disk_file, serial, format.into(), readonly)
+    }
 }

crates/kit/src/run_ephemeral.rs

@@ -120,6 +120,15 @@ use crate::{
     systemd, utils, CONTAINER_STATEDIR,
 };
 
+/// fw_cfg name for Ignition configuration (per FCOS documentation)
+const IGNITION_FW_CFG_NAME: &str = "opt/com.coreos/config";
+
+/// virtio-blk serial name for Ignition configuration (per FCOS documentation)
+const IGNITION_SERIAL_NAME: &str = "ignition";
+
+/// Mount path for Ignition config inside the container
+const IGNITION_CONFIG_MOUNT_PATH: &str = "/run/ignition-config.json";
+
 /// Common container lifecycle options for podman commands.
 #[derive(Parser, Debug, Clone, Default, Serialize, Deserialize)]
 pub struct CommonPodmanOptions {
@@ -287,6 +296,12 @@ pub struct RunEphemeralOpts {
     #[clap(long = "karg", help = "Additional kernel command line arguments")]
     pub kernel_args: Vec<String>,
 
+    #[clap(
+        long = "ignition",
+        help = "Path to Ignition config file (JSON format) to inject via fw_cfg"
+    )]
+    pub ignition_config: Option<String>,
+
     /// Host DNS servers (read on host, configured via podman --dns flags)
     /// Not a CLI option - populated automatically from host's /etc/resolv.conf
     #[clap(skip)]
@@ -401,6 +416,27 @@ fn prepare_run_command_with_temp(
 ) -> Result<(std::process::Command, tempfile::TempDir)> {
     debug!("Running QEMU inside hybrid container for {}", opts.image);
 
+    // Check Ignition support early (before launching container) if --ignition is specified
+    if opts.ignition_config.is_some() {
+        let has_ignition = check_ignition_support(&opts.image)?;
+        if !has_ignition {
+            return Err(eyre!(
+                "Image does not support Ignition.\n\
+                 \n\
+                 To use Ignition with bootc images, build a custom image with Ignition included.\n\
+                 See: https://docs.fedoraproject.org/en-US/bootc/initramfs/\n\
+                 \n\
+                 Alternatively, use an image that includes Ignition by default:\n\
+                 - quay.io/fedora/fedora-coreos\n\
+                 \n\
+                 Images are detected as Ignition-capable if they have:\n\
+                 - Label 'coreos.ignition=1' (recommended), or\n\
+                 - Label 'com.coreos.osname' (CoreOS-based images)"
+            ));
+        }
+        debug!("Image {} supports Ignition", opts.image);
+    }
+
     let script = include_str!("../scripts/entrypoint.sh");
 
     let td = tempfile::tempdir()?;
@@ -581,6 +617,35 @@ fn prepare_run_command_with_temp(
         cmd.args(["-v", &format!("{}:/run/systemd-units:ro", units_dir)]);
     }
 
+    // Mount Ignition config file if specified
+    if let Some(ref ignition_path) = opts.ignition_config {
+        // Convert to absolute path if needed
+        let path = Utf8Path::new(ignition_path);
+        let ignition_abs = if path.is_absolute() {
+            path.to_owned()
+        } else {
+            let current_dir = Utf8PathBuf::try_from(std::env::current_dir()?)
+                .context("Current directory path is not valid UTF-8")?;
+            current_dir.join(path)
+        };
+
+        // Validate file exists and is readable
+        if !ignition_abs.exists() {
+            return Err(eyre!("Ignition config file not found: {}", ignition_abs));
+        }
+        if !ignition_abs.is_file() {
+            return Err(eyre!(
+                "Ignition config path is not a regular file: {}",
+                ignition_abs
+            ));
+        }
+
+        cmd.args([
+            "-v",
+            &format!("{}:{}:ro", ignition_abs, IGNITION_CONFIG_MOUNT_PATH),
+        ]);
+    }
+
     // Read host DNS servers and configure them via podman --dns flags
     // This fixes DNS resolution issues when QEMU runs inside containers.
     // QEMU's slirp reads /etc/resolv.conf from the container's network namespace,
@@ -834,6 +899,64 @@ fn check_required_container_binaries() -> Result<()> {
     Ok(())
 }
 
+/// Check if the container image has Ignition support
+///
+/// Checks for labels indicating Ignition support:
+/// - 'coreos.ignition' (future convention, not yet widely used)
+/// - 'com.coreos.osname' (heuristic: CoreOS-based images likely have Ignition)
+///
+/// Returns true if the image is likely to support Ignition.
+fn check_ignition_support(image: &str) -> Result<bool> {
+    use std::collections::HashMap;
+    use std::process::Stdio;
+
+    // Fetch all labels with a single podman inspect call
+    let output = Command::new("podman")
+        .args(["image", "inspect", "--format", "{{json .Labels}}", image])
+        .stdout(Stdio::piped())
+        .stderr(Stdio::piped())
+        .output()
+        .context("Failed to inspect image for labels")?;
+
+    if !output.status.success() {
+        let stderr = String::from_utf8_lossy(&output.stderr);
+        return Err(eyre!(
+            "Failed to inspect image {} for labels: {}",
+            image,
+            stderr.trim()
+        ));
+    }
+
+    // Parse the JSON output
+    let labels: HashMap<String, String> = serde_json::from_slice(&output.stdout)
+        .context("Failed to parse image labels as JSON")?;
+
+    // Check for coreos.ignition label (future convention)
+    if let Some(ignition_value) = labels.get("coreos.ignition") {
+        if matches!(
+            ignition_value.to_lowercase().as_str(),
+            "1" | "true" | "yes" | "enabled"
+        ) {
+            debug!("Image {} has coreos.ignition=1 label", image);
+            return Ok(true);
+        }
+    }
+
+    // Fallback: check for com.coreos.osname (CoreOS-based images)
+    if let Some(osname_value) = labels.get("com.coreos.osname") {
+        if !osname_value.is_empty() {
+            debug!(
+                "Image {} has com.coreos.osname={}, assuming Ignition support",
+                image, osname_value
+            );
+            return Ok(true);
+        }
+    }
+
+    debug!("Image {} does not appear to support Ignition", image);
+    Ok(false)
+}
+
 /// VM execution inside container: extracts kernel/initramfs, starts virtiofsd processes,
 /// generates systemd mount units, sets up command execution, launches QEMU.
 pub(crate) async fn run_impl(opts: RunEphemeralOpts) -> Result<()> {
@@ -1265,6 +1388,45 @@ StandardOutput=file:/dev/virtio-ports/executestatus
     kernel_cmdline.extend(opts.kernel_args.clone());
     qemu_config.set_kernel_cmdline(kernel_cmdline);
 
+    // Add Ignition config if specified
+    // Different architectures require different methods (per FCOS docs):
+    // - x86_64/aarch64: fw_cfg
+    // - s390x/ppc64le: virtio-blk with serial "ignition"
+    if opts.ignition_config.is_some() {
+        let ignition_path = Utf8Path::new(IGNITION_CONFIG_MOUNT_PATH);
+        if !ignition_path.exists() {
+            return Err(eyre!(
+                "Ignition config not found at expected location: {}\n\
+                 This is an internal error - the config should have been mounted by podman.",
+                ignition_path
+            ));
+        }
+
+        let arch = std::env::consts::ARCH;
+        match arch {
+            "x86_64" | "aarch64" => {
+                debug!("Adding Ignition config via fw_cfg: {}", ignition_path);
+                qemu_config.add_fw_cfg(IGNITION_FW_CFG_NAME.to_string(), ignition_path.to_owned());
+            }
+            "s390x" | "powerpc64" => {
+                debug!("Adding Ignition config via virtio-blk: {}", ignition_path);
+                qemu_config.add_virtio_blk_device_with_format_ro(
+                    ignition_path.to_string(),
+                    IGNITION_SERIAL_NAME.to_string(),
+                    crate::to_disk::Format::Raw,
+                    true, // readonly as required by FCOS
+                );
+            }
+            _ => {
+                return Err(eyre!(
+                    "Ignition config injection not supported on architecture: {}\n\
+                     Supported architectures: x86_64, aarch64, s390x, powerpc64",
+                    arch
+                ));
+            }
+        }
+    }
+
     // TODO allocate unlinked unnamed file and pass via fd
     let mut tmp_swapfile = None;
     if let Some(size) = opts.add_swap {
@@ -1366,6 +1528,7 @@ Options=
                     disk_file,
                     serial,
                     format: format.into(),
+                    readonly: false,
                 });
             }
         }

crates/kit/src/to_disk.rs

@@ -525,6 +525,7 @@ pub fn run(opts: ToDiskOpts) -> Result<RunOutcome> {
             opts.additional.format.as_str()
         )], // Attach target disk
         kernel_args: Default::default(),
+        ignition_config: None,
         debug_entrypoint: None,
     };
 

crates/kit/src/varlink_ipc.rs

@@ -275,6 +275,7 @@ impl BcvkService {
                 add_swap: opts.add_swap,
                 mount_disk_files: opts.mount_disk_files.unwrap_or_default(),
                 kernel_args: opts.kargs.unwrap_or_default(),
+                ignition_config: None,
                 host_dns_servers: None,
             };