Bare metal butane/ignition deployment of coreOS fails, when configuring boot_device

I want to install coreOS on redundant encrypted disks. Since coreOS integrates heavily with butane/ignition i tried Examples | Butane

I create an unattended iso via coreos-installer iso customize --live-karg-append="ignition.config.url=https://example.com/config.ign" -o ./ignition_coreOS.iso fedora-coreos-42.20250929.3.0-live-iso.x86_64.iso then i use dd to write it to a complete usb block device. I plug the thumb drive to a blank bare metal system with 2 sata drives.

As long as my Butane file does not contain a boot_device: section the setup installs on the device on the first sata port. i can login via ssh with the configured values in my butane.

When i add boot_device: mirror with 2 devices the partitions are setup as expected and i can login via the configured ssh credentials, but the filesystems for /boot and ESP are not mounted. Accordingly they do not contain the files to actually boot the system. So rebooting results in no available boot option.
i tried mounting the ESP & boot partitions and copied the contents of /boot and /boot/efi respectively. That results in a grub emergency shell on reboot. I could not salvage further information from this attempt.

When i add boot_device: luks: the systems drops into an emergency shell. The reason is ignition-disks.service timing out. i collected the logs from these attempts. i will look through them and paste the relevant data here.

I am not confident in debugging this type of problem and completely new to butane/ignition. So feel free to ask for any specific information.

variant: fcos
version: 1.6.0
storage:
  files:
    - path: /etc/sudoers.d/wheel-nopasswd
      contents:
        inline: '%wheel        ALL=(ALL)       NOPASSWD: ALL'
      mode: 0440
      overwrite: true
    - path: /etc/hostname
      contents:
        inline: testing
      mode: 0644
      overwrite: true
passwd:
  users:
    - name: user
      ssh_authorized_keys:
        - ssh-ed25519 FOO
      groups:
        - wheel

boot_device:
  luks:
    device: /dev/disk/by-id/wwn-0xFOO
    tpm2: true

boot_device:
  mirror:
    devices:
      - /dev/disk/by-id/wwn-0xFOO
      - /dev/disk/by-id/wwn-0xBAR

Thanks for reading and hopefully your clever tip that will make this go away.

great!

It’s expected that the ESP isn’t mounted, but not /boot. For the ESP there are technically two copies here (they aren’t actually in a RAID) so manually messing around in there wouldn’t be good. bootupd should handle bootloader updates across both copies. i.e. it will mount them both and put all the right stuff in there and then unmount them.

I wouldn’t expect that. If you can reproduce please open a bug with all the details (including logs).

Weird. I just tried with

variant: fcos
version: 1.6.0
passwd:
  users:
    - name: core
      ssh_authorized_keys:
        - xxx
boot_device:
  luks:
    tpm2: true
  mirror:
    devices:
      - /dev/sda
      - /dev/sdb

and it worked.

core@localhost:~$ lsblk
NAME       MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
sda          8:0    0    50G  0 disk  
├─sda1       8:1    0     1M  0 part  
├─sda2       8:2    0   127M  0 part  
├─sda3       8:3    0   384M  0 part  
│ └─md127    9:127  0 383.9M  0 raid1 /boot
└─sda4       8:4    0  49.5G  0 part  
  └─md126    9:126  0  19.5G  0 raid1 
    └─root 252:0    0  19.5G  0 crypt /var
                                      /sysroot/ostree/deploy/fedora-coreos/var
                                      /sysroot
                                      /etc
sdb          8:16   0    20G  0 disk  
├─sdb1       8:17   0     1M  0 part  
├─sdb2       8:18   0   127M  0 part  
├─sdb3       8:19   0   384M  0 part  
│ └─md127    9:127  0 383.9M  0 raid1 /boot
└─sdb4       8:20   0  19.5G  0 part  
  └─md126    9:126  0  19.5G  0 raid1 
    └─root 252:0    0  19.5G  0 crypt /var
                                      /sysroot/ostree/deploy/fedora-coreos/var
                                      /sysroot
                                      /etc

Make sure you have plenty of RAM on the system because it’s doing a root reprovision here and that copies the entire filesystem into RAM first.

Did you try this bare metal or in a hypervisor of sorts? For me it only happens on bare metal.

Should this happen before the system drops into loginshell?
I have used your posted Butane to test. Only substituting ssh pubkey.
the flow for me is: UEFI boot ignition ISO > access via igniton credentials is possible >

# for i in esp-1 esp-2 boot root; do \
    umount /mnt/ 2>/dev/null \
    mount /dev/disk/by-label/$i /mnt/ &&\
    echo "$i" && ls -al /mnt/
done
esp-1
total 20
drwxr-xr-x.  2 root root 16384 Jan  1  1970 .
drwxr-xr-x. 24 root root  4096 Oct 23 20:08 ..
esp-2
total 20
drwxr-xr-x.  2 root root 16384 Jan  1  1970 .
drwxr-xr-x. 24 root root  4096 Oct 23 20:08 ..
boot
total 17
drwxr-xr-x   3 root root  1024 Oct 23 20:07 .
drwxr-xr-x. 24 root root  4096 Oct 23 20:08 ..
drwx------   2 root root 12288 Oct 23 20:07 lost+found
root
total 4
drwxr-xr-x   2 root root    6 Oct 23 20:07 .
drwxr-xr-x. 24 root root 4096 Oct 23 20:08 ..

NAME       FSTYPE            FSVER            LABEL                          FSAVAIL FSUSE% MOUNTPOINTS
loop0      xfs                                                                 15.1G     3% /run/ephemeral
                                                                                            /var
                                                                                            /etc
loop1      erofs                                                                   0   100% /sysroot
                                                                                            /usr
                                                                                            /boot
                                                                                            /
sda                                                                                         
├─sda1     vfat              FAT32                                                          
├─sda2     vfat              FAT16            esp-1                                         
├─sda3     linux_raid_member 1.0              any:md-boot                                   
│ └─md127  ext4              1.0              boot                                          
└─sda4     linux_raid_member 1.2              any:md-root                                   
  └─md126  crypto_LUKS       2                luks-root                                     
    └─root xfs                                root                                          
sdb                                                                                         
├─sdb1                                                                                      
├─sdb2     vfat              FAT16            esp-2                                         
├─sdb3     linux_raid_member 1.0              any:md-boot                                   
│ └─md127  ext4              1.0              boot                                          
└─sdb4     linux_raid_member 1.2              any:md-root                                   
  └─md126  crypto_LUKS       2                luks-root                                     
    └─root xfs                                root                                          
sdc        iso9660           Joliet Extension fedora-coreos-42.20250929.3.0                 
├─sdc1     iso9660           Joliet Extension fedora-coreos-42.20250929.3.0        0   100% /run/media/iso
└─sdc2     vfat              FAT12            EFI-SYSTEM                                    

NAME       AUTOCLEAR BACK-FILE                  BACK-INO BACK-MAJ:MIN BACK-MAJ BACK-MIN MAJ:MIN MAJ MIN OFFSET PARTSCAN REF                                      RO SIZELIMIT DIO LOG-SEC
/dev/loop1         1 /images/pxeboot/rootfs.img     2122        8:33  8        33         7:1     7   1    124        0 /run/media/iso/images/pxeboot/rootfs.img  1         0   0     512
/dev/loop0         1 /loopfs                           2        0:33  0        33         7:0     7   0      0        0 /run/ephemeral_base/loopfs                0         0   0     512

After reboot there is still no valid boot option.

Regarding RAM: I got 32 GB and there is no indication of any issues in dmesg.

Kernel log: PASTE
The start of ignition in journalctl: PASTE
Pastes are valid until 2025-10-30.

VM. I rarely have time or hardware to test things on bare metal, but 99% of the time “bare metal” problems can be reproduced in a VM.

hmm. This log is a little concerning to me. I think somehow you are mixing two things.

The Ignition partitioning should happen on the first boot (i.e. after the install has happened and the system has been rebooted). In your log the partitioning is happening during a “live” boot:

Oct 23 22:55:15 setHostname.local ignition[767]: disks: createFilesystems: op(1b): op(1c): op(22): op(28): [finished] waiting for triggered uevent
Oct 23 22:55:15 setHostname.local ignition[767]: disks: createFilesystems: op(1b): op(1c): op(22): [finished] waiting for triggered uevent
Oct 23 22:55:16 setHostname.local ignition[767]: disks: createFilesystems: op(1b): op(1c): [finished] creating "ext4" filesystem on "/run/ignition/dev_aliases/dev/md/md-boot"
Oct 23 22:55:16 setHostname.local ignition[767]: disks: createFilesystems: op(1b): op(29): [started]  waiting for triggered uevent
Oct 23 22:55:16 setHostname.local ignition[767]: disks: createFilesystems: op(1b): op(29): executing: "udevadm" "trigger" "--settle" "/dev/md127"
Oct 23 22:55:16 setHostname.local ignition[767]: disks: createFilesystems: op(1b): op(29): [finished] waiting for triggered uevent
Oct 23 22:55:17 setHostname.local ignition[767]: disks: createFilesystems: op(1b): [finished] creating "xfs" filesystem on "/run/ignition/dev_aliases/dev/mapper/root"
Oct 23 22:55:17 setHostname.local ignition[767]: disks: createFilesystems: op(2a): [started]  waiting for triggered uevent
Oct 23 22:55:17 setHostname.local ignition[767]: disks: createFilesystems: op(2a): executing: "udevadm" "trigger" "--settle" "/dev/dm-0"
Oct 23 22:55:17 setHostname.local ignition[767]: disks: createFilesystems: op(2a): [finished] waiting for triggered uevent
Oct 23 22:55:17 setHostname.local ignition[767]: disks: disks passed
Oct 23 22:55:17 setHostname.local ignition[767]: Ignition finished successfully
Oct 23 22:55:17 setHostname.local systemd[1]: Finished ignition-disks.service - Ignition (disks).
Oct 23 22:55:17 setHostname.local systemd[1]: Reached target initrd-root-device.target - Initrd Root Device.
Oct 23 22:55:17 setHostname.local systemd[1]: Mounting run-media-iso.mount - /run/media/iso...

So your filesystems got all set up right, but yeah they are empty because this is a live ISO boot (as evidenced by the Mounting run-media-iso.mount log statement).

NOTE: Live ISO boots are typically meant for installs (or you can run “live” too, but configuring the root filesystem in that case would be pointless).

This means there’s nothing that copied out the root filesystem and will copy it back in because:

Oct 23 22:54:49 setHostname.local systemd[1]: ignition-ostree-transposefs-detect.service - Ignition OSTree: Detect Partition Transposition was skipped because of an unmet condition check (ConditionKernelCommandLine=ostree).

TL;DR I think your Ignition config with disk partitioning info is running during the install boot and that’s not what you want.

It clicked. I have posted my mistake in the first few lines of my posting.

Somehow i switched up --live-karg-append= and the --dest-karg-append=. I partially blame bash history…

With the corrected option it worked instantly.

Thank you very much for taking the time to look at my postings!