Mount BOTTLEROCKET-PRIVATE before BOTTLEROCKET-DATA

[mikn]

What I'd like:
Mount BOTTLEROCKET-PRIVATE to a path that does not require BOTTLEROCKET-DATA to first be mounted.

Currently, the BOTTLEROCKET-PRIVATE partition is inexplicably mounted after BOTTLEROCKET-DATA because of its position in the mount tree (/var/lib/bottlerocket for -PRIVATE and /local and /local/var bind mounted to /var for -DATA) - this means that the -DATA partition (which is required relatively late) must be mounted before -PRIVATE. This limits what type of data you could feed to the early boot to mount -DATA (only the kernel command line).

We would like to be able to store configuration for mounts in the private partition, specifically for cryptsetup and device mapper tables in our case.

We are currently carrying the release package in our own variant to make this possible. We do it by mounting the -PRIVATE partition under /run/bottlerocket_private (still read only) and then bind-mounting it to /var/lib/bottlerocket once the rest of the mount tree is in place.

This opens up some exciting possibilities wrt bootstrap configuration also.

Any alternatives you've considered:

• Injecting kernel command line arguments (not feasible for device mapper tables)
• Temporary mount of private partition in our own units (uglier and more brittle)