osbuild: use bootc install to deploy the container #4224
Conversation
|
Skipping CI for Draft Pull Request. |
![gemini-code-assist[bot]](https://cdn.statically.io/img/avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
The pull request introduces changes to use bootc install to deploy the container, which simplifies the image build process. There are a few critical issues in the YAML manifest related to copy-paste errors that lead to incorrect configurations for the 4k image builds and missing options for loopback devices. These issues need to be addressed.
|
I switched the CI on this to run against |
|
A few diffs picked up by We should probably profile each diff (maybe in coreos/fedora-coreos-tracker#1827) and evaluate whether it's a change we want to make or not. |
|
I can't get a built qemu image to boot. I suspect probably the root= and boot= UUIDs added on the kernel command line? |
do you mind sharing more logs ? What I am getting locally is ignition failing on coreos/fedora-coreos-tracker#1250 |
|
Ahh. I see that too now: |
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
looks like removing those make the boot process go further (ignition completes), and out of the initramfs but fail to mount the boot partition. |
|
Blocked on bootc-dev/bootc#1441 |
|
ok this works with the following PRs :
for the bootc PR, it can be built then added into the image through |
jbtrystram
force-pushed
the
osbuild-bootc-install-fs
branch
from
59f1061 to
254f877
Compare
|
follow-up : either find a way to get the boot components inside cosa, or change the bootc code to call bootupd from the deployed root . I think the latter is preferable. |
Made bootc-dev/bootc#1460 |
jbtrystram
force-pushed
the
osbuild-bootc-install-fs
branch
3 times, most recently
from
cdcb9d0 to
bb4270f
Compare
Instead of deploying the container to the tree then copy all the contents to the disk image, use bootc to directly manage the installation to the target filesystems. Right now this requires to use the image as the buildroot so this requires python (for osbuild). This is tracked in [1]. [1] bootc-dev/bootc#1410 Requires osbuild/osbuild#2149
Bootc is looking for the prepare-root config file in the buildroot environnement because the main assumption is that it's run from the target container. However, in osbuild, it's run from te buildroot, because podman inside bwrap (inside supermin in our case) causes issues. It's fine for RHCOS and SCOS where we use the target container as the buildroot but we cannot do that for FCOS because we require python in the buildroot. For now, insert a prepare-root file in the supermin VM (use as the buildroot for osbuild) until either : - bootc learn to look into the container for it [1] - we ship python in our images and can use them as buildroot. Another approach would be to layer python and the osbuild dependencies on top of our image and use that as the buildroot, but that would create room for packages drift (what was in the repos at build time?). At least using COSA it's easier to keep track of versions. [1] bootc-dev/bootc#1410
Theses are patch from the following PRs: osbuild/osbuild#2152 osbuild/osbuild#2149
jbtrystram
force-pushed
the
osbuild-bootc-install-fs
branch
from
bb4270f to
310bd60
Compare
|
Alright, marking this as ready for review as all the bits are in place. This will need a release of bootc. |
|
@jbtrystram: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
There was a problem hiding this comment.
Some comments.
I think there are a few things we need to iron out before we can really move forward with this:
- supporting both old and new paths at the same time
Do we need to? Usually when we make a change this large we roll it out slowly, which means we have to support both ways for some time.
This PR is ignoring that fact, but TBH looking at OSBuild configs that support both would be pretty intimidating, so I'm not excited about trying to do that either. I'd be interested in @jlebon or @travier's thoughts.
- We need to make sure any/every diff that exists between images generated this way and the old way are considered and acknowleged as acceptable before we'd make this change.
| @@ -397,6 +397,10 @@ main() { | |||
| fi | |||
|
|
|||
| outdir=$(mktemp -p "${tmp_builddir}" -d) | |||
| # To get a shell in the osbuild supervin VM uncomment this. | |||
There was a problem hiding this comment.
| # To get a shell in the osbuild supervin VM uncomment this. | |
| # To get a shell in the osbuild supermin VM uncomment this. |
| boot-mount-spec: "" | ||
| root-mount-spec: "" |
There was a problem hiding this comment.
Might be worth adding a comment above these two and maybe even linking to bootc-dev/bootc#1441
| - mpp-format-string: '{extra_kargs}' | ||
| target-imgref: | ||
| mpp-format-string: '{container_imgref}' | ||
| stateroot: fedora-coreos |
There was a problem hiding this comment.
We'd need this to work for RHCOS and FCOS:
| stateroot: fedora-coreos | |
| stateroot: | |
| mpp-format-string: '{osname}' |
| - type: org.osbuild.bootupd | ||
| # set up the `ignition.firstboot` stamp at the end because | ||
| # bootc want empty filesystems | ||
| - type: org.osbuild.ignition | ||
| options: | ||
| static-configs: true | ||
| deployment: | ||
| default: true |
There was a problem hiding this comment.
Does bootc install to filesystem run bootupd with all the same settings as we were doing in the past?
There was a problem hiding this comment.
bootc :
> bootupctl backend install --write-uuid --src-root /run/osbuild/mounts/ostree/deploy/fedora-coreos/deploy/bcbf1077fcd3a702c763474103ef1d160d948e84168a966432fdce48010be75b.0 --device /dev/loop0 /run/osbuild/mounts
Our pipeline :
/usr/bin/bootupctl backend install --device /dev/loop0 --with-static-configs /run/osbuild/mounts
So yeah. Looking at the code I see --write-uuid implies --with-static-configs
The --src-root is replaced by a chroot in the org.osbuild.bootupd stage but they are functionnaly equivalent.
One thing i am not sure of is writing the disks uuid . In our case we change them during the first boot so I need to investigate if that creates problems.
| - mpp-format-string: '{extra_kargs}' | ||
| target-imgref: | ||
| mpp-format-string: '{container_imgref}' | ||
| stateroot: fedora-coreos |
There was a problem hiding this comment.
| source: disk | ||
| partition: | ||
| mpp-format-int: '{image4k.layout[''root''].partnum}' | ||
| mpp-format-int: '{image.layout[''root''].partnum}' |
There was a problem hiding this comment.
| mpp-format-int: '{image.layout[''root''].partnum}' | |
| mpp-format-int: '{image4k.layout[''root''].partnum}' |
| target: / | ||
| - name: boot | ||
| type: org.osbuild.ext4 | ||
| source: disk | ||
| partition: | ||
| mpp-format-int: '{image4k.layout[''boot''].partnum}' | ||
| mpp-format-int: '{image.layout[''boot''].partnum}' |
There was a problem hiding this comment.
| mpp-format-int: '{image.layout[''boot''].partnum}' | |
| mpp-format-int: '{image4k.layout[''boot''].partnum}' |
| target: /boot | ||
| - name: efi | ||
| type: org.osbuild.fat | ||
| source: disk | ||
| partition: | ||
| mpp-format-int: '{image4k.layout[''EFI-SYSTEM''].partnum}' | ||
| mpp-format-int: '{image.layout[''EFI-SYSTEM''].partnum}' |
There was a problem hiding this comment.
| mpp-format-int: '{image.layout[''EFI-SYSTEM''].partnum}' | |
| mpp-format-int: '{image4k.layout[''EFI-SYSTEM''].partnum}' |
| @@ -708,46 +504,14 @@ pipelines: | |||
| type: org.osbuild.xfs | |||
| source: disk | |||
| partition: | |||
| mpp-format-int: '{image4k.layout[''root''].partnum}' | |||
| mpp-format-int: '{image.layout[''root''].partnum}' | |||
There was a problem hiding this comment.
| mpp-format-int: '{image.layout[''root''].partnum}' | |
| mpp-format-int: '{image4k.layout[''root''].partnum}' |
| target: / | ||
| - name: boot | ||
| type: org.osbuild.ext4 | ||
| source: disk | ||
| partition: | ||
| mpp-format-int: '{image4k.layout[''boot''].partnum}' | ||
| mpp-format-int: '{image.layout[''boot''].partnum}' |
There was a problem hiding this comment.
| mpp-format-int: '{image.layout[''boot''].partnum}' | |
| mpp-format-int: '{image4k.layout[''boot''].partnum}' |
Rolling this out in FCOS first would be preferable indeed. Instead of adding mpp conditionals, could we just have a separate set of manifests to use temporarily? Not ideal either, I know. If we're sufficiently convinced by the diff, we could do a hard cut over. The problem is in ensuring the diff captures everything well. I think it helps a lot though that the main changes here are happening at the filesystem level. |
Instead of deploying the container to the tree then copy all the contents to the disk image, use bootc to directly manage the installation to the target filesystems.
Right now this requires to use the image as the buildroot so this requires python (for osbuild). This is tracked in [1].
[1] bootc-dev/bootc#1410 Requires osbuild/osbuild#2149