install: Add ensure-completion verb, wire up ostree-deploy → bootc
#915
+457
−19
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This seems to be working well in my hand-rolled testing. Still TODO:
|
cgwalters
force-pushed
the
install-fixup
branch
from
f116a60
to
0425c61
Compare
|
OK I've rebased this on top of #860 and we successfully pull LBIs at Anaconda install time too now. |
|
There were a surprising number of things I hit. One of them for example is that anaconda's hand-rolled chroot/container doesn't mount |
No functional changes; prep for further work. Signed-off-by: Colin Walters <[email protected]>
Clean up the interception to prepare for other cases. Signed-off-by: Colin Walters <[email protected]>
This allows us to fully own the symlinks in `/usr/libexec/libostree/ext`. Signed-off-by: Colin Walters <[email protected]>
cgwalters
force-pushed
the
install-fixup
branch
from
0425c61
to
21467e0
Compare
When bootc was created, it started to become a superset of ostree; in particular things like `/usr/lib/bootc/kargs.d` and logically bound images. However...Anaconda today is still invoking `ostree container image deploy`. Main fix -------- When bootc takes over the `/usr/libexec/ostree/ext/ostree-container` entrypoint, make the existing `ostree container image deploy` CLI actually just call back into bootc to fix things up. No additional work required other than getting an updated bootc in the Anaconda ISO. Old Anaconda ISOs ----------------- But, a further problem here is that Anaconda is only updated once per OS major+minor - e.g. there won't be an update to it for the lifetime of RHEL 9.5 or Fedora 41. We want the ability to ship new features and bugfixes in those OSes (especially RHEL9.5). So given that we have a newer bootc in the target container, we can do this: ``` %post --erroronfail bootc install ensure-completion %end ``` And will fix things up. Of course there's fun $details here...the way Anaconda implements `%post` is via a hand-augmented `chroot` i.e. a degenerate container, and we need to escape that and fix some things up (such as a missing cgroupfs mount). Summmary -------- - With a newer bootc in the ISO, everything just works - For older ISOs, one can add the `%post` above as a workaround. Implementation details: Cross-linking bootc and ostree-rs-ext ------------------------------------------------------------- This whole thing is very confusing because now, the linkage between bootc and ostree-rs-ext is bidirectional. In the case of `bootc install to-filesystem`, we end up calling into ostree-rs-ext, and we *must not* recurse back into bootc, because at least for kernel arguments we might end up applying them *twice*. We do this by passing a CLI argument. The second problem is the crate-level dependency; right now they're independent crates so we can't have ostree-rs-ext actually call into bootc directly, as convenient as that would be. So we end up forking ourselves as a subprocess. But that's not too bad because we need to carry a subprocess-based entrypoint *anyways* for the Anaconda `%post` case. Implementation details: /etc/resolv.conf ---------------------------------------- There's some surprising stuff going on in how Anaconda handles `/etc/resolv.conf` in the target root that I got burned by. In Fedora it's trying to query if systemd-resolved is enabled in the target or something? I ended up writing some code to just try to paper over this to ensure we have networking in the `%post` where we need it to fetch LBIs. Signed-off-by: Colin Walters <[email protected]>
cgwalters
force-pushed
the
install-fixup
branch
from
21467e0
to
4b111dd
Compare
cgwalters
changed the title
ensure-completion verbensure-completion verb, wire up ostree-deploy → bootc
|
The plus side of this PR as is is that it has near-zero risk unless explicitly turned on in the two places right now. The anaconda I've given this a fair bit of manual testing, but I think what will help here is to get this into e.g. Fedora rawhide and that'll get things running through the daily integration testing. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When bootc was created, it started to become a superset of ostree;
in particular things like
/usr/lib/bootc/kargs.dand logicallybound images.
However...Anaconda today is still invoking
ostree container image deploy.Main fix
When bootc takes over the
/usr/libexec/ostree/ext/ostree-containerentrypoint, make the existing
ostree container image deployCLI actuallyjust call back into bootc to fix things up. No additional work required other
than getting an updated bootc in the Anaconda ISO.
Old Anaconda ISOs
But, a further problem here is that Anaconda is only updated once
per OS major+minor - e.g. there won't be an update to it for the lifetime
of RHEL 9.5 or Fedora 41. We want the ability to ship new
features and bugfixes in those OSes (especially RHEL9.5).
So given that we have a newer bootc in the target container, we can
do this:
And will fix things up. Of course there's fun $details here...the
way Anaconda implements
%postis via a hand-augmentedchrooti.e. a degenerate container, and we need to escape that and
fix some things up (such as a missing cgroupfs mount).
Summmary
%postabove as a workaround.Implementation details: Cross-linking bootc and ostree-rs-ext
This whole thing is very confusing because now, the linkage
between bootc and ostree-rs-ext is bidirectional. In the case
of
bootc install to-filesystem, we end up calling into ostree-rs-ext,and we must not recurse back into bootc, because at least for
kernel arguments we might end up applying them twice. We do
this by passing a CLI argument.
The second problem is the crate-level dependency; right now they're
independent crates so we can't have ostree-rs-ext actually
call into bootc directly, as convenient as that would be. So we
end up forking ourselves as a subprocess. But that's not too bad
because we need to carry a subprocess-based entrypoint anyways
for the Anaconda
%postcase.Implementation details: /etc/resolv.conf
There's some surprising stuff going on in how Anaconda handles
/etc/resolv.confin the target root that I got burned by. InFedora it's trying to query if systemd-resolved is enabled in
the target or something?
I ended up writing some code to just try to paper over this
to ensure we have networking in the
%postwhere we needit to fetch LBIs.
Signed-off-by: Colin Walters [email protected]