Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Roadmap to Fedora Bootable Containers #1726

Open
4 of 7 tasks
travier opened this issue May 13, 2024 · 8 comments
Open
4 of 7 tasks

Roadmap to Fedora Bootable Containers #1726

travier opened this issue May 13, 2024 · 8 comments
Labels
area/bootable-containers Related to the bootable containers effort. kind/enhancement

Comments

@travier
Copy link
Member

travier commented May 13, 2024

Notes

  • This is a proposed roadmap that is subject to change and refinement
  • While not complete nor matching the current Fedora bootable container images, you can already use Fedora CoreOS with container images, but we currently don't recommend that as it comes with important caveats.

Roadmap

Building and publishing Bootable Container images

Switching to Bootable Container images by default

DNF5 integration

bootc integration

Bootimages

Local package layering

Rebasing on Fedora Bootc manifests

Rebasing on Fedora Bootc container images

Anaconda

Investigate Konflux CI/CD

See if we can build FCOS using Konflux: https://gist.github.com/ralphbean/a3644111a549e8cedb0b207f90d42dc9

Documentation updates

  • We will likely have to update the documentation to link to the Fedora Bootable Containers docs.

Issues that needs to be triaged / refocused

See also all the issues tagged with bootable-containers: https://github.com/coreos/fedora-coreos-tracker/issues?q=is%3Aopen+label%3Aarea%2Fbootable-containers+sort%3Aupdated-desc

References

See:

See for Fedora Atomic Desktops: https://gitlab.com/fedora/ostree/sig/-/issues/26

@travier travier added area/bootable-containers Related to the bootable containers effort. kind/enhancement meeting topics for meetings labels May 13, 2024
@cgwalters
Copy link
Member

Thanks so much for putting this together!

@cgwalters
Copy link
Member

Any objections if we let the fedora-bootc related discussion "double up" as part of the current fcos community meeting? Basically maybe ~40 minutes for this topic which would also include e.g. things related to https://gitlab.com/fedora/ostree/sig/-/issues/26 etc?

@jlebon
Copy link
Member

jlebon commented May 15, 2024

Any objections if we let the fedora-bootc related discussion "double up" as part of the current fcos community meeting?

I wonder actually if we should schedule a community video meeting to discuss this. I guess it's too late for today but could be next week's.

@travier
Copy link
Member Author

travier commented May 15, 2024

What do you mean by double up? I would prefer we keep the Fedora CoreOS meeting distinct for now.

We can however include the Atomic SIG topics into the bootc one as we are not having Atomic SIG meetings right now.

@jasonbrooks
Copy link
Collaborator

What do you mean by double up? I would prefer we keep the Fedora CoreOS meeting distinct for now.

We can however include the Atomic SIG topics into the bootc one as we are not having Atomic SIG meetings right now.

I think @cgwalters just meant double up for next week, or something, inviting additional people to talk about bootc at the same time that FCOS folks do.

@travier
Copy link
Member Author

travier commented Jun 3, 2024

As I'm working on Live ISO support for Atomic Desktops, I'm experimenting with using a container layer to include all the tools needed for the Live ISO / installer instead of including them in the base image by default: https://github.com/travier/fedora-kinoite/blob/main/fedora-kinoite-live/Containerfile

Thinking about this more, we could use the same approach for Ignition and related first boot elements. We would include those in a container layer and rebuild the initrd and use this "derived" container to generate all the disk images. Systems installed this way would be pointed to the image without the first boot layer, that will thus "disappear" from the system on the first update.

We would thus have two container tags for each release, once with and one without the first boot layer.

Ideally we would also produce a container image that does not include an initrd, then we layer the initrd to create the "normal" base image which is delivered on updates.

Same idea but for podman/moby-engine as well: #1723

- FCOS image with no-initrd, no first boot tools, no podman & moby-engine (base/core)
    |
     ---> layer podman & moby-engine
    |     |
    |      ---> layer initrd (full)
    |     |
    |      ---> layer first boot tools & build initrd (full-first-boot)
    |
     ---> layer initrd (minimal)
    |
     ---> layer first boot tools & build initrd (minimal-first-boot)

@travier
Copy link
Member Author

travier commented Aug 29, 2024

You may encounter issues when layering packages that comes with their own SELinux policy modules in container layers. See: ostreedev/ostree-rs-ext#510 (tracked in https://gitlab.com/fedora/ostree/sig/-/issues/45 for the Atomic Desktops)

@lmilbaum
Copy link

Do we want to add a CI/CD section to the roadmap? Onboarding to Konflux might be a relevant task. WDYT?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/bootable-containers Related to the bootable containers effort. kind/enhancement
Projects
None yet
Development

No branches or pull requests

5 participants