-
Notifications
You must be signed in to change notification settings - Fork 108
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support osbuild format v2 #1244
Conversation
95ef0b9
to
1f49d64
Compare
I would prefer for it to remain |
Not a big deal I think, but it is a good point that an "edge container" is a bit undefined, now that @achilleas-k mentions it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is amazing! An impressive amount of work in very challenging circumstances. Love that this sets up the basics for the future, while making the right tradeoffs on temporary solutions. A couple of requests inline about the worker API.
@@ -123,3 +126,52 @@ func (cr *Result) Write(writer io.Writer) error { | |||
|
|||
return nil | |||
} | |||
|
|||
func (cr *Result) UnmarshalJSON(data []byte) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is obviously completely bonkers, but in a very impressive way. I think it hits the right balance between getting something useful and something we can use now. Let's go with this, and refactor once we have settled on the final format and have the luxury of more time.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This definitely needs a bit of discussion. We could define the output schema for osbuild and rely on it, or we could keep it flexible not bother processing it on the receiving end in composer. I think @gicmo told me he'd prefer it wasn't parsed and was assumed completely opaque, but I might be misremembering.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm fine with keeping this as-is for now, what do you think @gicmo? I agree that keeping it opaque might be nicer and all we really need (we just dump it as logs anyway), but we do anyway parse the result in some cases (koji), so I'm not sure we gain anything by not parsing it?
a940d54
to
2417ee0
Compare
New commits add the Marking PR as ready. |
2417ee0
to
2f0601b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is great! Let's work with @henrywang to adapt the ostree-ng.sh
test-case, and then this is good to go I think!
Forgot: had one nit, see inline comment.
2f0601b
to
1527205
Compare
@achilleas-k, I found worker unit file changed from |
@achilleas-k, I can import edge container image without any error. But I can't run it.
From code, httpd should be installed and it's run by CMD. But looks it does not work in this case. |
Try one of the following:
|
@henrywang I get the same behaviour when I As for the service/socket files: I don't think anything has changed there recently. The worker service depends on worker socket, so the socket starts automatically when you start the service. I think the test doesn't require any changes there. |
Thanks for clearing this.
|
89f2b70
to
6adb283
Compare
rather than unmarshaling the pipeline, could we just always name the last one "assembler"? |
I suppose that would make things simpler. |
Found the issue there. https isn't added to the container. At some point while finalising the changes, I must have dropped it from the package list for the container. I'm fixing it now. |
6adb283
to
76d5d5b
Compare
New commits contain some rebasing with older commits so here's a list of changes:
|
76d5d5b
to
d5bcb6b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! I particularly like that you reuse the package sets/services now.
Heh, that seems like a hack. Not strongly against it, but is that meant to stay like that? Or just for now? |
We need to add the URL to the manifest as an ostree source repo so that osbuild can pull the commit to embed it in the boot ISO for the new rhel-edge-installer image type.
New image type that generates a Boot ISO. The ISO contains a RHEL Edge commit and an installer. On Boot, it sets up a new RHEL Edge system with the commit. The RHEL Edge commit (ostree commit) is downloaded during build from a URL that should be supplied with the compose request. The commit's hash and URL need to be added to the Sources list in the Manifest. Unlike other types, the new image type defines its own "build" package set that is added to the distro and arch build package lists.
The new rhel-edge-installer requires unreleased fixes: osbuild/osbuild#610 osbuild/osbuild#611
New stage option added in osbuild osbuild/osbuild#611 System ID is used by osinfo to identify the RHEL boot ISOs, where the system ID is "LINUX".
The ostree-ng will only be run on RHEL 8.4 because rhel-edge-container and rhel-edge-installer image type are supported by RHEL 8.4 only
We only support one combination for now, but let's stay compatible with the old tests. This fixes the places where these variables are still used.
The public key should be osbuild-composer CI's key, not my local test one
In the Anaconda pipeline, the kickstart stage should fetch the commit we're embedding. It was mistakenly trying to fetch from the URL used to build the image instead.
677a6b6
to
4af5cf6
Compare
User home directories don't survive the rpm-ostree stage. They are converted to systemd-tmpfiles via rpm-ostree post-process, but the contents are left behind, so any keys we add to the authorized_keys file will be gone. This stage sets up a first-boot service that writes the user's public key to the file in the home directory during the first system boot.
4af5cf6
to
1b0e9e3
Compare
It's been fixed already by commit 1b0e9e3
Pinning to v27: Released, but not available in repo snapshots yet. Contains fix for home directories when using ostree: osbuild/osbuild#613
94baea8
to
3da1b8b
Compare
For the new features, we need a very recent release of Anaconda.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks to everyone who helped on this massive effort! @achilleas-k @henrywang and @gicmo in particular!
Bug fix for changes introduced in osbuild#1244. The new image types, rhel-edge-container and rhel-edge-installer, would ignore the user-supplied ostree ref and use the default everywhere. The default should only be used when a ref is not specified, which the weldr API takes care of before calling the Manifest() method.
Bug fix for changes introduced in osbuild#1244. The new image types, rhel-edge-container and rhel-edge-installer, would ignore the user-supplied ostree ref and use the default everywhere. The default should only be used when a ref is not specified, which the weldr API takes care of before calling the Manifest() method.
Bug fix for changes introduced in #1244. The new image types, rhel-edge-container and rhel-edge-installer, would ignore the user-supplied ostree ref and use the default everywhere. The default should only be used when a ref is not specified, which the weldr API takes care of before calling the Manifest() method.
Bug fix for changes introduced in #1244. The new image types, rhel-edge-container and rhel-edge-installer, would ignore the user-supplied ostree ref and use the default everywhere. The default should only be used when a ref is not specified, which the weldr API takes care of before calling the Manifest() method.
This pull request includes:
Opening as draft for review and CI. Unit tests are covered but needs image type test cases and news item.
OSBuild Manifest Format Version 2!
This PR adds support for the new Manifest schema for OSBuild, introduced as a tech preview in v25. The new packages,
osbuild2
contains the new types (Stages, Sources, etc.) which mostly consists of copies of the types from the oldosbuild
package with small adaptations, and adds new types introduced in OSBuild. The old package is renamed toosbuild1
.New Image Types
A new implementation of the ImageType interface is added in the
rhel84
distro which generates Manifests based on the new schema. It adds two new image types (rhel-edge-container
image type for x86_64 and aarch64). The target creates a container that, when run, serves an OSTree commit.General Notes
Image Type Name
I've been using
rhel-edge-container
while writing it and I see that name is also in @jkozol's draft PR in composer. I'm wondering if that's accurate for the container that's serving the commit. I was thinking about renaming it torhel-edge-commit-container
but that's a bit long, though I'm not sure it matters much one way or another.Decoding types with interface fields
Types that contain interfaces with multiple implementations implement their own
UnmarshalJSON()
method. They use a JSON decoder with theDisallowUnknownFields
option to catch errors during the deserialization while trying to determine which implementation matches the raw data.Log output
Log output from OSBuild has a very different format when using the new schema. The
osbuild1.Result
object now supports unmarshalling the new format and adapting it to the old format. Refer to the corresponding commit message for more information.Stage packages
The ImageType interface defines two sets of packages: Build packages and image packages. The former is used to set up the build environment (during the Build stage) and the latter is the list of packages that are meant to be installed in the final output image.
With the new Manifest, the idea of an explicit Build stage is gone. Instead we can define multiple Pipelines, each with its own set of stages. Each of these Pipelines might require its own set of packages. For the new image type, for example, we would need three package sets: One for the first pipeline (which in the old format would have been the build stage), one for the commit that will be delivered, and one for the container that serves the commit (which should only be
httpd
+ dependencies). Since we can't define that last package set explicitly, the image type reuses the build packages for the container.In the (very near) future, we should generalise the ImageType interface to allow defining a separate package set for each Pipeline in the Manifest.