Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

unified core 🌐 migration #729

Open
cgwalters opened this issue Apr 6, 2017 · 12 comments
Open

unified core 🌐 migration #729

cgwalters opened this issue Apr 6, 2017 · 12 comments

Comments

@cgwalters
Copy link
Member

cgwalters commented Apr 6, 2017

Update: #940 has been merged, but more work remains.


When rpm-ostree was first created, the "build process" was basically "yum install --installroot + ostree commit". This was very simplistic obviously, but worked as a minimum viable product.

Since then, the project has grown much, much more sophisticated. In particular, "client side" package layering when it first landed worked in a different way where packages are imported into OSTree commits. Basically since then, rpm-ostree has grown a significant re-implementation of major parts of librpm. For example, we isolate scripts in containers.

The default for rpm-ostree compose tree is still the "old" path, and we'd like to drop it.

This does change some corner cases in behavior of the system, so out of conservatism it's still not enabled by default. We would like to eventually make it the default and drop the old path.

Porting

The simple answer is add --unified-core and it may just work.

However, trying this out in e.g. a bare mock root, selinux-policy is now a requirement. And you really want to use --cachedir.
Also, /dev/fuse becomes a requirement.

For best practices around this, the coreos-assembler sources are useful.

See: #1793

@cgwalters cgwalters changed the title unified core unified core 🌐 Apr 6, 2017
cgwalters added a commit to cgwalters/rpm-ostree that referenced this issue Apr 6, 2017
This gives scripts access to e.g. `/dev/urandom`.  Short term
hack until we implement coreos#729

The reason we don't need to explicitly clean these up before committing is right
now for treecompose we only lift `/usr` from the RPM content, so we don't run
into ostree refusing to commit devices.

Closes: coreos#727
rh-atomic-bot pushed a commit that referenced this issue Apr 7, 2017
This gives scripts access to e.g. `/dev/urandom`.  Short term
hack until we implement #729

The reason we don't need to explicitly clean these up before committing is right
now for treecompose we only lift `/usr` from the RPM content, so we don't run
into ostree refusing to commit devices.

Closes: #727

Closes: #730
Approved by: jlebon
cgwalters added a commit that referenced this issue Apr 11, 2017
This gives scripts access to e.g. `/dev/urandom`.  Short term
hack until we implement #729

The reason we don't need to explicitly clean these up before committing is right
now for treecompose we only lift `/usr` from the RPM content, so we don't run
into ostree refusing to commit devices.

Closes: #727
This was referenced Aug 23, 2017
cgwalters added a commit to cgwalters/rpm-ostree that referenced this issue Sep 1, 2017
At one point `rpm-ostree install libvirt` dragged in libguestfs which in turn
brought in `syslinux-extlinux-nonlinux` which has files in `/boot/extlinux`,
which we rejected.  (That dependency chain appears to have been fixed currently)

For the general case, this is just a partial fix in that we haven't nailed down
the semantics of how updates for `/boot` work.  But in this particular case,
we'll just break libguestfs' `extlinux` verb, which I'm OK with.

Another case is `fwupdate-efi` - we require manual intervention to copy the
data into `/boot` after installing the package.

This is also preparation for [unified core](coreos#729)
in that we now ensure imported kernels don't end up in `/boot` unless
explicitly configured.

Closes: coreos#853
rh-atomic-bot pushed a commit that referenced this issue Sep 5, 2017
At one point `rpm-ostree install libvirt` dragged in libguestfs which in turn
brought in `syslinux-extlinux-nonlinux` which has files in `/boot/extlinux`,
which we rejected.  (That dependency chain appears to have been fixed currently)

For the general case, this is just a partial fix in that we haven't nailed down
the semantics of how updates for `/boot` work.  But in this particular case,
we'll just break libguestfs' `extlinux` verb, which I'm OK with.

Another case is `fwupdate-efi` - we require manual intervention to copy the
data into `/boot` after installing the package.

This is also preparation for [unified core](#729)
in that we now ensure imported kernels don't end up in `/boot` unless
explicitly configured.

Closes: #853

Closes: #969
Approved by: jlebon
rh-atomic-bot pushed a commit that referenced this issue Sep 7, 2017
At one point `rpm-ostree install libvirt` dragged in libguestfs which in turn
brought in `syslinux-extlinux-nonlinux` which has files in `/boot/extlinux`,
which we rejected.  (That dependency chain appears to have been fixed currently)

For the general case, this is just a partial fix in that we haven't nailed down
the semantics of how updates for `/boot` work.  But in this particular case,
we'll just break libguestfs' `extlinux` verb, which I'm OK with.

Another case is `fwupdate-efi` - we require manual intervention to copy the
data into `/boot` after installing the package.

This is also preparation for [unified core](#729)
in that we now ensure imported kernels don't end up in `/boot` unless
explicitly configured.

Closes: #853

Closes: #969
Approved by: jlebon
cgwalters added a commit to cgwalters/rpm-ostree that referenced this issue Sep 8, 2017
Today in Fedora the `glibc-all-langpacks.posttrans` is implemented
in lua, for no good reason.  See:
https://bugzilla.redhat.com/show_bug.cgi?id=1367585

Since that's stalled out, let's add support for overrides.  This
is obviously a much bigger step with more long term maintenance
implications over our current "ignore scripts" list.  But we can't
block either.

This is needed for unified core work:
coreos#729

(We also override `fedora-release-atomichost` but I'll likely
 submit a patch for that upstream)
rh-atomic-bot pushed a commit that referenced this issue Sep 8, 2017
Today in Fedora the `glibc-all-langpacks.posttrans` is implemented
in lua, for no good reason.  See:
https://bugzilla.redhat.com/show_bug.cgi?id=1367585

Since that's stalled out, let's add support for overrides.  This
is obviously a much bigger step with more long term maintenance
implications over our current "ignore scripts" list.  But we can't
block either.

This is needed for unified core work:
#729

(We also override `fedora-release-atomichost` but I'll likely
 submit a patch for that upstream)

Closes: #980
Approved by: jlebon
cgwalters added a commit to cgwalters/rpm-ostree that referenced this issue Sep 11, 2017
Today in Fedora the `glibc-all-langpacks.posttrans` is implemented
in lua, for no good reason.  See:
https://bugzilla.redhat.com/show_bug.cgi?id=1367585

Since that's stalled out, let's add support for overrides.  This
is obviously a much bigger step with more long term maintenance
implications over our current "ignore scripts" list.  But we can't
block either.

This is needed for unified core work:
coreos#729

(We also override `fedora-release-atomichost` but I'll likely
 submit a patch for that upstream)
@cgwalters cgwalters changed the title unified core 🌐 unified core 🌐 tracker; issues to move out of ex Nov 17, 2017
@cgwalters
Copy link
Member Author

cgwalters commented Nov 17, 2017

Keeping this issue open for things to do to move --ex-unified-core to --unified-core, and then probably some time later flip the defaults so we have rpm-ostree compose tree --compat-libdnf.

cgwalters added a commit to cgwalters/ostree that referenced this issue Dec 14, 2017
Sadly https://sourceware.org/bugzilla/show_bug.cgi?id=22089 is I think going to
actually force us to cave here. Even if we got the glibc patch in today, we need
to support the RHEL glibc. See also discussion about fish as part of the general
Fedora tracker.

This is basically needed to unblock rpm-ostree unified core 🌐:
coreos/rpm-ostree#729

Closes: ostreedev#1377
cgwalters added a commit to cgwalters/ostree that referenced this issue Dec 14, 2017
Sadly https://sourceware.org/bugzilla/show_bug.cgi?id=22089 is I think going to
actually force us to cave here. Even if we got the glibc patch in today, we need
to support the RHEL glibc. See also discussion about fish as part of the general
Fedora tracker.

This is basically needed to unblock rpm-ostree unified core 🌐:
coreos/rpm-ostree#729

Closes: ostreedev#1377
cgwalters added a commit to cgwalters/ostree that referenced this issue Dec 28, 2017
Sadly https://sourceware.org/bugzilla/show_bug.cgi?id=22089 is I think going to
actually force us to cave here. Even if we got the glibc patch in today, we need
to support the RHEL glibc. See also discussion about fish as part of the general
Fedora tracker.

This is basically needed to unblock rpm-ostree unified core 🌐:
coreos/rpm-ostree#729

Closes: ostreedev#1377
rh-atomic-bot pushed a commit to ostreedev/ostree that referenced this issue Jan 5, 2018
Sadly https://sourceware.org/bugzilla/show_bug.cgi?id=22089 is I think going to
actually force us to cave here. Even if we got the glibc patch in today, we need
to support the RHEL glibc. See also discussion about fish as part of the general
Fedora tracker.

This is basically needed to unblock rpm-ostree unified core 🌐:
coreos/rpm-ostree#729

Closes: #1377

Closes: #1382
Approved by: jlebon
@jlebon
Copy link
Member

jlebon commented Nov 5, 2018

and then probably some time later flip the defaults so we have rpm-ostree compose tree --compat-libdnf.

Yeah, I think we're almost ready for that, right? Definitely still some minor issues to figure out (e.g. the locale issue we're seeing in RHCOS), but overall it's been pretty solid so far. Need to figure out how this intersects with Silverblue/FAH/IoT as well (have you tried composing a Silverblue tree in unified mode yet?)

@martinpitt
Copy link

I noticed the deprecation message when building my own ostree, and tried to add --unified-core. However, this fails with

error: importing RPMs: Importing package 'librados2': Importing archive: Writing content object: min-free-space-percent '3%' would be exceeded, at least 10,9 MB requested

This doesn't happen with the default. This isn't mentioned here or in the linked #1793

@cgwalters
Copy link
Member Author

What's the backing filesystem like for the repository? Is it pretty low on free space or not? Could it have been transiently full?

@martinpitt
Copy link

@cgwalters: I use a dynamic tmpfs, as (1) I'm not interested in permanently keeping it around, and (2) writing to disk is too slow:

tmpfs                    7,8G  4,0K  7,8G   1% /var/tmp/repo

My entire tree is < 2G, so far this has always worked fine.

I tried this again without a tmpfs on /var/home/repo, and that's bigger:

/dev/dm-2                189G  124G   56G  69% /var/home

but I get exactly the same problem, except on "kernel-core" instead of "librados2"; but I got it on different packages with tmpfs as well, there seems to be some randomness there.

@cgwalters
Copy link
Member Author

cgwalters commented Jul 12, 2020

Ah, I think I see the problem. With --unified-core, unless you specify --cachedir, we create one under /var/tmp. And that's probably on a limited space filesystem? (I personally strongly advocate using a mount point for /var btw and not just /var/home on ostree systems)

So does it work to specify --cachedir=/var/tmp/repo/cache or so?

BTW at a much higher level...rpm-ostree today is not at all optimized for this "compose repo locally" flow - but if you use unified core, it can be much better because the packages are cached in the ostree repo itself, so you only download changed packages.

The most in line though with rpm-ostree today is to use a separate server for building, or to switch to e.g. using a pre-shipped system FCOS/FSB as a base system and layering on things you want.

EDIT: I think we should warn when we're auto-creating a cachedir in --unified-core mode, will do a PR.

@martinpitt
Copy link

martinpitt commented Jul 12, 2020

@cgwalters: My compose.sh has always used --cachedir=/var/cache/ostree (on the root fs), as indeed keeping a permanent cache is really useful. And argh, indeed that was full -- over time that cache aggregated over 11 GB of stuff (apparently there's no automatic cleaning). After cleaning it up, taht indeed doesn't happen any more with --unified-core, including my usual "repo on tmpfs" approach. brown paperpag, I'm sorry for the noise!

It now fails with

error: Running %post for dpkg: Executing bwrap(/bin/sh): Child process killed by signal 1

but I better file this as a separate bug, instead of littering this one. Thanks for your help!y

Update: I took out dpkg-dev and python3-debian from my ostree compose, and it works fine now.

@cgwalters
Copy link
Member Author

And argh, indeed that was full -- over time that cache aggregated over 11 GB of stuff (apparently there's no automatic cleaning).

Yeah...one of the two hard problems in computer science 😉

In coreos-assembler we have this issue related to this: coreos/coreos-assembler#1495

error: Running %post for dpkg: Executing bwrap(/bin/sh): Child process killed by signal 1

That indeed looks exactly like a unified core compat issue, and indeed all the stuff in the package post is not allowed. In rpm-ostree we keep the RPM db in /usr of course. This use case for dpkg is weird because it's not really the system package manager...could make more sense to have it only be created on demand instead.

Alternatively a simple patch might be to just if ! test -w /var; then exit 0; fi.

See also https://bugzilla.redhat.com/show_bug.cgi?id=1352154

@cgwalters
Copy link
Member Author

And argh, indeed that was full -- over time that cache aggregated over 11 GB of stuff (apparently there's no automatic cleaning).

To extend on this slightly though...rpm-ostree does correctly handle caching for layered packages in the client case - it's basically "walk over deployments, query their rpmdb, add those to referenced set, then prune unreferenced pkgs". But on the server side we'd need to do it based on commit objects or so, and then we still need to handle things like the repodata which we're not committing into ostree today (though it could make sense).

This is just another variant of the "rpm-ostree is optimized for server side composes and client side layering, not client side composes yet".

@martinpitt
Copy link

Thanks @cgwalters! Indeed this is https://bugzilla.redhat.com/show_bug.cgi?id=1817258 . It's not crucial for me, I can run autopkgtest in toolbox (or so I hope..). Working now \o/

@henrywang
Copy link

I saw a lot of this kind of log when I build my own fedora 32 compose with --unified-core added.

systemd.prein: (2020-09-16  7:51:23:163230): [sss_cache] [confdb_init] (0x0010): Unable to open config database [/var/lib/sss/db/config.ldb]
systemd.prein: Could not open available domains
systemd.prein: groupadd: sss_cache exited with status 5
systemd.prein: groupadd: Failed to flush the sssd cache.

@henrywang
Copy link

henrywang commented Sep 16, 2020

I built my own fedora 32 compose with rpm-ostree compose tree --cachedir=/var/cache/ostree --repo=/var/tmp/repo xiaofeng-desktop.yaml. And compose/commit can boot without issue.
When I add --unified-core option, compose/commit can't boot. And have some strange logs. This kind of log can't be found without --unified-core option.

Running post scripts... openssl-libs
util-linux.post: mkdir: cannot create directory ‘/var/log’: Read-only file system
util-linux.post: touch: cannot touch '/var/log/lastlog': No such file or directory
util-linux.post: chown: cannot access '/var/log/lastlog': No such file or directory
⠠ Running post scripts... systemd-udev
systemd-udev.post: Failed to create directory /var/lib/systemd: Read-only file system

And

Running post scripts... cups
cups.post: Created symlink /etc/systemd/system/multi-user.target.wants/cups.path → /usr/lib/systemd/system/cups.path.
cups.post: Created symlink /etc/systemd/system/sockets.target.wants/cups.socket → /usr/lib/systemd/system/cups.socket.
cups.post: /usr/bin/touch: cannot touch '/var/log/cups/error_log': No such file or directory
cups.post: /usr/bin/ls: cannot access '/var/log/cups/error_log': No such file or directory
cups.post: /usr/bin/tail: cannot open '/var/log/cups/error_log' for reading: No such file or directory
cups.post: /usr/cups.post: line 49: /var/log/cups/error_log: No such file or directory
cups.post: /usr/bin/touch: cannot touch '/var/log/cups/access_log': No such file or directory
cups.post: /usr/bin/ls: cannot access '/var/log/cups/access_log': No such file or directory
cups.post: /usr/bin/tail: cannot open '/var/log/cups/access_log' for reading: No such file or directory
cups.post: /usr/cups.post: line 49: /var/log/cups/access_log: No such file or directory
cups.post: /usr/bin/touch: cannot touch '/var/log/cups/page_log': No such file or directory
cups.post: /usr/bin/ls: cannot access '/var/log/cups/page_log': No such file or directory
cups.post: /usr/bin/tail: cannot open '/var/log/cups/page_log' for reading: No such file or directory
cups.post: /usr/cups.post: line 49: /var/log/cups/page_log: No such file or director⠤ 

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants