Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HMS-3235 import containers in local containers-storage #306

Merged
merged 8 commits into from
Jan 10, 2024
Merged

HMS-3235 import containers in local containers-storage #306

merged 8 commits into from
Jan 10, 2024

Conversation

kingsleyzissou
Copy link
Contributor

@kingsleyzissou kingsleyzissou commented Dec 7, 2023
edited
Loading

This PR adds the ability to import containers from local containers-storage. It additionally, adds the ability to specify a custom storage path that a user can configure. This will then update the configurations for the /etc/containers/storage.conf file and add the storage path to the additional image stores.

Jira: https://issues.redhat.com/browse/HMS-3235

@kingsleyzissou
Copy link
Contributor Author

kingsleyzissou commented Dec 7, 2023
edited
Loading

Depends on osbuild/osbuild#1489.

I have tested this locally and it pulls in the container. It's just hard to add a test for this with the current setup.

@kingsleyzissou kingsleyzissou force-pushed the containers-storage branch 3 times, most recently from b0bec51 to fa7e0ab Compare December 12, 2023 13:10
@kingsleyzissou
Copy link
Contributor Author

kingsleyzissou commented Dec 12, 2023
edited
Loading

I've made it possible to configure the image store to which the containers get saved, given the following blueprint:

{
  "name": "embed-containers",
  "blueprint": {
    "packages": [
      {
        "name": "podman",
        "version": "*"
      }
    ],
    "containers": [
      {
        "source": "registry.gitlab.com/redhat/services/products/image-builder/ci/osbuild-composer/fedora-minimal"
      },
      {
        "source": "localhost/hello",
        "containers-transport": "containers-storage"
      }
    ],
    "customizations": {
      "containers-storage": {
        "storage-path": "/ostree/container-storage"
      }
    }
  }
}

We get the following output from the image-info tool:

[
  {
    "Created": "2023-12-12T12:54:40.001637346Z",
    "Digest": "sha256:d8bac64df06e506dd2e285a9e52ea86ee276637d1ad1cf1c89bb1f3b80b0d5ad",
    "Id": "5dc7f15873a23033de66f8734cb61969a9c749ded0cfb56300e785bfaf5ef528",
    "Names": [
      "localhost/hello:latest"
    ]
  },
  {
    "Created": "2022-07-11T13:16:13Z",
    "Digest": "sha256:4d76a7480ce1861c95975945633dc9d03807ffb45c64b664ef22e673798d414b",
    "Id": "d4ee87dab8193afad523b1042b9d3f5ec887555a704e5aaec2876798ebb585a6",
    "Names": [
      "registry.gitlab.com/redhat/services/products/image-builder/ci/osbuild-composer/fedora-minimal:latest"
    ]
  }
]

I had to update image-info to check all the stores in the /etc/containers/storage.conf file (it might be clearer to show the store location?)

@kingsleyzissou kingsleyzissou mentioned this pull request Dec 12, 2023
Merged
@kingsleyzissou kingsleyzissou marked this pull request as ready for review December 12, 2023 16:38
@kingsleyzissou kingsleyzissou changed the title [WIP] Containers storage HMS-3235 import containers in local containers-storage Dec 12, 2023
@achilleas-k
Copy link
Member

Does the ContainersStorage customization in the blueprint control both where to get containers from and where to install them?

I think we need to separate two things here:

  1. The path to the local container storage on the host where a container source will be pulled from.
  2. The path where a container will be stored in the image when it's embedded during a build.

The customization in the blueprint is, I think, good for 2., configuring the container storage path for the image itself.
But this path should be the same for both. For example, it should be possible to have containers on the host at /var/lib/containers, pull them from there, and then install them into the image at /usr/share/containers, if you're building an ostree-based image from a non-ostree host.
But for 1. I think the option should be separate for each container. I'm imagining a scenario where we're building an image (of any type) and we want to pull several containers, some from a registry and others from the local storage, and then we also want to control where they're stored in the image. In that case, I'm imagining the blueprint looking like this:

{
  "name": "embed-containers",
  "blueprint": {
    "packages": [
      {
        "name": "podman",
        "version": "*"
      }
    ],
    "containers": [
      {
        "source": "registry.gitlab.com/redhat/services/products/image-builder/ci/osbuild-composer/fedora-minimal"
      },
      {
        "source": "localhost/hello",
        "containers-transport": "containers-storage",
        "storage-location": "/var/lib/containers/storage"
      }
    ],
    "customizations": {
      "containers-storage": {
        "storage-path": "/data/containers/storage"
      }
    }
  }
}

@kingsleyzissou
Copy link
Contributor Author

Does the ContainersStorage customization in the blueprint control both where to get containers from and where to install them?

I think we need to separate two things here:

  1. The path to the local container storage on the host where a container source will be pulled from.

  2. The path where a container will be stored in the image when it's embedded during a build.

The customization in the blueprint is, I think, good for 2., configuring the container storage path for the image itself.

But this path should be the same for both. For example, it should be possible to have containers on the host at /var/lib/containers, pull them from there, and then install them into the image at /usr/share/containers, if you're building an ostree-based image from a non-ostree host.

But for 1. I think the option should be separate for each container. I'm imagining a scenario where we're building an image (of any type) and we want to pull several containers, some from a registry and others from the local storage, and then we also want to control where they're stored in the image. In that case, I'm imagining the blueprint looking like this:

{

  "name": "embed-containers",

  "blueprint": {

    "packages": [

      {

        "name": "podman",

        "version": "*"

      }

    ],

    "containers": [

      {

        "source": "registry.gitlab.com/redhat/services/products/image-builder/ci/osbuild-composer/fedora-minimal"

      },

      {

        "source": "localhost/hello",

        "containers-transport": "containers-storage",

        "storage-location": "/var/lib/containers/storage"

      }

    ],

    "customizations": {

      "containers-storage": {

        "storage-path": "/data/containers/storage"

      }

    }

  }

}

Yeah spot on. The customisation is for the destination so that answers #2.

And your suggestion for number #1 (the storage path) will work, it was only checking /var/lib/containers/storage. Maybe we could leave that as a sane default?

@achilleas-k
Copy link
Member

Maybe we could leave that as a sane default?

Definitely yeah. Unless it's more correct to read the storage.conf file.

@kingsleyzissou
Copy link
Contributor Author

kingsleyzissou commented Dec 13, 2023
edited
Loading

Maybe we could leave that as a sane default?

Definitely yeah. Unless it's more correct to read the storage.conf file.

Ah you're right, skopeo reads the the storage.conf file. So makes more sense to use that.

Edit: I tested it out and it's all good (just need to extend the skopeo sources in osbuild

@kingsleyzissou
Copy link
Contributor Author

This is needed: osbuild/osbuild#1504

@kingsleyzissou kingsleyzissou force-pushed the containers-storage branch 2 times, most recently from 925f053 to 886005b Compare December 13, 2023 22:26
@bcl
Copy link
Contributor

bcl commented Dec 14, 2023 

    {
        "source": "localhost/hello",
        "containers-transport": "containers-storage",
        "storage-location": "/var/lib/containers/storage"
      }

This is the source storage location, right? It seems mildly confusing to call it storage-location instead of something like source-location.

@kingsleyzissou
Copy link
Contributor Author 

    {
        "source": "localhost/hello",
        "containers-transport": "containers-storage",
        "storage-location": "/var/lib/containers/storage"
      }

This is the source storage location, right? It seems mildly confusing to call it storage-location instead of something like source-location.

Yeah this is a great point. Maybe we could flip this on it's head a bit? Rename the customization to destination-path or dest-storage? And then rename the source to storage-path (or even be more explicit and go with source-path?). Location seems a bit too vague.

{
    "source": "localhost/hello",
    "containers-transport": "containers-storage",
    "source-path": "/var/lib/containers/storage"
}

and

{
    "customizations": {
        "containers-storage": {
            "destination-path": "/data/containers/storage"
        }
    }
}

@bcl
Copy link
Contributor

bcl commented Dec 15, 2023

I like that! It's consistent between the two related parts with *-path and I don't have to read it twice to understand what it's supposed to be doing.

achilleas-k
achilleas-k approved these changes Dec 18, 2023
View reviewed changes
Copy link
Member

@achilleas-k achilleas-k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 🚀

achilleas-k
achilleas-k requested changes Dec 18, 2023
View reviewed changes
Copy link
Member

@achilleas-k achilleas-k left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removing approval. Option rename pending.

(also osbuild PR 😅)

achilleas-k
achilleas-k previously approved these changes Jan 2, 2024
View reviewed changes
Copy link
Member

@achilleas-k achilleas-k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All sorted now. LGTM!

@achilleas-k
Copy link
Member

Oh, the CI runners need btrfs-tools installed now too. It's a build dependency of the project. Can you update the test configs to install it?

  • .gitlab-ci.yml
  • test/scripts/configure-generators
  • test/scripts/generate-build-config
  • test/scripts/generate-ostree-build-config

Also update the contribution guides (docs/developer/README.md and CONTRIBUTING.md.

Now that I'm listing it all I realise this should all probably be defined in one location. A script or some equivalent to a Python package's requirements.txt that we can point to and read from every other location.

@kingsleyzissou
Copy link
Contributor Author

Now that I'm listing it all I realise this should all probably be defined in one location. A script or some equivalent to a Python package's requirements.txt that we can point to and read from every other location.

Sounds like a good idea. Since we're referencing it in multiple places. I will update the PR

mvo5
mvo5 reviewed Jan 4, 2024
View reviewed changes
Copy link
Contributor

@mvo5 mvo5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for this PR! I gave it a read mostly of curiosity to learn a bit more about this area and put in some suggestions/ideas/questions. Looks nice and nothing is a blocker but maybe some of the comments are helpful :)

pkg/container/client.go Outdated Show resolved Hide resolved
pkg/distro/fedora/imagetype.go Outdated Show resolved Hide resolved
pkg/distro/rhel7/images.go Outdated Show resolved Hide resolved
pkg/distro/fedora/images.go Show resolved Hide resolved
pkg/osbuild/skopeo_index_source.go Outdated Show resolved Hide resolved
pkg/osbuild/skopeo_source_test.go Show resolved Hide resolved
pkg/osbuild/skopeo_source.go Outdated Show resolved Hide resolved
@kingsleyzissou kingsleyzissou force-pushed the containers-storage branch 5 times, most recently from 50fdc91 to 9c72009 Compare January 5, 2024 14:59
@kingsleyzissou
tests: update dependencies for tests
e34b24d 
Enabling container resolution for container images in
`containers-storage` requires additional dependencies to compile the
code.

Jira: https://issues.redhat.com/browse/HMS-3235
@kingsleyzissou
pkg/blueprints: add local container fields
13bf49a 
Allow users to specify the `containers-transport` field and the
`storage-path` (optional) to the local containers storage. The
`containers-transport` field, at present, is an enum and the valid
transports are `docker` & `containers-storage`.

Jira: https://issues.redhat.com/browse/HMS-3235
@kingsleyzissou
osbuild/skopeo_source: add containers transport
100182c 
Add an enum to the skopeo source for the containers-transport [1] type,
since we would like to initially check for containers with the
`containers-storage` transport in addition to the existing `docker`
transport. This could later be extended for other transports too.

Jira: https://issues.redhat.com/browse/HMS-3235

[1] CONTAINERS-TRANSPORTS(5)
@kingsleyzissou
pkg/container: resolve local containers
4e7fc87 
Update the containers resolver to resolve containers in local
`containers-storage`. This required the go package
`github.com/containers/image/v5/transports/alltransports` as a
dependency.

Jira: https://issues.redhat.com/browse/HMS-3235
@kingsleyzissou
pkg/blueprint: container storage store path
f9cbb9f 
Allow users to specify `containers-storage` customizations. At the
moment, only the `storage-path` for an addititional `containers-storage`
is enabled. The `storage-type` and `transport` are not configurable,
but could be enabled at a later stage.

Jira: https://issues.redhat.com/browse/HMS-3235
@kingsleyzissou
pkg/manifest: refactor ostree container storage
6d0983e 
`ostree` images require an alternative `containers-storage` since
`/var/lib` is not writeable. This commit moves the logic to the distro
in preparation for a configurable storage path for additional container
image stores.

Jira: https://issues.redhat.com/browse/HMS-3235
@kingsleyzissou
pkg/manifest: enable pytoml dependency
776e3c4 
Custom container image stores will also require the `python-toml` or
`toml` package (depending on the distro).

Jira: https://issues.redhat.com/browse/HMS-3235
@kingsleyzissou
distro/multi: additional container storage
e2c6abb 
Enable a custom storage path for containers to be pulled into.

Jira: https://issues.redhat.com/browse/HMS-3235
achilleas-k
achilleas-k approved these changes Jan 10, 2024
View reviewed changes
Copy link
Member

@achilleas-k achilleas-k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀 🎉

@achilleas-k achilleas-k added this pull request to the merge queue Jan 10, 2024
Merged via the queue into osbuild:main with commit 0c7703c Jan 10, 2024
10 checks passed
achilleas-k added a commit to achilleas-k/osbuild-composer that referenced this pull request Jan 22, 2024
@achilleas-k
blueprint: update Container struct
d46dc5a 
The Container struct in the Blueprint was expanded as part of local
containers-storage feature [1].  Adding and testing support for this
feature will require more work.  For now, let's explicitly ignore the
fields during the Blueprint copying so we can update the images
dependency.

[1] osbuild/images#306
@achilleas-k achilleas-k mentioned this pull request Jan 22, 2024
Closed
@kingsleyzissou kingsleyzissou deleted the containers-storage branch May 2, 2024 11:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@achilleas-k achilleas-k achilleas-k approved these changes

@ondrejbudai ondrejbudai Awaiting requested review from ondrejbudai

@mvo5 mvo5 Awaiting requested review from mvo5

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@kingsleyzissou @achilleas-k @bcl @mvo5