lib/deploy: Add support for overlay initrds #2155
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jlebon
added a commit
to jlebon/rpm-ostree
that referenced
this pull request
Jul 24, 2020
This command allows users to cheaply inject configuration files in the
initramfs stage without having to regenerate the whole initramfs. This
will be useful for configuring services involved in bringing up the root
block device.
```
$ echo 'hello world' > /etc/foobar
$ rpm-ostree ex initramfs-etc --track /etc/foobar
Checking out tree 9a817d7... done
Writing OSTree commit... done
Staging deployment... done
Run "systemctl reboot" to start a reboot
$ rpm-ostree status
State: idle
Deployments:
ostree://fedora:fedora/x86_64/coreos/testing-devel
Version: 32.20200716.dev.1 (2020-07-16T02:47:29Z)
BaseCommit: 9a817d75bef81b955179be6e602d1e6ae350645b6323231a62ba2ee6e5b9644b
GPGSignature: (unsigned)
InitramfsEtc: /etc/foobar
Unlocked: development
● ostree://fedora:fedora/x86_64/coreos/testing-devel
Version: 32.20200716.dev.1 (2020-07-16T02:47:29Z)
Commit: 9a817d75bef81b955179be6e602d1e6ae350645b6323231a62ba2ee6e5b9644b
GPGSignature: (unsigned)
$ reboot
(boot into rd.break)
sh-5.0# cat /etc/foobar
hello world
```
See the libostree side of this at:
ostreedev/ostree#2155
Lots more discussions in:
coreos/fedora-coreos-tracker#94
jlebon
added a commit
to jlebon/rpm-ostree
that referenced
this pull request
Jul 25, 2020
This command allows users to cheaply inject configuration files in the
initramfs stage without having to regenerate the whole initramfs. This
will be useful for configuring services involved in bringing up the root
block device.
```
$ echo 'hello world' > /etc/foobar
$ rpm-ostree ex initramfs-etc --track /etc/foobar
Checking out tree 9a817d7... done
Writing OSTree commit... done
Staging deployment... done
Run "systemctl reboot" to start a reboot
$ rpm-ostree status
State: idle
Deployments:
ostree://fedora:fedora/x86_64/coreos/testing-devel
Version: 32.20200716.dev.1 (2020-07-16T02:47:29Z)
BaseCommit: 9a817d75bef81b955179be6e602d1e6ae350645b6323231a62ba2ee6e5b9644b
GPGSignature: (unsigned)
InitramfsEtc: /etc/foobar
Unlocked: development
● ostree://fedora:fedora/x86_64/coreos/testing-devel
Version: 32.20200716.dev.1 (2020-07-16T02:47:29Z)
Commit: 9a817d75bef81b955179be6e602d1e6ae350645b6323231a62ba2ee6e5b9644b
GPGSignature: (unsigned)
$ reboot
(boot into rd.break)
sh-5.0# cat /etc/foobar
hello world
```
See the libostree side of this at:
ostreedev/ostree#2155
Lots more discussions in:
coreos/fedora-coreos-tracker#94
|
There's no use case I can think of for a "pristine" ostree shipping multiple initramfses. So what if instead
IOW we think of this more like kernel arguments (which don't affect the commit checksum). |
jlebon
added a commit
to jlebon/rpm-ostree
that referenced
this pull request
Aug 13, 2020
This command allows users to cheaply inject configuration files in the
initramfs stage without having to regenerate the whole initramfs. This
will be useful for configuring services involved in bringing up the root
block device.
```
$ echo 'hello world' > /etc/foobar
$ rpm-ostree ex initramfs-etc --track /etc/foobar
Checking out tree 9a817d7... done
Writing OSTree commit... done
Staging deployment... done
Run "systemctl reboot" to start a reboot
$ rpm-ostree status
State: idle
Deployments:
ostree://fedora:fedora/x86_64/coreos/testing-devel
Version: 32.20200716.dev.1 (2020-07-16T02:47:29Z)
BaseCommit: 9a817d75bef81b955179be6e602d1e6ae350645b6323231a62ba2ee6e5b9644b
GPGSignature: (unsigned)
InitramfsEtc: /etc/foobar
Unlocked: development
● ostree://fedora:fedora/x86_64/coreos/testing-devel
Version: 32.20200716.dev.1 (2020-07-16T02:47:29Z)
Commit: 9a817d75bef81b955179be6e602d1e6ae350645b6323231a62ba2ee6e5b9644b
GPGSignature: (unsigned)
$ reboot
(boot into rd.break)
sh-5.0# cat /etc/foobar
hello world
```
See the libostree side of this at:
ostreedev/ostree#2155
Lots more discussions in:
coreos/fedora-coreos-tracker#94
jlebon
force-pushed
the
pr/add-initrds
branch
2 times, most recently
from
5dc1f01 to
58b1f03
Compare
jlebon
added a commit
to jlebon/rpm-ostree
that referenced
this pull request
Aug 13, 2020
This command allows users to cheaply inject configuration files in the
initramfs stage without having to regenerate the whole initramfs (or
even a new OSTree commit). This will be useful for configuring services
involved in bringing up the root block device.
```
$ echo 'hello world' > /etc/foobar
$ rpm-ostree ex initramfs-etc --track /etc/foobar
Staging deployment... done
Run "systemctl reboot" to start a reboot
$ rpm-ostree status
State: idle
Deployments:
ostree://fedora:fedora/x86_64/coreos/testing-devel
Version: 32.20200716.dev.1 (2020-07-16T02:47:29Z)
Commit: 9a817d75bef81b955179be6e602d1e6ae350645b6323231a62ba2ee6e5b9644b
GPGSignature: (unsigned)
InitramfsEtc: /etc/foobar
Unlocked: development
● ostree://fedora:fedora/x86_64/coreos/testing-devel
Version: 32.20200716.dev.1 (2020-07-16T02:47:29Z)
Commit: 9a817d75bef81b955179be6e602d1e6ae350645b6323231a62ba2ee6e5b9644b
GPGSignature: (unsigned)
$ reboot
(boot into rd.break)
sh-5.0# cat /etc/foobar
hello world
```
See the libostree side of this at:
ostreedev/ostree#2155
Lots more discussions in:
coreos/fedora-coreos-tracker#94
|
OK, updated this now based on feedback and coreos/rpm-ostree#2170 (comment). We no longer look for the additional initramfses in the tree; it's instead passed via the new deploy APIs, checksummed, copied into |
jlebon
added a commit
to jlebon/rpm-ostree
that referenced
this pull request
Aug 14, 2020
This command allows users to cheaply inject configuration files in the
initramfs stage without having to regenerate the whole initramfs (or
even a new OSTree commit). This will be useful for configuring services
involved in bringing up the root block device.
```
$ echo 'hello world' > /etc/foobar
$ rpm-ostree ex initramfs-etc --track /etc/foobar
Staging deployment... done
Run "systemctl reboot" to start a reboot
$ rpm-ostree status
State: idle
Deployments:
ostree://fedora:fedora/x86_64/coreos/testing-devel
Version: 32.20200716.dev.1 (2020-07-16T02:47:29Z)
Commit: 9a817d75bef81b955179be6e602d1e6ae350645b6323231a62ba2ee6e5b9644b
GPGSignature: (unsigned)
InitramfsEtc: /etc/foobar
Unlocked: development
● ostree://fedora:fedora/x86_64/coreos/testing-devel
Version: 32.20200716.dev.1 (2020-07-16T02:47:29Z)
Commit: 9a817d75bef81b955179be6e602d1e6ae350645b6323231a62ba2ee6e5b9644b
GPGSignature: (unsigned)
$ reboot
(boot into rd.break)
sh-5.0# cat /etc/foobar
hello world
```
See the libostree side of this at:
ostreedev/ostree#2155
Lots more discussions in:
coreos/fedora-coreos-tracker#94
jlebon
changed the title
|
Split out the trivial/prep patches into #2172. |
openshift-merge-robot
added a commit
that referenced
this pull request
Aug 17, 2020
Miscellaneous patches split out of #2155
cgwalters
reviewed
Aug 18, 2020
jlebon
force-pushed
the
pr/add-initrds
branch
from
5cce5f2 to
83c8505
Compare
|
Added an installed tests and marked ready for review! Requires: #2204 Edit: I also updated coreos/rpm-ostree#2170 to show how the new APIs are used. |
jlebon
added a commit
to jlebon/rpm-ostree
that referenced
this pull request
Sep 28, 2020
This command allows users to cheaply inject configuration files in the
initramfs stage without having to regenerate the whole initramfs (or
even a new OSTree commit). This will be useful for configuring services
involved in bringing up the root block device.
```
$ echo 'hello world' > /etc/foobar
$ rpm-ostree ex initramfs-etc --track /etc/foobar
Staging deployment... done
Run "systemctl reboot" to start a reboot
$ rpm-ostree status
State: idle
Deployments:
ostree://fedora:fedora/x86_64/coreos/testing-devel
Version: 32.20200716.dev.1 (2020-07-16T02:47:29Z)
Commit: 9a817d75bef81b955179be6e602d1e6ae350645b6323231a62ba2ee6e5b9644b
GPGSignature: (unsigned)
InitramfsEtc: /etc/foobar
● ostree://fedora:fedora/x86_64/coreos/testing-devel
Version: 32.20200716.dev.1 (2020-07-16T02:47:29Z)
Commit: 9a817d75bef81b955179be6e602d1e6ae350645b6323231a62ba2ee6e5b9644b
GPGSignature: (unsigned)
$ reboot
(boot into rd.break)
sh-5.0# cat /etc/foobar
hello world
```
See the libostree side of this at:
ostreedev/ostree#2155
Lots more discussions in:
coreos/fedora-coreos-tracker#94
Prep for actually teaching the rest of the codebase about this. We keep the primary initrd in the `options` hash table for backwards compatibility.
And make the `override_kernel_argv` one of those options. This is mostly a mechanical move here, no functional change otherwise. Prep for adding a new option.
In FCOS and RHCOS, the need to configure software in the initramfs has come up multiple times. Sometimes, using kernel arguments suffices. Other times, it really must be a configuration file. Rebuilding the initramfs on the client-side however is a costly operation. Not only does it add complexity to the update workflow, it also erodes a lot of the value obtained from using the baked "blessed" initramfs from the tree itself. One elegant way to address this is to allow specifying multiple initramfses. This is supported by most bootloaders (notably GRUB) and results in each initrd being overlayed on top of each other. This patch allows libostree clients to leverage this so that they can avoid regenerating the initramfs entirely. libostree itself is agnostic as to what kind and how much data overlay initrds contain. It's up to the clients to enforce such boundaries. To implement this, we add a new ostree_sysroot_stage_overlay_initrd which takes a file descriptor and returns a checksum. Then users can pass these checksums when calling the deploy APIs via the new array option `overlay_initrds`. We copy these files into `/boot` and add them to the BLS as another `initrd` entry.
jlebon
force-pushed
the
pr/add-initrds
branch
from
83c8505 to
81b13da
Compare
|
Rebased this now that #2204 is merged! |
cgwalters
approved these changes
Oct 1, 2020
| for (char **it = overlay_initrds; it && *it; it++) | ||
| { | ||
| const char *basename = glnx_basename (*it); | ||
| if (strlen (basename) != (_OSTREE_SHA256_STRING_LEN + strlen (".img"))) |
There was a problem hiding this comment.
It'd be nice to allow people to have a "short name" for their overlay initrd to describe its purpose without needing to unpack it to look.
Basically we append the checksum to the name they provide?
There was a problem hiding this comment.
IOW it's /boot/ostree/initramfs-overlays/kdump-41af286dc0b172ed2f1ca934fd2278de4a1192302ffa07087cea2682e7d372e3.img and not just /boot/ostree/initramfs-overlays/41af286dc0b172ed2f1ca934fd2278de4a1192302ffa07087cea2682e7d372e3.img
There was a problem hiding this comment.
If you prefer we can do this as a followup too.
There was a problem hiding this comment.
Are you suggesting expanding the overlay initrd staging API as e.g.:
diff --git a/src/libostree/ostree-sysroot.h b/src/libostree/ostree-sysroot.h
index 3a3b6a77..ef5a353c 100644
--- a/src/libostree/ostree-sysroot.h
+++ b/src/libostree/ostree-sysroot.h
@@ -189,6 +189,7 @@ gboolean ostree_sysroot_write_deployments_with_options (OstreeSysroot *self,
_OSTREE_PUBLIC
gboolean ostree_sysroot_stage_overlay_initrd (OstreeSysroot *self,
int fd,
+ const char short_id,
char **out_checksum,
GCancellable *cancellable,
GError **error);?
Hmm, or maybe we could change the semantics of OstreeSysrootDeployTreeOpts.overlay_initrds to have the checksum be optionally prefixed by an ID? (E.g. my-id:<sha256>).
🤔 Honestly, while the code here does support multiple overlays, I think in practice it's not something that will be used often. E.g. in the rpm-ostree use case, there is just a single "initramfs-etc" initrd, and my hope is that it's the one way through which users interact with this feature.
There was a problem hiding this comment.
I think I'd vote for leaving the API simple and we can do the second approach mentioned above if it comes up? (Because the first approach would obviously be an API break.)
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cgwalters, jlebon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
jlebon
added a commit
to jlebon/ostree
that referenced
this pull request
Oct 6, 2020
This is a basic `.packit.yaml` integration file which will allow us have continuous builds of OSTree in cosa and upstream CI. If things go well, we'll likely deploy this in other build tools like rpm-ostree. Prompted by wanting to get ostreedev#2155 out to unblock coreos/rpm-ostree#2170.
Merged
jlebon
added a commit
to jlebon/ostree
that referenced
this pull request
Oct 6, 2020
This is a basic `.packit.yaml` integration file which will allow us have continuous builds of OSTree in cosa and upstream CI. If things go well, we'll likely deploy this in other build tools like rpm-ostree. Prompted by wanting to get ostreedev#2155 out to unblock coreos/rpm-ostree#2170.
jlebon
added a commit
to jlebon/rpm-ostree
that referenced
this pull request
Oct 18, 2020
This command allows users to cheaply inject configuration files in the
initramfs stage without having to regenerate the whole initramfs (or
even a new OSTree commit). This will be useful for configuring services
involved in bringing up the root block device.
```
$ echo 'hello world' > /etc/foobar
$ rpm-ostree ex initramfs-etc --track /etc/foobar
Staging deployment... done
Run "systemctl reboot" to start a reboot
$ rpm-ostree status
State: idle
Deployments:
ostree://fedora:fedora/x86_64/coreos/testing-devel
Version: 32.20200716.dev.1 (2020-07-16T02:47:29Z)
Commit: 9a817d75bef81b955179be6e602d1e6ae350645b6323231a62ba2ee6e5b9644b
GPGSignature: (unsigned)
InitramfsEtc: /etc/foobar
● ostree://fedora:fedora/x86_64/coreos/testing-devel
Version: 32.20200716.dev.1 (2020-07-16T02:47:29Z)
Commit: 9a817d75bef81b955179be6e602d1e6ae350645b6323231a62ba2ee6e5b9644b
GPGSignature: (unsigned)
$ reboot
(boot into rd.break)
sh-5.0# cat /etc/foobar
hello world
```
See the libostree side of this at:
ostreedev/ostree#2155
Lots more discussions in:
coreos/fedora-coreos-tracker#94
jlebon
added a commit
to jlebon/rpm-ostree
that referenced
this pull request
Oct 21, 2020
This command allows users to cheaply inject configuration files in the
initramfs stage without having to regenerate the whole initramfs (or
even a new OSTree commit). This will be useful for configuring services
involved in bringing up the root block device.
```
$ echo 'hello world' > /etc/foobar
$ rpm-ostree ex initramfs-etc --track /etc/foobar
Staging deployment... done
Run "systemctl reboot" to start a reboot
$ rpm-ostree status
State: idle
Deployments:
ostree://fedora:fedora/x86_64/coreos/testing-devel
Version: 32.20200716.dev.1 (2020-07-16T02:47:29Z)
Commit: 9a817d75bef81b955179be6e602d1e6ae350645b6323231a62ba2ee6e5b9644b
GPGSignature: (unsigned)
InitramfsEtc: /etc/foobar
● ostree://fedora:fedora/x86_64/coreos/testing-devel
Version: 32.20200716.dev.1 (2020-07-16T02:47:29Z)
Commit: 9a817d75bef81b955179be6e602d1e6ae350645b6323231a62ba2ee6e5b9644b
GPGSignature: (unsigned)
$ reboot
(boot into rd.break)
sh-5.0# cat /etc/foobar
hello world
```
See the libostree side of this at:
ostreedev/ostree#2155
Lots more discussions in:
coreos/fedora-coreos-tracker#94
jlebon
added a commit
to jlebon/rpm-ostree
that referenced
this pull request
Oct 21, 2020
This command allows users to cheaply inject configuration files in the
initramfs stage without having to regenerate the whole initramfs (or
even a new OSTree commit). This will be useful for configuring services
involved in bringing up the root block device.
```
$ echo 'hello world' > /etc/foobar
$ rpm-ostree ex initramfs-etc --track /etc/foobar
Staging deployment... done
Run "systemctl reboot" to start a reboot
$ rpm-ostree status
State: idle
Deployments:
ostree://fedora:fedora/x86_64/coreos/testing-devel
Version: 32.20200716.dev.1 (2020-07-16T02:47:29Z)
Commit: 9a817d75bef81b955179be6e602d1e6ae350645b6323231a62ba2ee6e5b9644b
GPGSignature: (unsigned)
InitramfsEtc: /etc/foobar
● ostree://fedora:fedora/x86_64/coreos/testing-devel
Version: 32.20200716.dev.1 (2020-07-16T02:47:29Z)
Commit: 9a817d75bef81b955179be6e602d1e6ae350645b6323231a62ba2ee6e5b9644b
GPGSignature: (unsigned)
$ reboot
(boot into rd.break)
sh-5.0# cat /etc/foobar
hello world
```
See the libostree side of this at:
ostreedev/ostree#2155
Lots more discussions in:
coreos/fedora-coreos-tracker#94
jlebon
added a commit
to jlebon/rpm-ostree
that referenced
this pull request
Oct 23, 2020
This command allows users to cheaply inject configuration files in the
initramfs stage without having to regenerate the whole initramfs (or
even a new OSTree commit). This will be useful for configuring services
involved in bringing up the root block device.
```
$ echo 'hello world' > /etc/foobar
$ rpm-ostree ex initramfs-etc --track /etc/foobar
Staging deployment... done
Run "systemctl reboot" to start a reboot
$ rpm-ostree status
State: idle
Deployments:
ostree://fedora:fedora/x86_64/coreos/testing-devel
Version: 32.20200716.dev.1 (2020-07-16T02:47:29Z)
Commit: 9a817d75bef81b955179be6e602d1e6ae350645b6323231a62ba2ee6e5b9644b
GPGSignature: (unsigned)
InitramfsEtc: /etc/foobar
● ostree://fedora:fedora/x86_64/coreos/testing-devel
Version: 32.20200716.dev.1 (2020-07-16T02:47:29Z)
Commit: 9a817d75bef81b955179be6e602d1e6ae350645b6323231a62ba2ee6e5b9644b
GPGSignature: (unsigned)
$ reboot
(boot into rd.break)
sh-5.0# cat /etc/foobar
hello world
```
See the libostree side of this at:
ostreedev/ostree#2155
Lots more discussions in:
coreos/fedora-coreos-tracker#94
Closes: coreos#1930
openshift-merge-robot
pushed a commit
to coreos/rpm-ostree
that referenced
this pull request
Oct 29, 2020
This command allows users to cheaply inject configuration files in the
initramfs stage without having to regenerate the whole initramfs (or
even a new OSTree commit). This will be useful for configuring services
involved in bringing up the root block device.
```
$ echo 'hello world' > /etc/foobar
$ rpm-ostree ex initramfs-etc --track /etc/foobar
Staging deployment... done
Run "systemctl reboot" to start a reboot
$ rpm-ostree status
State: idle
Deployments:
ostree://fedora:fedora/x86_64/coreos/testing-devel
Version: 32.20200716.dev.1 (2020-07-16T02:47:29Z)
Commit: 9a817d75bef81b955179be6e602d1e6ae350645b6323231a62ba2ee6e5b9644b
GPGSignature: (unsigned)
InitramfsEtc: /etc/foobar
● ostree://fedora:fedora/x86_64/coreos/testing-devel
Version: 32.20200716.dev.1 (2020-07-16T02:47:29Z)
Commit: 9a817d75bef81b955179be6e602d1e6ae350645b6323231a62ba2ee6e5b9644b
GPGSignature: (unsigned)
$ reboot
(boot into rd.break)
sh-5.0# cat /etc/foobar
hello world
```
See the libostree side of this at:
ostreedev/ostree#2155
Lots more discussions in:
coreos/fedora-coreos-tracker#94
Closes: #1930
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In FCOS and RHCOS, the need to configure software in the initramfs has
come up multiple times. Sometimes, using kernel arguments suffices.
Other times, it really must be a configuration file. Rebuilding the
initramfs on the client-side however is a costly operation. Not only
does it add complexity to the update workflow, it also erodes a lot of
the value obtained from using the baked "blessed" initramfs from the
tree itself.
One elegant way to address this is to allow specifying multiple
initramfses. This is supported by most bootloaders (notably GRUB) and
results in each initrd being overlayed on top of each other.
This patch allows libostree clients to leverage this so that they can
avoid regenerating the initramfs entirely. libostree itself is agnostic
as to what kind and how much data overlay initrds contain. It's up to
the clients to enforce such boundaries.
To implement this, we add a new option to the deploy APIs called
overlay_initrds: this is an array of filepaths to CPIO archives. Wecopy these files into
/bootand add them to the BLS as anotherinitrdentry.