-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
expose /var/lib/containers to bootc install to-filesystem #560
Comments
@cgwalters That would be the correct place to add it. Note that I do not know if this will conflict with any of the other work related to container storage/copying, cc @kingsleyzissou. |
Off the top of my head I can't think of any reason that would conflict. I vaguely remember we discussed adding @ondrejbudai do you have any opinions here? |
Does I wouldn't bind mount host resources straight into a build root without thinking about all the implications. Those bind mounts are very limited and very specific files or directories that are mostly necessary for certain binaries to work. We already have mechanisms for providing resources like containers into stages. Those resources used to be strictly network resources (file URLs, container refs, ostree commit URLs) to minimise the interaction between the host and the build process, but we started bending that rule for BIB with the use of the host's container registry. To get an external resource to reach a stage, two things are required: A For the container registry situation, we bent the rule a bit and instead of pulling something static into the store, we bind mount the host's container storage into the store using a new I've been floating a new idea for a while which I get more and more convinced we should implement every time something like this comes along: A new type of osbuild module called So for this issue in particular, a few questions:
|
Maybe? I don't fully understand how things are wired up today, is that stage/code used as part of how bib installs the bootc base image itself today? If so and that's going to force an extra copy for these images too, that's not an exciting prospect. See also e.g. this thread: containers/bootc#719 (comment) which touched on the UX around bib and bound images and pulling.
There's a lot more in containers/bootc#128 but the TL;DR is that the base image only has references, as distinct from physically bound.
The current logic always looks in /var/lib/containers but we could certainly add support for alternative lookasides. There's a bigger picture thing here that we should also be considering how this works with Anaconda. Today for ISOs with embedded containers we inject them as a But then if we have the bootc image itself in an unpacked (overlay) store, it argues for doing so for LBIs as well. |
They are used today for bib, yes. The The extra copy you reference isn't an issue in this case. We do copy the container contents during a build but that's for creating the build root. When
Right. I think I follow the distinction. As far as building the disk image is concerned, these logically bound images are a lot closer to what we already support in osbuild, which is we pull a container at build time and store it in the system's container storage, ready to be used when the system is booted.
If I understood everything correctly, this might already work with the current implementation, perhaps with some minor changes.
If Anaconda can read an unpacked overlay store from the ISO to do its installation, osbuild can make one when it's building an ISO. |
@kingsleyzissou please correct me if I'm wrong about the way the containers-storage source and input work. |
Yeah spot on
This should do the trick, we had to name it something other than |
xref: osbuild/bootc-image-builder#560 Basically osbuild/bib puts the host `/var/lib/containers` at `/run/osbuild/containers`. If we detect this situation, bind mount it to `/var/lib/containers` so that the container stack we invoke at install time can find logically bound images. Closes: containers#715 Signed-off-by: Colin Walters <[email protected]>
OK, containers/bootc#737 uses that. |
containers/bootc#715 needs to have the host's
/var/lib/containers
exposed to bootc.I am happy to try this myself but there's something I don't know/understand: is it really that the code around https://github.com/osbuild/osbuild/blob/ac7379488ce9ddca50a292171d5869d4dd78c664/osbuild/buildroot.py#L241 is the global set of mounts exposed to all stages, and the right thing now is just to add a new thing there?
The text was updated successfully, but these errors were encountered: