Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Changes to support ostree bootable containers #328

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Changes to support ostree bootable containers #328

wants to merge 2 commits into from
+38 −4

Conversation

dzickusrh
Copy link

Ostree has bootable containers with a read-only filesystem. This filesystem doesn't support dnf install nor current restraint directory layout and needs a few tweaks. With these changes, restraint should work out of the box with bootable containers over ssh.

Signed-off-by: Don Zickus [email protected]

@dzickusrh
Copy link
Author

@cbouchar - fyi.

@dzickusrh
Support ostree bootc containers
cd5ca40 
Red Hat's Atomic OS is a read-only filesystem that uses ostree
underneath.  Installing packages using dnf does not work.  Instead use
the native package installer 'rpm-ostree install' if an ostree booted
filesystem is detected.

Utilize various options
-y: always install
--apply-live: apply changes now instead of waiting for a reboot
--idempotent: do not error if package is already installed
--allow-inactive: do not error if package is already committed

Also include detection of CentOS Stream and leverage the same plugins.

Signed-off-by: Don Zickus <[email protected]>
@dzickusrh
Support ostree mount points for /mnt/scratchspace and testarea
0264c6f 
Red Hat's ostree is a read-only filesystem that maps everything under
/usr.  The only persistent data is mapped under /etc and /var.  To
support /mnt, ostree mapped the directory under /var/mnt and created it
at first-boot using systemd-tmpfiles.  The directory /var/mnt does not
exist at container creation time and thus restraint-rhts package fails
to create /mnt/scratchspace and /mnt/testarea at install time.

Switch these directories to systemd-tmpfiles that are created on boot.
This resolves the problem and allows the packages to be installed during
the container build or anaconda kickstart.

Signed-off-by: Don Zickus <[email protected]>
@StykMartin
Copy link
Contributor

@cbouchar PTAL

@mh21
Copy link

mh21 commented Jan 8, 2025

Playing with this, there is one other thing in the spec file that doesn't work with bootc:

%dir /var/lib/%{name}

This creates a directory in /var/lib, but according to https://containers.github.io/bootc/filesystem.html#var contents in /var/lib is never updated after the very first bootc installation, ie installing restraint into a modified image and switching to that will not work as this directory is missing; iiuc this can be handled via systemd-tmpfiles as used above as well

@dzickusrh
Copy link
Author

@mh21 - I am testing using StateDirectory=restraint in the systemd service file. Then moving /var/lib/restraint/install_config to /usr/share/rhts/install_config then cp'ing install config to /var/lib/restraint/install_config during %post rhts. I think this is how it is supposed to work sort of???

@modelsim71
Copy link

Is it better to split RSTRNT_PKG_ARGS=${RSTRNT_PKG_ARGS:--y --apply-live --idempotent --allow-inactive} into
RSTRNT_PKG_ARGS=${RSTRNT_PKG_ARGS:---idempotent --allow-inactive}
RSTRNT_PKG_INSTALL=${RSTRNT_PKG_INSTALL:-install --apply-live}
because rpm-ostree uninstall don't support --apply-live

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@StykMartin StykMartin StykMartin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dzickusrh @StykMartin @mh21 @modelsim71