many: redo customizations in a `bootc install to-filesystem` world (HMS-3453) by mvo5 · Pull Request #571 · osbuild/images

mvo5 · 2024-04-10T09:59:18Z

[draft as this needs https://github.com/osbuild/osbuild/pull/1711 first (and agreement that this is the way to do it]
[draft also because it should have some tests at least that the right pipeline is generated]

This commit implements filesystem customizations for images that got generated via bootc install to-filesystem via the new org.osbuild.bind mechanism.

First the image is written via the bootc.install-to-fs stage, then the image is mounted, the ostree.deployment stage is used to get the right deployment and finally the mount is put over the "tree" directory via the bind mount module. This way for the users and selinux stages nothing changes, they work as before on a normal tree (that just happens to be mounted from an image this time).

It also includes a stage to make the /var/home directory that is missing by default on the generic images.

cgwalters · 2024-04-10T10:30:25Z

Thanks for this! One implementation angle to consider: today Anaconda runs systemd-tmpfiles in the target root to set up things like /home. This has several advantages, such as aligning with the principle that the OS controls its content/layout. But this seems sane to me offhand!

ondrejbudai

Just double-checking: We will still have to drop the group customization, right? It's not documented, so this is probably fine, but I just want to point that out. :)

pkg/image/bootc_disk.go

pkg/manifest/raw_bootc.go

pkg/image/bootc_disk_test.go

This uses the new customization capabilites of the images PR osbuild/images#571

mvo5 · 2024-04-12T11:36:09Z

Just double-checking: We will still have to drop the group customization, right? It's not documented, so this is probably fine, but I just want to point that out. :)

Hey, I can reintroduce the groups customization trivially if needed, it will require a tiny PR to osbuild. Happy to do that in a followup, to me it felt less important than the user customizations because it seems rare (at least at this early stage of bib/bootc) that people would use them. But happy to re-add them in a quick followup (or now if that is prerfred).

This uses the new customization capabilites of the images PR osbuild/images#571

To match what we expect currently with composefs. The more correct thing here longer term is to inspect the container image, in theory. In practice though, after we start relying on `bootc install` osbuild/images#571 I think that will lead us to a place where we start to implicitly hard require composefs. But without inspection/detection this will affect how non-composefs container images (e.g. current quay.io/fedora/* images). So again the more medium term fix here has to be that either we inspect, or more ideally we gather the expected mount options and filesystem types etc. from `bootc` inside the container.

cgwalters

Only superficially familiar, but this seem sane.

The bigger picture thing here though that is important to me (that cross-cuts a lot of discussions) is iterating to a place where the logic that happens in bib and Anaconda aligns (and also where we've rationalized with bootc install).

That probably looks like having bootc grow a way to spawn a container in the target root itself, bind mounting in external content. Right now bib has a lot of code to inspect things and make bind mounts, and so does Anaconda.

achilleas-k · 2024-04-12T16:54:55Z

Rebased for manifest stability fix (which affects CI caching).

ondrejbudai

Splendid, thanks!

See osbuild/osbuild#1711

This commit implements filesystem customizations for images that got generated via `bootc install to-filesystem` via the new `org.osbuild.bind` mechanism. First the image is written via the `bootc.install-to-fs` stage, then the image is mounted, the ostree.deployment stage is used to get the right deployment and finally the mount is put over the "tree" directory via the bind mount module. This way for the users and selinux stages nothing changes, they work as before on a normal tree (that just happens to be mounted from an image this time). It also includes a stage to make the /var/home directory that is missing by default on the generic images.

When porting custoizations to the new `bootc install to-filesystem` world initially only users/kernel-options where added. This commit adds `org.osbuild.groups` now as well. Needs: osbuild#571 osbuild/osbuild#1726

This uses the new customization capabilites of the images PR osbuild/images#571

When porting custoizations to the new `bootc install to-filesystem` world initially only users/kernel-options where added. This commit adds `org.osbuild.groups` now as well. Needs: osbuild#571 osbuild/osbuild#1726

When porting custoizations to the new `bootc install to-filesystem` world initially only users/kernel-options where added. This commit adds `org.osbuild.groups` now as well. Needs: #571 osbuild/osbuild#1726

This uses the new customization capabilites of the images PR osbuild/images#571

With the new uniform way to handle writing to the bootc image deployment we can now support a custom `/etc/fstab` again. Similar to what we do for users [0] and groups [1] we allow also writing a custom fstab now. This will need osbuild/osbuild#1727 and also probably a port of the fstab module to schema_2. [0] osbuild#571 [1] osbuild#593

With the new uniform way to handle writing to the bootc image deployment we can now support a custom `/etc/fstab` again. Similar to what we do for users [0] and groups [1] we allow also writing a custom fstab now. This will need osbuild/osbuild#1727 and also probably a port of the fstab module to schema_2. [0] #571 [1] #593