Add chattr stage; support stacked ostree.deployment mounts#1535
Merged
dustymabe merged 5 commits intoosbuild:mainfrom Jan 31, 2024
Merged
Add chattr stage; support stacked ostree.deployment mounts#1535dustymabe merged 5 commits intoosbuild:mainfrom
dustymabe merged 5 commits intoosbuild:mainfrom
Conversation
f4fd67c to
97e013f
Compare
Contributor
Author
|
ok I think this is ready for review now and will hopefully pass tests |
Contributor
Author
|
@mvo5 I imagine the chattr stage will be desirable for bootc work too. |
dustymabe
added a commit
to dustymabe/coreos-assembler
that referenced
this pull request
Jan 16, 2024
Contributor
Author
|
hmm. I'm not sure what the I might need help figuring that one out. |
dustymabe
added a commit
to dustymabe/coreos-assembler
that referenced
this pull request
Jan 16, 2024
dustymabe
added a commit
to dustymabe/coreos-assembler
that referenced
this pull request
Jan 16, 2024
Contributor
Author
|
The schutzbot tests are failing with: but locally I don't see any error related to removing files when running |
achilleas-k
requested changes
Jan 17, 2024
Member
Nothing obvious pops out but it's interesting that it's happening for the old behaviour (deploying to |
Contributor
Author
|
Is it possible to get access to one of the runners to run the command directly and then observe the failure in that environment?
…On Wed, Jan 17, 2024, at 12:05, Achilleas Koutsou wrote:
> @achilleas-k <https://github.com/achilleas-k> do you think you could help me figure out what's going on?
>
Nothing obvious pops out but it's interesting that it's happening for the *old* behaviour (deploying to `tree`). Something in the cleanup logic not unmounting everything maybe? Could be a race, but it's interesting that it's failing on all the runners and a race would be less deterministic.
—
Reply to this email directly, view it on GitHub <#1535 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABCR63URVCSXO5QVV3GIUMDYPAAETAVCNFSM6AAAAABB3RFN6SVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQOJWGIZTGMJUGU>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
97e013f to
fc9f0b4
Compare
Contributor
Author
|
ok I added my key in #1546 so now I should be able to ssh in to the CI runner |
dustymabe
added a commit
to dustymabe/coreos-assembler
that referenced
this pull request
Jan 17, 2024
dustymabe
added a commit
to coreos/coreos-assembler
that referenced
this pull request
Jan 17, 2024
fc9f0b4 to
000c447
Compare
Contributor
Author
|
ok I think I've fixed the schutzbot CI failure building ostree images (we'll see if it works in this CI run). @lukewarmtemp is going to work on the change requested in #1535 (comment) and we'll do a new upload when that is ready. |
dustymabe
added a commit
to dustymabe/coreos-assembler
that referenced
this pull request
Jan 19, 2024
Latest from upstream osbuild/osbuild#1535
000c447 to
98f472f
Compare
Contributor
Author
|
ok we've now made the requested changes by @achilleas-k in #1535 (comment) |
dustymabe
added a commit
to coreos/coreos-assembler
that referenced
this pull request
Jan 22, 2024
Latest from upstream osbuild/osbuild#1535
dustymabe
added a commit
to dustymabe/coreos-assembler
that referenced
this pull request
Jan 24, 2024
Hopefully the PR will merge soon: osbuild/osbuild#1535
achilleas-k
reviewed
Jan 24, 2024
Member
achilleas-k
left a comment
There was a problem hiding this comment.
This is great. Thanks for the work.
I have one comment about the deployment mount's source mount schema, about keeping that consistent with how mounts are defined in stages. Other than that, this LGTM!
dustymabe
added a commit
to coreos/coreos-assembler
that referenced
this pull request
Jan 26, 2024
Hopefully the PR will merge soon: osbuild/osbuild#1535
98f472f to
b98e4c7
Compare
Contributor
Author
|
any ideas on the failing Though.. my local test (host is Fedora 39) does show: so maybe |
Contributor
Author
|
looks like schutzbot is failing with: |
b98e4c7 to
be98bf0
Compare
This unwinds part of a25ae2b. The way the code ended up both self.tree and self.mountpoint ended up pointing to the exactly same path and so we'd end up doing two `umount -R` operations on the same path. This ended up being a duplicate unmount. On Fedora 39 this yields an error like: ``` mount/ostree.deployment (org.osbuild.ostree.deployment): umount: /var/osbuild/store/stage/uuid-efaac9370d25455d9e8df6d847ecb5b3/data/tree: not mounted mount/ostree.deployment (org.osbuild.ostree.deployment): Traceback (most recent call last): mount/ostree.deployment (org.osbuild.ostree.deployment): File "/var/b/shared/code/github.com/osbuild/osbuild/mounts/org.osbuild.ostree.deployment", line 136, in <module> mount/ostree.deployment (org.osbuild.ostree.deployment): main() mount/ostree.deployment (org.osbuild.ostree.deployment): File "/var/b/shared/code/github.com/osbuild/osbuild/mounts/org.osbuild.ostree.deployment", line 132, in main mount/ostree.deployment (org.osbuild.ostree.deployment): service.main() mount/ostree.deployment (org.osbuild.ostree.deployment): File "/var/b/shared/code/github.com/osbuild/osbuild/osbuild/host.py", line 252, in main mount/ostree.deployment (org.osbuild.ostree.deployment): self.stop() mount/ostree.deployment (org.osbuild.ostree.deployment): File "/var/b/shared/code/github.com/osbuild/osbuild/osbuild/mounts.py", line 126, in stop mount/ostree.deployment (org.osbuild.ostree.deployment): self.umount() mount/ostree.deployment (org.osbuild.ostree.deployment): File "/var/b/shared/code/github.com/osbuild/osbuild/mounts/org.osbuild.ostree.deployment", line 125, in umount mount/ostree.deployment (org.osbuild.ostree.deployment): subprocess.run(["umount", "-R", self.tree], mount/ostree.deployment (org.osbuild.ostree.deployment): File "/usr/lib64/python3.12/subprocess.py", line 571, in run mount/ostree.deployment (org.osbuild.ostree.deployment): raise CalledProcessError(retcode, process.args, mount/ostree.deployment (org.osbuild.ostree.deployment): subprocess.CalledProcessError: Command '['umount', '-R', '/var/osbuild/store/stage/uuid-efaac9370d25455d9e8df6d847ecb5b3/data/tree'] ' returned non-zero exit status 1. ⏱ Duration: 103s ``` I think this was necessary because of a bug in util-linux that mean some of the accounting information got out of date when doing a `mount --move` operation, which we use here. I think this bug (or bugs) is now fixed [1][2] in util-linux v2.39 (in Fedora 39), which is now causing the above pasted error on F39. Let's just add code here that mentions the problem and workaround it with a loop to keep unmounting (essentially what the umount -R should have done to overmounted filesystems if the mountinfo/utab was correct) and also mention when we should be able to drop this workaround. [1] util-linux/util-linux@a04149f [2] util-linux/util-linux@8cf6c50
It makes things a little more clear to know the variable is pointing to the path of the deployment.
We still target the tree here, but we open ourselves up to be able to target something other than the tree in the future. This mostly exchanges the `tree` variable for `target`. We also update the comment to try to enhance clarity.
Instead of operating directly on the tree for a stage we can operate
on a mount too. This is useful in the case where operating on the
directory tree of files isn't sufficient and the modifications need
to be made directly to the filesystems on the disk image that we are
creating.
One such example of this is we are having a problem right now where
the immutable bit being set on an OSTree deployment root doesn't
survive the `cp -a --reflink=auto` in the org.osbuild.copy stage when
being copied from the directory tree into the mounted XFS filesystem
we created on the disk image. Thus we have to workaround this loss
of attribute by applying the attribute directly on the mounted
filesystem from the disk.
In this change here we also add a check in osbuild/mounts.py to not
attempt a umount of the root of the mounts directory if that path
is no longer a mountpoint, which can happen when the umount -R
from the mounts/org.osbuild.ostree.deployment also removes the
overmount.
Here is an example of how this would be used:
```
- type: org.osbuild.chattr
options:
immutable: true
path: mount://root/
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image.layout[''root''].partnum}'
target: /
- name: ostree.deployment
type: org.osbuild.ostree.deployment
options:
source: mount
deployment:
osname: fedora-coreos
ref: ostree/1/1/0
```
The initial mount on `/` is the filesystem from the root partition
on the disk. The second mount (of type org.osbuild.ostree.deployment)
then reconfigures things similar to how an OSTree system is set up.
Add or remove the immutable bit to the specified mount directory. The need we have for this right now is for the CoreOS builds where the immutable bit being set on an OSTree deployment root doesn't survive the `cp -a --reflink=auto` in the org.osbuild.copy stage when being copied from the directory tree into the mounted XFS filesystem we created on the disk image. Thus we have to workaround this loss of attribute by applying the attribute directly on the mounted filesystem from the disk.
be98bf0 to
097773e
Compare
dustymabe
added a commit
to dustymabe/coreos-assembler
that referenced
this pull request
Feb 1, 2024
The PR finally merged but didn't make it into the v106 release so we still need to carry the patch for now. osbuild/osbuild#1535
dustymabe
added a commit
to coreos/coreos-assembler
that referenced
this pull request
Feb 1, 2024
The PR finally merged but didn't make it into the v106 release so we still need to carry the patch for now. osbuild/osbuild#1535
mvo5
added a commit
to mvo5/images
that referenced
this pull request
Apr 5, 2024
Add the "Default" and "Source" options to OSTreeMountDeployment. See - "default" osbuild/osbuild#1553 - "source" osbuild/osbuild#1535
mvo5
added a commit
to mvo5/images
that referenced
this pull request
Apr 5, 2024
Add the "Default" and "Source" options to OSTreeMountDeployment. See - "default" osbuild/osbuild#1553 - "source" osbuild/osbuild#1535
github-merge-queue bot
pushed a commit
to osbuild/images
that referenced
this pull request
Apr 7, 2024
Add the "Default" and "Source" options to OSTreeMountDeployment. See - "default" osbuild/osbuild#1553 - "source" osbuild/osbuild#1535
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Here we add two main changes:
The ostree.deployment rework is needed for the chattr stage to work (i.e. we lose the immutable bit when going through a
org.osbuild.copystage).