Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP: Add support for --replace-mode=alongside for ostree target #137

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

WIP: Add support for --replace-mode=alongside for ostree target #137

wants to merge 1 commit into from

Conversation

cgwalters
Copy link
Collaborator

Ironically our support for --replace-mode=alongside breaks when we're targeting an already extant ostree host, because when we first blow away the /boot directory, this means the ostree stack loses its knowledge that we're in a booted deployment, and will attempt to GC it...

ostreedev/ostree-rs-ext@8fa019b is a key part of the fix for that.

However, a notable improvement we can do here is to grow this whole thing into a real "factory reset" mode, and this will be a compelling answer to
coreos/fedora-coreos-tracker#399

To implement this though we need to support configuring the stateroot and not just hardcode default.

@openshift-ci
Copy link

openshift-ci bot commented Oct 2, 2023

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@cgwalters cgwalters mentioned this pull request Oct 2, 2023
Open
@cgwalters cgwalters mentioned this pull request Nov 9, 2023
Open
@cgwalters cgwalters mentioned this pull request Mar 19, 2024
Open
This was referenced Sep 13, 2024
Open
Open
@github-actions github-actions bot added the area/install Issues related to `bootc install` label Sep 18, 2024
@omertuc
Copy link
Contributor

omertuc commented Sep 18, 2024
edited
Loading

Sorry @cgwalters , accidentally pushed the rebase to your fork instead of mine

EDIT: undid it, continuing my rebase efforts on https://github.com/omertuc/bootc/tree/137clone

EDIT2: Continuing here

@cgwalters
Copy link
Collaborator Author

I think you can just take over this PR too if you want, or open a new PR from your fork - either way.

@omertuc
Copy link
Contributor

omertuc commented Sep 19, 2024
edited
Loading

Rebased. Without any changes, I'm facing an issue where in an ostree system, the mounted / on the host system is an overlay (-v mounted into /:/target) and so the findmnt source for it is overlay rather than a /dev/... and so it trips up lsblk later on

I'll see how I can tweak it so that it finds the right device

@omertuc
Copy link
Contributor

omertuc commented Oct 2, 2024
edited
Loading

With additional -v /sysroot:/target -v /sysroot:/target/sysroot mounts instead of -v /:/target and --stateroot foo, this seems to work

@omertuc
Copy link
Contributor

omertuc commented Oct 2, 2024

@cgwalters thoughts on the above mounts? Do we want to require them for install on ostree targets, or should I figure out a way to make this work without them, using just the already-documented install mounts (i.e. /:/target)?

@cgwalters
Copy link
Collaborator Author

and so the findmnt source for it is overlay rather than a /dev/... and so it trips up lsblk later on

We should learn how to peel that. This is really the same thing as https://bugzilla.redhat.com/show_bug.cgi?id=2308594 and ostreedev/ostree#3198 and containers/composefs#280

Short term the simplest is the same logic as the grub patch - detect overlayfs for / and check if /sysroot exists and is mounted, if so use that.

@omertuc
Copy link
Contributor

omertuc commented Oct 8, 2024
edited
Loading

and so the findmnt source for it is overlay rather than a /dev/... and so it trips up lsblk later on

We should learn how to peel that. This is really the same thing as bugzilla.redhat.com/show_bug.cgi?id=2308594 and ostreedev/ostree#3198 and containers/composefs#280

Short term the simplest is the same logic as the grub patch - detect overlayfs for / and check if /sysroot exists and is mounted, if so use that.

OK. Changed it so that when the target rootfs is an overlay, we'll implicitly try targetting <original_target>/sysroot instead.

It wasn't working at first and was a bit of a headache for me to debug because apparently if you mount /:/target then inside the container /target/sysroot is read-only by default, and so ensure_dir_labeled was failing, as opposed to when you mount /sysroot:/target directly, in which case it's not read-only. Took me a while to track that down chasing red herrings, and I'm still not sure who's responsible for this behavior (kernel? podman?), but after I realized it I simply moved ensure_dir_label to run only after your added let _ = crate::utils::open_dir_remount_rw... and then the rest just worked.

Current code might need a bit of touch-ups, but do you think the direction of the code in its current state is good? Should I clean it up and undraft?

@cgwalters
Copy link
Collaborator Author

It wasn't working at first and was a bit of a headache for me to debug because apparently if you mount /:/target then inside the container /target/sysroot is read-only by default, and so ensure_dir_labeled was failing, as opposed to when you mount /sysroot:/target directly, in which case it's not read-only.

I think that's possibly because it's bootc that's special casing mounting /sysroot read-write - that's how we do it outside of a container at least.

cgwalters
cgwalters commented Oct 11, 2024
View reviewed changes
Copy link
Collaborator Author

@cgwalters cgwalters left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for picking this up!!

lib/src/install.rs
@@ -1336,6 +1352,19 @@ async fn install_to_filesystem_impl(state: &State, rootfs: &mut RootSetup) -> Re
.ok_or_else(|| anyhow!("No uuid for boot/root"))?;
tracing::debug!("boot uuid={boot_uuid}");

// If we're doing an alongside install, then the /dev bootupd sees needs to be the host's.
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can drop this code now and hard require -v /dev:/dev

Copy link
Contributor

@omertuc omertuc Oct 14, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see we already require it documentation-wise.

And we also have it as an assertion here when installing to disk with --via-loopback

I've now also added it as an assertion at this code location as well. However since I don't fully understand the motivation for it, I'm not sure if the assertion should only occur in case of ReplaceMode::Alongside like the comment mentions, or generally

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What I'd actually hoped to do is switch to doing dynamic mounts: #826

But in the short term yeah that's fine to have an assertion here.

lib/src/install.rs Outdated Show resolved Hide resolved
lib/src/lsm.rs Outdated Show resolved Hide resolved
lib/src/utils.rs Outdated Show resolved Hide resolved
@omertuc omertuc force-pushed the install-existing-ostree branch 3 times, most recently from 5775a41 to 3561a64 Compare October 14, 2024 17:21
@cgwalters @omertuc
WIP: Add support for --replace-mode=alongside for ostree target
ed94f1e 
Ironically our support for `--replace-mode=alongside` breaks
when we're targeting an already extant ostree host, because when
we first blow away the `/boot` directory, this means the ostree
stack loses its knowledge that we're in a booted deployment,
and will attempt to GC it...

ostreedev/ostree-rs-ext@8fa019b
is a key part of the fix for that.

However, a notable improvement we can do here is to grow this
whole thing into a real "factory reset" mode, and this will
be a compelling answer to
coreos/fedora-coreos-tracker#399

To implement this though we need to support configuring the
stateroot and not just hardcode `default`.

Signed-off-by: Omer Tuchfeld <[email protected]>
cgwalters
cgwalters commented Oct 15, 2024
View reviewed changes
lib/src/utils.rs
@@ -55,6 +58,21 @@ pub(crate) fn find_mount_option<'a>(
.next()
}

/// Given a target directory, if it's a read-only mount, then remount it writable
#[context("Opening {target} with writable mount")]
pub(crate) fn open_dir_remount_rw(root: &Dir, target: &Utf8Path) -> Result<Dir> {
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This needs a #[cfg(feature = install)] looks like

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@omertuc omertuc omertuc left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
area/install Issues related to `bootc install` do-not-merge/work-in-progress
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cgwalters @omertuc