install: add --source-imgref#263
Conversation
ondrejbudai
force-pushed
the
source-arg
branch
4 times, most recently
from
c96d517 to
276c68a
Compare
cgwalters
left a comment
cgwalters
left a comment
There was a problem hiding this comment.
Cool, thanks for this! Overall mostly LGTM, just some nits and optionals.
| .get("TYPE") | ||
| .with_context(|| format!("device in hierarchy of {device} missing TYPE"))?; | ||
| if kind == "disk" { | ||
| if kind == "disk" || kind == "loop" { |
There was a problem hiding this comment.
Ah yes. It would probably make sense to try to use a shared crate for dealing with block devices at some point.
| } | ||
|
|
||
| /// Given an image ID, return its manifest digest | ||
| pub(crate) fn oci_archive_digest(imageref: &str) -> Result<String> { |
There was a problem hiding this comment.
This isn't specific to oci archives right? If we want it to be, let's make this a &Utf8Path, and then explicitly specify dir: below say.
If we want to keep it general...we also already use https://docs.rs/containers-image-proxy/latest/containers_image_proxy/ which is a handy Rust client for talking to skopeo, but I don't really in the end have a problem with being practical and just forking it either.
There was a problem hiding this comment.
(Forgot to mention, see below where we could also probably drop this code)
There was a problem hiding this comment.
Dropped (see below).
| } else { | ||
| let td = tempfile::tempdir_in("/var/tmp")?; | ||
| let path: &Utf8Path = td.path().try_into().unwrap(); | ||
| let r = copy_to_oci(&state.source.imageref, path)?; |
There was a problem hiding this comment.
(Unrelated to this change, but I would probably be fine just hard dropping this hacky "copy to oci" code that I don't think we need anymore since c9s has a new enough skopeo and that's fine from my PoV)
Totally optional of course...just reminded by the seeing the code again here. If you want I can also do a prep PR removing it (or feel free to yourself), it seems like it would simplify this change.
There was a problem hiding this comment.
Ended up doing this in #265 - but I still don't have a really strong opinion - we can merge this before that one if you prefer too.
|
|
||
| #[context("Gathering source info from an external source")] | ||
| pub(crate) fn from_imageref(imageref: &str) -> Result<Self> { | ||
| let digest = crate::skopeo::oci_archive_digest(imageref)?; |
There was a problem hiding this comment.
Today, the ostree-container stack very much handles just being passed a non-digested pull spec; we'll do the digest resolution there. An alternative here is to make digest an Option<T> instead. I have a mild preference for this, but I'm also fine with the code as is.
There was a problem hiding this comment.
I hope I understood your comment correctly. I made digest an Option<T>. This loses a bit of "null-safety" (handled gracefully, ofc), but it allowed me to drop the whole skopeo crate. I have a backup of the old code if we change our midns.
Let's just hard require a skopeo that can fetch from `containers-storage`. Motivated by bootc-dev#263 which was moving this code around. Signed-off-by: Colin Walters <walters@verbum.org>
vrothberg
left a comment
vrothberg
left a comment
There was a problem hiding this comment.
I'd love to see docs on that as well. Which containers-transports are supported? I feel that the name --source is so generic that different users/personas will have a very different interpretation/feeling for that a source may be.
lsblk returns TYPE == loop for loop devices, modify the code so loop devices are correctly recognized. Signed-off-by: Ondřej Budai <ondrej@budai.cz>
ondrejbudai
force-pushed
the
source-arg
branch
from
276c68a to
e63c3b1
Compare
This is a prep work for the following commit. It will implement pulling the container image from an explicitly given container reference. Thus, there's no need to always fetch the digest because the caller is being explicit about the container image, so let's make the field optional. Signed-off-by: Ondřej Budai <ondrej@budai.cz>
ondrejbudai
force-pushed
the
source-arg
branch
from
e63c3b1 to
5e4c639
Compare
I renamed |
cgwalters
left a comment
cgwalters
left a comment
There was a problem hiding this comment.
LGTM, just one final nit, feel free to merge after addressing!
| /// it takes the container image to install from the podman's container registry. | ||
| /// If --source-imgref is given, bootc uses it as the installation source, instead of the behaviour explained | ||
| /// in the previous paragraph. See skopeo(1) for accepted formats. | ||
| #[clap(long, hide = true)] |
There was a problem hiding this comment.
But documenting seems to clash with hide = true. Either it's something we support ~forever or it's a hidden thing that could be removed in theory. I guess given the state, we should probably lift hide = true right?
There was a problem hiding this comment.
I removed hide = true.
ondrejbudai
force-pushed
the
source-arg
branch
from
5e4c639 to
1db3040
Compare
bootc install and install-to-filesystem currently rely on the fact that they run inside a podman container. That's quite inconvenient for using bootc for osbuild, because osbuild already run everything in a container. While having a container in a container is surely possible, it gets quite messy. Instead of going this route, this commit implements a new --source-imgref argument. --source-imgref accepts a container image reference (the same one that skopeo uses). When --source-imgref is used, bootc doesn't escape the container to fetch the container image from host's container storage. Instead, the container image given by --source-imgref is used. Even when running in this mode, bootc needs to run in a container created from the same container image that is passed using --source-imgref. However, this isn't a problem to do in osbuild. This really just removes the need for bootc to escape the container to the host mount namespace. Signed-off-by: Ondřej Budai <ondrej@budai.cz>
ondrejbudai
force-pushed
the
source-arg
branch
from
1db3040 to
7c3ed0b
Compare
Let's just hard require a skopeo that can fetch from `containers-storage`. Motivated by bootc-dev#263 which was moving this code around. Signed-off-by: Colin Walters <walters@verbum.org>
Let's just hard require a skopeo that can fetch from `containers-storage`. Motivated by bootc-dev#263 which was moving this code around. Signed-off-by: Colin Walters <walters@verbum.org>
3 participants
blockdev: fix recognizing parent loop devices
lsblk returns TYPE == loop for loop devices, modify the code
so loop devices are correctly recognized.
install: make the source digest optional
This is a prep work for the following commit. It will implement pulling
the container image from an explicitly given container reference. Thus,
there's no need to always fetch the digest because the caller is being
explicit about the container image, so let's make the field optional.
install: add --source-imgref
bootc install and install-to-filesystem currently rely on the fact that they
run inside a podman container. That's quite inconvenient for using bootc
for osbuild, because osbuild already run everything in a container.
While having a container in a container is surely possible, it gets quite
messy.
Instead of going this route, this commit implements a new --source-imgref
argument. --source-imgref accepts a container image reference (the same one
that skopeo uses). When --source-imgref is used, bootc doesn't escape the
container to fetch the container image from host's container storage. Instead,
the container image given by --source-imgref is used.
Even when running in this mode, bootc needs to run in a container created from
the same container image that is passed using --source-imgref. However, this
isn't a problem to do in osbuild. This really just removes the need for bootc
to escape the container to the host mount namespace.