Allow rebase to OSTree commits in container images #2940
Conversation
|
So I just realized that "refspec type" (e.g. ostree refspec, container image reference, rojig) and the the key in the origin file (e.g. origin/refspec, origin/baserefspec) are orthogonal (1). So it seems like we shouldn't be using the origin file's key as a way to determine the "refspec type" since it is currently being used to determine whether the deployment has layered/overridden packages. (1): I think I was misled a bit by the now-removed rojig code that did also use the origin file keys to sort of indicate "refspec type", i.e. the possible keys could be origin/rojig, origin/refspec, origin/baserefspec. |
|
Right, I think we could use e.g.: Then it's consistent with our proposed value in |
|
hmm, I think I was proposing to not do that because we already have the So I was proposing to add a separate key that will exist alongside Same for |
The rationale for Whereas in contrast with
I think we concluded that the type is already expressed by
Right. I think we wouldn't emit an |
|
ahh, ok this makes a lot of sense, thanks! #2882 (comment) was super helpful. |
This mainly undoes coreos@2c270a6, and follows up on coreos#2842. Also serves as some cleanup to make way for the introduction of a new `container-image-reference` refspec type. We no longer have any use for `ostree://` or `rojig://`-style prefixes in the refspecs. There had been efforts to "canonicalize" refspecs to always include such prefixes into the code internally, but that hasn't gotten too far. Crucially, since such prefixes were never introduced to libostree, the refspecs in the origin file were never meant to contain such prefixes anyway. Following some discussion in coreos#2940 (comment), in the future we would disambiguate "refspec type" via the name of the key in the origin file instead.
c8b1487 to
8691fe4
Compare
|
I spent a good amount of time trying to refactor the existing code to not need to call |
8691fe4 to
3745416
Compare
This mainly undoes coreos@2c270a6, and follows up on coreos#2842. Also serves as some cleanup to make way for the introduction of a new `container-image-reference` refspec type. We no longer have any use for `ostree://` or `rojig://`-style prefixes in the refspecs. There had been efforts to "canonicalize" refspecs to always include such prefixes into the code internally, but that hasn't gotten too far. Crucially, since such prefixes were never introduced to libostree, the refspecs in the origin file were never meant to contain such prefixes anyway. Following some discussion in coreos#2940 (comment), in the future we would disambiguate "refspec type" via the name of the key in the origin file instead.
134a5bc to
5800d1d
Compare
5800d1d to
31c01e1
Compare
|
Sounds good to make it experimental first. Will add a couple more sanity checks without duplicating everything for now. |
|
OK right, reproduced locally: Hmm. This is clearly where we're taking a hit from forking skopeo as a child process. I fixed an |
8072e08 to
3f53747
Compare
|
OK I think I found the bug, testing... |
|
This is working for me ostreedev/ostree-rs-ext#50 |
|
@kelvinfan001 Can you test this out too? See https://doc.rust-lang.org/cargo/reference/overriding-dependencies.html#the-patch-section Then in that repo check out my PR. |
|
Next issue is we need After that it looks like |
|
Ok, fixing issues with the test cases now, but no longer facing the skopeo issue. Thanks for digging into this bug! |
3f53747 to
7d901cd
Compare
7d901cd to
792199b
Compare
792199b to
6196c13
Compare
|
hmm... interesting how the new Anyways, I think this should be ready for another look. |
d21cdfc to
5aba7f9
Compare
77c6e66 to
c388844
Compare
|
Not super important but feel free to squash my trivial commit into the earlier one, it's a bit of noise to have in the merged history I think. |
c388844 to
0efaad8
Compare
| g_autofree char *image_digest = strdup (import->image_digest.c_str()); | ||
| rpmostree_origin_set_container_image_reference_digest (self->original_origin, image_digest); |
There was a problem hiding this comment.
| g_autofree char *image_digest = strdup (import->image_digest.c_str()); | |
| rpmostree_origin_set_container_image_reference_digest (self->original_origin, image_digest); | |
| rpmostree_origin_set_container_image_reference_digest (self->original_origin, import->image_digest.c_str()); |
We don't need to make a new copy here AFAICS.
src/libpriv/rpmostree-origin.cxx
Outdated
| @@ -115,23 +118,51 @@ rpmostree_origin_parse_keyfile (GKeyFile *origin, | |||
|
|
|||
| ret->cached_unconfigured_state = g_key_file_get_string (ret->kf, "origin", "unconfigured-state", NULL); | |||
|
|
|||
| g_autofree char *refspec = g_key_file_get_string (ret->kf, "origin", "refspec", NULL); | |||
| if (!refspec) | |||
| /* Note that the refspec type can be inferred from the key in the orgin file, where | |||
There was a problem hiding this comment.
| /* Note that the refspec type can be inferred from the key in the orgin file, where | |
| /* Note that the refspec type can be inferred from the key in the origin file, where |
src/libpriv/rpmostree-origin.cxx
Outdated
| g_autofree char *digest = g_key_file_get_string (ret->kf, "origin", "container-image-reference-digest", NULL); | ||
| if (digest) | ||
| ret->cached_digest = util::move_nullify (digest); |
There was a problem hiding this comment.
| g_autofree char *digest = g_key_file_get_string (ret->kf, "origin", "container-image-reference-digest", NULL); | |
| if (digest) | |
| ret->cached_digest = util::move_nullify (digest); | |
| ret->cached_digest = g_key_file_get_string (ret->kf, "origin", "container-image-reference-digest", NULL); |
| # Disable repos, no Internet access should be required | ||
| rm -rf /etc/yum.repos.d/ |
There was a problem hiding this comment.
There's also libtest_prepare_offline, see some of the other tests.
| rpm-ostree install ${KOLA_EXT_DATA}/rpm-repos/0/packages/x86_64/foo-1.2-3.x86_64.rpm | ||
| echo "ok install foo locally" | ||
|
|
||
| /tmp/autopkgtest-reboot 2 |
There was a problem hiding this comment.
This is fine as is, but I think you can save a reboot by committing the pending deployment instead of rebooting and having it be the booted. (Something to look at after merge in other words)
There was a problem hiding this comment.
ah true. I was also thinking we wanted to do a rpm -q foo after the reboot to make sure the package is really there. Anyways, probably smart to save a reboot since I did notice that this test was taking a bit longer than the others :)
| rpm-ostree ex-container export --repo=/ostree/repo ${new_commit} containers-storage:localhost/fcos | ||
| rpm-ostree uninstall foo | ||
| rpm-ostree upgrade > out.txt | ||
| assert_not_file_has_content out.txt "No upgrade available." |
There was a problem hiding this comment.
Hmm wait isn't the point that we did get an upgrade here?
There was a problem hiding this comment.
oh it's assert_NOT_file_has_content here. Sorry, that was confusing. I wanted to explicitly test that the upgrade command led to an available upgrade. But the couple lines following this is probably sufficient.
This adds support for providing a container image as the argument for `rpm-ostree rebase` by teaching rpm-ostree to use ostree-rs-ext's new import OSTree commits from container images feature. `deploy` while based on a container image is not yet implemented. Currently, a tag for the target container image must be provided; i.e. omitting the tag will not be a shortcut for `latest`.
Previously, `rpm-ostree upgrade` was re-pulling a container image each time, and throwing it away if it realizes that the commit is the same as the currently booted deployment much later on. Be smarter about this by checking the image reference digest, and don't bother pulling the container image if the digest is the same.
0efaad8 to
ff130aa
Compare
UPDATED:
We can now do e.g.
Note that a tag must be provided if the refspec is a container image reference when doing
rpm-ostree rebase.