Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

app-containers: switch to upstream docker, containerd, runc, bump docker to v24 #1305

Merged
merged 19 commits into from
Nov 1, 2023
Merged

app-containers: switch to upstream docker, containerd, runc, bump docker to v24 #1305

merged 19 commits into from
Nov 1, 2023

Conversation

t-lo
Copy link
Member

@t-lo t-lo commented Oct 25, 2023
edited
Loading

This change removes Flatcar specific builds of docker[-cli], containerd, cri-tools, and runc and instead switches to upstream Gentoo ebuilds added to portage-stable.

The change updates docker to 24.0.6, and cri-tools to 1.27.0.

NOTE that there currently is no upstream ebuild for containerd-1.7.7, so this change adds that ebuild based on the upstream containerd-1.7.6 ebuild.

Flatcar customisations like systemd units etc. are now applied in the manglefs script of the respective sysexts, based on file system trees in coreos-overlay/coreos/sysext/(containerd|docker).

The build_sysext script has been extended by an option to strip all binaries in a sysext; the option is deactivated by default.

Lastly, the sysext command line syntax of build_image has been extended to allow specifying multiple packages for a sysext. This was necessary because docker-cli and docker do not have any runtime relationships and therefore must both be specified for installation to correctly mirror Flatcar's own docker packaging.

Closes flatcar/Flatcar#1091 .

Testing

Related PRs

Upstreaming

@t-lo t-lo mentioned this pull request Oct 25, 2023
Merged
@t-lo t-lo force-pushed the t-lo/gentoo-upstream-containerd-docker branch from c0abe1a to 1b698eb Compare October 25, 2023 13:39
@t-lo t-lo force-pushed the t-lo/gentoo-upstream-containerd-docker branch from 1b698eb to 76ead5b Compare October 25, 2023 13:51
@t-lo t-lo temporarily deployed to development October 25, 2023 16:08 — with GitHub Actions Inactive
@t-lo t-lo marked this pull request as ready for review October 25, 2023 16:09
@t-lo t-lo requested a review from a team October 25, 2023 16:09
@t-lo t-lo force-pushed the t-lo/gentoo-upstream-containerd-docker branch 2 times, most recently from 49455db to 13ab672 Compare October 26, 2023 14:35
@t-lo t-lo temporarily deployed to development October 26, 2023 14:41 — with GitHub Actions Inactive
@t-lo t-lo requested a review from krnowak October 26, 2023 15:10
@github-actions
Copy link

github-actions bot commented Oct 26, 2023
edited
Loading

Build action triggered: https://github.com/flatcar/scripts/actions/runs/6717733064

@t-lo t-lo force-pushed the t-lo/gentoo-upstream-containerd-docker branch 2 times, most recently from 0db405f to a0322e0 Compare October 27, 2023 08:52
@t-lo t-lo temporarily deployed to development October 27, 2023 08:52 — with GitHub Actions Inactive
@t-lo t-lo temporarily deployed to development October 27, 2023 10:25 — with GitHub Actions Inactive
@t-lo t-lo temporarily deployed to development October 27, 2023 15:00 — with GitHub Actions Inactive
@t-lo
Copy link
Member Author

t-lo commented Oct 27, 2023

Created flatcar/Flatcar#1223 to track the btrfs deprecation in docker 20 -> 24 and to run tests for gauging the fallout.

Created flatcar/Flatcar#1222 and flatcar/mantle#474 to ensure we continue shipping the devicemapper docker storage driver (which almost was silently discarded while working on the portage stable docker migration PR).

@t-lo
Copy link
Member Author

t-lo commented Oct 28, 2023

All tests succeeded. Good to merge?

(Please also have a look at flatcar/mantle#474 ; it's not a requirement for this PR but a nice addition)

@pothos
Copy link
Member

pothos commented Oct 30, 2023

Some thoughts without looking at the details:

@t-lo
Copy link
Member Author

t-lo commented Oct 30, 2023

Some thoughts without looking at the details:

  • We should check for differences in the systemd units and the default config files (containerd toml)

I'm actually using the systemd unit from "our" ebuild (in https://github.com/flatcar/scripts/tree/t-lo/gentoo-upstream-containerd-docker/sdk_container/src/third_party/coreos-overlay/coreos/sysext/docker/usr/lib/systemd/system); it's added to the sysext via docker's manglefs script.

Same for the containerd toml files - as far as I can tell, upstream Gentoo's containerd ebuild does not even ship any tomls.

  • Check if the cgroupv1 containerd config still works which was created for old nodes on update

Is there a test for that?

Absolutely, but I'd put that into a follow-up PR. Should be straightforward after this one gets merged, and could be part of the same release.

t-lo and others added 13 commits October 30, 2023 17:21
@t-lo
coreos-overlay/containerd: add Gentoo ebuilds and version 1.7.7
e2173e0 
This adds plain Gentoo upstream containerd ebuilds to coreos-overlay and
copies containerd-1.7.6.ebuild to containerd-1.7.7.ebuild since upstream
does not support 1.7.7 yet.

Signed-off-by: Thilo Fromm <thilofromm@microsoft.com>
@t-lo
changelog: move Docker 24 btrfs driver notice to "changes".
f71ccfa 
Signed-off-by: Thilo Fromm <thilofromm@microsoft.com>
@t-lo
build_library/sysext_prod_builder: improve error message
383e609 
Signed-off-by: Thilo Fromm <thilofromm@microsoft.com>
@t-lo
portage-stable-packages-list: remove containerd
10b27ce 
Signed-off-by: Thilo Fromm <thilofromm@microsoft.com>
@t-lo
coreos/base/package.accept_keywords: sort alphabetically
47a74ba 
Signed-off-by: Thilo Fromm <thilofromm@microsoft.com>
@t-lo @krnowak
sysext_prod_builder: Add suggestions from PR review
456b368 
Co-authored-by: Krzesimir Nowak <knowak@microsoft.com>
Signed-off-by: Thilo Fromm <thilofromm@microsoft.com>
@t-lo
partage stable docker 24: addressed PR feedback
f2a4b4a 
Signed-off-by: Thilo Fromm <thilofromm@microsoft.com>
@t-lo
.github/: remove docker, runc auto-update workflows
ed12285 
These were for coreos-overlay. The packages have been moved to
portage-stable and are now handled by the weekly package updates
automation.

Signed-off-by: Thilo Fromm <thilofromm@microsoft.com>
@t-lo
build_sysext: let strip_binaries default to false
c522b04 
Signed-off-by: Thilo Fromm <thilofromm@microsoft.com>
@t-lo
make.defaults, go-env.eclass: export cgo flags, enable cgo by default
fa623fe 
This change adds exporting CGO_* flags to go-env.eclass; the upstream pr
gentoo/gentoo#33539 has been updated
accordingly.

Also, CGO_ENABLED=1 has been added to coreos/../make.conf to enable gco
by default. This fixes a build issue for arm64 with Docker's
device-mapper storage driver:

daemon/graphdriver/devmapper/deviceset.go:306:25: undefined: devicemapper.SetTransactionID
...
daemon/graphdriver/devmapper/deviceset.go:867:28: undefined: devicemapper.ErrEnxio
daemon/graphdriver/devmapper/deviceset.go:867:28: too many errors

gco is enabled on AMD64 by default, and cgo was always enabled in the
coreos docker ebuilds. This way we retain that setting for the Gentoo
ebuilds.
@t-lo
run_local_tests.sh: simplify update test handline
28f4360
@t-lo
test qemu_update.sh: Add docker btrfs backwards compat test
b33a908 
Signed-off-by: Thilo Fromm <thilofromm@microsoft.com>
@t-lo
mantle-container: use PR #475 version for btrfs test
0476269 
Temporary commit to use flatcar/mantle#475 for
testing which ships the btrfs backwards compatibility test.

Signed-off-by: Thilo Fromm <thilofromm@microsoft.com>
@t-lo t-lo force-pushed the t-lo/gentoo-upstream-containerd-docker branch from bd4f137 to 0476269 Compare October 30, 2023 16:25
@t-lo t-lo temporarily deployed to development October 30, 2023 16:25 — with GitHub Actions Inactive
@t-lo t-lo requested review from krnowak, pothos and a team October 30, 2023 16:26
@t-lo
Copy link
Member Author

t-lo commented Oct 30, 2023

Rebased on latest main, restarted GH CI and Jenkins tests (and updated the test links in the summary).

@t-lo t-lo temporarily deployed to development October 30, 2023 17:07 — with GitHub Actions Inactive
@t-lo
Copy link
Member Author

t-lo commented Oct 31, 2023

Both Github Actions and Jenkins CI are green once again. This now includes the docker brtfs storage update test: flatcar/mantle#475 ensuring that we won't break instances using btrfs storage when these update.

krnowak
krnowak approved these changes Nov 1, 2023
View reviewed changes
Copy link
Member

@krnowak krnowak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So the only thing left are mantle tests, right?

@t-lo
Copy link
Member Author

t-lo commented Nov 1, 2023

So the only thing left are mantle tests, right?

Yes - the most important one is the docker btrfs update test, the other one (devicemapper) is merged. Will wait for the open PR to be reviewed and merged, then update the mantle-container version in this PR before merging it.

@t-lo
Copy link
Member Author

t-lo commented Nov 1, 2023

Updated the mantle ref to flatcar-master head; merging.

@t-lo t-lo merged commit fd33dfd into main Nov 1, 2023
1 check failed
@t-lo t-lo deleted the t-lo/gentoo-upstream-containerd-docker branch November 1, 2023 09:04
@github-actions github-actions bot mentioned this pull request Nov 22, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@krnowak krnowak krnowak approved these changes

@pothos pothos Awaiting requested review from pothos

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[RFE] Include Docker packages and dependencies in portage-stable
3 participants
@t-lo @pothos @krnowak