From 425e861dc20c8dc9a48443c4ea0f3a21f906266b Mon Sep 17 00:00:00 2001 From: Igal Tsoiref Date: Tue, 25 Jun 2024 18:27:21 +0300 Subject: [PATCH] RHELAI-429: Adding upgrade informer service Upgrade informer will run every couple of our and will be triggered by systemd timer. In order to start it on boot and run once i enabled it and timer. Disabling auto upgrade service in order to remove unexpected reboots. Service will run "bootc upgrade --check" and in case new version exists it will create motd file with upgrade info. Removed unused grow-part services Signed-off-by: Igal Tsoiref --- training/common/Makefile.common | 7 +++- .../system/bootc-generic-growpart.service | 20 --------- .../bootc-generic-growpart.service | 1 - .../systemd/system/upgrade-informer.service | 12 ++++++ .../lib/systemd/system/upgrade-informer.timer | 11 +++++ .../common/usr/libexec/bootc-generic-growpart | 41 ------------------- training/common/usr/libexec/upgrade-informer | 32 +++++++++++++++ training/nvidia-bootc/Containerfile | 13 +++++- 8 files changed, 73 insertions(+), 64 deletions(-) delete mode 100644 training/common/usr/lib/systemd/system/bootc-generic-growpart.service delete mode 120000 training/common/usr/lib/systemd/system/local-fs.target.wants/bootc-generic-growpart.service create mode 100644 training/common/usr/lib/systemd/system/upgrade-informer.service create mode 100644 training/common/usr/lib/systemd/system/upgrade-informer.timer delete mode 100755 training/common/usr/libexec/bootc-generic-growpart create mode 100755 training/common/usr/libexec/upgrade-informer diff --git a/training/common/Makefile.common b/training/common/Makefile.common index f4c3115a..306f28b3 100644 --- a/training/common/Makefile.common +++ b/training/common/Makefile.common @@ -52,7 +52,7 @@ ENABLE_RT ?= SSH_PUBKEY ?= $(shell cat ${HOME}/.ssh/id_rsa.pub 2> /dev/null) .PHONY: prepare-files -prepare-files: $(OUTDIR)/$(WRAPPER) $(OUTDIR)/$(QLORA_WRAPPER) $(OUTDIR)/$(TRAIN_WRAPPER) $(OUTDIR) +prepare-files: $(OUTDIR)/$(WRAPPER) $(OUTDIR)/$(QLORA_WRAPPER) $(OUTDIR)/$(TRAIN_WRAPPER) $(OUTDIR) common-services $(OUTDIR): mkdir -p $(OUTDIR) @@ -63,6 +63,11 @@ $(OUTDIR)/$(QLORA_WRAPPER): $(OUTDIR) $(OUTDIR)/$(TRAIN_WRAPPER): $(OUTDIR) cp -pf $(TRAIN_WRAPPER) $(OUTDIR) +.PHONY: common-services +common-services: + mkdir -p build; cp -pR ../common/usr build + + .PHONY: check-sshkey check-sshkey: @test -n "$(SSH_PUBKEY)" || \ diff --git a/training/common/usr/lib/systemd/system/bootc-generic-growpart.service b/training/common/usr/lib/systemd/system/bootc-generic-growpart.service deleted file mode 100644 index 77bb310b..00000000 --- a/training/common/usr/lib/systemd/system/bootc-generic-growpart.service +++ /dev/null @@ -1,20 +0,0 @@ -[Unit] -Description=Bootc Fallback Root Filesystem Grow -Documentation=https://gitlab.com/fedora/bootc/docs -# For now we skip bare metal cases, and we also have nothing to do -# for containers. -ConditionVirtualization=vm -# This helps verify that we're running in a bootc/ostree based target. -ConditionPathIsMountPoint=/sysroot -# We want to run before any e.g. large container images might be pulled. -DefaultDependencies=no -Requires=sysinit.target -After=sysinit.target -Before=basic.target - -[Service] -ExecStart=/usr/libexec/bootc-generic-growpart -# So we can temporarily remount the sysroot writable -MountFlags=slave -# Just to auto-cleanup our temporary files -PrivateTmp=yes diff --git a/training/common/usr/lib/systemd/system/local-fs.target.wants/bootc-generic-growpart.service b/training/common/usr/lib/systemd/system/local-fs.target.wants/bootc-generic-growpart.service deleted file mode 120000 index c8e2408d..00000000 --- a/training/common/usr/lib/systemd/system/local-fs.target.wants/bootc-generic-growpart.service +++ /dev/null @@ -1 +0,0 @@ -../bootc-generic-growpart.service \ No newline at end of file diff --git a/training/common/usr/lib/systemd/system/upgrade-informer.service b/training/common/usr/lib/systemd/system/upgrade-informer.service new file mode 100644 index 00000000..39458c49 --- /dev/null +++ b/training/common/usr/lib/systemd/system/upgrade-informer.service @@ -0,0 +1,12 @@ +[Unit] +Description=Check for available operating system updates +ConditionPathExists=/run/ostree-booted +After=network-online.target +StartLimitIntervalSec=400 +StartLimitBurst=3 + +[Service] +Type=oneshot +ExecStart=/usr/libexec/upgrade-informer +Restart=on-failure +RestartSec=90 diff --git a/training/common/usr/lib/systemd/system/upgrade-informer.timer b/training/common/usr/lib/systemd/system/upgrade-informer.timer new file mode 100644 index 00000000..1ac82e93 --- /dev/null +++ b/training/common/usr/lib/systemd/system/upgrade-informer.timer @@ -0,0 +1,11 @@ +[Unit] +Description=Runs upgrade informer periodically +ConditionPathExists=/run/ostree-booted + +[Timer] +OnBootSec=1h +OnUnitInactiveSec=8h +RandomizedDelaySec=2h + +[Install] +WantedBy=timers.target diff --git a/training/common/usr/libexec/bootc-generic-growpart b/training/common/usr/libexec/bootc-generic-growpart deleted file mode 100755 index c2277ba3..00000000 --- a/training/common/usr/libexec/bootc-generic-growpart +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash -set -eu - -backing_device=$(findmnt -vno SOURCE /sysroot) -echo "Backing device: ${backing_device}" -syspath=/sys/class/block/$(basename "${backing_device}") -if ! test -d "${syspath}"; then - echo "failed to find backing device ${syspath}"; exit 1 -fi - -# Handling devicemapper targets is a whole other thing -case $backing_device in - /dev/mapper/*) "Not growing $backing_device"; exit 0 ;; -esac - -# Note that we expect that the rootfs is on a partition -partition=$(cat "${syspath}"/partition) - -# Walk up to find the parent blockdev -parentpath=$(dirname "$(realpath "${syspath}")") -devmajmin=$(cat "${parentpath}"/dev) -parent="/dev/block/${devmajmin}" - -# Grow the partition -tmpf=$(mktemp) -# Ignore errors because growpart exits 1 if nothing changed; -# we need to check the output for NOCHANGE: -if ! /usr/bin/growpart "${parent}" "${partition}" > "${tmpf}"; then - cat "${tmpf}" - if grep -qEe '^NOCHANGE: ' "${tmpf}"; then - exit 0 - fi - echo "growpart failed" - exit 1 -fi -cat "${tmpf}" -# Now, temporarily remount the sysroot writable in our mount namespace -mount -o remount,rw /sysroot -# And defer to systemd's growfs wrapper which handles dispatching on -# the target filesystem type. -/usr/lib/systemd/systemd-growfs /sysroot diff --git a/training/common/usr/libexec/upgrade-informer b/training/common/usr/libexec/upgrade-informer new file mode 100755 index 00000000..0a36d503 --- /dev/null +++ b/training/common/usr/libexec/upgrade-informer @@ -0,0 +1,32 @@ +#!/bin/bash + +# Run the command and capture its output +output=$(bootc upgrade --check | sed -e 1q) +message_file="/etc/motd.d/upgrade-message" +bootc_auth="/etc/ostree/auth.json" + +if [[ $output == Update\ available* ]]; then + if [[ ! -f $message_file ]]; then + echo "New version was found" + bootc_image=$(echo "$output" | awk '{print $4}') + # If auth file exists we should use it + auth_params="" + if [[ -f $bootc_auth ]]; then + auth_params="--authfile $bootc_auth" + fi + + # Get image version + # shellcheck disable=SC2086 + image_version_id=$(skopeo inspect --format json $auth_params "$bootc_image" | jq '.Labels | .["image_version_id"] // empty' | tr -d '"') + + # If upgrade available, write the output to the file + echo -e "\n\n ** Attention! ** \n** A new $image_version_id version is available **\n\ +** In order to apply it run: bootc upgrade --apply \n\ +** Please note that the system will reboot after the upgrade ** \n\n" > $message_file + fi +else + echo "No upgrade was found" + rm $message_file 2> /dev/null +fi + +echo "Finished running upgrade informer" diff --git a/training/nvidia-bootc/Containerfile b/training/nvidia-bootc/Containerfile index 438b9e34..22019d76 100644 --- a/training/nvidia-bootc/Containerfile +++ b/training/nvidia-bootc/Containerfile @@ -101,6 +101,8 @@ COPY --from=builder /home/builder/yum-packaging-precompiled-kmod/RPMS/*/*.rpm /r COPY --from=builder --chmod=444 /home/builder/yum-packaging-precompiled-kmod/tmp/firmware/*.bin /lib/firmware/nvidia/${DRIVER_VERSION}/ # Temporary workaround until the permanent fix for libdnf is merged COPY nvidia-toolkit-firstboot.service /usr/lib/systemd/system/nvidia-toolkit-firstboot.service +# Enable common services +COPY build/usr /usr ARG IMAGE_VERSION_ID @@ -148,12 +150,20 @@ RUN mv /etc/selinux /etc/selinux.tmp \ dnf module enable -y nvidia-driver:${DRIVER_BRANCH} && \ dnf install -y nvidia-fabric-manager-${DRIVER_VERSION} libnvidia-nscq-${DRIVER_BRANCH}-${DRIVER_VERSION} ; \ fi \ - # Install rhc connect for insights telemetry gathering && . /etc/os-release && if [ "${ID}" == "rhel" ]; then \ + # Install rhc connect for insights telemetry gathering dnf install -y rhc rhc-worker-playbook; \ + # Adding rhel ai identity to os-release file for insights usage sed -i -e "/^VARIANT=/ {s/^VARIANT=.*/VARIANT=\"RHEL AI\"/; t}" -e "\$aVARIANT=\"RHEL AI\"" /usr/lib/os-release; \ sed -i -e "/^VARIANT_ID=/ {s/^VARIANT_ID=.*/VARIANT_ID=rhel_ai/; t}" -e "\$aVARIANT_ID=rhel_ai" /usr/lib/os-release; \ sed -i -e "/^RHEL_AI_VERSION_ID=/ {s/^RHEL_AI_VERSION_ID=.*/RHEL_AI_VERSION_ID='${IMAGE_VERSION_ID}'/; t}" -e "\$aRHEL_AI_VERSION_ID='${IMAGE_VERSION_ID}'" /usr/lib/os-release; \ + + # enable upgrade informer timer + ln -s /usr/lib/systemd/system/upgrade-informer.timer /usr/lib/systemd/system/timers.target.wants/upgrade-informer.timer; \ + # enable upgrade informer service, added as we need it to start on boot + ln -s /usr/lib/systemd/system/upgrade-informer.service /usr/lib/systemd/system/basic.target.wants/upgrade-informer.service; \ + # disable auto upgrade service + rm -f /usr/lib/systemd/system/default.target.wants/bootc-fetch-apply-updates.timer; \ fi \ && dnf clean all \ && ln -s ../cloud-init.target /usr/lib/systemd/system/default.target.wants \ @@ -164,6 +174,7 @@ RUN mv /etc/selinux /etc/selinux.tmp \ && ln -s /usr/lib/systemd/system/nvidia-fabricmanager.service /etc/systemd/system/multi-user.target.wants/nvidia-fabricmanager.service \ && ln -s /usr/lib/systemd/system/nvidia-persistenced.service /etc/systemd/system/multi-user.target.wants/nvidia-persistenced.service + ARG SSHPUBKEY # The --build-arg "SSHPUBKEY=$(cat ~/.ssh/id_rsa.pub)" option inserts your