-
Notifications
You must be signed in to change notification settings - Fork 198
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
initoverlayfs: Add initial initoverlayfs support #4721
base: main
Are you sure you want to change the base?
Conversation
Hi @dougsland. Thanks for your PR. I'm waiting for a coreos member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/hold |
11d5d2e
to
cab12f0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just for context for everyone else, this is for integration with the https://github.com/containers/initoverlayfs/ project.
It adds InitOverlayFS as option in rpm-ostreed.conf
The rpm-ostreed.conf
file is for client side configuration, but this is a build time option that would need to go in our "treefile" config.
Backing up though, I think we could do something basic like just detect the command is installed, and from code in e.g. initramfs.rs
we automatically execute it? (The chance of someone including the initoverlay project in their image but not wanting to use it seems very obscure at best)
Glancing at https://github.com/containers/initoverlayfs/blob/main/bin/initoverlayfs-install#L17 though for example this will definitely need fixes because on ostree-based systems we put the initramfs in /usr/lib/modules/$kver/initramfs.img
.
On a procedural level: Thanks for the patch! I think we should do this, though with nontrivial changes like this it probably would have been a good idea to start by filing an issue where we can discuss basic design bits and ensure we're on the same page. |
Oh okay. Just for the record, could you please clarify "treefile" config?
Sounds good to me.
Great thanks for sharing, I am sure we can address it via |
The build time config. https://github.com/coreos/rpm-ostree/blob/main/docs/treefile.md There is also |
Should be addressed by: containers/initoverlayfs#43 |
Thanks! So no real changes in the treefile format for initoverlayfs right? We can add in the rpm schema there to include the package using
Just to double check, instead of dropping a file in /usr/lib/modules/$kver/initramfs.img we can try /etc/kernel/install.d? |
I filed #4726 related to this, but it's a nontrivial change and I'm not sure I'd block on it. |
Thanks @cgwalters it's a good idea to track that, useful people who want more local control. |
Thanks, I will continue here @cgwalters |
cab12f0
to
ac4b1fb
Compare
ac4b1fb
to
80c923b
Compare
1561c83
to
85624b5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I still have some basic things I don't understand about initoverlayfs which have implications on their usage with container/ostree systems, but I will start a discussion on that project.
Hmm now that I see osbuild/osbuild#1586 - shouldn't this be the same thing, just invoking |
What initoverlayfs-install basically does is call dracut twice, once to create a really small initrd who's only role is to initialize storage and another dracut builder that builds the bigger one with all bells and whistles (initoverlayfs) |
Btw, a nice simple way to test this would be to pull this draft PR branch: https://gitlab.com/CentOS/automotive/sample-images/-/merge_requests/457/diffs do a
see if it builds ok, boots ok. You'd need to use an rpm-ostree rpm from this branch and build an initoverlayfs rpm from it's main branch. |
96e5270
to
1da68db
Compare
Thanks @ericcurtin going to execute some tests. |
1da68db
to
cfd48a7
Compare
b3ece01
to
9700f0c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This LGTM, initoverlayfs technically isn't a ramdisk, but the logic here is fine...
let's fix it. |
9700f0c
to
b97349d
Compare
a08a2b7
to
4a71149
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Run initoverlayfs in case the binary exists. Signed-off-by: Douglas Schilling Landgraf <[email protected]>
4a71149
to
e2dbedd
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did you test this? I don't believe it can work as is. I think we'll want an integration test here; I can help with that. There's two paths, one in just doing a base image (treecompose) build, and the other as more of a "kola test" which are like TMT tests that are intended to run live on an existing system.
let mut initfs_tool = String::new(); | ||
let initoverlayfs_path = Path::new(INITOVERLAY_INSTALL_CMD); | ||
if initoverlayfs_path.exists() { | ||
initfs_tool = INITOVERLAY_INSTALL_CMD.to_string() | ||
} else { | ||
initfs_tool = "dracut".to_string() | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This can be simplified to a one liner like this:
let mut initfs_tool = String::new(); | |
let initoverlayfs_path = Path::new(INITOVERLAY_INSTALL_CMD); | |
if initoverlayfs_path.exists() { | |
initfs_tool = INITOVERLAY_INSTALL_CMD.to_string() | |
} else { | |
initfs_tool = "dracut".to_string() | |
} | |
let initfs_tool = Path::new(INITOVERLAY_INSTALL_CMD).exists().then_some(INITOVERLAY_INSTALL_COMMAND).unwrap_or("dracut"); |
It's definitely more idiomatic to assign the result of a condition; the use of then_some
as a combinator is more a taste thing.
In fact an instance of this pattern is right below:
let dracut_path = cliwrap_dracut
.exists()
.then(|| cliwrap_dracut)
.unwrap_or_else(|| Utf8Path::new("dracut").to_owned());
#[context("Running dracut")] | ||
fn run_dracut(kernel_dir: &str) -> Result<()> { | ||
#[context("Generate initfs")] | ||
fn generate_initfs(kernel_dir: &str) -> Result<()> { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry I should have mentioned this earlier but you have found a pre-existing confusing mess because we have two places that we run dracut, one here and the other in rpmostree-kernel.cxx
. I am pretty sure what you really want is to modify rpmostree-kernel.cxx
because it's the one that runs when creating a "base image" aka new commit. This code is trying to wrap the dracut
command when invoked on the client side (which can be convenient for testing I guess).
} else { | ||
initfs_tool = "dracut".to_string() | ||
} | ||
let cliwrap_dracut = Utf8Path::new(cliwrap::CLIWRAP_DESTDIR).join(initfs_tool); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this is right, because we aren't cliwrapping the initoverlay command. So combining with the above, we should just directly assign to dracut_path
below.
The one thing I was wondering @cgwalters was do you think this should be configurable or a case of if it exists use it? If it exists, just use it seems ok because if you install the initoverlayfs package as a build dependency you probably want to use it. But I could see why it might be better for it to be configurable also. For example it's configurable in osbuild in that you can set it to true or false but it's not so configurable here. I wasn't expecting initoverlayfs to work with rpm-ostree (but we can make it work in this PR if needs be I'm easy 😊) end to end on merge of this PR, the main thing for me right now is that this doesn't break the existing initramfs flow. |
There's very likely a need to configure it explicitly in general, yes. Changing global behavior just because a package happens to be installed can be OK, but still wants a mechanism to disable.
I don't quite understand the point of merging a PR that doesn't improve anything? Backing up a minute...have you considered making initoverlayfs a dracut plugin/module instead of a wrapper? Dracut already has configuration mechanism, pretending initoverlayfs is like a "module" would bring that for free, and also mean that zero changes are required to invoking tools like osbuild/rpm-ostree/etc. |
Just to make small incremental improvements, so we can do partial testing, progress... But we don't have to of course, it's no biggie...
It has a dracut module, but you still need a wrapper for some things, for example you need to call dracut twice once for mini-initrd which can be super small but you still need at least a small initrd to mounting erofs and an overlay... And once for the initoverlayfs aka erofs... You need to call some things outside of dracut modules to piece these two things together... |
It seems to me like "partial testing" is best done pre-merge; I don't have strong opposition to merging experimental things (we have many here) but this PR simply cannot work as is (AFAICS) so I don't see what the value of merging would be.
Right, I think we'd need to do something like run as a dracut wrapper and as a module. The wrapper would do something like:
or so? A bit hacky...but means that "enable initoverayfs" could be done by dropping in a dracut setting (see e.g. things like https://github.com/coreos/fedora-coreos-config/blob/testing-devel/overlay.d/05core/usr/lib/dracut/dracut.conf.d/coreos-omits.conf ) |
This is roughly what we do already in: https://github.com/containers/initoverlayfs/blob/main/bin/initoverlayfs-install Here are the two dracut calls for example:
One builds with just "kernel-modules udev-rules initoverlayfs systemd base", that's kinda the minimum required to bring up a storage device. The other builds the whole thing except for initoverlayfs dracut module, like you say. Thanks for pointing us towards coreos-omits.conf , that might be better long term than using dracut CLI. It's gonna be a bit hacky, there's no way to call things like mkfs.erofs, dracut (with the random cpio appended), python (from osbuild), bash, Rust/C/C++, etc. together without things being a bit hacky (it arguably already is). But at least in bootc/rpm-ostree/ostree world this is all built server-side so there's a controlled environment. There is also gonna be another mode (at least it's gonna be there experimentally) specifically for Automotive that builds a systemd-less initrd. We started building some storage drivers directly into the kernel and have found kernelspace is much faster at initializing storage than udev like 300ms faster and Automotive actually cares about these ms. This mode won't be suitable for non-Automotive generic distros though, in other words all the CentOS Stream/Fedora ones that aren't using Automotive kernels. |
Run initoverlayfs in case the binary exists.
Signed-off-by: Douglas Schilling Landgraf [email protected]