Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

config/fcos: Add extensions param and generate treefile with packages #304

Merged
merged 1 commit into from
Jan 25, 2022

Conversation

jmarrero
Copy link
Member

@jmarrero jmarrero commented Jan 17, 2022

This PR adds the sugar to take a list of extensions (packages) on the butane config and turns them into a treefile which rpm-ostree will consume as part of the derivation/layering enhancement. This specific PR is raised based on the discussions on: coreos/fedora-coreos-tracker#1054

@jmarrero jmarrero changed the title add packages to config and build it config/fcos: Add extensions param and generate treefile with packages Jan 18, 2022
@jmarrero
Copy link
Member Author

jmarrero commented Jan 20, 2022

@bgilbert is the way I am marshaling the YAML correct? It's OK to add that dependency of yaml.v2@v2.2.2 or am I missing some obvious util?

@jmarrero
Copy link
Member Author

jmarrero commented Jan 20, 2022

Still seeing:

Missing paths in TranslationSet:
$.storage.files.2.path
$.storage.files.2.contents.source
$.storage.files.2.contents
$.storage.files.2.mode
$.storage.files.2

after merges trying to figure it out.

@bgilbert
Copy link
Contributor

is the way I am marshaling the YAML correct? It's OK to add that dependency of yaml.v2@v2.2.2 or am I missing some obvious util?

We already have a dependency on yaml.v3; can you use that?

Missing paths in TranslationSet:

What does butane -D say?

@jmarrero
Copy link
Member Author

is the way I am marshaling the YAML correct? It's OK to add that dependency of yaml.v2@v2.2.2 or am I missing some obvious util?

We already have a dependency on yaml.v3; can you use that?

Yeah yaml.v3 works, I did not think of searching the other versions in the imports we are already using. Thanks.

Missing paths in TranslationSet:

What does butane -D say?

That output comes from butane -D.
The full output looks like:

TranslationSet: yaml → json
$.ignition → $.ignition
$.version → $.ignition.version
$.storage → $.storage
$.storage.files → $.storage.files
$.storage.files.0 → $.storage.files.0
$.storage.files.0.contents → $.storage.files.0.contents
$.inline → $.storage.files.0.contents.source
$.storage.files.0.mode → $.storage.files.0.mode
$.storage.files.0.path → $.storage.files.0.path
$.storage.files.1 → $.storage.files.1
$.storage.files.1.contents → $.storage.files.1.contents
$.storage.files.1.contents.inline → $.storage.files.1.contents.compression
$.storage.files.1.contents.inline → $.storage.files.1.contents.source
$.storage.files.1.mode → $.storage.files.1.mode
$.storage.files.1.path → $.storage.files.1.path
$.systemd → $.systemd
$.systemd.units → $.systemd.units
$.systemd.units.0 → $.systemd.units.0
$.systemd.units.0.dropins → $.systemd.units.0.dropins
$.systemd.units.0.dropins.0 → $.systemd.units.0.dropins.0
$.systemd.units.0.dropins.0.contents → $.systemd.units.0.dropins.0.contents
$.systemd.units.0.dropins.0.name → $.systemd.units.0.dropins.0.name
$.systemd.units.0.name → $.systemd.units.0.name
$.systemd.units.1 → $.systemd.units.1
$.systemd.units.1.contents → $.systemd.units.1.contents
$.systemd.units.1.enabled → $.systemd.units.1.enabled
$.systemd.units.1.name → $.systemd.units.1.name

Missing paths in TranslationSet:
$.storage.files.2.path
$.storage.files.2.contents.source
$.storage.files.2.contents
$.storage.files.2.mode
$.storage.files.2

Which if I understand is because the translation set from the procressPackages() sets the file at index 0 but after appending it is of index 2. If that is correct do I need to modify that manually or is there other method I am missing that is better than merge to deal with this?

Copy link
Contributor

@bgilbert bgilbert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You'll want MergeTranslatedConfigs; see below.

config/fcos/v1_5_exp/translate.go Outdated Show resolved Hide resolved
config/fcos/v1_5_exp/translate.go Outdated Show resolved Hide resolved
config/fcos/v1_5_exp/translate.go Outdated Show resolved Hide resolved
config/fcos/v1_5_exp/translate.go Outdated Show resolved Hide resolved
config/fcos/v1_5_exp/translate.go Outdated Show resolved Hide resolved
@jmarrero jmarrero force-pushed the layer-packages branch 2 times, most recently from 65f6687 to 416b7b3 Compare January 20, 2022 06:22
@jmarrero jmarrero marked this pull request as ready for review January 20, 2022 06:34
@jmarrero
Copy link
Member Author

Working on a test now. Thanks for all the help @bgilbert

config/fcos/v1_5_exp/schema.go Outdated Show resolved Hide resolved
config/fcos/v1_5_exp/translate.go Outdated Show resolved Hide resolved
config/fcos/v1_5_exp/translate.go Outdated Show resolved Hide resolved
config/fcos/v1_5_exp/translate.go Outdated Show resolved Hide resolved
config/fcos/v1_5_exp/translate.go Outdated Show resolved Hide resolved
config/fcos/v1_5_exp/translate.go Outdated Show resolved Hide resolved
config/fcos/v1_5_exp/translate.go Show resolved Hide resolved
config/fcos/v1_5_exp/translate.go Outdated Show resolved Hide resolved
config/fcos/v1_5_exp/translate.go Outdated Show resolved Hide resolved
config/fcos/v1_5_exp/translate.go Outdated Show resolved Hide resolved
@jmarrero
Copy link
Member Author

Moving back to WIP. This depends on the outcome of:
coreos/rpm-ostree#3340

@jmarrero jmarrero marked this pull request as draft January 21, 2022 03:57
@jmarrero jmarrero force-pushed the layer-packages branch 3 times, most recently from b7d95dc to ec1a5d1 Compare January 23, 2022 02:58
@jmarrero jmarrero marked this pull request as ready for review January 23, 2022 03:01
Copy link
Contributor

@bgilbert bgilbert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM generally, pending tests.

@@ -38,3 +39,5 @@ type BootDeviceLuks struct {
type BootDeviceMirror struct {
Devices []string `yaml:"devices"`
}

type Extensions []string
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we sure we won't have additional options related to extensions in the future? This schema doesn't allow for any.

The usual way we do this is:

extensions:
  - name: foo
  - name: bar

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are basically adding something like the RHCOS extensions to butane: https://github.com/openshift/machine-config-operator/blob/master/docs/MachineConfiguration.md#rhcos-extensions . But I am not sure how this will evolve. This is still being discussed but for the first pass AFAIK we just care about a list of packages.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Once this spec version has been stabilized, we lose the ability to add metadata in this way without making a new top-level field. We could merge this as-is and revisit before stabilization, but if we do, we should make sure to leave clear signposts in the issue tracker so we don't forget. Or we could go for the extensible approach now. It might be worth raising with the team.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@cgwalters @jlebon any preference on how to handle this?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree with the concern, but not sure what to recommend since it's hard to predict what we'll need to generalize (container-based extensions? more treefile support? repo-pinned extensions?).

So... I'd say let's roll with this for now and revisit before stabilization. In the worst case, we should be able to change the spec in future versions, right?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Discussed this more with @jlebon OOB. If we wanted to add extensibility in future versions, and didn't want to have a major spec bump (i.e. one that requires config changes when bumping the version number), we'd need to deprecate the extensions field and add e.g. extensions2. We've done that before but it's a bit awkward.

I think the maximum possible extensibility is:

extensions:
  packages:
    - name: foo
    - name: bar

which lets us add system-wide extension options, per-package ones, and new extension types:

extensions:
  global-option: z
  packages:
    - name: foo
      package-option: z
    - name: bar
  containers:
    - name: baz

Global options don't play well with config merging, since a child config that adds a package would be affected by global parameters it isn't aware of. New extension types could be implemented as a package field:

extensions:
  - name: foo
    package-option: z
  - name: bar
  - name: baz
    type: container

which is consistent with the design elsewhere in the schema.

I think that's a reasonable middle ground. Let's not block the current PR on this, but as a followup I think we should switch from an array of strings to an array of structs.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is very related to what happened to packages in
https://github.com/coreos/rpm-ostree/blob/main/docs/treefile.md

We ended up adding repo-packages which allows to pin to packages from a specific repo.

--

The idea of type: container is a really interesting idea. Definitely touches on https://www.freedesktop.org/software/systemd/man/systemd-sysext.html etc.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In rpm-ostree's treefiles today to be nice we allow multiple packages in single YAML list entry. See for example https://github.com/coreos/fedora-coreos-config/blob/aa50439847f34282b41bf2eb60d478a45d2a27d7/manifests/system-configuration.yaml#L7

Might make sense to do that too to avoid the overhead in the simple cases?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We generally don't do that in Ignition configs because it wouldn't work with the config merging logic, which (with one unfortunate exception) doesn't know the semantics of what it's merging. That argument doesn't directly apply here, since this is sugar, but it still doesn't feel very Butane-like. We've favored explicitness over ergonomics when they're in conflict.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Followup in #316.

config/fcos/v1_5_exp/translate.go Outdated Show resolved Hide resolved
@jmarrero jmarrero force-pushed the layer-packages branch 3 times, most recently from b142f42 to f764f4a Compare January 24, 2022 06:22
config/fcos/v1_5_exp/translate_test.go Outdated Show resolved Hide resolved
docs/config-fcos-v1_5-exp.md Outdated Show resolved Hide resolved
@@ -38,3 +39,5 @@ type BootDeviceLuks struct {
type BootDeviceMirror struct {
Devices []string `yaml:"devices"`
}

type Extensions []string
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Once this spec version has been stabilized, we lose the ability to add metadata in this way without making a new top-level field. We could merge this as-is and revisit before stabilization, but if we do, we should make sure to leave clear signposts in the issue tracker so we don't forget. Or we could go for the extensible approach now. It might be worth raising with the team.

config/fcos/v1_5_exp/translate_test.go Show resolved Hide resolved
config/fcos/v1_5_exp/translate_test.go Outdated Show resolved Hide resolved
docs/config-fcos-v1_5-exp.md Outdated Show resolved Hide resolved
@jmarrero jmarrero merged commit 3d00ece into coreos:main Jan 25, 2022
@cgwalters
Copy link
Member

One concern @jmarrero mentioned in a chat about this is that we're implicity supporting whatever CLI arguments can be passed to rpm-ostree install. Today that includes e.g. bodhi update URLs as well as direct e.g. https://example.com/foo.rpm.

I think that's probably OK.

This also relates though to a discussion happening in libdnf
rpm-software-management/libdnf#1375

@cgwalters
Copy link
Member

Did the question come up of potentially having butane generate default configuration files or kernel arguments when a specific extension is requested? kdump is a great example of this. https://docs.fedoraproject.org/en-US/fedora-coreos/debugging-kernel-crashes/

There may be others where we'd want to drop some config file in /etc.

IOW, should butane ever try to recognize specific extensions, or should we just pass through to rpm-ostree install.

@bgilbert
Copy link
Contributor

One concern @jmarrero mentioned in a chat about this is that we're implicity supporting whatever CLI arguments can be passed to rpm-ostree install. Today that includes e.g. bodhi update URLs as well as direct e.g. https://example.com/foo.rpm.

Can we filter those out e.g. by rejecting slashes? Explicit > implicit, and we can always loosen validation rules later.

IOW, should butane ever try to recognize specific extensions, or should we just pass through to rpm-ostree install.

If certain extensions need additional configuration, we should add explicit sugar for those. Otherwise, validation has no way to know that a particular extension will invoke additional logic in a future Butane release, so a newer Butane config could produce a subtly broken Ignition config with older Butane.

@cgwalters
Copy link
Member

Can we filter those out e.g. by rejecting slashes? Explicit > implicit, and we can always loosen validation rules later.

Actually I realized I was wrong, since the change to generate a treefile instead of forking rpm-ostree install, I think only package names/NEVRAs will be supported. (The direct https://example.com/foo.rpm stuff lives in the client binary today)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants