Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ostree: move admindir to /etc/alternatives.admindir #135

Merged
merged 2 commits into from
Aug 7, 2024

Conversation

vrothberg
Copy link
Contributor

ostree container commit wipes /var and thereby erases the data in /var/lib/alternatives; the directory used to store configs/symlinks of alternatives.

/var is not a good place for storing such configs since it won't receive updates on bootc images either. We need to move to another location.

Hence, use /etc/alternatives.admindir when running on an ostree-based system unless /var/lib/alternatives is already present; a user may have worked around the problem. This way we enable alternatives to work on ostree-based systems without breaking backwards compat.

Fixes: #9

@vrothberg
Copy link
Contributor Author

vrothberg commented Jul 26, 2024

Dockerfile to test:

FROM quay.io/fedora/fedora-bootc:40
COPY alternatives /usr/sbin/alternatives
RUN dnf -y install golang
RUN ls /etc/alternatives.admindir
RUN go help > /dev/null

@vrothberg vrothberg force-pushed the ostree-alternatives branch from e9ade9e to 87cdffc Compare July 26, 2024 10:19
alternatives.8 Outdated Show resolved Hide resolved
chkconfig.spec Outdated Show resolved Hide resolved
alternatives.c Outdated Show resolved Hide resolved
alternatives.c Outdated Show resolved Hide resolved
@vrothberg vrothberg force-pushed the ostree-alternatives branch from 87cdffc to cae669c Compare July 29, 2024 08:20
@travier
Copy link

travier commented Jul 29, 2024

I still think it would be better to do a migration as that would fix things for all systems once instead of us having to write migration scripts and ship them in Fedora CoreOS, Fedora Atomic Desktops, Fedora IoT, etc.

But this LGTM, although I've not tested it.

@vrothberg
Copy link
Contributor Author

I still think it would be better to do a migration as that would fix things for all systems once instead of us having to write migration scripts and ship them in Fedora CoreOS, Fedora Atomic Desktops, Fedora IoT, etc.

I am not opposed to the migration proposal. @cgwalters WDYT?

@cgwalters
Copy link
Contributor

I definitely like the idea of the migration too, avoiding any drift between image and package mode - the migration would also work more nicely for non-ostree image based systems too.

Though of course, a notable complexity here is that such a migration would need to be a systemd unit - it couldn't be done in %post for image based systems (though it could on package based ones).

alternatives.c Outdated Show resolved Hide resolved
alternatives.c Outdated Show resolved Hide resolved
alternatives.c Outdated Show resolved Hide resolved
alternatives.c Outdated Show resolved Hide resolved
alternatives.c Outdated Show resolved Hide resolved
alternatives.c Outdated Show resolved Hide resolved
alternatives.c Outdated Show resolved Hide resolved
@vrothberg vrothberg force-pushed the ostree-alternatives branch from cae669c to d52444f Compare July 30, 2024 13:04
alternatives-migration Fixed Show fixed Hide fixed
alternatives-migration Fixed Show fixed Hide fixed
@vrothberg
Copy link
Contributor Author

Dockerfile for testing ostree container:

FROM quay.io/fedora/fedora-bootc:40
COPY alternatives /usr/sbin/alternatives
RUN dnf -y install golang
RUN ls /etc/alternatives /etc/alternatives.admindir
RUN go help > /dev/null

Dockerfile to make sure that the admindir gets created even on package mode:

FROM fedora:40
COPY alternatives /usr/sbin/alternatives
RUN rm -rf /var/lib/alternatives
RUN dnf -y install golang
RUN ls /etc/alternatives /var/lib/alternatives
RUN go help > /dev/null

To test the systemd service, build the Dockerfule, run a detached container and podman-exec into it:

FROM quay.io/fedora/fedora-bootc:40
COPY ./systemd/alternatives-migration.service /usr/lib/systemd/system/
COPY alternatives-migration /usr/libexec/

Makefile Outdated Show resolved Hide resolved
@vrothberg vrothberg force-pushed the ostree-alternatives branch from d52444f to abd7e11 Compare July 30, 2024 13:23
@lnykryn
Copy link
Member

lnykryn commented Jul 30, 2024

Honestly, I don't like the idea of moving those files on existing systems. It feels really fragile. If we want to move the db elsewhere, it should be done only on new installations and support reading from both directories.

@vrothberg
Copy link
Contributor Author

vrothberg commented Jul 30, 2024

Honestly, I don't like the idea of moving those files on existing systems. It feels really fragile. If we want to move the db elsewhere, it should be done only on new installations and support reading from both directories.

I am happy to remove the migration part if you wish. We decided against moving the DB on new installations as it may break existing users. Let's say one machine upgrades to RHEL X.Y and another would does a fresh install, the paths would differ. We also wanted to make sure that users depending on /var/lib/alternatives (for whatever reason) are not impacted.

@vrothberg
Copy link
Contributor Author

@travier @cgwalters can you chime in?

@cgwalters
Copy link
Contributor

I think as far as a migration it seems doable across a RHEL major (and a fedora major)...the chance for breakage if we did it seems pretty low.

A migration would clearly be useful to be configurable - i.e. we can land the code, have it off by default and opt-in to start). So here's my proposal

  • Add a mechanism to opt-in to the new location (env ALTERNATIVES_STATEDIR=/etc/alternatives.admindir or just ALTERNATIVES_STATEDIR_NEW=1? Or maybe again mkdir /etc/alternatives.admindir before installing)
  • Change the code so that the new admindir, even if configured on is only used if the old /var path is nonexistent/inactive
  • The migration code would be a separate opt-in (build-time option seems viable, then we can flip that on in just rhel10 and fedora 42's spec files and/or start by doing just the migration in e.g. fedora-bootc/FCOS/etc. to start)

@vrothberg vrothberg force-pushed the ostree-alternatives branch from abd7e11 to 946309e Compare July 30, 2024 14:32
@vrothberg
Copy link
Contributor Author

vrothberg commented Jul 30, 2024

I think as far as a migration it seems doable across a RHEL major (and a fedora major)...the chance for breakage if we did it seems pretty low.

A migration would clearly be useful to be configurable - i.e. we can land the code, have it off by default and opt-in to start). So here's my proposal

* Add a mechanism to opt-in to the new location (`env ALTERNATIVES_STATEDIR=/etc/alternatives.admindir` or just `ALTERNATIVES_STATEDIR_NEW=1`? Or maybe again `mkdir /etc/alternatives.admindir` before installing)

The latter would be my preference.

* Change the code so that the new admindir, even if configured on is only used if the old `/var` path is nonexistent/inactive

That would be doable. The code still prefers /var if it exists..

* The migration code would be a separate opt-in (build-time option seems viable, then we can flip that on in just rhel10 and fedora 42's spec files _and/or_ start by doing just the migration in e.g. fedora-bootc/FCOS/etc. to start)

I think it could be opt-in by default by just shipping the system service but not enabling it. So fedora-bootc etc. can enable it if desired.

But I personally was already happy with the previous PR who just did its magic on OSTree systems. If we want to add more to it, let's dicuss and agree on the behavior. I don't want to burn too much time.

@cgwalters
Copy link
Contributor

Yeah, I hear you. I'm OK keeping this migration code around in a draft PR, and then we can continue to do the super targeted change?

But...I think the messy thing though is these are kind of entangled...if we change this code to detect /run/ostree-booted, in theory it could break non-bootc ostree systems where the user legitimately configured alternatives locally?

vrothberg added a commit to vrothberg/chkconfig that referenced this pull request Jul 31, 2024
Broken out of PR fedora-sysv#135.  Work can be continued/picked up at a later point
in time.

Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
@vrothberg
Copy link
Contributor Author

Yeah, I hear you. I'm OK keeping this migration code around in a draft PR, and then we can continue to do the super targeted change?

Moved the current state into #139.

But...I think the messy thing though is these are kind of entangled...if we change this code to detect /run/ostree-booted, in theory it could break non-bootc ostree systems where the user legitimately configured alternatives locally?

Can you elaborate? The code will only use /etc/alternatives.admindir if /var/lib/alternatives doesn't exist, we are running on an OSTree host. It won't switch if the --admindir flag is used.

@vrothberg vrothberg force-pushed the ostree-alternatives branch 2 times, most recently from 7e7d3cb to aed657e Compare July 31, 2024 08:56
alternatives.c Outdated Show resolved Hide resolved
alternatives.c Outdated Show resolved Hide resolved
alternatives.c Outdated Show resolved Hide resolved
@vrothberg vrothberg force-pushed the ostree-alternatives branch from aed657e to 87a94ac Compare July 31, 2024 12:16
@vrothberg vrothberg force-pushed the ostree-alternatives branch 2 times, most recently from c000aa0 to 0ab434f Compare July 31, 2024 12:29
@vrothberg
Copy link
Contributor Author

Good to go from my end.
@cgwalters @travier @lnykryn @ldv-alt WDYT?

Heads up: I'll be on PTO next week.

@travier
Copy link

travier commented Aug 1, 2024

Not tested but LGTM. My position is still #135 (comment) & #134 (comment). Might be good to make it a change request for Fedora 42.

@lnykryn
Copy link
Member

lnykryn commented Aug 1, 2024

I am OK with the concept. However, I still want to debug what is going on with 6d6b96f, and some small bits in the code bother me. But to save everyone's time I can just force-push that here.

@vrothberg
Copy link
Contributor Author

I am OK with the concept. However, I still want to debug what is going on with 6d6b96f, and some small bits in the code bother me. But to save everyone's time I can just force-push that here.

Sounds great, thanks! Feel free to take over this PR.

Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
@@ -1454,12 +1466,26 @@ int main(int argc, const char **argv) {
}
}

if (stat(altDir, &sb) || !S_ISDIR(sb.st_mode) || access(altDir, F_OK)) {
if (!dirExists(altDir)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The access() check should remain, I think.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We discussed this with @msekletar, and I don't think it is needed. With F_OK, it will just check if it exists, but that is already done through stat. If there had been W_OK, that would have been a different story.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

True... But then it'd be better to remove it in a separate commit.

fprintf(stderr, _("failed creating admindir: %s\n"), strerror(errno));
exit(2);
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

access() check missing here too, in both branches.

Best to do that just once after the whole if block, I think (that is, beyond line 1491). Or even change the else if at 1488 back to if. It could mean a duplicate existence check, but I don't think this code is performance-critical... 😉

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I already talked about the acccess and I like performant code :-)

alternatives.c Outdated Show resolved Hide resolved
chkconfig.spec Outdated Show resolved Hide resolved
@lnykryn lnykryn force-pushed the ostree-alternatives branch from 40e9f75 to 5502982 Compare August 5, 2024 14:08
alternatives.c Outdated Show resolved Hide resolved
`ostree container commit` wipes /var and thereby erases the data in
/var/lib/alternatives; the directory used to store configs/symlinks of
alternatives.

/var is not a good place for storing such configs since it won't receive
updates on bootc images either.  We need to move to another location.

Hence, use /etc/alternatives.admindir when running on an ostree-based
system unless /var/lib/alternatives is already present; a user may have
worked around the problem.  This way we enable alternatives to work on
ostree-based systems without breaking backwards compat.

Fixes: fedora-sysv#9
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
@lnykryn lnykryn force-pushed the ostree-alternatives branch from 5502982 to 538dc7e Compare August 5, 2024 14:35
Copy link
Contributor

@dtardon dtardon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@lnykryn lnykryn merged commit 4224f51 into fedora-sysv:main Aug 7, 2024
9 of 13 checks passed
@vrothberg vrothberg deleted the ostree-alternatives branch August 12, 2024 07:06
@vrothberg
Copy link
Contributor Author

Thanks! Do we need to cut a new upstream release to get the changes into Fedora/RHEL?

@lnykryn
Copy link
Member

lnykryn commented Aug 12, 2024

@jamacku already did that 81cda82

alexey-tikhonov added a commit to alexey-tikhonov/sssd that referenced this pull request Sep 12, 2024
This is seen on rpm-ostree based system during uninstall:
```
Running scriptlet: sssd-client-2.9.5-4.el9.x86_64 9/9
admindir /var/lib/alternatives invalid
error: %preun(sssd-client-2.9.5-4.el9.x86_64) scriptlet failed, exit status 2
```

This should be fixed by fedora-sysv/chkconfig#135
but let's avoid hard failing here anyway.
alexey-tikhonov added a commit to SSSD/sssd that referenced this pull request Sep 13, 2024
This is seen on rpm-ostree based system during uninstall:
```
Running scriptlet: sssd-client-2.9.5-4.el9.x86_64 9/9
admindir /var/lib/alternatives invalid
error: %preun(sssd-client-2.9.5-4.el9.x86_64) scriptlet failed, exit status 2
```

This should be fixed by fedora-sysv/chkconfig#135
but let's avoid hard failing here anyway.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Tomáš Halman <thalman@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

config files for alternatives?
6 participants