-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ostree: move admindir to /etc/alternatives.admindir #135
Conversation
Dockerfile to test: FROM quay.io/fedora/fedora-bootc:40
COPY alternatives /usr/sbin/alternatives
RUN dnf -y install golang
RUN ls /etc/alternatives.admindir
RUN go help > /dev/null |
e9ade9e
to
87cdffc
Compare
87cdffc
to
cae669c
Compare
I still think it would be better to do a migration as that would fix things for all systems once instead of us having to write migration scripts and ship them in Fedora CoreOS, Fedora Atomic Desktops, Fedora IoT, etc. But this LGTM, although I've not tested it. |
I am not opposed to the migration proposal. @cgwalters WDYT? |
I definitely like the idea of the migration too, avoiding any drift between image and package mode - the migration would also work more nicely for non-ostree image based systems too. Though of course, a notable complexity here is that such a migration would need to be a systemd unit - it couldn't be done in |
cae669c
to
d52444f
Compare
Dockerfile for testing ostree container:
Dockerfile to make sure that the admindir gets created even on package mode:
To test the systemd service, build the Dockerfule, run a detached container and podman-exec into it:
|
d52444f
to
abd7e11
Compare
Honestly, I don't like the idea of moving those files on existing systems. It feels really fragile. If we want to move the db elsewhere, it should be done only on new installations and support reading from both directories. |
I am happy to remove the migration part if you wish. We decided against moving the DB on new installations as it may break existing users. Let's say one machine upgrades to RHEL X.Y and another would does a fresh install, the paths would differ. We also wanted to make sure that users depending on /var/lib/alternatives (for whatever reason) are not impacted. |
@travier @cgwalters can you chime in? |
I think as far as a migration it seems doable across a RHEL major (and a fedora major)...the chance for breakage if we did it seems pretty low. A migration would clearly be useful to be configurable - i.e. we can land the code, have it off by default and opt-in to start). So here's my proposal
|
abd7e11
to
946309e
Compare
The latter would be my preference.
That would be doable. The code still prefers /var if it exists..
I think it could be opt-in by default by just shipping the system service but not enabling it. So fedora-bootc etc. can enable it if desired. But I personally was already happy with the previous PR who just did its magic on OSTree systems. If we want to add more to it, let's dicuss and agree on the behavior. I don't want to burn too much time. |
Yeah, I hear you. I'm OK keeping this migration code around in a draft PR, and then we can continue to do the super targeted change? But...I think the messy thing though is these are kind of entangled...if we change this code to detect |
Broken out of PR fedora-sysv#135. Work can be continued/picked up at a later point in time. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Moved the current state into #139.
Can you elaborate? The code will only use /etc/alternatives.admindir if /var/lib/alternatives doesn't exist, we are running on an OSTree host. It won't switch if the --admindir flag is used. |
7e7d3cb
to
aed657e
Compare
aed657e
to
87a94ac
Compare
c000aa0
to
0ab434f
Compare
Good to go from my end. Heads up: I'll be on PTO next week. |
Not tested but LGTM. My position is still #135 (comment) & #134 (comment). Might be good to make it a change request for Fedora 42. |
I am OK with the concept. However, I still want to debug what is going on with 6d6b96f, and some small bits in the code bother me. But to save everyone's time I can just force-push that here. |
Sounds great, thanks! Feel free to take over this PR. |
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
0ab434f
to
40e9f75
Compare
@@ -1454,12 +1466,26 @@ int main(int argc, const char **argv) { | |||
} | |||
} | |||
|
|||
if (stat(altDir, &sb) || !S_ISDIR(sb.st_mode) || access(altDir, F_OK)) { | |||
if (!dirExists(altDir)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The access()
check should remain, I think.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We discussed this with @msekletar, and I don't think it is needed. With F_OK, it will just check if it exists, but that is already done through stat. If there had been W_OK, that would have been a different story.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
True... But then it'd be better to remove it in a separate commit.
fprintf(stderr, _("failed creating admindir: %s\n"), strerror(errno)); | ||
exit(2); | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
access()
check missing here too, in both branches.
Best to do that just once after the whole if
block, I think (that is, beyond line 1491). Or even change the else if
at 1488 back to if
. It could mean a duplicate existence check, but I don't think this code is performance-critical... 😉
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I already talked about the acccess and I like performant code :-)
40e9f75
to
5502982
Compare
`ostree container commit` wipes /var and thereby erases the data in /var/lib/alternatives; the directory used to store configs/symlinks of alternatives. /var is not a good place for storing such configs since it won't receive updates on bootc images either. We need to move to another location. Hence, use /etc/alternatives.admindir when running on an ostree-based system unless /var/lib/alternatives is already present; a user may have worked around the problem. This way we enable alternatives to work on ostree-based systems without breaking backwards compat. Fixes: fedora-sysv#9 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
5502982
to
538dc7e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Thanks! Do we need to cut a new upstream release to get the changes into Fedora/RHEL? |
This is seen on rpm-ostree based system during uninstall: ``` Running scriptlet: sssd-client-2.9.5-4.el9.x86_64 9/9 admindir /var/lib/alternatives invalid error: %preun(sssd-client-2.9.5-4.el9.x86_64) scriptlet failed, exit status 2 ``` This should be fixed by fedora-sysv/chkconfig#135 but let's avoid hard failing here anyway.
This is seen on rpm-ostree based system during uninstall: ``` Running scriptlet: sssd-client-2.9.5-4.el9.x86_64 9/9 admindir /var/lib/alternatives invalid error: %preun(sssd-client-2.9.5-4.el9.x86_64) scriptlet failed, exit status 2 ``` This should be fixed by fedora-sysv/chkconfig#135 but let's avoid hard failing here anyway. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com>
ostree container commit
wipes /var and thereby erases the data in /var/lib/alternatives; the directory used to store configs/symlinks of alternatives./var is not a good place for storing such configs since it won't receive updates on bootc images either. We need to move to another location.
Hence, use /etc/alternatives.admindir when running on an ostree-based system unless /var/lib/alternatives is already present; a user may have worked around the problem. This way we enable alternatives to work on ostree-based systems without breaking backwards compat.
Fixes: #9