Composefs-native backend #1314
Composefs-native backend #1314
Conversation
Johan-Liebert1
force-pushed
the
composefs-backend
branch
from
cd42079 to
b3d1952
Compare
lib/src/install.rs
Outdated
| .create_dir_all("composefs") | ||
| .context("Creating dir 'composefs'")?; | ||
|
|
||
| tracing::warn!("STATE: {state:#?}"); |
There was a problem hiding this comment.
I'd recommend dbg! for this type of stuff; it will build locally but not pass CI so it can't be accidentally merged.
There was a problem hiding this comment.
I intend to remove all these logs. They were only for debugging purposes
There was a problem hiding this comment.
Yep that makes sense, what I meant is that use dbg! locally. (Or use tracing::debug! and keep the tracing in there and just use the tracing selector to ensure you see what you want...we are really chatty with a big env RUST_LOG=debug unfortunately today, mostly in container fetches)
lib/src/cli.rs
Outdated
| @@ -1199,7 +1199,7 @@ async fn run_from_opt(opt: Opt) -> Result<()> { | |||
| let fd = | |||
| std::fs::File::open(&path).with_context(|| format!("Reading {path}"))?; | |||
| let digest: fsverity::Sha256HashValue = fsverity::measure_verity(&fd)?; | |||
| let digest = hex::encode(digest); | |||
| let digest = digest.to_hex(); | |||
There was a problem hiding this comment.
I think this should be squashed with the previous commit, and it may make sense to have a "bump composefs-rs" prep PR split out right?
There was a problem hiding this comment.
Right, that makes sense. I'll put this in a separate PR
lib/src/install.rs
Outdated
| async fn install_to_filesystem_impl( | ||
| state: &State, | ||
| rootfs: &mut RootSetup, | ||
| cleanup: Cleanup, | ||
| composefs: bool, |
There was a problem hiding this comment.
I think this would make sense as part of state
There was a problem hiding this comment.
I was conflicted on where to put this. Thanks for the review. I'll add this to State
lib/src/install.rs
Outdated
| &imgstore, | ||
| ) | ||
| .await?; | ||
| tracing::warn!( |
There was a problem hiding this comment.
Same comment re dbg! or this one could also make sense as a tracing::debug! that gets left in right?
There was a problem hiding this comment.
Ah, yes. We can keep this one as debug
The branding here is a bit confusing because of course, bootc already uses composefs. Just the https://github.com/composefs/composefs/ version, and that is "indirectly" via ostree. Bigger picture I think what we're trying to aim for here primarily is "sealed" images right? In that case then, one thing I think would make sense is that we don't even have an option to install - we determine what to do by inspecting the container. It does of course make sense to eventually support unsealed images this way too...which will be extremely important for eventually migrating existing ostree systems. There's an enormous set of details there though. So my proposal in a nutshell:
|
I think this works. Or we could have
Curious about this. Is there a reason we'd want composfs native storage in this case? |
Isn't the whole idea that we're aiming for the sealed case? |
|
I'll be getting back to this PR next Monday. Been working on a separate issue this week... |
lib/src/install/baseline.rs
Outdated
| @@ -403,6 +409,8 @@ pub(crate) fn install_create_rootfs( | |||
| "root", | |||
| opts.wipe, | |||
| mkfs_options.iter().copied(), | |||
| // TODO: Add cli option for this | |||
| Some(uuid::uuid!("6523f8ae-3eb1-4e2a-a05a-18b695ae656f")), | |||
There was a problem hiding this comment.
It looks like you chose the alpha architecture uuid; it'd make sense potentially to use the DPS UUIDs by default for to-disk but that will require some work.
Johan-Liebert1
force-pushed
the
composefs-backend
branch
from
5979f04 to
42632ce
Compare
lib/src/install.rs
Outdated
| let esp_devices = [COREOS_ESP_PART_LABEL, ANACONDA_ESP_PART_LABEL] | ||
| .into_iter() | ||
| .map(|p| Path::new("/dev/disk/by-partlabel/").join(p)); |
There was a problem hiding this comment.
Two things
- We shouldn't use
/dev/disk/by-partlabelbecause that's global state, in the general case we may be creating partitions on a loopback mounted device and don't want to touch any global state - There's a well known UUID for the ESP to use
Combining these, see https://github.com/coreos/bootupd/blob/92a8fe2326e35d893afbe464857408c403d9e7ea/src/blockdev.rs#L41 which perhaps we could move into this codebase and have bootupd use it (because bootupd already uses bootc).
There was a problem hiding this comment.
Ah, okay I'll update to not use by-partlabel
perhaps we could move into this codebase and have bootupd use it (because bootupd already uses bootc)
I found this little bit weird, as I feel like this should be the other way around. Is there a reason why bootc uses the bootupctl command rather than the bootup crate?
There was a problem hiding this comment.
Is there a reason why bootc uses the bootupctl command rather than the bootup crate?
Well...unless we took over that CLI, that'd mean we duplicate the code.
lib/src/install.rs
Outdated
| create_dir_all(&boot_dir).context("Failed to create boot dir")?; | ||
|
|
||
| // Add the user grug cfg | ||
| let grub_user_config = format!( |
There was a problem hiding this comment.
In my ideal world grub related things live in bootupd, not in this project.
And even better if we can make this a static configuration...where grub basically implements the BLS spec and finds things in /EFI/Linux on its own right?
There was a problem hiding this comment.
It makes sense to put this in bootupd, but upon discussions with @travier we're still debating on whether we want to push systemd-boot or not, so this is more or less temporary
There was a problem hiding this comment.
This part of the GRUB config can not be generated by bootup as it is the deployment boot order in the UKI + GRUB case. See: containers/composefs-rs#38 (comment)
There was a problem hiding this comment.
It's not possible to use the BLS spec partial support in GRUB to boot UKI. It does not support the key that we need to do so, thus why we generate GRUB config snippets: ostreedev/ostree#2753 (comment)
Johan-Liebert1
force-pushed
the
composefs-backend
branch
from
25602da to
7dcc0fc
Compare
lib/Cargo.toml
Outdated
| @@ -57,6 +57,8 @@ tini = "1.3.0" | |||
| comfy-table = "7.1.1" | |||
| thiserror = { workspace = true } | |||
| canon-json = { workspace = true } | |||
| openat = "0.1.21" | |||
There was a problem hiding this comment.
This project is not actively maintained and should not be added here. We use cap-std or rustix directly.
There was a problem hiding this comment.
Ah, I see. I took inspiration from bootupd. We should remove it from there as well
ostree-ext/Cargo.toml
Outdated
| @@ -17,7 +17,9 @@ ostree = { features = ["v2025_2"], version = "0.20" } | |||
| anyhow = { workspace = true } | |||
| bootc-utils = { package = "bootc-internal-utils", path = "../utils", version = "0.0.0" } | |||
| camino = { workspace = true, features = ["serde1"] } | |||
| composefs = { git = "https://github.com/containers/composefs-rs", rev = "59299eb8de6c22410f32213cc57901a7ddd3c134", features = ["rhel9"] } | |||
| composefs = { git = "https://github.com/containers/composefs-rs", rev = "d8e285f14c3c9fa969496fd98e12ffba3079842d", package = "composefs" } | |||
| composefs-boot = { git = "https://github.com/containers/composefs-rs", rev = "d8e285f14c3c9fa969496fd98e12ffba3079842d", package = "composefs-boot" } | |||
There was a problem hiding this comment.
We also need to discuss containers/composefs-rs#143 (comment) related to this.
ostree-ext/src/container_utils.rs
Outdated
| @@ -77,6 +77,13 @@ pub fn ostree_booted() -> io::Result<bool> { | |||
| Path::new(&format!("/{OSTREE_BOOTED}")).try_exists() | |||
| } | |||
|
|
|||
|
|
|||
| /// Returns true if the system appears to have been booted with composefs. | |||
There was a problem hiding this comment.
I don't want to belabor this too much but I think it will cause endless confusion if we keep saying "this uses composefs" when again we're already using "composefs".
How about "without ostree"? Or "composefs native" or "pure composefs".
There was a problem hiding this comment.
Ah yes, definitely. I'll update these throughout the repo
ostree-ext/src/container_utils.rs
Outdated
|
|
||
| /// Returns true if the system appears to have been booted with composefs. | ||
| pub fn composefs_booted() -> io::Result<bool> { | ||
| let cmdline = std::fs::read_to_string("/proc/cmdline")?; |
There was a problem hiding this comment.
We should use a proper kernel argument parser in general. It's actually a bit complicated because of quoting. systemd has a good version of course, and we have one in C in ostree. It'd probably make sense to make a dedicated one.
There was a problem hiding this comment.
We could build our own parser? @travier suggested https://github.com/rust-bakery/nom for parsing Grub menuentries. Maybe we could use it for parsing kernel cmdline as well?
There was a problem hiding this comment.
I have written what feels like a million various nom parsers for Advent of Code over the years, I could probably throw something together for kernel cmdline in short order. Seems to be well-documented at https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html
There was a problem hiding this comment.
Sure, I'm good to make a new small internal crate for this. But I wouldn't try to just greenfield it though, but reference existing parsers. I think https://github.com/ostreedev/ostree/blob/main/src/libostree/ostree-kernel-args.c is correct, as is the systemd version.
There was a problem hiding this comment.
Sorry I forgot we already have https://github.com/bootc-dev/bootc/blob/main/lib/src/kernel.rs and to combine with the chat yes let's for now just take the code from https://github.com/containers/composefs-rs/blob/d5455222f282200913902f29c66d5f625ca5661f/crates/composefs-boot/src/cmdline.rs#L9 but what we IMO must do when parsing /proc/cmdline is use to_utf8_lossy or so so we don't bomb out if the kernel commandline somehow has non-UTF8 data.
lib/src/bls_config.rs
Outdated
There was a problem hiding this comment.
👍 for a first pass, but skimming through the boot loader specification document there's a lot more to this. Probably enough so that it would make sense to spin this off into its own crate, I'm sure others would find it to be useful outside of bootc.
There was a problem hiding this comment.
Probably enough so that it would make sense to spin this off into its own crate,
Yes I had the same thought, was one of the motivations for #1413
I'm sure others would find it to be useful outside of bootc.
Probably though I'd say we should probably not at the current time try to go all the way into making it a real published crate unless we had a reason to believe that there was another possible concrete user.
lib/src/install.rs
Outdated
| pub(crate) fn get_user_config(uki_id: &str) -> String { | ||
| let s = format!( | ||
| r#" | ||
| menuentry "Fedora Bootc UKI: ({uki_id})" {{ |
There was a problem hiding this comment.
Should not hardcode Fedora here but instead get this metadata from the UKI
lib/src/install.rs
Outdated
|
|
||
| create_dir_all(&entries_path).with_context(|| format!("Creating {:?}", entries_path))?; | ||
|
|
||
| std::fs::write( |
There was a problem hiding this comment.
I think in general we should use e.g. https://docs.rs/cap-std-ext/latest/cap_std_ext/dirext/trait.CapStdExtDirExt.html#tymethod.atomic_write for things like this
lib/src/install.rs
Outdated
| BootSetupType::Upgrade => ( | ||
| Utf8PathBuf::from("/sysroot"), | ||
| vec![ | ||
| format!("root=UUID={DPS_UUID}"), |
There was a problem hiding this comment.
The point of the DPS is that we can avoid the root= karg right?
There was a problem hiding this comment.
Yes, but grub still requires it iirc
lib/src/deploy.rs
Outdated
| const ROLLBACK_ENTRIES: &str = "entries.staged"; | ||
|
|
||
| #[context("Getting boot entries")] | ||
| pub(crate) fn get_sorted_boot_entries(ascending: bool) -> Result<Vec<BLSConfig>> { |
There was a problem hiding this comment.
I think stuff like this would be good to cover via unit tests, we have a pattern of doing so using cap-std elsewhere.
lib/src/cli.rs
Outdated
| // .digest() | ||
| // .context("Getting digest for booted image")?; | ||
|
|
||
| let (repo, entries, id) = pull_composefs_repo(&imgref.transport, &imgref.image).await?; |
There was a problem hiding this comment.
BTW almost certainly this will need work to set up the image proxy with the same config as we use for the ostree backend, otherwise we won't honor /etc/ostree/auth.json etc.
There was a problem hiding this comment.
The image pulling code in composefs-rs definitely needs some improvement. I'm not sure if it's an issue with skopeo or containers-image-proxy but pulling an image from containers-storage sometimes fails with
ERROR Composefs Switching: Pulling composefs repository: Pulling composefs repo: Unable to pull container image containers-storage:localhost/bootc-composefs-bls-upgrade: Failed to pull config Desc
riptor { media_type: ImageConfig, digest: Digest { algorithm: Sha256, value: "sha256:3c6248f829437b55cb57355f8fdefc5f4f35c2379c726a0872383e113a4455fa", split: 6 }, size: 12533, urls: None, annotat
ions: None, platform: None, artifact_type: None, data: None }: failed to invoke method GetBlob: locating item named "sha256:8570667f03be297afea2c40859006418ec85d4dc6ad2e1258f5412fcdd82ffff" for im
age with ID "3c6248f829437b55cb57355f8fdefc5f4f35c2379c726a0872383e113a4455fa" (consider removing the image to resolve the issue): file does not exist
lib/src/install.rs
Outdated
| async fn initialize_composefs_repository( | ||
| state: &State, | ||
| root_setup: &RootSetup, | ||
| ) -> Result<(Sha256Digest, impl FsVerityHashValue)> { |
There was a problem hiding this comment.
I think we should return the repository object too.
There was a problem hiding this comment.
Yeah, I missed it
lib/src/install.rs
Outdated
| BootSetupType::Setup(root_setup) => { | ||
| // root_setup.kargs has [root=UUID=<UUID>, "rw"] | ||
| let mut cmdline_options = String::from(root_setup.kargs.join(" ")); | ||
| cmdline_options.push_str(&format!(" composefs={id_hex}")); |
There was a problem hiding this comment.
We should definitely be centralizing via e.g. const our references to this kernel commandline.
lib/src/install.rs
Outdated
| ComposefsBootEntry::UsrLibModulesUki(..) => todo!(), | ||
|
|
||
| ComposefsBootEntry::UsrLibModulesVmLinuz(usr_lib_modules_vmlinuz) => { | ||
| // Write the initrd and vmlinuz at /boot/<id>/ |
There was a problem hiding this comment.
And here <id> is the composefs digest? Note that that will mean that we duplicate the kernel/initrd for every userspace change. ostree has this concept of a "bootcsum" to avoid that.
Duplicating it is pretty unavoidable for sealed UKIs of course.
But I wonder if we may run into this for the unsealed case. On this topic xref coreos/fedora-coreos-tracker#1465
There was a problem hiding this comment.
You're right about the duplication. We should do it similarly to ostree
lib/src/install.rs
Outdated
| #[context("Setting up BLS boot")] | ||
| pub(crate) fn setup_composefs_bls_boot( | ||
| setup_type: BootSetupType, | ||
| // TODO: Make this generic |
There was a problem hiding this comment.
Yeah but you know the problem here is...it will basically infect most of the bootc codebase with a generic - the same way it did in composefs-rs. That's going to be super painful.
We had part of this debate in containers/composefs-rs#105 and I'm still kind of skeptical that generics make sense overall. (The especially important argument here is that we may want to defer until runtime i.e. via some repository configuration or other state which digest we use) and that will mean we basically double 70% (yes number made up) of the code generated.
A potential thing in the future is to support migrating from sha256 to sha512 for example, and then we'd need two instantations of Repository for each.
There was a problem hiding this comment.
lib/src/install.rs
Outdated
| .context("Writing vmlinuz to path")?; | ||
|
|
||
| if let Some(initramfs) = &usr_lib_modules_vmlinuz.initramfs { | ||
| std::fs::write( |
There was a problem hiding this comment.
Again should use atomic writes - I think we also want to ensure we fsync here for sure.
lib/src/bls_config.rs
Outdated
| } | ||
| } | ||
|
|
||
| pub(crate) fn parse_bls_config(input: &str) -> Result<BLSConfig> { |
There was a problem hiding this comment.
This sort of thing I would normally impl TryFrom<&str> for BLSConfig. I think it makes it more obvious what is going on when you use it like let foo = BLSConfig::try_from(&some_str)?; Plus for free you also get the inverse of let foo: BLSConfig = some_str.try_into()?;
Done to facilitate the installation of a composefs repository to disk Signed-off-by: Pragyan Poudyal <[email protected]>
Signed-off-by: Pragyan Poudyal <[email protected]>
Signed-off-by: Pragyan Poudyal <[email protected]>
Signed-off-by: Pragyan Poudyal <[email protected]>
Signed-off-by: Pragyan Poudyal <[email protected]>
Signed-off-by: Pragyan Poudyal <[email protected]>
Signed-off-by: Pragyan Poudyal <[email protected]>
Signed-off-by: Pragyan Poudyal <[email protected]>
Signed-off-by: Pragyan Poudyal <[email protected]>
Signed-off-by: Pragyan Poudyal <[email protected]>
Also exit early if kargs are passed for `--boot=uki` Signed-off-by: Pragyan Poudyal <[email protected]>
Instead of putting the UKI in `/boot` in the root partition, this commit moves it to the ESP. Update grub user.cfg and pass the disk UUID to `--fs-uuid` Signed-off-by: Pragyan Poudyal <[email protected]>
This is currently WIP, as it only shows the currently booted image in use and not any staged or rollback deployments. Signed-off-by: Pragyan Poudyal <[email protected]>
Create a .origin file in /sysroot/state to store image info Signed-off-by: Pragyan Poudyal <[email protected]>
Also create `/var` inside `/state/deploy/<image_id>` as a symlink to `../../fedora/os/var` which is to be the case for every deployment Signed-off-by: Pragyan Poudyal <[email protected]>
Signed-off-by: Pragyan Poudyal <[email protected]>
* Implement `bootc upgrade` command for a composefs-native booted system * Refactor UKI and BLS boot entry writing functions to work for upgrade * Prevent using global `/dev/disk/by-partuuid` to get UUID for ESP * Refactor out code for populating `/sysroot/state` Signed-off-by: Pragyan Poudyal <[email protected]>
Store the staged deployment at `/run/composefs/staged-deployment` similar to how it's done in ostree Signed-off-by: Pragyan Poudyal <[email protected]>
On upgrade/switch write UKI and BLS entries with the suffix .staged This should be atomically renamed by the equivalent of `ostree-finalize.service` for composefs. In case of grub menuentries for UKI case, rewrite the entire file by reading /sysroot/state/deploy/<deployment_id> Signed-off-by: Pragyan Poudyal <[email protected]>
This does not yet "apply" the switch, it only stages a deployment Also refactor pulling of a composefs repository to a separate function Signed-off-by: Pragyan Poudyal <[email protected]>
Store whether the boot type for the deployment is BLS or UKI in the origin file for the deployment, under the `boot` section with `boot_type` key Signed-off-by: Johan-Liebert1 <[email protected]>
Now we get the vmlinuz and initrd from the boot entry and write them to /boot ourselves not relying on composefs lib's provided helper function. Allows more granularity while modifying BLS entries Signed-off-by: Johan-Liebert1 <[email protected]>
Fixes weird issue where BLS boot hangs if root UUID is in all caps Signed-off-by: Johan-Liebert1 <[email protected]>
This commit does not handle the edge cases that arise with rollbacks when there is a staged deployment present. For Grub BLS case, we create a new `loader/entries.staged` directory, write the new boot entries, then atomically swap `loader/entries` and `loader/entries.staged`. For Grub UKI case, we regenerate `grub2/user.cfg` using the images present in `/sysroot/state/deploy/` To distinguish whether the currently booted system is booted with a UKI or BLS, we add an entry to origin file called `boot_type` Signed-off-by: Johan-Liebert1 <[email protected]>
Get exported `read_file` function Use `enable_verity_raw` Signed-off-by: Johan-Liebert1 <[email protected]>
Johan-Liebert1
force-pushed
the
composefs-backend
branch
from
7dcc0fc to
04f048f
Compare
|
We had a live chat about this and decided to make a branch in this repo for it so multiple people can collaborate! |
|
Created in https://github.com/bootc-dev/bootc/tree/composefs-backend (That said we still need to convert to e.g. https://clowarden.io/ ) |
Fixes: #1190
A draft for installing and booting using
composefs-rs.install to-diskwith--composefs-nativeoptioninstall to-filesystemwith--composefs-nativeoptionbootc statusbootc switch,bootc upgradeandbootc rollback. Some edge cases need handling, such as rolling back while a deployment is staged. Currently staged deployment WILL be booted on the next reboot regardless of rolling back.TODO
ostree-finalize, saycomposefs-native-finalizewhich will be responsible for atomically swapping staged and current boot entries among other things./etcmergeIssues:
continers-storage, viz, #117. Needs some ironing out. Donecomposfs-rscomponents, namelycomposfs-setup-rootI have a few logs being logged as warning, just for visibility. Will remove them when it's ready.
Same with
composefs-rspatch incargo.toml