Add support for (weakly) "lifecycle bound" podman images #559

cgwalters · 2024-05-22T20:17:56Z

This is a working PoC implementation of part of
#128

Demo:

$ cat Containerfile
FROM localhost/bootc
COPY *.image /usr/share/containers/systemd
$ cat foo.image
[Container]
# bootc: bound
Image=quay.io/centos/centos:stream9
$ podman build -t localhost/testbootc .
$ podman-bootc run localhost/testbootc
...
[root@ibm-p8-kvm-03-guest-02 ~]# podman images
REPOSITORY             TAG         IMAGE ID      CREATED       SIZE
quay.io/centos/centos  stream9     75a875ea6cd8  43 hours ago  163 MB
[root@ibm-p8-kvm-03-guest-02 ~]#

Example user story:

Admin can take the standard podman-systemd .image files they have and add a special marker
When generating a disk image and at bootc upgrade time, bootc will pre-fetch these container images into the standard /var/lib/containers/storage location
This means the default case avoids firstboot latency (see all the comments in podman-systemd about image pull timeouts)

However, the container images and containers can still be updated live if desired, and that's actually expected. For example, I might update a version of an app before the base image's tag.

(a bit more in e.g. https://docs.fedoraproject.org/en-US/bootc/running-containers/#_lifecycling_and_updating_containers_separate )

notes:

edit filed bootc integration tracker podman#22785
Why not do this by default for all .image files? We could consider that, and having a way to exclude things instead. Either way we should clearly get out of the "magic comment" business and have a proper documented flag, but it'd require changes to podman
This won't work with anaconda until we fix Add support for bootc rhinstaller/anaconda#5197
This further increases the problems we have with /var
bootc-image-builder errors out with: Error: mkdir /etc/containers/networks: read-only file system - need to fix podman to not try to create that directory

cgwalters · 2024-05-22T20:18:16Z

(draft since we need docs and CI tests, and it could use some cleanup)

This is a working PoC implementation of part of containers#128 Demo: ``` $ cat Containerfile FROM localhost/bootc COPY *.image /usr/share/containers/systemd $ cat foo.image [Container] Image=quay.io/centos/centos:stream9 $ podman build -t localhost/testbootc . $ podman-bootc run localhost/testbootc ... [root@ibm-p8-kvm-03-guest-02 ~]# podman images REPOSITORY TAG IMAGE ID CREATED SIZE quay.io/centos/centos stream9 75a875ea6cd8 43 hours ago 163 MB [root@ibm-p8-kvm-03-guest-02 ~]# ``` Signed-off-by: Colin Walters <walters@verbum.org>

cgwalters · 2024-07-01T23:50:10Z

Closing in favor of #659

openshift-ci bot added the do-not-merge/work-in-progress label May 22, 2024

github-actions bot added the area/install Issues related to `bootc install` label May 22, 2024

cgwalters force-pushed the install-pull-images branch from 7cd7024 to 9f77320 Compare May 22, 2024 20:24

cgwalters changed the title ~~Add support for (weakly) lifecycle bound podman images~~ Add support for (weakly) "lifecycle bound" podman images May 22, 2024

cgwalters mentioned this pull request May 22, 2024

bootc integration tracker containers/podman#22785

Open

cgwalters closed this Jul 1, 2024

cgwalters mentioned this pull request Jul 18, 2024

install: Two prep changes for pulling bound images at install time #707

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add support for (weakly) "lifecycle bound" podman images #559

Add support for (weakly) "lifecycle bound" podman images #559

cgwalters commented May 22, 2024 •

edited

Loading

cgwalters commented May 22, 2024

cgwalters commented Jul 1, 2024

Add support for (weakly) "lifecycle bound" podman images #559

Add support for (weakly) "lifecycle bound" podman images #559

Conversation

cgwalters commented May 22, 2024 • edited Loading

cgwalters commented May 22, 2024

cgwalters commented Jul 1, 2024

cgwalters commented May 22, 2024 •

edited

Loading