From 0f8b35a3ba29b83337366c30000c423c6d3ace41 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Tue, 21 May 2024 12:54:26 -0400 Subject: [PATCH] osbuild: conditionally use the built payload as the buildroot With this we now use a buildroot that is derived from the OCI container that was built by the pipeline. This allows us to use the exact same versions of software from the payload we built when we construct the images that we will ship, which will be better for us over time. The benefits of this are immediately apparent in this commit as we are able to drop configuration that tries to set feature flags for our ext4 filesystems based on what we think are the current defaults in RHEL. For now we aren't able to do this with FCOS because FCOS doesn't have python in it. This should be OK for now because COSA is almost always based on the latest version of Fedora. Though one benefit we would have if we did switch to doing this for FCOS is that we would test newer versions of "build tools" from `rawhide` alongside the `rawhide` pipeline builds that we do. --- .../coreos.osbuild.aarch64.mpp.yaml | 90 +++++++++++-------- .../coreos.osbuild.ppc64le.mpp.yaml | 90 +++++++++++-------- .../coreos.osbuild.s390x.mpp.yaml | 90 +++++++++++-------- .../coreos.osbuild.x86_64.mpp.yaml | 90 +++++++++++-------- .../platform.applehv.ipp.yaml | 4 + src/osbuild-manifests/platform.gcp.ipp.yaml | 6 ++ .../platform.hyperv.ipp.yaml | 4 + src/osbuild-manifests/platform.metal.ipp.yaml | 8 ++ src/osbuild-manifests/platform.qemu.ipp.yaml | 4 + src/runvm-osbuild | 7 ++ 10 files changed, 249 insertions(+), 144 deletions(-) diff --git a/src/osbuild-manifests/coreos.osbuild.aarch64.mpp.yaml b/src/osbuild-manifests/coreos.osbuild.aarch64.mpp.yaml index 5c2e7390e5..862ce9d06c 100644 --- a/src/osbuild-manifests/coreos.osbuild.aarch64.mpp.yaml +++ b/src/osbuild-manifests/coreos.osbuild.aarch64.mpp.yaml @@ -25,6 +25,21 @@ mpp-vars: boot_fs_label: boot root_fs_uuid: 910678ff-f77e-4a7d-8d53-86f2ac47a823 root_fs_label: root + # Set the buildroot string to use for most operations here. We create + # the buildroot from the target OSTree contents so we have version + # matches. Unfortunately for FCOS there is no python so we can't + # really use FCOS as the buildroot so we'll set it to "" so that + # the host (COSA) gets used as the buildroot there. + buildroot: + mpp-if: osname in ['rhcos', 'scos'] + then: "name:build" + else: "" + # For the qemu stages we'll use the host buildroot (COSA) + # because we definitely don't include qemu-img in CoreOS. "" + # means to use the host as buildroot. It is worth noting that + # the host buildroot is the default if nothing is specified. + # We're still defining it here in an attempt to be explicit. + qemu_stage_buildroot: "" mpp-define-images: - id: image sector_size: @@ -94,7 +109,34 @@ pipelines: to: tree:///coreos.ociarchive else: type: org.osbuild.noop + # Construct a buildroot here from the input container reference (either + # ociarchive or registry/tag). Note that it won't actually be built + # unless used somewhere later in the manifest. + - name: build + stages: + - mpp-if: ociarchive != '' + then: + type: org.osbuild.container-deploy + inputs: + images: + type: org.osbuild.containers + origin: org.osbuild.pipeline + references: + name:oci-archive: + name: coreos.ociarchive + else: + type: org.osbuild.container-deploy + inputs: + images: + type: org.osbuild.containers + origin: org.osbuild.source + mpp-resolve-images: + images: + - source: $container_repo + tag: $container_tag - name: tree + build: + mpp-format-string: '{buildroot}' source-epoch: 1659397331 stages: - type: org.osbuild.ostree.init-fs @@ -202,6 +244,8 @@ pipelines: deployment: default: true - name: raw-image + build: + mpp-format-string: '{buildroot}' stages: - type: org.osbuild.truncate options: @@ -242,24 +286,10 @@ pipelines: mpp-format-int: '{image.layout[''boot''].size}' lock: true options: - # If we are on RHCOS then set manually some FS options - # to the values we want in order to not depend on the - # defaults in the version of mkfs.ext4 in the build root. - # This is mostly useful right now because COSA is based - # on Fedora. - mpp-if: osname in ['rhcos', 'scos'] - then: - orphan_file: false - metadata_csum_seed: true - uuid: - mpp-format-string: '{boot_fs_uuid}' - label: - mpp-format-string: '{boot_fs_label}' - else: - uuid: - mpp-format-string: '{boot_fs_uuid}' - label: - mpp-format-string: '{boot_fs_label}' + uuid: + mpp-format-string: '{boot_fs_uuid}' + label: + mpp-format-string: '{boot_fs_label}' - type: org.osbuild.mkfs.xfs devices: device: @@ -367,6 +397,8 @@ pipelines: deployment: default: true - name: raw-4k-image + build: + mpp-format-string: '{buildroot}' stages: - type: org.osbuild.truncate options: @@ -413,24 +445,10 @@ pipelines: sector-size: mpp-format-int: "{four_k_sector_size}" options: - # If we are on RHCOS then set manually some FS options - # to the values we want in order to not depend on the - # defaults in the version of mkfs.ext4 in the build root. - # This is mostly useful right now because COSA is based - # on Fedora. - mpp-if: osname in ['rhcos', 'scos'] - then: - orphan_file: false - metadata_csum_seed: true - uuid: - mpp-format-string: '{boot_fs_uuid}' - label: - mpp-format-string: '{boot_fs_label}' - else: - uuid: - mpp-format-string: '{boot_fs_uuid}' - label: - mpp-format-string: '{boot_fs_label}' + uuid: + mpp-format-string: '{boot_fs_uuid}' + label: + mpp-format-string: '{boot_fs_label}' - type: org.osbuild.mkfs.xfs devices: device: diff --git a/src/osbuild-manifests/coreos.osbuild.ppc64le.mpp.yaml b/src/osbuild-manifests/coreos.osbuild.ppc64le.mpp.yaml index eab638da5b..615c97cf38 100644 --- a/src/osbuild-manifests/coreos.osbuild.ppc64le.mpp.yaml +++ b/src/osbuild-manifests/coreos.osbuild.ppc64le.mpp.yaml @@ -25,6 +25,21 @@ mpp-vars: boot_fs_label: boot root_fs_uuid: 910678ff-f77e-4a7d-8d53-86f2ac47a823 root_fs_label: root + # Set the buildroot string to use for most operations here. We create + # the buildroot from the target OSTree contents so we have version + # matches. Unfortunately for FCOS there is no python so we can't + # really use FCOS as the buildroot so we'll set it to "" so that + # the host (COSA) gets used as the buildroot there. + buildroot: + mpp-if: osname in ['rhcos', 'scos'] + then: "name:build" + else: "" + # For the qemu stages we'll use the host buildroot (COSA) + # because we definitely don't include qemu-img in CoreOS. "" + # means to use the host as buildroot. It is worth noting that + # the host buildroot is the default if nothing is specified. + # We're still defining it here in an attempt to be explicit. + qemu_stage_buildroot: "" mpp-define-images: - id: image sector_size: @@ -96,7 +111,34 @@ pipelines: to: tree:///coreos.ociarchive else: type: org.osbuild.noop + # Construct a buildroot here from the input container reference (either + # ociarchive or registry/tag). Note that it won't actually be built + # unless used somewhere later in the manifest. + - name: build + stages: + - mpp-if: ociarchive != '' + then: + type: org.osbuild.container-deploy + inputs: + images: + type: org.osbuild.containers + origin: org.osbuild.pipeline + references: + name:oci-archive: + name: coreos.ociarchive + else: + type: org.osbuild.container-deploy + inputs: + images: + type: org.osbuild.containers + origin: org.osbuild.source + mpp-resolve-images: + images: + - source: $container_repo + tag: $container_tag - name: tree + build: + mpp-format-string: '{buildroot}' source-epoch: 1659397331 stages: - type: org.osbuild.ostree.init-fs @@ -209,6 +251,8 @@ pipelines: deployment: default: true - name: raw-image + build: + mpp-format-string: '{buildroot}' stages: - type: org.osbuild.truncate options: @@ -235,24 +279,10 @@ pipelines: mpp-format-int: '{image.layout[''boot''].size}' lock: true options: - # If we are on RHCOS then set manually some FS options - # to the values we want in order to not depend on the - # defaults in the version of mkfs.ext4 in the build root. - # This is mostly useful right now because COSA is based - # on Fedora. - mpp-if: osname in ['rhcos', 'scos'] - then: - orphan_file: false - metadata_csum_seed: true - uuid: - mpp-format-string: '{boot_fs_uuid}' - label: - mpp-format-string: '{boot_fs_label}' - else: - uuid: - mpp-format-string: '{boot_fs_uuid}' - label: - mpp-format-string: '{boot_fs_label}' + uuid: + mpp-format-string: '{boot_fs_uuid}' + label: + mpp-format-string: '{boot_fs_label}' - type: org.osbuild.mkfs.xfs devices: device: @@ -353,6 +383,8 @@ pipelines: deployment: default: true - name: raw-4k-image + build: + mpp-format-string: '{buildroot}' stages: - type: org.osbuild.truncate options: @@ -383,24 +415,10 @@ pipelines: sector-size: mpp-format-int: "{four_k_sector_size}" options: - # If we are on RHCOS then set manually some FS options - # to the values we want in order to not depend on the - # defaults in the version of mkfs.ext4 in the build root. - # This is mostly useful right now because COSA is based - # on Fedora. - mpp-if: osname in ['rhcos', 'scos'] - then: - orphan_file: false - metadata_csum_seed: true - uuid: - mpp-format-string: '{boot_fs_uuid}' - label: - mpp-format-string: '{boot_fs_label}' - else: - uuid: - mpp-format-string: '{boot_fs_uuid}' - label: - mpp-format-string: '{boot_fs_label}' + uuid: + mpp-format-string: '{boot_fs_uuid}' + label: + mpp-format-string: '{boot_fs_label}' - type: org.osbuild.mkfs.xfs devices: device: diff --git a/src/osbuild-manifests/coreos.osbuild.s390x.mpp.yaml b/src/osbuild-manifests/coreos.osbuild.s390x.mpp.yaml index e53e61bdfe..7cd9d78a65 100644 --- a/src/osbuild-manifests/coreos.osbuild.s390x.mpp.yaml +++ b/src/osbuild-manifests/coreos.osbuild.s390x.mpp.yaml @@ -25,6 +25,21 @@ mpp-vars: boot_fs_label: boot root_fs_uuid: 910678ff-f77e-4a7d-8d53-86f2ac47a823 root_fs_label: root + # Set the buildroot string to use for most operations here. We create + # the buildroot from the target OSTree contents so we have version + # matches. Unfortunately for FCOS there is no python so we can't + # really use FCOS as the buildroot so we'll set it to "" so that + # the host (COSA) gets used as the buildroot there. + buildroot: + mpp-if: osname in ['rhcos', 'scos'] + then: "name:build" + else: "" + # For the qemu stages we'll use the host buildroot (COSA) + # because we definitely don't include qemu-img in CoreOS. "" + # means to use the host as buildroot. It is worth noting that + # the host buildroot is the default if nothing is specified. + # We're still defining it here in an attempt to be explicit. + qemu_stage_buildroot: "" mpp-define-images: - id: image sector_size: @@ -82,7 +97,34 @@ pipelines: to: tree:///coreos.ociarchive else: type: org.osbuild.noop + # Construct a buildroot here from the input container reference (either + # ociarchive or registry/tag). Note that it won't actually be built + # unless used somewhere later in the manifest. + - name: build + stages: + - mpp-if: ociarchive != '' + then: + type: org.osbuild.container-deploy + inputs: + images: + type: org.osbuild.containers + origin: org.osbuild.pipeline + references: + name:oci-archive: + name: coreos.ociarchive + else: + type: org.osbuild.container-deploy + inputs: + images: + type: org.osbuild.containers + origin: org.osbuild.source + mpp-resolve-images: + images: + - source: $container_repo + tag: $container_tag - name: tree + build: + mpp-format-string: '{buildroot}' source-epoch: 1659397331 stages: - type: org.osbuild.ostree.init-fs @@ -208,6 +250,8 @@ pipelines: deployment: default: true - name: raw-image + build: + mpp-format-string: '{buildroot}' stages: - type: org.osbuild.truncate options: @@ -234,24 +278,10 @@ pipelines: mpp-format-int: '{image.layout[''boot''].size}' lock: true options: - # If we are on RHCOS then set manually some FS options - # to the values we want in order to not depend on the - # defaults in the version of mkfs.ext4 in the build root. - # This is mostly useful right now because COSA is based - # on Fedora. - mpp-if: osname in ['rhcos', 'scos'] - then: - orphan_file: false - metadata_csum_seed: true - uuid: - mpp-format-string: '{boot_fs_uuid}' - label: - mpp-format-string: '{boot_fs_label}' - else: - uuid: - mpp-format-string: '{boot_fs_uuid}' - label: - mpp-format-string: '{boot_fs_label}' + uuid: + mpp-format-string: '{boot_fs_uuid}' + label: + mpp-format-string: '{boot_fs_label}' - type: org.osbuild.mkfs.xfs devices: device: @@ -323,6 +353,8 @@ pipelines: deployment: default: true - name: raw-4k-image + build: + mpp-format-string: '{buildroot}' stages: - type: org.osbuild.truncate options: @@ -353,24 +385,10 @@ pipelines: sector-size: mpp-format-int: "{four_k_sector_size}" options: - # If we are on RHCOS then set manually some FS options - # to the values we want in order to not depend on the - # defaults in the version of mkfs.ext4 in the build root. - # This is mostly useful right now because COSA is based - # on Fedora. - mpp-if: osname in ['rhcos', 'scos'] - then: - orphan_file: false - metadata_csum_seed: true - uuid: - mpp-format-string: '{boot_fs_uuid}' - label: - mpp-format-string: '{boot_fs_label}' - else: - uuid: - mpp-format-string: '{boot_fs_uuid}' - label: - mpp-format-string: '{boot_fs_label}' + uuid: + mpp-format-string: '{boot_fs_uuid}' + label: + mpp-format-string: '{boot_fs_label}' - type: org.osbuild.mkfs.xfs devices: device: diff --git a/src/osbuild-manifests/coreos.osbuild.x86_64.mpp.yaml b/src/osbuild-manifests/coreos.osbuild.x86_64.mpp.yaml index da04c53de7..774873a793 100644 --- a/src/osbuild-manifests/coreos.osbuild.x86_64.mpp.yaml +++ b/src/osbuild-manifests/coreos.osbuild.x86_64.mpp.yaml @@ -25,6 +25,21 @@ mpp-vars: boot_fs_label: boot root_fs_uuid: 910678ff-f77e-4a7d-8d53-86f2ac47a823 root_fs_label: root + # Set the buildroot string to use for most operations here. We create + # the buildroot from the target OSTree contents so we have version + # matches. Unfortunately for FCOS there is no python so we can't + # really use FCOS as the buildroot so we'll set it to "" so that + # the host (COSA) gets used as the buildroot there. + buildroot: + mpp-if: osname in ['rhcos', 'scos'] + then: "name:build" + else: "" + # For the qemu stages we'll use the host buildroot (COSA) + # because we definitely don't include qemu-img in CoreOS. "" + # means to use the host as buildroot. It is worth noting that + # the host buildroot is the default if nothing is specified. + # We're still defining it here in an attempt to be explicit. + qemu_stage_buildroot: "" mpp-define-images: - id: image sector_size: @@ -96,7 +111,34 @@ pipelines: to: tree:///coreos.ociarchive else: type: org.osbuild.noop + # Construct a buildroot here from the input container reference (either + # ociarchive or registry/tag). Note that it won't actually be built + # unless used somewhere later in the manifest. + - name: build + stages: + - mpp-if: ociarchive != '' + then: + type: org.osbuild.container-deploy + inputs: + images: + type: org.osbuild.containers + origin: org.osbuild.pipeline + references: + name:oci-archive: + name: coreos.ociarchive + else: + type: org.osbuild.container-deploy + inputs: + images: + type: org.osbuild.containers + origin: org.osbuild.source + mpp-resolve-images: + images: + - source: $container_repo + tag: $container_tag - name: tree + build: + mpp-format-string: '{buildroot}' source-epoch: 1659397331 stages: - type: org.osbuild.ostree.init-fs @@ -204,6 +246,8 @@ pipelines: deployment: default: true - name: raw-image + build: + mpp-format-string: '{buildroot}' stages: - type: org.osbuild.truncate options: @@ -244,24 +288,10 @@ pipelines: mpp-format-int: '{image.layout[''boot''].size}' lock: true options: - # If we are on RHCOS then set manually some FS options - # to the values we want in order to not depend on the - # defaults in the version of mkfs.ext4 in the build root. - # This is mostly useful right now because COSA is based - # on Fedora. - mpp-if: osname in ['rhcos', 'scos'] - then: - orphan_file: false - metadata_csum_seed: true - uuid: - mpp-format-string: '{boot_fs_uuid}' - label: - mpp-format-string: '{boot_fs_label}' - else: - uuid: - mpp-format-string: '{boot_fs_uuid}' - label: - mpp-format-string: '{boot_fs_label}' + uuid: + mpp-format-string: '{boot_fs_uuid}' + label: + mpp-format-string: '{boot_fs_label}' - type: org.osbuild.mkfs.xfs devices: device: @@ -371,6 +401,8 @@ pipelines: deployment: default: true - name: raw-4k-image + build: + mpp-format-string: '{buildroot}' stages: - type: org.osbuild.truncate options: @@ -417,24 +449,10 @@ pipelines: sector-size: mpp-format-int: "{four_k_sector_size}" options: - # If we are on RHCOS then set manually some FS options - # to the values we want in order to not depend on the - # defaults in the version of mkfs.ext4 in the build root. - # This is mostly useful right now because COSA is based - # on Fedora. - mpp-if: osname in ['rhcos', 'scos'] - then: - orphan_file: false - metadata_csum_seed: true - uuid: - mpp-format-string: '{boot_fs_uuid}' - label: - mpp-format-string: '{boot_fs_label}' - else: - uuid: - mpp-format-string: '{boot_fs_uuid}' - label: - mpp-format-string: '{boot_fs_label}' + uuid: + mpp-format-string: '{boot_fs_uuid}' + label: + mpp-format-string: '{boot_fs_label}' - type: org.osbuild.mkfs.xfs devices: device: diff --git a/src/osbuild-manifests/platform.applehv.ipp.yaml b/src/osbuild-manifests/platform.applehv.ipp.yaml index eefea82915..29f41b059f 100644 --- a/src/osbuild-manifests/platform.applehv.ipp.yaml +++ b/src/osbuild-manifests/platform.applehv.ipp.yaml @@ -3,6 +3,8 @@ version: '2' pipelines: - name: raw-applehv-image + build: + mpp-format-string: '{buildroot}' stages: - type: org.osbuild.copy inputs: @@ -50,6 +52,8 @@ pipelines: mpp-format-int: '{image.layout[''boot''].partnum}' target: /boot - name: applehv + build: + mpp-format-string: '{buildroot}' stages: - type: org.osbuild.copy inputs: diff --git a/src/osbuild-manifests/platform.gcp.ipp.yaml b/src/osbuild-manifests/platform.gcp.ipp.yaml index 14a7055f59..b82a150540 100644 --- a/src/osbuild-manifests/platform.gcp.ipp.yaml +++ b/src/osbuild-manifests/platform.gcp.ipp.yaml @@ -3,6 +3,8 @@ version: '2' pipelines: - name: raw-gcp-image + build: + mpp-format-string: '{buildroot}' stages: - type: org.osbuild.copy inputs: @@ -52,6 +54,8 @@ pipelines: mpp-format-int: '{image.layout[''boot''].partnum}' target: /boot - name: raw-gcp-image-tar + build: + mpp-format-string: '{buildroot}' stages: - type: org.osbuild.tar inputs: @@ -69,6 +73,8 @@ pipelines: selinux: false xattrs: false - name: gcp + build: + mpp-format-string: '{buildroot}' stages: - type: org.osbuild.gzip inputs: diff --git a/src/osbuild-manifests/platform.hyperv.ipp.yaml b/src/osbuild-manifests/platform.hyperv.ipp.yaml index fead755bbb..2d018b7b7a 100644 --- a/src/osbuild-manifests/platform.hyperv.ipp.yaml +++ b/src/osbuild-manifests/platform.hyperv.ipp.yaml @@ -3,6 +3,8 @@ version: '2' pipelines: - name: raw-hyperv-image + build: + mpp-format-string: '{buildroot}' stages: - type: org.osbuild.copy inputs: @@ -50,6 +52,8 @@ pipelines: mpp-format-int: '{image.layout[''boot''].partnum}' target: /boot - name: hyperv + build: + mpp-format-string: '{qemu_stage_buildroot}' stages: - type: org.osbuild.qemu inputs: diff --git a/src/osbuild-manifests/platform.metal.ipp.yaml b/src/osbuild-manifests/platform.metal.ipp.yaml index 06da07852c..5da47b35cb 100644 --- a/src/osbuild-manifests/platform.metal.ipp.yaml +++ b/src/osbuild-manifests/platform.metal.ipp.yaml @@ -3,6 +3,8 @@ version: '2' pipelines: - name: raw-metal-image + build: + mpp-format-string: '{buildroot}' stages: - type: org.osbuild.copy inputs: @@ -75,6 +77,8 @@ pipelines: mpp-format-int: '{image.layout[''boot''].partnum}' target: /boot - name: metal + build: + mpp-format-string: '{buildroot}' stages: - type: org.osbuild.copy inputs: @@ -89,6 +93,8 @@ pipelines: to: mpp-format-string: 'tree:///{filename}' - name: raw-metal4k-image + build: + mpp-format-string: '{buildroot}' stages: - type: org.osbuild.copy inputs: @@ -165,6 +171,8 @@ pipelines: mpp-format-int: '{image4k.layout[''boot''].partnum}' target: /boot - name: metal4k + build: + mpp-format-string: '{buildroot}' stages: - type: org.osbuild.copy inputs: diff --git a/src/osbuild-manifests/platform.qemu.ipp.yaml b/src/osbuild-manifests/platform.qemu.ipp.yaml index b94147abcc..13d0c96b36 100644 --- a/src/osbuild-manifests/platform.qemu.ipp.yaml +++ b/src/osbuild-manifests/platform.qemu.ipp.yaml @@ -2,6 +2,8 @@ version: '2' pipelines: - name: raw-qemu-image + build: + mpp-format-string: '{buildroot}' stages: - type: org.osbuild.copy inputs: @@ -79,6 +81,8 @@ pipelines: mpp-format-int: '{image.layout[''boot''].partnum}' target: /boot - name: qemu + build: + mpp-format-string: '{qemu_stage_buildroot}' stages: - type: org.osbuild.qemu inputs: diff --git a/src/runvm-osbuild b/src/runvm-osbuild index 41b3b68457..ee6d3841d9 100755 --- a/src/runvm-osbuild +++ b/src/runvm-osbuild @@ -76,6 +76,12 @@ storedir=cache/osbuild/store processed_json=$(mktemp -t osbuild-XXXX.json) +# Run `podman images` here to initialize a few directories inside the +# supermin VM. Otherwise the org.osbuild.container-deploy stage will +# fail to copy things into containers-storage. This also happens to +# clean up a skopeo error relating to /etc/containers/networks not existing. +podman images > /dev/null + # Run through the preprocessor # Note: don't quote the size arguements since they are numbers, not strings osbuild-mpp \ @@ -98,6 +104,7 @@ osbuild \ --out "$outdir" \ --store "$storedir" \ --cache-max-size 9GiB \ + --checkpoint build \ --checkpoint tree \ --checkpoint raw-image \ --export "$platform" "${processed_json}"