create_disk: Create image layer refs by default

[cgwalters]

Fedora CoreOS is not yet using containers by default for updates; xref coreos/fedora-coreos-tracker#1263 etc.

Consequently, when one boots a FCOS system and wants to rebase to a custom image, one ends up downloading the entire image, including the parts of FCOS that you already have.

This changes things so that when we generate disk images by default, we write the layer refs of the component parts - but we delete the "merged" container image ref.

The semantics here will be:

• Only a tiny amount of additional data used by default; the layer refs are just metadata, the bulk of the data still lives in regular file content.
• When a FCOS system auto-updates to its by-default usage of an ostree commit, the unused layer refs will be garbage collected.
• But, as noted above when rebasing to a container image instead, if the target container image reuses some of those layers (as we expect when rebasing FCOS to a FCOS-derived container) then we don't need to redownload them - we only download what the user provided.

Hence, this significantly improves rebasing to container images, with basically no downsides.

The alternative code path to actually deploy as a container remains off by default. When that is enabled, rpm-ostree upgrade fetches a container by default, which is a distinct thing.

[jlebon]

Seems reasonable to me. We'll want this anyway once we move to container updates.

I assume you sanity-checked that all the refs go away on update?

[cgwalters]

Yep!

walters@toolbox /v/s/w/b/fcos [1]> cosa run --qemu-memory 4096
Fedora CoreOS 37.20230305.dev.0
Tracker: https://github.com/coreos/fedora-coreos-tracker
Discuss: https://discussion.fedoraproject.org/tag/coreos

Last login: Wed Mar  8 00:55:06 2023
[core@cosa-devsh ~]$ sudo su -
[root@cosa-devsh ~]# rpm-ostree status
State: idle
Deployments:
● fedora:fedora/x86_64/coreos/testing-devel
                  Version: 37.20230305.dev.0 (2023-03-05T18:30:28Z)
                   Commit: 0f110ea0e81cc8511e05ec1a920dbb61dfbbb4dff027e154505f5076ad9142fa
             GPGSignature: (unsigned)
[root@cosa-devsh ~]# ostree refs
ostree/container/blob/sha256_3A_48ff87e7a7af41d7139c5230e2e939aa97cafb1f62a114825bda5f5904e04a0e
ostree/container/blob/sha256_3A_d0ceb7128d5904fb2b9a44ab9f80319b5d77e7b2da7b9907d3ddf2a55c1acc33
ostree/container/blob/sha256_3A_f3e9c3938372d7d94b965556ac7185694797e967a90dd6f54858730a4826f9c8
ostree/container/blob/sha256_3A_b3dd8e33b918aae15b809121c75ed3ad91ca1cce6b9516a7f31880abafeae7f0
ostree/container/blob/sha256_3A_95e16f7128903fa21be4e6dd4603b9bf95af16e58437b7ca5a3a6826676afbc1
ostree/container/blob/sha256_3A_41925843e5c965165bedc9c8124b96038f08a89c95ba94603a5f782dc813f0a8
ostree/container/blob/sha256_3A_863a6fede6aaaa13210fbfc6f24f2f777f5f64ca088983c7bad78ccd553614ef
ostree/container/blob/sha256_3A_a9ae39b6e7e4e0c4ef0fa02bd50d1fc5c2029a293039c7c515421794ec95bf8a
ostree/container/blob/sha256_3A_99386a9ef42cdc58cddb5b7c66ab216e38d65a9ea486b51a4747f764868e2ac4
ostree/container/blob/sha256_3A_7fe45fa4f04bc072cc7cf7ac7556c3a574e8283cb13b64d7c24641c8646beea5
ostree/container/blob/sha256_3A_1cf332fd50b382af7941d6416994f270c894e9d60fb5c6cecf25de887673bbcb
ostree/container/blob/sha256_3A_51f8a2182035f493684e53429eaef8b558fe3ddf080312a82749ffea4a2b14ca
ostree/container/blob/sha256_3A_c5c471cce08aa9cc7d96884a9e1981b7bb67ee43524af47533f50a8ddde7a83d
ostree/container/blob/sha256_3A_4647a9eb611f078d144557e1f42cc6f4763a871d0057a2a24761da2b26f71560
fedora:fedora/x86_64/coreos/testing-devel
ostree/container/blob/sha256_3A_910ff6f93303ebedde3459f599b06d7b70d8f0674e3fe1d6623e3af809245cc4
ostree/container/blob/sha256_3A_3fbae92ecc64cf253b643a0e75b56514dc694451f163b47fb4e15af373238e10
ostree/container/blob/sha256_3A_4ee20884eb3599270dd9519715cbcb143739a40ac2a6d9765c6e8337d69d2813
ostree/container/blob/sha256_3A_8107f00d136f8dc8d2e5a4b4dabd717edd7951ee17b1a86d2f03436c6056c513
ostree/container/blob/sha256_3A_67b17faf44fc642b81073816f2c6e8035d76da9354935cb7247bb4d6047933bf
ostree/container/blob/sha256_3A_c6d03553603ac87e12ddf5cff5a65cc9a73ce0ce964f4db8ae2ccec8e5b0d53a
ostree/container/blob/sha256_3A_f9793fc7b06b84aa00d7e0b96f878e4c61e65fc7232bc12f251f1d0677895139
ostree/container/blob/sha256_3A_1a7a5e600e8af6089a3b8de2d9d0fb7f920c6460c61b56bb3ed0417b8b5cc9c0
ostree/container/blob/sha256_3A_6a14d79d3a8906b09090ada746256d5e30521ca279327a497f72ddc954cb7810
ostree/container/blob/sha256_3A_abdf592ff8b417c2cf4eeeacc24e72b8d143a053b9f2c57db5283c59f184a4b5
ostree/container/blob/sha256_3A_f67dc1b052c457e3e816219f609c18e503c03d7d3808c3365c9e320ef2c36d84
ostree/container/blob/sha256_3A_420636df561ccc835ef9665f41d4bc91c5f00614a61dca266af2bcd7bee2cc25
ostree/container/blob/sha256_3A_e846702dd33fabbf2346003c7a0b73a86df2f417b17d28b368e966086f9526b5
ostree/container/blob/sha256_3A_a8d989f6a51060b5a2cef96ba15bc607263686be6406eed23c61cc8b475cad32
ostree/container/blob/sha256_3A_1bd8cba2ea78c5c8cb5671332a96d799b81c693c932e7a2d027a31c96de7fae9
ostree/container/blob/sha256_3A_c8b719ab0a9e4a0d22c4642ab6b4150354d6f3fde5d5245413b5bd482a2fc69f
ostree/container/blob/sha256_3A_0999f1fb3aab3dfa0a9b1048c923d6cd0d2b2583531ea3e065851d98c23dbc7f
ostree/container/blob/sha256_3A_a78d9ede150e09893ca0a515eadabdc32bbf10426a1a9567cc79b402a2b0b340
ostree/container/blob/sha256_3A_68091ac60057e82d86d3369879aeac41b411e6379f4f2f5e3bc514aaba0a3086
ostree/container/blob/sha256_3A_4f4b8bb8463dc74bb7f32eee78d02b71f61a322967b6d6cbb29829d262376f74
ostree/container/blob/sha256_3A_d83d9388b8c8c1e7c97b6b18f5107b74354700ebce9da161ccb73156a2c54a2e
ostree/container/blob/sha256_3A_4f46b58b37828fa71fa5d7417a8ca7a62761cc6a72eb1592943572fc2446b054
ostree/container/blob/sha256_3A_a75bbf55d8de4dbd54e429e16fbd46688717faf4ea823c94676529cc2525fd5f
ostree/container/blob/sha256_3A_2752e2f62f38fea3a390f111d673d2529dbf929f6c67ec7ef4359731d1a7edd8
ostree/container/blob/sha256_3A_a378ab5322d1e5f49141fe8fc8a62b0d9d911bfd76fb412b990c98f68dfc7e34
ostree/container/blob/sha256_3A_6a56cb06ec27ed4eec3c085ae3a5e2b68dfa30a5ae746424d21005560f526f89
ostree/container/blob/sha256_3A_8956cd951abc481ba364cf8ef5deca7cc9185b59ed95ae40b52e42afdc271d8e
ostree/container/blob/sha256_3A_b34384ba76fa1e335cc8d75522508d977854f2b423f8aceb50ca6dfc2f609a99
ostree/container/blob/sha256_3A_292403dafe6f689ca448cd6885f1a274a1aa979ad69d337e58fd2f4ff8d35670
ostree/container/blob/sha256_3A_8bcc652ccaa27638bd5bd2d7188053f1736586afbae87b3952e9211c773e3563
ostree/container/blob/sha256_3A_4cb46b7c9189f97a7807c5ad06bb951eda49f2e7fae351ccb2b80d49f6997bc0
ostree/1/1/0
ostree/container/blob/sha256_3A_a6088d5d8f2f4b8406b43d0467490bde385e04b8473b52899fff1e8d23755ea5
ostree/container/blob/sha256_3A_98431ee9bed1e015399a69c796b851ce00b1bf8c240718dc3431754955314347
ostree/container/blob/sha256_3A_55a0318a4a651518ae6b71f627073b6e8c84e5f32db4c484bf6d8dc085bb18ea
ostree/container/blob/sha256_3A_f30b6b13728192b00cf5d486ca4a17dafceecc8cd909f214051d0a2e1964bc7f
ostree/container/blob/sha256_3A_bb6374635385b0c2539c284b137d831bd45fbe64b5e49aee8ad92d14c156a41b
ostree/container/blob/sha256_3A_9c7d42d386575f865a28f6bed1e3a24c3ce6511df416424e81deb4f6b7ed9b75
[root@cosa-devsh ~]# rpm-ostree upgrade
error: While pulling fedora/x86_64/coreos/testing-devel: No such branch 'fedora/x86_64/coreos/testing-devel' in repository summary
[root@cosa-devsh ~]# rpm-ostree status
State: idle
Deployments:
● fedora:fedora/x86_64/coreos/testing-devel
                  Version: 37.20230305.dev.0 (2023-03-05T18:30:28Z)
                   Commit: 0f110ea0e81cc8511e05ec1a920dbb61dfbbb4dff027e154505f5076ad9142fa
             GPGSignature: (unsigned)
[root@cosa-devsh ~]# rpm-ostree rebase fedora/x86_64/coreos/stable
⠉ Receiving objects; 99% (5374/5375) 18.0 MB/s 215.5 MB                                                                                                                                                                                                                   1152 metadata, 4223 content objects fetched; 244496 KiB transferred in 13 seconds; 370.7 MB content written
Receiving objects; 99% (5374/5375) 18.0 MB/s 215.5 MB... done
Staging deployment... done
Freed: 2.0 MB (pkgcache branches: 0)
Downgraded:
  bind-libs 32:9.18.12-1.fc37 -> 32:9.18.11-1.fc37
  bind-license 32:9.18.12-1.fc37 -> 32:9.18.11-1.fc37
  bind-utils 32:9.18.12-1.fc37 -> 32:9.18.11-1.fc37
  c-ares 1.19.0-1.fc37 -> 1.17.2-3.fc37
  conmon 2:2.1.6-3.fc37 -> 2:2.1.5-1.fc37
  curl 7.85.0-6.fc37 -> 7.85.0-5.fc37
  ethtool 2:6.2-1.fc37 -> 2:6.1-1.fc37
  fedora-release-common 37-16 -> 37-15
  fedora-release-coreos 37-16 -> 37-15
  fedora-release-identity-coreos 37-16 -> 37-15
  fwupd 1.8.12-1.fc37 -> 1.8.10-2.fc37
  glib2 2.74.6-1.fc37 -> 2.74.1-2.fc37
  grub2-common 1:2.06-88.fc37 -> 1:2.06-75.fc37
  grub2-efi-x64 1:2.06-88.fc37 -> 1:2.06-75.fc37
  grub2-pc 1:2.06-88.fc37 -> 1:2.06-75.fc37
  grub2-pc-modules 1:2.06-88.fc37 -> 1:2.06-75.fc37
  grub2-tools 1:2.06-88.fc37 -> 1:2.06-75.fc37
  grub2-tools-minimal 1:2.06-88.fc37 -> 1:2.06-75.fc37
  ignition 2.15.0-3.fc37 -> 2.14.0-4.fc37
  kernel 6.1.13-200.fc37 -> 6.1.11-200.fc37
  kernel-core 6.1.13-200.fc37 -> 6.1.11-200.fc37
  kernel-modules 6.1.13-200.fc37 -> 6.1.11-200.fc37
  libcurl-minimal 7.85.0-6.fc37 -> 7.85.0-5.fc37
  libjcat 0.1.13-1.fc37 -> 0.1.12-1.fc37
  libxmlb 0.3.11-1.fc37 -> 0.3.10-1.fc37
  mozjs102 102.8.0-1.fc37 -> 102.7.0-1.fc37
  podman 5:4.4.1-3.fc37 -> 5:4.4.1-1.fc37
  podman-plugins 5:4.4.1-3.fc37 -> 5:4.4.1-1.fc37
  skopeo 1:1.11.1-1.fc37 -> 1:1.11.0-2.fc37
  zchunk-libs 1.2.4-1.fc37 -> 1.2.3-1.fc37
Changes queued for next boot. Run "systemctl reboot" to start a reboot
[root@cosa-devsh ~]# rpm-ostree status
State: idle
Deployments:
  fedora:fedora/x86_64/coreos/stable
                  Version: 37.20230218.3.0 (2023-03-06T20:02:24Z)
                   Commit: d34ff10be925c01aad7d088fa2dcc18aaa3e9d7ead12081a18fb6883a94385d7
             GPGSignature: Valid signature by ACB5EE4E831C74BB7C168D27F55AD3FB5323552A
                     Diff: 30 downgraded

● fedora:fedora/x86_64/coreos/testing-devel
                  Version: 37.20230305.dev.0 (2023-03-05T18:30:28Z)
                   Commit: 0f110ea0e81cc8511e05ec1a920dbb61dfbbb4dff027e154505f5076ad9142fa
             GPGSignature: (unsigned)
[root@cosa-devsh ~]# ostree refs
fedora:fedora/x86_64/coreos/stable
ostree/1/1/1
ostree/1/1/0
[root@cosa-devsh ~]#