rethinking origins

[cgwalters]

I'd like to support adding non-RPM content client side too, building on what we have in the treefile (server side) today:

ostree-layers: Array of strings, optional: After all packages are unpacked, check out these OSTree refs, which must already be in the destination repository. Any conflicts with packages will be an error.

(And maybe ostree-override-layers)

A long time ago in the distant past I totally made up this concept of the "origin" in ostree which uses a keyfile stored outside of the deployment. One thought behind that was that if it was stored inside the deployment it'd be "circular".

I now think it really should have been /etc/ostree/origin.conf or something.

In other words, we should have supported directly editing a config file instead of going via DBus for everything.

Also related to this, if we do this the file should be in a nicer format which is probably YAML.

OK now in rpm-ostree we have a lot more sophistication around what we support; I don't think we change ostree at first.

But basically imagine that we support something similar to NixOS /etc/nixos/configuration.nix.

/etc/rpm-ostree/configuration.d strawman

Let's take a subset of the treefile in YAML form as a baseline format. Base keys supported from both would be: packages ostree-layers. We'd also have package-overrides etc. that are only in the client side origin file today.

Let's say we support multiple drop-in files; that way e.g. the OpenShift MCO could just write a single file /etc/rpm-ostree/configuration.d/machine-config-daemon.yaml. (OK well it's messier than that with local package overrides). But more generally you could imagine that e.g. different Ansible playbooks would write separate drop-ins.

Then there's a single rpm-ostree rebuild flag (much like nixos-rebuild switch) that would generate a new deployment based on the changes in /etc. (This would be distinct from rpm-ostree upgrade which would actually check any upstream ostree/rpm-md repos for new content; we'd want rpm-ostree rebuild --upgrade to do both)

Now another big thing we do here is ensure that client side changes are captured in the target commit. IOW we should version these configurations so that if e.g. someone messes up content in /etc/rpm-ostree/configuration.d it's easy to just do rpm-ostree reset --booted-configuration which would replace the current copy of /etc/rpm-ostree/configuration.d with the (immutable) ones from the booted deployment.

[jlebon]

This is an interesting discussion which touches on a lot of things that have come up multiple times in the past.

I think there's a trade-off there. "Editing via D-Bus" (i.e. providing high-level commands) allows for better validation and is more UX friendly in many instances (because it's much more "self-documenting"; I'm sure there's a better term for this when applied to UX design). Though "edit via config file" esp. with drop-ins is a pretty well-understood paradigm at this point and fits better with declarative configuration models like Ignition. A lot of friction involved in changing models though. (And FWIW, your argument of circularity does appeal to me :).)

Here's an idea:

• we move from GKeyFile to YAML (but otherwise leave it where it is)
• we add a new rpm-ostree origin command with the following subcommands:
  • get prints the current origin
  • edit opens an editor with the current origin that users can modify. On exit, if the origin changed, we create a new deployment
  • apply takes a YAML file/directory of YAML files which get merged into the origin
  • replace takes a YAML file/directory of YAML files which replace the origin

(Obviously, as you can tell the subcommands there mirror the kubectl/oc UX).

The advantage of this approach is that it better layers on top of the current model (and e.g. instant validation means you simply can't have an invalid origin on disk), and provides a roadmap on how to extend rpm-ostree features like OSTree layers without necessarily having to add yet another command.

And then for the MCO/Ignition, we can build up on that and have a e.g. /etc/rpm-ostree/firstboot-conf.d where you can drop-in snippets of the origin, and an rpm-ostree-firstboot.service which just does rpm-ostree origin apply /etc/rpm-ostree/firstboot-conf.d.

[cgwalters]

Related to this...actually one of the original goals of ostree was to make it easy for people to track the latest from git. I could fill up a whole hour talk about how problematic it is that so few people test e.g. the latest systemd/GNOME/util-linux/etc/etc because of the intermediate "manual packaging" plus the lack of rollbacks.

There are people who maintain COPRs of e.g. "kernel-git" and such; we could add something declarative like:

(filename: /etc/rpm-ostree/configuration.d/)

overrides:
  repo: my-cool-kernel-git-copr
  packages: 'kernel*'

that would (also given /etc/yum.repos.d/my-cool-kernel-git-copr.repo) automatically find the latest packages from that repo and use them for overrides.

And a much bigger topic related to this - for building from source locally I'd like to make it even more first class of an operation to build e.g. RPMs (or ostree commits) inside a container image and provide those updates to rpm-ostree. There's a lot here; it strongly relates to the kmod issue but generalizes to the whole OS.

[cgwalters]

I was actually going to work on this but I ran into some immense layers of tech debt in rpm-ostree that I'm working on fixing first. To start, the server side "treefile" format being totally distinct from the client side format. Plus the parser for the client side (origin) being in C. Which led to a big effort around converting to Rust that's going on now.

We're close to landing some cleanups in this area that should unblock us from starting the bikeshed of what this "unified declarative format" looks like and making it work.

[cgwalters]

Another important thread here is I think it would be beneficial if we can at least drive some support for "declarative package management" into dnf(libdnf) directly too. I hit this all the time when building container images; a RUN yum -y install is just gross versus what we do in e.g. coreos-assembler with this deps.txt file that we "parse" with grep and pass behind the scenes to yum install. Obviously there are 1,000,000 reinventions of this idea around, including e.g. spec files being declarative with Requires: etc. But the idea is there should be a modern client side way to do this that ships with both rpm-ostree and dnf ideally.

[cgwalters]

For a long time, rpm-ostree compose tree has serialized the treefile into the target commit as /usr/share/rpm-ostree/treefile.json. But nothing client side has ever read that - it's just intended to be informational. Data that exists in it that we do need client side (like the dracut command line args) end up in the commit metadata.

It's somewhat analogous to how Anaconda writes /root/anaconda-ks.cfg (which you can see in the container base image too because for not-so-good reasons we currently use Anaconda to build those).

But with this issue...you could imagine that we switch to having the compose write /etc/rpm-ostree/configuration.d/base.json (or...maybe we keep the un-flattened input manifests from the config? Or maybe we at least convert it to YAML and not JSON? Needs discussion).

And once that happens, it becomes user editable directly, which would close the loop. Or alternatively, perhaps we keep /usr/share/rpm-ostree/configuration.d/base.yaml and a user can override it by creating /etc/rpm-ostree/configuration.d/base.yaml, systemd unit style?

[jcdickinson]

I was a Nix user, maybe, 3 weeks ago. The nix workflow, especially surrounding home-manager is sublime. Is renders dotfile management obsolete and I had a working setup that worked across two very different machines. It's really awesome tech, but I think rpm-ostree could do even better.

The general rpm-ostree workflow has a lot going for it right now. Low frequency changes (OS updates) are handled by rpm-ostree, where high frequency changes (user) are handled by flatpak. The low-frequency stuff has 100% reproducibility and doesn't seem like low-hanging fruit to me. There's no solution for reproducing medium-frequency changes (tweaks inside of /etc), and reproducing high-frequency changes (copying "mutation-land" config across machines).

One bug that I have run into is that Firefox nags me for a password if I open it with my Yubikey plugged in. The relevant config is part of the read-only portion of /etc, so I made an extremely dumb .spec to fix it. That's when it occurred to me, rpm-ostree already has a configuration language for system mutations: ad-hoc .spec/RPM files. A tool, let's call it ToolX, that wanted to make changes to /etc could simply render an RPM that does that and then ask rpm-ostree to apply it. You'd eventually want to iterate into hot-swappable layers (ToolX could figure out which systemd units to restart and whatnot).

Another approach that could be used here is rpm-ostree add/commit/push. ToolX would know which configs can safely be copied across machines, and which ones belong on the local machine only. You could edit /etc directly, and then ToolX could figure out how to correctly split that into layers that work across machines.

ToolX might not touch rpm-ostree at all for high-frequency changes. It would install or remove flatpaks, it would configure those by reaching into their sandbox. It could configure wallpapers, or whatever else, with dconf or qdbus.

There's a myriad of ways that ToolX could approach dotfiles, it could just write the files out, or it could ask rpm-ostree to deal with it.

Ultimately, I think that rpm-ostree would do better with a very minimal opinion on how to deal with this problem. It could provide a small set of tools, which stronger opinions could be built on top of. Maybe you could extend Ansible or Nix to render to an ostree layer. Maybe you could write a brand new tool for reproducing a system in its entirety.

I personally believe that such high level opinions shouldn't really go into rpm-ostree.

[mkenigs]

I think rpm-ostree could do even better.

I'm curious any more details on what Nix does worse?

A tool, let's call it ToolX, that wanted to make changes to /etc could simply render an RPM that does that and then ask rpm-ostree to apply it.

In OpenShift's MCO we use Butane and Ignition to manage changes to /etc. Would those tools be sufficient for the kinds of changes to /etc you're thinking of?

[jcdickinson]

I'm curious any more details on what Nix does worse?

• The approach used by Nix to manage packages is running into serious human scalability issues.
• Flakes are coming, but they seem to be stuck in experimental status, and wrapping existing packages is a very poorly documented process. There is also this bizarre dance you have to do when installing on a new system/importing your flake-based nixconfigs.
• Nix is the result of a long process of iteration and, while there are some truly amazing ideas, you run into the warts of the older iterations pretty often.

RPM has long solved these problems, and rpm-ostree pulls in those benefits. RPMs are easy enough to build.

As for other lessons that don't really apply to rpm-ostree/Silverblue yet:

Writing .nix files is fraught with papercuts, mostly because editor support is limited. When something goes wrong things become incredibly difficult, especially if home-manager is involved.

Would those tools be sufficient for the kinds of changes to /etc you're thinking of?

The problem here is the n-th boot on a daily driver. There are bold nix users who recreate their entire / with every boot, maybe that could be used here? This would make hot-swapping (nix-rebuild switch) pretty difficult, though.

[mkenigs]

Yeah definitely agree there are a lot of warts.

RPM has long solved these problems, and rpm-ostree pulls in those benefits. RPMs are easy enough to build.

I don't think RPMs have fully solved those problems or a lot of related ones.

Scalability: I think releasing RPMs takes a lot more human intervention, whereas with Nixpkgs everything is automated after a commit is merged

Flakes: my impression is if you have a really simple project in a GitHub repo, packaging and distributing an RPM takes a good amount of effort. Whereas with a Nix flake you could just drop a trivial flake.nix in your repo.

The problem here is the n-th boot on a daily driver. There are bold nix users who recreate their entire / with every boot, maybe that could be used here? This would make hot-swapping (nix-rebuild switch) pretty difficult, though.

Yeah I should have mentioned Ignition is getting better at the non-first boot case: coreos/ignition#1285. Not sure if it's quite to the point where it is the tool you're asking for, but if I understand you correctly I think it might be becoming that tool

[jlebon]

A lot of work has been done to transform the origin code as a thin layer on top of treefiles, so I think this isn't very far now. The next step I think is still to fully delete RpmOstreeOrigin, but we should probably finalize the UX we want for this soon.

[dpeter99]

Is there any progress on this?
I would love to be able to reason about what my system has installed and have an easy way to replicate it to other machines. I have a desktop and a Laptop and it is such a pain to remember how a certain package was installed to it.
This especially when dealing with things like extra repositories for yum (like for lazygit or 1password) currently I use a shell script that installs everything and I try to remember to run it or add new stuff to it when I need it.

But a simple yaml (Or any other file format) text file would be awesome when it comes to system setup.

[bam80]

Update?