-
Notifications
You must be signed in to change notification settings - Fork 108
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ignition blueprint config support on rhel9 #3161
Conversation
@runcom , regarding the kernel arguments, I know that in #3130 via Also, the PRs are going to collide in the |
0ecb209
to
d3c0c2e
Compare
Pleas also remember to update the documentation in the guide - https://github.com/osbuild/guides/blob/main/osbuild-composer/src/blueprint-reference/blueprint-reference.md |
b445743
to
85306de
Compare
85306de
to
10c21f5
Compare
a1c2892
to
a876f7e
Compare
If we can, we should try to give users high-level options that we translate to kargs (or other things), so totally agree with this principle :) |
Could |
Sure thing, will change it 👍 |
4d0cdd8
to
63a50b8
Compare
Where is this file physically present? It's not clear to me from the PR. Is that referencing a kernel argument? You may already be aware but I think it's still worth cross-referencing here: For CoreOS we¹ developed an IMO neat system where an Ignition config can be dynamically embedded in an ISO image: https://coreos.github.io/coreos-installer/cmd/iso/#coreos-installer-iso-ignition-embed The way this works is by sticking the config into a "reserved" area of the ISO. Given that Edge is already using coreos-installer, this could make sense to also support (would I think require a bit of work to replicate bits of cosa buildextend-live in the ISO). One advantage of this is that it gives a clear model for building a "generic" ISO that can have e.g. machine-specific customization injected later. But - that's all specific to the ISO. To support the generic functionality of embedding a custom Ignition config "statically", it can be injected into
(This config should likely not be present on Edge derivatives as the "core" user is obviously a continuation of a CoreOS default and when moving to full custom images it's likely not desired) But, other "static" configuration can be injected in the same way. ¹ Specifically IIRC @bgilbert and @jlebon, I was only tangentially involved |
We put the file in the root of the ISO:
It does not reference a kernel argument.
I wasn't aware of that at all! CC'ing @runcom ! From a quick look at it, if I understood it correctly, it would require producing the ISO first and then the installer should be ran later on to embed the config file. We do not run the installer until we are installing the image, so maybe that "later" (regarding the customisation injection that is made later on) wouldn't work for us since we just want to have a .iso with everything in there that can be installed and that's it.
|
I'm not familiar with the Edge install flow, but I can explain the CoreOS install flow this fits in and you can see from there whether it makes sense to adapt to it as well. Users download a generic live ISO from e.g. getfedora.org (or for RHCOS, e.g. the mirror). They can then customize that ISO using Though it's not clear to me from this PR whether the Ignition config we're talking about is for the ISO or for the installed system. Obviously a lot of this flexibility comes from the fact that CoreOS ISOs themselves run Ignition (and then we talk about "Ignition configs within Ignition configs" when embedding the target system's config within the ISO's config, but that's what the |
The ignition configuration file that we are embedding into the ISO is read by the coreos-installer and handled from there, so it is read when we are installing the system, so I guess that it is for the ISO, not for the installed system, since it is in the process of being installed. What Colin proposes is another way of giving the users a way to customise their system, which is a separate method from our intended "installation flow". It would definitely work, but in our use cases it makes more sense to have as the last step in the process a "final ISO" that the users can grab and install. In our build process we add specific RPMs needed for Edge via Image Builder, tweak the partition tables as we need them to be and so on, and users can start adding some customisations via blueprints there; now we are giving them the possibility of using Ignition too. They only need to deal with Image Builder to produce images and use our Otherwise at this point in time they would need to deal with IM + butane + |
Thanks for our input on this @cgwalters and @jlebon! I think you are right @7flying , that we want to make any customisations (and hence ignition insertion) at image build time, rather than after the fact, so static ISOs + dynamic customisations doesn't really make sense. That said, it might be worth considering putting our ignition file in the same "reserved" location that the coreos tool does? I think this is sort of an internal detail, so could be done in a follow-up, but if it makes sense to be consistent we should be :) I think a good mental model would be that the R4E image that comes out of image builder is structured the same way as a coreos installer ISO after the dynamic configuration has been applied. Unless there are technical quirks I'm not aware of that would make this not worth it, of course. |
63a50b8
to
244902b
Compare
Rebased due to #3166 |
Having an standardised way of doing things sounds always good to me :), but I have to check with others on the team.
Right now I have no clue about how to do this in osbuild-composer, we might need to modify/extend one of osbuild's copy stages to handle that placement (size/alignment stuff I guess), but that would be it. |
I think it's not really important to match the same mechanism right now; i.e. I would definitely not block on it. It's something that can be done later. |
e4383a8
to
b4db169
Compare
Yup, I agree with this. Just something to keep in mind as an aspirational goal ;) |
b4db169
to
62e73eb
Compare
This allows a user to configure the system via `edge-simplified-installer` using an ignition configuration specified in the blueprint. This ignition config can be embedded in the ISO as a Base64 encoded file (ignition.embedded.data) or as a file containing the URL where the ignition config file is served (ignition.embedded.url). The user can also instead specify an URL serving an ignition config file that will passed as a karg and be fetched at first boot (ignition.firstboot.url). Signed-off-by: Irene Diez <idiez@redhat.com>
Signed-off-by: Irene Diez <idiez@redhat.com>
35dc026
to
a631bea
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good but the test script needs to be conditioned to only run on RHEL 9 since the new features weren't added to RHEL 8.
Also, can we drop the second-to-last commit with the manifest generation? The manifests haven't changed, it's just some metadata key reordering and it doesn't affect any tests, so no need to add extra noise.
a631bea
to
70242e6
Compare
Signed-off-by: Irene Diez <idiez@redhat.com>
Signed-off-by: Irene Diez <idiez@redhat.com>
70242e6
to
1314838
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. Thanks.
thanks for the review @achilleas-k ! |
This allows a user to configure the system via
edge-simplified-installer
using an ignition configuration specified in the blueprint.
This ignition config can be embedded in the ISO as a Base64
encoded file (
ignition.embedded.data
) or as a filecontaining the URL where the ignition config file is served
(
ignition.embedded.url
).This embedded config (either data or url) ends up in the root
of the ISO.
The user can also instead specify an URL serving an ignition
config file that will passed as a karg and be fetched at first
boot (
ignition.firstboot.url
).depends on #3130 (that PR sets the things needed to run ignition, this PR allows the user to configure the things to pass to ignition, so this PR doesn't break anything)
This pull request includes: