Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

containers: support converting existing base images? #11

Open
cgwalters opened this issue Apr 15, 2021 · 4 comments
Open

containers: support converting existing base images? #11

cgwalters opened this issue Apr 15, 2021 · 4 comments

Comments

@cgwalters
Copy link
Member

There's nothing conceptually stopping us from having tooling that takes
a current container image (e.g. what's in debian:stable) and just makes it "ostree ready". Or even
just dyanamically accepting a container image that has a kernel client side.

This may be in scope at some point in the future.
@cgwalters cgwalters changed the title containers: support converting existing base images containers: support converting existing base images? Apr 15, 2021
@cgwalters
Copy link
Member Author

One thing that came up is taking a container built using Dockerfile or equivalent, and having support for "cleaning it up", specifically by doing things like reproducible chunking. If we go this route, it'd also make sense to do the other things like SELinux labeling at that time too. xref #388

I could imagine having something like ostree container commit --from-image=quay.io/user/example:latest --content-mapping map.toml where map.toml is something that specifies a set of file paths mapping to a "chunk" or so.

@cgwalters
Copy link
Member Author

I think we want two things:

  • Expose the existing client side tooling for mapping from derived image to ostree commit as a tool, per above; it's basically ostree container image pull and then you have an ostree commit. We could document this, but perhaps one would want to be in control of the ref, so it could be a separate verb
  • A container image which can accept another (potentially arbitrary) container image as input, do "ostree stuff" to it, and then push it to another registry

The second tool in particular would be a really useful way to avoid the need to RUN ostree container commit (it's more in the domain of #388 )

@jeamland
Copy link
Contributor

As further musing related to my comment over here, would it be better to create something like ostree container image ingest that functioned similar to ... pull but did things like selinux relabelling and allowed you to specify a ref for the result?

@cgwalters
Copy link
Member Author

@jeamland Yes - it'd be relatively straightforward to create a new command like ostree container image commit which took a container image as input, performed labeling and other cleanup, and output a new container image.

It's basically moving to build time what we do on the client side today in store.rs.

The core tradeoff is that there's another magic step needed before "push to registry" and shipping to client systems, but I suspect that wouldn't be very onerous for many places.

@cgwalters cgwalters mentioned this issue May 22, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cgwalters @jeamland