osbuild: conditionally use the built payload as the buildroot #3808
Conversation
The copy/paste from 1d51ca4 didn't account for the fact that the image filename is renamed to disk.raw for GCP. Fix it and also add a comment with some context on why the filename differs here from the others.
Drop a few patches here: - 0004-fscache-add-eviction-log-statement.patch - 0001-stages-qemu-sanity-check-created-image.patch The fscache eviction log statement was just informational anyway and the qemu sanity check should no longer be needed since we got a fixed XFS/kernel in RHEL 9.4 and Fedora. We also drop OSBuild version locking since things are a lot more stable now and it's probably better to follow latest and find issues immediately rather than forget to update this for long periods of time.
We'll now make deploying the OSTree directly conditional on if ostree_repo is passed in or not. The only use case today where we are deploying via OSTree and not via container is our FCOS non-rawhide streams, so this shouldn't affect any non FCOS users out there today. This is prep for some re-work to create a buildroot from the container. We always have the container image in our pipelines so we want to unconditionally pass it in to OSBuild now (i.e. so we can create the buildroot from it).
|
Implementing this we think will mean issues like openshift/os#1504 will go away. |
|
This will fix #3801 |
| cat /usr/lib/coreos-assembler/0004-fscache-add-eviction-log-statement.patch \ | ||
| /usr/lib/coreos-assembler/0001-stages-qemu-sanity-check-created-image.patch \ | ||
| | patch -d /usr/lib/osbuild -p1 | ||
| #cat your.patch \ |
There was a problem hiding this comment.
I think we should keep a comment here that says to freeze osbuild if we ever need to add patches here again. Or alternatively, delete all of patch_osbuild().
Reverting the commit to add patches will also revert the freeze that can then be updated.
There was a problem hiding this comment.
depending on the situation I don't think it's required that we pin OSBuild if we patch.
If it's an area of code that changes a lot then it might be worth it to pin, if not then maybe not.
I'm OK with deleting the whole function, but thought for now it might be worth keeping the scaffolding in place.
Let me know what you think is best.
There was a problem hiding this comment.
Leaning towards nuking it for now with the understanding that it's only a git revert away if we ever need to carry patches again in the future.
There was a problem hiding this comment.
sorry I missed this in the final upload
followup in #3809
| @@ -79,6 +81,8 @@ pipelines: | |||
| mpp-format-int: '{image.layout[''boot''].partnum}' | |||
| target: /boot | |||
| - name: qemu | |||
| build: | |||
| mpp-format-string: '{qemu_stage_buildroot}' | |||
There was a problem hiding this comment.
I'm confused why we need this. Since the buildroot is scoped to the pipeline and here we're defining a different pipeline, isn't it going to use the host buildroot if we don't specify anything?
There was a problem hiding this comment.
yes. it will use the "host" buildroot if we don't specify anything, but I do like the explicitness that goes along with the comment where this is defined:
# For the qemu stages we'll use the host buildroot (COSA)
# because we definitely don't include qemu-img in CoreOS
qemu_stage_buildroot: ""
There was a problem hiding this comment.
OK to leave a comment but maybe let's make it clearer that that's the default anyway and we're just being explicit?
There was a problem hiding this comment.
Sounds good. I'll enhance the comment further.
|
so It looks like the Is it really required for this unit to run after Ignition is complete? I guess so since that's a test case we want to cover, but we'll probably have to strengthen the unit dependencies. |
|
ahh. interestingly enough we have two units that check if
so it looks like maybe the |
|
ok I think I found the real error earlier up in the log: |
| # really use FCOS as the buildroot so we'll set it to "" so that | ||
| # the host (COSA) gets used as the buildroot there. | ||
| buildroot: | ||
| mpp-if: osname == 'rhcos' |
There was a problem hiding this comment.
Not related to the current CI failure, but shouldn't this be
| mpp-if: osname == 'rhcos' | |
| mpp-if: osname in ['rhcos', 'scos'] |
?
|
I think the CI issue is roughly:
But also, this would make us enter a completely different path in ignition-ostree-firstboot-uuid. I think it'd be safer to still enable the feature? If we just hard enable it and then we can simplify ignition-ostree-firstboot-uuid. |
With this we now use a buildroot that is derived from the OCI container that was built by the pipeline. This allows us to use the exact same versions of software from the payload we built when we construct the images that we will ship, which will be better for us over time. The benefits of this are immediately apparent in this commit as we are able to drop configuration that tries to set feature flags for our ext4 filesystems based on what we think are the current defaults in RHEL. For now we aren't able to do this with FCOS because FCOS doesn't have python in it. This should be OK for now because COSA is almost always based on the latest version of Fedora. Though one benefit we would have if we did switch to doing this for FCOS is that we would test newer versions of "build tools" from `rawhide` alongside the `rawhide` pipeline builds that we do.
Since we are now storing the OSBuild buildroot in the cache2.qcow2 let's bump the size again.
Here we just unconditionally set it because otherwise changing the filesystem while it is mounted doesn't work and we get errors like this during startup: ``` [ 4.155947] ignition-ostree-firstboot-uuid[918]: /dev/disk/by-label/boot is in use. ``` Anyways, we are going to delete the fallback code there anyway coreos/fedora-coreos-config#3008 so it's required to be set so let's set it here and then we can drop this once RHEL has caught up.
|
CI is fixed and all comments should be addressed now. |
- Reflect changes done in coreos/coreos-assembler#3808 Signed-off-by: Renata Ravanelli <[email protected]>
- Reflect changes done in coreos/coreos-assembler#3808 Signed-off-by: Renata Ravanelli <[email protected]>
With this we now use a buildroot that is derived from the OCI container that was built by the pipeline. This allows us to use the exact same versions of software from the payload we built when we construct the images that we will ship, which will be better for us over time.
The benefits of this are immediately apparent in this commit as we are able to drop configuration that tries to set feature flags for our ext4 filesystems based on what we think are the current defaults in RHEL.
For now we aren't able to do this with FCOS because FCOS doesn't have python in it. This should be OK for now because COSA is almost always based on the latest version of Fedora. Though one benefit we would have if we did switch to doing this for FCOS is that we would test newer versions of "build tools" from
rawhidealongside therawhidepipeline builds that we do.