Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bootstrap without docker #109

Closed
wants to merge 1 commit into from
Closed

Bootstrap without docker #109

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
138 changes: 118 additions & 20 deletions barney.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,56 +5,154 @@ generators:

images:

internal/alma-9.1-bootstrap:
internal/bootstrap/iso-extraction-floor:
units:
- image: barney.ci/alpine%pkg/alpine-base
- image: barney.ci/alpine%pkg/wget
- image: barney.ci/alpine%network
- image: barney.ci/alpine%apk-finalizers

internal/bootstrap/base.tar.xz:
description: |
Downloading a recent-ish centos container base from the upstream
centos registry. Note that we cache this step separately for quick
development.
Comment on lines +17 to +19
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe do mention that this is used for bootstrapping alma linux, and just has to be a rpm-based system. I would also mention that the image should seldom change since it would invalidate all of the eext snapshots.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why would this image changing invalidate all eext-snapshots ?
It'd invalidate the eext base-image snapshot since the floor changed, but wouldn't the base-image snapshot be generated with the same content hash ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The snapshot hash isn't a content-hash --- it's actually a hash of all the inputs to the build

Since the definition of internal/bootstrap/base.tar.xz is an input to the next build, just changing the build script (and the version of alman that we fetch) is sufficient to change the hash of all downstream consumers

no-create-mountpoints: true
units:
- floor: .%internal/bootstrap/iso-extraction-floor
sources: []
build: |
arch=$(uname -m)
case "$arch" in
x86_64)
arch=x86_64
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: remove

cksum=63b7ddb444b23a07cb851398c338595e410fb3fac2dd72061d0292c653e5afe6
;;
i?86)
arch=x86_64
cksum=63b7ddb444b23a07cb851398c338595e410fb3fac2dd72061d0292c653e5afe6
;;
aarch64)
arch=arm64
cksum=312a833dfe646ce5b41f362cae577df9797955b85ced96173be8e88e5ebd5990
;;
*)
>&2 echo unsupported architecture "$arch"
exit 1
;;
esac

cd /dest
wget https://cloud.centos.org/centos/9-stream/${arch}/images/CentOS-Stream-Container-Base-9-20230501.0.${arch}.tar.xz \
--output-document base.tar.xz

echo "$cksum base.tar.xz" | sha256sum -c
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I found this construct to be more straightforward:

filename=base-${arch}.tar.xz
wget https://cloud.centos.org/centos/9-stream/${arch}/images/CentOS-Stream-Container-Base-9-20230501.0.${arch}.tar.xz \
    --output-document ${filename}

grep $filename <<-SUMS | sha256sum -cw
63b7ddb444b23a07cb851398c338595e410fb3fac2dd72061d0292c653e5afe6 *base-x86_64.tar.xz
312a833dfe646ce5b41f362cae577df9797955b85ced96173be8e88e5ebd5990 *base-arm64.tar.xz
SUMS

It ends up being easier to extend since you don't need to remap the arch names for every arch, so adding new architectures is typically about adding a new line in the sum document


internal/bootstrap/extract/1:
no-create-mountpoints: true
units:
- floor: .%internal/bootstrap/iso-extraction-floor
sources: []
mappings:
/src/base: .%internal/bootstrap/base.tar.xz
build: |
tar --strip-components=1 -xf /src/base/base.tar.xz -C /dest

internal/bootstrap/extract/2:
description: |
Extract our bootstrapping environment and remove any pre-configured
yum repos. This bootstrapping environment will be centos 9 stream,
but because we will install el9 repos under /etc/yum.repos.d, the
environments that we boostrap will be el9.
no-create-mountpoints: true
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You probably do want to ensure all of the mountpoints are created, because this image is getting entry settings that will attempt to mount /tmp, /dev, ... and while I'm sure the base centos image contains these, it doesn't hurt to assert that they're created

units:
- floor: .%internal/bootstrap/iso-extraction-floor
sources: []
mappings:
/src/layer: .%internal/bootstrap/extract/1
build: |
tar -xf /src/layer/layer.tar -C /dest
rm /dest/etc/yum.repos.d/*
Comment on lines +51 to +75
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see much value in separating these steps from the main download step. I guess the argument is that we don't need to redownload the tarball should any of the commands responsible for extracting and preparing that bootstrap image change, but redownloading a file is generally pretty fast for this to not really matter. This just ends up taking thrice the storage since we're individually storing the tarball, the layer tarball, and the extracted layer separately.


internal/bootstrap/install-rpms:
description: |
The install-rpms command accepts a list of packages and installs them
(along with dependencies) into /dest. This is useful for creating new
chroot environments with an arbitrary set of yum repos.
no-create-mountpoints: true
units:
- sources: []
build: |
mkdir -p /dest/usr/bin
chmod 555 /dest/usr/bin
echo '#!/bin/sh
dnf --assumeyes --installroot=/dest --noplugins \
--config=/etc/dnf/dnf.conf \
--setopt=cachedir=/var/cache/microdnf \
--setopt=reposdir=/etc/yum.repos.d \
--setopt=varsdir=/etc/dnf --releasever=9.1 install "$@"
' > /dest/usr/bin/install-rpms
chmod 755 /dest/usr/bin/install-rpms

internal/bootstrap/repos:
description: |
Install yum repos associated with el9 under /etc/yum.repos.d. Intended to
be used in combination with the install-rpms script.
no-create-mountpoints: true
units:
- image: barney.ci/docker%image/quay.io/almalinuxorg/9-minimal//9.3-20231124
- sources: []
entry:
env:
DNF_HOST: ${eext-dnf-host.url:-https://artifactory.infra.corp.arista.io/artifactory}
build: |
mkdir -p /dest/etc
touch /dest/etc/resolv.conf
finalizers:
- |
export DNF_HOST="https://artifactory.infra.corp.arista.io/artifactory"
export DNF_ARCH="$(arch)"
export DNF_DISTRO_REPO="alma-vault/9.1"
export DNF_EPEL9_REPO_VERSION="v20240127-1"
export DNF_EPEL9_REPO="eext-snapshots-local/epel9/${DNF_EPEL9_REPO_VERSION}/9/Everything"
echo '#!/bin/sh
microdnf --assumeyes --installroot=/dest --noplugins --config=/etc/dnf/dnf.conf \
--setopt=cachedir=/var/cache/microdnf --setopt=reposdir=/etc/yum.repos.d \
--setopt=varsdir=/etc/dnf --releasever=9.1 install "$@"
' > /usr/bin/install-rpms
chmod 755 /usr/bin/install-rpms
rm -rf /etc/yum.repos.d
mkdir -p /etc/yum.repos.d
mkdir -p /dest/etc/yum.repos.d
echo "[epel9-subset]
baseurl=${DNF_HOST}/${DNF_EPEL9_REPO}/${DNF_ARCH}/
enabled=1
gpgcheck=0
" > /etc/yum.repos.d/eext-externaldeps.repo
" > /dest/etc/yum.repos.d/eext-externaldeps.repo
echo "[BaseOS]
baseurl=${DNF_HOST}/${DNF_DISTRO_REPO}/BaseOS/${DNF_ARCH}/os/
gpgcheck=0
enabled=1
" > /etc/yum.repos.d/BaseOS.repo
" > /dest/etc/yum.repos.d/BaseOS.repo
echo "[AppStream]
baseurl=${DNF_HOST}/${DNF_DISTRO_REPO}/AppStream/${DNF_ARCH}/os/
exclude=podman
gpgcheck=0
enabled=1
" > /etc/yum.repos.d/AppStream.repo
" > /dest/etc/yum.repos.d/AppStream.repo

internal/bootstrap/network:
entry:
share-net: true
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not part of this change but this is definitely no longer accurate and should be using network.enabled: true

mounts:
- source: /etc/resolv.conf
target: /etc/resolv.conf
options: ro,bind

internal/bootstrap:
description: |
Minimal bootstrapping environment. Do not run builds in
this directly, but instead use it to create images that
contain a specific set of dependencies.
entry:
mutables:
- /var/cache
- /var/lib/dnf
units:
- image: .%internal/bootstrap/extract/2
- image: .%internal/bootstrap/repos
- image: .%internal/bootstrap/install-rpms
- image: .%internal/bootstrap/network

base-image:
units:
- floor: .%internal/alma-9.1-bootstrap
- floor: .%internal/bootstrap
sources: []
build: install-rpms autoconf automake coreutils git rpm rpmdevtools rpm-build make mock python3-devel quilt

Expand Down Expand Up @@ -103,7 +201,7 @@ images:
- build: |
mkdir -p /dest/var/cache/go
mkdir -p /dest/var/ext
- floor: .%internal/alma-9.1-bootstrap
- floor: .%internal/bootstrap
sources: []
build: |
install-rpms autoconf automake coreutils golang git rpm rpmdevtools rpm-build make mock python3-devel quilt
Expand Down
Loading