forked from containers/bootc
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Initialize a containers-storage: owned by bootc
Initial work for: containers#721 - Initialize a containers-storage: instance at install time (that defaults to empty) - "Open" it (but do nothing with it) as part of the core CLI operations Further APIs and work will build on top of this. Signed-off-by: Colin Walters <[email protected]>
- Loading branch information
Showing
8 changed files
with
135 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
//! # bootc-managed container storage | ||
//! | ||
//! The default storage for this project uses ostree, canonically storing all of its state in | ||
//! `/sysroot/ostree`. | ||
//! | ||
//! This containers-storage: which canonically lives in `/sysroot/ostree/bootc`. | ||
use std::sync::Arc; | ||
|
||
use anyhow::{Context, Result}; | ||
use camino::Utf8Path; | ||
use cap_std_ext::cap_std::fs::Dir; | ||
use cap_std_ext::cmdext::CapStdExtCommandExt; | ||
use cap_std_ext::dirext::CapStdExtDirExt; | ||
use fn_error_context::context; | ||
use std::os::fd::OwnedFd; | ||
|
||
use crate::task::Task; | ||
|
||
/// The path to the storage, relative to the physical system root. | ||
pub(crate) const SUBPATH: &str = "ostree/bootc/storage"; | ||
/// The path to the "runroot" with transient runtime state; this is | ||
/// relative to the /run directory | ||
const RUNROOT: &str = "bootc/storage"; | ||
pub(crate) struct Storage { | ||
root: Dir, | ||
#[allow(dead_code)] | ||
run: Dir, | ||
} | ||
|
||
impl Storage { | ||
fn podman_task_in(sysroot: OwnedFd, run: OwnedFd) -> Result<crate::task::Task> { | ||
let mut t = Task::new_quiet("podman"); | ||
// podman expects absolute paths for these, so use /proc/self/fd | ||
{ | ||
let sysroot_fd: Arc<OwnedFd> = Arc::new(sysroot); | ||
t.cmd.take_fd_n(sysroot_fd, 3); | ||
} | ||
{ | ||
let run_fd: Arc<OwnedFd> = Arc::new(run); | ||
t.cmd.take_fd_n(run_fd, 4); | ||
} | ||
t = t.args(["--root=/proc/self/fd/3", "--runroot=/proc/self/fd/4"]); | ||
Ok(t) | ||
} | ||
|
||
#[allow(dead_code)] | ||
fn podman_task(&self) -> Result<crate::task::Task> { | ||
let sysroot = self.root.try_clone()?.into_std_file().into(); | ||
let run = self.run.try_clone()?.into_std_file().into(); | ||
Self::podman_task_in(sysroot, run) | ||
} | ||
|
||
#[context("Creating imgstorage")] | ||
pub(crate) fn create(sysroot: &Dir, run: &Dir) -> Result<Self> { | ||
let subpath = Utf8Path::new(SUBPATH); | ||
// SAFETY: We know there's a parent | ||
let parent = subpath.parent().unwrap(); | ||
if !sysroot.try_exists(subpath)? { | ||
let tmp = format!("{SUBPATH}.tmp"); | ||
sysroot.remove_all_optional(&tmp)?; | ||
sysroot.create_dir_all(parent)?; | ||
sysroot.create_dir_all(&tmp).context("Creating tmpdir")?; | ||
// There's no explicit API to initialize a containers-storage: | ||
// root, simply passing a path will attempt to auto-create it. | ||
// We run "podman images" in the new root. | ||
Self::podman_task_in(sysroot.open_dir(&tmp)?.into(), run.try_clone()?.into())? | ||
.arg("images") | ||
.run()?; | ||
sysroot | ||
.rename(&tmp, sysroot, subpath) | ||
.context("Renaming tmpdir")?; | ||
} | ||
Self::open(sysroot, run) | ||
} | ||
|
||
#[context("Opening imgstorage")] | ||
pub(crate) fn open(sysroot: &Dir, run: &Dir) -> Result<Self> { | ||
let root = sysroot.open_dir(SUBPATH).context(SUBPATH)?; | ||
// Always auto-create this if missing | ||
run.create_dir_all(RUNROOT)?; | ||
let run = run.open_dir(RUNROOT).context(RUNROOT)?; | ||
Ok(Self { root, run }) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -44,3 +44,4 @@ pub mod spec; | |
|
||
#[cfg(feature = "docgen")] | ||
mod docgen; | ||
mod imgstorage; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,6 +2,7 @@ use std::path::Path; | |
use std::{os::fd::AsRawFd, path::PathBuf}; | ||
|
||
use anyhow::Result; | ||
use camino::Utf8Path; | ||
use cap_std_ext::cap_std; | ||
use cap_std_ext::cap_std::fs::Dir; | ||
use fn_error_context::context; | ||
|
@@ -53,6 +54,12 @@ fn find_deployment_root() -> Result<Dir> { | |
anyhow::bail!("Failed to find deployment root") | ||
} | ||
|
||
// Hook relatively cheap post-install tests here | ||
fn generic_post_install_verification() -> Result<()> { | ||
assert!(Utf8Path::new("/ostree/bootc/storage/overlay").try_exists()?); | ||
Ok(()) | ||
} | ||
|
||
#[context("Install tests")] | ||
pub(crate) fn run_alongside(image: &str, mut testargs: libtest_mimic::Arguments) -> Result<()> { | ||
// Force all of these tests to be serial because they mutate global state | ||
|
@@ -88,6 +95,8 @@ pub(crate) fn run_alongside(image: &str, mut testargs: libtest_mimic::Arguments) | |
std::fs::write(&tmp_keys, b"ssh-ed25519 ABC0123 [email protected]")?; | ||
cmd!(sh, "sudo {BASE_ARGS...} {target_args...} -v {tmp_keys}:/test_authorized_keys {image} bootc install to-filesystem {generic_inst_args...} --acknowledge-destructive --karg=foo=bar --replace=alongside --root-ssh-authorized-keys=/test_authorized_keys /target").run()?; | ||
|
||
generic_post_install_verification()?; | ||
|
||
// Test kargs injected via CLI | ||
cmd!( | ||
sh, | ||
|
@@ -120,6 +129,7 @@ pub(crate) fn run_alongside(image: &str, mut testargs: libtest_mimic::Arguments) | |
let sh = &xshell::Shell::new()?; | ||
reset_root(sh)?; | ||
cmd!(sh, "sudo {BASE_ARGS...} {target_args...} {image} bootc install to-existing-root --acknowledge-destructive {generic_inst_args...}").run()?; | ||
generic_post_install_verification()?; | ||
let root = &Dir::open_ambient_dir("/ostree", cap_std::ambient_authority()).unwrap(); | ||
let mut path = PathBuf::from("."); | ||
crate::selinux::verify_selinux_recurse(root, &mut path, false)?; | ||
|
@@ -131,6 +141,7 @@ pub(crate) fn run_alongside(image: &str, mut testargs: libtest_mimic::Arguments) | |
let empty = sh.create_temp_dir()?; | ||
let empty = empty.path().to_str().unwrap(); | ||
cmd!(sh, "sudo {BASE_ARGS...} {target_args...} -v {empty}:/usr/lib/bootc/install {image} bootc install to-existing-root {generic_inst_args...}").run()?; | ||
generic_post_install_verification()?; | ||
Ok(()) | ||
}), | ||
]; | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
use std assert | ||
use tap.nu | ||
|
||
tap begin "verify bootc-owned container storage" | ||
|
||
# This should currently be empty by default... | ||
podman --storage-opt=additionalimagestore=/usr/lib/bootc/storage images | ||
tap ok |