-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Initial support for container image updates #878
base: main
Are you sure you want to change the base?
Conversation
This requires |
(It's kind of heavyweight here to add the |
Or, of course...ultimately, perhaps zincati's functionality should be folded into rpm-ostree. |
Prep for handling the container case in coreos#878
Split the prep patches to #879 |
978f94f
to
03eef81
Compare
This is part of coreos/fedora-coreos-tracker#1263 If we're booted into a container image, then instead of looking for the special `fedora-coreos.stream` ostree commit metadata, we can do the much more obvious and natural thing of looking at the container image tag.
03eef81
to
e6486b0
Compare
OK rebased 🏄 and lifting draft - I think we can ship this. |
What will happen here now is zincati will switch the node back from container → ostree, which is obviously not what we want. Fixing that however requires a lot more work - we need to plumb through corresponding container image digests into the cincinnati metadata or/in-addition we add tags to the registry corresponding to the desired version. But...I think this is arguably better than having zincati just fail today. |
I think this may scratch the immediate itch but it's likely not a good foundation to build upon. Overall we have been quite successful uncoupling each single dotted release from the moving tip of the stream. Also, the main usecase for image containerization is that people will end up pushing their own images, in which case we can't really rely on tags nor match FCOS upstream refspec. Maybe I'm misunderstanding something, but I think even right now the ostree commit we ship in the container on quay does carry the |
It's not lost exactly, but the deployed commit doesn't have it, it's in a base layer. I do think it's more natural to parse the container tag.
How so? I think we'd probably express this semantically by doing an explicit versioned fetch with out changing the origin. That's what happens today with
Well...yes but I'm not trying to scope that in quite yet. The immediate goal is to take the steps necessary for us to switch over to using containers as a transport by default. |
Would be good to flesh out the design for coreos/fedora-coreos-tracker#1263 before doing implementation changes. I'm also hesitant to bind us to certain conventions before tackling the larger issue of "layering + automatic updates". |
Right, I think that'd be a good avenue. The graph schema is generic over the payload type and has a That way Zincati doesn't really need to know in details about container things, which AFAIK matches the current status for OSTree things. But again, the "layering" aspect of this changes things and how all this intersects with that use case needs some careful thought. |
Though one thing we could do I guess is to gate this PR behind some sufficiently scary flag/env var? But as an aside, I do think the |
From discussion in coreos/zincati#878 related to coreos/fedora-coreos-tracker#1263
Well...part of the idea of all this is to get away from "ostree stuff". We could try to set up a system where metadata on the original commit does propagate to the local merge commit, but...in the end I think what we want is to just have it in the container image metadata, so: coreos/coreos-assembler#3214 Then zincati can parse the container metadata using standard APIs. All of this helps lead to a world where a zincati-like tool can also be used for application container (e.g. podman) updates. And it should help us align with how e.g. OCP is already using Cincinnati to target a container image (not an ostree commit). |
From discussion in coreos/zincati#878 related to coreos/fedora-coreos-tracker#1263
From discussion in coreos/zincati#878 related to coreos/fedora-coreos-tracker#1263
Hello, Is this already "usable" in some way(custom build rpm-ostree, zinacati, etc.) Thanks a lot |
This is part of coreos/fedora-coreos-tracker#1263
If we're booted into a container image, then instead of looking for the special
fedora-coreos.stream
ostree commit metadata, we can do the much more obvious and natural thing of looking at the container image tag.