Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fedora 42 change: composefs enabled by default #608

Open
travier opened this issue Jul 18, 2024 · 10 comments
Open

Fedora 42 change: composefs enabled by default #608

travier opened this issue Jul 18, 2024 · 10 comments
Labels

Comments

@travier
Copy link

travier commented Jul 18, 2024

For the upcoming Fedora 41 release, we are enabling composefs by default for bootable container images of Fedora Atomic Desktops (not for the classic ostree ones).

See:

It's enabled in the Rawhide/41 images from ci-test: https://gitlab.com/fedora/ostree/ci-test/-/blob/main/composefs.yaml?ref_type=heads

Before we move people to composefs, we need them to have a BLS capable bootloader (i.e. an updated open), have BLS config enabled and then set sudo ostree config set sysroot.bootloader none. If some of those things are not set, you might end up with a completely unbootable system (i.e. no rollback either).

See:

So this is tricky as we don't have a mechanism in Atomic Desktops like we do in Fedora CoreOS to force updates through a barrier releases that would validate all of those elements before updating to a composefs enabled image and setting the ostree repo config.

If that ends up being too much for the F41 release, we can postpone it to F42 or dynamically disable it in a layer (needs an initramfs rebuild).

@travier travier changed the title Fedora 41 change: composefs enable by default Fedora 41 change: composefs enabled by default Jul 18, 2024
@castrojo castrojo added enhancement New feature or request proposal labels Jul 27, 2024
@travier
Copy link
Author

travier commented Aug 20, 2024

I've pushed F41 images, and they come with composefs enabled by default.

We don't have a real plan for the transition from F40 yet so we might have to disable it until we do.

See: https://gitlab.com/fedora/ostree/sig/-/issues/35#note_1986555833

@travier
Copy link
Author

travier commented Aug 20, 2024

WARNING: Rebasing to those images may make your system unbootable / un-upgradeable.

@castrojo
Copy link
Member

Hi Timothee! Greetings from KubeCon in Hong Kong!

We usually don't ingest on our builds until the beta (For F41 in this case) so no one will be rebasing yet.

From a future proof perspective do we need to manually set ostree config set sysroot.bootloader none for folks? Is this something we can automate in the containerfile? Thanks!

@travier
Copy link
Author

travier commented Aug 20, 2024

Hi Timothee! Greetings from KubeCon in Hong Kong!

👋🏻

From a future proof perspective do we need to manually set ostree config set sysroot.bootloader none for folks? Is this something we can automate in the containerfile? Thanks!

We can not automate that in the Containerfile, we need this in a system unit running on the systems.

But doing that also means that we have to make sure that the bootloader is updated before and BLS properly enabled in the GRUB config.

@p5
Copy link
Member

p5 commented Aug 20, 2024

So in theory, we need a systemd script that somehow (and I know nothing about bootloaders or BLS):

Checks if BLS is enabled and the bootloader is a suitable version
If yes, run ostree config set sysroot.bootloader none
If no, pin the user on their current image and inform the user (or try and remediate it ourselves within the script)

@travier
Copy link
Author

travier commented Aug 20, 2024

Yes, something like that.

Updating the bootloader is almost the same as having bootupd and this is only in F41, and it does not handle RAID mirrors yet (coreos/bootupd#132) and I've not tested the setup that Anaconda does for RAID mirror.

@travier
Copy link
Author

travier commented Aug 20, 2024

Summary of what's needed for F41 for the Atomic Desktops to converge with bootc on:

@p5 p5 mentioned this issue Aug 25, 2024
26 tasks
@travier
Copy link
Author

travier commented Aug 26, 2024

The 100% Code Complete Deadline for Fedora 41 is tomorrow and we are not ready with the transition plan for this change in the Atomic Desktops thus I'm pushing this back to Fedora 42.

@travier travier changed the title Fedora 41 change: composefs enabled by default Fedora 42 change: composefs enabled by default Aug 26, 2024
@castrojo
Copy link
Member

@bsherman Heads up that this will still affect uCore.

@travier
Copy link
Author

travier commented Nov 29, 2024

As part of this change, we will be migrating the Atomic Desktops to a static GRUB config file (Fedora CoreOS / uCore already use a static GRUB config file).

While using a static GRUB config file is not strictly needed for composefs, it is currently the only workaround that we have for https://bugzilla.redhat.com/show_bug.cgi?id=2308594, which is not making progress right now.

The current work in progress script for this migration is in https://hackmd.io/B8lMCzLFQjGgr5jhl_Iw-w. Testing welcomed.

The plan is to push that to Fedora Rawhide first, then Fedora 41, to migrate systems ahead of the Fedora 42 release, which will enable composefs by default. This should maximize the opportunity for users to have their system migrated to a static GRUB config or find out that the migration did not succeed (which is something only accessible to advanced users unfortunately) before the switch to composefs in F42 which will block updates if the system has not been migrated.

The script is designed to be safe to fail and can be restart at anytime. This should hopefully let us catch any issues during the Fedora 41 cycle, even before the Fedora 42 Beta.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants