-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
many: switch to bootc install to-filesystem
(HMS-3453)
#462
Conversation
0b0ea6c
to
e052adf
Compare
For reference on this; yes, injecting a static key via bib is a baseline mechanism that works across platforms. However, it's not the only approach. There's also injecting the key via a derived container build, and there is also adding cloud-init. I do think the docs and CI for this project is overly focused on trying to exactly use the base images instead of generating derived ones - this was touched on in osbuild/bootc-image-builder#135 Anyways though...this is all still orthogonal, right? We can still inject user configuration on top of bootc install to-filesystem without requiring changes to either this project or bootc right now. |
b40db8a
to
fafa026
Compare
fafa026
to
ee9156f
Compare
ee9156f
to
0831da3
Compare
0831da3
to
ee150f4
Compare
I think this is ready for a |
c4ab640
to
592b14d
Compare
bootc install to-filesystem
bootc install to-filesystem
(HMS-3453)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks! :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM in general. Other than Colin's comments, this also needs a newer osbuild version for the selinux stage changes.
Manifest validation currently failing with
{"type": "https://osbuild.org/validation-error", "title": "JSON Schema validation failed", "success": false, "errors": [{"message": "Additional properties are not allowed ('exclude_paths' was unexpected)", "path": ["pipelines", 0, "stages", 1, "options"]}]}
osbuild.ContainersInput->osbuild.ContainerDeployInputs
The osbuild stage will fail if we pass `None` here.
This image type is distinct from the RawOSTreeImage because the way `bootc instal to-filesystem` works is quite different from how our existing ostree deployments work.
This enusre that the buildroot container is setup without selinux warnings.
This adds support for being able to add user customization. In practise we can only handle adding root user key(s) for now until we have more discussion about how to support adding users in a bootc supported way. This support for keys is essential to allow testing the images without play gustfish or similar tricks (which is hard on a bootc deploy because bootc will bind mount the deploy `etc` over the `sysroot/etc` on first boot so anything we do on the root of the disk will not work for /etc (/root/.authorized_keys might work actually maybe?). This also adds support for kernel-args to the bootc install-to-fs stage.
This commit adds support to include KernelOptionsAppend to a BootcDiskImage. This is important for cloud support.
b7d10d1
to
1204d70
Compare
There are some more customizations that I would love to see considered:
It also requires changes in bib, those are tracked in osbuild/bootc-image-builder#304 and we need to merge the two in tandem to keep things buildable.