WIP: Podman flavour with support for toolbox #25
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Related-to: TOR-3216 Signed-off-by: Eduardo Ferreira <[email protected]>
When ostree-customize-plymouth.sh script is executed by a sudoers, $USER might not be 'root', it can be any user that in sudoers list. Let's change the condition check to 'id -u' instead. Signed-off-by: Ming Liu <[email protected]>
A issue was found when I run "runqemu genericx86-64 ovmf", grub failed to boot, it's a known issue has been fixed in grub upstream, backport the fix. The fix has been merged to OE master: openembedded/openembedded-core@51eab4b Related-to: TOR-3335 Signed-off-by: Ming Liu <[email protected]>
The changes include: - grub should support 'reboot' command to do upgrading/recovery. - dont rdepends on virtual-grub-bootconf, it's not necessary for a SOTA image, it would be done during generating WIC image. - Create startup.nsh so it can be consumed by WIC. Related-to: TOR-3335 Signed-off-by: Ming Liu <[email protected]>
We are currently having two docker.service files: ``` recipes-containers/docker/docker-ce/docker.service recipes-containers/docker/files/docker.service ``` in which, recipes-containers/docker/files/docker.service is the one being installed. it was introduced by the following commit fc2690b: [ docker-moby: add recipe ] then docker-moby recipe was removed later on by commit b33df4a: [ docker-moby: drop recipe ] but the docker.service became leftover. recipes-containers/docker/files/docker.service is more synced with docker repository and is being used by meta-lmp kirkstone branch, so seems is the one we should use. But it has two issues we should fix: - We dont set 'FailureAction=reboot', since we use greenboot to manage rollbacks for all failed systemd services. - We dont have fio-docker-fsck.service, it's a LMP particular service, we shall drop it from dependencies. Also drop daemon.json.in, it's not in use neither installed. Related-to: TOR-3340 Signed-off-by: Ming Liu <[email protected]>
set-hostname package was removed from qemuarm64/genericx86-64 machines since serial number is not supported on them, this causes the unique host name is not supported for these machines neither. This patch mainly aims to tweak sethostname script to read the first 8 characters from PARTUUID of the generated WIC image as the serial number, so we could have a unique host name like: ``` torizon@qemuarm64-41534072:~$ hostname qemuarm64-41534072 ``` Related-to: TOR-3339 Signed-off-by: Ming Liu <[email protected]>
Currently network-configuration only being used by qemuarm64 machine, for the reason that we run QEMU with TAP network device and that requires a static IP. But we dont have to maintain a extra recipe for setting a static IP which is managed by systemd-networkd. networkmanager can do that as well. Introduce a network.nmconnection.in for qemuarm64 to set up a static IP in networkmanager. Related-to: TOR-3336 Signed-off-by: Ming Liu <[email protected]>
genericx86-64 could be run by qemu with ovmf support, let's add it in. It would use a static IP in QEMU, but since DHCP profile has a higher order than static profile, networkmanager would always try DHCP firstly, this makes it work for both QEMU (static IP) and other VMs (for instance, Virtualbox if bridged net device being used). Related-to: TOR-3336 Signed-off-by: Ming Liu <[email protected]>
This allows docker-compose choose to be built as a docker plugin or a standalone binary, in the later case, docker-compose does not have to rdepends on docker, so other container engines like podman can also use it. Backported from meta-virtualization upstream: https://git.yoctoproject.org/meta-virtualization/commit/?id=8891c1e02ce93465937a70591effa815a3890796 Related-to: TOR-3282 Signed-off-by: Ming Liu <[email protected]>
"exec docker compose" would not work when docker binary is provided by podman, because 'docker compose' explicitly depends on docker engine and must be run as a plugin of it. Let's change to build a standalone docker-compose by removing 'docker-plugin' pkgconfig, so it could work for both podman and docker engines. After this change, both 'docker-compose' and 'docker compose' are supported for docker and podman engines, when an end user run docker-compose, it will directly execute docker-compose binary, when an end user run 'docker compose', docker and podman will locate 'docker-compose' from PATH. Related-to: TOR-3282 Signed-off-by: Ming Liu <[email protected]>
docker-integrity-checker works perfectly with podman as well except the graph root by default is /var/lib/containers/storage comparing to docker's /var/lib/docker. Let's tweak the docker-integrity-checker.sh to detect the container engine from /etc/os-release and decide which graph root to use. Related-to: TOR-3282 Signed-off-by: Ming Liu <[email protected]>
Backported from meta-virtualization upstream: https://git.yoctoproject.org/meta-virtualization/commit/?id=01a60446c578c404e101bb6b1d28d542ea957aef Related-to: TOR-3282 Signed-off-by: Ming Liu <[email protected]>
Let's support --config option by setting environment variable DOCKER_CONFIG instead of ignoring it for docker compatibility, so it could be used to locate config.json as authentication file. Also add a test case for this change, remove the deprecated one. Patch merged in libpod upstream: containers/podman#21095 Related-to: TOR-3298 Signed-off-by: Ming Liu <[email protected]>
The podman system service creates a listening service that answers API calls for Podman, by default the session is expired after 5 seconds per run, this sometimes causes failures if the requesting app needs a longer time to start, like docker-compose, let's pass "-t 0" to podman to avoid session expires. Make podman.service an alias of docker.service, we have some systemd services are depending on docker.service, so we dont have to modify them to handle the case when podman is the container engine. Related-to: TOR-3282 Signed-off-by: Ming Liu <[email protected]>
There are some known shortcomings when running Podman in a rootless environment: https://github.com/containers/podman/blob/main/rootless.md and it's not easy to share images between rootless users and root, some references: containers/podman#5608 https://www.redhat.com/sysadmin/image-stores-podman Although setting 'additionalimagestores' in /etc/containers/storage.conf allows container images to be shared among users, but it's still not convenient to use, for instance, if a root user pulls a image, it has to run "sudo chmod -R a+rx /var/lib/mycontainers" everytime to avoid permissions issues. And 'additionalimagestores' only supports read-only images to be shared among rootless users, an user could not build a image and share it to other users. This patch mainly aims to create a docker-like UX for torizon user when podman is the container engine, by allowing torizon user be able to run /usr/bin/podman with sudoer without needing input a passwd. So torizon user can run podman's docker wrapper to access any images created by root, or build a image to be shared by root, this gives an end user consistent UX just like he is using docker command. Related-to: TOR-3284 Signed-off-by: Ming Liu <[email protected]>
Generate podman bash completion script with qemu wrapper. When docker pkgconfig is enabled, also generate bash completion script for docker. Related-to: TOR-3282 Signed-off-by: Ming Liu <[email protected]>
Ported from meta-virtualization master branch, to match podman 4.8. Related-to: TOR-3308 Signed-off-by: Ming Liu <[email protected]>
Ported from meta-virtualization master branch, to match podman 4.8. Related-to: TOR-3308 Signed-off-by: Ming Liu <[email protected]>
Related-to: TOR-3308 Signed-off-by: Ming Liu <[email protected]>
Ported from meta-virtualization master branch, to match podman 4.8. Related-to: TOR-3300 Signed-off-by: Ming Liu <[email protected]>
Related-to: TOR-3300 Signed-off-by: Ming Liu <[email protected]>
Move 20-docker.conf and docker.sh from docker recipe to torizon-conf, so it could be used by podman as well. Drop path-sbin.sh from torizon-conf, those paths it wants to add in PATH, they are already in. Related-to: TOR-3282 Signed-off-by: Ming Liu <[email protected]>
Let both torizon-core-docker and torizon-core-podman to include it, and use VIRTUAL-RUNTIME_container_engine to distinguish container engine. After this change, the following packages: ``` docker-compose docker-compose-up docker-integrity-checker docker-watchdog docker-auto-prune ``` would be installed to torizon-core-docker and torizon-core-podman, they currently are working well with both docker and podman container engines, After this patch, we need to pay attention to later changes on these recipes, to ensure tests done for both docker and podman. Also drop bash-completion-pkgs from torizon-core-docker recipe, it's a duplicated setting, already in torizon-core-common.inc. Related-to: TOR-3282 Signed-off-by: Ming Liu <[email protected]>
genericx86-64 now is requiring it to be able to support running in QEMU. Related-to: TOR-3336 Signed-off-by: Ming Liu <[email protected]>
When it's enabled by:
```
PACKAGECONFIG = "transient-store"
```
a "transient_store = true" option would be added to
${sysconfdir}/containers/storage.conf, so podman will start
containers with transient storage mode.
Reference about increase podman startup speed with transient
storage:
https://www.redhat.com/sysadmin/speed-containers-podman-raspberry-pi
transient-store PACKAGECONFIG is disabled by default.
Related-to: TOR-3302
Signed-off-by: Ming Liu <[email protected]>
…on#1) When it's enabled by: ``` PACKAGECONFIG = "transient-store" ``` a "transient_store = true" option would be added to ${sysconfdir}/containers/storage.conf, so podman will start containers with transient storage mode. Reference about increase podman startup speed with transient storage: https://www.redhat.com/sysadmin/speed-containers-podman-raspberry-pi transient-store PACKAGECONFIG is disabled by default. Related-to: TOR-3302
|
@leograba this probably will help with #18 , since we are not focused in podman right no there is not a image for podman. But in this MR @leonheldattoradex is adding it. |
microhobby
requested changes
Feb 1, 2024
| podman \ | ||
| podman-compose \ | ||
| fuse-overlayfs \ | ||
| toolbox \ |
There was a problem hiding this comment.
I don't have much knowledge of toolbox. But from what little I've read, it seems like something aimed more at development. Would not it be better to dd torizon-core-common-dev-podman and then toolbox in this image?
There was a problem hiding this comment.
Sure, it can be viewed that way. My intention with Toolbox is making the Podman flavour of Torizon more like Fedora Silverblue, but with Yocto behind it.
I'll add a dev podman image to the MR.
There was a problem hiding this comment.
FWIW, I'd love to see a distrobox option as well.
zram related kernel configs are missing from yocto kernel, add them in. Related-to: TOR-3371 Signed-off-by: Ming Liu <[email protected]>
The default SaveIntervalSec is set to 60 secs, it's too much wirte on disk, let's increase it to 3600 secs. Related-to: TOR-3373 Signed-off-by: Ming Liu <[email protected]>
This is already the default in kirkstone currently. Signed-off-by: Drew Moseley <[email protected]>
Signed-off-by: Drew Moseley <[email protected]>
Signed-off-by: Drew Moseley <[email protected]>
This helps to use all the available space on the storage device. Signed-off-by: Matheus Castello <[email protected]>
This reverts commit b4e69b4.
Signed-off-by: Matheus Castello <[email protected]>
Signed-off-by: Matheus Castello <[email protected]>
This ensures it is only run once rather than any time it is included. Signed-off-by: Drew Moseley <[email protected]>
Signed-off-by: Matheus Castello <[email protected]>
This was an regression from the rebase 😔. Signed-off-by: Matheus Castello <[email protected]>
Signed-off-by: Matheus Castello <[email protected]>
Signed-off-by: Matheus Castello <[email protected]>
This reverts commit 473f137.
For TorizonCommon we use NetworkManager by default. The -dev image includes testapps and they bring in connman which then breaks NetworkManager. Signed-off-by: Drew Moseley <[email protected]>
This seems to be something from meta-lmp that is not present in the common-torizon layers. Signed-off-by: Drew Moseley <[email protected]>
This does not exist on the kernel version in use with kirkstone. It seems to be added in 5.18. Signed-off-by: Drew Moseley <[email protected]>
ff4746b refactored the include files to accomodate for the reference minimal image (previously 'lite'). Signed-off-by: Leonardo Held <[email protected]>
The Seeed Studio Odyssey board has a Intel I225-LM network chip, so to support it we need to add the igc driver to the kernel. Signed-off-by: Matheus Castello <[email protected]>
Signed-off-by: Matheus Castello <[email protected]>
Signed-off-by: Matheus Castello <[email protected]>
The package name and version are a bit weird in the platform UI. So, let's use only the RELEASE-MACHINE format, and the version will be the actual release version instead of the hash. Fixes: commontorizon#2 Signed-off-by: Matheus Castello <[email protected]>
Extending ostree-grub-generator script, so that it also checks under '/etc/ostree.d' for bootloader logic to append to grub.cfg script. Also create the '/etc/ostree.d' folder in order to store the files to be appended. Related-to: TOR-3299 Signed-off-by: Eduardo Ferreira <[email protected]>
Related-to: TOR-3299 Signed-off-by: Eduardo Ferreira <[email protected]>
This recipe uses the OSTree change that enables to add custom logic to grub.cfg. It adds the '99_fallback_logic' to '/etc/ostree.d', so after an update, if it goes wrong, grub can perform a fallback. Adds the 'grubenv-create' service, a oneshot service that the idea is to only run in the first boot ever, since it check the BOOT partition for the grubenv environment file, and if it's not present, it will create one with the variables used during fallback with their default values. Adds an entry into fstab, so that the BOOT partition is mounted and ready for both Greenboot and grubenv-create.service to operate on Grub environment file. And also adds 2 aliases for 'grubenv-edit' tool, for 'fw_printenv' and 'fw_setenv', so that both Aktualizr and Greenboot become compatible with Grub. Related-to: TOR-3299 Signed-off-by: Eduardo Ferreira <[email protected]>
Since we're now aliasing 'grub-editenv' to 'fw_setenv' and 'fw_printenv', we need to remove 'u-boot-fw-utils' from the x86 QEMU image in order do avoid collision. Related-to: TOR-3299 Signed-off-by: Eduardo Ferreira <[email protected]>
Signed-off-by: Eduardo Ferreira <[email protected]>
Change TorizonCore to Torizon OS and Torizon Platform to Torizon Cloud Signed-off-by: Stefano Viola <[email protected]>
leonheldattoradex
force-pushed
the
kirkstone
branch
from
8b867e2 to
60b9c18
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fedora Silverblue is very similar to Torizon, but instead of relying on the usual
docker run ...commands, it instructs users to use `toolbox