bin/compose: Expose phases as [install, postprocess, commit] cmds
Right now `rpm-ostree compose tree` is very prescriptive about how things work.
Trying to add anything that isn't an RPM is absolutely fighting the system. Our
postprocessing system *enforces* no network access (good for reproducibilty, but
still prescriptive).
There's really a logical split between three phases:
- install: "build a rootfs that installs packages"
- postprocess: "run magical ostree postprocessing like kernel"
- commit: "commit result to ostree"
So there are two high level flows I'd like to enable here. First is to allow
people to do *arbitrary* postprocessing between `install` and `commit`. For
example, run Ansible and change `/etc`. This path basically is like what we have
today with `postprocess-script.sh`, except the builder can do anything they want
with network access enabled.
Going much farther, this helps us support a "build with Dockerfile" style flow.
We can then provide tooling to extract the container image, and combine
`postprocess` and `commit`.
Or completely the other way - if for example someone wants to use `rpm-ostree
compose install`, they could tar up the result as a Docker/OCI image. That's now
easier; an advantage of this flow over e.g. `yum --installroot` is the "change
detection" code we have.
Related issues/PRs:
- https://github.com/projectatomic/rpm-ostree/pull/96
- https://github.com/projectatomic/rpm-ostree/issues/471
One disadvantage of this approach right now is that if one *does* go for
the split approach, we lose the "input hash" metadata for example. And
down the line, I'd like to add even more metadata, like the input rpm repos,
which could also be rendered on the client side.
But, I think we can address that later by e.g. caching the metadata in a file in
the install root and picking it back up or something.
Closes: #1039
Approved by: jlebon
2017-10-12 21:56:08 +03:00
#!/bin/bash
set -xeuo pipefail
dn = $( cd $( dirname $0 ) && pwd )
. ${ dn } /libcomposetest.sh
prepare_compose_test "installroot"
# This is used to test postprocessing with treefile vs not
pysetjsonmember "boot_location" '"new"'
instroot_tmp = $( mktemp -d /var/tmp/rpm-ostree-instroot.XXXXXX)
2019-01-28 18:19:27 +03:00
rpm-ostree compose install --unified-core --repo= " ${ repobuild } " ${ treefile } ${ instroot_tmp }
bin/compose: Expose phases as [install, postprocess, commit] cmds
Right now `rpm-ostree compose tree` is very prescriptive about how things work.
Trying to add anything that isn't an RPM is absolutely fighting the system. Our
postprocessing system *enforces* no network access (good for reproducibilty, but
still prescriptive).
There's really a logical split between three phases:
- install: "build a rootfs that installs packages"
- postprocess: "run magical ostree postprocessing like kernel"
- commit: "commit result to ostree"
So there are two high level flows I'd like to enable here. First is to allow
people to do *arbitrary* postprocessing between `install` and `commit`. For
example, run Ansible and change `/etc`. This path basically is like what we have
today with `postprocess-script.sh`, except the builder can do anything they want
with network access enabled.
Going much farther, this helps us support a "build with Dockerfile" style flow.
We can then provide tooling to extract the container image, and combine
`postprocess` and `commit`.
Or completely the other way - if for example someone wants to use `rpm-ostree
compose install`, they could tar up the result as a Docker/OCI image. That's now
easier; an advantage of this flow over e.g. `yum --installroot` is the "change
detection" code we have.
Related issues/PRs:
- https://github.com/projectatomic/rpm-ostree/pull/96
- https://github.com/projectatomic/rpm-ostree/issues/471
One disadvantage of this approach right now is that if one *does* go for
the split approach, we lose the "input hash" metadata for example. And
down the line, I'd like to add even more metadata, like the input rpm repos,
which could also be rendered on the client side.
But, I think we can address that later by e.g. caching the metadata in a file in
the install root and picking it back up or something.
Closes: #1039
Approved by: jlebon
2017-10-12 21:56:08 +03:00
instroot = ${ instroot_tmp } /rootfs
assert_not_has_dir ${ instroot } /etc
test -L ${ instroot } /home
assert_has_dir ${ instroot } /usr/etc
# Clone the root - we'll test direct commit, as well as postprocess with
# and without treefile.
mv ${ instroot } { ,-postprocess}
cp -al ${ instroot } { -postprocess,-directcommit}
cp -al ${ instroot } { -postprocess,-postprocess-treefile}
integrationconf = usr/lib/tmpfiles.d/rpm-ostree-0-integration.conf
assert_not_has_file ${ instroot } -postprocess/${ integrationconf }
rpm-ostree compose postprocess ${ instroot } -postprocess
assert_has_file ${ instroot } -postprocess/${ integrationconf }
ostree --repo= ${ repobuild } commit -b test-directcommit --selinux-policy ${ instroot } -postprocess --tree= dir = ${ instroot } -postprocess
echo "ok postprocess + direct commit"
rpm-ostree compose postprocess ${ instroot } -postprocess-treefile ${ treefile }
assert_has_file ${ instroot } -postprocess-treefile/${ integrationconf }
# with treefile, no kernels in /boot
ls ${ instroot } -postprocess-treefile/boot > ls.txt
assert_not_file_has_content ls.txt '^vmlinuz-'
rm -f ls.txt
echo "ok postprocess with treefile"
testdate = $( date)
echo " ${ testdate } " > ${ instroot } -directcommit/usr/share/rpm-ostree-composetest-split.txt
assert_not_has_file ${ instroot } -directcommit/${ integrationconf }
rpm-ostree compose commit --repo= ${ repobuild } ${ treefile } ${ instroot } -directcommit
ostree --repo= ${ repobuild } ls ${ treeref } /usr/bin/bash
ostree --repo= ${ repobuild } cat ${ treeref } /usr/share/rpm-ostree-composetest-split.txt >out.txt
assert_file_has_content_literal out.txt " ${ testdate } "
ostree --repo= ${ repobuild } cat ${ treeref } /${ integrationconf }
echo "ok installroot"