Don't install .image quadlet in bootc Containerfiles #143
Conversation
rhatdan
requested review from
MichaelClifford,
sallyom,
lmilbaum and
cgwalters
as code owners
| # /usr/share/containers/systemd/${RECIPE}.image | ||
|
|
||
| # Setup /usr/lib/containers/storage as an additional store for images. | ||
| # Remove once the base images have this set by default. |
There was a problem hiding this comment.
the .image file ensures the images exist when restarting the service - if an image is manually deleted somehow then the service won't fail it will show as activating when pulling the image - is this enough of a reason to include it? Also, it's important if you don't pre-load the images.
There was a problem hiding this comment.
The problem is a image always attempts to pull, and no way to tell it to check if the image pre-exists. Without the .image file the chatbot.yaml file should attempt to pull the image if it does not exists.
Since some of the images are protected behind a registry, we would need to populate a auth.json file, which would be a security risk or require users to setup the auth.json file some other way. Bottom line, if you prepull the images, then no need for a .image quadlet, as far as I can see.
| RUN sed -i -e '/additionalimage.*/a "/usr/lib/containers/storage",' \ | ||
| /etc/containers/storage.conf | ||
|
|
||
| # Prepull the model, model_server and application to prepopulat the system. |
| RUN podman pull --root /usr/lib/containers/storage ${SERVERIMAGE} | ||
| RUN podman pull --root /usr/lib/containers/storage ${APPIMAGE} | ||
| RUN podman pull --root /usr/lib/containers/storage ${MODELIMAGE} | ||
|
|
||
| # Added for running as an OCI Container to prevent Overlay on Overlay issues. |
There was a problem hiding this comment.
Maybe let's link to CentOS/centos-bootc#282 because there was some good discussion there about this; it's a complex topic. Longer term as we go down the composefs path, maybe we can go to using cfs-fuse for the container-in-container case?
| @@ -24,7 +24,7 @@ quadlet: | |||
| -e "s|APPIMAGE|${APPIMAGE}|g" \ | |||
| -e "s|MODELIMAGE|${MODELIMAGE}|g" \ | |||
| quadlet/${APP}.yaml \ | |||
| > /tmp/${APP}.yaml | |||
| > build/${APP}.yaml | |||
There was a problem hiding this comment.
Maybe mkdir -p .build instead (and change L22,L27 to .build/${APP}.*) ? and then in .gitignore add this:
*.build*
There was a problem hiding this comment.
.build would make it harder for users to find? Why obscure this?
Make sure to clean out /var/lib/containers directories Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
No description provided.