Add iso building scripts #416
Conversation
kwozyman
requested review from
MichaelClifford,
rhatdan,
sallyom,
lmilbaum,
cgwalters and
Gregory-Pereira
as code owners
|
Why is this only for training, it would also be good for other bootc containers. I think we need to talk about whether we want this in addition to bootc-image-builder. @cgwalters WDYT? |
|
From what I can tell, this image isn't built in CI |
|
Ill add changes for the CI stuff. Typically I encourage users to add the related CI workflows when they introduce new images. However were having a little bit of a resources issue within the container org about access to github runners, and were in the process of migrating. |
There was a problem hiding this comment.
So upon closer inspection, it seems that there is no isolated container for the image-builder, it uses the make command to directly pass the arguments and make an iso-builder tailored to the parent provided image. Using your example, calling: make image iso EMBED_IMAGE=quay.io/centos-bootc/centos-bootc:stream9 ORIGINAL_ISO=CentOS-Stream-9-latest-x86_64-boot.iso SSHKEY="my public ssh key" will produce an image called quay.io/ai-lab/iso-builder:latest that is ready to build an iso from centos-bootc upon podman run ... -- we do not want this. There are some options for the refactor.
The simplest solution is to set the defaults with how we tag this image to indicate this existing paradigm. IE, if by our default parent image is quay.io/centos/centos:stream9, then by default we should tag this image quay.io/ai-lab/iso-builder/centos/centos:latest or something along those lines.
Ideally however, we would refactor the iso-builder to be a standalone container that you can pass arguments to, which I consider the best option. In a pattern similar to our other bootc images it would be able to pull in the parent image, and be able to run the iso-builder.sh script from there. This would require stuffing podman into this image, which would increase the size, and honestly im not sure thats something we want to do.
| This is based on CentOS Stream by default, for Red Hat Enterprise Linux you would use the `FROM` variable: | ||
|
|
||
| ``` | ||
| make image FROM=registry.access.redhat.com/ubi9/ubi:latest |
There was a problem hiding this comment.
This does not work, ubi does not ship with DNF, and will fail in the container build. Either update package deps to work for this option or remove the example
There was a problem hiding this comment.
Hmm.... ubi does not ship with dnf?
There was a problem hiding this comment.
Sorry my mistake, package lorax not available on ubi9:
make image FROM=registry.access.redhat.com/ubi9/ubi:latest
"podman" build \
--file Containerfile \
--tag "quay.io/ai-lab/iso-builder:latest" \
--from=registry.access.redhat.com/ubi9/ubi:latest \
\
\
STEP 1/5: FROM registry.access.redhat.com/ubi9/ubi:latest
STEP 2/5: RUN dnf install -y skopeo buildah lorax
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Red Hat Universal Base Image 9 (RPMs) - BaseOS 831 kB/s | 421 kB 00:00
Red Hat Universal Base Image 9 (RPMs) - AppStre 3.0 MB/s | 1.7 MB 00:00
Red Hat Universal Base Image 9 (RPMs) - CodeRea 379 kB/s | 114 kB 00:00
No match for argument: lorax
Error: Unable to find a match: lorax
Error: building at STEP "RUN dnf install -y skopeo buildah lorax": while running runtime: exit status 1
make: *** [image] Error 1
There was a problem hiding this comment.
Yeah I would probably argue that mkksiso should be clearly split from lorax and put in the bucket of "things we generally support in the product". Whereas "lorax" is an implementation detail of building the anaconda ISO that can and probably will change in the future.
Gregory-Pereira
force-pushed
the
training-iso
branch
9 times, most recently
from
876485b
to
b53e4c3
Compare
|
currently encountering what I presume to be a flake: |
Gregory-Pereira
force-pushed
the
training-iso
branch
2 times, most recently
from
9319927
to
9e1f84a
Compare
|
Tests pass. I will now hand this back to @kwozyman for refactor. Please keep tests in alignment with whatever changes you want to make. |
|
I have not heard an argument on why we would want this and not to just use bootc-image-builder? |
|
None from my perspective, I was just trying to prevent work from getting stale. |
|
Can you please rebase? |
Signed-off-by: Costin Gamenț <cgament@redhat.com>
Signed-off-by: Costin Gamenț <cgament@redhat.com>
Signed-off-by: Costin Gamenț <cgament@redhat.com>
Signed-off-by: greg pereira <grpereir@redhat.com>
Gregory-Pereira
force-pushed
the
training-iso
branch
from
9e1f84a
to
1921673
Compare
|
Sorry folks, I was on Summit + PTO @rhatdan it was your suggestion to include this. Do we still want it in? |
|
@cgwalters WDYT? |
| clearpart --all --initlabel --disklabel=gpt | ||
| reqpart --add-boot | ||
| part / --grow --fstype xfs | ||
| ostreecontainer --url=/run/install/repo/container --transport=oci --no-signature-verification |
There was a problem hiding this comment.
You can drop --no-signature-verification btw.
|
I totally get where this is coming from - it is putting together some things we have in a relatively straightforward way. However, it does also overlap with the So...I would hope we can get bib into a place where it handles these use cases more nicely, but at the same time I certainly wouldn't block anyone bypassing it where it's blocking things either. |
|
No movement or resolution here. Converting to draft. |
The following should generate an installation iso with the container image already inside:
make image iso EMBED_IMAGE=quay.io/centos-bootc/centos-bootc:stream9 ORIGINAL_ISO=CentOS-Stream-9-latest-x86_64-boot.iso SSHKEY="my public ssh key"