diff --git a/training/common/Makefile.common b/training/common/Makefile.common index 7828ea8c..2f6f2615 100644 --- a/training/common/Makefile.common +++ b/training/common/Makefile.common @@ -50,7 +50,7 @@ ENABLE_RT ?= SSH_PUBKEY ?= $(shell cat ${HOME}/.ssh/id_rsa.pub 2> /dev/null) .PHONY: prepare-files -prepare-files: $(OUTDIR)/$(WRAPPER) $(OUTDIR)/$(QLORA_WRAPPER) $(OUTDIR)/$(TRAIN_WRAPPER) $(OUTDIR) +prepare-files: $(OUTDIR)/$(WRAPPER) $(OUTDIR)/$(QLORA_WRAPPER) $(OUTDIR)/$(TRAIN_WRAPPER) $(OUTDIR) common-services $(OUTDIR): mkdir -p $(OUTDIR) @@ -61,6 +61,11 @@ $(OUTDIR)/$(QLORA_WRAPPER): $(OUTDIR) $(OUTDIR)/$(TRAIN_WRAPPER): $(OUTDIR) cp -pf $(TRAIN_WRAPPER) $(OUTDIR) +.PHONY: common-services +common-services: + mkdir -p build; cp -pR ../common/usr build + + .PHONY: check-sshkey check-sshkey: @test -n "$(SSH_PUBKEY)" || \ diff --git a/training/common/usr/lib/systemd/system/bootc-generic-growpart.service b/training/common/usr/lib/systemd/system/bootc-generic-growpart.service deleted file mode 100644 index 77bb310b..00000000 --- a/training/common/usr/lib/systemd/system/bootc-generic-growpart.service +++ /dev/null @@ -1,20 +0,0 @@ -[Unit] -Description=Bootc Fallback Root Filesystem Grow -Documentation=https://gitlab.com/fedora/bootc/docs -# For now we skip bare metal cases, and we also have nothing to do -# for containers. -ConditionVirtualization=vm -# This helps verify that we're running in a bootc/ostree based target. -ConditionPathIsMountPoint=/sysroot -# We want to run before any e.g. large container images might be pulled. -DefaultDependencies=no -Requires=sysinit.target -After=sysinit.target -Before=basic.target - -[Service] -ExecStart=/usr/libexec/bootc-generic-growpart -# So we can temporarily remount the sysroot writable -MountFlags=slave -# Just to auto-cleanup our temporary files -PrivateTmp=yes diff --git a/training/common/usr/lib/systemd/system/local-fs.target.wants/bootc-generic-growpart.service b/training/common/usr/lib/systemd/system/local-fs.target.wants/bootc-generic-growpart.service deleted file mode 120000 index c8e2408d..00000000 --- a/training/common/usr/lib/systemd/system/local-fs.target.wants/bootc-generic-growpart.service +++ /dev/null @@ -1 +0,0 @@ -../bootc-generic-growpart.service \ No newline at end of file diff --git a/training/common/usr/lib/systemd/system/upgrade-informer.service b/training/common/usr/lib/systemd/system/upgrade-informer.service new file mode 100644 index 00000000..39458c49 --- /dev/null +++ b/training/common/usr/lib/systemd/system/upgrade-informer.service @@ -0,0 +1,12 @@ +[Unit] +Description=Check for available operating system updates +ConditionPathExists=/run/ostree-booted +After=network-online.target +StartLimitIntervalSec=400 +StartLimitBurst=3 + +[Service] +Type=oneshot +ExecStart=/usr/libexec/upgrade-informer +Restart=on-failure +RestartSec=90 diff --git a/training/common/usr/lib/systemd/system/upgrade-informer.timer b/training/common/usr/lib/systemd/system/upgrade-informer.timer new file mode 100644 index 00000000..1ac82e93 --- /dev/null +++ b/training/common/usr/lib/systemd/system/upgrade-informer.timer @@ -0,0 +1,11 @@ +[Unit] +Description=Runs upgrade informer periodically +ConditionPathExists=/run/ostree-booted + +[Timer] +OnBootSec=1h +OnUnitInactiveSec=8h +RandomizedDelaySec=2h + +[Install] +WantedBy=timers.target diff --git a/training/common/usr/libexec/bootc-generic-growpart b/training/common/usr/libexec/bootc-generic-growpart deleted file mode 100755 index c2277ba3..00000000 --- a/training/common/usr/libexec/bootc-generic-growpart +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash -set -eu - -backing_device=$(findmnt -vno SOURCE /sysroot) -echo "Backing device: ${backing_device}" -syspath=/sys/class/block/$(basename "${backing_device}") -if ! test -d "${syspath}"; then - echo "failed to find backing device ${syspath}"; exit 1 -fi - -# Handling devicemapper targets is a whole other thing -case $backing_device in - /dev/mapper/*) "Not growing $backing_device"; exit 0 ;; -esac - -# Note that we expect that the rootfs is on a partition -partition=$(cat "${syspath}"/partition) - -# Walk up to find the parent blockdev -parentpath=$(dirname "$(realpath "${syspath}")") -devmajmin=$(cat "${parentpath}"/dev) -parent="/dev/block/${devmajmin}" - -# Grow the partition -tmpf=$(mktemp) -# Ignore errors because growpart exits 1 if nothing changed; -# we need to check the output for NOCHANGE: -if ! /usr/bin/growpart "${parent}" "${partition}" > "${tmpf}"; then - cat "${tmpf}" - if grep -qEe '^NOCHANGE: ' "${tmpf}"; then - exit 0 - fi - echo "growpart failed" - exit 1 -fi -cat "${tmpf}" -# Now, temporarily remount the sysroot writable in our mount namespace -mount -o remount,rw /sysroot -# And defer to systemd's growfs wrapper which handles dispatching on -# the target filesystem type. -/usr/lib/systemd/systemd-growfs /sysroot diff --git a/training/common/usr/libexec/upgrade-informer b/training/common/usr/libexec/upgrade-informer new file mode 100755 index 00000000..04b582db --- /dev/null +++ b/training/common/usr/libexec/upgrade-informer @@ -0,0 +1,32 @@ +#!/bin/bash + +# Run the command and capture its output +output=$(bootc upgrade --check | sed -e 1q) +message_file="/etc/motd.d/upgrade-message" +bootc_auth="/etc/ostree/auth.json" + +if [[ $output == Update\ available* ]]; then + if [[ ! -f $message_file ]]; then + echo "New version was found" + bootc_image=$(echo "$output" | awk '{print $4}') + # If auth file exists we should use it + auth_params="" + if [[ -f $bootc_auth ]]; then + auth_params="--authfile $bootc_auth" + fi + + # Get image version + # shellcheck disable=SC2086 + image_version=$(skopeo inspect --format json $auth_params "$bootc_image" | jq '.Labels | .["image_version"] // empty' | tr -d '"') + + # If upgrade available, write the output to the file + echo -e "\n\n ** Attention! ** \n** A new $image_version version is available **\n\ +** In order to apply it run: bootc upgrade --apply \n\ +** Please note that the system will reboot after the upgrade ** \n\n" > $message_file + fi +else + echo "No upgrade was found" + rm $message_file 2> /dev/null +fi + +echo "Finished running upgrade informer" diff --git a/training/nvidia-bootc/Containerfile b/training/nvidia-bootc/Containerfile index 7406e942..647e2db4 100644 --- a/training/nvidia-bootc/Containerfile +++ b/training/nvidia-bootc/Containerfile @@ -98,6 +98,8 @@ COPY --from=builder /home/builder/yum-packaging-precompiled-kmod/RPMS/*/*.rpm /r COPY --from=builder --chmod=444 /home/builder/yum-packaging-precompiled-kmod/tmp/firmware/*.bin /lib/firmware/nvidia/${DRIVER_VERSION}/ # Temporary workaround until the permanent fix for libdnf is merged COPY nvidia-toolkit-firstboot.service /usr/lib/systemd/system/nvidia-toolkit-firstboot.service +# Enable common services +COPY build/usr /usr # TODO: rework this monstrosity into a build.sh (or even not shell script) # The need for the `cp /etc/dnf/dnf.conf` is a workaround for https://github.com/containers/bootc/issues/637 @@ -149,7 +151,13 @@ RUN mv /etc/selinux /etc/selinux.tmp \ && echo "blacklist nouveau" > /etc/modprobe.d/blacklist_nouveau.conf \ && sed '/\[Unit\]/a ConditionPathExists = /dev/nvidia-nvswitchctl' /usr/lib/systemd/system/nvidia-fabricmanager.service \ && ln -s /usr/lib/systemd/system/nvidia-fabricmanager.service /etc/systemd/system/multi-user.target.wants/nvidia-fabricmanager.service \ - && ln -s /usr/lib/systemd/system/nvidia-persistenced.service /etc/systemd/system/multi-user.target.wants/nvidia-persistenced.service + && ln -s /usr/lib/systemd/system/nvidia-persistenced.service /etc/systemd/system/multi-user.target.wants/nvidia-persistenced.service \ + # enable upgrade informer timer + && ln -s /usr/lib/systemd/system/upgrade-informer.timer /usr/lib/systemd/system/timers.target.wants/upgrade-informer.timer \ + # enable upgrade informer service, added as we need it to start on boot + && ln -s /usr/lib/systemd/system/upgrade-informer.service /usr/lib/systemd/system/basic.target.wants/upgrade-informer.service \ + # disable auto upgrade service + && rm -f /usr/lib/systemd/system/default.target.wants/bootc-fetch-apply-updates.timer ARG SSHPUBKEY