-
Notifications
You must be signed in to change notification settings - Fork 305
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
sysroot: Rework /var handling to act like Docker
VOLUME /var
We've long struggled with semantics for `/var`. Our stance of "/var should start out empty and be managed by the OS" is a strict one, that pushes things closer to the original systemd upstream ideal of the "OS state is in /usr". However...well, a few things. First, we had some legacy bits here which were always populating the deployment `/var`. I don't think we need that if systemd is in use, so detect if the tree has `usr/lib/tmpfiles.d`, and don't create that stuff at `ostree admin stateroot-init` time if so. Building on that then, we have the stateroot `var` starting out actually empty. When we do a deployment, if the stateroot `var` is empty, make a copy (reflink if possible of course) of the commit's `/var` into it. This matches the semantics that Docker created with volumes, and this is sufficiently simple and easy to explain that I think it's closer to the right thing to do. Crucially...it's just really handy to have some pre-existing directories in `/var` in container images, because Docker (and podman/kube/etc) don't run systemd and hence don't run `tmpfiles.d` on startup. I really hit on the fact that we need `/var/tmp` in our container images by default for example. So there's still some overlap here with e.g. `/usr/lib/tmpfiles.d/var.conf` as shipped by systemd, but that's fine - they don't actually conflict per se.
- Loading branch information
Showing
9 changed files
with
238 additions
and
54 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
#!/bin/bash | ||
# | ||
# Copyright (C) 2024 Red Hat, Inc. | ||
# | ||
# SPDX-License-Identifier: LGPL-2.0+ | ||
# | ||
# This library is free software; you can redistribute it and/or | ||
# modify it under the terms of the GNU Lesser General Public | ||
# License as published by the Free Software Foundation; either | ||
# version 2 of the License, or (at your option) any later version. | ||
# | ||
# This library is distributed in the hope that it will be useful, | ||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
# Lesser General Public License for more details. | ||
# | ||
# You should have received a copy of the GNU Lesser General Public | ||
# License along with this library. If not, see <https://www.gnu.org/licenses/>. | ||
|
||
set -euox pipefail | ||
|
||
. $(dirname $0)/libtest.sh | ||
|
||
if ! echo "$OSTREE_FEATURES" | grep --quiet --no-messages "initial-var"; then | ||
fatal missing initial-var | ||
fi | ||
|
||
# Exports OSTREE_SYSROOT so --sysroot not needed. | ||
setup_os_repository "archive" "syslinux" | ||
|
||
echo "initial ls" | ||
ls -R sysroot/ostree/deploy/testos/var | ||
|
||
cd osdata | ||
mkdir -p var/lib/ | ||
echo somedata > var/lib/somefile | ||
${CMD_PREFIX} ostree --repo=${test_tmpdir}/testos-repo commit -b testos/buildmain/x86_64-runtime | ||
cd - | ||
${CMD_PREFIX} ostree --repo=sysroot/ostree/repo pull-local --remote=testos testos-repo testos/buildmain/x86_64-runtime | ||
|
||
${CMD_PREFIX} ostree admin deploy --os=testos testos:testos/buildmain/x86_64-runtime | ||
ls -R sysroot/ostree/deploy/testos/var | ||
assert_file_has_content sysroot/ostree/deploy/testos/var/lib/somefile somedata | ||
# We don't have tmpfiles here yet | ||
assert_not_has_dir sysroot/ostree/deploy/*.0/usr/lib/tmpfiles.d | ||
if ${CMD_PREFIX} ostree --repo=sysroot/ostree/repo ls testos/buildmain/x86_64-runtime /var/log; then | ||
fatal "var/log in commit" | ||
fi | ||
# This one is created via legacy init w/o tmpfiles.d | ||
assert_has_dir sysroot/ostree/deploy/testos/var/log | ||
|
||
tap_ok deployment var init | ||
|
||
cd osdata | ||
echo someotherdata > var/lib/someotherfile | ||
${CMD_PREFIX} ostree --repo=${test_tmpdir}/testos-repo commit -b testos/buildmain/x86_64-runtime | ||
cd - | ||
${CMD_PREFIX} ostree --repo=sysroot/ostree/repo pull-local --remote=testos testos-repo testos/buildmain/x86_64-runtime | ||
${CMD_PREFIX} ostree admin deploy --os=testos testos:testos/buildmain/x86_64-runtime | ||
assert_not_has_file sysroot/ostree/deploy/testos/var/lib/someotherfile | ||
|
||
tap_ok deployment var not updated | ||
|
||
${CMD_PREFIX} ostree admin undeploy 0 | ||
${CMD_PREFIX} ostree admin undeploy 0 | ||
rm sysroot/ostree/deploy/testos/var/* -rf | ||
|
||
cd osdata | ||
mkdir -p usr/lib/tmpfiles.d | ||
${CMD_PREFIX} ostree --repo=${test_tmpdir}/testos-repo commit -b testos/buildmain/x86_64-runtime | ||
cd - | ||
${CMD_PREFIX} ostree --repo=sysroot/ostree/repo pull-local --remote=testos testos-repo testos/buildmain/x86_64-runtime | ||
${CMD_PREFIX} ostree admin deploy --os=testos testos:testos/buildmain/x86_64-runtime | ||
|
||
# Not in the commit, so not created via legacy init because we have tmpfiles.d | ||
assert_not_has_dir sysroot/ostree/deploy/testos/var/log | ||
|
||
tap_ok deployment var w/o legacy | ||
|
||
tap_end |