system-reinstall-bootc: fallback image from /usr/lib/os-release#2135
system-reinstall-bootc: fallback image from /usr/lib/os-release#2135hone wants to merge 6 commits intobootc-dev:mainfrom
Conversation
github-actions
Bot
added
the
area/system-reinstall-bootc
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a fallback mechanism to retrieve the bootc image from os-release files when not specified via CLI or environment variables. The changes include a new parsing module, refactored argument handling, and updated CI scripts. Feedback suggests parsing CLI arguments earlier to support standard flags like --help, filtering empty strings during os-release lookups for better fallback reliability, and consolidating redundant CI steps.
| order: 97 | ||
| script: | ||
| - mkdir -p bootc && cp /var/share/test-artifacts/*.src.rpm bootc | ||
| - cd bootc && rpm2cpio *.src.rpm | cpio -idmv && rm -f *-vendor.tar.zstd && zstd -d *.tar.zstd && tar -xvf *.tar -C . --strip-components=1 && ls -al | ||
| - pwd && ls -al && cd bootc/hack && ./provision-packit.sh | ||
| when: running_env != image_mode | ||
| - how: shell | ||
| order: 98 | ||
| script: | ||
| - echo 'BOOTC_IMAGE=localhost/bootc' | tee -a /usr/lib/os-release | ||
| - pwd && ls -al && cd bootc/hack && ./provision-packit.sh | ||
| when: running_env != image_mode |
There was a problem hiding this comment.
These two shell steps are redundant and inefficient. Both steps perform the same setup and run provision-packit.sh, which includes a time-consuming podman build operation. Since provision-packit.sh is already designed to handle both the explicit argument and the os-release fallback, you should combine these into a single step to avoid rebuilding the image and repeating the setup in CI.
order: 97
script:
- mkdir -p bootc && cp /var/share/test-artifacts/*.src.rpm bootc
- cd bootc && rpm2cpio *.src.rpm | cpio -idmv && rm -f *-vendor.tar.zstd && zstd -d *.tar.zstd && tar -xvf *.tar -C . --strip-components=1 && ls -al
- pwd && ls -al && cd bootc/hack && ./provision-packit.sh
- echo 'BOOTC_IMAGE=localhost/bootc' | tee -a /usr/lib/os-release
- ./provision-packit.sh
when: running_env != image_mode
There was a problem hiding this comment.
I thought it was easier to just build the image twice than try to do a cleanup step for testing the BOOTC_IMAGE path on reinstall.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request introduces the ability to automatically detect the bootc image from os-release files (/etc/os-release or /usr/lib/os-release) if not provided via the CLI. It also adds logic to automatically inherit host SSH keys when cloud-init is detected in the target image. Key changes include a new os_release module for parsing, updates to the CLI argument handling, and integration test adjustments. Feedback highlights a critical path error where a container-internal path is used as a host path for SSH key inheritance, potential inefficiencies and failures in the updated test plan, and an opportunity to refactor the image resolution logic for better maintainability.
hone
force-pushed
the
default-image-os-release
branch
from
5bb1c1e to
ee263a3
Compare
hone
force-pushed
the
default-image-os-release
branch
from
a168777 to
a21dcba
Compare
cgwalters
left a comment
cgwalters
left a comment
There was a problem hiding this comment.
Thanks so much for working on this!
| continue; | ||
| } | ||
|
|
||
| if let Some((key, value)) = line.split_once('=') { |
There was a problem hiding this comment.
Style nit, also could be let/else here and avoid further nesting
| if value.starts_with('"') && value.ends_with('"') && value.len() >= 2 { | ||
| let unquoted = &value[1..value.len() - 1]; | ||
| let processed = unquoted | ||
| .replace(r#"\""#, "\"") | ||
| .replace(r#"\\"#, "\\") | ||
| .replace(r#"\$"#, "$") | ||
| .replace(r#"\`"#, "`"); |
There was a problem hiding this comment.
I think we can use shlex to parse this, it's already in the depchain
| .iter() | ||
| .find_map(|path| { | ||
| os_release::get_bootc_image_from_file(path) | ||
| .ok() |
There was a problem hiding this comment.
Generally avoid "error swallowing" like this. There's two different cases:
- The file doens't exist - this is normal, and we have https://docs.rs/cap-std-ext/latest/cap_std_ext/dirext/trait.CapStdExtDirExt.html#tymethod.open_optional for this reason
- All other errors (permission denied, failure to parse the file, etc.). I think for this we'd want at least to use )
bootc/crates/utils/src/result_ext.rs
Line 4 in b1fe5d6
| } | ||
|
|
||
| #[context("image_has_cloud_init")] | ||
| pub(crate) fn image_has_cloud_init(image: &str) -> Result<bool> { |
There was a problem hiding this comment.
In bootc-dev/bcvk#245 we're proposing to standardize labels on images that have Ignition, it could make sense to do the same for cloud-init.
Separate effort from this PR.
There was a problem hiding this comment.
Is there already an issue for that?
| if podman::image_has_cloud_init(&opts.image)? { | ||
| let host_root_keys = std::path::Path::new("/root/.ssh/authorized_keys"); | ||
| if host_root_keys.exists() { | ||
| println!("Detected cloud-init and host keys. Inheriting keys automatically."); |
There was a problem hiding this comment.
I think this change may make sense but it looks completely unrelated to a fallback image approach right?
This seems like a distinct PR?
There was a problem hiding this comment.
From #1300:
In this flow we also wouldn't do any of the SSH key injection because we can assume the target image has cloud-init.
This was my attempt to tackle this from the issue. I wasn't sure if that was required for this, but happy to split this into a separate PR if that's easier.
|
How concerned should I be about these packit failures? |
The s390x build ones at least can be ignored for now, there's a known issue with those. |
Add a fallback option when arguments are specified for an image. It works in this order: 1. BOOTC_REINSTALL_CONFIG env var to a YAML file 2. `--image` flag 3. reads /etc/os-release for BOOTC_IMAGE 4. reads /usr/lib/os-release for BOOTC_IMAGE Fixes: bootc-dev#1300 Signed-off-by: Terence Lee <hone02@gmail.com>
If cloud-init is detected in the target image: 1. Check the host for existing root SSH keys at /root/.ssh/authorized_keys. 2. If host keys exist, automatically configure inheritance via /target/root/.ssh/authorized_keys. 3. If no host keys exist, proceed without manual interaction, trusting cloud-init in the new system to handle key provisioning. If cloud-init is not detected, maintain the existinginteractive behavior to prevent user lock-out. Ref: bootc-dev#1300 Signed-off-by: Terence Lee <hone02@gmail.com>
Signed-off-by: Terence Lee <hone02@gmail.com>
Signed-off-by: Terence Lee <hone02@gmail.com>
Remove duplicate cloud-init from hack/packages.txt Signed-off-by: Terence Lee <hone02@gmail.com>
Signed-off-by: Terence Lee <hone02@gmail.com>
hone
force-pushed
the
default-image-os-release
branch
from
9bb1f27 to
c8cc3f2
Compare
|
Thank you again for this. This needs another run of: |
@jmarrero happy to do that. Before I squash, should I split out the ssh authorized keys pieces or keep it in this PR? |
4 participants
Add a fallback option when arguments are specified for an image. It works in this order:
--imageflagFixes: #1300