Comments (16)
ondrejbudai
commented on August 12, 2024
1
I don't think we have any ways to fix it. bootc-image-builder is meant to run in environments (Mac) without KVM support. libguestfs is utterly slow without KVM. mkfs.xfs protofiles don't work well with the bootc install model (unless bootc gets support for it).
EDIT: Just to clarify, the issue is that we need to mount the disk file so we can write the files into it. That can be done only by a root in the top-level user namespace. Root in a rootless container simply cannot do it.
from bootc-image-builder.
supakeen
commented on August 12, 2024
We're also investigating if we can do at least (some) of the filesystem work with libguestfs.
from bootc-image-builder.
cgwalters
commented on August 12, 2024
libguestfs is just a way to run VMs, so the nested virt concerns above apply.
from bootc-image-builder.
achilleas-k
commented on August 12, 2024
Right, so I was just reading about the internals and yeah libguestfs uses qemu to boot a kernel and sets up an "appliance" to talk to it. :|
from bootc-image-builder.
cgwalters
commented on August 12, 2024
The 3rd option (beyond host kernel and virt) is https://github.com/lkl/linux which is relatively new and specifically cptofs is about this problem but...I really don't think it's worth trying to scope this in right now.
from bootc-image-builder.
ondrejbudai
commented on August 12, 2024
libguestfs doesn't require KVM: https://libguestfs.org/guestfs-faq.1.html I guess it just falls back to emulation if there's no KVM. The question is how fast it is.
from bootc-image-builder.
achilleas-k
commented on August 12, 2024
Mounting directly uses FUSE and is pretty poor, but supposedly using the shell can be quite good. We can benchmark of course.
FTR, this works on rootless podman machine on macOS:
test.sh
#!/usr/bin/env bash
set -euo pipefail
fname="${1}"
truncate -s 100M "${fname}"
mkfs.ext4 "${fname}"
guestfish --rw -a "${fname}" << EOF
run
list-filesystems
mount /dev/sda /
copy-in test.sh /
cat /test.sh
quit
EOF
echo "DONE"
rm "${fname}"Containerfile
FROM fedora:39
RUN dnf -y install libguestfs
ENV LIBGUESTFS_BACKEND=direct
COPY test.sh /test.sh
ENTRYPOINT ["/test.sh"]from bootc-image-builder.
cgwalters
commented on August 12, 2024
Note that https://github.com/cgwalters/osbuildbootc/ doesn't use libguestfs, but it does use the underlying tool (supermin) to construct a VM root filesystem out of the container rootfs and works unprivileged today.
Honestly I think that code and approach there is much simpler than the "higher level" libguestfs approach because we have the ability to drive things at a low level.
So if we go down this path I think it'd make sense to look at merging that code.
(The other thing osbuildbootc does it defers all the heavy lifting to bootc install to-disk, which is #18 )
from bootc-image-builder.
cgwalters
commented on August 12, 2024
the underlying tool (supermin) to construct a VM root filesystem out of the container rootfs
That said what would make much more sense in a modern times is to use virtiofs as the root filesystem instead, it probably wouldn't be too hard. I just haven't dug into it.
from bootc-image-builder.
cgwalters
commented on August 12, 2024
Honestly I think that code and approach there is much simpler than the "higher level" libguestfs approach because we have the ability to drive things at a low level.
For example, forcing indirection through libguestfs's high level APIs reintroduce the same problems that osbuild creates today that motivates ostreedev/ostree#3094 - what we're doing often wants to do quite low level filesystem and block device things. libguestfs is just high level sugar for executing arbitrary code in a transient VM, and we can construct a transient VM without it.
from bootc-image-builder.
ondrejbudai
commented on August 12, 2024
I'm worried that doing the whole build under supermin might be extremely slow if KVM is not there. Whereas if we just offload the final copying part, it might be fine. I know that @achilleas-k is working on some benchmarks.
from bootc-image-builder.
ondrejbudai
commented on August 12, 2024
Also, full QEMU emulation isn't supported on RHEL. I wonder if guestfs has an exception....
from bootc-image-builder.
cgwalters
commented on August 12, 2024
libguestfs doesn't have an exception, its main use case is just targeted being used from Linux hosts.
from bootc-image-builder.
vrothberg
commented on August 12, 2024
I am currently catching up on containers/podman-desktop-extension-bootc#93. What's the current status of this issue? The root requirement can be documented (as pointed out in containers/podman-desktop-extension-bootc#93) but I want to have a better understanding.
from bootc-image-builder.
cgwalters
commented on August 12, 2024
I doubt we're going to do anything major here soon, I think we should just document switching or initializing with --rootful.
from bootc-image-builder.
cgwalters
commented on August 12, 2024
mkfs.xfs protofiles don't work well with the bootc install model (unless bootc gets support for it).
Right, to elaborate on that slightly it would create wildly distinct mechanisms for "day 1" versus "day 2". It's not impossible...but would be extremely hard to maintain over time.
from bootc-image-builder.
Related Issues (20)
- No vcs version info in bib container HOT 1
- kickstart users and/or groups are not compatible with user-supplied kickstart content when build iso after # 438 mereged HOT 3
- Can config.yaml / config.toml be readonly? HOT 1
- Error with build config json file? HOT 2
- Does not work on Linux with Podman Machine (errors with cp: error writing '/output/image/./disk.raw') HOT 6
- No documentation on btrfs HOT 1
- Should Anaconda's Users module be enabled by default?
- Can't concurrently build boot images for multiple architectures
- aarch64 uses dos format partitions HOT 4
- Failed to build out btrfs roofs qcow2 image using quay.io/fedora/fedora-bootc:40/latest and quay.io/centos-bootc/centos-bootc:stream10 HOT 2
- Expose option to set `target-imgref` to a different value from the source imgref
- expose /var/lib/containers to bootc install to-filesystem HOT 8
- Any investigation on using krun (to be able to run bib non-root)? HOT 3
- We should output if chown is successful or not
- chown doesn't work on mac or windows? HOT 1
- Filesystem customizations don't work with toml config
- Support custom mountpoints HOT 5
- testing farm: `Error: building at STEP "COPY .git /build/.git": checking on sources under ".../discover/default-0/tests": copier: stat: "/.git": no such file or directory`
- Build Fedora 40 anaconda-iso failed on aarch64
- Can't build CS10 anaconda-iso
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bootc-image-builder.