Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add an initial mkosi config #105

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Add an initial mkosi config #105

wants to merge 1 commit into from

Conversation

jeremycline
Copy link
Member

@jeremycline jeremycline commented Jul 16, 2024
edited
Loading

This is still a work-in-progress.

It still needs:

  • A stubbed out Wireserver and IMDS instance

To try it out as-is, you can build and then boot the image with:

$ mkosi -d fedora
$ sudo mkosi boot

The version of azure-init in target/debug/ will be run as part of the
image startup. You can inspect the result with "systemctl status
azure-init". Run "systemctl poweroff" to leave the environment.

This needs to be done in an Azure VM since it relies on talking to a
real Wireserver and IMDS.

Refer to mkosi docs[0] for installation options

[0] https://github.com/systemd/mkosi?tab=readme-ov-file#installation

@jeremycline jeremycline force-pushed the mkosi-conf branch 3 times, most recently from e33a26b to d848ef6 Compare July 19, 2024 19:35
@jeremycline
Add an initial mkosi config
f45d6b0 
This is still a work-in-progress.

It still needs:
 - A stubbed out Wireserver and IMDS instance

To try it out as-is, you can build and then boot the image with:

$ mkosi -d fedora
$ sudo mkosi boot

The version of azure-init in target/debug/ will be run as part of the
image startup. You can inspect the result with "systemctl status
azure-init". Run "systemctl poweroff" to leave the environment.

This needs to be done in an Azure VM since it relies on talking to a
real Wireserver and IMDS.

Refer to mkosi docs[0] for installation options

[0] https://github.com/systemd/mkosi?tab=readme-ov-file#installation
jeremycline added a commit to jeremycline/azure-init that referenced this pull request Jul 19, 2024
@jeremycline
azure-init: Accept providing user groups via the CLI
00948ad 
Debian uses "sudo" as the group for having do-anything sudo permissions,
where-as Fedora uses "wheel". Otherwise the same binary works fine for
both. I don't see an advantage to baking the groups into the binary.

Accept a list of supplementary groups to use when provisioning the user
so the same binary can be used for both. Values can be provided using
the "-g" or "--groups" argument, or by setting the
"AZURE_INIT_USER_GROUPS" environment variable. If no groups are
provided, the default remains "wheel".

I found this helpful when testing Azure#105. We could expand this to allow
more runtime tweaks to, for example, the backend in use if folks like
this.
jeremycline added a commit to jeremycline/azure-init that referenced this pull request Jul 19, 2024
@jeremycline
azure-init: Accept providing user groups via the CLI
cadd3fb 
Debian uses "sudo" as the group for having do-anything sudo permissions,
where-as Fedora uses "wheel". Otherwise the same binary works fine for
both. I don't see an advantage to baking the groups into the binary, so
this is a take on runtime configuration.

Accept a list of supplementary groups to use when provisioning the user
so the same binary can be used for both. Values can be provided using
the "-g" or "--groups" argument, or by setting the
"AZURE_INIT_USER_GROUPS" environment variable. If no groups are
provided, the default remains "wheel".

I found this helpful when testing Azure#105. We could expand this to allow
more runtime tweaks to, for example, the backend in use if folks like
this.
@jeremycline jeremycline mentioned this pull request Jul 19, 2024
Merged
jeremycline added a commit to jeremycline/azure-init that referenced this pull request Jul 19, 2024
@jeremycline
azure-init: Accept providing user groups via the CLI
b874663 
Debian uses "sudo" as the group for having do-anything sudo permissions,
where-as Fedora uses "wheel". Otherwise the same binary works fine for
both. I don't see an advantage to baking the groups into the binary, so
this is a take on runtime configuration.

Accept a list of supplementary groups to use when provisioning the user
so the same binary can be used for both. Values can be provided using
the "-g" or "--groups" argument, or by setting the
"AZURE_INIT_USER_GROUPS" environment variable. If no groups are
provided, the default remains "wheel".

I found this helpful when testing Azure#105. We could expand this to allow
more runtime tweaks to, for example, the backend in use if folks like
this.
jeremycline added a commit to jeremycline/azure-init that referenced this pull request Jul 19, 2024
@jeremycline
azure-init: Accept providing user groups via the CLI
1f00300 
Debian uses "sudo" as the group for having do-anything sudo permissions,
where-as Fedora uses "wheel". Otherwise the same binary works fine for
both. I don't see an advantage to baking the groups into the binary, so
this is a take on runtime configuration.

Accept a list of supplementary groups to use when provisioning the user
so the same binary can be used for both. Values can be provided using
the "-g" or "--groups" argument, or by setting the
"AZURE_INIT_USER_GROUPS" environment variable. If no groups are
provided, the default remains "wheel".

I found this helpful when testing Azure#105. We could expand this to allow
more runtime tweaks to, for example, the backend in use if folks like
this.
jeremycline added a commit to jeremycline/azure-init that referenced this pull request Jul 19, 2024
@jeremycline
azure-init: Accept providing user groups via the CLI
24a7e9f 
Debian uses "sudo" as the group for having do-anything sudo permissions,
where-as Fedora uses "wheel". Otherwise the same binary works fine for
both. I don't see an advantage to baking the groups into the binary, so
this is a take on runtime configuration.

Accept a list of supplementary groups to use when provisioning the user
so the same binary can be used for both. Values can be provided using
the "-g" or "--groups" argument, or by setting the
"AZURE_INIT_USER_GROUPS" environment variable. If no groups are
provided, the default remains "wheel".

I found this helpful when testing Azure#105. We could expand this to allow
more runtime tweaks to, for example, the backend in use if folks like
this.
jeremycline added a commit to jeremycline/azure-init that referenced this pull request Jul 19, 2024
@jeremycline
azure-init: Accept providing user groups via the CLI
b72b432 
Debian uses "sudo" as the group for having do-anything sudo permissions,
where-as Fedora uses "wheel". Otherwise the same binary works fine for
both. I don't see an advantage to baking the groups into the binary, so
this is a take on runtime configuration.

Accept a list of supplementary groups to use when provisioning the user
so the same binary can be used for both. Values can be provided using
the "-g" or "--groups" argument, or by setting the
"AZURE_INIT_USER_GROUPS" environment variable. If no groups are
provided, the default remains "wheel".

I found this helpful when testing Azure#105. We could expand this to allow
more runtime tweaks to, for example, the backend in use if folks like
this.
jeremycline added a commit to jeremycline/azure-init that referenced this pull request Jul 19, 2024
@jeremycline
azure-init: Accept providing user groups via the CLI
48065a2 
Debian uses "sudo" as the group for having do-anything sudo permissions,
where-as Fedora uses "wheel". Otherwise the same binary works fine for
both. I don't see an advantage to baking the groups into the binary, so
this is a take on runtime configuration.

Accept a list of supplementary groups to use when provisioning the user
so the same binary can be used for both. Values can be provided using
the "-g" or "--groups" argument, or by setting the
"AZURE_INIT_USER_GROUPS" environment variable. If no groups are
provided, the default remains "wheel".

I found this helpful when testing Azure#105. We could expand this to allow
more runtime tweaks to, for example, the backend in use if folks like
this.
jeremycline added a commit to jeremycline/azure-init that referenced this pull request Jul 19, 2024
@jeremycline
azure-init: Accept providing user groups via the CLI
9ed328a 
Debian uses "sudo" as the group for having do-anything sudo permissions,
where-as Fedora uses "wheel". Otherwise the same binary works fine for
both. I don't see an advantage to baking the groups into the binary, so
this is a take on runtime configuration.

Accept a list of supplementary groups to use when provisioning the user
so the same binary can be used for both. Values can be provided using
the "-g" or "--groups" argument, or by setting the
"AZURE_INIT_USER_GROUPS" environment variable. If no groups are
provided, the default remains "wheel".

I found this helpful when testing Azure#105. We could expand this to allow
more runtime tweaks to, for example, the backend in use if folks like
this.
dongsupark pushed a commit that referenced this pull request Jul 23, 2024
@jeremycline
azure-init: Accept providing user groups via the CLI (#108)
adfc89d 
* azure-init: Accept providing user groups via the CLI

Debian uses "sudo" as the group for having do-anything sudo permissions,
where-as Fedora uses "wheel". Otherwise the same binary works fine for
both. I don't see an advantage to baking the groups into the binary, so
this is a take on runtime configuration.

Accept a list of supplementary groups to use when provisioning the user
so the same binary can be used for both. Values can be provided using
the "-g" or "--groups" argument, or by setting the
"AZURE_INIT_USER_GROUPS" environment variable. If no groups are
provided, the default remains "wheel".

I found this helpful when testing #105. We could expand this to allow
more runtime tweaks to, for example, the backend in use if folks like
this.

* Clarify priority of environment variables vs CLI args

Arguments provided as CLI arguments (`azure-init --groups=wheel,deal`)
override any arguments provided by environment variables. They are not
merged.
dongsupark
dongsupark reviewed Jul 25, 2024
View reviewed changes
mkosi.conf
# Perform an incremental rebuild of the image
Incremental=true
# Make the source available at runtime
RuntimeBuildSources=yes
Copy link
Collaborator

@dongsupark dongsupark Jul 25, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about adding ToolsTree=default here?
On my Debian stable system with systemd 252, mkosi boot does not run because systemd-nspawn version is too low.

See also NEWS:
ToolsTree=default can be used to make sure a recent version of systemd is used to do the image build.

@dongsupark dongsupark added the feature New feature or request label Sep 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dongsupark dongsupark dongsupark left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
feature New feature or request init-system-integration
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jeremycline @dongsupark @John15321