Various patches to build extensions container using podman build in production#4044
Various patches to build extensions container using podman build in production#4044jlebon merged 5 commits intocoreos:mainfrom
podman build in production#4044Conversation
Another one of those that's assumed by some userspace apps (in this case, apparently, `podman run`).
| '--git-sub-dir', default='', required=False, | ||
| help='Git sub directory to use for container build') | ||
| parser.add_argument( | ||
| '--git-file', default='', required=False, |
There was a problem hiding this comment.
minor: I think the name of the argument is confusing, containerfile is enough, with the help text as is IMO
There was a problem hiding this comment.
I kind of agree.. alternatively.. --contextdir= where you can specify the full path to the containerfile as an option.
There was a problem hiding this comment.
I want something with git in it to make it clear it's about the git repo. Maybe just --git-containerfile?
There was a problem hiding this comment.
OK, just went with --git-containerfile for now.
| raise Exception("Error encountered when checking if manifest exists") | ||
| if cp.returncode == 0: | ||
| return True | ||
| cmd = ["podman", "image", "exists", f"{repo}:{tag}"] |
There was a problem hiding this comment.
I wouldn't make this change unless we've tested it fully.
My experience here was that we needed them both: 44901a6. If I could have used just one I definitely would have.
There was a problem hiding this comment.
Right, meant to point you at this for a sanity-check.
OK so testing this in depth now:
- if an image is not a manifest list:
podman manifest existsreturns 125podman image existsreturns 0
- if an image is a manifest list:
podman manifest existsreturns 0podman image existsreturns 1
- if an image doesn't exist
podman manifest existsreturns 1podman image existsreturns 1
I think there's a bug there and podman image exists should probably actually return 0 if the image exists but it's a manifest.
But anyway... I think we can work around this by reversing the order in which we call the two commands?
If it doesn't exist, then both iterations will pass. If it's a manifest, the second iteration returns True. If it's an image, the first iteration returns True.
There was a problem hiding this comment.
Sorry for not thinking critically on this. Today has had a lot going on.
Are you saying there is a bug in the current code?
There was a problem hiding this comment.
Yes. I summarized it in the commit message.
There was a problem hiding this comment.
Well, I think it's debatable whether it's a bug in our code or a bug in podman that our code is hitting. I'd argue more for the latter.
There was a problem hiding this comment.
yeah. I'm surprised. I was pretty sure I tested all permutations when I added this code because we were hitting an issue where someone had pulled the image on the node (i.e. not manifest listed) and I needed to update it and I thought I handled all cases.
Either way, it sounds like you've got all cases covered so LGTM
jlebon
force-pushed
the
pr/extensions-build
branch
2 times, most recently
from
3c6feeb to
e2c2709
Compare
dustymabe
left a comment
dustymabe
left a comment
There was a problem hiding this comment.
LGTM - merge when you're ready
Instead of bind-mounting `/tmp/extensions.json`, just extract it from the image now that it's baked in there.
For building the extensions, we need to be able to point buildah at the root of the git repo for the context dir but the Dockerfile in the `extensions/` subdirectory. Add a `--git-containerfile` for this.
When cloning the git repo to pass to buildah, make sure to initiatlize submodules. E.g. building the extensions container requires parsing the manifest, which references bits in the fedora-coreos-config submodule.
There's an asymmetry between `podman image exists` and `podman manifest exists`. The first will return 1 if the image is a manifest. The second will return 125 if the image is _not_ a manifest. I think this is probably a bug in podman, but for now we can work around this by reverting the order in which we do the checking. That way, if the image exists but isn't a manifest, we'll return `True` and not actually call `podman manifest exists` on it.
jlebon
force-pushed
the
pr/extensions-build
branch
from
e2c2709 to
f0da6d2
Compare
|
I reworked this to make the |
I think the updated change to support this is fine, but would like to PR later this week or something to drop the extra code/workaround. |
3 participants
We're getting ready to build the extensions container in production as part of the layered node image work. To be able to build it using
podman builddirectly and not viacosa build-extensions-container, a few adjustments are needed.See individual commit messages.