Make /usr/bin/coreos-assembler a Go program, implement clean in Go

[cgwalters]

mantle: Display stderr from ssh-keygen

This is failing in CI, but on general principle we don't want
to swallow stderr.

---

Make /usr/bin/coreos-assembler a Go program, implement clean in Go

• Converts the entrypoint into Go code
• Add an internal library that exposes/wraps cmdlib.sh
  because we have a lot of stuff in there that can't be ported
  to Go yet.
• Add an internal library for running inline (named) bash scripts
• Port clean to Go

This is a pattern I think we'll use to aid the transition; rather
than trying to rewrite things wholesale in Go, we'll continue
to exec some shell scripts.

Gradually perhaps, we may invert some things and change both
cmdlib.sh and cmdlib.py to exec the cosa Go process in some
cases too.

Closes: #2821

---

[cgwalters]

To restate, the high level goal here is:

• It becomes possible to use Go (alongside shell and Python) for "cosa"
• It becomes discouraged/deprecated to write new cosa code in shell or Python

There's a ton of clear next steps here; the biggest is merging mantle/ to the toplevel, so that e.g. kola -> cosa; i.e. /usr/bin/cosa is a Go program containing the kola Go code, and we dispatch on argv[0] etc. We could do the same with gangplank/.

[bgilbert]

It becomes discouraged/deprecated to write new cosa code in shell or Python

I don't think there's consensus for this part. Restructuring for convenience is one thing; setting policy is another. Let's not block the former on the latter?

[cgwalters]

I don't think there's consensus for this part. Restructuring for convenience is one thing; setting policy is another. Let's not block the former on the latter?

Definitely agreed! I'm just setting out my goals/perspective.

[miabbott]

Would this be something that would be better suited for a dedicated branch?

Maybe it is better to keep this silo'ed from main until it is more fully featured? Just asking for other opinions.

[cgwalters]

Would this be something that would be better suited for a dedicated branch? Maybe it is better to keep this silo'ed from main until it is more fully featured?

Hmm...this PR is really small I think and unlikely to break anything - CI covers almost everything. The corner case I wrestled with turned out to be cosa shell where we need to carefully pass through stdin/stdout/stderr instead of buffering; which we do right now for everything but in the future won't.

Now if you're talking about the followups to this PR...I'm personally not planning on doing any wholesale or risky further followup changes in the short term. It could make sense though to branch if anyone chose to do that kind of thing.

I think it makes the most sense to land incremental changes to main though as much as we can; that's really what this is.

[miabbott]

I think it makes the most sense to land incremental changes to main though as much as we can; that's really what this is.

Thanks for sharing your perspective, Colin!

[travier]

I'm +1 for this but maybe we should have at least one command making use of it as an example?

[jlebon]

I'm also 👍 to this.

While I strongly agree we shouldn't start trying to rewrite everything in Go, I'd say at least the bash entrypoint itself would be worthwhile to rewrite to make this less confusing (and it's not large anyway).

[cgwalters]

OK rebased 🏄
and this now depends on

• main: Stop setting COSA_META_SCHEMA #2961
• main: Change /sys/fs/selinux handling to be a hard error #2960

[cgwalters]

While I strongly agree we shouldn't start trying to rewrite everything in Go, I'd say at least the bash entrypoint itself would be worthwhile to rewrite to make this less confusing (and it's not large anyway).

Also, this is done now!

[cgwalters]

[2022-07-06T18:53:13.389Z] FAIL: pxe-install (bios + metal) (0s)
[2022-07-06T18:53:13.389Z]     running ssh-keygen: exit status 255
[2022-07-06T18:53:13.389Z] Error: running ssh-keygen: exit status 255

Huh, fascinating 🕵️

[cgwalters]

OK so it took me a while to realize that this bit of bash code was...buggy:

#!/usr/bin/env bash
set -euo pipefail
...
# docker/podman don't run through PAM, but we want this set for the privileged
# (non-virtualized) path
export USER="${USER:-$(id -nu)}"

The thing is apparently because $( is run in a subshell or something, bash will ignore errors there. I think this whole time we've ended up with an empty USER environment variable in the OCP dynamic user case.

I adjusted the new Go logic to have a cleaner fallback here.

[cgwalters]

(also, this latest push faithfully ports the existing shell logic for /sys/fs/selinux to Go)

[cgwalters]

Nice, of course it randomly failed with a seemingly unrelated dynamic Python traceback...
Not reproducing...oh. Oh wait, I think this is fallout from recent changes to the CI config for openshift/os. We're just doing cosa build ostree and not cosa build. And of course that results in a dynamic Python crash when you cosa buildextend-aliyun.

[cgwalters]

CI failure is unrelated, I think openshift/os#889 will fix it

[cgwalters]

Hmm, timeout
/retest

[cgwalters]

@travier @mike-nguyen as TLs mind weighing in officially on this? 👍 / 👎 / 0 / other?

[jlebon]

Didn't do an in-depth review, but high-level LGTM! Thanks for tackling the entrypoint and cosa clean to get the ball rolling.

[jlebon]

Minor: strict mode can be passed in on the cmdline directly, e.g. bash -euo pipefail -c ....

[jlebon]

This is pretty cool! It borders on the "too magic" line, but I definitely see the appeal for our purposes here. I think one risk factor is the increased mental complexity of reading, writing, and debugging code leveraging this. Whereas if you have a whole cosa command you know is 100% Go, that's more straightforward to work with. That said, I think it's still worth trying out as we evaluate how best to clean up this codebase.

[jlebon]

I noticed this is marked as closing #2821 but I'm not sure we should tie the two. That cosa issue seems more to be a project policy decision.

[cgwalters]

I noticed this is marked as closing #2821 but I'm not sure we should tie the two. That cosa issue seems more to be a project policy decision.

There's a lot of fuzzy lines here...the title of that issue is just "default to Go" which one could interpret in multiple ways.

To me, "default to Go" is literally that the first code executed by /usr/bin/coreos-assembler is Go - which this PR does.

We did have discussions about the "policy" question of e.g. trying to actively discourage other languages which I think is still separate from that issue. (But I admit it can be read in that way)

[dustymabe]

Let's get the CI failure cleaned up and this merged.

[cgwalters]

CI is probably fixed by openshift/os#891
/retest

[cgwalters]

/retest

[travier]

@travier @mike-nguyen as TLs mind weighing in officially on this? +1 / -1 / 0 / other?

I'm late here but I've already agreed in principle in #2919 (comment) and in general I'm in favor of us moving code from Bash or Python to Go.