build-extensions-container: add command to build the extensions container #2985
Conversation
|
Skipping CI for Draft Pull Request. |
|
Now that #2919 landed - this code could start out in Go. Just an option to consider. |
| return parser.parse_args() | ||
|
|
||
| def run_container_build(context_dir): | ||
| print("call runvm and podman inside it...") |
There was a problem hiding this comment.
Yeah, all this logic is in shell (cmdlib.sh) today unfortunately 😢
But, combining this and my comment about #2919 - today the cosa Go library has good support for running code from cmdlib.sh.
jmarrero
force-pushed
the
build-extensions-container
branch
from
6ecced8 to
8033aa6
Compare
jmarrero
force-pushed
the
build-extensions-container
branch
from
0b3c953 to
8aeb7d4
Compare
| @@ -0,0 +1,43 @@ | |||
| // See usage below | |||
There was a problem hiding this comment.
probably should rename this file build-extensions-container.go
|
Is this going to need to be run on different architectures? or just on x86_64? |
This is part of the effort for Openshift 4.12, I don't see why it would be limited to only x86_64. I assume this will be built for all the architectures we support on Openshift/RHCOS. |
jmarrero
force-pushed
the
build-extensions-container
branch
from
8aeb7d4 to
0d71c5d
Compare
src/build-extensions-oscontainer.sh
Outdated
| cd src/config | ||
| #Replace the FROM line with the ociarchive | ||
| #FROM oci-archive:/srv/builds/VERSION/x86_64/rhcos-VERSION.ociarchive as os | ||
| sed -i "s|$RHCOS_IMAGE|oci-archive:$RHCOS_OCIARCHIVE|" extensions/Dockerfile |
There was a problem hiding this comment.
I think we can just use podman build --from oci-archive:$RHCOS_OCIARCHIVE
(Also tangentially in theory this isn't specific to RHCOS, so in the variable names and such we can just say e.g. ostree_ociarchive or something)
jmarrero
force-pushed
the
build-extensions-container
branch
from
0d71c5d to
6e57507
Compare
cmd/build-extensions-container.go
Outdated
| ) | ||
|
|
||
| func buildExtensionContainer() error { | ||
| fmt.Println("Calling cmdlib") |
There was a problem hiding this comment.
Can remove these leftover debug bits I assume?
cmd/build-extensions-container.go
Outdated
| if _, err := sh.PrepareBuild(); err != nil { | ||
| return err | ||
| } | ||
| sh.Process("runvm -- /usr/lib/coreos-assembler/build-extensions-oscontainer.sh $tmp_builddir/output.txt") |
There was a problem hiding this comment.
Just going to call out I think this CosaSh thing is demonstrating its value here in allowing us to reuse all the shell script logic.
jmarrero
force-pushed
the
build-extensions-container
branch
2 times, most recently
from
42247de to
fa1eac7
Compare
jmarrero
changed the title
jmarrero
force-pushed
the
build-extensions-container
branch
4 times, most recently
from
63a3f4a to
868e27d
Compare
src/cmd-push-container
Outdated
| extensions_ociarchive = os.path.join(latest_build_path, meta['images']['extensions-container']['path']) | ||
| if not extensions_ociarchive: | ||
| ociarchives = ["ostree", "extensions-container"] |
There was a problem hiding this comment.
Here extensions_ociarchive will always be a string i.e. truthy. I think you may have meant to do e.g.:
containers_to_push = ["ostree"]
extensions = meta['images'].get('extensions-container')
if extensions:
containers_to_push.append('extensions-container')
or so?
src/cmd-push-container
Outdated
| json.dump(meta, f, sort_keys=True) | ||
| shutil.move(metapath_new, metapath) | ||
| ociarchives = ["ostree"] | ||
| for archive_id in ociarchives: |
There was a problem hiding this comment.
Ah, interesting. I'd been thinking we'd have two separate calls to push-container in the pipeline, like push-container --ostree and push-container --extensions or something as separate calls. But, I'm OK doing both at once too.
There was a problem hiding this comment.
Ahh I see, the idea I had was since both need to be pushed together going forward then always check if the extensions container was there and push it. But changing it to a flag is a quick change.
There was a problem hiding this comment.
I'm definitely OK having one command push two containers; it becomes slightly odd since it's now really push-containers plural but...eh. (Renaming it would require ratcheting into the pipelines, let's not do that)
There was a problem hiding this comment.
I'll change it. Thinking about it this might be bad if in the pipeline we are doing build and then push right away. Basically I guess that we would call this script twice either way. It will also minimize the changes on the code. No loops, etc.
There was a problem hiding this comment.
I guess if we don't want to adjust the pipelines then I added --extensions parameter only and then ostree is the default behavior.
jmarrero
force-pushed
the
build-extensions-container
branch
2 times, most recently
from
996dc18 to
96c6933
Compare
cmd/build-extensions-container.go
Outdated
| //"os/exec" | ||
| ) | ||
|
|
||
| type MetaJSON struct { |
There was a problem hiding this comment.
We should have all this defined in "github.com/coreos/coreos-assembler-schema/cosa"
cmd/build-extensions-container.go
Outdated
|
|
||
| file, err := os.Open(ociarchive) | ||
| if err != nil { | ||
| log.Fatal(err) |
There was a problem hiding this comment.
Let's do return err here for consistentency.
cmd/build-extensions-container.go
Outdated
|
|
||
| stat, err := file.Stat() | ||
| if err != nil { | ||
| //file no here? |
There was a problem hiding this comment.
I think this should be return err too.
jmarrero
force-pushed
the
build-extensions-container
branch
2 times, most recently
from
c71d4b3 to
ff49289
Compare
|
If you rebase on #3063 it should avoid a lot of the "vendor duplication" when trying to pull in schema/ into the toplevel. |
jmarrero
force-pushed
the
build-extensions-container
branch
from
da8c905 to
b14d14a
Compare
Thanks, checked and is working as expected: |
jmarrero
force-pushed
the
build-extensions-container
branch
2 times, most recently
from
40c7e06 to
9f3dbd1
Compare
|
Testing I found that somehow I am dropping |
After Unmarshaling the value is present in the object, but somehow dropped a line after on the Marshal. wonder if I am hitting some kind of reference issue. |
|
OK first trying this out the EDIT: OK made some further changes, can you take a look? index 5f238d5c5..209fada28 100644
--- a/cmd/build-extensions-container.go
+++ b/cmd/build-extensions-container.go
@@ -11,10 +11,16 @@ import (
"io/ioutil"
"os"
"path/filepath"
- "strings"
)
func buildExtensionContainer() error {
+ lastBuild, buildPath, err := cosa.ReadBuild("builds", "", "")
+ if err != nil {
+ return err
+ }
+ buildID := lastBuild.BuildID
+ fmt.Printf("Generating extensions container for build: %s\n", buildID)
+
arch := cosa.BuilderArch()
sh, err := cosash.NewCosaSh()
if err != nil {
@@ -23,29 +29,23 @@ func buildExtensionContainer() error {
if _, err := sh.PrepareBuild(); err != nil {
return err
}
- process := "runvm -- /usr/lib/coreos-assembler/build-extensions-oscontainer.sh " + arch + " $tmp_builddir/output.txt"
- sh.Process(process)
- tmpdir, err := sh.ProcessWithReply("echo $tmp_builddir>&3\n")
- if err != nil {
- return err
- }
- content, err := ioutil.ReadFile(filepath.Join(tmpdir, "output.txt"))
- if err != nil {
+ targetname := "extensions-container-" + buildID + "." + arch + ".ociarchive"
+ process := "runvm -- /usr/lib/coreos-assembler/build-extensions-oscontainer.sh " + arch + " $tmp_builddir/" + targetname
+ if err := sh.Process(process); err != nil {
return err
}
- ociarchive := strings.TrimSpace(string(content))
- workdir := getWorkDir(ociarchive)
- lastBuild, _, err := cosa.ReadBuild(workdir+"/builds", "latest", arch)
+ // Find the temporary directory allocated by the shell process, and put the OCI archive in its final place
+ tmpdir, err := sh.ProcessWithReply("echo $tmp_builddir>&3\n")
if err != nil {
return err
}
- buildID := lastBuild.BuildID
- renamedArchive := filepath.Join(filepath.Dir(ociarchive), "extensions-container-"+buildID+"."+arch+".ociarchive")
- err = os.Rename(ociarchive, renamedArchive)
+ targetPath := filepath.Join(buildPath, targetname)
+ err = os.Rename(filepath.Join(tmpdir, targetname), targetPath)
if err != nil {
return err
}
- file, err := os.Open(renamedArchive)
+ // Gather metadata of the OCI archive (sha256, size)
+ file, err := os.Open(targetPath)
if err != nil {
return err
}
@@ -59,9 +59,9 @@ func buildExtensionContainer() error {
return err
}
sha256 := fmt.Sprintf("%x", hash.Sum(nil))
- builddir := filepath.Join(workdir, "builds", "latest", arch)
- metapath := filepath.Join(builddir, "meta.json")
+ // Update the meta.json to include metadata for our OCI archive
+ metapath := filepath.Join(buildPath, "meta.json")
jsonFile, err := os.Open(metapath)
if err != nil {
fmt.Println(err)
@@ -78,7 +78,7 @@ func buildExtensionContainer() error {
}
cosaBuild.BuildArtifacts.ExtensionsContainer = &cosa.Artifact{
- Path: filepath.Base(renamedArchive),
+ Path: targetname,
Sha256: sha256,
SizeInBytes: float64(stat.Size()),
SkipCompression: false,
@@ -95,9 +95,3 @@ func buildExtensionContainer() error {
}
return nil
}
-
-func getWorkDir(path string) string {
- directories := strings.Split(path, "/")
- //expects path starts with /.
- return "/" + directories[1]
-}
diff --git a/src/build-extensions-oscontainer.sh b/src/build-extensions-oscontainer.sh
index 0afa76499..99b81d424 100755
--- a/src/build-extensions-oscontainer.sh
+++ b/src/build-extensions-oscontainer.sh
@@ -1,14 +1,19 @@
#!/bin/bash
#Used by cmd/build-extensions-container.go
#Find the RHCOS ociarchive.
-path="*/builds/latest/${1}/*-ostree*.ociarchive"
-ostree_ociarchive=$(find -L ~+ -path "${path}")
-cd src/config || exit
-#Start the build replacing the from line.
-podman build --from oci-archive:"$ostree_ociarchive" --network=host --build-arg COSA=true -t localhost/extensions-container -f extensions/Dockerfile .
-#Call skopeo to generate a extensions container ociarchive
-extensions_ociarchive_dir=$(dirname "$ostree_ociarchive")
-extensions_ociarchive="${extensions_ociarchive_dir}/extensions-container.ociarchive"
-skopeo copy containers-storage:localhost/extensions-container oci-archive:"$extensions_ociarchive"
+set -euo pipefail
+buildid=$1
+shift
+filename=$1
+shift
+builddir="$PWD/builds/latest/${buildid}"
+ostree_ociarchive=$(ls ${builddir}/*-ostree*.ociarchive)
+# Build the image, replacing the FROM directive with the local image we have
+(cd src/config
+ set -x
+ podman build --from oci-archive:"$ostree_ociarchive" --network=host --build-arg COSA=true -t localhost/extensions-container -f extensions/Dockerfile .
+)
+# Call skopeo to export it from the container storage to an oci-archive.
+(set -x
+ skopeo copy containers-storage:localhost/extensions-container oci-archive:"$filename" )
-output=$2; echo "$extensions_ociarchive" > "$output"
e.g. parsing the options up front, and with the |
|
OK I think the problem here is that the |
jmarrero
force-pushed
the
build-extensions-container
branch
from
9f3dbd1 to
1b48ed9
Compare
|
Actually sorry I'm not sure that was related to the
This is probably the use of |
|
Well the issue I hit was the dropping of: That is used when we generate a new build on: Without that key the script crashes. |
|
OK right, notice here we have drift between the expected semantics in Python and Go code. How about ? |
testing |
jmarrero
force-pushed
the
build-extensions-container
branch
3 times, most recently
from
935dec4 to
423aabe
Compare
go.mod
Outdated
| github.com/google/uuid v1.1.1 // indirect | ||
| github.com/json-iterator/go v1.1.10 // indirect | ||
| github.com/klauspost/cpuid v1.3.1 // indirect | ||
| github.com/minio/md5-simd v1.1.0 // indirect |
jmarrero
force-pushed
the
build-extensions-container
branch
from
423aabe to
80eecad
Compare
jmarrero
force-pushed
the
build-extensions-container
branch
from
80eecad to
674f39a
Compare
cgwalters
left a comment
cgwalters
left a comment
There was a problem hiding this comment.
Thanks so much for all your work on this!
thank you for all the help! |
4 participants
COS-1646: deliver the extensions-container with meta.json as explained in: openshift/os#763 (comment)