Skip to content

/ fedora-coreos-config

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove some stuff from the image #98

Merged
merged 9 commits into from May 30, 2019
Merged

Remove some stuff from the image #98

merged 9 commits into from May 30, 2019

Conversation

@bgilbert
Copy link
Member

@bgilbert bgilbert commented May 29, 2019

Pursuant to coreos/fedora-coreos-tracker#186. Subsumes, I think, the relevant part of #54.
bgilbert added 7 commits May 24, 2019
@bgilbert
Drop dnsmasq
d799803 
If needed, it should probably run in a container.
@bgilbert
Remove systemd-resolved binary along with the service
2ac0e81
@bgilbert
Move systemd-firstboot removal into remove-from-packages directive
daa536e
@bgilbert
Drop NetworkManager support for ifcfg files
9e03193 
They're a legacy format and we don't want to encourage their use.
@bgilbert
Drop man pages and info docs
c301c82 
We're not shipping any tools to read them.
@bgilbert
Drop text documentation too
72f4416 
Licenses should be in /usr/share/licenses.
@bgilbert
Don't install recommended packages by default
47ec523 
Explicitly re-add some of the packages that removes.  Net removals:

9815016		cracklib-dicts
1340771		criu
108423		fuse-overlayfs
61391018	geolite2-city
3772462		geolite2-country
901443		gnupg2-smime
65039		grubby
42366		hardlink
409724		libbsd
36062		libmaxminddb
256502		libnet
554285		libsecret
69838		libsss_autofs
64075		libsss_sudo
337118		libxkbcommon
108859		mkpasswd
1256348		openssl
262138		openssl-pkcs11
214262		pinentry
124595		podman-manpages
2535150		shared-mime-info
170814		slirp4netns
53300		sssd-nfs-idmap
157915		sssd-proxy
202650		systemd-bootchart
552654		trousers
730381		trousers-lib
5909991		xkeyboard-config

91443199	TOTAL
@ajeddeloh
ajeddeloh approved these changes May 29, 2019
View changes
Copy link
Contributor

@ajeddeloh ajeddeloh left a comment

LGTM even it it breaks something. We can add things back explicitly
fedora-coreos-base.yaml Outdated
@@ -49,7 +49,8 @@ default-target: multi-user.target

remove-from-packages:
# We're not using resolved yet
- [systemd, /usr/lib/systemd/system/systemd-resolved.service]
- [systemd, /usr/lib/systemd/systemd-resolved,

This comment has been minimized.

Sign in to view
@ajeddeloh

ajeddeloh May 29, 2019
Contributor

we should see about getting these split out from the systemd package, but this is fine for now

This comment has been minimized.

Sign in to view
@ajeddeloh

ajeddeloh May 29, 2019
Contributor

Should we add networkd?
This was referenced May 29, 2019
Open
Closed
@dustymabe
Copy link
Member

@dustymabe dustymabe commented May 29, 2019

Doesn't NetworkManager use dnsmasq ?

$ rpm -qf /etc/NetworkManager/dnsmasq.d/
NetworkManager-1.12.6-5.fc29.x86_64
@bgilbert
Copy link
Member Author

@bgilbert bgilbert commented May 29, 2019

@dustymabe For connection sharing, sure. It's not a hard dependency (or even a recommends) of the package, though.
@bgilbert
Remove systemd-networkd
abdb442
@bgilbert
Copy link
Member Author

@bgilbert bgilbert commented May 29, 2019

Updated to remove networkd.
@ajeddeloh
ajeddeloh approved these changes May 29, 2019
View changes
Copy link
Contributor

@ajeddeloh ajeddeloh left a comment

LGTM
@dustymabe
Copy link
Member

@dustymabe dustymabe commented May 30, 2019

@dustymabe For connection sharing, sure. It's not a hard dependency (or even a recommends) of the package, though.

I know in the past it was used by openshift-ansible when installing/configuring openshift. If we need it we can add it back in the future?
@dustymabe
Copy link
Member

@dustymabe dustymabe commented May 30, 2019

9815016 cracklib-dicts
1340771 criu

not sure if any of our container runtimes need criu

108423 fuse-overlayfs

I think fuse-overlayfs is needed for rootless podman containers

61391018 geolite2-city
3772462 geolite2-country
901443 gnupg2-smime
65039 grubby
42366 hardlink
409724 libbsd
36062 libmaxminddb
256502 libnet
554285 libsecret
69838 libsss_autofs
64075 libsss_sudo
337118 libxkbcommon
108859 mkpasswd
1256348 openssl

I feel like openssl is a swiss army knife and useful for a lot of different low level things.

262138 openssl-pkcs11
214262 pinentry
124595 podman-manpages
2535150 shared-mime-info
170814 slirp4netns

needed for networking in rootless podman

53300 sssd-nfs-idmap
157915 sssd-proxy
202650 systemd-bootchart
552654 trousers
730381 trousers-lib
5909991 xkeyboard-config
@ajeddeloh
Copy link
Contributor

@ajeddeloh ajeddeloh commented May 30, 2019

not sure if any of our container runtimes need criu

I don't see it as a dep on gentoo

I feel like openssl is a swiss army knife and useful for a lot of different low level things.

Any reason those things can't happen in a container?

I think fuse-overlayfs is needed for rootless podman containers
(slirp4netns) needed for networking in rootless podman

Can confirm
@dustymabe
Copy link
Member

@dustymabe dustymabe commented May 30, 2019

not sure if any of our container runtimes need criu

I don't see it as a dep on gentoo

yeah we can add it back if someone needs it

I feel like openssl is a swiss army knife and useful for a lot of different low level things.

Any reason those things can't happen in a container?

It depends - it's kind of like trying to debug your dns resolution by running dig in a container. You need DNS in order to get the container that has dig in it. The only reason I bring this up is in a previous lifetime I worked for a company that grabbed encrypted artifacts (i.e. a provisioning script) from s3 on first boot and decrypted them using openssl. It's also useful for debugging when a machine can't grab content from a remote server and you need to verify the validity of the cert in the environment you ran it from.

I think fuse-overlayfs is needed for rootless podman containers
(slirp4netns) needed for networking in rootless podman

Can confirm
@ajeddeloh
Copy link
Contributor

@ajeddeloh ajeddeloh commented May 30, 2019

It depends - it's kind of like trying to debug your dns resolution by running dig in a container. You need DNS in order to get the container that has dig in it. The only reason I bring this up is in a previous lifetime I worked for a company that grabbed encrypted artifacts (i.e. a provisioning script) from s3 on first boot and decrypted them using openssl. It's also useful for debugging when a machine can't grab content from a remote server and you need to verify the validity of the cert in the environment you ran it from.

Hmm fair. We also ship it in CL. I'll defer to others on this one.
@jlebon
jlebon reviewed May 30, 2019
View changes
fedora-coreos-base.yaml
remove-files:
# We don't ship man(1) or info(1)
- usr/share/info
- usr/share/man

This comment has been minimized.

Sign in to view
@jlebon

jlebon May 30, 2019
Member

This is probably going to be unpopular, but any thoughts about keeping man pages? (But not info/ or doc/ though). You're essentially getting versioned documentation for your operating system for what... 10M? That's pretty good usefulness/size ratio. This has come up many times in RHELAH/FAH. Looking at man pages is pretty standard, and it's always a pain to have to switch away and lookup online (again, which might not even match the installed version).

This comment has been minimized.

Sign in to view
@jlebon

jlebon May 30, 2019
Member

(Not pushing super strongly on this, but I think it's worth discussing at least.)

This comment has been minimized.

Sign in to view
@bgilbert

bgilbert May 30, 2019
Author Member

It's caused friction in CL too, and I agree that it's not that much space. I'm inclined to drop them anyway for now to avoid creating compatibility constraints, and maybe re-add later.
@bgilbert
Re-add some packages
d149162 
Add fuse-overlayfs and slirp4netns for rootless podman.  Add openssl
as a helpful command-line utility.
@bgilbert
Copy link
Member Author

@bgilbert bgilbert commented May 30, 2019

Okay, I've re-added fuse-overlayfs, slirp4netns, and openssl. They add no additional dependencies of their own.
@ajeddeloh
ajeddeloh approved these changes May 30, 2019
View changes
Copy link
Contributor

@ajeddeloh ajeddeloh left a comment

LGTM
@bgilbert bgilbert merged commit 181ac99 into coreos:master May 30, 2019
@bgilbert bgilbert deleted the bgilbert:removals branch May 30, 2019
@bgilbert
Copy link
Member Author

@bgilbert bgilbert commented May 30, 2019

This is a net 120 MB improvement in the size of /usr.
@dustymabe
Copy link
Member

@dustymabe dustymabe commented May 31, 2019

Okay, I've re-added fuse-overlayfs, slirp4netns, and openssl. They add no additional dependencies of their own.

+1
@Ma124 Ma124 mentioned this pull request Jun 4, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jlebon jlebon

@ajeddeloh ajeddeloh

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants
@bgilbert @dustymabe @ajeddeloh @jlebon