Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add flag to flatcar-install to only download the image file #248

Closed
rgl opened this issue Jun 9, 2020 · 28 comments · Fixed by flatcar/init#37
Closed

add flag to flatcar-install to only download the image file #248

rgl opened this issue Jun 9, 2020 · 28 comments · Fixed by flatcar/init#37

Comments

@rgl
Copy link

rgl commented Jun 9, 2020

Current situation

I want to be able to package flatcar-install and a specific version of the image (e.g. https://stable.release.flatcar-linux.net/amd64-usr/current/flatcar_production_image.bin.bz2) in a docker container so it can be easily installed by a tinkerbell workflow action in a air-gap environment.

Impact

flatcar-master/bin/flatcar-install need to be changed in a backwards compatible way.

Ideal future situation

add a switch to flatcar-install that only downloads the image and exits. for example with:

flatcar-install -D image.bz2

Or do not even have an argument, just download the file to the current directory, e.g.:

flatcar-install -D

And a script of mine can look for the actual filename and later pass it to flatcar-install -f.

Then later I can install it with:

flatcar-install -f image.gz2 -d /dev/sda

Having this flag is easier than implementing the whole download/verification logic myself; I can just use something like ADD https://github.com/flatcar-linux/init/blob/build-1688.4.0/bin/flatcar-install in my Dockerfile. What do you think?

@pothos
Copy link
Member

pothos commented Jun 9, 2020

Hi,
thanks for the suggestion. Adding this to flatcar-install needs some refactoring but looks meaningful because it uses the correct image for the -o OEM flag besides taking care of verification.

Another suggestion would be to keep a local mirror which is up-to-date and access it via flatcar-install -b BASEURL … so that you always install the latest version. A mirror script is here: https://github.com/kinvolk/flatcar-release-mirror

Hint for running flatcar-install in tinkerbell: #88
I haven't tried if Alpine actually works in all cases, so would recommend Ubuntu in the mean time. There is a outstanding bug in flatcar-install when some other system service accesses the disk at the same time. I assume this won't be the case in tinkerbell, though ;)

@vbatts vbatts transferred this issue from flatcar/init Nov 12, 2020
@jasonbraganza
Copy link

jasonbraganza commented Feb 23, 2021

Hello folks! I’m an old sysadmin learning to write code. Am used to old unices/linuxen and only now getting up to speed with the modern distributions and the container / image world.

Would love to tackle this issue with your help, because it kinda ticks all my boxes. i have wrestled with init/grub in the past to get systems booting, and this helps me learn and get familiar with modern stuff.

While I will try to do it as fast as I can, that is not something that I entirely control as of now. What I can promise is perseverance and commitment.

P.S.
I’m starting up with setting up the SDK here, https://kinvolk.io/docs/flatcar-container-linux/latest/reference/developer-guides/sdk-modifying-flatcar/

@jasonbraganza
Copy link

also, while i will keep this thread updated with what i have done, there must be some place where you folk gather and i can ask idiot level questions (on a general level)? because the more i read about flatcar, the more fascinated, I am getting and the more questions I have
have joined #flatcar on irc. if there is any other place, please do tell, and I’ll join up.

@jasonbraganza
Copy link

jasonbraganza commented Feb 23, 2021

i realise this is not related to doing anything with the sdk and is pure bash manipulation.
however i am rusty there. so reading up the script closely and looking at the web for what each bash line does (as well as speed reading a couple of bash books)
will update with progress

P.S.
also currently trying to actually run the script and write to a ramdisk in my vm, to see how long it takes and how it actually behaves.

@jasonbraganza
Copy link

Hello folks,

Just a little note to tell you what I learnt today

  • I gave up on reading all about bash, it would take me too long to figure it all out
  • i tried the small d option to write to a disk to see how the script works.
  • I decided to copy/and adapt the install_from_url function in the script and make it download
  • i cannot seem to run the script without sudo. gpg complains
  • as of now, my little script downloads the file and errors out.
  • so am trying to print that variable to see what i am doing wrong (will attempt this tomorrow)
  • my changes are in my fork at if you want to have a look see. https://github.com/jasonbraganza/init/blob/b51b5ed2c881b5afa8c10d1865b098196c786a87/bin/flatcar-install#L345
  • thank you. will be back tomorrow

@pothos
Copy link
Member

pothos commented Feb 23, 2021

Hi,
I didn't have a look yet but wanted to tell that there is also https://github.com/poseidon/matchbox/blob/master/scripts/get-flatcar which we didn't mention in this issue yet as current alternative to the mirroring with https://github.com/kinvolk/flatcar-release-mirror

@jasonbraganza
Copy link

and this is why i should have not worked all day, just to compensate for the fact that I am beginning all over 😂
i should have asked for help right in the beginning :)

Thank you @pothos! I’ll look at the poseidon repo script too. maybe that’ll help me more :)

will keep updating progress or asking for help here :)

@jasonbraganza
Copy link

​​Had to stop work abruptly today. Have a death in the family. Trying to figure out how to send my mom over to another state.
​will restart tomorrow. sorry folks

@pothos
Copy link
Member

pothos commented Feb 24, 2021

They have a slightly different purpose, and I just wanted to state that it exists and it may be useful to compare the approach.

@jasonbraganza
Copy link

back at work today.
today onwards, i’ll give two hours to doing this little project, until it is done.
I’d love to do more, but life is currently crazy.

@pothos once again, thank you for showing me the script. and yes i understood your intent as soon as I ran it. will try to understand it and adapt what i learn here.

@jasonbraganza
Copy link

jasonbraganza commented Mar 2, 2021

Log for 2021-03-02

Aim

  • current direction is to just somehow get a file to download.

once I get that done and hopefully can parse scripts better in my head (as i read and look this up daily), the idea then is to

  • consider refactoring install_from_url() into multiple functions. (use something from my save_to_disk function in there)
  • preserve the implementation of the actual installation - where the image is decompressed,
    validated, and written on the fly (in my haste to just get something down to disk, i am not looking at this. but then, i need to put everything back the way it was - have expected behaviour)

What got done today

  • don’t understand getopts but intuitively understand enough about the working from old dos batch files. so the -D option is working and calling the save_to_disk function.
  • had a slight mind opening moment when i realised what the -z and -n in the if statements do. the script is suddenly a lot more understandable
  • resolved the gpg errors, that my section of the script was throwing by setting a variable to the current working folder. (lots of bash bad substitution errors, before I learnt to set variables correctly :))
  • figured out how to create a subdirectory to download to, with version id in my current directory
  • As a sidenote looking up bash expansions, I learnt about xdotool and how to assign an os shortcut to date so i can have the date typed handily everywhere - (bash -c "sleep .2 && xdotool type \"$(date +'%Y-%m-%d')\"")

Blockers

  • Bash expansions and options are really confusing (to me) am looking them up slowly one by one. really humbling slow progress.
  • confused about whether functions need to be defined first in a bash script, before I can call them. Intuition says yes, which is why i put save_to_disk function higher up above in the script. which also means that later refactoring might mean that common stuff resides here or in a higher function.
  • stuck at wget errors too, but that is just because i had to leave today. will do better at this tomorrow

above all, this was fun :)

p.s. ooh today’s work is at https://github.com/jasonbraganza/init/blob/init-2021-03-01/bin/flatcar-install

@jasonbraganza
Copy link

What got done today

  • Managed to get the file and the signature downloaded

Blockers

  • Stuck on how to verify the file that i downloaded with the signature
gpg: Signature made Wed 27 Jan 2021 11:28:05 PM IST
gpg:                using RSA key 782B3BC9F10CF638A5DCF5105B2910CBFCBEAB91
gpg:                issuer "buildbot@flatcar-linux.org"
gpg: Good signature from "Flatcar Buildbot (Official Builds) <buildbot@flatcar-linux.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: F88C FEDE FF29 A5B4 D952  3864 E25D 9AED 0593 B34A
Subkey fingerprint: 782B 3BC9 F10C F638 A5DC  F510 5B29 10CB FCBE AB91

i’m using this line https://github.com/jasonbraganza/init/blob/9c0dd0c8c35996309e3f3c024369f5c25b6becfc/bin/flatcar-install#L414 to try to verify the file.

now i think I need help. @pothos, @marga-kinvolk and other kind folk, would appreciate whatever guidance you have to give

Code at https://github.com/jasonbraganza/init/blob/9c0dd0c8c35996309e3f3c024369f5c25b6becfc/bin/flatcar-install#L346

@jasonbraganza
Copy link

What got done today

Would request you, please have a look see at https://github.com/jasonbraganza/init/blob/849250aa0e351d61dd472b51af5236305963a95e/bin/flatcar-install#L346 ?

@pothos
Copy link
Member

pothos commented Mar 4, 2021

Hi,
haven't tried it but just from looking here some comments.
You don't need to download https://flatcar-linux.org/security/image-signing-key/Flatcar_Image_Signing_Key.asc because it doesn't add much security if you download something from SSL to verify something downloaded from SSL in the same run, and also the lines above have the key embedded into the script which avoids this problem and makes in unnecessary to fetch the key.
Another thing is that I would try to factor out the shared parts of the two functions.

P.S.: For others, here the diff: flatcar/init@flatcar-master...jasonbraganza:init-2021-03-01

@margamanterola
Copy link
Contributor

Hi Jason, I also took a look. I'm sharing some first impression comments.

You're calling the function directly from the argument parsing, this means that the parameters might not all be processed when that function is called. This is why all the other options just set variables and then the script does one thing or the other depending on those variables.

Once you've moved to setting a variable instead of calling the function directly, you can put the function down with the other functions. And then you should add code that calls the function when that flag is set together with the rest of the main part of the script.

Also, as Kai says, the intention of this change was to re-use the existing code in the install_from_url function, by splitting that function into the part that downloads and the part that installs. Please try to avoid duplicating code as much as possible.

@jasonbraganza
Copy link

@pothos, I was a little confused about that part of the key and did not know if it was a valid key or not. will work at using the embedded key.
@marga-kinvolk, While I understood what needs be done, I have no clue (right now) how to go about it (setting variables using code to call the function)
Will read up on getopts and functions and try to get this to work.
Thank you both, so much! All ears, if you have more advice for me.

@jasonbraganza
Copy link

Will be reading up on bash today.

@jasonbraganza
Copy link

just putting in a note to say i spent until yesterday learning bash. not well today.
i think i’ve figured enough bash to figure it out, the way you folk suggested.
will start up tomorrow.

@jasonbraganza
Copy link

jasonbraganza commented Mar 9, 2021

alright, i think i now know enough bash to parse this file intelligently and ask for advice.

Here’s my understanding of the script. and then my plea for help.

in my mind the script’s divided into three main parts.

  1. setting up functions for disk probing and setting up the usage screen and all the variables and the gpg key and the loop to get input
  2. Disk probing and sanity checks
  3. The actual writing to the disk, by either taking an image file or failing that installing to the url.

i see two ways of attacking this

I

i set a variable, say download to true.

  • put in that variable in each sanity check and skip if download is true
  • all the way down up to the download from url function
  • then try to refactor the download from url into two and onwards to completion

or

II

i set a variable, say download to true.

  • then implement a prep_network_urls and do a download before the disk sanity checks and writing section.

am in favour of and slowly plugging away at the second method because that kinda sounds more elegant in my head

but i could also be completely ragingly wrong :)

please advise!

(@marga-kinvolk, @pothos, @t-lo other kin(d)folk :)

@jasonbraganza
Copy link

am in favour of and slowly plugging away at the second method because that kinda sounds more elegant in my head
changed my mind. now that i think about it.

method i makes more sense.

the flow would be like

  • set up variables and stuff
  • do sanity check (skip each one if -D is set)
  • then do the download
  • then decide whether to save it or write to disk

@margamanterola
Copy link
Contributor

As far as I can see, there's only one sanity check that needs to be modified (the one that verifies that a device was selected or that the write to smallest flag was passed). All the others can just remain as they are. The approach should be:

  1. Assign a DOWNLOAD_ONLY variable if the flag was passed
  2. Modify the "Device required" check to not require a device if it's download only
  3. Split install_from_url into two, one part that downloads and the other that writes the image to disk.
  4. In the main part of the code (at the bottom of the file), check if DOWNLOAD_ONLY is set, and in that case, just download the image without overwriting the disk.

@jasonbraganza
Copy link

gosh darn it! I started that way and decided to skip the entire block 😂
will redo it the way you told me to @marga-kinvolk

here’s where i have ended up.

  • i split the install_from_url into prep_url / download_from_url / and install_from_url`
  • have slowly been dragging stuff out of install_from_url and putting them into prep_url
  • and now that i read your advice, it makes more sense to jush have download / install functions.
    will redo that.

Blocker

i don’t understand what this line does. (or rather how it does it)
https://github.com/kinvolk/init/blob/5979668f48fc5e83a92ea342650a24762fadc29d/bin/flatcar-install#L555

fi 3> >(write_to_disk)

i understand it is finishing up the function and then it somehow passes the output out to the write to disk function?
am i right there?
i understand fi. but i don’t get the 3> > part.
which is what is blocking me from understanding whether it goes up into the prep/dowload function of mine or not.

my code is here - https://github.com/jasonbraganza/init/blob/mjb-adapt-init-2/bin/flatcar-install

@jasonbraganza
Copy link

also @marga-kinvolk and @pothos, just wanted to say thank you, for pushing me along :)

@jasonbraganza
Copy link

i think i am done.
but i cannot be sure because i am trying it out.
and the downloads are slow. (between 20-100kbps with frequent interruptions)

once i have a successful update, will ask you folk for further advice and direction.
code is at https://github.com/jasonbraganza/init/blob/mjb-adapt-init-2/bin/flatcar-install

@jasonbraganza
Copy link

curious question, do i get rate limited? maybe that’s why the download is slow.
got my friend to run the script and it works!

@marga-kinvolk, @pothos please have a look see and tell me if i can raise a pr?

@jasonbraganza
Copy link

@pothos
Copy link
Member

pothos commented Mar 10, 2021

Hi,
looks good so far, yes, please file a PR for review. I think the additional trap is not needed, or?

There is no rate limit, not sure what's going on, might be a cold cache.

@jasonbraganza
Copy link

@pothos that additional trap is to release the trap set earlier. without it bash hiccups a bit, which is why i put it in.
will raise a pr. thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants