add new "vpick" concept for automatically picking newest resource from .v/ dir containing versioned files #26663
Conversation
github-actions
bot
added
meson
sysupdate
tests
please-review
|
Maybe it'd be simpler (and more elegant) to restrict the contents of one of these .v directories to one resource only (for example, if you have a .v directory containing some sysext, that directory contains only versions of that one sysext and nothing more). Then there's no need for the wildcard (which is quite ugly IMO) So, translating your example: On Rather than checking if the penultimate path segment has a As an alternative naming scheme, you could use the directory name as the wildcard. For instance ( |
|
Nice-to-have: mapping other common arch names to systemd's arch names:
|
So from a quick skim of the code, as far as I can tell this is how you envision this working:
Is this correct? I'll proceed with this comment assuming it is Feedback 0This fs-rebinding concept should probably be its own separate MR Feedback 1This should probably a generator, and there should be a defined partition UUID that gets auto-mounted and then the generator runs for it Feedback 2systemd could do better than a hard-coded list of hierarchies. What if the user wants to encrypt
Here's a more practical example for an A/B-partition-based OS (specifically for carbonOS):
Here's an alternative example of a btrfs-subvolume versioned OS:
And here's what an ostree-esque OS could look like:
Or composefs:
Or an A/B image-based server OS customized by the user:
I think you get the picture. Here are some of my ideas for alternate editions of
So the final carbonOS example would look like:
|
So i am pretty sure we should not do deeper nesting. I made this a single level only, so that we can easily search under three axis: type, arch, version, without having to choose which is more important and gets reflected in the dir hierarchy. Moreover, I wanted to make sure that the logic sd-boot implements via the UKI dirs is made generic and usable elsewhere. hence any logic that uses deeper nesting doesn't fulfill that goal anymore. moreover depending on the resource arch or version might not apply (i.e. only /usr/ trees have archs, and maybe rootfs, but certainly no home dirs; similar /home is typically not versioned, only /usr/ is). hence by forcing things into a rigid dir hierarchy just complicates I think. I think an approach of "everything in one dir", and then just have one kind of resource there ("files"), is the simplest, prettiest approach. this also has various other benefits. for example you can just do "mkdir foo.v" and then download various files into that dir via "curl -O" and it will just work. I think the simplicity and usefulness of this is not to be underestimated. If we'd first have to create a rigid dir structure underneath things would be much less sexy I am sure. |
|
also, note that we want similar behaviour for picking stuff from a gpt partition table, using the partition label strings. For those we don't have a hierarchy either, hence relying on a hierarchy removes our ability to nicely mirror things on this. And this goes on: by having a single, shallow list of files we can implement .v/ logic on top of a SHA256SUMS file. We couldn't do that with a deep tree of files. |
|
Sorry it's not super clear to me what parts of your response are about what parts of my feedback... This PR had two distinctly separate parts: versioned directories (which I responded to in my first two comments) and fs-rebind (which I talked about in my last comment) The part you quoted isn't talking about nesting directory hierarchies. I'm just saying that instead of using a wildcard the directory should contain exactly one resource (i.e. the /usr tree, or a single sysext, or a portable service, etc) that gets versioned. I don't think it makes sense for a versioning directory to version multiple unrelated resources. Since the directory contains exactly one resource, the directory name can determine the name of the resource. Then inside of the folder you pick that resource, and search through version numbers and (optionally) arch and (optionally) boot counting.
Are you talking about fs-rebind now? If something shouldn't be versioned then it shouldn't be in a .v directory, right? If arch isn't relevant then the filenames in the .v directory just don't include an arch and the arch stops being used to pick the version What do you mean by rigid dir hierarchy? |
github-actions
bot
added
the
please-review
|
I force pushed a new version now. I move the fsrebind feature out of the PR, focussed solely on the vpick stuff. |
the first comment of yours, but a bit also the second.
Yeah, i dropped the fsrebind stuff for now. needs more thinking.
As mentioned I think each file should be standalone, so that you can "curl -O" it. And I think it's important to allow multiple related but different objects in the same dir. Ideally I want that distros can just put .v dirs as download dirs on their servers.
The arch + version filtering is implemented generically in the vpick part. the fsrebind then makes use of this for the various key fs trees.
If it's multi-arch then I think it might still make sense to put it in one so that we can automatically pick the version for the local arch, even though the primary purpose of vpick is of course the version picking, not the arch picking.
correct.
by that i mean multiple levels of dirs arranged in a certain way. I'd really minimize the requirement for arranging things deep, and instead just have one .v/ level per resource and that's it. |
yeah, true. i dropped it from this PR for now. |
a generator on the host runs with the root fs already mounted. if we want to allow fsrebind to pick a root fs (and I think that'd be key) then we need to run it from the initrd at a late stage (i.e. where the basic root fs is already mounted, and now we have to pick a dir inside it). hence generators don't really cut it. It's a bit like systemd-volatile-root in that regard which also runs after the root fs is mounted, but before the initrd transition. |
I think fstab can help out with many of these usecases. I'd like to use fsrebind though as vehicle to drive some limited form of uniformity, i.e. not allow arbitrary .v stuff to be arranged. i.e. it's a good thing to make people place resources into the FHS (well, the modernized form of it we define), and hence it's a good thing allowing the broad hierarchies FHS defines to be handled by fsrebind, but not arbitrary ones that make it too easy to depart from that. That said, let's see how this plays out in the end. |
bluca
added
needs-rebase
and removed
please-review
github-actions
bot
removed
the
reviewed/needs-rework 🔨
|
Addressed all raised issues, but didn't do a portabled port, or the other mentioned ports. Let's do that in follow-up PRs. I also kept the /var/lib/machines/ test mostly the way it is, i.e. without overmounting, since there are other tests that want it too. |
That's absolutely fine, I was just wondering what's done and what's left to do. I can be done later. |
I meant via RootImage=. It's good that lots of detailed tests can be done with the tool, but given RootImage= is integrated, I'd like to see that covered immediately too. It doesn't need to test many variations and permutations, just one instance to make sure the integration works as expected is enough. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Added. |
…rsioned resources
This adds a new concept for handling paths. At appropriate places, if a
path such as /foo/bar/baz.v/ is specified, we'll
automatically enumerate all entries in /foo/bar/baz.v/baz* and then
do a version sort and pick the newest file.
A slightly more complex syntax is available, too:
/foo/bar/baz.v/quux___waldo
if that's used, then we'll look for all files matching
/foo/bar/baz.v/quux*waldo, and split out the middle, and version sort
it, and pick the nwest.
The ___ wildcard indicates both a version string, and if needed an
architecture ID, in case per-arch entries shall be supported.
This is a very simple way to maintain versioned resources in a dir, and
make systemd's components automatically pick the newest. Example:
/srv/myimages.v/foobar_1.32.65_x86-64.raw
/srv/myimages.v/foobar_1.33.45_x86-64.raw
/srv/myimages.v/foobar_1.31.5_x86-64.raw
/srv/myimages.v/foobar_1.31.5_arm64.raw
If now nspawn is invoked like this:
systemd-nspawn --image=/srv/myimages.v/foobar___.raw
Then it will automatically pick
/srv/myimages.v/foobar_1.33.45_x86-64.raw as the version to boot on
x86-64, and /srv/myimages.v/foobar_1.31.5_arm64.raw on arm64.
This commit only adds the basic implementation for picking files from a
dir, but no hook-up anywhere.
…d line
Usecase:
$ du $(systemd-vpick /srv/myimages.v/foo___.raw)
In order to determine size of newest image in /srv/myimages.v/
bluca
added
good-to-merge/with-minor-suggestions
and removed
please-review
|
thanks for the review. |
poettering
added
good-to-merge/waiting-for-ci 👍
The idea is this: at various placed where we currently accept a path name to some file accept ".v/" directories where we automatically enumerate contents and pick newest file.
i.e. if you call this:
And you have the dir populated like this:
and we run on x86-64, then we'll automatically resolve
/srv/myproject.v/foo___.raw→/srv/myproject.v/foo_1.5.35_x86-64.raw. On 64bit arm, we'd instead resolve it to/srv/myproject.v/foo_1.55.3_arm64.raw.The .v/ in the penultimate path element enables this versioned mode, so that a dir ending as ".v" is clearly marked as "this contains versioned things". (Note, this is a new concept, and if people already have dirs named like this will create some minor incompat where we'd intrepret this differently as before).
And "___" is the wildcard that we expect the version and arch in.
The whole matching logic is a bit more complex, see patch. And matching by architecture is optional.
This takes inspiration of how distros organize download dirs on their download servers anyway, as well as our ".d/" dirs, that contain fragments of configuration. With this new concept we ".d/" means "merge everything in here, ordered by name". while ".v/" means "pick one from the stuff in here, the newest".
This also nicely matches systemd-sysupdate's pattern logic.