Re: [atomic-devel] Extending Atomic Host and 'rpm-ostree pkg-add'

[Daniel J Walsh <dwalsh redhat com>]

We want admin to some how know that

rpm -qf /etc/systemd/system/continer.service

Was created by CONTAINER-FOOBAR.

Having the container create an rpm on the fly that takes into case the
name of the container.

On 11/18/2016 10:49 AM, Jakub Filak wrote:
> Yes, you are true about the chroot. I realized it a bit late and I didn't
> want to spent too much time on a proof-of-concept script.
>
> Could you please tell me more about the attributes you have on mind? I am
> afraid that I am caught in my use case and I cannot see anything beyond that.
>
>
> On 11/18/2016 04:24 PM, Daniel J Walsh wrote:
>> I think you should be able to do this totally with a chroot /host
>>
>> rather then nsenter.
>>
>>  A little trick I have been playing with for scripts executed in the chroot.
>>
>> Then you could just copy the rpm out of the container on to /host/run
>> and then execute
>>
>> the ./install.sh command to execute the appropriate rpm commands on the
>> host. 
>>
>> The difficult part is creating the rpm with attributes back to the
>> container. 
>>
>>
>> On 11/18/2016 09:26 AM, Jakub Filak wrote:
>>> The script was initially developed on Fedora Rawhide, so it works there.
>>>
>>> I had to add a couple of hacks to be able to run it on Atomic. Mainly
>>> because Atomic does not have rpm-build, which itself has tons of
>>> dependencies, and I decided to run the script in a container. Soon I found
>>> out that not only missing rpm-build is a problem but "rpm -i" does not work
>>> on Atomic. However I overcome this problem with a wrapper for rpm [0].
>>>
>>> The bottom line is that to make the script working on the current Atomic,
>>> you must install rpm-build (possibly in a privileged Fedora container that
>>> shares PID NS with the host) and issue the below command:
>>>
>>> $ PATH="./atomic-host:$PATH" ./af install --rpm <container_name>
>>>
>>> On Fedora you just need to run only:
>>> $ ./af install --rpm <container_name>
>>>
>>>
>>> Full example:
>>>
>>> [host] $ docker pull elcolio/etcd
>>> [host] $ docker run -d --name etcd elcolio/etcd
>>> [host] $ docker run --privileged --pid=host -it --rm fedora sh
>>> [cntr] $ dnf install rpm-build git
>>> [cntr] $ cd tmp && git clone https://github.com/jfilak/af && cd af
>>> [cntr] $ PATH="./atomic-host:$PATH" ./af install --rpm etcd
>>> [cntr] $ exit
>>> [host] $ rpm -qf /etc/etcd.conf
>>> C_etcd___docker.io_elcolio_etcd-latest.0.noarch
>>>
>>> For sake of simplicity, I assume that the /exports/hostfs/etc/etcd.conf file
>>> exists within the container.
>>>
>>>
>>> Jakub
>>>
>>> PS: The script is just a proof of concept that I created over night.
>>>
>>>
>>> 0: https://github.com/jfilak/af/blob/master/atomic-host/rpm
>>>
>>>
>>>
>>> On 11/18/2016 01:52 PM, Daniel J Walsh wrote:
>>>> Seems like a simple fix.  rpm-ostree should be modified to support file
>>>> path rpms as well as
>>>>
>>>> rpm repositories.  But will this work on a traditional rpm based system
>>>> like RHEL or Fedora
>>>>
>>>> Workstation?
>>>>
>>>>
>>>> On 11/18/2016 03:35 AM, Jakub Filak wrote:
>>>>> I've been playing with privileged containers delivering services for D-Bus
>>>>> system bus. These D-Bus services must be enabled by a configuration file
>>>>> placed in the /etc/dbus-1/system.d/ directory. Therefore my containers must
>>>>> install files on Atomic host and this action creates system files not owned
>>>>> by any rpm package.
>>>>>
>>>>> Last week I wrote a script that creates an intermediate rpm package from
>>>>> files in the /exports/hostfs/ directory in a container and installs the
>>>>> package to a host [0]. Unfortunately, the script uses 'ostree admin unlock'
>>>>> before running 'rpm -i ...', so my changes to rpm database disappear with
>>>>> reboot. Using 'rpm-ostree pkg-add ...' could make the changes persistent but
>>>>> the command does not accept local files.
>>>>>
>>>>> My question is that will it be possible to install local rpm files via
>>>>> 'rpm-ostree pkg-add'?
>>>>>
>>>>>
>>>>>
>>>>> Jakub
>>>>>
>>>>> 0: https://github.com/jfilak/af
>>>>>