Re: [atomic-devel] Extending Atomic Host and 'rpm-ostree pkg-add'

[Jakub Filak <jfilak redhat com>]

Giuseppe has opened a pull request that adds support for generating an rpm
package from a system container and enhancing his code to install arbitrary
files is just a matter of 3 lines in Python.


On 11/22/2016 05:08 PM, Daniel J Walsh wrote:
> Very nice.  Probably need some work on the Name field. 
> 
> Do you have the example code?

The code is available on github: https://github.com/jfilak/af

It's a shell script and it's a bit dummy.

> Does the rpm get built on the host and then installed. 
> 

If the host have rpmbuild command, it does.

> I would be nice if this could all be generated for the developer so the
> developer
> 
> does not need to do much to generate the rpm. 
> 

Container developers just need to place their files to /exports/hostfs/ in
the image and 'af install' can do the rest.

> One interesting idea would be to add a postuninstall to the rpm of
> 
> atomic uninstall whether
> 

Add anything you need to %postun via an environment variable:
https://github.com/jfilak/af/commit/fffd9d73429475930f3c6c3b889a80ed7ad33738

> 
> On 11/22/2016 09:25 AM, Jakub Filak wrote:
>> 'rpm -qf /some/file/path' must either return a valid package name or exit
>> with an error code. That's expected behavior of this command.
>>
>> 'rpm -qfi /some/file/path' prints out detailed description of the package
>> that owns the file and this description can contain container details.
>>
>> Here is an example of description of an rpm package created by my script:
>>
>> Name        : C_wether___docker.io-fedora
>> Version     : latest
>> Release     : 0
>> Architecture: noarch
>> Install Date: Mon 14 Nov 2016 03:11:20 AM CET
>> Group       : Unspecified
>> Size        : 14
>> License     : None
>> Signature   : (none)
>> Source RPM  : C_weter___docker.io-fedora-latest-0.src.rpm
>> Build Date  : Mon 14 Nov 2016 03:11:20 AM CET
>> Build Host  : 4d7d6e02109a
>> Relocations : (not relocatable)
>> URL         : https://github.com/jfilak/af
>> Summary     : Host files from docker.io/fedora:latest
>> Description :
>> Files delivered by Docker container : wether
>> The container was created from Docker image : docker.io/fedora:latest
>>
>> The package was created by these steps:
>>
>> sudo docker run -it --rm --name wether fedora sh
>> mkdir -p /exports/hostfs/opt/filak/
>> echo "Hello, world!" > /exports/hostfs/opt/filak/jakub.txt
>>
>> In another terminal:
>> sudo ./af install --rpm wether
>>
>>
>>
>> On 11/18/2016 05:17 PM, Daniel J Walsh wrote:
>>> We want admin to some how know that
>>>
>>> rpm -qf /etc/systemd/system/continer.service
>>>
>>> Was created by CONTAINER-FOOBAR.
>>>
>>> Having the container create an rpm on the fly that takes into case the
>>> name of the container.
>>>
>>> On 11/18/2016 10:49 AM, Jakub Filak wrote:
>>>> Yes, you are true about the chroot. I realized it a bit late and I didn't
>>>> want to spent too much time on a proof-of-concept script.
>>>>
>>>> Could you please tell me more about the attributes you have on mind? I am
>>>> afraid that I am caught in my use case and I cannot see anything beyond that.
>>>>
>>>>
>>>> On 11/18/2016 04:24 PM, Daniel J Walsh wrote:
>>>>> I think you should be able to do this totally with a chroot /host
>>>>>
>>>>> rather then nsenter.
>>>>>
>>>>>  A little trick I have been playing with for scripts executed in the chroot.
>>>>>
>>>>> Then you could just copy the rpm out of the container on to /host/run
>>>>> and then execute
>>>>>
>>>>> the ./install.sh command to execute the appropriate rpm commands on the
>>>>> host. 
>>>>>
>>>>> The difficult part is creating the rpm with attributes back to the
>>>>> container. 
>>>>>
>>>>>
>>>>> On 11/18/2016 09:26 AM, Jakub Filak wrote:
>>>>>> The script was initially developed on Fedora Rawhide, so it works there.
>>>>>>
>>>>>> I had to add a couple of hacks to be able to run it on Atomic. Mainly
>>>>>> because Atomic does not have rpm-build, which itself has tons of
>>>>>> dependencies, and I decided to run the script in a container. Soon I found
>>>>>> out that not only missing rpm-build is a problem but "rpm -i" does not work
>>>>>> on Atomic. However I overcome this problem with a wrapper for rpm [0].
>>>>>>
>>>>>> The bottom line is that to make the script working on the current Atomic,
>>>>>> you must install rpm-build (possibly in a privileged Fedora container that
>>>>>> shares PID NS with the host) and issue the below command:
>>>>>>
>>>>>> $ PATH="./atomic-host:$PATH" ./af install --rpm <container_name>
>>>>>>
>>>>>> On Fedora you just need to run only:
>>>>>> $ ./af install --rpm <container_name>
>>>>>>
>>>>>>
>>>>>> Full example:
>>>>>>
>>>>>> [host] $ docker pull elcolio/etcd
>>>>>> [host] $ docker run -d --name etcd elcolio/etcd
>>>>>> [host] $ docker run --privileged --pid=host -it --rm fedora sh
>>>>>> [cntr] $ dnf install rpm-build git
>>>>>> [cntr] $ cd tmp && git clone https://github.com/jfilak/af && cd af
>>>>>> [cntr] $ PATH="./atomic-host:$PATH" ./af install --rpm etcd
>>>>>> [cntr] $ exit
>>>>>> [host] $ rpm -qf /etc/etcd.conf
>>>>>> C_etcd___docker.io_elcolio_etcd-latest.0.noarch
>>>>>>
>>>>>> For sake of simplicity, I assume that the /exports/hostfs/etc/etcd.conf file
>>>>>> exists within the container.
>>>>>>
>>>>>>
>>>>>> Jakub
>>>>>>
>>>>>> PS: The script is just a proof of concept that I created over night.
>>>>>>
>>>>>>
>>>>>> 0: https://github.com/jfilak/af/blob/master/atomic-host/rpm
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 11/18/2016 01:52 PM, Daniel J Walsh wrote:
>>>>>>> Seems like a simple fix.  rpm-ostree should be modified to support file
>>>>>>> path rpms as well as
>>>>>>>
>>>>>>> rpm repositories.  But will this work on a traditional rpm based system
>>>>>>> like RHEL or Fedora
>>>>>>>
>>>>>>> Workstation?
>>>>>>>
>>>>>>>
>>>>>>> On 11/18/2016 03:35 AM, Jakub Filak wrote:
>>>>>>>> I've been playing with privileged containers delivering services for D-Bus
>>>>>>>> system bus. These D-Bus services must be enabled by a configuration file
>>>>>>>> placed in the /etc/dbus-1/system.d/ directory. Therefore my containers must
>>>>>>>> install files on Atomic host and this action creates system files not owned
>>>>>>>> by any rpm package.
>>>>>>>>
>>>>>>>> Last week I wrote a script that creates an intermediate rpm package from
>>>>>>>> files in the /exports/hostfs/ directory in a container and installs the
>>>>>>>> package to a host [0]. Unfortunately, the script uses 'ostree admin unlock'
>>>>>>>> before running 'rpm -i ...', so my changes to rpm database disappear with
>>>>>>>> reboot. Using 'rpm-ostree pkg-add ...' could make the changes persistent but
>>>>>>>> the command does not accept local files.
>>>>>>>>
>>>>>>>> My question is that will it be possible to install local rpm files via
>>>>>>>> 'rpm-ostree pkg-add'?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Jakub
>>>>>>>>
>>>>>>>> 0: https://github.com/jfilak/af
>>>>>>>>
>