Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Spike] Investigate solutions for kairos-init alternatives #3045

Open
Tracked by #2129
jimmykarily opened this issue Dec 3, 2024 · 8 comments
Open
Tracked by #2129

[Spike] Investigate solutions for kairos-init alternatives #3045

jimmykarily opened this issue Dec 3, 2024 · 8 comments

Comments

@jimmykarily
Copy link
Contributor

jimmykarily commented Dec 3, 2024

Before we jump into implementing our own solution, let's first do some research for tools that could satisfy our needs.

We are looking for tools that:

  • can install software on different distributions
  • leave not traces behind after they are done
  • Don't bring a lot of dependencies (ideally should be just one binary + recipe)
  • have a "good" licence (so we can use)
  • have a good community (so they don't go out of business soon)
  • Can run in a container build step
  • Can bundle binary/static files in a single binary, and be self-extracting
@jimmykarily jimmykarily converted this from a draft issue Dec 3, 2024
@mauromorales
Copy link
Member

@Itxaka
Copy link
Member

Itxaka commented Dec 3, 2024

Here are some tools to check:
* purpleidea/mgmt

this looks good 👀
EDIT: but doesnt fit :(

Want to add as well chef-solo, which is chef-infra but without any remote servers or anything.

Pros:

  • deps are minimal
  • most flavours have packages for chef so its easy to remove and cleanup afterwards
  • should cover our use case properly
  • Lots of community cookbooks, so not much to invent

Cons:

  • ruby
  • Cookbooks are a bit of a mess
  • Databags, yikeeeees, I hate them
  • It requires some config, not sure how to bundle it/handle it (ruby frontend wiht config incrusted that calls chef-solo internally?)

Also Ansible on the same way
Pros:

  • Covers everything we want and more
  • Lots of community recipes/roles, so not much to invent
  • Some distros may have packages available

Cons:

  • I dont think deps are minimal, its python so it may be a mess if we dont have the same install process for all.
  • We have to install ansible and run it with a config, which can be messy.
  • Probably need to download the recipes on the fly?

@Itxaka
Copy link
Member

Itxaka commented Dec 3, 2024

I wonder if we can just leverage yip to do this with just simple plugin for package installs.

will have a quick look and maybe poc

@tbrasser
Copy link

tbrasser commented Dec 3, 2024

not sure if these fit the bill/are worth considering, if not please ignore me 😅

@Itxaka
Copy link
Member

Itxaka commented Dec 4, 2024

I had a look at yip and indeed is doable:

Would looks like this, quick and dirty example:
https://gist.github.com/Itxaka/350ea3a28363761907f13f40e5e4b21d

This shows:

  • yip running packages install, systemctl services, files being clean and validation
  • shows how we can use the stages to declare the system state in code directly
  • how we can create custom stages and custom plugins easily

this:

  • does not use the DAG, as I wanted to show custom plugins and stages 😛
  • shows also that the IfConditional available is not good enough for us
  • shows that we should be able to create our own and easily change it so we can do ifs based on whatever we want (IfOS, IfArch, IfVersion, etc...)
  • any plugins only needed for the init stuff could be in the init repo, we used to do something similar in the agent for the partitioner: https://github.com/kairos-io/kairos-agent/blob/main/pkg/cloudinit/cloudinit.go
  • and I think the main issue is that we may need to change yip to add a new method to accept and generate the dag via bytes directly or stages, instead of via files as its pretty hardcoded currently to read files in the system always

@jimmykarily jimmykarily moved this from Todo 🖊 to In Progress 🏃 in 🧙Issue tracking board Dec 9, 2024
@jimmykarily jimmykarily moved this from In Progress 🏃 to Todo 🖊 in 🧙Issue tracking board Dec 9, 2024
@jimmykarily
Copy link
Contributor Author

jimmykarily commented Jan 2, 2025

not sure if these fit the bill/are worth considering, if not please ignore me 😅

* https://porter.sh/

* https://zarf.dev/

Looking at porter, it would be a good choice if we had more than one "application" to install. Porter will need to call something that knows how to install the kairos bits. If that tool exists, we don't need porter to call it.

Zarf itself, seems to handle the lifecycle of an application (through onCreate, onDeploy, onRemove actions) but in our case, installing the Kairos bits on an image is always gonna be an one-off thing. We will never want to de-Kairosify an image.

I think these are nice tools but were created for a different purpose. Please correct me if I missed something.

@Itxaka Itxaka moved this from Todo 🖊 to In Progress 🏃 in 🧙Issue tracking board Jan 16, 2025
@Itxaka
Copy link
Member

Itxaka commented Jan 16, 2025

As we discussed I did the kairos-init leveraging yip in here: https://github.com/kairos-io/kairos-init

It brings a bit of code from the older kairos-init in puro go from scratch like the packagemaps, as that was proven to work, so it makes no sense to reimplement.
Uses a very recent version of yip which is able to run step based on the os name and version if we need it
Also uses a new yi plugin pullImage that pulls images into a targe directory (for the framework)

I built a ubuntu 24.04 container image with it: docker build -t ubuntu-init -f images/Dockerfile.ubuntu .
Dockerfile:

ARG FAMILY=ubuntu
ARG FLAVOR
ARG FLAVOR_RELEASE
ARG MODEL=generic
ARG BASE_IMAGE=ubuntu:24.04
ARG VARIANT
ARG VERSION
ARG FRAMEWORK_VERSION=main
ARG BOOTLOADER=grub

FROM ttl.sh/kairos-init:main AS kairos-init

FROM ${BASE_IMAGE}
COPY --from=kairos-init /kairos-init /kairos-init
RUN /kairos-init -l debug -s install
RUN /kairos-init -l debug -s init
RUN rm /kairos-init

# Fixup sudo perms
RUN chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo

Then used aurora to build and iso:

docker run --rm -ti -v /var/run/docker.sock:/var/run/docker.sock -v $PWD/build/:/output auroraboot:latest --debug build-iso --output /output/ docker:ubuntu-init

Then used that iso to run the acceptance test suite from kairos on it:

export USE_QEMU=true                                          
export KVM=true
export MEMORY=10000
export CPUS=8
export ISO=${PWD}/build/kairos.iso
export DATASOURCE=${PWD}/build/datasource.iso

$ go run github.com/onsi/ginkgo/v2/ginkgo -v --label-filter "autoinstall-test" --fail-fast -r ./tests/
Running Suite: kairos Test Suite - /home/itxaka/projects/kairos/tests
=====================================================================
Random Seed: 1737023320

Will run 1 of 23 specs
SSSSSSSSSSSSSS
------------------------------
kairos autoinstall test reboots and passes functional tests passes checks [autoinstall-test]
/home/itxaka/projects/kairos/tests/autoinstall_test.go:58
State dir: /tmp/1633846204
Using ssh port: 32967
  STEP: checking if default service is active in live cd mode @ 01/16/25 11:29:08.499
  STEP: checking that installation has started @ 01/16/25 11:29:08.616
  STEP: checking that vm has rebooted to 'active' @ 01/16/25 11:29:08.668
  STEP: checking grubenv file @ 01/16/25 11:29:47.802
  STEP: checking custom cmdline @ 01/16/25 11:29:47.841
  STEP: checking the use of dracut immutable module @ 01/16/25 11:29:47.882
  STEP: checking Auto assessment @ 01/16/25 11:29:47.922
  STEP: checking writeable tmp @ 01/16/25 11:29:48.054
  STEP: checking bpf mount @ 01/16/25 11:29:48.199
  STEP: checking correct permissions @ 01/16/25 11:29:48.247
  STEP: checking grubmenu @ 01/16/25 11:29:48.337
  STEP: checking additional mount specified, with no dir in rootfs @ 01/16/25 11:29:48.374
  STEP: checking rootfs shared mount @ 01/16/25 11:29:48.425
  STEP: checking that it doesn't has grub data into the cloud config @ 01/16/25 11:29:48.483
  STEP: checking that networking is functional @ 01/16/25 11:29:48.522
  STEP: checking corresponding state @ 01/16/25 11:29:48.686
  STEP: Checking install/recovery services are disabled @ 01/16/25 11:29:54.903
  STEP: Checking that service kairos-interactive is disabled @ 01/16/25 11:29:54.942
  STEP: Checking that service kairos-recovery is disabled @ 01/16/25 11:29:54.99
• [70.269 seconds]
------------------------------
SSSSSSSS

Ran 1 of 23 Specs in 70.270 seconds
SUCCESS! -- 1 Passed | 0 Failed | 0 Pending | 22 Skipped
PASS

Ginkgo ran 1 suite in 1m15.562461724s
Test Suite Passed

so ti seems that for the MVP of building ubuntu it works?

@Itxaka
Copy link
Member

Itxaka commented Jan 16, 2025

Missing things:

  • anything other than ubuntu
  • test other ubuntus (only 24.04 tested) All ubuntus build and work.
  • bootloader/trusted boot support. trusted boot flag that disables the grub packages and install the required systemd ones instead. Also skips running the initramfs build as its not needed and clears all initrafms files as they are not needed. done
  • core/standard. Nothing currently installs k3s and the provider.
  • workarounds. See for exmple in the dockerfile for ubuntu the sudo workaround its still in there. That should be moved to a yip stage that runs workarounds based on the os and/or version

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: In Progress 🏃
Development

No branches or pull requests

4 participants