-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fedora 42 change: composefs enabled by default #608
Comments
I've pushed F41 images, and they come with composefs enabled by default. We don't have a real plan for the transition from F40 yet so we might have to disable it until we do. See: https://gitlab.com/fedora/ostree/sig/-/issues/35#note_1986555833 |
WARNING: Rebasing to those images may make your system unbootable / un-upgradeable. |
Hi Timothee! Greetings from KubeCon in Hong Kong! We usually don't ingest on our builds until the beta (For F41 in this case) so no one will be rebasing yet. From a future proof perspective do we need to manually set |
👋🏻
We can not automate that in the Containerfile, we need this in a system unit running on the systems. But doing that also means that we have to make sure that the bootloader is updated before and BLS properly enabled in the GRUB config. |
So in theory, we need a systemd script that somehow (and I know nothing about bootloaders or BLS): Checks if BLS is enabled and the bootloader is a suitable version |
Yes, something like that. Updating the bootloader is almost the same as having bootupd and this is only in F41, and it does not handle RAID mirrors yet (coreos/bootupd#132) and I've not tested the setup that Anaconda does for RAID mirror. |
Summary of what's needed for F41 for the Atomic Desktops to converge with bootc on: |
The 100% Code Complete Deadline for Fedora 41 is tomorrow and we are not ready with the transition plan for this change in the Atomic Desktops thus I'm pushing this back to Fedora 42. |
@bsherman Heads up that this will still affect uCore. |
As part of this change, we will be migrating the Atomic Desktops to a static GRUB config file (Fedora CoreOS / uCore already use a static GRUB config file). While using a static GRUB config file is not strictly needed for composefs, it is currently the only workaround that we have for https://bugzilla.redhat.com/show_bug.cgi?id=2308594, which is not making progress right now. The current work in progress script for this migration is in https://hackmd.io/B8lMCzLFQjGgr5jhl_Iw-w. Testing welcomed. The plan is to push that to Fedora Rawhide first, then Fedora 41, to migrate systems ahead of the Fedora 42 release, which will enable composefs by default. This should maximize the opportunity for users to have their system migrated to a static GRUB config or find out that the migration did not succeed (which is something only accessible to advanced users unfortunately) before the switch to composefs in F42 which will block updates if the system has not been migrated. The script is designed to be safe to fail and can be restart at anytime. This should hopefully let us catch any issues during the Fedora 41 cycle, even before the Fedora 42 Beta. |
For the upcoming Fedora 41 release, we are enabling composefs by default for bootable container images of Fedora Atomic Desktops (not for the classic ostree ones).
See:
It's enabled in the Rawhide/41 images from ci-test: https://gitlab.com/fedora/ostree/ci-test/-/blob/main/composefs.yaml?ref_type=heads
Before we move people to composefs, we need them to have a BLS capable bootloader (i.e. an updated open), have BLS config enabled and then set
sudo ostree config set sysroot.bootloader none
. If some of those things are not set, you might end up with a completely unbootable system (i.e. no rollback either).See:
So this is tricky as we don't have a mechanism in Atomic Desktops like we do in Fedora CoreOS to force updates through a barrier releases that would validate all of those elements before updating to a composefs enabled image and setting the ostree repo config.
If that ends up being too much for the F41 release, we can postpone it to F42 or dynamically disable it in a layer (needs an initramfs rebuild).
The text was updated successfully, but these errors were encountered: