From 035de97f61c63d1aa58d7bad1527bce3720b09cb Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Mon, 16 Sep 2024 16:03:57 -0400 Subject: [PATCH 1/2] tier-x: new tier for cross-variant collaboration One of the main goals of the bootable containers initiative in Fedora is to have all the image-based Fedora variants share a common base onto which we can maintain CI, develop features, fix bugs, etc... While I believe in the long-term, we should try to have literal derivation from a base image, this is not currently desirable for various reasons. Instead, for now we can share things at the manifest level by having this repo be a submodule in the every variant's repo. Currently, tier-0 is much smaller than it needs to be for sharing purposes. Crucially, it doesn't include NetworkManager. At the same time, tier-1 is much too large as a shared target. As a first step, we should try to match variants where they currently are and not force them to ship many more packages than they currently do. For this purpose, I'm proposing a new tier: tier-x. The "x" stands for "cross-variant". This tier is composed of tier-0 + a set of packages that is currently in common to all the involved variants. The most notable additions are NetworkManager, openssh, and rpm-ostree. The intention then is to have every Fedora variant `include` this tier and have it become the point of collaboration between variants. E.g. new packages/bug fixes/temporary workarounds relevant to all variants likely should land in this tier instead of in the downstreams. CI of course will also be an important discussion point. --- fedora-tier-x.yaml | 12 ++++++++++++ tier-x/kernel.yaml | 1 + tier-x/manifest.yaml | 46 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 59 insertions(+) create mode 100644 fedora-tier-x.yaml create mode 120000 tier-x/kernel.yaml create mode 100644 tier-x/manifest.yaml diff --git a/fedora-tier-x.yaml b/fedora-tier-x.yaml new file mode 100644 index 0000000..19e08c8 --- /dev/null +++ b/fedora-tier-x.yaml @@ -0,0 +1,12 @@ +releasever: rawhide +repos: + - rawhide + +metadata: + name: fedora-boot-tier-x + summary: Fedora Bootable Tier X + +include: + - fedora-generic.yaml + - tier-x/manifest.yaml + - tier-x/kernel.yaml diff --git a/tier-x/kernel.yaml b/tier-x/kernel.yaml new file mode 120000 index 0000000..d6f64cc --- /dev/null +++ b/tier-x/kernel.yaml @@ -0,0 +1 @@ +../tier-0/kernel.yaml \ No newline at end of file diff --git a/tier-x/manifest.yaml b/tier-x/manifest.yaml new file mode 100644 index 0000000..384110b --- /dev/null +++ b/tier-x/manifest.yaml @@ -0,0 +1,46 @@ +include: + - ../tier-0/manifest.yaml + +packages: + # Used by admins interactively + - attr + - bash-completion + - hostname + - iproute + - jq + - less + - vim-minimal + # crun recommends but doesn't require criu and criu-libs. We want them for + # checkpoint/restore. https://github.com/coreos/fedora-coreos-tracker/issues/1370 + - criu criu-libs + # storage + - cryptsetup + - lvm2 + - tar + # zram-generator (but not zram-generator-defaults) for F33 change + # https://github.com/coreos/fedora-coreos-tracker/issues/509 + - zram-generator + # Some host applications(i.e. NetworkManager) use dnsmasq + # as the binary for some various utility operations. + # https://github.com/coreos/fedora-coreos-tracker/issues/519 + - dnsmasq + # networking + - iptables-nft + - NetworkManager + - openssh-clients + - openssh-server + - slirp4netns # rootless podman networking + - systemd-resolved + # linux-firmware now a recommends so let's explicitly include it + # https://gitlab.com/cki-project/kernel-ark/-/commit/32271d0cd9bd52d386eb35497c4876a8f041f70b + # https://src.fedoraproject.org/rpms/kernel/c/f55c3e9ed8605ff28cb9a922efbab1055947e213?branch=rawhide + - linux-firmware + # security + - polkit + - sudo + # Allow for configuring different timezones + - tzdata + # rpm-ostree + - rpm-ostree nss-altfiles + # firmware updates + - fwupd From eecff86d818d5598ba10796579993b6ab83cb4f4 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Mon, 16 Sep 2024 16:33:01 -0400 Subject: [PATCH 2/2] README: add "Tiers" section Describe each tier briefly. Link to the docs for more information. Mention that changes to tier-0 and tier-x needs acknowledgement from each variant. --- README.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/README.md b/README.md index c2b6f16..0d89821 100644 --- a/README.md +++ b/README.md @@ -28,6 +28,25 @@ See the `Containerfile` for more details. You are of course also free to fork, customize, and build base images yourself. See this page[6] of the documentation for more information. +## Tiers + +There are currently 3 tiers: +- **tier-0**: This image is more of a convenient centralization point for CI + and curation around a package set that we can all agree is the rough minimum + necessary for a usable system. It's not meant to be used as is, but layered + upon. +- **tier-1**: This image is much larger and notably includes networking and + firmwares. It's a good starting point onto which you can do less + customizations to get what you need. +- **tier-x**: This image is not intended for end-users. It's the shared base + used by all image-based Fedora variants (IoT, Atomic Desktops, and CoreOS). + Changes to this tier may be done without accounting for external users. + +Both **tier-1** and **tier-x** inherit from **tier-0**. + +All non-trivial changes to **tier-0** and **tier-x** should be ACKed by at least +one stakeholder of each Fedora variant WGs. + ## More information Documentation: