Jbtrystram (talk | contribs) No edit summary |
|||
| (3 intermediate revisions by 2 users not shown) | |||
| Line 11: | Line 11: | ||
* Name/Email: [[jbtrystram | Jean-Baptiste Trystram]], jbtrystram@redhat.com | * Name/Email: [[jbtrystram | Jean-Baptiste Trystram]], jbtrystram@redhat.com | ||
* Name/Email: [[User:Siosm| Timothée Ravier]], siosm@fedoraproject.org | * Name/Email: [[User:Siosm| Timothée Ravier]], siosm@fedoraproject.org | ||
* Name/Email: [[jlebon|Jonathan Lebon]], jonathan@jlebon.com | * Name/Email: [[User:jlebon|Jonathan Lebon]], jonathan@jlebon.com | ||
* Name/Email: [[User:Dustymabe|Dusty Mabe]], dusty@dustymabe.com | * Name/Email: [[User:Dustymabe|Dusty Mabe]], dusty@dustymabe.com | ||
== Current status == | == Current status == | ||
[[Category: | [[Category:ChangeReadyForWrangler]] | ||
<!-- When your change proposal page is completed and ready for review and announcement --> | <!-- When your change proposal page is completed and ready for review and announcement --> | ||
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler --> | <!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler --> | ||
| Line 81: | Line 81: | ||
Once the changes are ready, it will be possible to test it on the '''next''' stream before it gets rolled out there. This can be done by switching a '''next''' node from the OSTree remote to the OCI remote: | Once the changes are ready, it will be possible to test it on the '''next''' stream before it gets rolled out there. This can be done by switching a '''next''' node from the OSTree remote to the OCI remote: | ||
rpm-ostree rebase ostree-remote-image:fedora:registry:quay.io/fedora/fedora-coreos:$NEXT_VERSION | |||
where `$NEXT_VERSION` is a tag for a '''next''' release that's _not_ the latest. Then, watch Zincati fetch the latest '''next''' release using OCI. | where `$NEXT_VERSION` is a tag for a '''next''' release that's _not_ the latest. Then, watch Zincati fetch the latest '''next''' release using OCI. | ||
| Line 108: | Line 108: | ||
<!-- Is there upstream documentation on this change, or notes you have written yourself? Link to that material here so other interested developers can get involved. --> | <!-- Is there upstream documentation on this change, or notes you have written yourself? Link to that material here so other interested developers can get involved. --> | ||
https://github.com/coreos/fedora-coreos-tracker/issues/1823 | We will update the Fedora CoreOS documentation alongside the transition. This is currently tracked in: https://github.com/coreos/fedora-coreos-tracker/issues/1823. | ||
== Release Notes == | == Release Notes == | ||
Latest revision as of 16:31, 14 January 2025
Move Fedora CoreOS updates from OSTree to OCI
This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee.
Summary
Change Fedora CoreOS to receive updates from quay.io/fedora/fedora-coreos instead of the Fedora OSTree repository.
Owner
- Name/Email: Jean-Baptiste Trystram, jbtrystram@redhat.com
- Name/Email: Timothée Ravier, siosm@fedoraproject.org
- Name/Email: Jonathan Lebon, jonathan@jlebon.com
- Name/Email: Dusty Mabe, dusty@dustymabe.com
Current status
- Targeted release: Fedora Linux 42
- Last updated: 2025-01-14
- [<link to devel-announce post will be added by Wrangler> Announced]
- [<will be assigned by the Wrangler> Discussion thread]
- FESCo issue: <will be assigned by the Wrangler>
- Tracker bug: <will be assigned by the Wrangler>
- Release notes tracker: <will be assigned by the Wrangler>
Detailed Description
Currently, Fedora CoreOS hosts pull updates from the OSTree repository. With this change, the hosts will pull updates from the Quay.io container registry instead. At first, this should be a transparent change. We will notably keep using rpm-ostree for updates (and not yet bootc).
This is preliminary work to switching to bootc to manage the system and will enable us to deliver the following changes in the future:
- Moving from rpm-ostree to bootc, which only supports OCI.
- Better support for mirroring updates in disconnected setups.
- Moving away from maintaining a Cincinnati server towards having the graph live in an OCI registry alongside the update payload. This also allows users to maintain their own update graphs.
- Users will be able to create their own customized versions of Fedora CoreOS by building a derived container image.
Feedback
None yet.
Benefit to Fedora
Alignment with the work happening in the Bootable Containers initiative.
Scope
- Proposal owners:
- Publish an upgrade graph containing the digest pullspec for each FCOS release. This mirrors the current update graph containing the same information, but pointing at OSTree commit checksums.
- Change new nodes on
nextto use OCI from the start. - After a number of FCOS releases, ship a migration script to switch existing
nextnodes to use OCI. - Repeat the last two steps for
testing, and thenstable. - Down the line, stop publishing new OSTree commits to the OSTree repo. This will not happen until at least f43.
- Other developers: N/A (not needed for this Change)
- Release engineering: N/A (not needed for this Change)
- Policies and guidelines: N/A (not needed for this Change)
- Trademark approval: N/A (not needed for this Change)
- Alignment with the Fedora Strategy:
- Part of the work to align with Bootable Containers
Upgrade/compatibility impact
We will issue a barrier release to migrate users to switch to OCI images.
How To Test
Once the changes are ready, it will be possible to test it on the next stream before it gets rolled out there. This can be done by switching a next node from the OSTree remote to the OCI remote:
rpm-ostree rebase ostree-remote-image:fedora:registry:quay.io/fedora/fedora-coreos:$NEXT_VERSION
where $NEXT_VERSION is a tag for a next release that's _not_ the latest. Then, watch Zincati fetch the latest next release using OCI.
User Experience
This change won't be visible to users running auto-updates, except cosmetic changes in rpm-ostree status output.
Contingency Plan
Revert the change to switch back to the OSTree repo. Both will be active until the Fedora 43 release.
Documentation
We will update the Fedora CoreOS documentation alongside the transition. This is currently tracked in: https://github.com/coreos/fedora-coreos-tracker/issues/1823.