Line 48: | Line 48: | ||
There are currently no support for downloading OCI artifacts with podman and the feature is being discussed upstream, however, Fedora contains `golang-oras` tool which understands the OCI artifact format. This tool can be used by Fedora users to consume the content: | There are currently no support for downloading OCI artifacts with podman and the feature is being discussed upstream, however, Fedora contains `golang-oras` tool which understands the OCI artifact format. This tool can be used by Fedora users to consume the content: | ||
<pre> | |||
$ oras pull quay.io/lzapletal/fedora-bootfiles:40-amd64 | $ oras pull quay.io/lzapletal/fedora-bootfiles:40-amd64 | ||
Downloaded 80c3fe2ae106 boot.iso | Downloaded 80c3fe2ae106 boot.iso | ||
Downloaded a3b7052d7b2f grubx64.efi | Downloaded a3b7052d7b2f grubx64.efi | ||
Downloaded fff4b2feeef3 pxelinux.0 | Downloaded fff4b2feeef3 pxelinux.0 | ||
Downloaded 4773d74d87c2 shimx64.efi | Downloaded 4773d74d87c2 shimx64.efi | ||
Downloaded 09cf5df01619 vmlinuz | Downloaded 09cf5df01619 vmlinuz | ||
Line 65: | Line 59: | ||
Pulled quay.io/lzapletal/fedora-bootfiles:40-amd64 | Pulled quay.io/lzapletal/fedora-bootfiles:40-amd64 | ||
Digest: sha256:0306e10fd556e12ce8c3674150bceb88c0917b74b63c37eecc17070b3b30003b | Digest: sha256:0306e10fd556e12ce8c3674150bceb88c0917b74b63c37eecc17070b3b30003b | ||
</pre> | |||
There is a [https://github.com/pulp/netboot-oci-specs/blob/main/netboot-oci-artifacts.md manifest specification] of such content describing required annotations. | There is a [https://github.com/pulp/netboot-oci-specs/blob/main/netboot-oci-artifacts.md manifest specification] of such content describing required annotations. |
Revision as of 12:50, 10 September 2024
Distributing Kickstart Files as OCI Artifacts
Summary
Fedora distributed as bootable container ships via OCI registry. Installation is typically done by conversion into a VM image or ISO installer via osbuild (image builder), however, booting from network is a useful workflow for bare-metal fleet deployments. Required files to perform such installation are not available in the OCI repository.
Owner
- Name: Ina Panova, Lukáš Zapletal
- Email: <ipanova@redhat.com>, <lzap@redhat.com>
Current status
- Targeted release: Fedora Linux 42
- Last updated: 2024-09-10
- [Announced]
- [<will be assigned by the Wrangler> Discussion thread]
- FESCo issue: <will be assigned by the Wrangler>
- Tracker bug: <will be assigned by the Wrangler>
- Release notes tracker: <will be assigned by the Wrangler>
Detailed Description
Fedora bootable container is shipped via OCI registries without any supplementary files for automated kickstart installations. The files needed for this workflow are typically: bootloader, anaconda kernel, initramdisk and anaconda main image. These files can be found in regular Fedora RPM repository, for example in case of x86_64 architecture:
Some files are distributed unsigned in the images/
directory, others are signed and need to be extracted from RPM packages. A complete ISO "netboot" image is also available for network installations, the image can be customized using mkksiso
tool found in Fedora.
The main goal of this change is to start publishing the mentioned file as OCI commits or also known OCI artifacts for each Fedora version and architecture. Buildah/Podman will be used for creating such manifest and pushing it to OCI registry.
There are currently no support for downloading OCI artifacts with podman and the feature is being discussed upstream, however, Fedora contains golang-oras
tool which understands the OCI artifact format. This tool can be used by Fedora users to consume the content:
$ oras pull quay.io/lzapletal/fedora-bootfiles:40-amd64 Downloaded 80c3fe2ae106 boot.iso Downloaded a3b7052d7b2f grubx64.efi Downloaded fff4b2feeef3 pxelinux.0 Downloaded 4773d74d87c2 shimx64.efi Downloaded 09cf5df01619 vmlinuz Downloaded 8ea1dd040e97 initrd.img Restored 80c3fe2ae106 install.img Pulled quay.io/lzapletal/fedora-bootfiles:40-amd64 Digest: sha256:0306e10fd556e12ce8c3674150bceb88c0917b74b63c37eecc17070b3b30003b
There is a manifest specification of such content describing required annotations.
Feedback
Benefit to Fedora
Scope
- Proposal owners:
- Other developers:
- Release engineering: #Releng issue number
- Policies and guidelines: N/A (not needed for this Change)
- Trademark approval: N/A (not needed for this Change)
- Alignment with the Fedora Strategy:
Upgrade/compatibility impact
Early Testing (Optional)
Do you require 'QA Blueprint' support? Y/N
How To Test
User Experience
Dependencies
Contingency Plan
- Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
- Contingency deadline: N/A (not a System Wide Change)
- Blocks release? N/A (not a System Wide Change), Yes/No
Documentation
N/A (not a System Wide Change)