bottlerocket icon indicating copy to clipboard operation
bottlerocket copied to clipboard
verified publisher icon bottlerocket-os

host-containers: migrate to use config file

Open sam-berning opened this issue 1 year ago • 2 comments

Issue number:

Closes #3627

Description of changes:

Removes dependency on the API model from host-containers by changing it to use a config file rendered from the settings.

Testing done:

Built an aws-dev variant with my changes and tested that changes to the host-containers settings behaved as expected. The admin container started with my provided user data, and I was able to add a new test host container.

TODO: test that the migrations behave as expected

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

sam-berning avatar Feb 14 '24 19:02 sam-berning

^ update template to {{{ everything to keep it consistent with what we expected when reading directly from the API

sam-berning avatar Feb 14 '24 23:02 sam-berning

^ address @webern's comments

sam-berning avatar Feb 15 '24 22:02 sam-berning

^ testing summary:

  • [x] Ran cargo +nightly udeps to ensure all unused dependencies have been removed

  • [x] Pass the settings on first boot via userdata. Verify config.

    Enabled and configured the admin container in user data. cat'd the config file at /etc/host-containers/host-containers.toml and it contained the user data.

  • [x] cat /etc/os-release record your build ID include commit sha, record this

bash-5.1# cat /etc/os-release
...
VERSION="1.19.3 (aws-dev)"
...
BUILD_ID=1e9e8f3a
...
  • [x] Use apiclient to update relevant settings at runtime. Verify config was updated correctly.
bash-5.1# apiclient set --json '{"settings": {"host-containers": {"foo": {"source": "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.11.5", "enabled": true, "superpowered": true}}}}'
bash-5.1# cat /etc/host-containers/host-containers.toml
...
[host-containers."foo"]
source = "public.ecr.aws/bottlerocket/bottlerocket-admin:v0.11.5"
enabled = true
superpowered = true
  • [x] Downgrade to older version.
    • [x] verify connectivity
    • [x] cat /etc/os-release to verify lower version
    • [x] verify that migrations have changed the metadata/settings as expected (i.e. they are gone from the datastore, or lists have been changed back)
bash-5.1# updog update -i 1.19.2 -r -n
Starting update to 1.19.2
Reboot scheduled for Wed 2024-03-06 01:53:29 UTC, use 'shutdown -c' to cancel.
Update applied: aws-dev 1.19.2
# after reboot, was able to ssh successfully
bash-5.1# cat /etc/os-release
...
VERSION="1.19.2 (aws-dev)"
...
# no host-containers-toml config file, and it is removed from host-containers config files
bash-5.1# ls /var/lib/bottlerocket/datastore/current/live/configuration-files/ 
certdog-toml   containerd-config-toml  hostname				   metricdog-toml  motd		proxy-env
cfsignal-toml  docker-daemon-config    hosts				   modprobe-conf   netdog-toml	updog-toml
chrony-conf    host-ctr-toml	       log4j-hotpatch-enabled-log-message  modules-load    oci-hooks
bash-5.1# cat /var/lib/bottlerocket/datastore/current/live/services/host-containers/configuration-files 
["host-ctr-toml"]
  • [x] Upgrade to newer version.
    • [x] verify connectivity
    • [x] cat /etc/os-release to verify version
    • [x] verify config file
bash-5.1# updog update -i 1.19.3 -r -n
Starting update to 1.19.3
Reboot scheduled for Wed 2024-03-06 01:58:04 UTC, use 'shutdown -c' to cancel.
Update applied: aws-dev 1.19.3
# after reboot, was able to ssh successfully
bash-5.1# cat /etc/os-release
...
VERSION="1.19.3 (aws-dev)"
...
bash-5.1# cat /etc/host-containers/host-containers.toml
# looked as expected!

sam-berning avatar Mar 06 '24 02:03 sam-berning

Looks good to me as well

jmt-lab avatar Mar 06 '24 20:03 jmt-lab