Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Detect support for fuse-overlayfs #198

Merged
merged 3 commits into from
Dec 12, 2024
Merged

Detect support for fuse-overlayfs #198

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
650f81c
Fix home directory ownership so that podman 5 does not error
Dec 10, 2024
e104fb2
add logic to detect fuse-overlayfs support
Dec 10, 2024
fa6ea3f
update formatting to match
Dec 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 0 additions & 5 deletions base/ubi9/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,11 +117,6 @@ RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers; \
touch /var/lib/shared/overlay-images/images.lock; \
touch /var/lib/shared/overlay-layers/layers.lock

# But use VFS since not all environments support overlay with Fuse backend
RUN mkdir -p "${HOME}"/.config/containers && \
(echo '[storage]';echo 'driver = "vfs"') > "${HOME}"/.config/containers/storage.conf && \
chown -R 10001 "${HOME}"/.config

# Add kubedock
ENV KUBEDOCK_VERSION 0.17.0
ENV KUBECONFIG=/home/user/.kube/config
Expand Down
10 changes: 10 additions & 0 deletions base/ubi9/entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,16 @@ if [ ! -d "${HOME}" ]; then
mkdir -p "${HOME}"
fi

# Configure container builds to use vfs or fuse-overlayfs
if [ ! -d "${HOME}/.config/containers" ]; then
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dkwon17 with this change we should probably update the docs as well, right?
e.g. https://docs.redhat.com/en/documentation/red_hat_openshift_dev_spaces/3.17/html-single/user_guide/index?extIdCarryOver=true&sc_cid=701f2000001Css5AAC#enabling-overlay-with-a-configmap
Now UDI will be smart enough to detect fuse automatically

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ibuziuk , yes, a configmap will not be needed anymore if the tooling container image is based on ubi/udi

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What happens if persistent home is enabled and fuse-overlayfs gets disabled? Would ${HOME}/.config/containers/storage.conf need to be rewritten? Would the outer if block stop that from happening?

Copy link
Contributor Author

@cgruver cgruver Dec 11, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The only way to disable fuse-overlayfs would be to apply a machine-config to the cluster, so I would say it's not likely. And if it did happen, that would be a disruptive change.

The reason that I put the first if block there is to not overwrite any existing podman config. The user might have added additional config to storage.conf which we would not want to clobber on a workspace restart.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The if block could be a bit more targeted to look specifically for storage.conf I suppose.

if [ ! -f "${HOME}/.config/containers/storage.conf" ]; then

But, there are valid configs where there is no storage.conf file, but other content under ${HOME}/.config/containers. Which is why I just check for the existence of the directory, not the file.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@cgruver that makes sense, thanks!

Copy link
Contributor Author

@cgruver cgruver Dec 11, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: As of OCP 4.15 /dev/fuse is available for leaking into a container OOTB. No cluster change required.

With OCP 4.17 /dev/net/tun is also available.

Pod annotation: io.kubernetes.cri-o.Devices: "/dev/fuse,/dev/net/tun"

So, to disable fuse-overlayfs support would require disruptive intervention on the part of cluster admins.

mkdir -p ${HOME}/.config/containers
if [ -c "/dev/fuse" ] && [ -f "/usr/bin/fuse-overlayfs" ]; then
(echo '[storage]';echo 'driver = "overlay"';echo '[storage.options.overlay]';echo 'mount_program = "/usr/bin/fuse-overlayfs"') > ${HOME}/.config/containers/storage.conf
else
(echo '[storage]';echo 'driver = "vfs"') > "${HOME}"/.config/containers/storage.conf
fi
fi

# Setup $PS1 for a consistent and reasonable prompt
if [ -w "${HOME}" ] && [ ! -f "${HOME}"/.bashrc ]; then
echo "PS1='[\u@\h \W]\$ '" > "${HOME}"/.bashrc
Expand Down
Loading