Versions Compared

Version Old Version 4 New Version 5
Changes made by

Chris Tessmer

Chris Tessmer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Intent

Goals:

  1. Modular packages MUST install correctly from the SIMP ISO or the local mirror created from the SIMP ISO

  2. On systems with modular packages installed from the SIMP ISO that are configured to use the packages' original modular repositories or complete mirrors:

    1. ISO-installed modular packages MUST upgrade correctly

    2. ISO-installed modules and streams MUST integrate seamlessly

  3. ISO build process SHOULD continue to only include the packages it needs

Caveats:

  1. If necessary, the SIMP 6.6.0 ISO MAY mirror the entire base OS’s DVD AppStream/ repository if it would avoid delays to the SIMP 6.6.0 build process.

  2. However, the ISO MUST NOT mirror entire third-party modular repositories (like epel-modular) just to provide a few necessary packages from single streams (e.g., 389-directory-server:stable)

  3. The SIMP project’s RPMs/tarball MUST NOT require modularity for the SIMP 6.6.0 release (and probably never).

Constraints:

  • SIMP 6.6.0 will require RPMs from at least one module stream in the epel-modular repository: 389-directory-server:stable, in order to support 389ds.

  • DNF will refuse to install an RPM with a ModularityLabel header unless it can be associated with modular metadata from an available repo.

  • Building/rebuilding repos with the old createrepo command will destroy a repo’s modular metadata and make any modular RPMs unable to install

Conclusions:

In order to build SIMP ISOs that distribute modular RPMs:

  1. The ISO build process MUST distribute modular RPMs as “slim” subset of their original upstream repository’s module/streams.

    • If feasible, the “slimming” process SHOULD be generalized enough to apply to packages from external sources like epel-modular AND the base OS’s DVD AppStream/ repository.

    • Each “slim” modular streams' subsets MUST use the same name + stream + version + context + architecture (N:S:V:C:A) as their upstream sources, in order to maintain seamless interoperability.

  2. The old createrepo command MUST NOT EVER be run on a repo with modular packages/modulemd metadata. This applies to both the ISO’s build process and post-installation local tooling on SIMP systems.

    1. Status
      colourPurple
      titleTODO
      The ISO’s modular repositories MUST be built with modularity-aware tools, like createrepo_c or creatrerepo_mod from modulemd-tools.

  3. Once built, SIMP ISO “slim” repos' modulemd metadata MUST remain available to install their modular packages. The repos MUST NOT be mirrored or rebuilt without it:

    1. Status
      colourPurple
      titleTODO
      Local SIMP tooling that mirrors modular repositories MUST preserve modulemd metadata (e.g., dnf reposync --download-metadata )

    2. Status
      colourPurple
      titleTODO
      Local SIMP tooling MUST be changed to NEVER rebuild modular repositories with createrepo. This includes:

A “slim” subset for a reoi

enables the ISO to distribute installable epel-modular packages without distributing epel-modular's entire collection of modules x streams x packages.

Creating a modular repository with “slim” stream mirrors

Overview

  1. At the same time each modular RPM is acquired, save its source repo’s modulemd metadata.

  2. Use unique N:S:V:C:A combinations from the resulting modular RPMs to determine which “slim” module streams to reconstruct.

  3. For each unique “slim” modular stream: generate modulemd metadata for all relevant RPMs

  4. Combine all “slim” modules' modulemd data into a single data structure and write it to modules.yaml

  5. Rebuild the modular repository using createrepo_c (or createrepo_mod) with the new modules.yaml file

Implementing slim modular repos

...

Creating “slim” stream mirrors of modular RPM packages enables the SIMP ISO to support modularity while still mix/matching specific RPMs from various sources. For instance, it permits adding a few epel-modular packages without distributing epel-modular's entire collection of modules x streams x packages.

See https://simp-project.atlassian.net/wiki/pages/resumedraft.action?draftId=2193326084 for a summary of motivating challenges and requirements .

Process

The “slim” mirroring process must happen during/before the ISO build process.

  1. At the same time each modular RPM is acquired, save its source repo’s modulemd metadata.

  2. Use unique N:S:V:C:A combinations from the resulting modular RPMs to determine which “slim” module streams to reconstruct.

  3. For each unique “slim” modular stream: generate modulemd metadata for all relevant RPMs

  4. Combine all “slim” modules' modulemd data into a single data structure and write it to modules.yaml

  5. Rebuild the modular repository using createrepo_c (or createrepo_mod) with the new modules.yaml file

Implementing slim modular repos

...

Note

XML root is namespaced; causes XPath trouble

Modular RPM data/metadata to get/record/cache

At a minimum, a new field (only required for modular RPMs) that specifies the N:S (module:stream) for modular packages should be added to the build’s packages.yaml.

...

Problems that are probably solved

yumdownloader can’t see RPMs in modules/streams that aren’t enabled

  1. Status
    colourPurple
    titleTODO
    Add an optional field to packages.yaml entries to specify the N:S: for each modular RPM

  2. Status
    colourPurple
    titleTODO
    Identify and enable all unique N: from packages.yaml (fail if there are conflicting S:)

  3. Status
    colourPurple
    titleTODO
    dnf module enable each N:S: before beginning to use yumdownloader

  4. Status
    colourPurple
    titleTODO
    Individual yumdownloader runs can change repository mirrors, which may be out of sync with each other and have different modulemd data.

    1. Status
      colourPurple
      titleTODO
      Status
      colourRed
      titleunsolved?
      (When using the yumdownloader) the modulemd metadata must be fetched at the same time as the RPM is downloaded, in order to preserve the precise state of that RPM’s modular metadata.

A single RPM could be part of multiple streams in an upstream repository

Nothing in the modulemd data prevents this, so we need a way to determine the correct stream.

...

  1. Status
    colourPurple
    titleTODO
    Most BaseOS EL8 modules have a default stream; use that if it exists

  2. Status
    colourPurple
    titleTODO
    We could also default to the only stream.
    This is hacky, but it will work for EL8.3—Base OS (i.e., AppStream) modules without a default stream are currently very rare, and at the moment all of them have a single stream:

    Code Block
    # dnf module --disablerepo=\* --enablerepo=appstream list | grep -v '\[d\]'
CentOS Linux 8 - AppStream
Name                 Stream       Profiles                                 Summary                                                                
389-ds               1.4                                                   389 Directory Server (base)                                                                                                                                                                                               
libselinux-python    2.8          common                                   Python 2 bindings for libselinux                                                                                                                                                                                          
mod_auth_openidc     2.3                                                   Apache module suporting OpenID Connect authentication                                                                                                                                                                     
parfait              0.5          common                                   Parfait Module                                                                                                                                                                                                            
pki-core             10.6                                                  PKI Core module for PKI 10.6 or later                                                                                                                                                                                     
pki-deps             10.6                                                  PKI Dependencies module for PKI 10.6 or later

  3. (question)

    Status
    colourBlue
    titleNOT IN 6.6.0
    Status
    colourRed
    titleunsolved
    This leaves open the future edge-case where we include RPMs that will fail when we need an RPM from one of the Base OS modules above that have multiple streams but don’t have a default stream (current population: 0).

    • Status
      colourBlue
      titleNOT IN 6.6.0
      We should probably have a way of formally declaring N:S for *pkglist.txt Base OS RPMs in the future. Some possibilities:

      • A separate *pkglist.modularity.txt file

      • N:S-declaring directives in the comments of *pkglist.txt

      • Could this be combined with packages.yaml? (not without a major rewrite)

Unsolved problems

What are the “Fetch RPM” flow differences between Base OS (prune_packages) & External (yumdownloader) packages?

(warning)(minus) When running yumdownloader, how can we get the RPM’s source repo’s modulemd data?

This is easy to do by hand for an individual package, but I’m not sure how to automate it yet. Here are some options:

  1. Option 1: see if yumdownloader can be convinced to display it, like --urls (haven’t found it yet)

  2. Option 2: walk up the dir tree until we find metadata (hacky, expensive)

  3. Option 3: find/define the DNF cache and somehow fish out the modulemd data for that specific package

(minus) Separate yumdownloader runs may result in RPMs for the same N:S having different N:S:V:C:A

Different RPMs could be sourced from different versions (V:) of the same module stream if yumdownloader pulls them from different repo mirrors that are out of sync with each other. Using the heuristic of a “slim” module stream per unique N:S:V:C:A , this would result in multiple module streams instead of one.

...

  1. There’s a (staggeringly) remote change that the newer stream version dropped package(s) or one of its packages has a new dependency

  2. The slim repo will use one N:S:V or the other, but neither upstream precisely matches its RPMs. After re-integrating with the full upstream repo or mirror, DNF might miss an update by deciding it already know the stream version resolve using the wrong stream version for some of the packages, to the wrong versions, miss updates

  3. There may be other reasons to do with inter-modular dependencies.

  4. TL;DR: Not sure if failing is the best way forward—input welcome.

Are there conditions where streams don’t provide C:A information when packages are noarch?

No. By the time they are built, they will have a context and arch.

Undecided

[Should/how to] persist cached modulemd metadata for already-downloaded RPMs between builds?

The current yumdownloader process

True or false: “Any mirrored “slim” module MUST NOT have multiple streams”

  1. (question) This sounds reasonable, but is it actually true?

  2. It’s impossible to install multiple streams on a single SIMP server, but do we think we’d need to package multiple “slim” module streams for agents?

    1. My current inclination is to assume “no.” Given our approach toward modularity in general, that seems like a really edgy edge case.

...