forked from eranco74/ib-orchestrate-vm
-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathostree-var-lib-containers-machineconfig.yaml
101 lines (96 loc) · 4.81 KB
/
ostree-var-lib-containers-machineconfig.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
labels:
machineconfiguration.openshift.io/role: master
name: 98-var-lib-containers
spec:
config:
ignition:
version: 3.1.0
storage:
files:
# Configuration so crio wont delete the contents of /var/lib/containers on startup
- contents:
source: data:text/plain;charset=utf-8;base64,W2NyaW9dCmNsZWFuX3NodXRkb3duX2ZpbGUgPSAiIgo=
mode: 420
path: /etc/crio/crio.conf.d/99-crio-disable-wipe.toml
- mode: 493
path: /usr/local/bin/create_shared_containers_dir.sh
contents:
source: data:text/plain;charset=utf-8;base64,IyEvdXNyL2Jpbi9lbnYgYmFzaAojCiMgVGhpcyBzY3JpcHQgd2lsbCBjcmVhdGUgdW5kZXIgL3N5c3Jvb3QgYSBkaXJlY3RvcnkgdGhhdCB3aWxsIGJlIHVzZWQgdG8gc2hhcmUKIyBjb250YWluZXJzIGJldHdlZW4gdGhlIGRpZmZlcmVudCBzdGF0ZXJvb3RzCiMKc2V0IC14CmRpcj1jb250YWluZXJzCiMgSWYgdGhlIGRlc3RpbmF0aW9uIHNoYXJlZCBkaXIgZG9lcyBub3QgZXhpc3QsIHdlIG5lZWQgdG8gY3JlYXRlIGl0CmlmIFtbICEgLWQgL3N5c3Jvb3QvIiRkaXIiIF1dOyB0aGVuCiAgIGVjaG8gIi9zeXNyb290LyRkaXIgbm90IGV4aXN0aW5nLCBjcmVhdGluZyIKICAgZWNobyAiRnJlZWluZyBzcGFjZSBpbiBwcmV2aW91cyAvdmFyL2xpYi9jb250YWluZXJzIgogICAjIEZpcnN0IHdlIHdpbGwgZGVsZXRlIHRoZSBjb250ZW50cyBvZiB0aGUgb2xkIC92YXIvbGliL2NvbnRhaW5lcnMgdG8gbm90CiAgICMgaGF2ZSBoaWRkZW4gdXNlZCBzcGFjZSwgc2luY2Ugd2Ugd2lsbCBtb3VudCBvbiB0b3Agb2YgaXQKICAgcm0gLWZyIC92YXIvbGliL2NvbnRhaW5lcnMvKgogICBtb3VudCAvc3lzcm9vdCAtbyByZW1vdW50LHJ3CiAgICMgV2l0aCBzb21lIHZlcnNpb25zIG9mIG9zdHJlZSB0aGUgc3lzcm9vdCBkaXJlY3RvcnkgaGFzIHRoZSBpbW11dGFibGUKICAgIyBhdHRyaWJ1dGUsIHNvIGluIGNhc2UgaXQgaXMgcHJlc2VudCwgd2UgbmVlZCB0byByZW1vdmUgaXQsIGFuZCBvbmNlIHdlCiAgICMgY3JlYXRlZCB0aGUgZGlyZWN0b3J5LCB3ZSBjYW4gc2V0IGl0IGJhY2sKICAgaWYgbHNhdHRyIC1kIC9zeXNyb290IHwgY3V0IC1kICcgJyAtZiAxIHwgZ3JlcCBpOyB0aGVuCiAgICAgICBjaGF0dHIgLWkgL3N5c3Jvb3QKICAgICAgIG1rZGlyIC1wICIvc3lzcm9vdC8kZGlyIgogICAgICAgY2hhdHRyICtpIC9zeXNyb290CiAgIGVsc2UKICAgICAgIG1rZGlyIC1wICIvc3lzcm9vdC8kZGlyIgogICBmaQogICBjaGNvbiAtLXJlZmVyZW5jZT0vdmFyL2xpYi9jb250YWluZXJzICIvc3lzcm9vdC8kZGlyIgpmaQoK
# Contents of create_shared_containers_dir.sh script:
#
##!/usr/bin/env bash
##
## This script will create under /sysroot a directory that will be used to share
## containers between the different stateroots
##
#set -x
#dir=containers
## If the destination shared dir does not exist, we need to create it
#if [[ ! -d /sysroot/"$dir" ]]; then
# echo "/sysroot/$dir not existing, creating"
# echo "Freeing space in previous /var/lib/containers"
# # First we will delete the contents of the old /var/lib/containers to not
# # have hidden used space, since we will mount on top of it
# rm -fr /var/lib/containers/*
# mount /sysroot -o remount,rw
# # With some versions of ostree the sysroot directory has the immutable
# # attribute, so in case it is present, we need to remove it, and once we
# # created the directory, we can set it back
# if lsattr -d /sysroot | cut -d ' ' -f 1 | grep i; then
# chattr -i /sysroot
# mkdir -p "/sysroot/$dir"
# chattr +i /sysroot
# else
# mkdir -p "/sysroot/$dir"
# fi
# chcon --reference=/var/lib/containers "/sysroot/$dir"
#fi
# We need to run several things in the proper order. We will use systemd dependencies to achieve it
systemd:
units:
# First we run the above script to create the /sysroot/containers directory if it does not exist already
- contents: |
[Unit]
Description=Create /sysroot/containers
After=var.mount
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/unshare -m /usr/local/bin/create_shared_containers_dir.sh
[Install]
WantedBy=local-fs.target
enabled: true
name: create-shared-containers.service
# Then we can bind mount that directory in /var/lib/containers
- contents: |
[Unit]
Description=Mount /sysroot/containers to /var/lib/containers
After=create-shared-containers.service
Wants=create-shared-containers.service
DefaultDependencies=no
[Mount]
What=/sysroot/containers
Where=/var/lib/containers
Options=bind
[Install]
WantedBy=local-fs.target
enabled: true
name: var-lib-containers.mount
# Since sysroot is read-only, the bind mount we just did will also be read-only.
# We will remount it readwrite
- contents: |
[Unit]
Description=Remount /var/lib/containers readwrite
After=var-lib-containers.mount
Wants=var-lib-containers.mount
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/bin/mount -o remount,rw /var/lib/containers
[Install]
WantedBy=local-fs.target
enabled: true
name: remount-var-lib-containers.service