Skip to main content

First 3 Days with bootc

I decided to spend some time playing with bootc. Mostly I'm inspired by the following articles: 


Day 1

To install bootc in a VM I need an image. bootc-image-builder requires root and I don't want to run this on the host. So I chose CoreOS as the inital system and installed it to QEMU.

I thought it is a great idea to share a folder from host to guest as podman container storage. However, it was not as smooth as I had expected:

  • virtiofsd on Debian is too old, so I set up NFS.
  • rootless podman doesn't work well with NFS.
  • rootfull podman complains upstream fs of overlayfs missing features, the performance was terrible.
I gave up. I guess I'll just use the CoreOS disk, whose size is 10G, not enough.


Day 2

I didn't find a way of resizing a qcow2 image online. On the other hand I figured maybe I don't need build a disk image after all. CoreOS is already based on ostree, maybe I can use `bootc switch`. This is essentially the same approach as in the first blog post.

`bootc switch` just works, it can reboot, but I cannot login (ssh or local). Fortunately (and quite nicely), I can rollback ostree even without logging in, because I can do that with grub.

I suspect it is because some files are overriding the files in the image.


Day 3

I learned that QEMU has builtin samba support, which is much easier to use than NFS.

Eventually I found that it was SELinux that has been messing up. With `restorecon -R` I could login from QEMU terminal, but not ssh. After logging in, `bootc status` threw an error about /boot, so I guess I needed `bootc install` afte rall.

So I just went back to the original solution, just resize the CoreOS image and build bootc image inside CoreOS. It worked this time.

Now I need to complete the loop, the new bootc OS should build itself and automatically update itself. And a few more things to fix:

- /etc/fstab does not work if modified when building the container, I need to create systemd mount files for mounts

- /etc/hostname does not work if modified when building the container, I need to set it after each boot

- Unlike `bootc install`, `bootc-image-builder` does not provide flags to override the bootc repository, so I need to set it after boot

- Transient etc sounds like a good idea, but I'll need to manually configure /boot. I'd like to enable it when the official doc explains more details.


Conclusion:

bootc works and its quite fun. But unfortunately I didn't find a way of actually using it in production yet:

  • I could put it into a VM, but sharing files between host and VM is not pretty at the moment (on Debian stable)
  • I don't trust it as my main server yet, and I don't have other machine to which I can install bootc bare-metal.

I think later I'll spend more time trying to tinker with it.

Labels:

Comments

Post a Comment

Popular posts from this blog

Exploring Immutable Distros and Declarative Management

My current server setup, based on Debian Stable and Docker, has served me reliably for years. It's stable, familiar, and gets the job done. However, an intriguing article I revisited recently about Fedora CoreOS, rpm-ostree, and OSTree native containers sparked my curiosity and sent me down a rabbit hole exploring alternative approaches to system management. Could there be a better way? Core Goals & Requirements Before diving into new technologies, I wanted to define what "better" means for my use case: The base operating system must update automatically and reliably. Hosted services (applications) should be updatable either automatically or manually, depending on the service. Configuration and data files need to be easy to modify, and crucially, automatically tracked and backed up. Current Setup: Debian Stable + Docker My current infrastructure consists of several servers, all running Debian Stable. System Updates are andled automatically via unattended-upgrades. Se...
Post a Comment
Read More »

A Rocky Migration: Moving from docker-compose to Podman and gVisor

I've been running a few containers for several years. They were all running under rootless Docker with a single user. Initially, I planned to  migrate the containers to VMs , but I couldn't get a stable workflow after about two months of effort. Later,  gVisor caught my attention , and I decided to migrate to Podman with gVisor instead. The new plan is to run each container with  --userns=auto  and use Quadlet for systemd integration. This approach provides better isolation and makes writing firewall rules easier. I'm now close to migrating all my containers. Here are a couple of rough edges I'd like to share. Network Layout I compared  various networking options  and spent a few hours trying the one-interface-per-group approach before giving up. I settled on a single macvlan network and decided to use static IP addresses for my containers. To prevent a randomly assigned IP address from conflicting with a predefined one, I allocated a large IP range for my ...
Post a Comment
Read More »

Determine Perspective Lines With Off-page Vanishing Point

In perspective drawing, a vanishing point represents a group of parallel lines, in other words, a direction. For any point on the paper, if we want a line towards the same direction (in the 3d space), we simply draw a line through it and the vanishing point. But sometimes the vanishing point is too far away, such that it is outside the paper/canvas. In this example, we have a point P and two perspective lines L1 and L2. The vanishing point VP is naturally the intersection of L1 and L2. The task is to draw a line through P and VP, without having VP on the paper. I am aware of a few traditional solutions: 1. Use extra pieces of paper such that we can extend L1 and L2 until we see VP. 2. Draw everything in a smaller scale, such that we can see both P and VP on the paper. Draw the line and scale everything back. 3. Draw a perspective grid using the Brewer Method. #1 and #2 might be quite practical. #3 may not guarantee a solution, unless we can measure distances/p...
3 comments
Read More »