Discussion thread - https://discussion.fedoraproject.org/t/f42-change-proposal-move-fedora-coreos-updates-from-ostree-to-oci-self-contained/142515
== Summary ==
Change Fedora CoreOS to receive updates from quay.io/fedora/fedora-coreos instead of the Fedora OSTree repository.
== Owner ==
* Name/Email: [[jbtrystram | Jean-Baptiste Trystram]], jbtrystram@xxxxxxxxxx
* Name/Email: [[User:Siosm| Timothée Ravier]], siosm@xxxxxxxxxxxxxxxxx
* Name/Email: [[User:jlebon|Jonathan Lebon]], jonathan@xxxxxxxxxx
* Name/Email: [[User:Dustymabe|Dusty Mabe]], dusty@xxxxxxxxxxxxx
== Detailed Description ==
Currently, Fedora CoreOS hosts pull updates from the OSTree repository. With this change, the hosts will pull updates from the Quay.io container registry instead. At first, this should be a transparent change. We will notably keep using rpm-ostree for updates (and not yet bootc).
This is preliminary work to switching to bootc to manage the system and will enable us to deliver the following changes in the future:
* Moving from rpm-ostree to bootc, which only supports OCI.
* Better support for mirroring updates in disconnected setups.
* Moving away from maintaining a Cincinnati server towards having the graph live in an OCI registry alongside the update payload. This also allows users to maintain their own update graphs.
* Users will be able to create their own customized versions of Fedora CoreOS by building a derived container image.
== Feedback ==
None yet.
== Benefit to Fedora ==
Alignment with the work happening in the [https://https://docs.fedoraproject.org/en-US/bootc/getting-started/#_what_is_a_bootable_container Bootable Containers] initiative.
== Scope ==
* Proposal owners:
** Publish an upgrade graph containing the digest pullspec for each FCOS release. This mirrors the current update graph containing the same information, but pointing at OSTree commit checksums.
** Change new nodes on `next` to use OCI from the start.
** After a number of FCOS releases, ship a migration script to switch existing `next` nodes to use OCI.
** Repeat the last two steps for `testing`, and then `stable`.
** Down the line, stop publishing new OSTree commits to the OSTree repo. This will not happen until at least f43.
* Other developers: N/A (not needed for this Change)
* Release engineering: N/A (not needed for this Change)
* Policies and guidelines: N/A (not needed for this Change)
* Trademark approval: N/A (not needed for this Change)
* Alignment with the Fedora Strategy:
** Part of the work to align with Bootable Containers
== Upgrade/compatibility impact ==
We will issue a barrier release to migrate users to switch to OCI images.
== How To Test ==
Once the changes are ready, it will be possible to test it on the '''next''' stream before it gets rolled out there. This can be done by switching a '''next''' node from the OSTree remote to the OCI remote:
rpm-ostree rebase ostree-remote-image:fedora:registry:quay.io/fedora/fedora-coreos:$NEXT_VERSION
where `$NEXT_VERSION` is a tag for a '''next''' release that's _not_ the latest. Then, watch Zincati fetch the latest '''next''' release using OCI.
== User Experience ==
This change won't be visible to users running auto-updates, except cosmetic changes in `rpm-ostree status` output.
== Contingency Plan ==
Revert the change to switch back to the OSTree repo. Both will be active until the Fedora 43 release.
== Documentation ==
Change Fedora CoreOS to receive updates from quay.io/fedora/fedora-coreos instead of the Fedora OSTree repository.
== Owner ==
* Name/Email: [[jbtrystram | Jean-Baptiste Trystram]], jbtrystram@xxxxxxxxxx
* Name/Email: [[User:Siosm| Timothée Ravier]], siosm@xxxxxxxxxxxxxxxxx
* Name/Email: [[User:jlebon|Jonathan Lebon]], jonathan@xxxxxxxxxx
* Name/Email: [[User:Dustymabe|Dusty Mabe]], dusty@xxxxxxxxxxxxx
== Detailed Description ==
Currently, Fedora CoreOS hosts pull updates from the OSTree repository. With this change, the hosts will pull updates from the Quay.io container registry instead. At first, this should be a transparent change. We will notably keep using rpm-ostree for updates (and not yet bootc).
This is preliminary work to switching to bootc to manage the system and will enable us to deliver the following changes in the future:
* Moving from rpm-ostree to bootc, which only supports OCI.
* Better support for mirroring updates in disconnected setups.
* Moving away from maintaining a Cincinnati server towards having the graph live in an OCI registry alongside the update payload. This also allows users to maintain their own update graphs.
* Users will be able to create their own customized versions of Fedora CoreOS by building a derived container image.
== Feedback ==
None yet.
== Benefit to Fedora ==
Alignment with the work happening in the [https://https://docs.fedoraproject.org/en-US/bootc/getting-started/#_what_is_a_bootable_container Bootable Containers] initiative.
== Scope ==
* Proposal owners:
** Publish an upgrade graph containing the digest pullspec for each FCOS release. This mirrors the current update graph containing the same information, but pointing at OSTree commit checksums.
** Change new nodes on `next` to use OCI from the start.
** After a number of FCOS releases, ship a migration script to switch existing `next` nodes to use OCI.
** Repeat the last two steps for `testing`, and then `stable`.
** Down the line, stop publishing new OSTree commits to the OSTree repo. This will not happen until at least f43.
* Other developers: N/A (not needed for this Change)
* Release engineering: N/A (not needed for this Change)
* Policies and guidelines: N/A (not needed for this Change)
* Trademark approval: N/A (not needed for this Change)
* Alignment with the Fedora Strategy:
** Part of the work to align with Bootable Containers
== Upgrade/compatibility impact ==
We will issue a barrier release to migrate users to switch to OCI images.
== How To Test ==
Once the changes are ready, it will be possible to test it on the '''next''' stream before it gets rolled out there. This can be done by switching a '''next''' node from the OSTree remote to the OCI remote:
rpm-ostree rebase ostree-remote-image:fedora:registry:quay.io/fedora/fedora-coreos:$NEXT_VERSION
where `$NEXT_VERSION` is a tag for a '''next''' release that's _not_ the latest. Then, watch Zincati fetch the latest '''next''' release using OCI.
== User Experience ==
This change won't be visible to users running auto-updates, except cosmetic changes in `rpm-ostree status` output.
== Contingency Plan ==
Revert the change to switch back to the OSTree repo. Both will be active until the Fedora 43 release.
== Documentation ==
We will update the Fedora CoreOS documentation alongside the transition. This is currently tracked in: https://github.com/coreos/fedora-coreos-tracker/issues/1823.
== Release Notes ==
== Release Notes ==
--
-- _______________________________________________ devel-announce mailing list -- devel-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
-- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
