Closed rhatdan closed 11 months ago
This is needed to fix https://github.com/containers/podman/issues/16930
Likely related blog posts:
I'm +1 in general.
We'll likely discuss more in the community meeting. Could you join us this week or the next?
What are the stability / compatibility guarantee for WASM? I don't know much about it so not sure if that question even makes sense.
I can join, when is it? Do you have a calendar invite/reminder. @flouthoc @giuseppe should also join.
16:30 UTC on Wednesdays: https://github.com/coreos/fedora-coreos-tracker#meetings
I guess that is up to @flouthoc and @giuseppe
Note that today's meeting will be over video: https://lists.fedoraproject.org/archives/list/coreos@lists.fedoraproject.org/thread/UFC25ERR5I3G5HQZ5QUUCQGZ2VNTB3BI/
One concern I have is that /usr/bin/wasmedge
would also become something that (in theory) users/scripts and other code could depend on, and if we plan to switch crun
over to a different runtime, then if implemented in the obvious way it would result in wasmedge being removed later.
Options:
/usr/libexec/wasmedge
Currently, it seems to pull in Python:
[root@cosa-devsh ~]# rpm-ostree install crun-wasm
...
Added:
crun-wasm-1.7.2-1.fc37.x86_64
fmt-9.1.0-1.fc37.x86_64
libb2-0.98.1-7.fc37.x86_64
libgomp-12.2.1-4.fc37.x86_64
libxcrypt-compat-4.4.33-3.fc37.x86_64
lld-15.0.6-1.fc37.x86_64
lld-libs-15.0.6-1.fc37.x86_64
llvm-15.0.6-1.fc37.x86_64
llvm-libs-15.0.6-1.fc37.x86_64
mpdecimal-2.5.1-4.fc37.x86_64
python-pip-wheel-22.2.2-3.fc37.noarch
python-setuptools-wheel-62.6.0-2.fc37.noarch
python-unversioned-command-3.11.1-1.fc37.noarch
python3-3.11.1-1.fc37.x86_64
python3-libs-3.11.1-1.fc37.x86_64
spdlog-1.10.0-3.fc37.x86_64
wasmedge-0.11.2-1.fc37.x86_64
Changes queued for next boot. Run "systemctl reboot" to start a reboot
[root@cosa-devsh ~]#
There is another path to pursue here, which is having wasm delivered as "system extension container", like https://github.com/containers/bootc/issues/7 style.
After last week's meeting @rhatdan and team decided they had some work to do on their end (including trying to remove the python dep) before moving this proposal forward.
@dustymabe
I think you need to use wasmedge-rt
dependency (+ crun-wasm
) and not wasmedge
for example if I try to install crun-wasm
and wasmedge-rt
podman run --rm -it quay.io/fedora/fedora-coreos:next
bash-5.2# rpm-ostree install crun-wasm wasmedge-rt
Enabled rpm-md repositories: fedora updates-modular updates fedora-cisco-openh264 fedora-modular updates-archive
Updating metadata for 'fedora'... done
Updating metadata for 'updates-modular'... done
Updating metadata for 'updates'... done
Updating metadata for 'fedora-cisco-openh264'... done
Updating metadata for 'fedora-modular'... done
Updating metadata for 'updates-archive'... done
Importing rpm-md... done
rpm-md repo 'fedora'; generated: 2023-04-13T20:36:48Z solvables: 59720
rpm-md repo 'updates-modular'; generated: 2023-08-19T01:34:25Z solvables: 1081
rpm-md repo 'updates'; generated: 2023-09-04T01:28:36Z solvables: 20146
rpm-md repo 'fedora-cisco-openh264'; generated: 2023-03-14T10:56:46Z solvables: 4
rpm-md repo 'fedora-modular'; generated: 2023-04-13T20:30:28Z solvables: 1068
rpm-md repo 'updates-archive'; generated: 2023-09-04T01:39:39Z solvables: 34050
Resolving dependencies... done
Will download: 4 packages (723.8?kB)
Downloading from 'fedora'... done
Downloading from 'updates-archive'... done
Downloading from 'updates'... done
Installing 4 packages:
crun-wasm-1.8.6-1.fc38.aarch64 (updates-archive)
fmt-9.1.0-2.fc38.aarch64 (fedora)
spdlog-1.11.0-5.fc38.aarch64 (fedora)
wasmedge-rt-0.13.3-1.fc38.aarch64 (updates)
Installing: fmt-9.1.0-2.fc38.aarch64 (fedora)
Installing: spdlog-1.11.0-5.fc38.aarch64 (fedora)
Installing: wasmedge-rt-0.13.3-1.fc38.aarch64 (updates)
Installing: crun-wasm-1.8.6-1.fc38.aarch64 (updates-archive)
so, no python dependencies as @jlebon pointed out
@dustymabe is it ok now to include crun-wasm
and wasmedge-rt
?
This likely needs to be discussed again in a community meeting. I don't remember if we had a conviencing answer for https://github.com/coreos/fedora-coreos-tracker/issues/1375#issuecomment-1377555942.
hello @travier , has it been discussed as meetings seem to happen every Wednesday ?
it looks like it wasn't https://meetbot.fedoraproject.org/fedora-meeting-1/2023-09-13/fedora_coreos_meeting.2023-09-13-16.30.html
labelling the issue is not enough to get it discussed ?
We didn't get to it during last week meeting as we had other topics to discuss. The best way to get something on the agenda is to attend the meeting :).
You should also strongly consider answering the questions we've had above.
@travier what questions need to be answered. I believe the python requirement has been removed.
My 2c: Sprint to having podman derive its own custom images, from !FCOS even.
I am leaning the same way. The question is time to market. POdman desktop wants to be able to support WASM workloads. Wasmedge was the library that Docker originally supported, which is why we chose it by default. I am informed that Docker Desktop now allows users to select different WASM Libraries.
My 2c: Sprint to having podman derive its own custom images, from !FCOS even.
some additional comments RE: wasmer, wasmedge, wasmtime:
RE: wasmedge, upstream proactively packaged it up for Fedora and continue to maintain it on Fedora and EPEL, that's why things have moved a lot faster.
RE: wasmtime, I had included it in podman-next sometime ago but I haven't updated it in a while. RE: official fedora package for wasmtime, there were some licensing issues preventing it, but if we are ok with some build of wasmtime, I could probably update it on the podman-next copr. /cc @font
RE: wasmer, I never got a package request from anyone so I haven't done anything on it yet, but I could look into that as well if we need it.
To be clear, I'm only signing up for maintaining them on podman-next if we need rpm builds somewhere and are willing to overlook licensing and other packaging issues. I probably won't have the bandwidth for official Fedora maintenance.
@lsm5 note that you may only build things on COPR that do not violate Fedora's license policy: https://docs.pagure.org/copr.copr/user_documentation.html#what-i-can-build-in-copr
@lsm5 note that you may only build things on COPR that do not violate Fedora's license policy: https://docs.pagure.org/copr.copr/user_documentation.html#what-i-can-build-in-copr
sure, if wasmtime still has that problem license, I could skip it altogether. Makes my life easier.
$ rpm -qip crun-wasm-1.9-1.fc38.x86_64.rpm wasmedge-rt-0.13.3-1.fc38.x86_64.rpm
Name : crun-wasm
Version : 1.9
Release : 1.fc38
Architecture: x86_64
Install Date: (not installed)
Group : Unspecified
Size : 18105
License : GPL-2.0-only
Signature : RSA/SHA256, Thu 07 Sep 2023 08:05:58 PM CEST, Key ID 809a8d7ceb10b464
Source RPM : crun-1.9-1.fc38.src.rpm
Build Date : Thu 07 Sep 2023 08:02:26 PM CEST
Build Host : buildvm-x86-32.iad2.fedoraproject.org
Packager : Fedora Project
Vendor : Fedora Project
URL : https://github.com/containers/crun
Bug URL : https://bugz.fedoraproject.org/crun
Summary : crun with wasm support
Description :
crun-wasm is a symlink to the crun binary, with wasm as an additional dependency.
Name : wasmedge-rt
Version : 0.13.3
Release : 1.fc38
Architecture: x86_64
Install Date: (not installed)
Group : Unspecified
Size : 1654978
License : ASL 2.0 and CC0
Signature : RSA/SHA256, Thu 27 Jul 2023 11:28:03 AM CEST, Key ID 809a8d7ceb10b464
Source RPM : wasmedge-0.13.3-1.fc38.src.rpm
Build Date : Thu 27 Jul 2023 11:17:55 AM CEST
Build Host : buildvm-x86-18.iad2.fedoraproject.org
Packager : Fedora Project
Vendor : Fedora Project
URL : https://github.com/WasmEdge/WasmEdge
Bug URL : https://bugz.fedoraproject.org/wasmedge
Summary : WasmEdge Runtime
Description :
This package contains only WasmEdge runtime without LLVM dependency.
$ rpm -qip fmt-9.1.0-2.fc38.x86_64.rpm spdlog-1.11.0-5.fc38.x86_64.rpm
Name : fmt
Version : 9.1.0
Release : 2.fc38
Architecture: x86_64
Install Date: (not installed)
Group : Unspecified
Size : 370770
License : MIT
Signature : RSA/SHA256, Thu 19 Jan 2023 07:57:32 AM CET, Key ID 809a8d7ceb10b464
Source RPM : fmt-9.1.0-2.fc38.src.rpm
Build Date : Thu 19 Jan 2023 04:53:43 AM CET
Build Host : buildvm-x86-22.iad2.fedoraproject.org
Packager : Fedora Project
Vendor : Fedora Project
URL : https://github.com/fmtlib/fmt
Bug URL : https://bugz.fedoraproject.org/fmt
Summary : Small, safe and fast formatting library for C++
Description :
C++ Format is an open-source formatting library for C++. It can be used as a
safe alternative to printf or as a fast alternative to IOStreams.
Name : spdlog
Version : 1.11.0
Release : 5.fc38
Architecture: x86_64
Install Date: (not installed)
Group : Unspecified
Size : 442279
License : MIT
Signature : RSA/SHA256, Wed 15 Mar 2023 01:11:16 PM CET, Key ID 809a8d7ceb10b464
Source RPM : spdlog-1.11.0-5.fc38.src.rpm
Build Date : Wed 15 Mar 2023 01:04:50 PM CET
Build Host : buildvm-x86-25.iad2.fedoraproject.org
Packager : Fedora Project
Vendor : Fedora Project
URL : https://github.com/gabime/spdlog
Bug URL : https://bugz.fedoraproject.org/spdlog
Summary : Super fast C++ logging library
Description :
This is a packaged version of the gabime/spdlog C++ logging
library available at Github.
From today's meeting:
* AGREED: We will include crun-wasm & wasmedge-rt in Fedora CoreOS
with a basic test for functionnality. We will revisit this
discussion once the coreos layering story has matured. (travier,
17:26:15)
This was a weak agreement. @jlebon will detail other options.
Not really other options (I mean, other than working out a layering scenario, even if that's old-style layering in the short-term), but a slight tweak on the proposal above: we could add the packages to next
only for now. This still provides boot images for podman machine but leaves more room for removal in the future once the layering approach is fully ready.
Not really other options (I mean, other than working out a layering scenario, even if that's old-style layering in the short-term), but a slight tweak on the proposal above: we could add the packages to
next
only for now. This still provides boot images for podman machine but leaves more room for removal in the future once the layering approach is fully ready.
no strong opinion, I'm cool with this. I'll defer to @baude @rhatdan @cevich @flouthoc @benoitf PTAL
I'm not an authority on this, but generally get what it's for. Glancing through the comments, I didn't see anyone mention: Is this perhaps TOO NEW for including? As in, there's so much churn in this space that developers will be chomping-at-the-bit for the "next" update? If so, then doing it as (presumably faster-moving) add on may be more helpful. Though again, I'm not an expert on these things.
hello, do you have any ETA when it'll land in next channel ?
I'm tracking https://github.com/coreos/fedora-coreos-config and https://fedoraproject.org/coreos/release-notes/?arch=x86_64&stream=next but I don't see anything around wasm
https://github.com/coreos/fedora-coreos-config/pull/2650 and https://github.com/coreos/fedora-coreos-config/pull/2651 will add the requested packages to the next stream.
thanks @jlebon
The fix for this went into next
stream release 39.20231002.1.1
. Please try out the new release and report issues.
This will stay in the next
stream for the foreseeable future and will not be promoted to testing
and stable
. We'll re-evaluate this decision at a future time.
hello @dustymabe
I figured out that podman is using testing channel and not next for their default machines 🤦 so we don't see the packages in the podman machine
I've checked with a podman machine that is using fedora-coreos-38.20231002.2.2-qemu.aarch64.qcow2
and there is no wasmedge-rt
or crun-wasm
installed (but it's expected as it's in next, not in testing)
podman machine ssh
Connecting to vm. To close connection, use `~.` or `exit`
Fedora CoreOS 38.20231002.2.2
Tracker: https://github.com/coreos/fedora-coreos-tracker
Discuss: https://discussion.fedoraproject.org/tag/coreos
[core@localhost ~]$ crun-wasm
-bash: crun-wasm: command not found
[core@localhost ~]$ sudo rpm-ostree install crun-wasm wasmedge-rt
Removed:
moby-engine-20.10.23-1.fc38.aarch64
Added:
crun-wasm-1.9.2-1.fc38.aarch64
fmt-9.1.0-2.fc38.aarch64
spdlog-1.11.0-5.fc38.aarch64
wasmedge-rt-0.13.3-1.fc38.aarch64
Changes queued for next boot. Run "systemctl reboot" to start a reboot
creating with next it's working but it's not the default option
creating with next it's working but it's not the default option
Hi @benoitf. Yes, this is what https://github.com/coreos/fedora-coreos-tracker/issues/1375#issuecomment-1728282414 was getting at, but likely it wasn't made explicit enough. The underlying question there was: are we OK to have it be in next for now and opt-in until the other options have progressed far enough?
I don't really know here, as it means that all people using podman machines on macOS will probably have the testing
and not next
channel.
So at the end, user experience is not the one expected. I thought that podman machine was using next channel at first.
Proposal here to add to our testing
/stable
streams: https://github.com/coreos/fedora-coreos-config/pull/2690
The fix for this went into testing
stream release 39.20231119.2.0
. Please try out the new release and report issues.
I tried this morning and it went well, it works like a charm
thanks !
$ podman run --platform wasi/wasm quay.io/podman-desktop-demo/wasm-rust-hello-world
Trying to pull quay.io/podman-desktop-demo/wasm-rust-hello-world:latest...
Getting image source signatures
Copying blob sha256:aef58f11cc595816273402cf78b560dc8e2b5f0b2e2db0bb59d696fb1a0ba5a7
Copying config sha256:213ba29e5067ee94700be912fbc44a77ea88a03e1e7e51adcfa7c4f2fbd1d8c8
Writing manifest to image destination
!... Hello Podman wasm World ...!
.--"--.
/ - - \
/ (O) (O) \
~~~| -=(,Y,)=- |
.---. /` \ |~~
~/ o o \~~~~.----. ~~
| =(X)= |~ / (O (O) \
~~~~~~~ ~| =(Y_)=- |
~~~~ ~~~| U |~~
Project: https://github.com/containers/podman
Website: https://podman.io
Documents: https://docs.podman.io
Twitter: @Podman_io
@benoitf - we could still use a test added to our test suite as mentioned in https://github.com/coreos/fedora-coreos-tracker/issues/1375#issuecomment-1728189702
From your comment above it looks like you might have a good example test to add :)
See https://github.com/coreos/fedora-coreos-config/blob/testing-devel/tests/kola/podman/rootless-pasta-networking for an example of adding a test.
Would you be willing to open a PR for it? You can test it locally after adding the test like cosa kola run ext.config.podman.rootless-pasta-networking
.
I can give a try but I'm on macOS so I'm not sure cosa kola
will work ?! I guess I need to use a Linux VM
if so, which one should I use
You can build and test FCOS on FCOS in podman machine :)
The fix for this went into stable
stream release 39.20231119.3.0
.
What, if any, are the additional dependencies on the package? (i.e. does it pull in Python, Perl, etc)
wasmedge (wasm-library)
What is the size of the package and its dependencies?
According to dnf info
crun-wasm: Size : 11
wasmedge: Size : 1.6 M
What problem are you trying to solve with this package? Or what functionality does the package provide?
A lot of people are starting to play with WASM and Containers, we have published a wasm edge blog and people are trying it out on podman-machine on Windows and MAC and failing.
Can the software provided by the package be run from a container? Explain why or why not.
No. The software is needed to run a container.
Can the tool(s) provided by the package be helpful in debugging container runtime issues?
No.
Can the tool(s) provided by the package be helpful in debugging networking issues?
No.
Is it possible to layer the package onto the base OS as a day 2 operation? Explain why or why not.
Yes
In the case of packages providing services and binaries, can the packaging be adjusted to just deliver binaries?
No
Can the tool(s) provided by the package be used to do things we’d rather users not be able to do in FCOS?
Maybe
Does the software provided by the package have a history of CVEs?
No.