*: package rkt for CentOS

[jonboulle]

Ticket to track the progress of rkt being packaged for CentOS.

This will not be performed by the rkt team, but this issue should track any work that needs to happen to unblock packaging.

TODO:

• [ ] address rkt not running on CentOS 6.x #1063
• [x] address rkt not building on CentOS 6.6 #1443

[jonboulle]

From https://github.com/coreos/rkt/issues/686#issuecomment-121026924:

This will eventually land in the virt7-rkt-common-candidate repo. Currently dealing with updating systemd to v220+ :\ . I'll also add docs to CentOS wiki once done.

[lsm5]

List of deps built yet for CentOS 7 can be found here: https://cbs.centos.org/koji/packages?tagID=195

[lsm5]

Still a major WIP, use at your own risk :)

[artem-sidorenko]

I created a project on OBS in first line for myself and my chef-rkt cookbook.

I plan to maintain this packages as long as rkt isn't available via distributions. There are plans to add some additional tools like actool to this repository.

If you want to use it, feel free to do it

[langston-barrett]

@lsm5 Any updates? We'd love to use rkt in https://mantl.io, but we can't until it's packaged for Centos 7.2.

[lsm5]

still WIP, biggest blocker is ensuring a painless rpm upgrade from systemd-219 to systemd-220, which so far hasn't worked on my test machines :| . Haven't been spending a lot of time on this lately, but looks like I gotta resume

[jonboulle]

@lsm5 is that a rkt-related issue or just a general RPM/systemd upgrade problem?

On 1 August 2016 at 21:47, Lokesh Mandvekar notifications@github.com wrote:

still WIP, biggest blocker is ensuring a painless rpm upgrade from systemd-219 to systemd-220, which so far hasn't worked on my test machines :| . Haven't been spending a lot of time on this lately, but looks like I gotta resume

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/coreos/rkt/issues/1305#issuecomment-236686567, or mute the thread https://github.com/notifications/unsubscribe-auth/ACewN9--uVjDtHao16u57o84XSSfrBxkks5qbk1sgaJpZM4Fukr3 .

[lsm5]

just a systemd upgrade problem, not a rkt problem

[l1x]

Hi guys, we would like to try rkt as an alternative to Docker but without official RPM support it is not going to happen. Is there any chance that you provide RPMs to CentOS/RedHat users any soon (in 2016)?

Thank you in advance.

[jonboulle]

@l1x would this be predicated on an RPM being in the official Fedora/CentOS repositories or do you just need RPMs that function well on such systems?

[l1x]

It does not matter that much, I just need an RPM that can be installed on CentOS 7.x / RedHat 7.x.

[lsm5]

@l1x It's just me at this point working on CentOS packaging but I'll see what I can do. Can't make any promises as to availability at the moment, but I'll update this space whenever I have something.

Could we interest you in Fedora though? Fedora rawhide already has rkt packaged.

[l1x]

@lsm5 thanks for the update. In this case would you provide what you already got? I have experience in building RPMs and I definitely need this done in the next month. Using Fedora is not an option, we need CentOS/RedHat because most of our clusters are on that. This involves support contracts, security auditing, etc.

[lsm5]

@l1x TRY THIS ONLY ON A CATTLE MACHINE, as I'm pretty certain it'll get b0rked.

add this repo to your yum repos list:

[virt7-rkt-common-candidate]
name=virt7-rkt-common-candidate
baseurl=http://cbs.centos.org/repos/virt7-rkt-common-candidate/x86_64/os/
enabled=1
gpgcheck=0

and then try yum update systemd. This will atleast update to systemd-222, but quite uncertain if your system will reboot fine.

Note: this repo also has a newer Fedora 23 kernel rebuilt for CentOS 7, so you might wanna be careful to not update the whole system if you want to avoid it.

Let me know how that goes.

I don't have rkt built on this repo yet, but that's a really minor task once we have systemd sorted out.

[l1x]

I have added this, could I install rkt? I can't find the package.

[lsm5]

@l1x yup, rkt isn't a part of it yet. We need to make certain the systemd upgrade goes fine and the system reboots fine after the upgrade. Have you tried that yet?

[lsm5]

@l1x So, if I have all my partitions (except swap, of course) under / and I yum update systemd, the machine mostly reboots fine, is ssh-able, except that the swap partition can't be brought up:

-- The start-up result is done.
Sep 14 14:20:13 minato systemd[1]: dev-disk-by\x2duuid-c2211bf2\x2dd5ed\x2d42c7\x2dadfd\x2da68cd4bb0006.device: Job dev-disk-by\x2duuid-c2211bf2\x2dd5ed\x2d42c7\
Sep 14 14:20:13 minato systemd[1]: Timed out waiting for device dev-disk-by\x2duuid-c2211bf2\x2dd5ed\x2d42c7\x2dadfd\x2da68cd4bb0006.device.
-- Subject: Unit dev-disk-by\x2duuid-c2211bf2\x2dd5ed\x2d42c7\x2dadfd\x2da68cd4bb0006.device has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit dev-disk-by\x2duuid-c2211bf2\x2dd5ed\x2d42c7\x2dadfd\x2da68cd4bb0006.device has failed.
-- 
-- The result is timeout.
Sep 14 14:20:13 minato systemd[1]: Dependency failed for /dev/disk/by-uuid/c2211bf2-d5ed-42c7-adfd-a68cd4bb0006.
-- Subject: Unit dev-disk-by\x2duuid-c2211bf2\x2dd5ed\x2d42c7\x2dadfd\x2da68cd4bb0006.swap has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit dev-disk-by\x2duuid-c2211bf2\x2dd5ed\x2d42c7\x2dadfd\x2da68cd4bb0006.swap has failed.

But when I had a separate partition for /home not under /, it failed to bring that up as well. So, I suspect something changed in systemd between 219 and 222 that only boots / and anything under /. Apparently this used to happen in the past when CONFIG_FHANDLE wasn't enabled in the kernel, but my kernel config has CONFIG_FHANDLE=y

Also, another minor change was to rename /var/log/journal to something else before rebooting, else it failed to set acl attributes to it IIRC. That's something which apparently changed sometime in systemd 219.

[lsm5]

Oh btw, the systemd error when /home was separate was systemd local-fs.target failed with result 'dependency'

[lsm5]

You can find rkt in this repo now, the build is available at: https://cbs.centos.org/koji/taskinfo?taskID=109148

[lsm5]

but beware, the systemd issue still exists on discrete partitions

[lucab]

Capturing from another discussion, it is possible to build the stage0 only via:

./configure --with-stage1-default-name=coreos.com/rkt/stage1-coreos --with-stage1-default-version=1.16.0

and let the user retrieve an existing stage1:

sudo rkt trust --trust-keys-from-https=true --prefix coreos.com/rkt https://coreos.com/dist/pubkeys/app-signing-pubkey.gpg
sudo rkt fetch coreos.com/rkt/stage1-coreos:1.16.0
sudo rkt run quay.io/coreos/alpine-sh --exec echo -- hello world

We don't suggest this for general packaging, but it could be a good solution in a complex backporting scenario.

[benjumanji]

Can I ask a bone-headed question? If the rpm on the release page works, which doesn't touch the host systemd, why does "packaging for centos" require this potentially world-ending systemd upgrade? I ask because I desperately would like to use rkt, and our clients are all on rhel7. Are we doing something nuts when we just used the released rpm? The current docs are a bit confusing and the "not production ready" wording has put the fear of God my management.

[benjumanji]

Reading #3263 I think I understand. This is about using centos 7 to build rkt, which is needed so that it can be part of the "real" centos packaging pipeline, but if you just need a rkt install the released rpm is fine. I think that will work for me.

[lucab]

@benjumanji right, proper distribution builds are self-contained, so they need to have a newer packaged systemd in order to use it for building rkt stage1. But this is a mostly build-dependency problem, not a runtime one.

[lsm5]

So, thanks to @facebookincubator/rpm-backports and @jsynacek, I have systemd-231 on CentOS CBS along with rkt. The systemd and other packages are mostly just a rebuild of @jsynacek's work. I'm aware I need to make a few packaging changes to rkt, I'll get to it asap now that we have systemd upgrade out of the way (hopefully).

---

1. the systemd upgrade went fine on a local machine with selinux in enforcing mode, though @jsynacek suggests setting it to permissive in /etc/selinux/config before updating.

2. the upgrade didn't go well on openstack VMs for me. So, YMMV.

   ---

Get this repo:

[virt7-rkt-common-candidate]
name=virt7-rkt-common-candidate
baseurl=http://cbs.centos.org/repos/virt7-rkt-common-candidate/x86_64/os/
enabled=1
gpgcheck=0

and then yum install rkt.

HTH.

[lsm5]

one other thing, it'd be preferable to first update your system to CentOS 7.3.1611 and then do the systemd upgrade, as a direct upgrade from .1503 didn't work for me.

[gtirloni]

Is this package much different than the one provided by the Kubernetes repository here? Also looking for the best way to deploy rkt on CentOS 7.3 (for Kubernetes).

[karai17]

If I spin up a brand new CentOS 7 server on some VPS service and fully update it via yum upgrade and then yum install rkt, will it actually install and run correctly?

[pinkeen]

I've used the facebook rpm backports packages to update systemd on my CentOS 7 VPS. The system failed too boot while switching root from initrd (initrd-switch-root.service failed). As I can see it first mounts rootfs under /sysfs then switches root there. I can see that /sysfs actually mounted fine, I cannot find any real problem here. Did anybody find the cause of this mount issue or can point me in the right direction?

BTW The emergency maitenance console works fine.

The exact error is "Current command vanished from the unit file" so my guess is that after root switch systemd cannot find the currently executed unit file and panics, so maybe it's searching in the wrong file?