Afer builder changes, ARM images are now correctly published with their
platform, and when skopeo is used to inspect/pull the image on x86 without any
other flags, it fails with:
Error parsing manifest for image: Error choosing image instance: no image found in image index for architecture amd64, variant "", OS linux
Pass the correct arch in skopeo operations to fix that.
The retry when fetching containers from the registry didn't work because the
script was executed with `set -e`. Capture the error code also for non-zero
exit status.
Also use while loop instead of recursion and back off exponentially - start
with 5s and multiply by 3 (i.e. 5s, 15s, 45s - waiting in total up to 1 minute
for the registry to recover).
Since home-assistant/version#305 the AppArmor profiles were split to
per-channel files. This was never reflected in hassio package build though.
Currently this doesn't cause any trouble and the profile is replaced later by
the Supervisor but make sure we're always using the correct one from the
beginning.
Extract some of the parts of the "image import" to the script creating the data
partition to separate concerns. The Docker data directory is now passed as a
daemon option, instead of only mounting the data partition's folder to the
default directory, to be closer to the deployment setup. Also trap the exit and
error signals to remove the build container and unmount the data partition, as
failed or cancelled build have been leaking the containers/mounts when building
interactively (attached to the build container shell).
Importing docker-archive format leads to some layers missing in the content
storage which results in some image metadata missing. This appears to be the
same regression as moby/moby#49473. Importing OCI archives when bootstrapping
the data partition seems to work this bug around.
Fixes#4385
Prefer the containerd snapshotter by using it by default for new installs and
when no Docker data is present (e.g. after datadisk wipe). The snapshotter is
enabled by a dockerd flag which is set when a flag file is present in the data
partition. This flag file can be used also to opt-in for this snapshotter on
legacy installs (high level API through OS Agent and Supervisor TBD), to
migrate to the containerd snapshotter this file can be simply created manually.
Testing shown no major problems when migrating, the old overlay2 folder can be
(and should be - to avoid situations where the data disk might run out of
space) deleted before the docker.service is started in the docker-prepare
script.
Note that there's no offline migration path, OS needs to be connected to the
internet to re-download the images when migrating. This could be theoretically
possible through docker image save/load functions but guarding for enough of
space and other edge cases would be probably too complex to justify it.
Refs #4252
Refs #4253 - easier opt-in method is still needed
Closes#4254 - migration is handled seamlessly by Docker
Use the version used in the docker-engine package to ensure it stays in sync.
Although we haven't seen any issues related to the fact it was sometimes
mismatching, reduce the burden of needing it to be synced manually.
Update Docker to latest version and containerd to latest version from the 1.7
line. Runc updated to v1.2.5 with rebased patchset from the outstanding PR.
* buildroot 257ddc70ce...b4df362187 (4):
> package/runc: bump version to v1.2.5
> package/docker-cli: bump version to v28.0.1
> package/docker-engine: bump version to v28.0.1
> package/containerd: bump version to v1.7.25
* Add Makefile variable for Supervisor channel
Allow to set the release channel pre-installed Home Assistant components
like Supervisor and add-on are fetched from. This channel is then also
used at runtime.
* Use choice instead of string variable
* Fix channel in Supervisor updater.json config
* Add newlines
* Update Docker to v27.2.0
Update Docker and containerd to latest supported version.
* buildroot a2c10a16a0...c68e03d96b (3):
> package/containerd: bump version to v1.7.21
> package/docker-cli: bump version to v27.2.0
> package/docker-engine: bump version to v27.2.0
* package/hassio: update DinD container to v27.2
We still face occasional build errors when fetching from the Docker registry
fails and is not retried with the Skopeo's built-in retry mechanism that was
enabled in #1866. This happens on some network failures, or when premature EOF
is returned when fetching the HTTP data. Seems we're not the only ones having
such issues [1].
To workaround this, add a generic retry shell function that simply retries when
the command ends with a non-zero status, no matter what was the actual cause of
the error.
[1] https://www.github.com/containers/common/issues/654
* Bump buildroot to 2024.02.3
* buildroot 691077e577...770f939463 (1):
> Merge tag '2024.02.3' into 2024.02.x-haos
* package/hassio: update dind to version 26.0 used in current buildroot
Separate fetching the current release and loading the container image
into separate build steps. This allows to manually later the version
json file for testing.
* Update config for Buildroot 2023.02
* Use Buildroot's version of the rtl8821cu package
Buildroot provides a newer driver for the RTL8821CU based chipsets
provided by https://github.com/morrownr/8821cu-20210118.
* Pass argument when verifying partition table
This also avoids running into a segmentation fault in the current
version of sgdisk.
* Remove obsolte GRUB2/NetworkManager patches
* Bump buildroot
* buildroot 90aa1a6daa...4832525e6c (4596):
> package/runc: add support for CGroup device permission updates
> package/network-manager: fix build with -Dmodem_manager=false
> package/dbus-broker: bump to release 33
> package/iptables: Allow to use iptables with nf_tables backend
> package/brcmfmac_sdio-firmware-rpi: bump to latest version
> package/linux-firmware: Deploy fewer Intel WiFi 22000 series variants
> package/linux-firmware: Add more Intel WiFi 22000 series variants
> package/linux-firmware: Add Broadcom BNX2 firmware
> package/rpi-firmware: bump version to 1.20230106
> Update for 2023.02-rc2
* Use Ubuntu 22.04 for CI checks
* Bump xe-guest-utilities to 7.33.0
* Remove unnecessary shellcheck ignore for xe-guest-utilities
* Address new buildroot check-packages issues
* Load container images descending by size
Loading container images using docker load seems to require more space
at load time (which gets freed after loading). Loading the largest
container first avoids running out of space.
It seems that the GitHub container registry sometimes returns 503
service unavailable temporarily ("Error fetching tags list: invalid status
code from registry 503"). Use skopeo's retry mechanism to try up to 5
times before failing.
* Avoid race condition when fetching containers during build
So far only a single builder was active for each architecture. This
toghether with the naming scheme to include architecture/machine name
made sure that an image could only be fetched or used by a single
builder.
However, since most systems are now aarch64, multiple runners are now
active for a single architecture. This makes it necessary to lock
fetching/coping of container images to avoid race conditions.
Sometimes the first command after starting the Docker daemon container
fails, presumably because the container did not start yet. Wait until
the Docker daemon is ready.
* Use skopeo to download container images
Separate container download from image build. This will allow to share
the downloaded images between multiple builds.
We won't store the Supervisor container with the version tag, just with
the latest tag. This allows to simplify the procedure a bit. It seems
there is no downside to this approach.
* Use official Docker in Docker images to build data partition
Instead of building our own Debian based image let's use the official
Docker in Docker image. This avoids building an image for the hassio
data partition and speeds up build as well.
This calls mount commands using sudo to mount the data partition as part
of the buildroot build now. This is not much different from before as
mount has been called as root inside the container, essentially equates
to the same "isolation" level.
* Use image digest as part of the file name
The landing page has no version information in the tag. To avoid
potentially source caching issues, use the digest as part of the file
name.
The landingpage container is a minimal webserver with built-in zeroconf
annoucement. Preinstall the machine specific landingpage container to
make sure it will show up right after startup.
