Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-52237

[RHEL EPIC] Composefs is supported for image mode - Tech Preview - RHEL 9.5

    • Composefs is supported for image mode - Tech Preview - RHEL 9.5
    • Hide

      The following needs to be verified in order for this epic to be considered complete:

      • Verify X
      • Verify Y
      • Verify Z
      Show
      The following needs to be verified in order for this epic to be considered complete: Verify X Verify Y Verify Z
    • rhel-sst-container-tools
    • 24
    • False
    • Hide

      None

      Show
      None
    • Yes
    • QE ack, Dev ack, Docs ack
    • Technology Preview
    • Hide
      .`composefs` filesystem is available as a Technology Preview

      `composefs` is the default backend for container storage.
      The key technologies `composefs` uses are:

      * OverlayFS as the kernel interface
      * Enhanced Read-Only File System (EROFS) for a mountable metadata tree
      * The `fs-verity` feature (optional) from the lower filesystem

      Key advantages of `composefs`:

      * Separation between metadata and data. `composefs` does not store any persistent data. The underlying metadata and data files are stored in a valid lower Linux filesystem such as `ext4`, `xfs`, `btrfs`, and so on.
      * Mounting multiple `composefs` with a shared storage.
      * Data files are shared in the page cache to enable multiple container images to share their memory.
      * Support `fs-verity` validation of the content files.
      Show
      .`composefs` filesystem is available as a Technology Preview `composefs` is the default backend for container storage. The key technologies `composefs` uses are: * OverlayFS as the kernel interface * Enhanced Read-Only File System (EROFS) for a mountable metadata tree * The `fs-verity` feature (optional) from the lower filesystem Key advantages of `composefs`: * Separation between metadata and data. `composefs` does not store any persistent data. The underlying metadata and data files are stored in a valid lower Linux filesystem such as `ext4`, `xfs`, `btrfs`, and so on. * Mounting multiple `composefs` with a shared storage. * Data files are shared in the page cache to enable multiple container images to share their memory. * Support `fs-verity` validation of the content files.
    • Done

      Description

      SME: gscrivan@redhat.com 

      Image mode for RHEL leverages composefs as a foundational technology.  The composefs will be Tech Preview for this release, and will be used by bootc/imagemode

      Goals

      • Majority of users will not need to interact directly with this technology directly.
      • Optimize page cache sharing across containers.
      • Improve the "tamper proof" story of RHEL and gain dm-verity-like capabilities via fsverity
      • Offer a higher degree of immutability for use cases that require it, e.g. RHIVOS
      • Optimize disk usage (container & OS storage).
      • Set a foundation that can be used to sealing & signing the OS and connect w/ secure boot.

       

      Requirements

       

      requirement Notes isMvp?
      Composefs can be enabled for container storage as Tech Preview Aiming for F41 & 9.5 YES (9.5)
      EROFS is fully supported for this use case (RHELBU-2774) We do not require the deprecation of things like squashfs YES
      Fsverity support for XFS Dependent on upstream maturity No (desired for RHEL 10)

       

      (Optional) Use Cases

      < How will the user interact with this feature? >

      We expect composefs to be largely an architectural component that will be transparent to most users. More advanced use cases and users will likely need documentation and knowledge to opt-in to more advanced capabilities.

       

      Out of Scope

      Secure boot and adding end user keys to firmware.

      Background, and strategic fit

      Composefs originates from the RHIVOS side of the house and solves a number of problems that mirrors the goals above in this feature. For more info on the project see this presentation. 

      Assumptions

      Basic use of Composefs will be implied with our base image, and once ready, podman may also default to using the composefs backend in the rhel-bootc image. We should assume that regardless of the default, podman's backing store will remain configurable for users. 

       

      Customer Considerations

      Composefs, and how the features are implemented in rhel-bootc, is not a one & done release. Customers should expect more capabilities to come online and be supported as we progress. 

       

      Documentation Considerations

      If the initial implementation ends up being transparent to the end users, then this will likely just be a release note. 

      vsferity will require some documentation.

       

              tsweeney@redhat.com Tom Sweeney
              tsweeney@redhat.com Tom Sweeney
              Container Runtime Eng Bot Container Runtime Eng Bot
              Container Runtime Bugs Bot Container Runtime Bugs Bot
              Gabriela Necasova Gabriela Necasova
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: