From d140ef6c2c4fd9893ad7f3ce35173037813264e8 Mon Sep 17 00:00:00 2001 From: dkwon17 Date: Thu, 2 Jan 2025 16:27:26 +0000 Subject: [PATCH 1/7] feat: update fuse docs for Podman 5.x Signed-off-by: dkwon17 --- .../enabling-fuse-for-all-workspaces.adoc | 81 ++++++++++++------- 1 file changed, 50 insertions(+), 31 deletions(-) diff --git a/modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc b/modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc index 4f8379ae23..dc763ad7e0 100644 --- a/modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc +++ b/modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc @@ -7,6 +7,11 @@ [id="enabling-fuse-overlayfs-for-all-workspaces"] = Enabling fuse-overlayfs for all workspaces +For Podman 5.x, the `/home/user/.config` must be owned by the current user for Podman to function correctly. +The `storage.conf` file for Podman is typically stored in this folder. +This document explains how to configure the container entrypoint script for the workspace so that fuse-overlayfs is being used. +The Universal Developer Image (UDI) already contains the necessary configuration by default. + .Prerequisites * The xref:administration-guide:enabling-access-to-dev-fuse-for-openshift.adoc[] section has been completed. This is not required for OpenShift versions 4.15 and later. @@ -15,34 +20,6 @@ .Procedure -. Create a ConfigMap that mounts the `storage.conf` file for all user workspaces. -+ -==== -[source,yaml,subs="+quotes,+attributes"] ----- -kind: ConfigMap -apiVersion: v1 -metadata: - name: fuse-overlay - namespace: {prod-namespace} - labels: - app.kubernetes.io/part-of: che.eclipse.org - app.kubernetes.io/component: workspaces-config - annotations: - controller.devfile.io/mount-as: subpath - controller.devfile.io/mount-path: /home/user/.config/containers/ -data: - storage.conf: | - [storage] - driver = "overlay" - - [storage.options.overlay] - mount_program="/usr/bin/fuse-overlayfs" ----- -==== -+ -WARNING: Creating this ConfigMap will cause all running workspaces to restart. - . Set the necessary annotation in the `spec.devEnvironments.workspacesPodAnnotations` field of the CheCluster custom resource. + ==== @@ -62,9 +39,51 @@ spec: For OpenShift versions before 4.15, the `io.openshift.podman-fuse: ""` annotation is also required. ==== +. If you are using a custom image for the workspace container, create the `/home/user/.config` folder and configure the `storage.conf` file on runtime via the entrypoint. +To do this, create add the following to the workspace container image's entrypoint script before building the image. ++ +==== +[source,bash,subs="+quotes,+macros"] +---- +# Configure container builds to use vfs or fuse-overlayfs +if [ ! -d "${HOME}/.config/containers" ]; then + mkdir -p ${HOME}/.config/containers + if [ -c "/dev/fuse" ] && [ -f "/usr/bin/fuse-overlayfs" ]; then + (echo '[storage]';echo 'driver = "overlay"';echo '[storage.options.overlay]';echo 'mount_program = "/usr/bin/fuse-overlayfs"') > ${HOME}/.config/containers/storage.conf + else + (echo '[storage]';echo 'driver = "vfs"') > "${HOME}"/.config/containers/storage.conf + fi +fi +---- +==== ++ +This ensures that if the `/home/user/.config` doesn't already exist, the folder is created and owned by `user`. +The `/home/user/.config` may already exist for example, if it was stored in a persistent volume. ++ +[NOTE] +==== +This is configured in the UDI by default. Therefore this step is only required if you are using a custom image for the workspace container. +==== + .Verification steps -. Start a workspace and verify that the storage driver is `overlay`. +. Start a workspace and verify that the owner for `/home/user/.config` is `user`. ++ +[subs="+attributes,+quotes"] +---- +$ ls -la /home/user +---- + ++ +Example output: ++ +[subs="+attributes,+quotes"] +---- +... +drwxrwsr-x. 3 user 1000660000 24 Dec 24 15:40 .config +---- + +. Verify that the storage driver is `overlay`. + [subs="+attributes,+quotes"] ---- @@ -79,8 +98,8 @@ Example output: graphDriverName: overlay overlay.mount_program: Executable: /usr/bin/fuse-overlayfs - Package: fuse-overlayfs-1.12-1.module+el8.9.0+20326+387084d0.x86_64 - fuse-overlayfs: version 1.12 + Package: fuse-overlayfs-1.14-1.el9.x86_64 + fuse-overlayfs: version 1.13-dev Backing Filesystem: overlayfs ---- + From 081bc8bfae3f64f1986a8a1b961098ff199f0d60 Mon Sep 17 00:00:00 2001 From: dkwon17 Date: Mon, 6 Jan 2025 15:56:20 +0000 Subject: [PATCH 2/7] Address PR feedback Signed-off-by: dkwon17 --- .../pages/enabling-fuse-for-all-workspaces.adoc | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc b/modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc index dc763ad7e0..ff14b7058b 100644 --- a/modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc +++ b/modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc @@ -9,12 +9,12 @@ For Podman 5.x, the `/home/user/.config` must be owned by the current user for Podman to function correctly. The `storage.conf` file for Podman is typically stored in this folder. -This document explains how to configure the container entrypoint script for the workspace so that fuse-overlayfs is being used. +This document explains how to configure the workspace's container entrypoint script for the workspace so that fuse-overlayfs is being used for all workspaces using that container. The Universal Developer Image (UDI) already contains the necessary configuration by default. .Prerequisites -* The xref:administration-guide:enabling-access-to-dev-fuse-for-openshift.adoc[] section has been completed. This is not required for OpenShift versions 4.15 and later. +* For OpenShift versions 4.14 and lower, the xref:administration-guide:enabling-access-to-dev-fuse-for-openshift.adoc[] section has been completed. * An active `{orch-cli}` session with administrative permissions to the destination OpenShift cluster. See {orch-cli-link}. @@ -36,14 +36,14 @@ spec: + [NOTE] ==== -For OpenShift versions before 4.15, the `io.openshift.podman-fuse: ""` annotation is also required. +For OpenShift versions 4.14 and lower, the `io.openshift.podman-fuse: ""` annotation is also required. ==== -. If you are using a custom image for the workspace container, create the `/home/user/.config` folder and configure the `storage.conf` file on runtime via the entrypoint. -To do this, create add the following to the workspace container image's entrypoint script before building the image. +. Optional: If you are using a custom image for the workspace container, create the `/home/user/.config` folder and configure the `storage.conf` file on runtime via the entrypoint. +To do this, add the following to the workspace container image's entrypoint script before building the image. + ==== -[source,bash,subs="+quotes,+macros"] +[source,subs="+quotes,+macros"] ---- # Configure container builds to use vfs or fuse-overlayfs if [ ! -d "${HOME}/.config/containers" ]; then From c20131ece9350b49298d58f96d5eb43b4d957e5c Mon Sep 17 00:00:00 2001 From: David Kwon Date: Fri, 17 Jan 2025 14:15:24 -0500 Subject: [PATCH 3/7] Update modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc Co-authored-by: Jana Vrbkova --- .../pages/enabling-fuse-for-all-workspaces.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc b/modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc index ff14b7058b..de30f4c54e 100644 --- a/modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc +++ b/modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc @@ -39,7 +39,7 @@ spec: For OpenShift versions 4.14 and lower, the `io.openshift.podman-fuse: ""` annotation is also required. ==== -. Optional: If you are using a custom image for the workspace container, create the `/home/user/.config` folder and configure the `storage.conf` file on runtime via the entrypoint. +. [OPTIONAL] If you are using a custom image for the workspace container, create the `/home/user/.config` folder and configure the `storage.conf` file on runtime via the entrypoint. To do this, add the following to the workspace container image's entrypoint script before building the image. + ==== From 633fbd04508968c72d74db0021d9667027a37289 Mon Sep 17 00:00:00 2001 From: David Kwon Date: Fri, 17 Jan 2025 14:15:35 -0500 Subject: [PATCH 4/7] Update modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc Co-authored-by: Jana Vrbkova --- .../pages/enabling-fuse-for-all-workspaces.adoc | 4 ---- 1 file changed, 4 deletions(-) diff --git a/modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc b/modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc index de30f4c54e..b31c7d2a43 100644 --- a/modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc +++ b/modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc @@ -60,10 +60,6 @@ fi This ensures that if the `/home/user/.config` doesn't already exist, the folder is created and owned by `user`. The `/home/user/.config` may already exist for example, if it was stored in a persistent volume. + -[NOTE] -==== -This is configured in the UDI by default. Therefore this step is only required if you are using a custom image for the workspace container. -==== .Verification steps From f764e48e3d8bb2b9f83bec4161ac5677a72698e5 Mon Sep 17 00:00:00 2001 From: David Kwon Date: Fri, 17 Jan 2025 14:20:24 -0500 Subject: [PATCH 5/7] Update modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc Co-authored-by: Jana Vrbkova --- .../pages/enabling-fuse-for-all-workspaces.adoc | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc b/modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc index b31c7d2a43..3bfd86553a 100644 --- a/modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc +++ b/modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc @@ -7,10 +7,9 @@ [id="enabling-fuse-overlayfs-for-all-workspaces"] = Enabling fuse-overlayfs for all workspaces -For Podman 5.x, the `/home/user/.config` must be owned by the current user for Podman to function correctly. -The `storage.conf` file for Podman is typically stored in this folder. -This document explains how to configure the workspace's container entrypoint script for the workspace so that fuse-overlayfs is being used for all workspaces using that container. -The Universal Developer Image (UDI) already contains the necessary configuration by default. +Learn about configuring the workspace's container entrypoint script so that fuse-overlayfs is used for all workspaces using that container. + +The Universal Developer Image (UDI) already contains the necessary configuration by default. However, you must configure the script manually if you use custom images. .Prerequisites From 5795e7c957cf887fa2d12048ed9fcace6ace36f8 Mon Sep 17 00:00:00 2001 From: dkwon17 Date: Fri, 17 Jan 2025 19:34:29 +0000 Subject: [PATCH 6/7] Mention Podman 5.x requirement Signed-off-by: dkwon17 --- .../pages/enabling-fuse-for-all-workspaces.adoc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc b/modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc index 3bfd86553a..d07909701b 100644 --- a/modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc +++ b/modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc @@ -9,7 +9,8 @@ Learn about configuring the workspace's container entrypoint script so that fuse-overlayfs is used for all workspaces using that container. -The Universal Developer Image (UDI) already contains the necessary configuration by default. However, you must configure the script manually if you use custom images. +The Universal Developer Image (UDI) already contains the necessary configuration by default. +However, you must configure the script manually if you use custom images due to Podman 5.x requiring the `/home/user/.config` folder to be owned by the current user. .Prerequisites @@ -40,6 +41,7 @@ For OpenShift versions 4.14 and lower, the `io.openshift.podman-fuse: ""` annota . [OPTIONAL] If you are using a custom image for the workspace container, create the `/home/user/.config` folder and configure the `storage.conf` file on runtime via the entrypoint. To do this, add the following to the workspace container image's entrypoint script before building the image. +Creating the `/home/user/.config` folder in the entrypoint results in the folder being owned by the current user which is not known at image build time. + ==== [source,subs="+quotes,+macros"] From 18cde9489733a0396128dbab3cb2210b44d47034 Mon Sep 17 00:00:00 2001 From: David Kwon Date: Mon, 27 Jan 2025 13:40:41 -0500 Subject: [PATCH 7/7] Update modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc Co-authored-by: Jana Vrbkova --- .../pages/enabling-fuse-for-all-workspaces.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc b/modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc index d07909701b..4b31bbd8fe 100644 --- a/modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc +++ b/modules/administration-guide/pages/enabling-fuse-for-all-workspaces.adoc @@ -39,7 +39,7 @@ spec: For OpenShift versions 4.14 and lower, the `io.openshift.podman-fuse: ""` annotation is also required. ==== -. [OPTIONAL] If you are using a custom image for the workspace container, create the `/home/user/.config` folder and configure the `storage.conf` file on runtime via the entrypoint. +. Optional: If you are using a custom image for the workspace container, create the `/home/user/.config` folder and configure the `storage.conf` file on runtime via the entrypoint. To do this, add the following to the workspace container image's entrypoint script before building the image. Creating the `/home/user/.config` folder in the entrypoint results in the folder being owned by the current user which is not known at image build time. +