feat: create a bootc module

[p5]

Proposed Commit Message

feat(bootc): create a bootc module

Provides users of bootc systems (such as RHEL Image Mode) with a way
to switch onto their desired target image during the initialisation 
process.

Additional Context

I'll be discussing this with the folks over at RedHat to see if this is something they would be interested in.

Here's how a user would use it:

#cloud-config

bootc:
  image: quay.io/myorg/my-image:latest

Test Steps

Merge type

• Squash merge using "Proposed Commit Message"
• Rebase and merge unique commits. Requires commit messages per-commit each referencing the pull request number (#<PR_NUM>)

[cgwalters]

This is different than what I thought it'd be. I thought it'd be streamlining the https://containers.github.io/bootc/bootc-install.html#using-bootc-install-to-existing-root flow from a existing package-based cloud image. That's the case that's more involved/tricky and may need some OS-level integration glue.

There isn't today a pre-built cloud image shipped by Fedora derivatives that uses both cloud-init and bootc to my knowledge; FCOS uses Ignition. Is there another distribution or cloud image you're targeting with this? Presumably you have custom ones?

We've been discussing including such a bootstrap glue script in Fedora-derivative cloud images. I think it could make sense for cloud-init to call it instead.

---

Different topic: Even for this use case of going from an ostree/bootc system to another image I think it can in some cases make sense to support doing a "factory reset" too.

In this design currently we'd inherit SSH keys or other configuration injected by the first cloud-init run. Sometimes that's desirable, other times I think it's not and we want to only use that first cloud-init run as a "bootstrap" and ensure no state leaks.

---

Thanks so much for starting this by the way!!

[p5]

@cgwalters Thanks for taking a look at this!

I thought it'd be streamlining the containers.github.io/bootc/bootc-install.html#using-bootc-install-to-existing-root flow from a existing package-based cloud image. That's the case that's more involved/tricky and may need some OS-level integration glue.

I'm happy to change this to however you feel would be best suited. Using a single image for image-mode and non-image-mode systems would be simpler to the end user, but sounds far more tricky to implement within this repo.

But if the existing Fedora Cloud image contains some scripts which would effectively abstract the complexities of switching to a bootc system outside of cloud-init, this can easily be updated to simply invoke that script with the required parameters.

There isn't today a pre-built cloud image shipped by Fedora derivatives that uses both cloud-init and bootc to my knowledge; FCOS uses Ignition. Is there another distribution or cloud image you're targeting with this? Presumably you have custom ones?

My suggestion was for either RedHat to create a single simple bootc Fedora Cloud variant, or for organizations to provide this themselves.

Orgs creating their own custom base image would allow them to bake in any of their specific registry authentication requirements, whereas if RH were to provide this, we'd need some mechanism for authenticating against the registries inside this cloud-init configuration.

---

I'm very happy to shape this into however you vision it looking like, though I may struggle with some of the more complex requirements (but willing to learn :)).

I'm now in favour of shipping the functionality of switching to the desired image directly in the cloud images, since it provides an abstraction away from cloud-init, and I expect allows for much faster iteration. We could even provide both here - "If bootc is available, use it to switch. Otherwise use the baked-in scripts".

[github-actions]

Hello! Thank you for this proposed change to cloud-init. This pull request is now marked as stale as it has not seen any activity in 14 days. If no activity occurs within the next 7 days, this pull request will automatically close.

If you are waiting for code review and you are seeing this message, apologies! Please reply, tagging TheRealFalcon, and he will ensure that someone takes a look soon.

(If the pull request is closed and you would like to continue working on it, please do tag TheRealFalcon to reopen it.)

[p5]

I will continue working on this, though am currently in the middle of a house move.

Will be looking at switching over to a dnf install podman followed by a bootc install-to-disk workflow following Colin's messages.

[github-actions]

Hello! Thank you for this proposed change to cloud-init. This pull request is now marked as stale as it has not seen any activity in 14 days. If no activity occurs within the next 7 days, this pull request will automatically close.

If you are waiting for code review and you are seeing this message, apologies! Please reply, tagging TheRealFalcon, and he will ensure that someone takes a look soon.

(If the pull request is closed and you would like to continue working on it, please do tag TheRealFalcon to reopen it.)

[cgwalters]

I filed containers/bootc#1054 which relates to this, and ideally this module just becomes further sugar for that command.

[p5]

It's completely untested currently, but I've started switching over to the bootc install to-existing-root.
It should be close as the current implementation, but I need to figure out how to bake the changes from this PR into a Fedora Everything ISO to test.

Note: there's some hacks in the latest commit, such as the --tls-verify=false, which will be resolved when I've been able to confirm everything works.