Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: incus_image resource installs wrong architecture image if configuration runs remotely #92

Closed
tregubovav-dev opened this issue Jun 27, 2024 · 4 comments · Fixed by #107
Closed

Bug: incus_image resource installs wrong architecture image if configuration runs remotely #92

tregubovav-dev opened this issue Jun 27, 2024 · 4 comments · Fixed by #107
Assignees
@maveonair
Labels
Bug Confirmed to be a bug Easy Good for new contributors
Milestone
1.0

Comments

@tregubovav-dev
Copy link

Issue

I use incus cluster on top of several Raspberry PI 4 SBCs. I'm trying to build containers deployment using open-tofu with terraform-provider-incus' provider running it on x84_64platform PC. I found thatincus_imageresource installsx86_64architecture image instead ofaarch64ifopen-tofu/terraformruns onx84_64platform. Runningopen-tofu/terraformin theaarch64' platform incus_image resource installs aarch64 platform image.

Steps to reproduce

  1. Install terraform or open-tofu to host(s) which architecture(s) is(are) different from the incus cluster architecture.
  2. add trust between incus cluster and hosts
  3. Deploy configuration from the host(s) and see what image architecture is installed .

Repeat steps 1-3 using host with compatible architecture with incus cluster.

Result: terraform-provider-incus uses local host architecture instead of cluster architecture to download and install image.

terraform {                                                                                                                                                                                                        
  required_providers {                                                                                                                                                                                               
    incus = {                                                                                                                                                                                                          
      source = "lxc/incus"                                                                                                                                                                                             
      version = "0.1.2"                                                                                                                                                                                              
    }
  }                                                                                                                                                                                                              
}                                                                                                                                                                                                                                                                                                                                                                                                                             provider "incus" {                                                                                                                                                                                                 
  remote {                                                                                                                                                                                                           
    name = "<incus cluster node name or ip>"                                                                                                                                                                                  
    scheme = "https"                                                                                                                                                                                                 
    default = true                                                                                                                                                                                                 
  }
}                                                                                                                                                                                                                                                                                                                                                                                                                                 resource "incus_image" "alpine" {                                                                                                                                                                                    
  source_remote = "images"                                                                                                                                                                                         
  source_image = "alpine/edge"                                                                                                                                                                                     
  project = "test"
}
@stgraber stgraber added Bug Confirmed to be a bug Easy Good for new contributors labels Jun 27, 2024
@stgraber stgraber added this to the 1.0 milestone Jun 27, 2024
@maveonair
Copy link
Member

@stgraber If you use incus_image then the function ProtocolIncus.CopyImage is used when creating this resource. Shouldn't the architecture for the image be automatically selected by the Incus host itself during this operation?

As an alternative, I would suggest making the architecture attribute of the incus_image resource an argument like this:

resource "incus_project" "test" {
  name = "test"
}

resource "incus_image" "alpine" {
  source_remote = "images"
  source_image  = "alpine/edge"
  project       = incus_project.test.name
  architecture  = "aarch64"
}

@tregubovav-dev
Copy link
Author

tregubovav-dev commented Jul 6, 2024
edited
Loading

Currently architecture is computed, read-only attribute.

│ Error: Invalid Configuration for Read-Only Attribute
│
│   with lxd_cached_image.alpine,
│   on install_via_image.tf line 19, in resource "lxd_cached_image" "alpine":
│   19:     architecture        = "aarch64"
│
│ Cannot set value for this attribute as the provider has marked it as read-only. Remove the configuration line setting the value.
│
│ Refer to the provider documentation or contact the provider developers for additional information about configurable and read-only attributes that are supported.

@maveonair maveonair self-assigned this Jul 8, 2024
@maveonair
Copy link
Member

maveonair commented Jul 8, 2024
edited
Loading

I think it's more of a problem with how Incus provides the images. Because when I show the remote image details on an ARM machine for ubuntu/24.04, then the remote image server gives me:

$ incus image show images:ubuntu/24.04 
auto_update: false
properties:
 architecture: amd64
 description: Ubuntu noble amd64 (20240708_07:42)
 os: Ubuntu
 release: noble
 requirements.cgroup: v2
 serial: "20240708_07:42"
 type: squashfs
 variant: default
public: true
expires_at: 1970-01-01T00:00:00Z
profiles: []

The problem now is that we first search for the name of the image and this returns the default image "amd64":

$ incus image list images: ubuntu/24.04
+-----------------------------------+--------------+--------+-------------------------------------+--------------+-----------------+------------+-----------------------+
|               ALIAS               | FINGERPRINT  | PUBLIC |             DESCRIPTION             | ARCHITECTURE |      TYPE       |    SIZE    |      UPLOAD DATE      |
+-----------------------------------+--------------+--------+-------------------------------------+--------------+-----------------+------------+-----------------------+
| ubuntu/noble (7 more)             | 32e401d4f9e8 | yes    | Ubuntu noble amd64 (20240708_07:42) | x86_64       | CONTAINER       | 122.83MiB  | 2024/07/08 02:00 CEST |
+-----------------------------------+--------------+--------+-------------------------------------+--------------+-----------------+------------+-----------------------+
| ubuntu/noble (7 more)             | 79a8e3e12118 | yes    | Ubuntu noble amd64 (20240708_07:42) | x86_64       | VIRTUAL-MACHINE | 273.61MiB  | 2024/07/08 02:00 CEST |
+-----------------------------------+--------------+--------+-------------------------------------+--------------+-----------------+------------+-----------------------+
| ubuntu/noble/arm64 (3 more)       | 7c1a84a5fd15 | yes    | Ubuntu noble arm64 (20240708_07:42) | aarch64      | CONTAINER       | 118.25MiB  | 2024/07/08 02:00 CEST |
+-----------------------------------+--------------+--------+-------------------------------------+--------------+-----------------+------------+-----------------------+
| ubuntu/noble/arm64 (3 more)       | dabb29401709 | yes    | Ubuntu noble arm64 (20240708_07:42) | aarch64      | VIRTUAL-MACHINE | 281.04MiB  | 2024/07/08 02:00 CEST |
+-----------------------------------+--------------+--------+-------------------------------------+--------------+-----------------+------------+-----------------------+
| ubuntu/noble/armhf (3 more)       | 841fd54510e0 | yes    | Ubuntu noble armhf (20240708_07:42) | armv7l       | CONTAINER       | 115.74MiB  | 2024/07/08 02:00 CEST |
+-----------------------------------+--------------+--------+-------------------------------------+--------------+-----------------+------------+-----------------------+
| ubuntu/noble/cloud (3 more)       | 07ed7a30f9e3 | yes    | Ubuntu noble amd64 (20240708_07:42) | x86_64       | VIRTUAL-MACHINE | 308.01MiB  | 2024/07/08 02:00 CEST |
+-----------------------------------+--------------+--------+-------------------------------------+--------------+-----------------+------------+-----------------------+
| ubuntu/noble/cloud (3 more)       | 393983c7d83a | yes    | Ubuntu noble amd64 (20240708_07:42) | x86_64       | CONTAINER       | 149.52MiB  | 2024/07/08 02:00 CEST |
+-----------------------------------+--------------+--------+-------------------------------------+--------------+-----------------+------------+-----------------------+
| ubuntu/noble/cloud/arm64 (1 more) | 79dd9bf9a844 | yes    | Ubuntu noble arm64 (20240708_07:42) | aarch64      | VIRTUAL-MACHINE | 314.86MiB  | 2024/07/08 02:00 CEST |
+-----------------------------------+--------------+--------+-------------------------------------+--------------+-----------------+------------+-----------------------+
| ubuntu/noble/cloud/arm64 (1 more) | 1677dba8fcb2 | yes    | Ubuntu noble arm64 (20240708_07:42) | aarch64      | CONTAINER       | 143.94MiB  | 2024/07/08 02:00 CEST |
+-----------------------------------+--------------+--------+-------------------------------------+--------------+-----------------+------------+-----------------------+
| ubuntu/noble/cloud/armhf (1 more) | 280c5932feb3 | yes    | Ubuntu noble armhf (20240708_09:02) | armv7l       | CONTAINER       | 141.43MiB  | 2024/07/08 02:00 CEST |
+-----------------------------------+--------------+--------+-------------------------------------+--------------+-----------------+------------+-----------------------+
| ubuntu/noble/desktop (3 more)     | c2393e444f1a | yes    | Ubuntu noble amd64 (20240708_07:42) | x86_64       | VIRTUAL-MACHINE | 1093.38MiB | 2024/07/08 02:00 CEST |
+-----------------------------------+--------------+--------+-------------------------------------+--------------+-----------------+------------+---

So if you want to use the alpine/edge for aarch64 in our current implementation, you have to set the corresponding alias:

❯ incus image list images: alpine/edge 
+----------------------------+--------------+--------+------------------------------------+--------------+-----------------+-----------+-----------------------+
|           ALIAS            | FINGERPRINT  | PUBLIC |            DESCRIPTION             | ARCHITECTURE |      TYPE       |   SIZE    |      UPLOAD DATE      |
+----------------------------+--------------+--------+------------------------------------+--------------+-----------------+-----------+-----------------------+
| alpine/edge (3 more)       | b8a53b8120a7 | yes    | Alpine edge amd64 (20240708_13:00) | x86_64       | VIRTUAL-MACHINE | 121.63MiB | 2024/07/08 02:00 CEST |
+----------------------------+--------------+--------+------------------------------------+--------------+-----------------+-----------+-----------------------+
| alpine/edge (3 more)       | c8d01b4f7c23 | yes    | Alpine edge amd64 (20240708_13:00) | x86_64       | CONTAINER       | 3.08MiB   | 2024/07/08 02:00 CEST |
+----------------------------+--------------+--------+------------------------------------+--------------+-----------------+-----------+-----------------------+
| alpine/edge/arm64 (1 more) | 2c9a2be5ba67 | yes    | Alpine edge arm64 (20240708_13:00) | aarch64      | CONTAINER       | 3.36MiB   | 2024/07/08 02:00 CEST |
+----------------------------+--------------+--------+------------------------------------+--------------+-----------------+-----------+-----------------------+
| alpine/edge/arm64 (1 more) | c00bf1d2bc00 | yes    | Alpine edge arm64 (20240708_13:00) | aarch64      | VIRTUAL-MACHINE | 115.49MiB | 2024/07/08 02:00 CEST |
+----------------------------+--------------+--------+------------------------------------+--------------+-----------------+-----------+-----------------------+
| alpine/edge/armhf (1 more) | a1f376339386 | yes    | Alpine edge armhf (20240708_13:04) | armv7l       | CONTAINER       | 2.72MiB   | 2024/07/08 02:00 CEST |
+----------------------------+--------------+--------+------------------------------------+--------------+-----------------+-----------+-----------------------+
| alpine/edge/cloud (1 more) | 1b9543377a89 | yes    | Alpine edge amd64 (20240708_13:00) | x86_64       | CONTAINER       | 20.65MiB  | 2024/07/08 02:00 CEST |
+----------------------------+--------------+--------+------------------------------------+--------------+-----------------+-----------+-----------------------+
| alpine/edge/cloud (1 more) | 4591b5e99e40 | yes    | Alpine edge amd64 (20240708_13:00) | x86_64       | VIRTUAL-MACHINE | 145.31MiB | 2024/07/08 02:00 CEST |
+----------------------------+--------------+--------+------------------------------------+--------------+-----------------+-----------+-----------------------+
| alpine/edge/cloud/arm64    | 5f6fd7dcc479 | yes    | Alpine edge arm64 (20240708_13:00) | aarch64      | VIRTUAL-MACHINE | 139.44MiB | 2024/07/08 02:00 CEST |
+----------------------------+--------------+--------+------------------------------------+--------------+-----------------+-----------+-----------------------+
| alpine/edge/cloud/arm64    | d8d9ef0d74e3 | yes    | Alpine edge arm64 (20240708_13:00) | aarch64      | CONTAINER       | 20.48MiB  | 2024/07/08 02:00 CEST |
+----------------------------+--------------+--------+------------------------------------+--------------+-----------------+-----------+-----------------------+
| alpine/edge/cloud/armhf    | b61947f5a2fd | yes    | Alpine edge armhf (20240708_13:06) | armv7l       | CONTAINER       | 19.40MiB  | 2024/07/08 02:00 CEST |
+----------------------------+--------------+--------+------------------------------------+--------------+-----------------+-----------+-----------------------+
resource "incus_image" "alpine" {
  source_remote = "images"
  source_image  = "alpine/edge/arm64"
}

@stgraber I'm not sure if this is really needs a fix, but rather an addition to the documentation for incus_image?

@stgraber
Copy link
Member

stgraber commented Jul 9, 2024

I think we should be able to make architecture writable to handle this.

GetImageAliasArchitectures can then be used to resolve the alias for all architectures and we can then select the appropriate one from there.

If we really wanted to be fancy, when architecture isn't provided, we could look for .Environment.Architectures (GetServer) and skip any alias target for architecture the target doesn't support.

@maveonair maveonair mentioned this issue Aug 1, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@maveonair maveonair

Labels
Bug Confirmed to be a bug Easy Good for new contributors
Milestone
1.0
Development

Successfully merging a pull request may close this issue.

Architecture becomes argument maveonair/terraform-provider-incus
3 participants
@maveonair @stgraber @tregubovav-dev