Package rebuilds in Modularity

People say that Modularity means rebuilding stuff over and over. Is that true? It might be for now. Important thing is that it’s not the goal, it’s just a first step. So why do we do that? It’s all about Application Programming Interface (API), Application Binary Interface (ABI), and automation.

Before we start, let’s refresh one of our goals. The goal is to make the whole process of building and releasing a distribution more efficient, and with the ability to ship more versions and features. That sounds like something we can’t do all at once.

The priority for us at the moment are humans. We want to automate as much of the packagers’ workflow as we can. Even for the cost of computers doing significantly more work. We’ll make it easy for the computers later.

The story of API and ABI compatibility

API compatibility is a compatibility on the source level. An example of this would be a package that builds for all releases (epel6, epel7, f26, f27, etc.) from the same source. While the source is the same, the binary for each release is different. The f27 binary might not work on epel6 etc.

ABI compatibility is a compatibility on the binary level. In this scenario, the same binary would run on all releases (epel6, epel7, f26, f27, etc.).

In the traditional Fedora release, we technically don’t expect any compatibility between releases. For every release of Fedora, we store the sources separately and we build them separately. That means the sources of all packages in the Fedora 26 release are stored in dist-git in an f26 branch, sources of Fedora 27 packages are in an f27 branch, etc.

So technically, there doesn’t need to be an API nor ABI compatibility between releases, because they are completely separated. However, in reality, many things are stable across multiple releases. If you are a packager, you might have a package that builds for all the releases from a single source just fine. That’s where Modularity helps.

Modularity introduces the concept of API compatibility between releases. Thanks to Arbitrary Branching, packagers can have a single branch of an application that is API compatible with multiple releases, and the build system will automatically build different binaries.

An important thing is that the build system will build the binaries automatically. We want to make the packagers’ life as easy as possible, and that’s why there is a new service called Freshmaker that will automate two things: building binaries when the source changes, and rebuilding existing binaries in case of an ABI change. The most important word from this paragraph is “will”—I’m mostly talking about the future.

The ultimate goal

The ideal state is that the build system knows exactly what needs to get built, and it reuses the binaries whenever possible.

In this ideal state, when a packager pushes an update to a certain package, the build system automatically rebuild the package to produce a binary for every release. If the package is ABI compatible with all the releases, it would build it once. If not, it would build it multiple times, but not more than needed.

The next step would be dependencies. If the package introduced an ABI change, it would automatically rebuild all its dependencies that wouldn’t work with this new ABI. In case the ABI is the same as before, no additional rebuilds would occur.

Implementing an automatic mechanism that would decide about when exactly to reuse a binary, and when to rebuild dependencies based on ABI changes is a rather complex task. While this is the ultimate goal, it’s not how it works these days.

The current state

At the time of writing this post, the build system doesn’t know anything about ABI compatibility. But we have the same requirements—builds need to be automatic, and things need to work.

In theory, without any information about the ABI, the only way of being 100 % sure things will work is to rebuild everything. When a new version of a package is built, all its dependencies need to be rebuilt as well. Also all the dependencies of the dependencies needs to be rebuilt, etc. This extreme approach is not maintainable in the real world. We don’t want every update of glibc to trigger a rebuild of the whole distribution. So there needs to be a reasonable compromise.

The current implementation is a combination of limiting the rebuilds, trusting the ABI of module streams, and testing.

Modules are rebuilt automatically when one of their components change. Package rebuilds are done automatically only within the module, with a simple optimisation using build groups which I have described in my previous Module builds – how do they work? post.

However, rebuilding a module will not automatically trigger a rebuild of other modules having a dependency on it. This is where we need to trust the ABI stability of a module stream, together with testing the result after every build.

Conclusion

So yes, there are some extra rebuilds, for now. Important is that this is not the goal. It is a first iteration of providing an automated build pipeline while making the the packagers’ lives easier.

Module builds – how do they work?

Have you ever wondered how modular builds work? In my previous post called Building Modules for the F27 Server, I described the steps a packager needs to go through in order to produce a successful build in the Fedora infrastructure. But what exactly is going on at the backstage?

factory

The build pipeline sees modules as build recipes for RPM packages. Each module has a list of SRPM (source RPM) packages that get build within the module. These packages are divided into build groups which are processed in batches one by one. Build groups are useful in situations when certain packages are needed in the buildroot to build some other ones within the same module. How these build groups work and what services are they part of?

All packages are build in Koji—the same service that builds packages for the traditional Fedora release. Interesting is that Koji doesn’t know anything about modules or build groups. And it uses the same mechanics in both modular and traditional releases. How it knows what to do? That’s where the Module Build Service (MBS) comes in.

MBS orchestrates package builds in Koji. This service makes sure that packages are built in a defined order by leveraging the concept of build groups, and reports the overall state of module builds to the user and other services. While MBS manages most of the steps of module builds, it relies on Koji to do the actual building, and to store the output such as binary packages and logs.

When a module build is finished, it is processed by other services to produce the final artifacts such as RPM repositories, container base images, cloud images, or bootable iso images. Artifacts are typically composed out of multiple modules.

Building a module

Everything starts when a module build gets submitted to MBS. At the time of writing this post, this action is done manually by the packager. They need to run the `mbs-build submit`command in their dist-git repository to get the build submitted. However, a new service called Freshmaker is being deployed. This service will automatically submit builds for every commit to dist-git.

Initial check

When a build is submitted to MBS, it enters the “init” state. During this state, MBS checks if the modulemd file is valid, and that all components of the modules are available. If everything is alright, the state switches to “wait”.

Modules in the “wait” state are waiting for a capacity in the build system. When a capacity is available, MBS switches the state to “build”. And that’s where the real building starts.

Preparing a buildroot

Before diving into describing the “build” state, we need to understand two concepts Koji uses during module builds: tags and tag inheritance. Tags are basically groups of Koji builds. A single build can be tagged into multiple tags. Tags can represent buildroots, releases, or any other groups of builds—like modules. MBS creates two tags for every module build: the buildroot, and the result. Buildroots are typically composed of multiple modules. Koji uses the tag inheritance mechanism to combine multiple tags into one. How is a module buildroot created?

Module buildroot is a tag in Koji representing the environment—a set of packages—where a module gets build. Constructing a buildroot is a first step of the “build” state. The buildroot is an empty tag that inherits all the modules specified as build dependencies in the modulemd that is being built. When this is done, MBS can submit package builds into Koji.

The first package that is built as a part of every module build is the `module-build-macros`. It contains a set of macros that are used when building other packages. When this build is finished, the result is tagged back to the buildroot tag—so it is available for all other components.

Building packages in build groups

Packages are built in batches called build groups. These build groups are defined in modulemd using a buildorder value. The buildorder value is an integer, every component (package) has it, and the default value is zero. Components with the same buildorder value are part of the same build group.

MBS schedules build groups one-by-one, starting with the lowest buildorder value. All packages within a build group are submitted at once and built in parallel. When all builds within the build group finish, the results are tagged back to the buildroot tag—so they are available for the next ones. This is repeated until all build groups are finished.

When all build groups are finished, MBS changes the module build state. If all component builds succeeded, the build state is set to “done”. In case there is one or more failures, the state is set to “failed”. Both of these states mean that the build phase has ended.

After the build

There is another state in MBS indicating that modules are ready to be part of a larger compose and consumed by the end-user. The state is called “ready”. Right now, MBS switches all states “done” to “ready” automatically. However, in the future, this will be probably switched by an external service that sees the bigger picture. Part of the bigger picture can be rebuilding all modular dependencies, additional integration testing, etc.

Next step – release

Modules in the “ready” state are not automatically available to the end user. To have a certain module available in a release, it needs to be added to a compose which is then used to produce the final artifacts such as RPM repositories, container base images, cloud images, or bootable iso images. I might write additional blog post describing this in the future.

This post has been mostly focused on the build phase. There are many other interesting services in the Factory 2.0 that make Modularity possible. Have a look at the Factory 2.0 Focus Documents for more information. You can also learn how to build modules for the F27 Server, see the F27 content plan and help us with building more modules, or browse the Modularity documentation to get more information about the effort.

Building Modules for Fedora 27

Let me start with a wrong presumption that you have everything set up – you are a packager who knows what they want to achieve, you have a dist-git repository created, you have all the tooling installed. And of course, you know what Modularity is, and how and why do we use modulemd to define modular content. You know what Host, Platform, and Bootstrap modules are and how to use them.

Why would I make wrong presumptions like that? First of all, it might not be wrong at all. Especially, if you are a returning visitor, you don’t want to learn about the one-off things every time. I want to start with the stuff you will be doing on regular basis. And instead of explaining the basics over and over again, I will just point you to the right places that will help you solve a specific problem, like not having a dist-git repository.

Updating a module

Let’s go through the whole process of updating a module. I will introduce some build failures on purpose, so you know how to deal with them should they happen to you.

Start with cloning the module dist-git repository to get the modulemd file defining the installer module.

$ fedpkg clone modules/installer
$ cd installer
$ ls
Makefile installer.yaml sources tests

I want to build an updated version of installer. I have generated a new, updated version of modulemd (I will be talking about generating modulemd files later in this post), and I am ready to build it.

$ git add installer.yaml
$ git commit -m "building a new version"
$ git push
$ mbs-build submit
...
asamalik's build #942 of installer-master has been submitted

Now I want to watch the build and see how it goes.

$ mbs-build watch 942
Failed:
 NetworkManager https://koji.fedoraproject.org/koji/taskinfo?taskID=21857852
 realmd https://koji.fedoraproject.org/koji/taskinfo?taskID=21857947
 python-urllib3 https://koji.fedoraproject.org/koji/taskinfo?taskID=21857955

Summary:
 40 components in the COMPLETE state
 3 components in the FAILED state
asamalik's build #942 of installer-master is in the "failed" state

Oh no, it failed! I reviewed the Koji logs using the links above, and I see that:

  • NetworkManager and python-urllib3 failed randomly on tests. That happens sometimes and just resubmitting them would fix it.
  • realmd however needs to be fixed before I can proceed.

After fixing realmd and updating the modulemd to reference the fix, I can submit a new build.

$ git add installer.yaml
$ git commit -m "use the right version of automake with realmd"
$ git push
$ mbs-build submit
...
asamalik's build #942 of installer-master has been submitted

To watch the build, I use the following command.

$ mbs-build watch 943
Failed:
 sssd https://koji.fedoraproject.org/koji/taskinfo?taskID=21859852

Summary:
 42 components in the COMPLETE state
 1 components in the FAILED state
asamalik's build #943 of installer-master is in the "failed" state

Good news is that realmd worked this time. However, sssd failed. I know it built before, and by investigating the logs I found out it’s one of the random test failures again. Resubmitting the build will fix it. In this case, I don’t need to create a new version, just resubmit the current one.

$ mbs-build submit
...
asamalik's build #943 of installer-master has been resubmitted

Watch the build:

$ mbs-build watch 943
Summary:
 43 components in the COMPLETE state
asamalik's build #943 of installer-master is in the "ready" state

Rebuilding against new base

The Platform module has been updated and there is a soname bump in rpmlib. I need to rebuild the module against the new platform. However, I’m not changing anything in the modulemd. I know that builds map 1:1 to git commits, so I need to create an empty commit and submit the build.

$ git commit --allow-empty -m "rebuild against new platform"
$ git push
$ mbs-build submit
...
asamalik's build #952 of installer-master has been submitted

Making sure you have everything

Now it’s the time to make sure you are not missing a step in your module building journey! Did I miss something? Ask for it in the comments or tweet at me and I will try to update the post.

How do I get a dist-git repository?

To get a dist-git repository, you need to have your modulemd to go through a Fedora review process for modules. Please make sure your modulemd comply with the Fedora packaging guidelines for modules. Completing the review process wil result in having a dist-git repository.

What packages go into a module?

Your module need to run on top of the Platform module which together with the Host and Shim modules form the base operating system. You can see the definition of Platform, Host, and Shim modules on github.

You should include all the dependencies needed for your module to run on the Platform module, with few exceptions:

  • If your module needs a common runtime (like Perl or Python) that are already modularized, you shoud use these as a dependencies rather than bundling them to your module.
  • If you see that your module needs a common package (like net-tools), you shouldn’t bundle them either. They should be split into individual modules.
  • To make sure your module doesn’t conflict with other modules, it can’t contain the same packages as other modules. Your module can either depend on these other modules, or such packages can be split into new modules.

To make it easier during the transition from a traditional release to a modular one, there is a set of useful scripts in the dependency-report-scripts repository, and the results are being pushed to the dependency-report repository. You are welcome to participate.

Adding your module to the dependency-report

The module definitions are in the modularity-modules organizations, in a README.md format simlar to the Platform and Host definition. The scripts will take these repositories as an input together with the Fedora Everything repository to produce dependency reports and basic modulemd files.

How can I generate a modulemd file?

The dependency-report-scripts can produce a basic modulemd, stored in the dependency-report repository. The modulemd files stored in the dependency-report repository reference their components using the f27 branch for now. To produce a more reproducible and predictable result, I recommend you to use the generate_modulemd_with_hashes.sh script inside the dependency-report-scripts repository:

$ generate_modulemd_with_hashes.sh MODULE_NAME

The result will be stored at the same place as the previous modulemd, that was using branches as references.

$ ls output/modules/MODULE_NAME/MODULE_NAME.yaml

Where do I get the mbs-build tool?

Install the module-build-service package from Fedora repositories:

$ sudo dnf install module-build-service

What can I build to help?

See the F27 Content Tracking repository and help with the modules that are listed, or propose new ones. You can also ask on #fedora-modularity IRC channel.

Where can I learn more about Modularity?

Please see the Fedora Modularity documentation website.

 

 

Modular F27 Server Edition – initial design

Recently, I have started a discussion on the Server mailing list about building the Fedora 27 Server Edition using Modularity. Langdon White is already working on a change request. If that happens, there will be a lot of work in front of us. So let’s start with writing blog posts!

To build the Fedora 27 Server Edition using Modularity, Adam thinks we need to focus on two things:

First is the initial design of the basic set of modules for the F27 Server Edition – including the Host and Platform modules, as well as other ‘application/content’ modules. To make this easier, I’m proposing a tool temporarily called The Graph Thing.

Second is a great packager UX for the build pipeline. This will lead to more content built by the community. It will include The Graph Thing and BPO, and I will be talking about it in a different post.

This post covers the first part – the initial design.

Modularizing the F27 Server Edition – introduction

To build Fedora 27 Server Edition using Modularity, we need to split the monolithic distro into smaller modules. Modules can come in multiple streams and on independent lifecycles. However, in Fedora 27, all modules will be on the same lifecycle of 13 months as the rest of Fedora 27.

Splitting Fedora 27 into modules

The Platform team defines the Host and Platform modules by deciding which packages are needed in which modules and including their dependencies into these modules. They already started defining the Host and Platform modules in the Host and Platform GitHub repository.

Other modules will be defined based on the Fedora 27 Server Edition use-cases. We need to create modules for all server roles and other components that will be part of the server. Defining these modules will also influence the Platform module as it will include some of the packages shared between other modules.

Splitting the distribution into individual modules is not easy. We need to work with hundreds of packages with complex dependencies and carefully decide what package goes into which module. To do the initial distribution design, I am proposing a tool that will help us. I temporarily call it The Graph Thing and I hope the name will change soon.

After the initial split, we expect other people adding modules to the distribution as well. Making the packager UX great is crucial for us, if we want to get a lot of content from the community. Packagers will be also able to use The Graph Thing for the initial design of their module, and Build Pipeline Overview (BPO) to monitor their builds.

The Graph Thing – a tool for the initial design

The Graph Thing is a tool that will help people with the initial design of individual modules when modularizing a distribution. It will also help packagers with adding other modules later on.

It will work with resources from the Fedora infrastructure, inputs from the user, and will produce a dependency graph as an output. An example with pictures is better than a thousand words:

Example – defining a nodejs module

The Dependency Thing - first run

In this example, there are three things available as resources:

  • Host module definition
  • Platform module definition
  • Fedora 27 repository – including all the Fedora 27 packages

A packager wants to add a new module: nodejs. The packager have specified in the input that they want to visualize the host and platform modules, as well as the new nodejs module which doesn’t exist in the infrastructure. The packager added a nodejs-6.1 package into that module and wants to see if that’s enough for the module, or if they need to add something else.

The output shows that the nodejs module will require two other packages directly, library-foo-3.6 and nodejs-doc-6.1, and that the nodejs-doc-6.1 also needs a crazy-thing-1.2.

Seeing this, the packager made the following decision:

  1. The library-foo-3.6 is a package specific for nodejs, so it should be part of the nodejs module.
  2. The nodejs module should not include documentation, as it will be shipped separately. They will modify the nodejs-6.1 package not to include the nodejs-doc-6.1.

With the decision done, the packager wants to see how it’s going to look like if they apply the changes. So they modify the input of The Graph Thing and run it again:

Great! It looks like that the module now includes everything that is needed. The packager can make the change in the nodejs-6.1 package and submit this module for a build in the Fedora infrastructure.

Value of The Graph Thing tool

As we saw in the example above, the tool can help with designing new modules by looking at the Fedora 27 packages and giving an instant view of how a certain change could look like, without rebuilding stuff.

It will also help us identify which packages need to be shared between individual modules, so we can decide if we include them in the Platform, or it we make a shared module. An obvious example of a shared module can be a language runtime, like Python or Perl. Other, not that obvious, can be identified with this tool.

Apart from the initial design of the Fedora 27 Server Edition, this tool could be also a part of the packager UX which I will be talking about soon.

Early implementation

I have already created an early partial implementation of this tool. You can find it in my asamalik/modularity-dep-viz GitHub repo.

Next steps

The tool needs to get rewritten to use libsolv instead of multiple repoquery queries – so it produces the correct output, and takes seconds rather than minutes to produce an output. It could also be merged with another similar project called depchase which has been used by the Platform team to define the Base Runtime and Bootstrap modules for the F26 Boltron release.

Modularity update – sprint 31

Hello people of the world! Let me give you another update of the Fedora Modularity project.

What we did

We are moving the modules to the new Fedora Modularity: modules space on GitHub. All work regarding modules will be done primarily here and synced into fedora dist-git for builds. Each module has its own repository with an issue tracker.

The Modularity documentation has been updated and slightly restructured.

There is also a new demo about the dnf prototype supporting modules on our YouTube channel.

Try the DNF prototype

You can try everything you have seen in the video yourself! We have a container image with everything you need to get started. See the DNF Modularity Prototype repository for the source, or get the image directly from Docker hub:

$ docker pull jamesantill/flat-modules-dnf

Then start a container using this image with an interactive shell:

$ docker run --rm -it jamesantill/flat-modules-dnf /bin/bash

Now, when you are in the container, you can try all the commands. And please give us feedback either in the comment section below, in the issue tracker, or get in touch on the #fedora-modularity freenode channel.

What’s next?

  • Complete all modules, images, and tests.
  • Prepare an example and a demo of multiple streams of NodeJS.
  • Review and prioritize open issues.

Modularity update – sprint 30

The Fedora Modularity team already publishes sprint reports on the Modularity YouTube channel every two weeks. But this format might not be always suitable – like watching on a phone with limited data. So I would like to start writing short reports every two weeks about Modularity, so people have more choice of how to get updated.

What we did

  • We have the final list of modules we are shipping in F26 Boltron. The list shows Python 2 and Python 3 as not-included which is not entirely true. Even thought we won’t be shipping them as separate modules due to various packaging resons, they will be included in Boltron as part of the Base Runtime and shared-userspace.
  • One of them is shared-userspace which is a huge module that contains common runtime and build dependencies with proven ABI stability over time. Lesson learned: building huge modules is hard. We might want to create smaller ones join them together as a module stack.
  • To demonstrate multiple streams we will include NodeJS 6 as part of Boltron, and NodeJS 8 in Copr – built by its maintainer.
  • The DNF team has implemented a fully functional DNF version that supports modules.
  • We have changed the way we do demos on YouTube. Instead of posting a demo every two weeks of work per person, we will do a sprint review + user-focused demos as we go. I will also do my best with writing these posts. 🙂

What’s next?

Modules:

  • clean up and make sure they deliver the use cases we promised
  • the same for containers if time allows

Documentation and community:

  • issue tracker for each module
  • revisiting documentation
  • revisiting how-to guides

Demos:

  • we would love to make a demo based on a working compose (if we get a qcow)

Also, I’m going to Zagreb to give a Modularity talk at DORS/CLUC next week. Come if you’re near by! 😉

Fedora Modularity Documentation

Wiki pages are great for collaboration. But they are not that great in getting people’s attention. They can also become pretty messy and hard to navigate trough when using multiple pages that are related to each other – like documentation – which was what we had there. We needed something better. Something that would make it easy to go trough multiple pages of documentation. Something that would have a simple landing page explaining what we do. And having a simple way to review the changes people make before publishing them would be also great.

I knew we wanted something better, but I didn’t know what exactly. I also didn’t want to invent yet another way to build docs. So I looked around, and found the Fedora Release Engineering documentation. It’s hosted in Pagure Docs, it’s built with Python Sphinx, and it also used to be a wiki. And I got inspired!

So I created some drafts, made a proposal, and convinced people from the Modularity Working Group that we need a cool website. And then I just built it. Using the same tech as the Fedora Release Engineering team – Python Sphinx to build, Pagure Docs to host.

But because I’m a wanna-be designer, I also created a logo, and wrote a custom Sphinx template including a simple landing page that helps people quickly understand what Modularity is about.

And I’m happy to announce that the new Fedora Modularity documentation website has been published today!

To edit the documentation, please send pull-requests against our source repository. And maybe get in touch if you like the project!

Early module development with Fedora Modularity

So you like the Fedora Modularity project – where we separate the lifecycle of software from the distribution – and you want to start with module development early? Maybe to have it ready for the modular Fedora 26 Server preview? Start developing your modulemd on your local system now, and have it ready for later when the Module Build Service is in production!

Defining your module

To have your module build, you need to start with writing a modulemd file which is a definition of your module including the components, API, and all the information necessary to build your module like specifying the build root and a build order for the packages. Let’s have a look at an example Vim module:

document: modulemd
version: 1
data:
    summary: A ubiquitous text editor
    description: >
        Vim is a highly configurable text editor built to make creating and
        changing any kind of text very efficient.
    license:
        module:
            - MIT
        content: []
    xmd: ~
    dependencies:
        buildrequires:
            generational-core: master
        requires:
            generational-core: master
    references:
        community: http://www.vim.org/
        documentation: http://www.vim.org/docs.php
        tracker: https://github.com/vim/vim/issues
    profiles:
        default:
            rpms:
                - vim-enhanced
        minimal:
            rpms:
                - vim-minimal
        graphical:
            rpms:
                - vim-X11
    api:
        rpms:
            - vim-minimal
            - vim-enhanced
            - vim-X11
    filter:
        rpms: ~
    components:
        rpms:
            vim-minimal:
                rationale: The minimal variant of VIM, /usr/bin/vi.
            vim-enhanced:
                rationale: The enhanced variant of VIM.
            vim-X11:
                rationale: The GUI variant of VIM.
            vim-common:
                rationale: Common files needed by all VIM variants.
            vim-filesystem:
                rationale: The directory structure used by VIM packages.

Notice that there is no information about the name or version of the module. That’s because the build system takes this information from the git repository, from which the module is build:

  • Git repository name == module name
  • Git repository branch == module stream
  • Commit timestamp == module version

You can also see my own FTP module for reference.

To build your own module, you need to create a Git repository with the modulemd file. The name of your repo and the file must match the name of your module:

$ mkdir my-module
$ touch my-module/my-module.yml

The core idea about modules is that they include all the dependencies in themselves. Well, except the base packages found in the Base Runtime API – which haven’t been defined yet. But don’t worry, you can use this list of binary packages in the meantime.

So the components list in your modulemd need to include all the dependencies except the ones mentioned above. You can get a list of recursive dependencies for any package by using repoquery:

$ repoquery --requires --recursive --resolve PACKAGE_NAME

When you have this ready, you can start with building your module.

Building your module

To build a modulemd, you need to have the Module Build Service installed on your system. There are two ways of achieving that:

  1. Installing the module-build-service package with all its dependencies.
  2. Using a pre-built docker image and a helper script.

Both options provide the same result, so choose whichever you like better.

Option 1: module-build-service package

On Fedora rawhide, just install it by:

$ sudo dnf install module-build-service

I have also created a Module Build Service copr repo for Fedora 24 and Fedora 25:

$ sudo dnf copr enable asamalik/mbs
$ sudo dnf install module-build-service

To build your modulemd, run a command similar to the following:

$ mbs-manager build_module_locally file:////path/to/my-module?#master

An output will be a yum/dnf repository in the /tmp directory.

Option 2: docker image and a helper script

With this option you don’t need to install all the dependencies on your system, but it requires you to setenforce 0 before the build. 🙁

You only need to clone the asamalik/build-module repository on GitHub and use the helper script as follows:

$ build_module ./my-module ./results

An output will be a yum/dnf repository in the patch you have specified.

What’s next?

The next step would be installing your module on the Base Runtime and testing if it works. But as we are doing this pretty early, there is no Base Runtime at the moment I’m writing this. However, you can try your module in a container using a pre-build fake Base Runtime image.

To handcraft your modular container, please follow the Developing and Building Modules guide on our wiki which provides you all the necessary steps while showing you a way how modular containers might be built in the future infrastructure!

DevConf.cz 2017

Are you visiting DevConf.cz in Brno? There is a talk about Modularity and a workshop where you can try building your own module as well. Both can be found in the DevConf.cz 2017 Schedule.

  • Day 1 (Friday) at 12:30 – Fedora Modularity – How does it work?
  • Day 2 (Saturday) at 16:00 – Fedora Modularity – Build your own module!

See you there!

 

Copr in the Modularity World

Copr is a community build service in Fedora that enables anyone with a FAS account to build their own RPM repositories. This post explains how we can use Copr in modularity, what is already supported, and what needs to be done.

Almost everything in this post starts with a view from the UX perspective. However, technical details are also provided as they are the crucial part of this post.

I have also created a YouTube video showing building modules in Copr + installing.

What I want to achieve

Build systems in Fedora

There are two build systems in Fedora currently:

  1. Koji is the official Fedora build service, that builds everything officially released in Fedora.
  2. Copr is a community build service, available to anyone to build their own RPM repositories. Packages here are not reviewed. Copr in Fedora is something like AUR in Arch Linux.

The purpose of these two build systems should remain unchanged in the modular world. Fedora modules would be built in Koji, and community modules would be built in Copr.

Producing modules

A simplified examples of workflows to build modules in both build systems could be as follows:

  • Koji:
    1. By submitting a modulemd yaml. The whole module including its packages will be built automatically in the pipeline.
  • Copr:
    1. By submitting a modulemd yaml. The whole module including its packages will be built automatically in the pipeline.
    2. By “handcrafting” the module manually. User would submit the builds one by one – as they would in Copr today – and then build a module out of the project. This workflow is described in a more detail below.

Copr could be used to build the initial versions of modules that would eventually end up in Fedora. The “Handcrafting” feature will allow packagers to build and develop their module gradually, and submit it for review in Fedora later when it is ready.

Consuming modules

Official/production modules in Fedora would be identified by ‘name-branch-version’. To install a LAMP stack from Fedora, user would do something like:

$ module-thing install LAMP-something-42

Community modules from Copr would be identified by ‘username/name-branch-version’. To install a LAMP stack from Copr created by user asamalik, user would do something like:

$ module-thing install asamalik/LAMP-something-42

Important detail in both scenarios is using of the same tools to consume both official and community versions.

Technical – modules in Koji vs. modules in Copr

This table is a summary of the main differences. It is also described in a bit more detail below.

Koji Copr
Modules are represented by Tags Projects
Build roots are defined by RPMs with a specific tag External RPM repositories
Finished module builds are RPMs with a specific tag RPM repository
Multiple packages with the same NVR + dist-tag in the build system No Yes – every project has its own isolated namespace for packages.
Multiple modules with the same name in the build system No Yes – every user has its own isolated namespace for modules.

Koji

Koji uses tags to work with modules, where tag is basically a group of RPM packages. Each module has a ‘build tag’ with all RPMs defining the build root, and a ‘module tag’ with all the built RPMs that are included in the module as components.

A single RPM can be tagged with multiple tags. The problem is, that there can not be multiple RPMs in Koji with the same NVR and dist-tag. To workaround this problem, we modify the dist-tag of all RPMs in a module to include the name of the module.

Koji can/will be able to create an RPM repository out of every ‘module tag’ using a ‘signed repo’ function.

Copr

Copr would use projects to work with modules, where project is something like a directory. One project can define a build root by selecting a predefined mock chroot. This build root can be modified by linking external RPM repositories. To build modules, Copr would introduce an empty mock chroot, and the build root could be defined only by the RPM repository.

A single RPM can be included in only one project. To include one RPM in more projects, it needs to be rebuilt in them. However, there can be multiple packages with the same NVR and dist-tag in Copr. One in every project.

Copr also supports namespaces which is done by usernames. For example, two users can create modules with the same name, stream, release, metadata, … and include an RPM package with the same NVR + dist-tag. These will be completely separated.

Copr automatically creates a signed RPM repository out of every project. “Modularization” of the repository with a yaml spec file is already supported.

Building modules in Copr – conceptual view

This section describes steps that needs to be performed in Copr to build a module. The following steps can be done by a user or an automated tool like the orchestrator.

Copr currently supports everything except empty chroots and releasing a module.

Building a module

  1. Create a project with empty chroot
  2. Define build root by linking external repository
  3. Build all your RPM packages
  4. Release a module, two ways doing that:
    1. Define the module API, install profiles, and package filters by selecting binary packages from a list. [supported soon]
    2. Add the modulemd yaml to the repository. [already supported]

Building a stack

  1. Create a project with empty chroot – let’s call it the main project
  2. Create projects for all the “submodules” in your stack – let’s call them submodule projects
  3. Define build root by linking external repository to all projects you have created
  4. Build all your RPM packages of your “submodules” in their projects
  5. Use the “fork” function in Copr to copy the built RPMs from all your submodule project to the main project
  6. Delete all the submodule projects
  7. Release a module, two ways doing that:
    1. Define the module API, install profiles, and package filters by selecting binary packages from a list. [supported soon]
    2. Add the modulemd yaml to the repository. [already supported]

Handcrafting projects in Copr

This method of building modules is meant for the community members that use Copr today. The main benefits are:

  • Users will not need to write the yaml spec – Copr will automatically generate it for them.
  • User’s workflow of creating a module will be very similar to how they create RPM repositories in Copr today.

However, Copr will also support rebuilding modules from Fedora or building custom modules by submitting the yaml spec.

Workflow

  1. User creates a project
  2. User defines build root by selecting a “base runtime module” from Fedora – roughly the same way as they would select chroots today
  3. User builds all their RPM packages
  4. User defines the module API, install profiles, and package filters by clicking checkboxes (see mockup below)
  5. User then click on “release module”. Copr will generate the yaml spec for them automatically and create a modular RPM repository.

The picture below shows the UI in Copr to create a module out of a project.

Producing traditional repo and module at the same time

Copr supports multiple chroots in one project. That means I can build the same thing for example for Fedora 23, Fedora 24, Epel 6, and Epel 7. We could add “module” as another chroot, so user could build the same thing for old and new systems. Traditional repositories could be consumed anytime – including installation and updates. Modules would be released every time project enters a release milestone. Modules would remain unchanged forever – the same way as in Fedora.

Roles of PDC and BPO in Modularity – please give me feedback

There has been some confusion about the roles of PDC and BPO in Modularity as the roles might seem overlapping. This document will briefly explain the roles of both services and highlight the main differences.

Long story short:

  • PDC is a database that stores module metadata and dependency graphs
  • BPO is a web UI to display module build state and probably to browse some metadata

Main overlaps:

  • BPO has its own database. However, the database acts as a cache only to make the UI fast. All the data can be lost and recovered from other services such as Orchestrator and PDC.
  • PDC has its own web UI. However, browsing and displaying modules has not been implemented. And even if it was, PDC does not/should not store data such as build state.

From my understanding, this design has been already valid on the Modularity Infra wiki page: https://fedoraproject.org/wiki/Modularity/Architecture/Infra?rd=Modularity/Infra

PDC – Product Definition Centre

PDC is the primary database for module metadata such as:

  • Name, stream, release – or however are these going to be called
  • Dependencies and components
  • Koji tags
  • Maybe information such as SLA?

It provides a REST API to access and manipulate this data.

A part of PDC is also a web UI that will not be used in Modularity.

BPO – Build Pipeline Overview

BPO is a single web UI that will watch over the whole pipeline. Its primary function is to show the build state of each module.

Users will be also able to browse module metadata such as:

  • Dependencies
  • Components
  • Install profiles

BPO uses its own database as a cache only to make the UI faster. The database:

  • Will be updated by fedmsg and also queries of other services as reactions to some messages.
  • Can be deleted and recovered from other services.