Support for OEM-specific vendor profile variations
Closed this issue · 2 comments
With the two-layer profile model, we'd like to have the vendor profile vary depending on the host platform. Since the vendor profile is written to read-only /usr, we can't modify the vendor.json file directly. We probably don't want to use the user profile configuration in /etc, since users would overwrite it when configuring the system with their own torcx profile.
For a concrete example, GCE systems have several systemd services that are only installed on GCE images in the writeable OEM partition mounted at /usr/share/oem. (Currently, they are in a rkt ACI.) We'd like these GCE agent services to continue to be run by default in torcx as if they were in the vendor profile, but only on GCE systems, where /usr/share/torcx must be the same as every other platform.
I think we can scale the current model to cover the OEM case in a minimal invasive way.
Proposal would be to introduce an OemDir at /usr/share/oem/torcx, allow multiple lower profiles and by default use vendor and oem.
This will result in:
- users still allowed to specify a single next-profile, and mask the vendor & oem ones separately via empty
vendor.jsonandoem.jsonunder/etc - profiles from the vendor and oem partitions that can be updated separately, without tying eg. docker version and gce-agent versions
- additional non-user profiles and packages that can be dropped in
/usr/share/oem/torcx/store/and/usr/share/oem/torcx/profiles/
I added a commit on top of #55 implementing this (but not tests), and it results in:
$ cat /run/metadata/torcx
TORCX_LOWER_PROFILES="vendor:oem"
TORCX_UPPER_PROFILE="lucab-demo"
TORCX_PROFILE_PATH="/run/torcx/profile.json"
TORCX_BINDIR="/run/torcx/bin"
TORCX_UNPACKDIR="/run/torcx/unpack"
Let me know what you think about this. Do we have any other similar case outside of USR and OEM that we may need to cover?