particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

rhel9: fix conditionals for sysroot.readonly enablement

Browse source 
Signed-off-by: Antonio Murdaca <antoniomurdaca@gmail.com>
This commit is contained in:
Antonio Murdaca 2023-02-08 18:29:07 +01:00 committed by Achilleas Koutsou
parent 1b9e008c29
commit 6afab3dff2
2 changed files with 31 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

16
internal/distro/rhel9/images.go
View file

@ -340,7 +340,6 @@ func edgeRawImage(workload workload.Workload,
Checksum: options.OSTree.FetchChecksum, Checksum: options.OSTree.FetchChecksum,
} }
img := image.NewOSTreeRawImage(commit) img := image.NewOSTreeRawImage(commit)
// TODO: add Fedora once it's ready
if !common.VersionLessThan(t.arch.distro.osVersion, "9.2") || t.arch.distro.osVersion == "9-stream" { if !common.VersionLessThan(t.arch.distro.osVersion, "9.2") || t.arch.distro.osVersion == "9-stream" {
img.Ignition = true img.Ignition = true
} }
@ -350,10 +349,13 @@ func edgeRawImage(workload workload.Workload,
// "rw" kernel option is required when /sysroot is mounted read-only to // "rw" kernel option is required when /sysroot is mounted read-only to
// keep stateful parts of the filesystem writeable (/var/ and /etc) // keep stateful parts of the filesystem writeable (/var/ and /etc)
img.KernelOptionsAppend = []string{"modprobe.blacklist=vc4", "rw"} img.KernelOptionsAppend = []string{"modprobe.blacklist=vc4"}
img.Keyboard = "us" img.Keyboard = "us"
img.Locale = "C.UTF-8" img.Locale = "C.UTF-8"
img.SysrootReadOnly = true if !common.VersionLessThan(t.arch.distro.osVersion, "9.2") || t.arch.distro.osVersion == "9-stream" {
img.SysrootReadOnly = true
img.KernelOptionsAppend = append(img.KernelOptionsAppend, "rw")
}
img.Platform = t.platform img.Platform = t.platform
img.Workload = workload img.Workload = workload
@ -400,7 +402,6 @@ func edgeSimplifiedInstallerImage(workload workload.Workload,
Checksum: options.OSTree.FetchChecksum, Checksum: options.OSTree.FetchChecksum,
} }
rawImg := image.NewOSTreeRawImage(commit) rawImg := image.NewOSTreeRawImage(commit)
// TODO: add Fedora once it's ready
if !common.VersionLessThan(t.arch.distro.osVersion, "9.2") || t.arch.distro.osVersion == "9-stream" { if !common.VersionLessThan(t.arch.distro.osVersion, "9.2") || t.arch.distro.osVersion == "9-stream" {
rawImg.Ignition = true rawImg.Ignition = true
} }
@ -410,10 +411,13 @@ func edgeSimplifiedInstallerImage(workload workload.Workload,
// "rw" kernel option is required when /sysroot is mounted read-only to // "rw" kernel option is required when /sysroot is mounted read-only to
// keep stateful parts of the filesystem writeable (/var/ and /etc) // keep stateful parts of the filesystem writeable (/var/ and /etc)
rawImg.KernelOptionsAppend = []string{"modprobe.blacklist=vc4", "rw"} rawImg.KernelOptionsAppend = []string{"modprobe.blacklist=vc4"}
rawImg.Keyboard = "us" rawImg.Keyboard = "us"
rawImg.Locale = "C.UTF-8" rawImg.Locale = "C.UTF-8"
rawImg.SysrootReadOnly = true if !common.VersionLessThan(t.arch.distro.osVersion, "9.2") || t.arch.distro.osVersion == "9-stream" {
rawImg.SysrootReadOnly = true
rawImg.KernelOptionsAppend = append(rawImg.KernelOptionsAppend, "rw")
}
rawImg.Platform = t.platform rawImg.Platform = t.platform
rawImg.Workload = workload rawImg.Workload = workload

23
test/data/ansible/check_ostree.yaml
View file

@ -259,7 +259,7 @@
# There are three checks here for /sysroot permission based on pr https://github.com/osbuild/osbuild-composer/pull/3053 # There are three checks here for /sysroot permission based on pr https://github.com/osbuild/osbuild-composer/pull/3053
# 1. for edge-commit and edge-installer, check ro when fedora >= 37 # 1. for edge-commit and edge-installer, check ro when fedora >= 37
# 2. for edge-commit and edge-installer, check rw for other os. # 2. for edge-commit and edge-installer, check rw for other os.
# 3. for edge-simplified-installer and edge-raw-image, check ro for all os. # 3. for edge-simplified-installer and edge-raw-image, check ro for 9.2+ and F37+.
- name: /sysroot should be mount with ro permission for edge-commit and edge-installer on Fedora >= 37 - name: /sysroot should be mount with ro permission for edge-commit and edge-installer on Fedora >= 37
block: block:
- assert: - assert:
@ -307,7 +307,26 @@
- name: failed count + 1 - name: failed count + 1
set_fact: set_fact:
failed_counter: "{{ failed_counter | int + 1 }}" failed_counter: "{{ failed_counter | int + 1 }}"
when: edge_type == "edge-simplified-installer" or edge_type == "edge-raw-image" when: (edge_type == "edge-simplified-installer" or edge_type == "edge-raw-image") and ((ansible_facts['distribution'] == 'Fedora' and ansible_facts['distribution_version'] is version('37', '>=')) or
(ansible_facts['distribution'] == 'CentOS' and ansible_facts['distribution_version'] is version('9', '>=')) or (ansible_facts['distribution'] == 'RedHat' and ansible_facts['distribution_version'] is version('9.2', '>=')))
- name: /sysroot should be mount with rw permission for edge-simplified-installer and edge-raw-image for <9.2 and <F37
block:
- assert:
that:
- result_sysroot_mount_status.stdout == "rw"
fail_msg: "/sysroot is not mounted with rw permission"
success_msg: "/sysroot is mounted with rw permission"
always:
- set_fact:
total_counter: "{{ total_counter | int + 1 }}"
rescue:
- name: failed count + 1
set_fact:
failed_counter: "{{ failed_counter | int + 1 }}"
when: (edge_type == "edge-simplified-installer" or edge_type == "edge-raw-image") and ((ansible_facts['distribution'] == 'Fedora' and ansible_facts['distribution_version'] is version('37', '<')) or
(ansible_facts['distribution'] == 'CentOS' and ansible_facts['distribution_version'] is version('9', '<')) or (ansible_facts['distribution'] == 'RedHat' and ansible_facts['distribution_version'] is version('9.2', '<')))
# case: check /var mount point # case: check /var mount point
- name: check /var mount point - name: check /var mount point