From 8fd33b15908dc7ccef41469ac0720e5b7b5f2ff3 Mon Sep 17 00:00:00 2001 From: Achilleas Koutsou Date: Wed, 4 Jan 2023 14:49:36 +0100 Subject: [PATCH] distro/rhel8: image type separation: ami and edge Start splitting image type definitions into separate files by logical groups (mostly by footprint and cloud platform) for easier navigation, like we did for rhel9. Split AMI and Edge image types; the rest will follow in separate commits. Image specific package sets are defined in the file for the image type grouping instead of the package_sets file. A notable difference with the way it was done in rhel9 is that every image type is defined in a function rather than a global where possible and a function when distro version specific configuration is needed. This is done for consistency and the change will likely be done in the other distributions as well. Also, instead of passing only required values to the image type constructor (for example, osVersion and a RHEL boolean), we pass the whole distribution object and each constructor can read whatever information it needs. --- internal/distro/rhel8/ami.go | 518 ++++++++++++++++++++++++ internal/distro/rhel8/distro.go | 541 +------------------------- internal/distro/rhel8/edge.go | 433 +++++++++++++++++++++ internal/distro/rhel8/package_sets.go | 360 ----------------- 4 files changed, 970 insertions(+), 882 deletions(-) create mode 100644 internal/distro/rhel8/ami.go create mode 100644 internal/distro/rhel8/edge.go diff --git a/internal/distro/rhel8/ami.go b/internal/distro/rhel8/ami.go new file mode 100644 index 000000000..b167be015 --- /dev/null +++ b/internal/distro/rhel8/ami.go @@ -0,0 +1,518 @@ +package rhel8 + +import ( + "github.com/osbuild/osbuild-composer/internal/common" + "github.com/osbuild/osbuild-composer/internal/distro" + "github.com/osbuild/osbuild-composer/internal/osbuild" + "github.com/osbuild/osbuild-composer/internal/rpmmd" +) + +func amiImgTypeX86_64(rd distribution) imageType { + it := imageType{ + name: "ami", + filename: "image.raw", + mimeType: "application/octet-stream", + packageSets: map[string]packageSetFunc{ + buildPkgsKey: ec2BuildPackageSet, + osPkgsKey: ec2CommonPackageSet, + }, + packageSetChains: map[string][]string{ + osPkgsKey: {osPkgsKey, blueprintPkgsKey}, + }, + defaultImageConfig: defaultAMIImageConfigX86_64(rd), + kernelOptions: "console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 crashkernel=auto", + bootable: true, + bootType: distro.LegacyBootType, + defaultSize: 10 * common.GibiByte, + pipelines: ec2Pipelines, + buildPipelines: []string{"build"}, + payloadPipelines: []string{"os", "image"}, + exports: []string{"image"}, + basePartitionTables: ec2BasePartitionTables, + } + + return it +} + +func ec2ImgTypeX86_64(rd distribution) imageType { + it := imageType{ + name: "ec2", + filename: "image.raw.xz", + mimeType: "application/xz", + packageSets: map[string]packageSetFunc{ + buildPkgsKey: ec2BuildPackageSet, + osPkgsKey: rhelEc2PackageSet, + }, + packageSetChains: map[string][]string{ + osPkgsKey: {osPkgsKey, blueprintPkgsKey}, + }, + defaultImageConfig: defaultEc2ImageConfigX86_64(rd), + kernelOptions: "console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 crashkernel=auto", + bootable: true, + bootType: distro.LegacyBootType, + defaultSize: 10 * common.GibiByte, + pipelines: rhelEc2Pipelines, + buildPipelines: []string{"build"}, + payloadPipelines: []string{"os", "image", "archive"}, + exports: []string{"archive"}, + basePartitionTables: ec2BasePartitionTables, + } + return it +} + +func ec2HaImgTypeX86_64(rd distribution) imageType { + it := imageType{ + name: "ec2-ha", + filename: "image.raw.xz", + mimeType: "application/xz", + packageSets: map[string]packageSetFunc{ + buildPkgsKey: ec2BuildPackageSet, + osPkgsKey: rhelEc2HaPackageSet, + }, + packageSetChains: map[string][]string{ + osPkgsKey: {osPkgsKey, blueprintPkgsKey}, + }, + defaultImageConfig: defaultEc2ImageConfigX86_64(rd), + kernelOptions: "console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 crashkernel=auto", + bootable: true, + bootType: distro.LegacyBootType, + defaultSize: 10 * common.GibiByte, + pipelines: rhelEc2Pipelines, + buildPipelines: []string{"build"}, + payloadPipelines: []string{"os", "image", "archive"}, + exports: []string{"archive"}, + basePartitionTables: ec2BasePartitionTables, + } + return it +} + +func amiImgTypeAarch64(rd distribution) imageType { + it := imageType{ + name: "ami", + filename: "image.raw", + mimeType: "application/octet-stream", + packageSets: map[string]packageSetFunc{ + buildPkgsKey: ec2BuildPackageSet, + osPkgsKey: ec2CommonPackageSet, + }, + packageSetChains: map[string][]string{ + osPkgsKey: {osPkgsKey, blueprintPkgsKey}, + }, + defaultImageConfig: defaultAMIImageConfig(rd), + kernelOptions: "console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 iommu.strict=0 crashkernel=auto", + bootable: true, + defaultSize: 10 * common.GibiByte, + pipelines: ec2Pipelines, + buildPipelines: []string{"build"}, + payloadPipelines: []string{"os", "image"}, + exports: []string{"image"}, + basePartitionTables: ec2BasePartitionTables, + } + return it +} + +func ec2ImgTypeAarch64(rd distribution) imageType { + it := imageType{ + name: "ec2", + filename: "image.raw.xz", + mimeType: "application/xz", + packageSets: map[string]packageSetFunc{ + buildPkgsKey: ec2BuildPackageSet, + osPkgsKey: rhelEc2PackageSet, + }, + packageSetChains: map[string][]string{ + osPkgsKey: {osPkgsKey, blueprintPkgsKey}, + }, + defaultImageConfig: defaultEc2ImageConfig(rd), + kernelOptions: "console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 iommu.strict=0 crashkernel=auto", + bootable: true, + defaultSize: 10 * common.GibiByte, + pipelines: rhelEc2Pipelines, + buildPipelines: []string{"build"}, + payloadPipelines: []string{"os", "image", "archive"}, + exports: []string{"archive"}, + basePartitionTables: ec2BasePartitionTables, + } + return it +} + +func ec2SapImgTypeX86_64(rd distribution) imageType { + it := imageType{ + name: "ec2-sap", + filename: "image.raw.xz", + mimeType: "application/xz", + packageSets: map[string]packageSetFunc{ + buildPkgsKey: ec2BuildPackageSet, + osPkgsKey: rhelEc2SapPackageSet, + }, + packageSetChains: map[string][]string{ + osPkgsKey: {osPkgsKey, blueprintPkgsKey}, + }, + defaultImageConfig: defaultEc2SapImageConfigX86_64(rd), + kernelOptions: "console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 crashkernel=auto processor.max_cstate=1 intel_idle.max_cstate=1", + bootable: true, + bootType: distro.LegacyBootType, + defaultSize: 10 * common.GibiByte, + pipelines: rhelEc2Pipelines, + buildPipelines: []string{"build"}, + payloadPipelines: []string{"os", "image", "archive"}, + exports: []string{"archive"}, + basePartitionTables: ec2BasePartitionTables, + } + return it +} + +// default EC2 images config (common for all architectures) +func baseEc2ImageConfig() *distro.ImageConfig { + return &distro.ImageConfig{ + Timezone: common.ToPtr("UTC"), + TimeSynchronization: &osbuild.ChronyStageOptions{ + Servers: []osbuild.ChronyConfigServer{ + { + Hostname: "169.254.169.123", + Prefer: common.ToPtr(true), + Iburst: common.ToPtr(true), + Minpoll: common.ToPtr(4), + Maxpoll: common.ToPtr(4), + }, + }, + // empty string will remove any occurrences of the option from the configuration + LeapsecTz: common.ToPtr(""), + }, + Keyboard: &osbuild.KeymapStageOptions{ + Keymap: "us", + X11Keymap: &osbuild.X11KeymapOptions{ + Layouts: []string{"us"}, + }, + }, + EnabledServices: []string{ + "sshd", + "NetworkManager", + "nm-cloud-setup.service", + "nm-cloud-setup.timer", + "cloud-init", + "cloud-init-local", + "cloud-config", + "cloud-final", + "reboot.target", + }, + DefaultTarget: common.ToPtr("multi-user.target"), + Sysconfig: []*osbuild.SysconfigStageOptions{ + { + Kernel: &osbuild.SysconfigKernelOptions{ + UpdateDefault: true, + DefaultKernel: "kernel", + }, + Network: &osbuild.SysconfigNetworkOptions{ + Networking: true, + NoZeroConf: true, + }, + NetworkScripts: &osbuild.NetworkScriptsOptions{ + IfcfgFiles: map[string]osbuild.IfcfgFile{ + "eth0": { + Device: "eth0", + Bootproto: osbuild.IfcfgBootprotoDHCP, + OnBoot: common.ToPtr(true), + Type: osbuild.IfcfgTypeEthernet, + UserCtl: common.ToPtr(true), + PeerDNS: common.ToPtr(true), + IPv6Init: common.ToPtr(false), + }, + }, + }, + }, + }, + RHSMConfig: map[distro.RHSMSubscriptionStatus]*osbuild.RHSMStageOptions{ + distro.RHSMConfigNoSubscription: { + // RHBZ#1932802 + SubMan: &osbuild.RHSMStageOptionsSubMan{ + Rhsmcertd: &osbuild.SubManConfigRHSMCERTDSection{ + AutoRegistration: common.ToPtr(true), + }, + Rhsm: &osbuild.SubManConfigRHSMSection{ + ManageRepos: common.ToPtr(false), + }, + }, + }, + distro.RHSMConfigWithSubscription: { + // RHBZ#1932802 + SubMan: &osbuild.RHSMStageOptionsSubMan{ + Rhsmcertd: &osbuild.SubManConfigRHSMCERTDSection{ + AutoRegistration: common.ToPtr(true), + }, + // do not disable the redhat.repo management if the user + // explicitly request the system to be subscribed + }, + }, + }, + SystemdLogind: []*osbuild.SystemdLogindStageOptions{ + { + Filename: "00-getty-fixes.conf", + Config: osbuild.SystemdLogindConfigDropin{ + + Login: osbuild.SystemdLogindConfigLoginSection{ + NAutoVTs: common.ToPtr(0), + }, + }, + }, + }, + CloudInit: []*osbuild.CloudInitStageOptions{ + { + Filename: "00-rhel-default-user.cfg", + Config: osbuild.CloudInitConfigFile{ + SystemInfo: &osbuild.CloudInitConfigSystemInfo{ + DefaultUser: &osbuild.CloudInitConfigDefaultUser{ + Name: "ec2-user", + }, + }, + }, + }, + }, + Modprobe: []*osbuild.ModprobeStageOptions{ + { + Filename: "blacklist-nouveau.conf", + Commands: osbuild.ModprobeConfigCmdList{ + osbuild.NewModprobeConfigCmdBlacklist("nouveau"), + }, + }, + // COMPOSER-1807 + { + Filename: "blacklist-amdgpu.conf", + Commands: osbuild.ModprobeConfigCmdList{ + osbuild.NewModprobeConfigCmdBlacklist("amdgpu"), + }, + }, + }, + DracutConf: []*osbuild.DracutConfStageOptions{ + { + Filename: "sgdisk.conf", + Config: osbuild.DracutConfigFile{ + Install: []string{"sgdisk"}, + }, + }, + }, + SystemdUnit: []*osbuild.SystemdUnitStageOptions{ + // RHBZ#1822863 + { + Unit: "nm-cloud-setup.service", + Dropin: "10-rh-enable-for-ec2.conf", + Config: osbuild.SystemdServiceUnitDropin{ + Service: &osbuild.SystemdUnitServiceSection{ + Environment: "NM_CLOUD_SETUP_EC2=yes", + }, + }, + }, + }, + Authselect: &osbuild.AuthselectStageOptions{ + Profile: "sssd", + }, + SshdConfig: &osbuild.SshdConfigStageOptions{ + Config: osbuild.SshdConfigConfig{ + PasswordAuthentication: common.ToPtr(false), + }, + }, + } +} + +func defaultEc2ImageConfig(rd distribution) *distro.ImageConfig { + ic := baseEc2ImageConfig() + if rd.isRHEL() && common.VersionLessThan(rd.osVersion, "9.1") { + ic = appendRHSM(ic) + // Disable RHSM redhat.repo management + rhsmConf := ic.RHSMConfig[distro.RHSMConfigNoSubscription] + rhsmConf.SubMan.Rhsm = &osbuild.SubManConfigRHSMSection{ManageRepos: common.ToPtr(false)} + ic.RHSMConfig[distro.RHSMConfigNoSubscription] = rhsmConf + } + // The RHSM configuration should not be applied since 8.7, but it is instead done by installing the redhat-cloud-client-configuration package. + // See COMPOSER-1804 for more information. + rhel87PlusEc2ImageConfigOverride := &distro.ImageConfig{ + RHSMConfig: map[distro.RHSMSubscriptionStatus]*osbuild.RHSMStageOptions{}, + } + if !common.VersionLessThan(rd.osVersion, "8.7") { + ic = rhel87PlusEc2ImageConfigOverride.InheritFrom(ic) + } + + return ic +} + +// default AMI (EC2 BYOS) images config +func defaultAMIImageConfig(rd distribution) *distro.ImageConfig { + ic := defaultEc2ImageConfig(rd) + if rd.isRHEL() { + // defaultAMIImageConfig() adds the rhsm options only for RHEL < 9.1 + // Add it unconditionally for AMI + ic = appendRHSM(ic) + } + return ic +} + +func defaultEc2ImageConfigX86_64(rd distribution) *distro.ImageConfig { + ic := defaultEc2ImageConfig(rd) + return appendEC2DracutX86_64(ic) +} + +func defaultAMIImageConfigX86_64(rd distribution) *distro.ImageConfig { + ic := defaultAMIImageConfig(rd).InheritFrom(defaultEc2ImageConfigX86_64(rd)) + return appendEC2DracutX86_64(ic) +} + +func defaultEc2SapImageConfigX86_64(rd distribution) *distro.ImageConfig { + // default EC2-SAP image config (x86_64) + return SapImageConfig(rd).InheritFrom(defaultEc2ImageConfigX86_64(rd)) +} + +// common ec2 image build package set +func ec2BuildPackageSet(t *imageType) rpmmd.PackageSet { + return distroBuildPackageSet(t).Append( + rpmmd.PackageSet{ + Include: []string{"python3-pyyaml"}, + }) +} + +// common package set for RHEL (BYOS/RHUI) and CentOS Stream images +func ec2CommonPackageSet(t *imageType) rpmmd.PackageSet { + return rpmmd.PackageSet{ + Include: []string{ + "@core", + "authselect-compat", + "chrony", + "cloud-init", + "cloud-utils-growpart", + "dhcp-client", + "dracut-config-generic", + "dracut-norescue", + "gdisk", + "grub2", + "langpacks-en", + "NetworkManager", + "NetworkManager-cloud-setup", + "redhat-release", + "redhat-release-eula", + "rsync", + "tar", + "yum-utils", + }, + Exclude: []string{ + "aic94xx-firmware", + "alsa-firmware", + "alsa-tools-firmware", + "biosdevname", + "firewalld", + "iprutils", + "ivtv-firmware", + "iwl1000-firmware", + "iwl100-firmware", + "iwl105-firmware", + "iwl135-firmware", + "iwl2000-firmware", + "iwl2030-firmware", + "iwl3160-firmware", + "iwl3945-firmware", + "iwl4965-firmware", + "iwl5000-firmware", + "iwl5150-firmware", + "iwl6000-firmware", + "iwl6000g2a-firmware", + "iwl6000g2b-firmware", + "iwl6050-firmware", + "iwl7260-firmware", + "libertas-sd8686-firmware", + "libertas-sd8787-firmware", + "libertas-usb8388-firmware", + "plymouth", + // RHBZ#2075815 + "qemu-guest-agent", + }, + }.Append(bootPackageSet(t)).Append(distroSpecificPackageSet(t)) +} + +// common rhel ec2 RHUI image package set +func rhelEc2CommonPackageSet(t *imageType) rpmmd.PackageSet { + ps := ec2CommonPackageSet(t) + // Include "redhat-cloud-client-configuration" on 8.7+ (COMPOSER-1804) + if !common.VersionLessThan(t.arch.distro.osVersion, "8.7") { + ps.Include = append(ps.Include, "redhat-cloud-client-configuration") + } + return ps +} + +// rhel-ec2 image package set +func rhelEc2PackageSet(t *imageType) rpmmd.PackageSet { + ec2PackageSet := rhelEc2CommonPackageSet(t) + ec2PackageSet.Include = append(ec2PackageSet.Include, "rh-amazon-rhui-client") + ec2PackageSet.Exclude = append(ec2PackageSet.Exclude, "alsa-lib") + return ec2PackageSet +} + +// rhel-ha-ec2 image package set +func rhelEc2HaPackageSet(t *imageType) rpmmd.PackageSet { + ec2HaPackageSet := rhelEc2CommonPackageSet(t) + ec2HaPackageSet.Include = append(ec2HaPackageSet.Include, + "fence-agents-all", + "pacemaker", + "pcs", + "rh-amazon-rhui-client-ha", + ) + ec2HaPackageSet.Exclude = append(ec2HaPackageSet.Exclude, "alsa-lib") + return ec2HaPackageSet +} + +// rhel-sap-ec2 image package set +// Includes the common ec2 package set, the common SAP packages, and +// the amazon rhui sap package +func rhelEc2SapPackageSet(t *imageType) rpmmd.PackageSet { + return rpmmd.PackageSet{ + Include: []string{ + "rh-amazon-rhui-client-sap-bundle-e4s", + }, + }.Append(rhelEc2CommonPackageSet(t)).Append(SapPackageSet(t)) +} + +// Add RHSM config options to ImageConfig. +// Used for RHEL distros. +func appendRHSM(ic *distro.ImageConfig) *distro.ImageConfig { + rhsm := &distro.ImageConfig{ + RHSMConfig: map[distro.RHSMSubscriptionStatus]*osbuild.RHSMStageOptions{ + distro.RHSMConfigNoSubscription: { + // RHBZ#1932802 + SubMan: &osbuild.RHSMStageOptionsSubMan{ + Rhsmcertd: &osbuild.SubManConfigRHSMCERTDSection{ + AutoRegistration: common.ToPtr(true), + }, + // Don't disable RHSM redhat.repo management on the AMI + // image, which is BYOS and does not use RHUI for content. + // Otherwise subscribing the system manually after booting + // it would result in empty redhat.repo. Without RHUI, such + // system would have no way to get Red Hat content, but + // enable the repo management manually, which would be very + // confusing. + }, + }, + distro.RHSMConfigWithSubscription: { + // RHBZ#1932802 + SubMan: &osbuild.RHSMStageOptionsSubMan{ + Rhsmcertd: &osbuild.SubManConfigRHSMCERTDSection{ + AutoRegistration: common.ToPtr(true), + }, + // do not disable the redhat.repo management if the user + // explicitly request the system to be subscribed + }, + }, + }, + } + return rhsm.InheritFrom(ic) +} + +func appendEC2DracutX86_64(ic *distro.ImageConfig) *distro.ImageConfig { + ic.DracutConf = append(ic.DracutConf, + &osbuild.DracutConfStageOptions{ + Filename: "ec2.conf", + Config: osbuild.DracutConfigFile{ + AddDrivers: []string{ + "nvme", + "xen-blkfront", + }, + }, + }) + return ic +} diff --git a/internal/distro/rhel8/distro.go b/internal/distro/rhel8/distro.go index 841ad4a72..a96ad2b80 100644 --- a/internal/distro/rhel8/distro.go +++ b/internal/distro/rhel8/distro.go @@ -215,163 +215,7 @@ func newDistro(name string, minor int) *distribution { bootType: distro.LegacyBootType, } - // Shared Services - edgeServices := []string{ - "NetworkManager.service", "firewalld.service", "sshd.service", - } - - if rd.osVersion == "8.4" { - // greenboot services aren't enabled by default in 8.4 - edgeServices = append(edgeServices, - "greenboot-grub2-set-counter", - "greenboot-grub2-set-success", - "greenboot-healthcheck", - "greenboot-rpm-ostree-grub2-check-fallback", - "greenboot-status", - "greenboot-task-runner", - "redboot-auto-reboot", - "redboot-task-runner") - - } - - if !(rd.isRHEL() && common.VersionLessThan(rd.osVersion, "8.6")) { - // enable fdo-client only on RHEL 8.6+ and CS8 - - // TODO(runcom): move fdo-client-linuxapp.service to presets? - edgeServices = append(edgeServices, "fdo-client-linuxapp.service") - } - // Image Definitions - edgeCommitImgType := imageType{ - name: "edge-commit", - nameAliases: []string{"rhel-edge-commit"}, - filename: "commit.tar", - mimeType: "application/x-tar", - packageSets: map[string]packageSetFunc{ - buildPkgsKey: edgeBuildPackageSet, - osPkgsKey: edgeCommitPackageSet, - }, - packageSetChains: map[string][]string{ - osPkgsKey: {osPkgsKey, blueprintPkgsKey}, - }, - defaultImageConfig: &distro.ImageConfig{ - EnabledServices: edgeServices, - }, - rpmOstree: true, - pipelines: edgeCommitPipelines, - buildPipelines: []string{"build"}, - payloadPipelines: []string{"ostree-tree", "ostree-commit", "commit-archive"}, - exports: []string{"commit-archive"}, - } - - edgeOCIImgType := imageType{ - name: "edge-container", - nameAliases: []string{"rhel-edge-container"}, - filename: "container.tar", - mimeType: "application/x-tar", - packageSets: map[string]packageSetFunc{ - buildPkgsKey: edgeBuildPackageSet, - osPkgsKey: edgeCommitPackageSet, - containerPkgsKey: func(t *imageType) rpmmd.PackageSet { - return rpmmd.PackageSet{ - Include: []string{"nginx"}, - } - }, - }, - packageSetChains: map[string][]string{ - osPkgsKey: {osPkgsKey, blueprintPkgsKey}, - }, - defaultImageConfig: &distro.ImageConfig{ - EnabledServices: edgeServices, - }, - rpmOstree: true, - bootISO: false, - pipelines: edgeContainerPipelines, - buildPipelines: []string{"build"}, - payloadPipelines: []string{"ostree-tree", "ostree-commit", "container-tree", "container"}, - exports: []string{"container"}, - } - - edgeRawImgType := imageType{ - name: "edge-raw-image", - nameAliases: []string{"rhel-edge-raw-image"}, - filename: "image.raw.xz", - mimeType: "application/xz", - packageSets: map[string]packageSetFunc{ - buildPkgsKey: edgeRawImageBuildPackageSet, - }, - defaultSize: 10 * common.GibiByte, - rpmOstree: true, - bootable: true, - bootISO: false, - pipelines: edgeRawImagePipelines, - buildPipelines: []string{"build"}, - payloadPipelines: []string{"image-tree", "image", "archive"}, - exports: []string{"archive"}, - basePartitionTables: edgeBasePartitionTables, - } - - edgeInstallerImgType := imageType{ - name: "edge-installer", - nameAliases: []string{"rhel-edge-installer"}, - filename: "installer.iso", - mimeType: "application/x-iso9660-image", - packageSets: map[string]packageSetFunc{ - // TODO: non-arch-specific package set handling for installers - // This image type requires build packages for installers and - // ostree/edge. For now we only have x86-64 installer build - // package sets defined. When we add installer build package sets - // for other architectures, this will need to be moved to the - // architecture and the merging will happen in the PackageSets() - // method like the other sets. - buildPkgsKey: edgeInstallerBuildPackageSet, - osPkgsKey: edgeCommitPackageSet, - installerPkgsKey: edgeInstallerPackageSet, - }, - packageSetChains: map[string][]string{ - osPkgsKey: {osPkgsKey, blueprintPkgsKey}, - }, - defaultImageConfig: &distro.ImageConfig{ - EnabledServices: edgeServices, - }, - rpmOstree: true, - bootISO: true, - pipelines: edgeInstallerPipelines, - buildPipelines: []string{"build"}, - payloadPipelines: []string{"anaconda-tree", "bootiso-tree", "bootiso"}, - exports: []string{"bootiso"}, - } - - edgeSimplifiedInstallerImgType := imageType{ - name: "edge-simplified-installer", - nameAliases: []string{"rhel-edge-simplified-installer"}, - filename: "simplified-installer.iso", - mimeType: "application/x-iso9660-image", - packageSets: map[string]packageSetFunc{ - // TODO: non-arch-specific package set handling for installers - // This image type requires build packages for installers and - // ostree/edge. For now we only have x86-64 installer build - // package sets defined. When we add installer build package sets - // for other architectures, this will need to be moved to the - // architecture and the merging will happen in the PackageSets() - // method like the other sets. - buildPkgsKey: edgeSimplifiedInstallerBuildPackageSet, - installerPkgsKey: edgeSimplifiedInstallerPackageSet, - }, - defaultImageConfig: &distro.ImageConfig{ - EnabledServices: edgeServices, - }, - defaultSize: 10 * common.GibiByte, - rpmOstree: true, - bootable: true, - bootISO: true, - pipelines: edgeSimplifiedInstallerPipelines, - buildPipelines: []string{"build"}, - payloadPipelines: []string{"image-tree", "image", "archive", "coi-tree", "efiboot-tree", "bootiso-tree", "bootiso"}, - exports: []string{"bootiso"}, - basePartitionTables: edgeBasePartitionTables, - } - qcow2ImgType := imageType{ name: "qcow2", filename: "disk.qcow2", @@ -450,353 +294,6 @@ func newDistro(name string, minor int) *distribution { basePartitionTables: defaultBasePartitionTables, } - // default EC2 images config (common for all architectures) - defaultEc2ImageConfig := &distro.ImageConfig{ - Timezone: common.ToPtr("UTC"), - TimeSynchronization: &osbuild.ChronyStageOptions{ - Servers: []osbuild.ChronyConfigServer{ - { - Hostname: "169.254.169.123", - Prefer: common.ToPtr(true), - Iburst: common.ToPtr(true), - Minpoll: common.ToPtr(4), - Maxpoll: common.ToPtr(4), - }, - }, - // empty string will remove any occurrences of the option from the configuration - LeapsecTz: common.ToPtr(""), - }, - Keyboard: &osbuild.KeymapStageOptions{ - Keymap: "us", - X11Keymap: &osbuild.X11KeymapOptions{ - Layouts: []string{"us"}, - }, - }, - EnabledServices: []string{ - "sshd", - "NetworkManager", - "nm-cloud-setup.service", - "nm-cloud-setup.timer", - "cloud-init", - "cloud-init-local", - "cloud-config", - "cloud-final", - "reboot.target", - }, - DefaultTarget: common.ToPtr("multi-user.target"), - Sysconfig: []*osbuild.SysconfigStageOptions{ - { - Kernel: &osbuild.SysconfigKernelOptions{ - UpdateDefault: true, - DefaultKernel: "kernel", - }, - Network: &osbuild.SysconfigNetworkOptions{ - Networking: true, - NoZeroConf: true, - }, - NetworkScripts: &osbuild.NetworkScriptsOptions{ - IfcfgFiles: map[string]osbuild.IfcfgFile{ - "eth0": { - Device: "eth0", - Bootproto: osbuild.IfcfgBootprotoDHCP, - OnBoot: common.ToPtr(true), - Type: osbuild.IfcfgTypeEthernet, - UserCtl: common.ToPtr(true), - PeerDNS: common.ToPtr(true), - IPv6Init: common.ToPtr(false), - }, - }, - }, - }, - }, - RHSMConfig: map[distro.RHSMSubscriptionStatus]*osbuild.RHSMStageOptions{ - distro.RHSMConfigNoSubscription: { - // RHBZ#1932802 - SubMan: &osbuild.RHSMStageOptionsSubMan{ - Rhsmcertd: &osbuild.SubManConfigRHSMCERTDSection{ - AutoRegistration: common.ToPtr(true), - }, - Rhsm: &osbuild.SubManConfigRHSMSection{ - ManageRepos: common.ToPtr(false), - }, - }, - }, - distro.RHSMConfigWithSubscription: { - // RHBZ#1932802 - SubMan: &osbuild.RHSMStageOptionsSubMan{ - Rhsmcertd: &osbuild.SubManConfigRHSMCERTDSection{ - AutoRegistration: common.ToPtr(true), - }, - // do not disable the redhat.repo management if the user - // explicitly request the system to be subscribed - }, - }, - }, - SystemdLogind: []*osbuild.SystemdLogindStageOptions{ - { - Filename: "00-getty-fixes.conf", - Config: osbuild.SystemdLogindConfigDropin{ - - Login: osbuild.SystemdLogindConfigLoginSection{ - NAutoVTs: common.ToPtr(0), - }, - }, - }, - }, - CloudInit: []*osbuild.CloudInitStageOptions{ - { - Filename: "00-rhel-default-user.cfg", - Config: osbuild.CloudInitConfigFile{ - SystemInfo: &osbuild.CloudInitConfigSystemInfo{ - DefaultUser: &osbuild.CloudInitConfigDefaultUser{ - Name: "ec2-user", - }, - }, - }, - }, - }, - Modprobe: []*osbuild.ModprobeStageOptions{ - { - Filename: "blacklist-nouveau.conf", - Commands: osbuild.ModprobeConfigCmdList{ - osbuild.NewModprobeConfigCmdBlacklist("nouveau"), - }, - }, - // COMPOSER-1807 - { - Filename: "blacklist-amdgpu.conf", - Commands: osbuild.ModprobeConfigCmdList{ - osbuild.NewModprobeConfigCmdBlacklist("amdgpu"), - }, - }, - }, - DracutConf: []*osbuild.DracutConfStageOptions{ - { - Filename: "sgdisk.conf", - Config: osbuild.DracutConfigFile{ - Install: []string{"sgdisk"}, - }, - }, - }, - SystemdUnit: []*osbuild.SystemdUnitStageOptions{ - // RHBZ#1822863 - { - Unit: "nm-cloud-setup.service", - Dropin: "10-rh-enable-for-ec2.conf", - Config: osbuild.SystemdServiceUnitDropin{ - Service: &osbuild.SystemdUnitServiceSection{ - Environment: "NM_CLOUD_SETUP_EC2=yes", - }, - }, - }, - }, - Authselect: &osbuild.AuthselectStageOptions{ - Profile: "sssd", - }, - SshdConfig: &osbuild.SshdConfigStageOptions{ - Config: osbuild.SshdConfigConfig{ - PasswordAuthentication: common.ToPtr(false), - }, - }, - } - - // The RHSM configuration should not be applied since 8.7, but it is instead - // done by installing the redhat-cloud-client-configuration package. - // See COMPOSER-1804 for more information. - rhel87PlusEc2ImageConfigOverride := &distro.ImageConfig{ - RHSMConfig: map[distro.RHSMSubscriptionStatus]*osbuild.RHSMStageOptions{}, - } - if !common.VersionLessThan(rd.osVersion, "8.7") { - defaultEc2ImageConfig = rhel87PlusEc2ImageConfigOverride.InheritFrom(defaultEc2ImageConfig) - } - - // default EC2 images config (x86_64) - defaultEc2ImageConfigX86_64 := &distro.ImageConfig{ - DracutConf: append(defaultEc2ImageConfig.DracutConf, - &osbuild.DracutConfStageOptions{ - Filename: "ec2.conf", - Config: osbuild.DracutConfigFile{ - AddDrivers: []string{ - "nvme", - "xen-blkfront", - }, - }, - }), - } - defaultEc2ImageConfigX86_64 = defaultEc2ImageConfigX86_64.InheritFrom(defaultEc2ImageConfig) - - // default AMI (EC2 BYOS) images config - defaultAMIImageConfig := &distro.ImageConfig{ - RHSMConfig: map[distro.RHSMSubscriptionStatus]*osbuild.RHSMStageOptions{ - distro.RHSMConfigNoSubscription: { - // RHBZ#1932802 - SubMan: &osbuild.RHSMStageOptionsSubMan{ - Rhsmcertd: &osbuild.SubManConfigRHSMCERTDSection{ - AutoRegistration: common.ToPtr(true), - }, - // Don't disable RHSM redhat.repo management on the AMI - // image, which is BYOS and does not use RHUI for content. - // Otherwise subscribing the system manually after booting - // it would result in empty redhat.repo. Without RHUI, such - // system would have no way to get Red Hat content, but - // enable the repo management manually, which would be very - // confusing. - }, - }, - distro.RHSMConfigWithSubscription: { - // RHBZ#1932802 - SubMan: &osbuild.RHSMStageOptionsSubMan{ - Rhsmcertd: &osbuild.SubManConfigRHSMCERTDSection{ - AutoRegistration: common.ToPtr(true), - }, - // do not disable the redhat.repo management if the user - // explicitly request the system to be subscribed - }, - }, - }, - } - defaultAMIImageConfigX86_64 := defaultAMIImageConfig.InheritFrom(defaultEc2ImageConfigX86_64) - defaultAMIImageConfig = defaultAMIImageConfig.InheritFrom(defaultEc2ImageConfig) - - amiImgTypeX86_64 := imageType{ - name: "ami", - filename: "image.raw", - mimeType: "application/octet-stream", - packageSets: map[string]packageSetFunc{ - buildPkgsKey: ec2BuildPackageSet, - osPkgsKey: ec2CommonPackageSet, - }, - packageSetChains: map[string][]string{ - osPkgsKey: {osPkgsKey, blueprintPkgsKey}, - }, - defaultImageConfig: defaultAMIImageConfigX86_64, - kernelOptions: "console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 crashkernel=auto", - bootable: true, - bootType: distro.LegacyBootType, - defaultSize: 10 * common.GibiByte, - pipelines: ec2Pipelines, - buildPipelines: []string{"build"}, - payloadPipelines: []string{"os", "image"}, - exports: []string{"image"}, - basePartitionTables: ec2BasePartitionTables, - } - - amiImgTypeAarch64 := imageType{ - name: "ami", - filename: "image.raw", - mimeType: "application/octet-stream", - packageSets: map[string]packageSetFunc{ - buildPkgsKey: ec2BuildPackageSet, - osPkgsKey: ec2CommonPackageSet, - }, - packageSetChains: map[string][]string{ - osPkgsKey: {osPkgsKey, blueprintPkgsKey}, - }, - defaultImageConfig: defaultAMIImageConfig, - kernelOptions: "console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 iommu.strict=0 crashkernel=auto", - bootable: true, - defaultSize: 10 * common.GibiByte, - pipelines: ec2Pipelines, - buildPipelines: []string{"build"}, - payloadPipelines: []string{"os", "image"}, - exports: []string{"image"}, - basePartitionTables: ec2BasePartitionTables, - } - - ec2ImgTypeX86_64 := imageType{ - name: "ec2", - filename: "image.raw.xz", - mimeType: "application/xz", - packageSets: map[string]packageSetFunc{ - buildPkgsKey: ec2BuildPackageSet, - osPkgsKey: rhelEc2PackageSet, - }, - packageSetChains: map[string][]string{ - osPkgsKey: {osPkgsKey, blueprintPkgsKey}, - }, - defaultImageConfig: defaultEc2ImageConfigX86_64, - kernelOptions: "console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 crashkernel=auto", - bootable: true, - bootType: distro.LegacyBootType, - defaultSize: 10 * common.GibiByte, - pipelines: rhelEc2Pipelines, - buildPipelines: []string{"build"}, - payloadPipelines: []string{"os", "image", "archive"}, - exports: []string{"archive"}, - basePartitionTables: ec2BasePartitionTables, - } - - ec2ImgTypeAarch64 := imageType{ - name: "ec2", - filename: "image.raw.xz", - mimeType: "application/xz", - packageSets: map[string]packageSetFunc{ - buildPkgsKey: ec2BuildPackageSet, - osPkgsKey: rhelEc2PackageSet, - }, - packageSetChains: map[string][]string{ - osPkgsKey: {osPkgsKey, blueprintPkgsKey}, - }, - defaultImageConfig: defaultEc2ImageConfig, - kernelOptions: "console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 iommu.strict=0 crashkernel=auto", - bootable: true, - defaultSize: 10 * common.GibiByte, - pipelines: rhelEc2Pipelines, - buildPipelines: []string{"build"}, - payloadPipelines: []string{"os", "image", "archive"}, - exports: []string{"archive"}, - basePartitionTables: ec2BasePartitionTables, - } - - ec2HaImgTypeX86_64 := imageType{ - name: "ec2-ha", - filename: "image.raw.xz", - mimeType: "application/xz", - packageSets: map[string]packageSetFunc{ - buildPkgsKey: ec2BuildPackageSet, - osPkgsKey: rhelEc2HaPackageSet, - }, - packageSetChains: map[string][]string{ - osPkgsKey: {osPkgsKey, blueprintPkgsKey}, - }, - defaultImageConfig: defaultEc2ImageConfigX86_64, - kernelOptions: "console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 crashkernel=auto", - bootable: true, - bootType: distro.LegacyBootType, - defaultSize: 10 * common.GibiByte, - pipelines: rhelEc2Pipelines, - buildPipelines: []string{"build"}, - payloadPipelines: []string{"os", "image", "archive"}, - exports: []string{"archive"}, - basePartitionTables: ec2BasePartitionTables, - } - - // default EC2-SAP image config (x86_64) - defaultEc2SapImageConfigX86_64 := SapImageConfig(rd).InheritFrom(defaultEc2ImageConfigX86_64) - - ec2SapImgTypeX86_64 := imageType{ - name: "ec2-sap", - filename: "image.raw.xz", - mimeType: "application/xz", - packageSets: map[string]packageSetFunc{ - buildPkgsKey: ec2BuildPackageSet, - osPkgsKey: rhelEc2SapPackageSet, - }, - packageSetChains: map[string][]string{ - osPkgsKey: {osPkgsKey, blueprintPkgsKey}, - }, - defaultImageConfig: defaultEc2SapImageConfigX86_64, - kernelOptions: "console=ttyS0,115200n8 console=tty0 net.ifnames=0 rd.blacklist=nouveau nvme_core.io_timeout=4294967295 crashkernel=auto processor.max_cstate=1 intel_idle.max_cstate=1", - bootable: true, - bootType: distro.LegacyBootType, - defaultSize: 10 * common.GibiByte, - pipelines: rhelEc2Pipelines, - buildPipelines: []string{"build"}, - payloadPipelines: []string{"os", "image", "archive"}, - exports: []string{"archive"}, - basePartitionTables: ec2BasePartitionTables, - } - // GCE BYOS image defaultGceByosImageConfig := &distro.ImageConfig{ Timezone: common.ToPtr("UTC"), @@ -1076,7 +573,7 @@ func newDistro(name string, minor int) *distribution { x86_64.addImageTypes( rawX86Platform, - amiImgTypeX86_64, + amiImgTypeX86_64(rd), ) bareMetalX86Platform := &platform.X86{ @@ -1101,9 +598,9 @@ func newDistro(name string, minor int) *distribution { x86_64.addImageTypes( bareMetalX86Platform, - edgeOCIImgType, - edgeCommitImgType, - edgeInstallerImgType, + edgeOCIImgType(rd), + edgeCommitImgType(rd), + edgeInstallerImgType(rd), imageInstaller, ) @@ -1169,9 +666,9 @@ func newDistro(name string, minor int) *distribution { aarch64.addImageTypes( bareMetalAarch64Platform, - edgeCommitImgType, - edgeOCIImgType, - edgeInstallerImgType, + edgeOCIImgType(rd), + edgeCommitImgType(rd), + edgeInstallerImgType(rd), imageInstaller, ) @@ -1184,7 +681,7 @@ func newDistro(name string, minor int) *distribution { aarch64.addImageTypes( rawAarch64Platform, - amiImgTypeAarch64, + amiImgTypeAarch64(rd), ) ppc64le.addImageTypes( @@ -1241,18 +738,18 @@ func newDistro(name string, minor int) *distribution { // These edge image types require FDO which aren't available on older versions x86_64.addImageTypes( bareMetalX86Platform, - edgeRawImgType, + edgeRawImgType(), ) x86_64.addImageTypes( rawUEFIx86Platform, - edgeSimplifiedInstallerImgType, + edgeSimplifiedInstallerImgType(rd), ) aarch64.addImageTypes( rawAarch64Platform, - edgeRawImgType, - edgeSimplifiedInstallerImgType, + edgeRawImgType(), + edgeSimplifiedInstallerImgType(rd), ) } @@ -1260,14 +757,14 @@ func newDistro(name string, minor int) *distribution { x86_64.addImageTypes(azureX64Platform, azureRhuiImgType, azureByosImgType, azureSapImgType(rd)) // add ec2 image types to RHEL distro only - x86_64.addImageTypes(rawX86Platform, ec2ImgTypeX86_64, ec2HaImgTypeX86_64) - aarch64.addImageTypes(rawAarch64Platform, ec2ImgTypeAarch64) + x86_64.addImageTypes(rawX86Platform, ec2ImgTypeX86_64(rd), ec2HaImgTypeX86_64(rd)) + aarch64.addImageTypes(rawAarch64Platform, ec2ImgTypeAarch64(rd)) if rd.osVersion != "8.5" { // NOTE: RHEL 8.5 is going away and these image types require some // work to get working, so we just disable them here until the // whole distro gets deleted - x86_64.addImageTypes(rawX86Platform, ec2SapImgTypeX86_64) + x86_64.addImageTypes(rawX86Platform, ec2SapImgTypeX86_64(rd)) } // add GCE RHUI image to RHEL only @@ -1278,20 +775,20 @@ func newDistro(name string, minor int) *distribution { } else { x86_64.addImageTypes( bareMetalX86Platform, - edgeRawImgType, + edgeRawImgType(), ) x86_64.addImageTypes( rawUEFIx86Platform, - edgeSimplifiedInstallerImgType, + edgeSimplifiedInstallerImgType(rd), ) x86_64.addImageTypes(azureX64Platform, azureImgType) aarch64.addImageTypes( rawAarch64Platform, - edgeRawImgType, - edgeSimplifiedInstallerImgType, + edgeRawImgType(), + edgeSimplifiedInstallerImgType(rd), ) } rd.addArches(x86_64, aarch64, ppc64le) diff --git a/internal/distro/rhel8/edge.go b/internal/distro/rhel8/edge.go new file mode 100644 index 000000000..586c647b5 --- /dev/null +++ b/internal/distro/rhel8/edge.go @@ -0,0 +1,433 @@ +package rhel8 + +import ( + "fmt" + + "github.com/osbuild/osbuild-composer/internal/common" + "github.com/osbuild/osbuild-composer/internal/distro" + "github.com/osbuild/osbuild-composer/internal/rpmmd" +) + +func edgeCommitImgType(rd distribution) imageType { + it := imageType{ + name: "edge-commit", + nameAliases: []string{"rhel-edge-commit"}, + filename: "commit.tar", + mimeType: "application/x-tar", + packageSets: map[string]packageSetFunc{ + buildPkgsKey: edgeBuildPackageSet, + osPkgsKey: edgeCommitPackageSet, + }, + packageSetChains: map[string][]string{ + osPkgsKey: {osPkgsKey, blueprintPkgsKey}, + }, + defaultImageConfig: &distro.ImageConfig{ + EnabledServices: edgeServices(rd), + }, + rpmOstree: true, + pipelines: edgeCommitPipelines, + buildPipelines: []string{"build"}, + payloadPipelines: []string{"ostree-tree", "ostree-commit", "commit-archive"}, + exports: []string{"commit-archive"}, + } + return it +} + +func edgeOCIImgType(rd distribution) imageType { + it := imageType{ + name: "edge-container", + nameAliases: []string{"rhel-edge-container"}, + filename: "container.tar", + mimeType: "application/x-tar", + packageSets: map[string]packageSetFunc{ + buildPkgsKey: edgeBuildPackageSet, + osPkgsKey: edgeCommitPackageSet, + containerPkgsKey: func(t *imageType) rpmmd.PackageSet { + return rpmmd.PackageSet{ + Include: []string{"nginx"}, + } + }, + }, + packageSetChains: map[string][]string{ + osPkgsKey: {osPkgsKey, blueprintPkgsKey}, + }, + defaultImageConfig: &distro.ImageConfig{ + EnabledServices: edgeServices(rd), + }, + rpmOstree: true, + bootISO: false, + pipelines: edgeContainerPipelines, + buildPipelines: []string{"build"}, + payloadPipelines: []string{"ostree-tree", "ostree-commit", "container-tree", "container"}, + exports: []string{"container"}, + } + return it +} +func edgeRawImgType() imageType { + it := imageType{ + name: "edge-raw-image", + nameAliases: []string{"rhel-edge-raw-image"}, + filename: "image.raw.xz", + mimeType: "application/xz", + packageSets: map[string]packageSetFunc{ + buildPkgsKey: edgeRawImageBuildPackageSet, + }, + defaultSize: 10 * common.GibiByte, + rpmOstree: true, + bootable: true, + bootISO: false, + pipelines: edgeRawImagePipelines, + buildPipelines: []string{"build"}, + payloadPipelines: []string{"image-tree", "image", "archive"}, + exports: []string{"archive"}, + basePartitionTables: edgeBasePartitionTables, + } + return it +} + +func edgeInstallerImgType(rd distribution) imageType { + it := imageType{ + name: "edge-installer", + nameAliases: []string{"rhel-edge-installer"}, + filename: "installer.iso", + mimeType: "application/x-iso9660-image", + packageSets: map[string]packageSetFunc{ + // TODO: non-arch-specific package set handling for installers + // This image type requires build packages for installers and + // ostree/edge. For now we only have x86-64 installer build + // package sets defined. When we add installer build package sets + // for other architectures, this will need to be moved to the + // architecture and the merging will happen in the PackageSets() + // method like the other sets. + buildPkgsKey: edgeInstallerBuildPackageSet, + osPkgsKey: edgeCommitPackageSet, + installerPkgsKey: edgeInstallerPackageSet, + }, + packageSetChains: map[string][]string{ + osPkgsKey: {osPkgsKey, blueprintPkgsKey}, + }, + defaultImageConfig: &distro.ImageConfig{ + EnabledServices: edgeServices(rd), + }, + rpmOstree: true, + bootISO: true, + pipelines: edgeInstallerPipelines, + buildPipelines: []string{"build"}, + payloadPipelines: []string{"anaconda-tree", "bootiso-tree", "bootiso"}, + exports: []string{"bootiso"}, + } + return it +} + +func edgeSimplifiedInstallerImgType(rd distribution) imageType { + it := imageType{ + name: "edge-simplified-installer", + nameAliases: []string{"rhel-edge-simplified-installer"}, + filename: "simplified-installer.iso", + mimeType: "application/x-iso9660-image", + packageSets: map[string]packageSetFunc{ + // TODO: non-arch-specific package set handling for installers + // This image type requires build packages for installers and + // ostree/edge. For now we only have x86-64 installer build + // package sets defined. When we add installer build package sets + // for other architectures, this will need to be moved to the + // architecture and the merging will happen in the PackageSets() + // method like the other sets. + buildPkgsKey: edgeSimplifiedInstallerBuildPackageSet, + installerPkgsKey: edgeSimplifiedInstallerPackageSet, + }, + defaultImageConfig: &distro.ImageConfig{ + EnabledServices: edgeServices(rd), + }, + defaultSize: 10 * common.GibiByte, + rpmOstree: true, + bootable: true, + bootISO: true, + pipelines: edgeSimplifiedInstallerPipelines, + buildPipelines: []string{"build"}, + payloadPipelines: []string{"image-tree", "image", "archive", "coi-tree", "efiboot-tree", "bootiso-tree", "bootiso"}, + exports: []string{"bootiso"}, + basePartitionTables: edgeBasePartitionTables, + } + return it +} + +// common edge image build package set +func edgeBuildPackageSet(t *imageType) rpmmd.PackageSet { + return distroBuildPackageSet(t).Append( + rpmmd.PackageSet{ + Include: []string{ + "rpm-ostree", + }, + Exclude: nil, + }) +} + +func edgeRawImageBuildPackageSet(t *imageType) rpmmd.PackageSet { + return edgeBuildPackageSet(t).Append(edgeEncryptionBuildPackageSet(t)).Append( + bootPackageSet(t), + ) +} + +// edge commit OS package set +func edgeCommitPackageSet(t *imageType) rpmmd.PackageSet { + ps := rpmmd.PackageSet{ + Include: []string{ + "attr", + "audit", + "basesystem", + "bash", + "bash-completion", + "chrony", + "clevis", + "clevis-dracut", + "clevis-luks", + "container-selinux", + "coreutils", + "criu", + "cryptsetup", + "curl", + "dnsmasq", + "dosfstools", + "dracut-config-generic", + "dracut-network", + "e2fsprogs", + "firewalld", + "fuse-overlayfs", + "fwupd", + "glibc", + "glibc-minimal-langpack", + "gnupg2", + "greenboot", + "gzip", + "hostname", + "ima-evm-utils", + "iproute", + "iptables", + "iputils", + "keyutils", + "less", + "lvm2", + "NetworkManager", + "NetworkManager-wifi", + "NetworkManager-wwan", + "nss-altfiles", + "openssh-clients", + "openssh-server", + "passwd", + "pinentry", + "platform-python", + "podman", + "policycoreutils", + "policycoreutils-python-utils", + "polkit", + "procps-ng", + "redhat-release", + "rootfiles", + "rpm", + "rpm-ostree", + "rsync", + "selinux-policy-targeted", + "setools-console", + "setup", + "shadow-utils", + "shadow-utils", + "skopeo", + "slirp4netns", + "sudo", + "systemd", + "tar", + "tmux", + "traceroute", + "usbguard", + "util-linux", + "vim-minimal", + "wpa_supplicant", + "xz", + }, + Exclude: []string{"rng-tools"}, + } + + ps = ps.Append(bootPackageSet(t)) + + switch t.arch.Name() { + case distro.X86_64ArchName: + ps = ps.Append(x8664EdgeCommitPackageSet(t)) + + case distro.Aarch64ArchName: + ps = ps.Append(aarch64EdgeCommitPackageSet(t)) + } + + if t.arch.distro.isRHEL() && common.VersionLessThan(t.arch.distro.osVersion, "8.6") { + ps = ps.Append(rpmmd.PackageSet{ + Include: []string{ + "greenboot-grub2", + "greenboot-reboot", + "greenboot-rpm-ostree-grub2", + "greenboot-status", + }, + }) + } else { + // 8.6+ and CS8 + ps = ps.Append(rpmmd.PackageSet{ + Include: []string{ + "fdo-client", + "fdo-owner-cli", + "greenboot-default-health-checks", + }, + }) + } + + return ps + +} + +func x8664EdgeCommitPackageSet(t *imageType) rpmmd.PackageSet { + return rpmmd.PackageSet{ + Include: []string{ + "efibootmgr", + "grub2", + "grub2-efi-x64", + "iwl1000-firmware", + "iwl100-firmware", + "iwl105-firmware", + "iwl135-firmware", + "iwl2000-firmware", + "iwl2030-firmware", + "iwl3160-firmware", + "iwl5000-firmware", + "iwl5150-firmware", + "iwl6000-firmware", + "iwl6050-firmware", + "iwl7260-firmware", + "microcode_ctl", + "shim-x64", + }, + Exclude: nil, + } +} + +func aarch64EdgeCommitPackageSet(t *imageType) rpmmd.PackageSet { + return rpmmd.PackageSet{ + Include: []string{ + "efibootmgr", + "grub2-efi-aa64", + "iwl7260-firmware", + "shim-aa64", + }, + Exclude: nil, + } +} + +func edgeInstallerPackageSet(t *imageType) rpmmd.PackageSet { + return anacondaPackageSet(t) +} + +func edgeSimplifiedInstallerPackageSet(t *imageType) rpmmd.PackageSet { + // common installer packages + ps := installerPackageSet(t) + + ps = ps.Append(rpmmd.PackageSet{ + Include: []string{ + "attr", + "basesystem", + "binutils", + "bsdtar", + "clevis-dracut", + "clevis-luks", + "cloud-utils-growpart", + "coreos-installer", + "coreos-installer-dracut", + "coreutils", + "device-mapper-multipath", + "dnsmasq", + "dosfstools", + "dracut-live", + "e2fsprogs", + "fcoe-utils", + "fdo-init", + "gzip", + "ima-evm-utils", + "iproute", + "iptables", + "iputils", + "iscsi-initiator-utils", + "keyutils", + "lldpad", + "lvm2", + "passwd", + "policycoreutils", + "policycoreutils-python-utils", + "procps-ng", + "rootfiles", + "setools-console", + "sudo", + "traceroute", + "util-linux", + }, + Exclude: nil, + }) + + switch t.arch.Name() { + + case distro.X86_64ArchName: + ps = ps.Append(x8664EdgeCommitPackageSet(t)) + case distro.Aarch64ArchName: + ps = ps.Append(aarch64EdgeCommitPackageSet(t)) + + default: + panic(fmt.Sprintf("unsupported arch: %s", t.arch.Name())) + } + + return ps +} + +func edgeInstallerBuildPackageSet(t *imageType) rpmmd.PackageSet { + return anacondaBuildPackageSet(t).Append( + edgeBuildPackageSet(t), + ) +} + +func edgeSimplifiedInstallerBuildPackageSet(t *imageType) rpmmd.PackageSet { + return edgeInstallerBuildPackageSet(t).Append( + edgeEncryptionBuildPackageSet(t), + ) +} + +func edgeEncryptionBuildPackageSet(t *imageType) rpmmd.PackageSet { + return rpmmd.PackageSet{ + Include: []string{ + "clevis", + "clevis-luks", + "cryptsetup", + }, + } +} + +func edgeServices(rd distribution) []string { + // Common Services + var edgeServices = []string{"NetworkManager.service", "firewalld.service", "sshd.service"} + + if rd.osVersion == "8.4" { + // greenboot services aren't enabled by default in 8.4 + edgeServices = append(edgeServices, + "greenboot-grub2-set-counter", + "greenboot-grub2-set-success", + "greenboot-healthcheck", + "greenboot-rpm-ostree-grub2-check-fallback", + "greenboot-status", + "greenboot-task-runner", + "redboot-auto-reboot", + "redboot-task-runner") + + } + + if !(rd.isRHEL() && common.VersionLessThan(rd.osVersion, "8.6")) { + // enable fdo-client only on RHEL 8.6+ and CS8 + + // TODO(runcom): move fdo-client-linuxapp.service to presets? + edgeServices = append(edgeServices, "fdo-client-linuxapp.service") + } + + return edgeServices +} diff --git a/internal/distro/rhel8/package_sets.go b/internal/distro/rhel8/package_sets.go index f4b585e01..37953e416 100644 --- a/internal/distro/rhel8/package_sets.go +++ b/internal/distro/rhel8/package_sets.go @@ -5,7 +5,6 @@ package rhel8 import ( "fmt" - "github.com/osbuild/osbuild-composer/internal/common" "github.com/osbuild/osbuild-composer/internal/distro" "github.com/osbuild/osbuild-composer/internal/rpmmd" ) @@ -61,31 +60,6 @@ func ppc64leBuildPackageSet(t *imageType) rpmmd.PackageSet { } } -// common ec2 image build package set -func ec2BuildPackageSet(t *imageType) rpmmd.PackageSet { - return distroBuildPackageSet(t).Append( - rpmmd.PackageSet{ - Include: []string{"python3-pyyaml"}, - }) -} - -// common edge image build package set -func edgeBuildPackageSet(t *imageType) rpmmd.PackageSet { - return distroBuildPackageSet(t).Append( - rpmmd.PackageSet{ - Include: []string{ - "rpm-ostree", - }, - Exclude: nil, - }) -} - -func edgeRawImageBuildPackageSet(t *imageType) rpmmd.PackageSet { - return edgeBuildPackageSet(t).Append(edgeEncryptionBuildPackageSet(t)).Append( - bootPackageSet(t), - ) -} - // installer boot package sets, needed for booting and // also in the build host @@ -164,28 +138,6 @@ func anacondaBuildPackageSet(t *imageType) rpmmd.PackageSet { return ps } -func edgeInstallerBuildPackageSet(t *imageType) rpmmd.PackageSet { - return anacondaBuildPackageSet(t).Append( - edgeBuildPackageSet(t), - ) -} - -func edgeSimplifiedInstallerBuildPackageSet(t *imageType) rpmmd.PackageSet { - return edgeInstallerBuildPackageSet(t).Append( - edgeEncryptionBuildPackageSet(t), - ) -} - -func edgeEncryptionBuildPackageSet(t *imageType) rpmmd.PackageSet { - return rpmmd.PackageSet{ - Include: []string{ - "clevis", - "clevis-luks", - "cryptsetup", - }, - } -} - // BOOT PACKAGE SETS func bootPackageSet(t *imageType) rpmmd.PackageSet { @@ -412,105 +364,6 @@ func openstackCommonPackageSet(t *imageType) rpmmd.PackageSet { } -// common package set for RHEL (BYOS/RHUI) and CentOS Stream images -func ec2CommonPackageSet(t *imageType) rpmmd.PackageSet { - return rpmmd.PackageSet{ - Include: []string{ - "@core", - "authselect-compat", - "chrony", - "cloud-init", - "cloud-utils-growpart", - "dhcp-client", - "dracut-config-generic", - "dracut-norescue", - "gdisk", - "grub2", - "langpacks-en", - "NetworkManager", - "NetworkManager-cloud-setup", - "redhat-release", - "redhat-release-eula", - "rsync", - "tar", - "yum-utils", - }, - Exclude: []string{ - "aic94xx-firmware", - "alsa-firmware", - "alsa-tools-firmware", - "biosdevname", - "firewalld", - "iprutils", - "ivtv-firmware", - "iwl1000-firmware", - "iwl100-firmware", - "iwl105-firmware", - "iwl135-firmware", - "iwl2000-firmware", - "iwl2030-firmware", - "iwl3160-firmware", - "iwl3945-firmware", - "iwl4965-firmware", - "iwl5000-firmware", - "iwl5150-firmware", - "iwl6000-firmware", - "iwl6000g2a-firmware", - "iwl6000g2b-firmware", - "iwl6050-firmware", - "iwl7260-firmware", - "libertas-sd8686-firmware", - "libertas-sd8787-firmware", - "libertas-usb8388-firmware", - "plymouth", - // RHBZ#2075815 - "qemu-guest-agent", - }, - }.Append(bootPackageSet(t)).Append(distroSpecificPackageSet(t)) -} - -// common rhel ec2 RHUI image package set -func rhelEc2CommonPackageSet(t *imageType) rpmmd.PackageSet { - ps := ec2CommonPackageSet(t) - // Include "redhat-cloud-client-configuration" on 8.7+ (COMPOSER-1804) - if !common.VersionLessThan(t.arch.distro.osVersion, "8.7") { - ps.Include = append(ps.Include, "redhat-cloud-client-configuration") - } - return ps -} - -// rhel-ec2 image package set -func rhelEc2PackageSet(t *imageType) rpmmd.PackageSet { - ec2PackageSet := rhelEc2CommonPackageSet(t) - ec2PackageSet.Include = append(ec2PackageSet.Include, "rh-amazon-rhui-client") - ec2PackageSet.Exclude = append(ec2PackageSet.Exclude, "alsa-lib") - return ec2PackageSet -} - -// rhel-ha-ec2 image package set -func rhelEc2HaPackageSet(t *imageType) rpmmd.PackageSet { - ec2HaPackageSet := rhelEc2CommonPackageSet(t) - ec2HaPackageSet.Include = append(ec2HaPackageSet.Include, - "fence-agents-all", - "pacemaker", - "pcs", - "rh-amazon-rhui-client-ha", - ) - ec2HaPackageSet.Exclude = append(ec2HaPackageSet.Exclude, "alsa-lib") - return ec2HaPackageSet -} - -// rhel-sap-ec2 image package set -// Includes the common ec2 package set, the common SAP packages, and -// the amazon rhui sap package -func rhelEc2SapPackageSet(t *imageType) rpmmd.PackageSet { - return rpmmd.PackageSet{ - Include: []string{ - "rh-amazon-rhui-client-sap-bundle-e4s", - }, - }.Append(rhelEc2CommonPackageSet(t)).Append(SapPackageSet(t)) -} - // common GCE image func gceCommonPackageSet(t *imageType) rpmmd.PackageSet { return rpmmd.PackageSet{ @@ -595,156 +448,6 @@ func gceRhuiPackageSet(t *imageType) rpmmd.PackageSet { }.Append(gceCommonPackageSet(t)) } -// edge commit OS package set -func edgeCommitPackageSet(t *imageType) rpmmd.PackageSet { - ps := rpmmd.PackageSet{ - Include: []string{ - "attr", - "audit", - "basesystem", - "bash", - "bash-completion", - "chrony", - "clevis", - "clevis-dracut", - "clevis-luks", - "container-selinux", - "coreutils", - "criu", - "cryptsetup", - "curl", - "dnsmasq", - "dosfstools", - "dracut-config-generic", - "dracut-network", - "e2fsprogs", - "firewalld", - "fuse-overlayfs", - "fwupd", - "glibc", - "glibc-minimal-langpack", - "gnupg2", - "greenboot", - "gzip", - "hostname", - "ima-evm-utils", - "iproute", - "iptables", - "iputils", - "keyutils", - "less", - "lvm2", - "NetworkManager", - "NetworkManager-wifi", - "NetworkManager-wwan", - "nss-altfiles", - "openssh-clients", - "openssh-server", - "passwd", - "pinentry", - "platform-python", - "podman", - "policycoreutils", - "policycoreutils-python-utils", - "polkit", - "procps-ng", - "redhat-release", - "rootfiles", - "rpm", - "rpm-ostree", - "rsync", - "selinux-policy-targeted", - "setools-console", - "setup", - "shadow-utils", - "shadow-utils", - "skopeo", - "slirp4netns", - "sudo", - "systemd", - "tar", - "tmux", - "traceroute", - "usbguard", - "util-linux", - "vim-minimal", - "wpa_supplicant", - "xz", - }, - Exclude: []string{"rng-tools"}, - } - - ps = ps.Append(bootPackageSet(t)) - - switch t.arch.Name() { - case distro.X86_64ArchName: - ps = ps.Append(x8664EdgeCommitPackageSet(t)) - - case distro.Aarch64ArchName: - ps = ps.Append(aarch64EdgeCommitPackageSet(t)) - } - - if t.arch.distro.isRHEL() && common.VersionLessThan(t.arch.distro.osVersion, "8.6") { - ps = ps.Append(rpmmd.PackageSet{ - Include: []string{ - "greenboot-grub2", - "greenboot-reboot", - "greenboot-rpm-ostree-grub2", - "greenboot-status", - }, - }) - } else { - // 8.6+ and CS8 - ps = ps.Append(rpmmd.PackageSet{ - Include: []string{ - "fdo-client", - "fdo-owner-cli", - "greenboot-default-health-checks", - }, - }) - } - - return ps - -} - -func x8664EdgeCommitPackageSet(t *imageType) rpmmd.PackageSet { - return rpmmd.PackageSet{ - Include: []string{ - "efibootmgr", - "grub2", - "grub2-efi-x64", - "iwl1000-firmware", - "iwl100-firmware", - "iwl105-firmware", - "iwl135-firmware", - "iwl2000-firmware", - "iwl2030-firmware", - "iwl3160-firmware", - "iwl5000-firmware", - "iwl5150-firmware", - "iwl6000-firmware", - "iwl6050-firmware", - "iwl7260-firmware", - "microcode_ctl", - "shim-x64", - }, - Exclude: nil, - } -} - -func aarch64EdgeCommitPackageSet(t *imageType) rpmmd.PackageSet { - return rpmmd.PackageSet{ - Include: []string{ - "efibootmgr", - "grub2-efi-aa64", - "iwl7260-firmware", - "shim-aa64", - }, - Exclude: nil, - } -} - func bareMetalPackageSet(t *imageType) rpmmd.PackageSet { ps := rpmmd.PackageSet{ Include: []string{ @@ -1011,66 +714,3 @@ func anacondaPackageSet(t *imageType) rpmmd.PackageSet { return ps } - -func edgeInstallerPackageSet(t *imageType) rpmmd.PackageSet { - return anacondaPackageSet(t) -} - -func edgeSimplifiedInstallerPackageSet(t *imageType) rpmmd.PackageSet { - // common installer packages - ps := installerPackageSet(t) - - ps = ps.Append(rpmmd.PackageSet{ - Include: []string{ - "attr", - "basesystem", - "binutils", - "bsdtar", - "clevis-dracut", - "clevis-luks", - "cloud-utils-growpart", - "coreos-installer", - "coreos-installer-dracut", - "coreutils", - "device-mapper-multipath", - "dnsmasq", - "dosfstools", - "dracut-live", - "e2fsprogs", - "fcoe-utils", - "fdo-init", - "gzip", - "ima-evm-utils", - "iproute", - "iptables", - "iputils", - "iscsi-initiator-utils", - "keyutils", - "lldpad", - "lvm2", - "passwd", - "policycoreutils", - "policycoreutils-python-utils", - "procps-ng", - "rootfiles", - "setools-console", - "sudo", - "traceroute", - "util-linux", - }, - Exclude: nil, - }) - - switch t.arch.Name() { - - case distro.X86_64ArchName: - ps = ps.Append(x8664EdgeCommitPackageSet(t)) - case distro.Aarch64ArchName: - ps = ps.Append(aarch64EdgeCommitPackageSet(t)) - - default: - panic(fmt.Sprintf("unsupported arch: %s", t.arch.Name())) - } - - return ps -}