diff --git a/test/cases/ostree-ignition.sh b/test/cases/ostree-ignition.sh new file mode 100755 index 000000000..bd515a66e --- /dev/null +++ b/test/cases/ostree-ignition.sh @@ -0,0 +1,1087 @@ +#!/bin/bash +set -euox pipefail + +# Provision the software under test. +/usr/libexec/osbuild-composer-test/provision.sh none + +# Get OS data. +source /etc/os-release +ARCH=$(uname -m) + +source /usr/libexec/tests/osbuild-composer/shared_lib.sh + +# Install and start firewalld +greenprint "๐Ÿ”ง Install and start firewalld" +sudo dnf install -y firewalld +sudo systemctl enable --now firewalld + +# Start libvirtd and test it. +greenprint "๐Ÿš€ Starting libvirt daemon" +sudo systemctl start libvirtd +sudo virsh list --all > /dev/null + +# Set a customized dnsmasq configuration for libvirt so we always get the +# same address on bootup. +sudo tee /tmp/integration.xml > /dev/null << EOF + + integration + 1c8fe98c-b53a-4ca4-bbdb-deb0f26b3579 + + + + + + + + + + + + + + + +EOF + +if ! sudo virsh net-info integration > /dev/null 2>&1; then + sudo virsh net-define /tmp/integration.xml +fi +if [[ $(sudo virsh net-info integration | grep 'Active' | awk '{print $2}') == 'no' ]]; then + sudo virsh net-start integration +fi + +# Allow anyone in the wheel group to talk to libvirt. +greenprint "๐Ÿšช Allowing users in wheel group to talk to libvirt" +sudo tee /etc/polkit-1/rules.d/50-libvirt.rules > /dev/null << EOF +polkit.addRule(function(action, subject) { + if (action.id == "org.libvirt.unix.manage" && + subject.isInGroup("adm")) { + return polkit.Result.YES; + } +}); +EOF + +# Set up variables. +TEST_UUID=$(uuidgen) +IMAGE_KEY="ostree-installer-${TEST_UUID}" +SIMPLIFIED_GUEST_ADDRESS=192.168.100.50 +RAW_GUEST_ADDRESS=192.168.100.51 +# PROD_REPO_1 is for simplified installer test +# PROD_REPO_2 is for raw image test +PROD_REPO_1_URL=http://192.168.100.1/repo1 +PROD_REPO_1=/var/www/html/repo1 +PROD_REPO_2_URL=http://192.168.100.1/repo2 +PROD_REPO_2=/var/www/html/repo2 +STAGE_REPO_ADDRESS=192.168.200.1 +STAGE_REPO_URL="http://${STAGE_REPO_ADDRESS}:8080/repo/" +IGNITION_SERVER_FOLDER=/var/www/html/ignition +IGNITION_SERVER_URL=http://192.168.100.1/ignition +CONTAINER_TYPE=edge-container +CONTAINER_FILENAME=container.tar +INSTALLER_TYPE=edge-simplified-installer +INSTALLER_FILENAME=simplified-installer.iso +RAW_TYPE=edge-raw-image +RAW_FILENAME=image.raw.xz +# Workaround BZ#2108646 +BOOT_ARGS="uefi" + +# Set up temporary files. +TEMPDIR=$(mktemp -d) +BLUEPRINT_FILE=${TEMPDIR}/blueprint.toml +COMPOSE_START=${TEMPDIR}/compose-start-${IMAGE_KEY}.json +COMPOSE_INFO=${TEMPDIR}/compose-info-${IMAGE_KEY}.json + +# Setup log artifacts folder +ARTIFACTS="${ARTIFACTS:-/tmp/artifacts}" + +# SSH setup. +SSH_OPTIONS=(-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ConnectTimeout=5) +SSH_DATA_DIR=$(/usr/libexec/osbuild-composer-test/gen-ssh.sh) +SSH_KEY=${SSH_DATA_DIR}/id_rsa +SSH_KEY_PUB=$(cat "${SSH_KEY}".pub) + +# Ignition +IGNITION_USER=core +IGNITION_USER_PASSWORD=foobar + +# Mount /sysroot as RO by new ostree-libs-2022.6-3.el9.x86_64 +# It's RHEL 9.2 and above, CS9, Fedora 37 and above ONLY +SYSROOT_RO="true" + +case "${ID}-${VERSION_ID}" in + "rhel-9.3") + OSTREE_REF="rhel/9/${ARCH}/edge" + OS_VARIANT="rhel9-unknown" + ;; + "centos-9") + OSTREE_REF="centos/9/${ARCH}/edge" + OS_VARIANT="centos-stream9" + BOOT_ARGS="uefi,firmware.feature0.name=secure-boot,firmware.feature0.enabled=no" + ;; + *) + echo "unsupported distro: ${ID}-${VERSION_ID}" + exit 1;; +esac + +# Get the compose log. +get_compose_log () { + COMPOSE_ID=$1 + LOG_FILE=${ARTIFACTS}/osbuild-${ID}-${VERSION_ID}-installer-${COMPOSE_ID}.log + + # Download the logs. + sudo composer-cli compose log "$COMPOSE_ID" | tee "$LOG_FILE" > /dev/null +} + +# Get the compose metadata. +get_compose_metadata () { + COMPOSE_ID=$1 + METADATA_FILE=${ARTIFACTS}/osbuild-${ID}-${VERSION_ID}-installer-${COMPOSE_ID}.json + + # Download the metadata. + sudo composer-cli compose metadata "$COMPOSE_ID" > /dev/null + + # Find the tarball and extract it. + TARBALL=$(basename "$(find . -maxdepth 1 -type f -name "*-metadata.tar")") + sudo tar -xf "$TARBALL" -C "${TEMPDIR}" + sudo rm -f "$TARBALL" + + # Move the JSON file into place. + sudo cat "${TEMPDIR}"/"${COMPOSE_ID}".json | jq -M '.' | tee "$METADATA_FILE" > /dev/null +} + +# Build ostree image. +build_image() { + blueprint_name=$1 + image_type=$2 + + # Get worker unit file so we can watch the journal. + WORKER_UNIT=$(sudo systemctl list-units | grep -o -E "osbuild.*worker.*\.service") + sudo journalctl -af -n 1 -u "${WORKER_UNIT}" & + WORKER_JOURNAL_PID=$! + # Stop watching the worker journal when exiting. + trap 'sudo pkill -P ${WORKER_JOURNAL_PID}' EXIT + + # Start the compose. + greenprint "๐Ÿš€ Starting compose" + if [ $# -eq 3 ]; then + repo_url=$3 + sudo composer-cli --json compose start-ostree --ref "$OSTREE_REF" --url "$repo_url" "$blueprint_name" "$image_type" | tee "$COMPOSE_START" + else + sudo composer-cli --json compose start-ostree --ref "$OSTREE_REF" "$blueprint_name" "$image_type" | tee "$COMPOSE_START" + fi + + COMPOSE_ID=$(get_build_info ".build_id" "$COMPOSE_START") + + # Wait for the compose to finish. + greenprint "โฑ Waiting for compose to finish: ${COMPOSE_ID}" + while true; do + sudo composer-cli --json compose info "${COMPOSE_ID}" | tee "$COMPOSE_INFO" > /dev/null + + COMPOSE_STATUS=$(get_build_info ".queue_status" "$COMPOSE_INFO") + + # Is the compose finished? + if [[ $COMPOSE_STATUS != RUNNING ]] && [[ $COMPOSE_STATUS != WAITING ]]; then + break + fi + + # Wait 30 seconds and try again. + sleep 5 + done + + # Capture the compose logs from osbuild. + greenprint "๐Ÿ’ฌ Getting compose log and metadata" + get_compose_log "$COMPOSE_ID" + get_compose_metadata "$COMPOSE_ID" + + # Kill the journal monitor immediately and remove the trap + sudo pkill -P ${WORKER_JOURNAL_PID} + trap - EXIT + + # Did the compose finish with success? + if [[ $COMPOSE_STATUS != FINISHED ]]; then + echo "Something went wrong with the compose. ๐Ÿ˜ข" + exit 1 + fi +} + +# Wait for the ssh server up to be. +wait_for_ssh_up () { + SSH_STATUS=$(sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "${IGNITION_USER}@${1}" '/bin/bash -c "echo -n READY"') + if [[ $SSH_STATUS == READY ]]; then + echo 1 + else + echo 0 + fi +} + +# Clean up our mess. +clean_up () { + greenprint "๐Ÿงผ Cleaning up" + + # Remove any status containers if exist + sudo podman ps -a -q --format "{{.ID}}" | sudo xargs --no-run-if-empty podman rm -f + # Remove all images + sudo podman rmi -f -a + + # Remove prod repo + sudo rm -rf "$PROD_REPO_1" + sudo rm -rf "$PROD_REPO_2" + sudo rm -rf "$IGNITION_SERVER_FOLDER" + + # Remomve tmp dir. + sudo rm -rf "$TEMPDIR" + + # Stop prod repo http service + sudo systemctl disable --now httpd +} + +# Test result checking +check_result () { + greenprint "๐ŸŽ Checking for test result" + if [[ $RESULTS == 1 ]]; then + greenprint "๐Ÿ’š Success" + else + greenprint "โŒ Failed" + clean_up + exit 1 + fi +} + +########################################################### +## +## Prepare edge prod and stage repo +## +########################################################### +# Start ostree repo web service +# osbuild-composer-tests have mod_ssl as a dependency. The package installs +# an example configuration which automatically enabled httpd on port 443, but +# that one is already in use. Remove the default configuration as it is useless +# anyway. +sudo rm -f /etc/httpd/conf.d/ssl.conf +sudo systemctl enable --now httpd.service +# Have a clean prod repo for raw image test and simplified installer test +greenprint "๐Ÿ”ง Prepare edge prod repo for simplified installer test" +sudo rm -rf "$PROD_REPO_1" +sudo mkdir -p "$PROD_REPO_1" +sudo ostree --repo="$PROD_REPO_1" init --mode=archive +sudo ostree --repo="$PROD_REPO_1" remote add --no-gpg-verify edge-stage "$STAGE_REPO_URL" + +greenprint "๐Ÿ”ง Prepare edge prod repo for raw image test" +sudo rm -rf "$PROD_REPO_2" +sudo mkdir -p "$PROD_REPO_2" +sudo ostree --repo="$PROD_REPO_2" init --mode=archive +sudo ostree --repo="$PROD_REPO_2" remote add --no-gpg-verify edge-stage "$STAGE_REPO_URL" + +# Prepare stage repo network +greenprint "๐Ÿ”ง Prepare stage repo network" +sudo podman network inspect edge >/dev/null 2>&1 || sudo podman network create --driver=bridge --subnet=192.168.200.0/24 --gateway=192.168.200.254 edge + +# Clear container running env +greenprint "๐Ÿงน Clearing container running env" +# Remove any status containers if exist +sudo podman ps -a -q --format "{{.ID}}" | sudo xargs --no-run-if-empty podman rm -f +# Remove all images +sudo podman rmi -f -a + +########################################################## +## +## Build edge-container image and start it in podman +## +########################################################## + +# Write a blueprint for ostree image. +tee "$BLUEPRINT_FILE" > /dev/null << EOF +name = "container" +description = "A base rhel-edge container image" +version = "0.0.1" +modules = [] +groups = [] + +[[packages]] +name = "python3" +version = "*" +EOF + +greenprint "๐Ÿ“„ container blueprint" +cat "$BLUEPRINT_FILE" + +# Prepare the blueprint for the compose. +greenprint "๐Ÿ“‹ Preparing container blueprint" +sudo composer-cli blueprints push "$BLUEPRINT_FILE" +sudo composer-cli blueprints depsolve container + +# Build container image. +build_image container "${CONTAINER_TYPE}" + +# Download the image +greenprint "๐Ÿ“ฅ Downloading the container image" +sudo composer-cli compose image "${COMPOSE_ID}" > /dev/null + +# Deal with stage repo image +greenprint "๐Ÿ—œ Starting container" +IMAGE_FILENAME="${COMPOSE_ID}-${CONTAINER_FILENAME}" +sudo podman pull "oci-archive:${IMAGE_FILENAME}" +sudo podman images +# Run edge stage repo +greenprint "๐Ÿ›ฐ Running edge stage repo" +# Get image id to run image +EDGE_IMAGE_ID=$(sudo podman images --filter "dangling=true" --format "{{.ID}}") +sudo podman run -d --name rhel-edge --network edge --ip "$STAGE_REPO_ADDRESS" "$EDGE_IMAGE_ID" +# Clear image file +sudo rm -f "$IMAGE_FILENAME" + +# Wait for container to be running +until [ "$(sudo podman inspect -f '{{.State.Running}}' rhel-edge)" == "true" ]; do + sleep 1; +done; + +# Sync installer edge content +greenprint "๐Ÿ“ก Sync installer content from stage repo" +sudo ostree --repo="$PROD_REPO_1" pull --mirror edge-stage "$OSTREE_REF" +sudo ostree --repo="$PROD_REPO_2" pull --mirror edge-stage "$OSTREE_REF" + +# Clean rhel-edge container +sudo podman rm -f rhel-edge +sudo podman rmi -f "$EDGE_IMAGE_ID" + +# Clean compose and blueprints. +greenprint "๐Ÿงฝ Clean up container blueprint and compose" +sudo composer-cli compose delete "${COMPOSE_ID}" > /dev/null +sudo composer-cli blueprints delete container > /dev/null + +# Generate ignition configuration +sudo mkdir -p "$IGNITION_SERVER_FOLDER" +IGNITION_CONFIG_PATH="${IGNITION_SERVER_FOLDER}/config.ign" +sudo tee "$IGNITION_CONFIG_PATH" > /dev/null << EOF +{ + "ignition": { + "config": { + "merge": [ + { + "source": "${IGNITION_SERVER_URL}/sample.ign" + } + ] + }, + "timeouts": { + "httpTotal": 30 + }, + "version": "3.3.0" + }, + "passwd": { + "users": [ + { + "groups": [ + "wheel" + ], + "name": "$IGNITION_USER", + "passwordHash": "\$6\$GRmb7S0p8vsYmXzH\$o0E020S.9JQGaHkszoog4ha4AQVs3sk8q0DvLjSMxoxHBKnB2FBXGQ/OkwZQfW/76ktHd0NX5nls2LPxPuUdl.", + "sshAuthorizedKeys": [ + "$SSH_KEY_PUB" + ] + } + ] + } +} +EOF + +# Generate enbeded ignition configuration +sudo dnf install -y butane +tee "${TEMPDIR}/config.bu" > /dev/null << EOF +variant: r4e +version: 1.0.0 +ignition: + timeouts: + http_total: 30 + config: + merge: + - source: ${IGNITION_SERVER_URL}/sample.ign +passwd: + users: + - name: core + groups: + - wheel + password_hash: "\$6\$GRmb7S0p8vsYmXzH\$o0E020S.9JQGaHkszoog4ha4AQVs3sk8q0DvLjSMxoxHBKnB2FBXGQ/OkwZQfW/76ktHd0NX5nls2LPxPuUdl." + ssh_authorized_keys: + - $SSH_KEY_PUB +EOF +butane --pretty --strict "${TEMPDIR}/config.bu" > "${TEMPDIR}/config.ign" +# key "customizations.ignition.embedded.config": strings cannot contain newlines +IGNITION_B64=$(base64 -w 0 < "${TEMPDIR}/config.ign") + +IGNITION_CONFIG_SAMPLE_PATH="${IGNITION_SERVER_FOLDER}/sample.ign" +sudo tee "$IGNITION_CONFIG_SAMPLE_PATH" > /dev/null << EOF +{ + "ignition": { + "version": "3.3.0" + }, + "storage": { + "files": [ + { + "path": "/usr/local/bin/startup.sh", + "contents": { + "compression": "", + "source": "data:;base64,IyEvYmluL2Jhc2gKZWNobyAiSGVsbG8sIFdvcmxkISIK" + }, + "mode": 493 + } + ] + }, + "systemd": { + "units": [ + { + "contents": "[Unit]\nDescription=A hello world unit!\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=/usr/local/bin/startup.sh\n[Install]\nWantedBy=multi-user.target\n", + "enabled": true, + "name": "hello.service" + }, + { + "dropins": [ + { + "contents": "[Service]\nEnvironment=LOG_LEVEL=trace\n", + "name": "log_trace.conf" + } + ], + "name": "fdo-client-linuxapp.service" + } + ] + } +} +EOF + +###################################################################### +## +## Build edge-simplified-installer with embedded ignition configured +## +###################################################################### +# Write a blueprint for installer image. +tee "$BLUEPRINT_FILE" > /dev/null << EOF +name = "installer" +description = "A rhel-edge simplified-installer image" +version = "0.0.1" +modules = [] +groups = [] + +[customizations] +installation_device = "/dev/vdb" + +[customizations.ignition.embedded] +config = "$IGNITION_B64" +EOF + +greenprint "๐Ÿ“„ installer blueprint" +cat "$BLUEPRINT_FILE" + +# Prepare the blueprint for the compose. +greenprint "๐Ÿ“‹ Preparing installer blueprint" +sudo composer-cli blueprints push "$BLUEPRINT_FILE" +sudo composer-cli blueprints depsolve installer + +# Build installer image. +build_image installer "${INSTALLER_TYPE}" "${PROD_REPO_1_URL}" + +# Download the image +greenprint "๐Ÿ“ฅ Downloading the installer image" +sudo composer-cli compose image "${COMPOSE_ID}" > /dev/null +ISO_FILENAME="${COMPOSE_ID}-${INSTALLER_FILENAME}" +sudo mv "$ISO_FILENAME" /var/lib/libvirt/images + +# Clean compose and blueprints. +greenprint "๐Ÿงน Clean up installer blueprint and compose" +sudo composer-cli compose delete "${COMPOSE_ID}" > /dev/null +sudo composer-cli blueprints delete installer > /dev/null + +################################################################## +## +## Install with simplified installer ISO +## +################################################################## +# Create qcow2 file for virt install. +greenprint "๐Ÿ–ฅ Create simplified qcow2 file for virt install" +SIMPLIFIED_LIBVIRT_IMAGE_PATH=/var/lib/libvirt/images/${IMAGE_KEY}-simplified.qcow2 +sudo qemu-img create -f qcow2 "${SIMPLIFIED_LIBVIRT_IMAGE_PATH}" 20G + +# Create a disk to simulate USB device to test USB installation +# New growfs service dealing with LVM in simplified installer breaks USB installation +LIBVIRT_FAKE_USB_PATH=/var/lib/libvirt/images/usb.qcow2 +sudo qemu-img create -f qcow2 "${LIBVIRT_FAKE_USB_PATH}" 16G + +greenprint "๐Ÿ’ฟ Install ostree image via embedded ignition simplified installer" +sudo virt-install --name="${IMAGE_KEY}-simplified"\ + --disk path="${LIBVIRT_FAKE_USB_PATH}",format=qcow2 \ + --disk path="${SIMPLIFIED_LIBVIRT_IMAGE_PATH}",format=qcow2 \ + --ram 2048 \ + --vcpus 2 \ + --network network=integration,mac=34:49:22:B0:83:30 \ + --os-type linux \ + --os-variant ${OS_VARIANT} \ + --cdrom "/var/lib/libvirt/images/${ISO_FILENAME}" \ + --boot "${BOOT_ARGS}" \ + --tpm backend.type=emulator,backend.version=2.0,model=tpm-crb \ + --nographics \ + --noautoconsole \ + --wait=-1 \ + --noreboot + +# Let's detach USB disk before start VM +greenprint "๐Ÿ’ป Detach USB disk before start VM" +sudo virsh detach-disk --domain "${IMAGE_KEY}-simplified" --target "$LIBVIRT_FAKE_USB_PATH" --persistent --config +sudo virsh vol-delete --pool images usb.qcow2 + +# Start VM. +greenprint "๐Ÿ’ป Start simplified installer VM" +sudo virsh start "${IMAGE_KEY}-simplified" + +# Check for ssh ready to go. +greenprint "๐Ÿ›ƒ Checking for SSH is ready to go" +for _ in $(seq 0 30); do + RESULTS="$(wait_for_ssh_up $SIMPLIFIED_GUEST_ADDRESS)" + if [[ $RESULTS == 1 ]]; then + echo "SSH is ready now! ๐Ÿฅณ" + break + fi + sleep 10 +done + +# Reboot one more time to make /sysroot as RO by new ostree-libs-2022.6-3.el9.x86_64 +sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "${IGNITION_USER}@${SIMPLIFIED_GUEST_ADDRESS}" 'nohup sudo systemctl reboot &>/dev/null & exit' +# Sleep 10 seconds here to make sure vm restarted already +sleep 10 +for _ in $(seq 0 30); do + RESULTS="$(wait_for_ssh_up $SIMPLIFIED_GUEST_ADDRESS)" + if [[ $RESULTS == 1 ]]; then + echo "SSH is ready now! ๐Ÿฅณ" + break + fi + sleep 10 +done + +# Check image installation result +check_result + +greenprint "๐Ÿ•น Get ostree install commit value" +INSTALL_HASH=$(curl "${PROD_REPO_1_URL}/refs/heads/${OSTREE_REF}") + +# Add instance IP address into /etc/ansible/hosts +tee "${TEMPDIR}"/inventory > /dev/null << EOF +[ostree_guest] +${SIMPLIFIED_GUEST_ADDRESS} + +[ostree_guest:vars] +ansible_python_interpreter=/usr/bin/python3 +ansible_user=${IGNITION_USER} +ansible_private_key_file=${SSH_KEY} +ansible_ssh_common_args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" +ansible_become=yes +ansible_become_method=sudo +ansible_become_pass=${IGNITION_USER_PASSWORD} +EOF + +# Test IoT/Edge OS +sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \ + -e image_type=redhat \ + -e ostree_commit="${INSTALL_HASH}" \ + -e skip_rollback_test="false" \ + -e ignition="true" \ + -e edge_type=edge-simplified-installer \ + -e fdo_credential="false" \ + -e sysroot_ro="$SYSROOT_RO" \ + /usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0 + +check_result + +# Remove simplified installer ISO file +sudo rm -rf "/var/lib/libvirt/images/${ISO_FILENAME}" + +################################################################## +## +## Build upgrade image +## +################################################################## +# Write a blueprint for ostree image. +tee "$BLUEPRINT_FILE" > /dev/null << EOF +name = "upgrade" +description = "An upgrade rhel-edge container image" +version = "0.0.2" +modules = [] +groups = [] + +[[packages]] +name = "python3" +version = "*" + +[[packages]] +name = "wget" +version = "*" + +[customizations.kernel] +name = "kernel-rt" +EOF + +greenprint "๐Ÿ“„ upgrade blueprint" +cat "$BLUEPRINT_FILE" + +# Prepare the blueprint for the compose. +greenprint "๐Ÿ“‹ Preparing upgrade blueprint" +sudo composer-cli blueprints push "$BLUEPRINT_FILE" +sudo composer-cli blueprints depsolve upgrade + +# Build upgrade image. +build_image upgrade "${CONTAINER_TYPE}" "$PROD_REPO_1_URL" + +# Download the image +greenprint "๐Ÿ“ฅ Downloading the upgrade image" +sudo composer-cli compose image "${COMPOSE_ID}" > /dev/null + +# Delete installation rhel-edge container and its image +greenprint "๐Ÿงน Delete installation rhel-edge container and its image" +# Remove rhel-edge container if exists +sudo podman ps -q --filter name=rhel-edge --format "{{.ID}}" | sudo xargs --no-run-if-empty podman rm -f +# Remove container image if exists +sudo podman images --filter "dangling=true" --format "{{.ID}}" | sudo xargs --no-run-if-empty podman rmi -f + +# Deal with stage repo container +greenprint "๐Ÿ—œ Extracting image" +IMAGE_FILENAME="${COMPOSE_ID}-${CONTAINER_FILENAME}" +sudo podman pull "oci-archive:${IMAGE_FILENAME}" +sudo podman images +# Clear image file +sudo rm -f "$IMAGE_FILENAME" + +# Run edge stage repo +greenprint "๐Ÿ›ฐ Running edge stage repo" +# Get image id to run image +EDGE_IMAGE_ID=$(sudo podman images --filter "dangling=true" --format "{{.ID}}") +sudo podman run -d --name rhel-edge --network edge --ip "$STAGE_REPO_ADDRESS" "$EDGE_IMAGE_ID" +# Wait for container to be running +until [ "$(sudo podman inspect -f '{{.State.Running}}' rhel-edge)" == "true" ]; do + sleep 1; +done; + +# Pull upgrade to prod mirror +greenprint "โ›“ Pull upgrade to prod mirror" +sudo ostree --repo="$PROD_REPO_1" pull --mirror edge-stage "$OSTREE_REF" +sudo ostree --repo="$PROD_REPO_1" static-delta generate "$OSTREE_REF" +sudo ostree --repo="$PROD_REPO_1" summary -u + +# Get ostree commit value. +greenprint "๐Ÿ•น Get ostree upgrade commit value" +UPGRADE_HASH=$(curl "${PROD_REPO_1_URL}/refs/heads/${OSTREE_REF}") + +# Clean compose and blueprints. +greenprint "๐Ÿงฝ Clean up upgrade blueprint and compose" +sudo composer-cli compose delete "${COMPOSE_ID}" > /dev/null +sudo composer-cli blueprints delete upgrade > /dev/null + +################################################################## +## +## Upgrade simplified installer VM +## +################################################################## +greenprint "๐Ÿ—ณ Upgrade ostree image/commit on simplified VM" +sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "${IGNITION_USER}@${SIMPLIFIED_GUEST_ADDRESS}" "echo ${IGNITION_USER_PASSWORD} |sudo -S rpm-ostree upgrade" +sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "${IGNITION_USER}@${SIMPLIFIED_GUEST_ADDRESS}" "echo ${IGNITION_USER_PASSWORD} |nohup sudo -S systemctl reboot &>/dev/null & exit" + +# Sleep 10 seconds here to make sure vm restarted already +sleep 10 + +# Check for ssh ready to go. +greenprint "๐Ÿ›ƒ Checking for SSH is ready to go" +# shellcheck disable=SC2034 # Unused variables left for readability +for _ in $(seq 0 30); do + RESULTS="$(wait_for_ssh_up $SIMPLIFIED_GUEST_ADDRESS)" + if [[ $RESULTS == 1 ]]; then + echo "SSH is ready now! ๐Ÿฅณ" + break + fi + sleep 10 +done + +# Check ostree upgrade result +check_result + +# Add instance IP address into /etc/ansible/hosts +tee "${TEMPDIR}"/inventory > /dev/null << EOF +[ostree_guest] +${SIMPLIFIED_GUEST_ADDRESS} + +[ostree_guest:vars] +ansible_python_interpreter=/usr/bin/python3 +ansible_user=${IGNITION_USER} +ansible_private_key_file=${SSH_KEY} +ansible_ssh_common_args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" +ansible_become=yes +ansible_become_method=sudo +ansible_become_pass=${IGNITION_USER_PASSWORD} +EOF + +# Test IoT/Edge OS +sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \ + -e image_type=redhat \ + -e ostree_commit="${UPGRADE_HASH}" \ + -e skip_rollback_test="false" \ + -e ignition="true" \ + -e edge_type=edge-simplified-installer \ + -e fdo_credential="false" \ + -e sysroot_ro="$SYSROOT_RO" \ + /usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0 + +check_result + +# Clean up VM +greenprint "๐Ÿงน Clean up simplified VM" +if [[ $(sudo virsh domstate "${IMAGE_KEY}-simplified") == "running" ]]; then + sudo virsh destroy "${IMAGE_KEY}-simplified" +fi +sudo virsh undefine "${IMAGE_KEY}-simplified" --nvram +sudo virsh vol-delete --pool images "$IMAGE_KEY-simplified.qcow2" + +########################################################################## +## +## Build edge-simplified-installer with firtboot ignition configured +## +########################################################################## +# Write a blueprint for installer image. +tee "$BLUEPRINT_FILE" > /dev/null << EOF +name = "installer" +description = "A rhel-edge simplified-installer image" +version = "0.0.1" +modules = [] +groups = [] + +[customizations] +installation_device = "/dev/vda" + +[customizations.ignition.firstboot] +url = "${IGNITION_SERVER_URL}/config.ign" +EOF + +greenprint "๐Ÿ“„ installer blueprint" +cat "$BLUEPRINT_FILE" + +# Prepare the blueprint for the compose. +greenprint "๐Ÿ“‹ Preparing installer blueprint" +sudo composer-cli blueprints push "$BLUEPRINT_FILE" +sudo composer-cli blueprints depsolve installer + +# Build installer image. +build_image installer "${INSTALLER_TYPE}" "${PROD_REPO_2_URL}" + +# Download the image +greenprint "๐Ÿ“ฅ Downloading the installer image" +sudo composer-cli compose image "${COMPOSE_ID}" > /dev/null +ISO_FILENAME="${COMPOSE_ID}-${INSTALLER_FILENAME}" +sudo mv "$ISO_FILENAME" /var/lib/libvirt/images + +# Clean compose and blueprints. +greenprint "๐Ÿงน Clean up installer blueprint and compose" +sudo composer-cli compose delete "${COMPOSE_ID}" > /dev/null +sudo composer-cli blueprints delete installer > /dev/null + +################################################################## +## +## Install with simplified installer ISO +## +################################################################## +# Create qcow2 file for virt install. +greenprint "๐Ÿ–ฅ Create simplified qcow2 file for virt install" +SIMPLIFIED_LIBVIRT_IMAGE_PATH=/var/lib/libvirt/images/${IMAGE_KEY}-simplified.qcow2 +sudo qemu-img create -f qcow2 "${SIMPLIFIED_LIBVIRT_IMAGE_PATH}" 20G + +greenprint "๐Ÿ’ฟ Install ostree image via firstboot ignition simplified installer" +sudo virt-install --name="${IMAGE_KEY}-simplified"\ + --disk path="${SIMPLIFIED_LIBVIRT_IMAGE_PATH}",format=qcow2 \ + --ram 2048 \ + --vcpus 2 \ + --network network=integration,mac=34:49:22:B0:83:30 \ + --os-type linux \ + --os-variant ${OS_VARIANT} \ + --cdrom "/var/lib/libvirt/images/${ISO_FILENAME}" \ + --boot "${BOOT_ARGS}" \ + --tpm backend.type=emulator,backend.version=2.0,model=tpm-crb \ + --nographics \ + --noautoconsole \ + --wait=-1 \ + --noreboot + +# Start VM. +greenprint "๐Ÿ’ป Start simplified installer VM" +sudo virsh start "${IMAGE_KEY}-simplified" + +# Check for ssh ready to go. +greenprint "๐Ÿ›ƒ Checking for SSH is ready to go" +for _ in $(seq 0 30); do + RESULTS="$(wait_for_ssh_up $SIMPLIFIED_GUEST_ADDRESS)" + if [[ $RESULTS == 1 ]]; then + echo "SSH is ready now! ๐Ÿฅณ" + break + fi + sleep 10 +done + +# Reboot one more time to make /sysroot as RO by new ostree-libs-2022.6-3.el9.x86_64 +sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "${IGNITION_USER}@${SIMPLIFIED_GUEST_ADDRESS}" 'nohup sudo systemctl reboot &>/dev/null & exit' +# Sleep 10 seconds here to make sure vm restarted already +sleep 10 +for _ in $(seq 0 30); do + RESULTS="$(wait_for_ssh_up $SIMPLIFIED_GUEST_ADDRESS)" + if [[ $RESULTS == 1 ]]; then + echo "SSH is ready now! ๐Ÿฅณ" + break + fi + sleep 10 +done + +# Check image installation result +check_result + +greenprint "๐Ÿ•น Get ostree install commit value" +INSTALL_HASH=$(curl "${PROD_REPO_2_URL}/refs/heads/${OSTREE_REF}") + +# Add instance IP address into /etc/ansible/hosts +tee "${TEMPDIR}"/inventory > /dev/null << EOF +[ostree_guest] +${SIMPLIFIED_GUEST_ADDRESS} + +[ostree_guest:vars] +ansible_python_interpreter=/usr/bin/python3 +ansible_user=${IGNITION_USER} +ansible_private_key_file=${SSH_KEY} +ansible_ssh_common_args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" +ansible_become=yes +ansible_become_method=sudo +ansible_become_pass=${IGNITION_USER_PASSWORD} +EOF + +# Test IoT/Edge OS +sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \ + -e image_type=redhat \ + -e ostree_commit="${INSTALL_HASH}" \ + -e skip_rollback_test="false" \ + -e ignition="true" \ + -e edge_type=edge-simplified-installer \ + -e fdo_credential="false" \ + -e sysroot_ro="$SYSROOT_RO" \ + /usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0 +check_result + +# Remove simplified installer ISO file +sudo rm -rf "/var/lib/libvirt/images/${ISO_FILENAME}" + +# Clean up VM +greenprint "๐Ÿงน Clean up simplified VM" +if [[ $(sudo virsh domstate "${IMAGE_KEY}-simplified") == "running" ]]; then + sudo virsh destroy "${IMAGE_KEY}-simplified" +fi +sudo virsh undefine "${IMAGE_KEY}-simplified" --nvram +sudo virsh vol-delete --pool images "$IMAGE_KEY-simplified.qcow2" + +# No upgrade test for ignition firstboot on simplified installer image + +################################################################## +## +## Build edge-raw-image with ignition enabled +## +################################################################## + +tee "$BLUEPRINT_FILE" > /dev/null << EOF +name = "raw" +description = "A rhel-edge raw image" +version = "0.0.1" +modules = [] +groups = [] + +[customizations.ignition.firstboot] +url = "${IGNITION_SERVER_URL}/config.ign" +EOF + +greenprint "๐Ÿ“„ raw-image blueprint" +cat "$BLUEPRINT_FILE" + +# Prepare the blueprint for the compose. +greenprint "๐Ÿ“‹ Preparing raw-image blueprint" +sudo composer-cli blueprints push "$BLUEPRINT_FILE" +sudo composer-cli blueprints depsolve raw + +# Build raw image. +build_image raw "$RAW_TYPE" "${PROD_REPO_2_URL}" + +# Download raw image +greenprint "๐Ÿ“ฅ Downloading the raw image" +sudo composer-cli compose image "${COMPOSE_ID}" > /dev/null + +greenprint "Extracting and converting the raw image to a qcow2 file" +RAW_FILENAME="${COMPOSE_ID}-${RAW_FILENAME}" +sudo xz -d "${RAW_FILENAME}" +RAW_LIBVIRT_IMAGE_PATH="/var/lib/libvirt/images/${IMAGE_KEY}-raw.qcow2" +sudo qemu-img convert -f raw "${COMPOSE_ID}-image.raw" -O qcow2 "$RAW_LIBVIRT_IMAGE_PATH" +# Remove raw file +sudo rm -f "${COMPOSE_ID}-image.raw" + +# Clean compose and blueprints. +greenprint "๐Ÿงน Clean up raw blueprint and compose" +sudo composer-cli compose delete "${COMPOSE_ID}" > /dev/null +sudo composer-cli blueprints delete raw > /dev/null + +################################################################## +## +## Install with raw image +## +################################################################## + +greenprint "๐Ÿ’ฟ Install ostree image via raw image on UEFI VM" +sudo virt-install --name="${IMAGE_KEY}-raw"\ + --disk path="${RAW_LIBVIRT_IMAGE_PATH}",format=qcow2 \ + --ram 2048 \ + --vcpus 2 \ + --network network=integration,mac=34:49:22:B0:83:31 \ + --os-type linux \ + --os-variant ${OS_VARIANT} \ + --boot "${BOOT_ARGS}" \ + --tpm backend.type=emulator,backend.version=2.0,model=tpm-crb \ + --nographics \ + --noautoconsole \ + --wait=-1 \ + --import \ + --noreboot + +# Start VM. +greenprint "๐Ÿ’ป Start UEFI VM" +sudo virsh start "${IMAGE_KEY}-raw" + +# Check for ssh ready to go. +greenprint "๐Ÿ›ƒ Checking for SSH is ready to go" +for _ in $(seq 0 30); do + RESULTS="$(wait_for_ssh_up $RAW_GUEST_ADDRESS)" + if [[ $RESULTS == 1 ]]; then + echo "SSH is ready now! ๐Ÿฅณ" + break + fi + sleep 10 +done + +# Reboot one more time to make /sysroot as RO by new ostree-libs-2022.6-3.el9.x86_64 +sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "${IGNITION_USER}@${RAW_GUEST_ADDRESS}" 'nohup sudo systemctl reboot &>/dev/null & exit' +# Sleep 10 seconds here to make sure vm restarted already +sleep 10 +for _ in $(seq 0 30); do + RESULTS="$(wait_for_ssh_up $RAW_GUEST_ADDRESS)" + if [[ $RESULTS == 1 ]]; then + echo "SSH is ready now! ๐Ÿฅณ" + break + fi + sleep 10 +done + +# Check image installation result +check_result + +greenprint "๐Ÿ•น Get ostree install commit value" +INSTALL_HASH=$(curl "${PROD_REPO_2_URL}/refs/heads/${OSTREE_REF}") + +# Add instance IP address into /etc/ansible/hosts +tee "${TEMPDIR}"/inventory > /dev/null << EOF +[ostree_guest] +${RAW_GUEST_ADDRESS} +[ostree_guest:vars] +ansible_python_interpreter=/usr/bin/python3 +ansible_user=${IGNITION_USER} +ansible_private_key_file=${SSH_KEY} +ansible_ssh_common_args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" +ansible_become=yes +ansible_become_method=sudo +ansible_become_pass=${IGNITION_USER_PASSWORD} +EOF + +# Test IoT/Edge OS +sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \ + -e image_type=redhat \ + -e ostree_commit="${INSTALL_HASH}" \ + -e skip_rollback_test="false" \ + -e ignition="true" \ + -e edge_type=edge-raw-image \ + -e fdo_credential="false" \ + -e sysroot_ro="$SYSROOT_RO" \ + /usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0 + +check_result + +# Pull upgrade to prod mirror +greenprint "โ›“ Pull upgrade to prod mirror" +sudo ostree --repo="$PROD_REPO_2" pull --mirror edge-stage "$OSTREE_REF" +sudo ostree --repo="$PROD_REPO_2" static-delta generate "$OSTREE_REF" +sudo ostree --repo="$PROD_REPO_2" summary -u + +# Clean upgrade container +sudo podman rm -f rhel-edge +sudo podman rmi -f "$EDGE_IMAGE_ID" + +# Get ostree commit value. +greenprint "๐Ÿ•น Get ostree upgrade commit value" +UPGRADE_HASH=$(curl "${PROD_REPO_2_URL}/refs/heads/${OSTREE_REF}") + +################################################################## +## +## Upgrade raw image VM +## +################################################################## +greenprint "๐Ÿ—ณ Upgrade ostree image/commit on raw image VM" +sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "${IGNITION_USER}@${RAW_GUEST_ADDRESS}" "echo ${IGNITION_USER_PASSWORD} |sudo -S rpm-ostree upgrade" +sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "${IGNITION_USER}@${RAW_GUEST_ADDRESS}" "echo ${IGNITION_USER_PASSWORD} |nohup sudo -S systemctl reboot &>/dev/null & exit" + +# Sleep 10 seconds here to make sure vm restarted already +sleep 10 + +# Check for ssh ready to go. +greenprint "๐Ÿ›ƒ Checking for SSH is ready to go" +# shellcheck disable=SC2034 # Unused variables left for readability +for _ in $(seq 0 30); do + RESULTS="$(wait_for_ssh_up $RAW_GUEST_ADDRESS)" + if [[ $RESULTS == 1 ]]; then + echo "SSH is ready now! ๐Ÿฅณ" + break + fi + sleep 10 +done + +# Check ostree upgrade result +check_result + +# Add instance IP address into /etc/ansible/hosts +tee "${TEMPDIR}"/inventory > /dev/null << EOF +[ostree_guest] +${RAW_GUEST_ADDRESS} + +[ostree_guest:vars] +ansible_python_interpreter=/usr/bin/python3 +ansible_user=${IGNITION_USER} +ansible_private_key_file=${SSH_KEY} +ansible_ssh_common_args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" +ansible_become=yes +ansible_become_method=sudo +ansible_become_pass=${IGNITION_USER_PASSWORD} +EOF + +# Test IoT/Edge OS +sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \ + -e image_type=redhat \ + -e ostree_commit="${UPGRADE_HASH}" \ + -e skip_rollback_test="false" \ + -e ignition="true" \ + -e edge_type=edge-raw-image \ + -e fdo_credential="false" \ + -e sysroot_ro="$SYSROOT_RO" \ + /usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0 + +check_result + +# Clean up VM +greenprint "๐Ÿงน Clean up raw image VM" +if [[ $(sudo virsh domstate "${IMAGE_KEY}-raw") == "running" ]]; then + sudo virsh destroy "${IMAGE_KEY}-raw" +fi +sudo virsh undefine "${IMAGE_KEY}-raw" --nvram +sudo virsh vol-delete --pool images "$IMAGE_KEY-raw.qcow2" + +# Final success clean up +clean_up + +exit 0 diff --git a/test/cases/ostree-raw-image.sh b/test/cases/ostree-raw-image.sh index dd28de1c0..07d8de247 100755 --- a/test/cases/ostree-raw-image.sh +++ b/test/cases/ostree-raw-image.sh @@ -388,89 +388,6 @@ greenprint "๐Ÿงฝ Clean up container blueprint and compose" sudo composer-cli compose delete "${COMPOSE_ID}" > /dev/null sudo composer-cli blueprints delete container > /dev/null -############################################################ -## -## Setup Ignition -## -############################################################ - -# TODO(runcom): change this to butane to check that too -HTTPD_PATH="/var/www/html" -IGN_PATH="${HTTPD_PATH}/ignition" -sudo mkdir -p ${IGN_PATH} -IGN_CONFIG_PATH="${IGN_PATH}/config.ign" -sudo tee "$IGN_CONFIG_PATH" > /dev/null << EOF -{ - "ignition": { - "config": { - "merge": [ - { - "source": "http://192.168.100.1/ignition/sample.ign" - } - ] - }, - "timeouts": { - "httpTotal": 30 - }, - "version": "3.3.0" - }, - "passwd": { - "users": [ - { - "groups": [ - "wheel" - ], - "name": "core", - "passwordHash": "\$6\$GRmb7S0p8vsYmXzH\$o0E020S.9JQGaHkszoog4ha4AQVs3sk8q0DvLjSMxoxHBKnB2FBXGQ/OkwZQfW/76ktHd0NX5nls2LPxPuUdl.", - "sshAuthorizedKeys": [ - "${SSH_KEY_PUB}" - ] - } - ] - } -} -EOF - -IGN_CONFIG_SAMPLE_PATH="${IGN_PATH}/sample.ign" -sudo tee "$IGN_CONFIG_SAMPLE_PATH" > /dev/null << EOF -{ - "ignition": { - "version": "3.3.0" - }, - "storage": { - "files": [ - { - "path": "/usr/local/bin/startup.sh", - "contents": { - "compression": "", - "source": "data:;base64,IyEvYmluL2Jhc2gKZWNobyAiSGVsbG8sIFdvcmxkISIK" - }, - "mode": 493 - } - ] - }, - "systemd": { - "units": [ - { - "contents": "[Unit]\nDescription=A hello world unit!\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=/usr/local/bin/startup.sh\n[Install]\nWantedBy=multi-user.target\n", - "enabled": true, - "name": "hello.service" - }, - { - "dropins": [ - { - "contents": "[Service]\nEnvironment=LOG_LEVEL=trace\n", - "name": "log_trace.conf" - } - ], - "name": "fdo-client-linuxapp.service" - } - ] - } -} -EOF -sudo chmod -R +r ${HTTPD_PATH}/ignition/* - ############################################################ ## ## Build edge-raw-image @@ -486,20 +403,6 @@ modules = [] groups = [] EOF -IGNITION=1 -HAS_IGNITION="false" -if [[ "${ID}-${VERSION_ID}" = "rhel-9.2" || "${ID}-${VERSION_ID}" = "centos-9" ]]; then - IGNITION=0 - HAS_IGNITION="true" -fi - -if [[ ${IGNITION} -eq 0 ]]; then - tee -a "$BLUEPRINT_FILE" > /dev/null << EOF -[customizations.ignition.firstboot] -url = "http://192.168.100.1/ignition/config.ign" -EOF -fi - # User in raw image blueprint is not for RHEL 9.1 and 8.7 # Workaround for RHEL 9.1 and 8.7 nightly test if [[ "$USER_IN_RAW" == "true" ]]; then @@ -657,7 +560,6 @@ EOF sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \ -e image_type="${OSTREE_OSNAME}" \ -e skip_rollback_test="true" \ - -e ignition="${HAS_IGNITION}" \ -e edge_type=edge-raw-image \ -e ostree_commit="${INSTALL_HASH}" \ -e sysroot_ro="$SYSROOT_RO" \ @@ -665,36 +567,6 @@ EOF /usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0 check_result - # Test the same playbook with the user created by Ignition - if [[ ${IGNITION} -eq 0 ]]; then - # Add instance IP address into /etc/ansible/hosts - sudo tee "${TEMPDIR}"/inventory > /dev/null << EOF -[ostree_guest] -${BIOS_GUEST_ADDRESS} - -[ostree_guest:vars] -ansible_python_interpreter=/usr/bin/python3 -ansible_user=core -ansible_private_key_file=${SSH_KEY} -ansible_ssh_common_args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" -ansible_become=yes -ansible_become_method=sudo -ansible_become_pass=${EDGE_USER_PASSWORD} -EOF - - # Test IoT/Edge OS - sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \ - -e image_type="${OSTREE_OSNAME}" \ - -e skip_rollback_test="true" \ - -e ignition="${HAS_IGNITION}" \ - -e edge_type=edge-raw-image \ - -e ostree_commit="${INSTALL_HASH}" \ - -e sysroot_ro="$SYSROOT_RO" \ - -e test_custom_dirs_files="$CUSTOM_DIRS_FILES" \ - /usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0 - check_result - fi - # Clean up BIOS VM greenprint "๐Ÿงน Clean up BIOS VM" if [[ $(sudo virsh domstate "${IMAGE_KEY}-bios") == "running" ]]; then @@ -788,7 +660,6 @@ sudo /usr/libexec/osbuild-composer-test/ansible-blocking-io.py sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \ -e image_type="${OSTREE_OSNAME}" \ -e skip_rollback_test="true" \ - -e ignition="${HAS_IGNITION}" \ -e edge_type=edge-raw-image \ -e ostree_commit="${INSTALL_HASH}" \ -e sysroot_ro="$SYSROOT_RO" \ @@ -796,38 +667,6 @@ sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \ /usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0 check_result -# test with ignition user - -# Test the same playbook with the user created by Ignition -if [[ ${IGNITION} -eq 0 ]]; then - # Add instance IP address into /etc/ansible/hosts - sudo tee "${TEMPDIR}"/inventory > /dev/null << EOF -[ostree_guest] -${UEFI_GUEST_ADDRESS} - -[ostree_guest:vars] -ansible_python_interpreter=/usr/bin/python3 -ansible_user=core -ansible_private_key_file=${SSH_KEY} -ansible_ssh_common_args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" -ansible_become=yes -ansible_become_method=sudo -ansible_become_pass=${EDGE_USER_PASSWORD} -EOF - - # Test IoT/Edge OS - sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \ - -e image_type="${OSTREE_OSNAME}" \ - -e skip_rollback_test="true" \ - -e ignition="${HAS_IGNITION}" \ - -e edge_type=edge-raw-image \ - -e ostree_commit="${INSTALL_HASH}" \ - -e sysroot_ro="$SYSROOT_RO" \ - -e test_custom_dirs_files="$CUSTOM_DIRS_FILES" \ - /usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0 - check_result -fi - ################################################################## ## ## Upgrade and test edge vm with edge-raw-image (UEFI) @@ -993,34 +832,6 @@ done # Check ostree upgrade result check_result -if [[ ${IGNITION} -eq 0 ]]; then - # Add instance IP address into /etc/ansible/hosts - sudo tee "${TEMPDIR}"/inventory > /dev/null << EOF -[ostree_guest] -${UEFI_GUEST_ADDRESS} - -[ostree_guest:vars] -ansible_python_interpreter=/usr/bin/python3 -ansible_user=core -ansible_private_key_file=${SSH_KEY} -ansible_ssh_common_args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" -ansible_become=yes -ansible_become_method=sudo -ansible_become_pass=${EDGE_USER_PASSWORD} -EOF - - # Test IoT/Edge OS - sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \ - -e image_type="${OSTREE_OSNAME}" \ - -e skip_rollback_test="true" \ - -e edge_type=edge-raw-image \ - -e ostree_commit="${UPGRADE_HASH}" \ - -e sysroot_ro="$SYSROOT_RO" \ - -e test_custom_dirs_files="$CUSTOM_DIRS_FILES" \ - /usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0 - check_result -fi - # Add instance IP address into /etc/ansible/hosts sudo tee "${TEMPDIR}"/inventory > /dev/null << EOF [ostree_guest] diff --git a/test/cases/ostree-simplified-installer.sh b/test/cases/ostree-simplified-installer.sh index 8661c1ce1..fb0130a56 100755 --- a/test/cases/ostree-simplified-installer.sh +++ b/test/cases/ostree-simplified-installer.sh @@ -42,10 +42,7 @@ sudo tee /tmp/integration.xml > /dev/null << EOF - - - - + @@ -77,10 +74,7 @@ EOF # Set up variables. TEST_UUID=$(uuidgen) IMAGE_KEY="edge-${TEST_UUID}" -HTTP_GUEST_ADDRESS=192.168.100.50 -PUB_KEY_GUEST_ADDRESS=192.168.100.51 -ROOT_CERT_GUEST_ADDRESS=192.168.100.52 -IGNITION_GUEST_ADDRESS=192.168.100.53 +EDGE_GUEST_ADDRESS=192.168.100.50 PROD_REPO_URL=http://192.168.100.1/repo PROD_REPO=/var/www/html/repo FDO_SERVER_ADDRESS=192.168.100.1 @@ -107,7 +101,7 @@ SSH_OPTIONS=(-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o Conn SSH_DATA_DIR=$(/usr/libexec/osbuild-composer-test/gen-ssh.sh) SSH_KEY=${SSH_DATA_DIR}/id_rsa SSH_KEY_PUB=$(cat "${SSH_KEY}".pub) -# + # kernel-rt package name (differs in CS8) KERNEL_RT_PKG="kernel-rt" @@ -264,14 +258,6 @@ wait_for_fdo () { clean_up () { greenprint "๐Ÿงผ Cleaning up" - # Clean up BIOS VM - greenprint "๐Ÿงน Clean up BIOS VM" - if [[ $(sudo virsh domstate "${IMAGE_KEY}-simplified_iso_without_fdo") == "running" ]]; then - sudo virsh destroy "${IMAGE_KEY}-simplified_iso_without_fdo" - fi - sudo virsh undefine "${IMAGE_KEY}-simplified_iso_without_fdo" --nvram - sudo virsh vol-delete --pool images "$LIBVIRT_IMAGE_PATH" - # Remove any status containers if exist sudo podman ps -a -q --format "{{.ID}}" | sudo xargs --no-run-if-empty podman rm -f # Remove all images @@ -406,6 +392,143 @@ greenprint "๐Ÿงฝ Clean up container blueprint and compose" sudo composer-cli compose delete "${COMPOSE_ID}" > /dev/null sudo composer-cli blueprints delete container > /dev/null +################################################################## +## +## Build edge-simplified-installer without FDO and Ignition +## +################################################################## +tee "$BLUEPRINT_FILE" > /dev/null << EOF +name = "simplified_iso_without_fdo" +description = "A rhel-edge simplified-installer image without FDO" +version = "0.0.1" +modules = [] +groups = [] + +[[customizations.user]] +name = "simple" +description = "Administrator account" +password = "\$6\$GRmb7S0p8vsYmXzH\$o0E020S.9JQGaHkszoog4ha4AQVs3sk8q0DvLjSMxoxHBKnB2FBXGQ/OkwZQfW/76ktHd0NX5nls2LPxPuUdl." +key = "${SSH_KEY_PUB}" +home = "/home/simple/" +groups = ["wheel"] + +[customizations] +installation_device = "/dev/vda" +EOF + +greenprint "๐Ÿ“„ simplified_iso_without_fdo blueprint" +cat "$BLUEPRINT_FILE" + +# Prepare the blueprint for the compose. +greenprint "๐Ÿ“‹ Preparing installer blueprint" +sudo composer-cli blueprints push "$BLUEPRINT_FILE" +sudo composer-cli blueprints depsolve simplified_iso_without_fdo + +# Build simplified installer iso image. +build_image simplified_iso_without_fdo "${INSTALLER_TYPE}" "${PROD_REPO_URL}/" + +# Download the image +greenprint "๐Ÿ“ฅ Downloading the simplified_iso_without_fdo image" +sudo composer-cli compose image "${COMPOSE_ID}" > /dev/null +ISO_FILENAME="${COMPOSE_ID}-${INSTALLER_FILENAME}" +sudo cp "${ISO_FILENAME}" /var/lib/libvirt/images + +# Clean compose and blueprints. +greenprint "๐Ÿงน Clean up simplified_iso_without_fdo blueprint and compose" +sudo composer-cli compose delete "${COMPOSE_ID}" > /dev/null +sudo composer-cli blueprints delete simplified_iso_without_fdo > /dev/null + +# Ensure SELinux is happy with our new images. +greenprint "๐Ÿ‘ฟ Running restorecon on image directory" +sudo restorecon -Rv /var/lib/libvirt/images/ + +# Create qcow2 file for virt install. +LIBVIRT_IMAGE_PATH=/var/lib/libvirt/images/${IMAGE_KEY}.qcow2 +greenprint "๐Ÿ–ฅ Create qcow2 file for virt install" +sudo qemu-img create -f qcow2 "${LIBVIRT_IMAGE_PATH}" 20G + +greenprint "๐Ÿ’ฟ Install no FDO and ignition simplified ISO on UEFI VM" +sudo virt-install --name="${IMAGE_KEY}-simplified_iso_without_fdo"\ + --disk path="${LIBVIRT_IMAGE_PATH}",format=qcow2 \ + --ram "${MEMORY}" \ + --vcpus 2 \ + --network network=integration,mac=34:49:22:B0:83:30 \ + --os-type linux \ + --os-variant ${OS_VARIANT} \ + --cdrom "/var/lib/libvirt/images/${ISO_FILENAME}" \ + --boot "$BOOT_ARGS" \ + --tpm backend.type=emulator,backend.version=2.0,model=tpm-crb \ + --nographics \ + --noautoconsole \ + --wait=15 \ + --noreboot + +# Start VM. +greenprint "๐Ÿ’ป Start UEFI VM" +sudo virsh start "${IMAGE_KEY}-simplified_iso_without_fdo" + +# Check for ssh ready to go. +greenprint "๐Ÿ›ƒ Checking for SSH is ready to go" +for _ in $(seq 0 30); do + RESULTS="$(wait_for_ssh_up $EDGE_GUEST_ADDRESS)" + if [[ $RESULTS == 1 ]]; then + echo "SSH is ready now! ๐Ÿฅณ" + break + fi + sleep 10 +done + +# With new ostree-libs-2022.6-3, edge vm needs to reboot twice to make the /sysroot readonly +sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "simple@${EDGE_GUEST_ADDRESS}" "echo ${EDGE_USER_PASSWORD} |nohup sudo -S systemctl reboot &>/dev/null & exit" +# Sleep 10 seconds here to make sure vm restarted already +sleep 10 +for _ in $(seq 0 30); do + RESULTS="$(wait_for_ssh_up $EDGE_GUEST_ADDRESS)" + if [[ $RESULTS == 1 ]]; then + echo "SSH is ready now! ๐Ÿฅณ" + break + fi + sleep 10 +done + +# Check image installation result +check_result + +greenprint "๐Ÿ•น Get ostree install commit value" +INSTALL_HASH=$(curl "${PROD_REPO_URL}/refs/heads/${OSTREE_REF}") + +sudo tee "${TEMPDIR}"/inventory > /dev/null << EOF +[ostree_guest] +${EDGE_GUEST_ADDRESS} + +[ostree_guest:vars] +ansible_python_interpreter=/usr/bin/python3 +ansible_user=simple +ansible_private_key_file=${SSH_KEY} +ansible_ssh_common_args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" +ansible_become=yes +ansible_become_method=sudo +ansible_become_pass=${EDGE_USER_PASSWORD} +EOF + +# Test IoT/Edge OS +sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \ + -e image_type=redhat \ + -e ostree_commit="${INSTALL_HASH}" \ + -e skip_rollback_test="true" \ + -e edge_type=edge-simplified-installer \ + -e fdo_credential="false" \ + -e sysroot_ro="$SYSROOT_RO" \ + /usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0 +check_result + +greenprint "๐Ÿงน Clean up VM" +if [[ $(sudo virsh domstate "${IMAGE_KEY}-simplified_iso_without_fdo") == "running" ]]; then + sudo virsh destroy "${IMAGE_KEY}-simplified_iso_without_fdo" +fi +sudo virsh undefine "${IMAGE_KEY}-simplified_iso_without_fdo" --nvram +sudo virsh vol-delete --pool images "$LIBVIRT_IMAGE_PATH" + ######################################################################## ## ## Build edge-simplified-installer with diun_pub_key_insecure enabled @@ -509,8 +632,8 @@ sudo virsh start "${IMAGE_KEY}-http" # Check for ssh ready to go. greenprint "๐Ÿ›ƒ Checking for SSH is ready to go" -for LOOP_COUNTER in $(seq 0 30); do - RESULTS="$(wait_for_ssh_up $HTTP_GUEST_ADDRESS)" +for _ in $(seq 0 30); do + RESULTS="$(wait_for_ssh_up $EDGE_GUEST_ADDRESS)" if [[ $RESULTS == 1 ]]; then echo "SSH is ready now! ๐Ÿฅณ" break @@ -519,11 +642,11 @@ for LOOP_COUNTER in $(seq 0 30); do done # With new ostree-libs-2022.6-3, edge vm needs to reboot twice to make the /sysroot readonly -sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "admin@${HTTP_GUEST_ADDRESS}" 'nohup sudo systemctl reboot &>/dev/null & exit' +sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "admin@${EDGE_GUEST_ADDRESS}" 'nohup sudo systemctl reboot &>/dev/null & exit' # Sleep 10 seconds here to make sure vm restarted already sleep 10 for _ in $(seq 0 30); do - RESULTS="$(wait_for_ssh_up $HTTP_GUEST_ADDRESS)" + RESULTS="$(wait_for_ssh_up $EDGE_GUEST_ADDRESS)" if [[ $RESULTS == 1 ]]; then echo "SSH is ready now! ๐Ÿฅณ" break @@ -541,7 +664,7 @@ INSTALL_HASH=$(curl "${PROD_REPO_URL}/refs/heads/${OSTREE_REF}") # Add instance IP address into /etc/ansible/hosts sudo tee "${TEMPDIR}"/inventory > /dev/null << EOF [ostree_guest] -${HTTP_GUEST_ADDRESS} +${EDGE_GUEST_ADDRESS} [ostree_guest:vars] ansible_python_interpreter=/usr/bin/python3 @@ -553,10 +676,6 @@ ansible_become_method=sudo ansible_become_pass=${EDGE_USER_PASSWORD} EOF -# Fix ansible error https://github.com/osbuild/osbuild-composer/issues/3309 -greenprint "fix stdio file non-blocking issue" -sudo /usr/libexec/osbuild-composer-test/ansible-blocking-io.py - # Test IoT/Edge OS sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \ -e image_type=redhat \ @@ -634,7 +753,7 @@ sudo virt-install --name="${IMAGE_KEY}-fdosshkey"\ --disk path="${LIBVIRT_IMAGE_PATH}",format=qcow2 \ --ram "${MEMORY}" \ --vcpus 2 \ - --network network=integration,mac=34:49:22:B0:83:31 \ + --network network=integration,mac=34:49:22:B0:83:30 \ --os-type linux \ --os-variant ${OS_VARIANT} \ --cdrom "/var/lib/libvirt/images/${ISO_FILENAME}" \ @@ -657,8 +776,8 @@ sudo virsh start "${IMAGE_KEY}-fdosshkey" # Check for ssh ready to go. greenprint "๐Ÿ›ƒ Checking for SSH is ready to go" -for LOOP_COUNTER in $(seq 0 30); do - RESULTS="$(wait_for_ssh_up $PUB_KEY_GUEST_ADDRESS)" +for _ in $(seq 0 30); do + RESULTS="$(wait_for_ssh_up $EDGE_GUEST_ADDRESS)" if [[ $RESULTS == 1 ]]; then echo "SSH is ready now! ๐Ÿฅณ" break @@ -671,7 +790,7 @@ done if [[ "${ANSIBLE_USER}" == "fdouser" ]]; then greenprint "Waiting for FDO user onboarding finished" for _ in $(seq 0 30); do - RESULTS=$(wait_for_fdo "$PUB_KEY_GUEST_ADDRESS") + RESULTS=$(wait_for_fdo "$EDGE_GUEST_ADDRESS") if [[ $RESULTS == 1 ]]; then echo "FDO user is ready to use! ๐Ÿฅณ" break @@ -681,11 +800,11 @@ if [[ "${ANSIBLE_USER}" == "fdouser" ]]; then fi # With new ostree-libs-2022.6-3, edge vm needs to reboot twice to make the /sysroot readonly -sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "admin@${PUB_KEY_GUEST_ADDRESS}" 'nohup sudo systemctl reboot &>/dev/null & exit' +sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "admin@${EDGE_GUEST_ADDRESS}" 'nohup sudo systemctl reboot &>/dev/null & exit' # Sleep 10 seconds here to make sure vm restarted already sleep 10 for _ in $(seq 0 30); do - RESULTS="$(wait_for_ssh_up $PUB_KEY_GUEST_ADDRESS)" + RESULTS="$(wait_for_ssh_up $EDGE_GUEST_ADDRESS)" if [[ $RESULTS == 1 ]]; then echo "SSH is ready now! ๐Ÿฅณ" break @@ -702,7 +821,7 @@ INSTALL_HASH=$(curl "${PROD_REPO_URL}/refs/heads/${OSTREE_REF}") # Add instance IP address into /etc/ansible/hosts sudo tee "${TEMPDIR}"/inventory > /dev/null << EOF [ostree_guest] -${PUB_KEY_GUEST_ADDRESS} +${EDGE_GUEST_ADDRESS} [ostree_guest:vars] ansible_python_interpreter=/usr/bin/python3 @@ -714,10 +833,6 @@ ansible_become_method=sudo ansible_become_pass=${EDGE_USER_PASSWORD} EOF -# Fix ansible error https://github.com/osbuild/osbuild-composer/issues/3309 -greenprint "fix stdio file non-blocking issue" -sudo /usr/libexec/osbuild-composer-test/ansible-blocking-io.py - # FDO user does not have password, use ssh key and no sudo password instead if [[ "$ANSIBLE_USER" == "fdouser" ]]; then sed -i '/^ansible_become_pass/d' "${TEMPDIR}"/inventory @@ -799,7 +914,7 @@ sudo virt-install --name="${IMAGE_KEY}-fdorootcert"\ --disk path="${LIBVIRT_IMAGE_PATH}",format=qcow2 \ --ram "${MEMORY}" \ --vcpus 2 \ - --network network=integration,mac=34:49:22:B0:83:32 \ + --network network=integration,mac=34:49:22:B0:83:30 \ --os-type linux \ --os-variant ${OS_VARIANT} \ --cdrom "/var/lib/libvirt/images/${ISO_FILENAME}" \ @@ -822,8 +937,8 @@ sudo virsh start "${IMAGE_KEY}-fdorootcert" # Check for ssh ready to go. greenprint "๐Ÿ›ƒ Checking for SSH is ready to go" -for LOOP_COUNTER in $(seq 0 30); do - RESULTS="$(wait_for_ssh_up $ROOT_CERT_GUEST_ADDRESS)" +for _ in $(seq 0 30); do + RESULTS="$(wait_for_ssh_up $EDGE_GUEST_ADDRESS)" if [[ $RESULTS == 1 ]]; then echo "SSH is ready now! ๐Ÿฅณ" break @@ -832,11 +947,11 @@ for LOOP_COUNTER in $(seq 0 30); do done # With new ostree-libs-2022.6-3, edge vm needs to reboot twice to make the /sysroot readonly -sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "admin@${ROOT_CERT_GUEST_ADDRESS}" 'nohup sudo systemctl reboot &>/dev/null & exit' +sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "admin@${EDGE_GUEST_ADDRESS}" 'nohup sudo systemctl reboot &>/dev/null & exit' # Sleep 10 seconds here to make sure vm restarted already sleep 10 for _ in $(seq 0 30); do - RESULTS="$(wait_for_ssh_up $ROOT_CERT_GUEST_ADDRESS)" + RESULTS="$(wait_for_ssh_up $EDGE_GUEST_ADDRESS)" if [[ $RESULTS == 1 ]]; then echo "SSH is ready now! ๐Ÿฅณ" break @@ -853,7 +968,7 @@ INSTALL_HASH=$(curl "${PROD_REPO_URL}/refs/heads/${OSTREE_REF}") # Add instance IP address into /etc/ansible/hosts sudo tee "${TEMPDIR}"/inventory > /dev/null << EOF [ostree_guest] -${ROOT_CERT_GUEST_ADDRESS} +${EDGE_GUEST_ADDRESS} [ostree_guest:vars] ansible_python_interpreter=/usr/bin/python3 @@ -865,10 +980,6 @@ ansible_become_method=sudo ansible_become_pass=${EDGE_USER_PASSWORD} EOF -# Fix ansible error https://github.com/osbuild/osbuild-composer/issues/3309 -greenprint "fix stdio file non-blocking issue" -sudo /usr/libexec/osbuild-composer-test/ansible-blocking-io.py - # Test IoT/Edge OS sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \ -e image_type=redhat \ @@ -880,469 +991,6 @@ sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \ /usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0 check_result -greenprint "๐Ÿงน Clean up VM" -if [[ $(sudo virsh domstate "${IMAGE_KEY}-fdorootcert") == "running" ]]; then - sudo virsh destroy "${IMAGE_KEY}-fdorootcert" -fi -sudo virsh undefine "${IMAGE_KEY}-fdorootcert" --nvram -sudo virsh vol-delete --pool images "$LIBVIRT_IMAGE_PATH" - -IGNITION=1 -HAS_IGNITION="false" -if [[ "${ID}-${VERSION_ID}" = "rhel-9.2" || "${ID}-${VERSION_ID}" = "centos-9" ]]; then - IGNITION=0 - HAS_IGNITION="true" -fi - -################################################################## -## -## Build edge-simplified-installer without FDO & with Ignition -## -################################################################## - -BU_PATH="${HTTPD_PATH}"/butane -sudo mkdir -p ${BU_PATH} -BU_CONFIG_PATH="${BU_PATH}/bu_config.bu" -sudo tee "$BU_CONFIG_PATH" > /dev/null << EOF -variant: r4e -version: 1.0.0 -ignition: - config: - merge: - - source: "http://192.168.100.1/ignition/sample.ign" - timeouts: - http_total: 30 -passwd: - users: - - name: core - password_hash: "\$6\$GRmb7S0p8vsYmXzH\$o0E020S.9JQGaHkszoog4ha4AQVs3sk8q0DvLjSMxoxHBKnB2FBXGQ/OkwZQfW/76ktHd0NX5nls2LPxPuUdl." - ssh_authorized_keys: - - "${SSH_KEY_PUB}" - groups: - - wheel -EOF - -IGN_PATH="${HTTPD_PATH}/ignition" -sudo mkdir -p ${IGN_PATH} -IGN_CONFIG_PATH="${IGN_PATH}/config.ign" - -# Run butane using standard in and standard out -greenprint "Running butane using butane's configuration file" -podman run -i --rm quay.io/coreos/butane:release --pretty --strict < "${BU_CONFIG_PATH}" > config.ign -sudo cp config.ign "${IGN_CONFIG_PATH}" -sudo rm -rf ./config.ign -# Output Ignition configuration -greenprint "Generated Ignition configuration" -cat "${IGN_CONFIG_PATH}" - -BASE64_IGN_CONFIG=$(cat "$IGN_CONFIG_PATH" | base64) - -IGN_CONFIG_SAMPLE_PATH="${IGN_PATH}/sample.ign" -sudo tee "$IGN_CONFIG_SAMPLE_PATH" > /dev/null << EOF -{ - "ignition": { - "version": "3.3.0" - }, - "storage": { - "files": [ - { - "path": "/usr/local/bin/startup.sh", - "contents": { - "compression": "", - "source": "data:;base64,IyEvYmluL2Jhc2gKZWNobyAiSGVsbG8sIFdvcmxkISIK" - }, - "mode": 493 - } - ] - }, - "systemd": { - "units": [ - { - "contents": "[Unit]\nDescription=A hello world unit!\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=/usr/local/bin/startup.sh\n[Install]\nWantedBy=multi-user.target\n", - "enabled": true, - "name": "hello.service" - }, - { - "dropins": [ - { - "contents": "[Service]\nEnvironment=LOG_LEVEL=trace\n", - "name": "log_trace.conf" - } - ], - "name": "fdo-client-linuxapp.service" - } - ] - } -} -EOF -sudo chmod -R +r ${HTTPD_PATH}/ignition/* - -######################################################################## -## -## Build edge-simplified-installer with ignition embedded -## (only on rhel92+) -## -######################################################################## - -if [[ "${ID}-${VERSION_ID}" = "rhel-9.2" || "${ID}-${VERSION_ID}" = "centos-9" ]]; then - # embedded base64 ign config - - tee "$BLUEPRINT_FILE" > /dev/null < /dev/null - ISO_FILENAME="${COMPOSE_ID}-${INSTALLER_FILENAME}" - sudo cp "${ISO_FILENAME}" /var/lib/libvirt/images - - # Clean compose and blueprints. - greenprint "๐Ÿงน Clean up simplified_iso_with_ignition_embedded_config blueprint and compose" - sudo composer-cli compose delete "${COMPOSE_ID}" > /dev/null - sudo composer-cli blueprints delete simplified_iso_with_ignition_embedded_config > /dev/null - - # Ensure SELinux is happy with our new images. - greenprint "๐Ÿ‘ฟ Running restorecon on image directory" - sudo restorecon -Rv /var/lib/libvirt/images/ - - # Create qcow2 file for virt install. - greenprint "๐Ÿ–ฅ Create qcow2 file for virt install" - sudo qemu-img create -f qcow2 "${LIBVIRT_IMAGE_PATH}" 20G - - greenprint "๐Ÿ’ฟ Install ostree image via installer(ISO) on UEFI VM" - sudo virt-install --name="${IMAGE_KEY}-simplified_iso_with_ignition_embedded_config"\ - --disk path="${LIBVIRT_IMAGE_PATH}",format=qcow2 \ - --ram "${MEMORY}" \ - --vcpus 2 \ - --network network=integration,mac=34:49:22:B0:83:33 \ - --os-type linux \ - --os-variant ${OS_VARIANT} \ - --cdrom "/var/lib/libvirt/images/${ISO_FILENAME}" \ - --boot "$BOOT_ARGS" \ - --tpm backend.type=emulator,backend.version=2.0,model=tpm-crb \ - --nographics \ - --noautoconsole \ - --wait=15 \ - --noreboot - - # Installation can get stuck, destroying VM helps - # See https://github.com/osbuild/osbuild-composer/issues/2413 - if [[ $(sudo virsh domstate "${IMAGE_KEY}-simplified_iso_with_ignition_embedded_config") == "running" ]]; then - sudo virsh destroy "${IMAGE_KEY}-simplified_iso_with_ignition_embedded_config" - fi - - # Start VM. - greenprint "๐Ÿ’ป Start UEFI VM" - sudo virsh start "${IMAGE_KEY}-simplified_iso_with_ignition_embedded_config" - - # Check for ssh ready to go. - greenprint "๐Ÿ›ƒ Checking for SSH is ready to go" - for LOOP_COUNTER in $(seq 0 30); do - RESULTS="$(wait_for_ssh_up $IGNITION_GUEST_ADDRESS)" - if [[ $RESULTS == 1 ]]; then - echo "SSH is ready now! ๐Ÿฅณ" - break - fi - sleep 10 - done - - # With new ostree-libs-2022.6-3, edge vm needs to reboot twice to make the /sysroot readonly - sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "admin@${IGNITION_GUEST_ADDRESS}" 'nohup sudo systemctl reboot &>/dev/null & exit' - # Sleep 10 seconds here to make sure vm restarted already - sleep 10 - for _ in $(seq 0 30); do - RESULTS="$(wait_for_ssh_up $IGNITION_GUEST_ADDRESS)" - if [[ $RESULTS == 1 ]]; then - echo "SSH is ready now! ๐Ÿฅณ" - break - fi - sleep 10 - done - - # Check image installation result - check_result - - greenprint "๐Ÿ•น Get ostree install commit value" - INSTALL_HASH=$(curl "${PROD_REPO_URL}/refs/heads/${OSTREE_REF}") - - if [[ ${IGNITION} -eq 0 ]]; then - # Add instance IP address into /etc/ansible/hosts - sudo tee "${TEMPDIR}"/inventory > /dev/null << EOF -[ostree_guest] -${IGNITION_GUEST_ADDRESS} - -[ostree_guest:vars] -ansible_python_interpreter=/usr/bin/python3 -ansible_user=core -ansible_private_key_file=${SSH_KEY} -ansible_ssh_common_args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" -ansible_become=yes -ansible_become_method=sudo -ansible_become_pass=${EDGE_USER_PASSWORD} -EOF - - # Fix ansible error https://github.com/osbuild/osbuild-composer/issues/3309 - greenprint "fix stdio file non-blocking issue" - sudo /usr/libexec/osbuild-composer-test/ansible-blocking-io.py - - # Test IoT/Edge OS - sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \ - -e image_type=redhat \ - -e ostree_commit="${INSTALL_HASH}" \ - -e skip_rollback_test="true" \ - -e ignition="${HAS_IGNITION}" \ - -e edge_type=edge-simplified-installer \ - -e fdo_credential="false" \ - -e sysroot_ro="$SYSROOT_RO" \ - /usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0 - check_result - fi - - # now try with blueprint user - - # Add instance IP address into /etc/ansible/hosts - sudo tee "${TEMPDIR}"/inventory > /dev/null << EOF -[ostree_guest] -${IGNITION_GUEST_ADDRESS} - -[ostree_guest:vars] -ansible_python_interpreter=/usr/bin/python3 -ansible_user=admin -ansible_private_key_file=${SSH_KEY} -ansible_ssh_common_args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" -ansible_become=yes -ansible_become_method=sudo -ansible_become_pass=${EDGE_USER_PASSWORD} -EOF - - # Fix ansible error https://github.com/osbuild/osbuild-composer/issues/3309 - greenprint "fix stdio file non-blocking issue" - sudo /usr/libexec/osbuild-composer-test/ansible-blocking-io.py - - # Test IoT/Edge OS - sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \ - -e image_type=redhat \ - -e ostree_commit="${INSTALL_HASH}" \ - -e skip_rollback_test="true" \ - -e ignition="${HAS_IGNITION}" \ - -e edge_type=edge-simplified-installer \ - -e fdo_credential="false" \ - -e sysroot_ro="$SYSROOT_RO" \ - /usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0 - check_result - - greenprint "๐Ÿงน Clean up VM" - if [[ $(sudo virsh domstate "${IMAGE_KEY}-simplified_iso_with_ignition_embedded_config") == "running" ]]; then - sudo virsh destroy "${IMAGE_KEY}-simplified_iso_with_ignition_embedded_config" - fi - sudo virsh undefine "${IMAGE_KEY}-simplified_iso_with_ignition_embedded_config" --nvram - sudo virsh vol-delete --pool images "$LIBVIRT_IMAGE_PATH" -else - greenprint "Skipping ignition embedded url test, it's only for RHEL9" -fi - -# TODO(runcom): - -if [[ ${IGNITION} -eq 0 ]]; then - tee "$BLUEPRINT_FILE" > /dev/null << EOF - name = "simplified_iso_without_fdo" - description = "A rhel-edge simplified-installer image without FDO with Ignition" - version = "0.0.1" - modules = [] - groups = [] - - [customizations] - installation_device = "/dev/vda" - - [customizations.ignition.firstboot] - url = "http://192.168.100.1/ignition/config.ign" -EOF -else - tee "$BLUEPRINT_FILE" > /dev/null << EOF - name = "simplified_iso_without_fdo" - description = "A rhel-edge simplified-installer image without FDO" - version = "0.0.1" - modules = [] - groups = [] - - [customizations] - installation_device = "/dev/vda" -EOF -fi - -greenprint "๐Ÿ“„ simplified_iso_without_fdo blueprint" -cat "$BLUEPRINT_FILE" - -# Prepare the blueprint for the compose. -greenprint "๐Ÿ“‹ Preparing installer blueprint" -sudo composer-cli blueprints push "$BLUEPRINT_FILE" -sudo composer-cli blueprints depsolve simplified_iso_without_fdo - -# Build simplified installer iso image. -build_image simplified_iso_without_fdo "${INSTALLER_TYPE}" "${PROD_REPO_URL}/" - -# Download the image -greenprint "๐Ÿ“ฅ Downloading the simplified_iso_without_fdo image" -sudo composer-cli compose image "${COMPOSE_ID}" > /dev/null -ISO_FILENAME="${COMPOSE_ID}-${INSTALLER_FILENAME}" -sudo cp "${ISO_FILENAME}" /var/lib/libvirt/images - -# Clean compose and blueprints. -greenprint "๐Ÿงน Clean up simplified_iso_without_fdo blueprint and compose" -sudo composer-cli compose delete "${COMPOSE_ID}" > /dev/null -sudo composer-cli blueprints delete simplified_iso_without_fdo > /dev/null - -# Ensure SELinux is happy with our new images. -greenprint "๐Ÿ‘ฟ Running restorecon on image directory" -sudo restorecon -Rv /var/lib/libvirt/images/ - -# Create qcow2 file for virt install. -greenprint "๐Ÿ–ฅ Create qcow2 file for virt install" -sudo qemu-img create -f qcow2 "${LIBVIRT_IMAGE_PATH}" 20G - -greenprint "๐Ÿ’ฟ Install ostree image via installer(ISO) on UEFI VM" -sudo virt-install --name="${IMAGE_KEY}-simplified_iso_without_fdo"\ - --disk path="${LIBVIRT_IMAGE_PATH}",format=qcow2 \ - --ram "${MEMORY}" \ - --vcpus 2 \ - --network network=integration,mac=34:49:22:B0:83:33 \ - --os-type linux \ - --os-variant ${OS_VARIANT} \ - --cdrom "/var/lib/libvirt/images/${ISO_FILENAME}" \ - --boot "$BOOT_ARGS" \ - --tpm backend.type=emulator,backend.version=2.0,model=tpm-crb \ - --nographics \ - --noautoconsole \ - --wait=15 \ - --noreboot - -# Installation can get stuck, destroying VM helps -# See https://github.com/osbuild/osbuild-composer/issues/2413 -if [[ $(sudo virsh domstate "${IMAGE_KEY}-simplified_iso_without_fdo") == "running" ]]; then - sudo virsh destroy "${IMAGE_KEY}-simplified_iso_without_fdo" -fi - -# Start VM. -greenprint "๐Ÿ’ป Start UEFI VM" -sudo virsh start "${IMAGE_KEY}-simplified_iso_without_fdo" - -# Check for ssh ready to go. -greenprint "๐Ÿ›ƒ Checking for SSH is ready to go" -for LOOP_COUNTER in $(seq 0 30); do - RESULTS="$(wait_for_ssh_up $IGNITION_GUEST_ADDRESS)" - if [[ $RESULTS == 1 ]]; then - echo "SSH is ready now! ๐Ÿฅณ" - break - fi - sleep 10 -done - -# With new ostree-libs-2022.6-3, edge vm needs to reboot twice to make the /sysroot readonly -sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "admin@${IGNITION_GUEST_ADDRESS}" 'nohup sudo systemctl reboot &>/dev/null & exit' -# Sleep 10 seconds here to make sure vm restarted already -sleep 10 -for _ in $(seq 0 30); do - RESULTS="$(wait_for_ssh_up $IGNITION_GUEST_ADDRESS)" - if [[ $RESULTS == 1 ]]; then - echo "SSH is ready now! ๐Ÿฅณ" - break - fi - sleep 10 -done - -# Check image installation result -check_result - -greenprint "๐Ÿ•น Get ostree install commit value" -INSTALL_HASH=$(curl "${PROD_REPO_URL}/refs/heads/${OSTREE_REF}") - -if [[ ${IGNITION} -eq 0 ]]; then - # Add instance IP address into /etc/ansible/hosts - sudo tee "${TEMPDIR}"/inventory > /dev/null << EOF - [ostree_guest] - ${IGNITION_GUEST_ADDRESS} - - [ostree_guest:vars] - ansible_python_interpreter=/usr/bin/python3 - ansible_user=core - ansible_private_key_file=${SSH_KEY} - ansible_ssh_common_args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" - ansible_become=yes - ansible_become_method=sudo - ansible_become_pass=${EDGE_USER_PASSWORD} -EOF - - # Fix ansible error https://github.com/osbuild/osbuild-composer/issues/3309 - greenprint "fix stdio file non-blocking issue" - sudo /usr/libexec/osbuild-composer-test/ansible-blocking-io.py - - # Test IoT/Edge OS - sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \ - -e image_type=redhat \ - -e ostree_commit="${INSTALL_HASH}" \ - -e skip_rollback_test="true" \ - -e ignition="${HAS_IGNITION}" \ - -e edge_type=edge-simplified-installer \ - -e fdo_credential="false" \ - -e sysroot_ro="$SYSROOT_RO" \ - /usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0 - check_result -fi - -# now try with blueprint user - -# Add instance IP address into /etc/ansible/hosts -sudo tee "${TEMPDIR}"/inventory > /dev/null << EOF -[ostree_guest] -${IGNITION_GUEST_ADDRESS} - -[ostree_guest:vars] -ansible_python_interpreter=/usr/bin/python3 -ansible_user=admin -ansible_private_key_file=${SSH_KEY} -ansible_ssh_common_args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" -ansible_become=yes -ansible_become_method=sudo -ansible_become_pass=${EDGE_USER_PASSWORD} -EOF - -# Fix ansible error https://github.com/osbuild/osbuild-composer/issues/3309 -greenprint "fix stdio file non-blocking issue" -sudo /usr/libexec/osbuild-composer-test/ansible-blocking-io.py - -# Test IoT/Edge OS -sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \ - -e image_type=redhat \ - -e ostree_commit="${INSTALL_HASH}" \ - -e skip_rollback_test="true" \ - -e ignition="${HAS_IGNITION}" \ - -e edge_type=edge-simplified-installer \ - -e fdo_credential="false" \ - -e sysroot_ro="$SYSROOT_RO" \ - /usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0 -check_result - ######################## ## ## Build upgrade image @@ -1437,8 +1085,8 @@ sudo composer-cli compose delete "${COMPOSE_ID}" > /dev/null sudo composer-cli blueprints delete upgrade > /dev/null greenprint "๐Ÿ—ณ Upgrade ostree image/commit" -sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" admin@${IGNITION_GUEST_ADDRESS} "echo ${EDGE_USER_PASSWORD} |sudo -S rpm-ostree upgrade" -sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" admin@${IGNITION_GUEST_ADDRESS} "echo ${EDGE_USER_PASSWORD} |nohup sudo -S systemctl reboot &>/dev/null & exit" +sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" admin@${EDGE_GUEST_ADDRESS} "echo ${EDGE_USER_PASSWORD} |sudo -S rpm-ostree upgrade" +sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" admin@${EDGE_GUEST_ADDRESS} "echo ${EDGE_USER_PASSWORD} |nohup sudo -S systemctl reboot &>/dev/null & exit" # Sleep 10 seconds here to make sure vm restarted already sleep 10 @@ -1446,8 +1094,8 @@ sleep 10 # Check for ssh ready to go. greenprint "๐Ÿ›ƒ Checking for SSH is ready to go" # shellcheck disable=SC2034 # Unused variables left for readability -for LOOP_COUNTER in $(seq 0 30); do - RESULTS="$(wait_for_ssh_up $IGNITION_GUEST_ADDRESS)" +for _ in $(seq 0 30); do + RESULTS="$(wait_for_ssh_up $EDGE_GUEST_ADDRESS)" if [[ $RESULTS == 1 ]]; then echo "SSH is ready now! ๐Ÿฅณ" break @@ -1458,50 +1106,14 @@ done # Check ostree upgrade result check_result -# try with core user - -if [[ ${IGNITION} -eq 0 ]]; then - # Add instance IP address into /etc/ansible/hosts - sudo tee "${TEMPDIR}"/inventory > /dev/null << EOF - [ostree_guest] - ${IGNITION_GUEST_ADDRESS} - - [ostree_guest:vars] - ansible_python_interpreter=/usr/bin/python3 - ansible_user=core - ansible_private_key_file=${SSH_KEY} - ansible_ssh_common_args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" - ansible_become=yes - ansible_become_method=sudo - ansible_become_pass=${EDGE_USER_PASSWORD} -EOF - - # Fix ansible error https://github.com/osbuild/osbuild-composer/issues/3309 - greenprint "fix stdio file non-blocking issue" - sudo /usr/libexec/osbuild-composer-test/ansible-blocking-io.py - - # Test IoT/Edge OS - sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \ - -e image_type=redhat \ - -e ostree_commit="${UPGRADE_HASH}" \ - -e skip_rollback_test="true" \ - -e edge_type=edge-simplified-installer \ - -e fdo_credential="false" \ - -e sysroot_ro="$SYSROOT_RO" \ - /usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0 - check_result -fi - -# now try with blueprint user - # Add instance IP address into /etc/ansible/hosts sudo tee "${TEMPDIR}"/inventory > /dev/null << EOF [ostree_guest] -${IGNITION_GUEST_ADDRESS} +${EDGE_GUEST_ADDRESS} [ostree_guest:vars] ansible_python_interpreter=/usr/bin/python3 -ansible_user=admin +ansible_user=${ANSIBLE_USER} ansible_private_key_file=${SSH_KEY} ansible_ssh_common_args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" ansible_become=yes @@ -1509,10 +1121,6 @@ ansible_become_method=sudo ansible_become_pass=${EDGE_USER_PASSWORD} EOF -# Fix ansible error https://github.com/osbuild/osbuild-composer/issues/3309 -greenprint "fix stdio file non-blocking issue" -sudo /usr/libexec/osbuild-composer-test/ansible-blocking-io.py - # Test IoT/Edge OS sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \ -e image_type=redhat \ @@ -1522,8 +1130,16 @@ sudo ansible-playbook -v -i "${TEMPDIR}"/inventory \ -e fdo_credential="false" \ -e sysroot_ro="$SYSROOT_RO" \ /usr/share/tests/osbuild-composer/ansible/check_ostree.yaml || RESULTS=0 + check_result +greenprint "๐Ÿงน Clean up VM" +if [[ $(sudo virsh domstate "${IMAGE_KEY}-fdorootcert") == "running" ]]; then + sudo virsh destroy "${IMAGE_KEY}-fdorootcert" +fi +sudo virsh undefine "${IMAGE_KEY}-fdorootcert" --nvram +sudo virsh vol-delete --pool images "$LIBVIRT_IMAGE_PATH" + # Final success clean up clean_up