simplified-installer: do not mandate FDO section in simplified provisioning
- build simplified installer iso without mentioning FDO section. - change done for rhel8 and rhel9 - add test case for this use case in test/case/ostree-simplified-installer.shovisioning - fixed review comments Signed-off-by: Sarita Mahajan <sarmahaj@redhat.com>
This commit is contained in:
Sarita Mahajan
Achilleas Koutsou
parent
44f4225c02
commit
dc3c0d9725
8 changed files with 187 additions and 64 deletions
|
|
@ -380,3 +380,7 @@ func (c *Customizations) GetOpenSCAP() *OpenSCAPCustomization {
|
|||
}
|
||||
return c.OpenSCAP
|
||||
}
|
||||
|
||||
func (f *FDOCustomization) HasFDO() bool {
|
||||
return f != nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -606,24 +606,24 @@ func (t *imageType) checkOptions(customizations *blueprint.Customizations, optio
|
|||
if customizations.GetInstallationDevice() == "" {
|
||||
return fmt.Errorf("boot ISO image type %q requires specifying an installation device to install to", t.name)
|
||||
}
|
||||
if customizations.GetFDO() == nil {
|
||||
return fmt.Errorf("boot ISO image type %q requires specifying FDO configuration to install to", t.name)
|
||||
}
|
||||
if customizations.GetFDO().ManufacturingServerURL == "" {
|
||||
return fmt.Errorf("boot ISO image type %q requires specifying FDO.ManufacturingServerURL configuration to install to", t.name)
|
||||
}
|
||||
var diunSet int
|
||||
if customizations.GetFDO().DiunPubKeyHash != "" {
|
||||
diunSet++
|
||||
}
|
||||
if customizations.GetFDO().DiunPubKeyInsecure != "" {
|
||||
diunSet++
|
||||
}
|
||||
if customizations.GetFDO().DiunPubKeyRootCerts != "" {
|
||||
diunSet++
|
||||
}
|
||||
if diunSet != 1 {
|
||||
return fmt.Errorf("boot ISO image type %q requires specifying one of [FDO.DiunPubKeyHash,FDO.DiunPubKeyInsecure,FDO.DiunPubKeyRootCerts] configuration to install to", t.name)
|
||||
//making fdo optional so that simplified installer can be composed w/o the FDO section in the blueprint
|
||||
if customizations.GetFDO() != nil {
|
||||
if customizations.GetFDO().ManufacturingServerURL == "" {
|
||||
return fmt.Errorf("boot ISO image type %q requires specifying FDO.ManufacturingServerURL configuration to install to", t.name)
|
||||
}
|
||||
var diunSet int
|
||||
if customizations.GetFDO().DiunPubKeyHash != "" {
|
||||
diunSet++
|
||||
}
|
||||
if customizations.GetFDO().DiunPubKeyInsecure != "" {
|
||||
diunSet++
|
||||
}
|
||||
if customizations.GetFDO().DiunPubKeyRootCerts != "" {
|
||||
diunSet++
|
||||
}
|
||||
if diunSet != 1 {
|
||||
return fmt.Errorf("boot ISO image type %q requires specifying one of [FDO.DiunPubKeyHash,FDO.DiunPubKeyInsecure,FDO.DiunPubKeyRootCerts] configuration to install to", t.name)
|
||||
}
|
||||
}
|
||||
} else if t.name == "edge-installer" {
|
||||
allowed := []string{"User", "Group"}
|
||||
|
|
|
|||
|
|
@ -899,7 +899,7 @@ func simplifiedInstallerTreePipeline(repos []rpmmd.RepoConfig, packages []rpmmd.
|
|||
"coreos-installer",
|
||||
"fdo",
|
||||
})
|
||||
if fdo.DiunPubKeyRootCerts != "" {
|
||||
if fdo.HasFDO() && fdo.DiunPubKeyRootCerts != "" {
|
||||
p.AddStage(osbuild.NewFDOStageForRootCerts(fdo.DiunPubKeyRootCerts))
|
||||
dracutStageOptions.Install = []string{"/fdo_diun_pub_key_root_certs.pem"}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -236,17 +236,18 @@ func grubISOStageOptions(installDevice, kernelVer, arch, vendor, product, osVers
|
|||
Vendor: vendor,
|
||||
}
|
||||
|
||||
grubISOStageOptions.Kernel.Opts = append(grubISOStageOptions.Kernel.Opts, "fdo.manufacturing_server_url="+fdo.ManufacturingServerURL)
|
||||
if fdo.DiunPubKeyInsecure != "" {
|
||||
grubISOStageOptions.Kernel.Opts = append(grubISOStageOptions.Kernel.Opts, "fdo.diun_pub_key_insecure="+fdo.DiunPubKeyInsecure)
|
||||
if fdo.HasFDO() {
|
||||
grubISOStageOptions.Kernel.Opts = append(grubISOStageOptions.Kernel.Opts, "fdo.manufacturing_server_url="+fdo.ManufacturingServerURL)
|
||||
if fdo.DiunPubKeyInsecure != "" {
|
||||
grubISOStageOptions.Kernel.Opts = append(grubISOStageOptions.Kernel.Opts, "fdo.diun_pub_key_insecure="+fdo.DiunPubKeyInsecure)
|
||||
}
|
||||
if fdo.DiunPubKeyHash != "" {
|
||||
grubISOStageOptions.Kernel.Opts = append(grubISOStageOptions.Kernel.Opts, "fdo.diun_pub_key_hash="+fdo.DiunPubKeyHash)
|
||||
}
|
||||
if fdo.DiunPubKeyRootCerts != "" {
|
||||
grubISOStageOptions.Kernel.Opts = append(grubISOStageOptions.Kernel.Opts, "fdo.diun_pub_key_root_certs=/fdo_diun_pub_key_root_certs.pem")
|
||||
}
|
||||
}
|
||||
if fdo.DiunPubKeyHash != "" {
|
||||
grubISOStageOptions.Kernel.Opts = append(grubISOStageOptions.Kernel.Opts, "fdo.diun_pub_key_hash="+fdo.DiunPubKeyHash)
|
||||
}
|
||||
if fdo.DiunPubKeyRootCerts != "" {
|
||||
grubISOStageOptions.Kernel.Opts = append(grubISOStageOptions.Kernel.Opts, "fdo.diun_pub_key_root_certs=/fdo_diun_pub_key_root_certs.pem")
|
||||
}
|
||||
|
||||
return grubISOStageOptions
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -572,24 +572,24 @@ func (t *imageType) checkOptions(customizations *blueprint.Customizations, optio
|
|||
if customizations.GetInstallationDevice() == "" {
|
||||
return fmt.Errorf("boot ISO image type %q requires specifying an installation device to install to", t.name)
|
||||
}
|
||||
if customizations.GetFDO() == nil {
|
||||
return fmt.Errorf("boot ISO image type %q requires specifying FDO configuration to install to", t.name)
|
||||
}
|
||||
if customizations.GetFDO().ManufacturingServerURL == "" {
|
||||
return fmt.Errorf("boot ISO image type %q requires specifying FDO.ManufacturingServerURL configuration to install to", t.name)
|
||||
}
|
||||
var diunSet int
|
||||
if customizations.GetFDO().DiunPubKeyHash != "" {
|
||||
diunSet++
|
||||
}
|
||||
if customizations.GetFDO().DiunPubKeyInsecure != "" {
|
||||
diunSet++
|
||||
}
|
||||
if customizations.GetFDO().DiunPubKeyRootCerts != "" {
|
||||
diunSet++
|
||||
}
|
||||
if diunSet != 1 {
|
||||
return fmt.Errorf("boot ISO image type %q requires specifying one of [FDO.DiunPubKeyHash,FDO.DiunPubKeyInsecure,FDO.DiunPubKeyRootCerts] configuration to install to", t.name)
|
||||
//making fdo optional so that simplified installer can be composed w/o the FDO section in the blueprint
|
||||
if customizations.GetFDO() != nil {
|
||||
if customizations.GetFDO().ManufacturingServerURL == "" {
|
||||
return fmt.Errorf("boot ISO image type %q requires specifying FDO.ManufacturingServerURL configuration to install to", t.name)
|
||||
}
|
||||
var diunSet int
|
||||
if customizations.GetFDO().DiunPubKeyHash != "" {
|
||||
diunSet++
|
||||
}
|
||||
if customizations.GetFDO().DiunPubKeyInsecure != "" {
|
||||
diunSet++
|
||||
}
|
||||
if customizations.GetFDO().DiunPubKeyRootCerts != "" {
|
||||
diunSet++
|
||||
}
|
||||
if diunSet != 1 {
|
||||
return fmt.Errorf("boot ISO image type %q requires specifying one of [FDO.DiunPubKeyHash,FDO.DiunPubKeyInsecure,FDO.DiunPubKeyRootCerts] configuration to install to", t.name)
|
||||
}
|
||||
}
|
||||
} else if t.name == "edge-installer" {
|
||||
allowed := []string{"User", "Group"}
|
||||
|
|
|
|||
|
|
@ -898,7 +898,7 @@ func simplifiedInstallerTreePipeline(repos []rpmmd.RepoConfig, packages []rpmmd.
|
|||
"coreos-installer",
|
||||
"fdo",
|
||||
})
|
||||
if fdo.DiunPubKeyRootCerts != "" {
|
||||
if fdo.HasFDO() && fdo.DiunPubKeyRootCerts != "" {
|
||||
p.AddStage(osbuild.NewFDOStageForRootCerts(fdo.DiunPubKeyRootCerts))
|
||||
dracutStageOptions.Install = []string{"/fdo_diun_pub_key_root_certs.pem"}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -235,16 +235,17 @@ func grubISOStageOptions(installDevice, kernelVer, arch, vendor, product, osVers
|
|||
Architectures: architectures,
|
||||
Vendor: vendor,
|
||||
}
|
||||
|
||||
grubISOStageOptions.Kernel.Opts = append(grubISOStageOptions.Kernel.Opts, "fdo.manufacturing_server_url="+fdo.ManufacturingServerURL)
|
||||
if fdo.DiunPubKeyInsecure != "" {
|
||||
grubISOStageOptions.Kernel.Opts = append(grubISOStageOptions.Kernel.Opts, "fdo.diun_pub_key_insecure="+fdo.DiunPubKeyInsecure)
|
||||
}
|
||||
if fdo.DiunPubKeyHash != "" {
|
||||
grubISOStageOptions.Kernel.Opts = append(grubISOStageOptions.Kernel.Opts, "fdo.diun_pub_key_hash="+fdo.DiunPubKeyHash)
|
||||
}
|
||||
if fdo.DiunPubKeyRootCerts != "" {
|
||||
grubISOStageOptions.Kernel.Opts = append(grubISOStageOptions.Kernel.Opts, "fdo.diun_pub_key_root_certs=/fdo_diun_pub_key_root_certs.pem")
|
||||
if fdo.HasFDO() {
|
||||
grubISOStageOptions.Kernel.Opts = append(grubISOStageOptions.Kernel.Opts, "fdo.manufacturing_server_url="+fdo.ManufacturingServerURL)
|
||||
if fdo.DiunPubKeyInsecure != "" {
|
||||
grubISOStageOptions.Kernel.Opts = append(grubISOStageOptions.Kernel.Opts, "fdo.diun_pub_key_insecure="+fdo.DiunPubKeyInsecure)
|
||||
}
|
||||
if fdo.DiunPubKeyHash != "" {
|
||||
grubISOStageOptions.Kernel.Opts = append(grubISOStageOptions.Kernel.Opts, "fdo.diun_pub_key_hash="+fdo.DiunPubKeyHash)
|
||||
}
|
||||
if fdo.DiunPubKeyRootCerts != "" {
|
||||
grubISOStageOptions.Kernel.Opts = append(grubISOStageOptions.Kernel.Opts, "fdo.diun_pub_key_root_certs=/fdo_diun_pub_key_root_certs.pem")
|
||||
}
|
||||
}
|
||||
|
||||
return grubISOStageOptions
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue