Running the container on Openshift requires that the process inside the
container run without special permissions.
Switching to nginx and setting the following options that don't require
root privileges:
- Port 8080 (> 1024)
- pid file in '/tmp' instead of the default '/run' path
Also, the log file is chmod-ed to be world writable. Nginx always writes
to the default log file on startup, even if a different log file path is
specified in the configuration.
See rhbz#1945238
Signed-off-by: Achilleas Koutsou <achilleas@koutsou.net>
org.osbuild.chmod: runs chmod on one or more files
org.osbuild.nginx.conf: write nginx config file
Signed-off-by: Achilleas Koutsou <achilleas@koutsou.net>
dependabot is an independent security scanning tool which mostly
focuses on evaluating the dependency chain. Having the dependabot.yml
file on the main branch would enable the bot to test the dependencies
daily.
weldr-client returns different json structures than the original
composer-cli does. It is being replaced in RHEL-9 and these changes make
it possible to run the tests with both old composer-cli and
weldr-client.
This hides warnings that are seen whenever dnf is called and also it is
no longer possible to initialize postresql database without it which is
used in base tests now.
Change the x86_64-specific dracut configuration of RHEL-8.5 and RHEL-9.0
EC2 and AMI images to not include `xen-netfront` driver and add `nvme`
driver, which was previously not included. Since the configuration is no
longer Xen-specific, rename the configuration file to `ec2.conf`.
Justification:
There is no reason to put `xen-netfront` to initramfs as EC2 images don't
boot from network root. In addition, add `nvme` driver to handle the case
when initramfs is getting forcefully rebuild on a Xen instance (and not able
to boot on Nitro after that).
Related to https://issues.redhat.com/browse/COMPOSER-1096.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Feodra 34 and thus RHEL 9 switched to a unified grub configuration,
which means that the main grub config is always located in the same
location, /boot/grub2/grub.cfg.[1] osbuild has used this scheme for
hybrid boot on x64 but not on pure efi systems like aarch64. The
new osbuild option `uefi.unified` was introduced to select that new
unified grug cfg scheme also for those, pure efi, systems. Use that.
[1] https://fedoraproject.org/wiki/Changes/UnifyGrubConfig
The `uefi.unified` option indicates whether the `org.osbuild.grub2`
will use the unified grub configration scheme[1] used by Fedora 34
and thus RHEL 9.
NB: This requires osbuild version >= 32.
[1] https://fedoraproject.org/wiki/Changes/UnifyGrubConfig
The `uefi.install` option indicates whether the `org.osbuild.grub2`
stage will copy the efi binaries from the build root to the `/boot`
directory in the tree.
Co-Developed-by: Achilleas Koutsou <achilleas@koutsou.net>
Co-Developed-by: Antonio Murdaca <runcom@linux.com>
Devices unlike stage options, shouldn't be stage specific.
There is only one type of device so far, the loopback device, which
is already defined as a separate type.
The top level Devices type is simply an alias to a Device map.
The mkfs stages require a single device with a specific key ("device").
These stages accept only one device in their NewStage() function for
convenience and create the Stage struct with the required key.
The zipl.inst stage requires a device labeled 'disk' as well as the rest
of the devices that correspond to each partition. The disk device is
passed to the New stage function separately and added to the Stage
devices with the required key.
Signed-off-by: Achilleas Koutsou <achilleas@koutsou.net>
Mounts unlike stage options, shouldn't be stage specific. We have
filesystem specific mount types, differentiated by their type string.
Mounts can define their own additional options if necessary.
The top level Mounts type is simply an alias to a Mount array.
Signed-off-by: Achilleas Koutsou <achilleas@koutsou.net>
* Return error when write_files exists in cloud-init
Since the script adds a `write_files` key in cloud-init user-data, it
should return error if this key already exist in the input file.
Co-authored-by: Ondřej Budai <obudai@redhat.com>
This introduces a script to run cloud-cleaner with a schedule. It's
currently working with Azure only and therefore needed a change to
cloud-cleaner code as well. Using azure-cli it gets a list of resources
from $AZURE_RESOURCE_GROUP and then sorts out only resources that
are older than $HOURS_BACK and are not storage accounts.
Then it processes the list further leaving only list with unique
TEST_ID to supply to the cloud-cleaner.
Use TEST_ID for any resources created in Azure. Also create all
necessary vm network resources in advance to have predictable names
using TEST_ID as well.
Previously:
We used images built from pre-mass-rebuild composes but installed packages
from post-mass-rebuild composes. This caused weird stuff like sshd crashing
when installing non-related packages via dnf.
Now:
Both the image and repositories are post-mass-rebuild ones. This should solve
these weird issues.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
Previously, we used RAGRS which means that all our data was always replicated
to at least two regions for increased safety. This is cool but expensive, this PR
switches the API to use LRS that just uses one region.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
RHEL 9.0 isn't yet in .gitlab-ci.yml so this actually doesn't change in test
runs but it should make enabling of the tests easier.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
