Some image type test cases require additional repositories, which are
not available for all architectures. However, when an image type test
case is specified in the `format-request-map.json`, it is generated on any
architecture.
This behavior is creating issues when generating `*edge-commit` image
type test cases. This is because the `format-request-map.json` contains one
additional definition for `*edge-commit-rt`, which includes `kernel-rt`
package. However repositories with this package are available only for
x86_64. Therefore, when generating image test cases for `*edge-commit`,
the `generate-test-cases` script always generates two test cases,
but the generation of `*edge-commit-rt` always fails on non-x86_64
architectures.
Add a new optional member to the image type test case object in
`format-request-map.json`, called `supported_arches`. Its value is a
list of strings, specifying the supported architectures of the image
type test case. In case the member is not specified, the image test
case is supported on any architecture.
Extend the `generate-test-cases` script to skip image type test case
generation in case the case has the `supported_arches` specified and the
requested architecture is not in the list.
Fix#1478
Signed-off-by: Tomas Hozza <thozza@redhat.com>
This commit also fixes the rpmrepo for 8.5 rt. The previously used one
was wrongly generated and had to be regenerated.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
* Return error when write_files exists in cloud-init
Since the script adds a `write_files` key in cloud-init user-data, it
should return error if this key already exist in the input file.
Co-authored-by: Ondřej Budai <obudai@redhat.com>
This commit also updates the rpmrepo snapshot for rhel-90 to the latest one.
Note that vmdk and vhd images are currently not buildable, see:
https://bugzilla.redhat.com/show_bug.cgi?id=1989841
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
Renamed tar-installer to image-installer.
This is a more appropriate name:
- It disassociates the image type from the "tar" image type. The two
should not be perceived to be connected.
- It's more descriptive. The format of the payload (tar) isn't relevant
to the purpose of the image type.
Added to format-request-map and generated manifest.
No image-info since ISOs aren't supported by the tool. The manifest is
useful only for detecting changes in the image type definition.
image-info's code which analysed image with multiple partitions was not
correctly working with more than two partitions, which had to be the
root '/' and EFI partition '/boot/efi'. The consequence was that SELinux
labels on paths which were mounted incorrectly could have been reported
as incorrect.
Modify `append_partitions()` to first read the fstab entries and then
mount all partitions using their UUID in the correct order. Only then
analyze the image filesystem tree.
Regenerate affected image test cases.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
image-info could produce a weird fstab error with an empty list as a
member, when analysing images not built using osbuild. Ensure that any
lines in fstab with only whitespace characters are skipped during image
analysis.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Add new image type definitions `ec2` and `ec2-ha` representing the
official RHEL ec2 image types.
Add a `xzArchivePipeline()`, which returns a pipeline producing a XZ
archive from a file produced by a different pipeline.
Add rpmrepo snapshots for `rhui` and `ha` repositories used to generate
image test cases. `rhui` is used by the `ec2` image and it is available
on x86_64 and aarch64 architectures. `ha` is used by the `ec2-ha` image
and it is available only for x86_64.
The new image type definitions are currently not used by any
API test case.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Redefine the `ami` image type in RHEL-8.5 to be based on RHEL
ec2 images. The pipeline has different default settings, therefore the
common "os" pipeline is not used. The RHEL ec2 images have a different
default size than the original `ami` image definition. The RHEL ec2
images use a different default partitioning scheme. Their configuration
is slightly different for each architecture and the x86_64 version
of the image does not support UEFI.
Update rpmrepo snapshots used to generate RHEL-8.5 x86_64 and aarch64
image test cases.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
When not flushed, the line often doesn't get printed until after the job
is done. Printing it before the job is useful for knowing the progress
of a multi-job run.
Some images with ESP, e.g. the `rhel-ec2-aarch64`, have the `/boot` on
a separate partition. `image-info` currently produces traceback on such
images, e.g.:
Traceback (most recent call last):
File "/home/thozza/devel/osbuild-composer/./tools/image-info", line 1997, in <module>
main()
File "/home/thozza/devel/osbuild-composer/./tools/image-info", line 1991, in main
report = analyse_image(target)
File "/home/thozza/devel/osbuild-composer/./tools/image-info", line 1863, in analyse_image
append_partitions(report, device, loctl)
File "/home/thozza/devel/osbuild-composer/./tools/image-info", line 1849, in append_partitions
append_filesystem(report, tree)
File "/home/thozza/devel/osbuild-composer/./tools/image-info", line 1809, in append_filesystem
with open(f"{tree}/grub2/grubenv") as f:
FileNotFoundError: [Errno 2] No such file or directory: '/tmp/tmp3i__6m1w/grub2/grubenv'
The reason is that `grub2/grubenv` on the `/boot` partition is a symlink
to `../efi/EFI/redhat/grubenv`. However the `efi` directory on the
`/boot` partition is empty and the ESP must be mounted to it for the
expected path to exist.
Modify `image-info` to mount the ESP to `efi` directory if it exists on
the inspected partition.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
This commit adds RELEASING.md guide describing the process of making a new
upstream release and pushing it into Fedora and CentOS Stream 9.
Additionally, a new helper is added to the repository - update-distgit.py.
The purpose of this helper is to simplify work with the dist-git.
Random thoughts:
I decided to left off RHEL 8 because the guide would be full of internal
URLs and tools. I will probably write a similar guide for it and put it
into internal guides.
I decided to just reference the RHEL Developer Guide for CentOS Stream 9.
It's pretty well written and I didn't feel like duplicating the effort.
We should definitely switch to PR-based approach for Fedora and implement
at least some smoke tests. I believe that the current guide is good enough
and we can iterate later.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
mirrors.kernel.org are sometimes desynchronized, and thus causing issues with
the image tests. This commit switches the image tests for F33 to use RPMRepo.
All test cases were regenerated.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
The oldest distributions that we now support are RHEL 8.4 and Fedora 33.
They both support go 1.15, let's bump.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
Previously, the temporary directory was created in the script dir. It just
imo created unnecessary and confusing files in my git checkout. Let's just
use the default temporary directory because we don't really have special
needs for it.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
When `image-info` inspects ostree images, the `/usr/etc` is bind-mounted
to `/etc`. This results in conflicting SELinux policy specification for
these files and makes the outcome dependent on the `setfiles` build.
All the files in `/etc` have mismatch in the expected vs. actual SELinux
context.
Exclude `/etc` from the check of SELinux ctx mismatches in case the
analysed tree is from an ostree-based image.
Sort the list returned `read_selinux_ctx_mismatch()` based on the item's
`filename` key, to make the result consistent across runs.
`image-info` can not read SELinux labels from the images, which are not
known to the host. This makes the report content depend on the host
environment. As a temporary workaround, relabel the image-info script with
osbuild_exec_t label to allow it to read unknown SELinux labels.
Modify documentation in `test/README.md` to explain the issue with
`image-info` and unknown SELinux labels.
Modify the `generate-all-test-cases` to relabel `image-info` before
generating test cases.
Modify the `image_tests.sh` to relabel `image-info` before running image
test cases.
Add 'tar' image for 'rhel-8' on 's390x' back to the matrix of generated
test cases, as it was removed by mistake. Regenerate the image test
case. Remove 'tar' image from 'rhel-84' on 's390x' from the matrix of
generated test cases, as it is not supported.
Regenerate all affected image test cases.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Remove Fedora 32 image test case manifests, because the release
is already EOL. Remove Fedora 32 definitions from
`distro-arch-imagetype-map.json`. Remove Fedora 32 repositories
from `tools/test-case-generators/repos.json`.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
3a8c6c8a introduced a new logic for killing journalctl. Unfortunately, it
doesn't work properly. In ostree tests, multiple journalctls are spawned
but there can be only one trap active at a time. This caused all but the last
journalctls to hang indefinitely. Unfortunately, hanging background processes
is something that causes the GitLab CI to hang indefinitely as well.
This commit modifies the logic a bit: The trap is still set. However, there's
also an explicit kill of journalctl after the compose is finished. After the
process is successfully killed, the trap is removed.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
One occurrance of read_partition() call have not been modified as part of
previous commit [1], which is a bug.
[1] 598c2b6939
Signed-off-by: Tomas Hozza <thozza@redhat.com>
This is a preparation for defining EC2 images for RHEL-8.5.0. These
extensions to image-info tool represent modifications done to the
official EC2 images currently produced as RHEL release. It is important
to be able to analyse these aspects of images, before we define them in
osbuild-composer, to ensure that the resulting images will be consistent
with the current state.
- Read non-empty lines from /etc/hosts file and add them to the report.
- Read content of /etc/machine-id and add it to the report.
- Read uncommented key/values from /etc/systemd/logind.conf and add them
to the report.
- Read all ifcfg-* files from /etc/sysconfig/network-scripts/ and add
their values to the report.
- Read content of /etc/locale.conf and add it to the report.
- Read SELinux configuration from /etc/selinux/config and add it to the
report.
- Inspect the filesystem tree for SELinux context mismatches and add
them to the report.
- Read configuration files from /etc/modprobe.d/ and for now report only
all blacklisted kernel modules.
- Read RHSM configuration from /etc/rhsm/rhsm.conf and add it to the
report.
- Read cloud-init configuration from /etc/cloud/cloud.conf and add it to
the report.
- Read all *.conf files from /etc/dracut.conf.d/ and add their content to
the report.
- Read VC and X11 keyboard configuration and add it to the report.
- Read specific configuration directives from Chrony configuration and
add them to the report. Specifically 'server', 'pool', 'peer' and
'leapsectz'.
- Read drop-in configurations for *.service unit files from
/etc/systemd/system/ and add them to the report.
- Read all configuration files from /etc/tmpfiles.d/ and add them to the
report.
- Read all configuration files from /etc/sysctl.d/ and add them to the
report.
- Read the Tuned active profile and profile mode and add them to the
report.
- Read all configuration files from /etc/security/limits.d and add them
to the report.
- Read sudoers configuration from /etc/sudoers and files in
/etc/sudoers.d/ and add uncommented lines to the report. No
sophisticated parsing is done, because the configuration format
grammar is too complicated for the purpose of image-info.
- Read udev rules configuration files from /etc/udev/rules.d/ and add
them to the report.
- Read DNF configuration and defined vars and add them to the report.
- Read profile ID and enabled features used by authselect.
- Enable SELinux, extended attributes and POSIX ACLs support when
unpacking 'tar' image type to prevent potential mismatches
Regenerate all image test cases to reflect changes in the image-info
output. Modify the distro-arch-imagetype-map.json to cover all
combinations currently covered by existing image test cases.
Add doc strings to all read_* functions.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
All our images now support and have enabled cloud-init, there's no need
to explicitly enable it and install it in a kickstart.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
