Previously, we used RAGRS which means that all our data was always replicated
to at least two regions for increased safety. This is cool but expensive, this PR
switches the API to use LRS that just uses one region.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
The `fix-bls` stage supports a `prefix` argument, which was not
supported in composer. Specifying this argument is necessary in case the
`/boot` mountpoint is on a separate partition.
Add the `prefix` argument to the `fix-bls` stage. Amend unit tests.
The RHEL-8.5 and RHEL-9.0 `aarch64` `ec2` and `ami` images use partitioning
with `/boot` on a separate partition. Due to this, the pipeline must specify
a non-default prefix to the `fix-bls` stage.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Specifying the boot partition filesystem UUID in grub2 stage is required
in case the `/boot` mountpoint is on a separate partition. This is the
case of RHEL-8.5 and RHEL-9.0 `ami` and `ec2` images.
Extend `disk.PartitionTable` with a new `BootPartition` method, which
returns a pointer to partition with FS mountpoint `/boot` if there is
such partition, or `nil` otherwise.
Extend the RHEL-8.5 and RHEL-9.0 code creating options structure for
grub2 osbuild stage to include the boot partition in case it has been
provided.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
The `/boot` partition had incorrect FS type `EFI System partition`,
instead of `Linux filesystem data`. Fix this.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Otherwise, kernel-install will just pick the cmdline from /proc/cmdline
that is actually the host's one. This way, I managed to leak the cmdline
from my Fedora running on btrfs to RHEL 9 image which led to a very weird
results.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
We want to also mangle RHEL 9 in the same style as we do 8.4+.
RHEL 8.0 => rhel-80
RHEL 8.1 => rhel-81
etc
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
Renamed tar-installer to image-installer.
This is a more appropriate name:
- It disassociates the image type from the "tar" image type. The two
should not be perceived to be connected.
- It's more descriptive. The format of the payload (tar) isn't relevant
to the purpose of the image type.
It turns out there are edge cases where the previous mechanism worked
and the new one doesn't. Employee subscription is one example, where the
key can be used to access basically any content, yet nothing it written
in the redhat.repo file. This should have no effect on hosts running
RHSM the usual way.
It can happen that the system is not subscribed and the user requests a
source with rhsm set to "true". Return useful error message in such case
informing the user what to do about it.
The problem: osbuild-composer used to have a rather uncomplete logic for
selecting client certificates and keys while fetching data from
repositories that use the "subscription model". In this scenario, every
repo requires the user to use a client-side TLS certificate. The problem
is that every repo can use its own CA and require a different pair of
a certificate and a key. This case wasn't handled at all in composer.
Furthermore, osbuild-composer can use remote workers which complicates
things even more.
Assumptions: The problem outlined above is hard to solve in the general
case, but Red Hat Subscription Manager places certain limitations on how
subscriptions might be used. For example, a subscription must be tight to
a host system, so there is no way to use such a repository in osbuild-composer
without it being available on the host system as well.
Also, if a user wishes to use a certain repository in osbuild-composer it
must be available on both hosts: the composer and the worker. It will come
with different pair of a client certificate and a key but otherwise, its
configuration remains the same.
The solution: Expect all the subscriptions to be registered in the
/etc/yum.repos.d/redhat.repo file. Read the mapping of URLs to certificates
and keys from there and use it. Don't change the manifest format and let
osbuild guess the appropriate subscription to use.
For s390x, prepend a kernel cmdline stage to the start of the OS
pipeline. This is a noop for other architectures for now.
Signed-off-by: Achilleas Koutsou <achilleas@koutsou.net>
Returns a single stage that configures the bootloader, either GRUB or
ZIPL based on architecture.
Signed-off-by: Achilleas Koutsou <achilleas@koutsou.net>
Utility function for finding the kernel package and returning it's
version string. Useful for configuring bootloaders.
Signed-off-by: Achilleas Koutsou <achilleas@koutsou.net>
Location property is actually required. If it's omitted from the stage
options, the stage just fails.
Also see: https://github.com/osbuild/osbuild/pull/759
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
Fix the split of x86_64 boot package set into the Legacy and UEFI set.
The package `dracut-config-generic` is needed for Legacy, UEFI and
Hybrid boot mode, therefore it must be included in both package sets.
In the case of the Hybrid mode, the duplicated package is not expected
to cause any issues, because it should not appear as duplicated after
depsolving the package set using DNF.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Add new image type definitions `ec2` and `ec2-ha` representing the
official RHEL ec2 image types.
Add a `xzArchivePipeline()`, which returns a pipeline producing a XZ
archive from a file produced by a different pipeline.
Add rpmrepo snapshots for `rhui` and `ha` repositories used to generate
image test cases. `rhui` is used by the `ec2` image and it is available
on x86_64 and aarch64 architectures. `ha` is used by the `ec2-ha` image
and it is available only for x86_64.
The new image type definitions are currently not used by any
API test case.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
