The Resolve() function is now only responsible for resolving a
SourceSpec to a CommitSpec. It only resolves a checksum if a URL is set
and sets the option for the RHSM secrets.
The Parent has been removed from the SourceSpec. The SourceSpec is a
simple reference to a single ostree ref and has no connection with the
ostree options.
The ostree options for a compose request should be specified using the
ImageOptions struct, not the source spec. The source spec should be
specifying the source parameters for a single ostree commit internally.
Add a Distro enum to the Manifest struct for selecting package
selection.
Packages are sometimes renamed between distribution versions and since
we do the package selection in the Manifest, we need a way to select
distro-version-specific package names inside the manifest initialiser.
This may change in the future.
Do not expose the content of the manifest statically and instead rely on
the public methods to retrieve source specifications dynamically.
Since the methods require iterating through the pipelines to collect
source specifications, we should avoid calling the function multiple
times when we can reuse the returned values.
The new test_distro's manifest produces a slightly different empty
manifest when serialized even without content. Cloud API and Koji tests
have been adapted to match.
Weldr tests have been updated in several ways:
- The test_distro content resolver is used to resolve manifest content
before serializing.
- The test scenarios in TestCompose have been named for easier
troubleshooting (easier to identify a failing test by name).
- Manifests that work with the secondary ostree repo (the "other") use
the appropriate URL and ref and create a secondary "other" serialized
manifest.
The weldr API's test flag for resolving ostree commits does not produce
the same, fixed hash every time but instead computes a sha256 from the
URL + ref, like we do in the test manifests.
Define a public pipeline implementation that allows initialising with
content, serialising with resolved content, but produces no stages.
This is useful for testing.
Initialise the manifest only once in the enqueue functions
(ImageType.Manifest()) and pass it to the manifest generation function
with the workers and the dependency IDs. The function is renamed from
generateManifest() to serializeManifest() to reflect its new
functionality more accurately. The arguments to the function have also
been trimmed since we no longer need the image type, blueprint, and
image options.
The new functionality of the function is to collect all the resolved
content from the workers and serialize the manifest object.
Use the container sources provided by the content on the initialised
manifest instead of the blueprint to resolve containers. The container
sources on the manifest are a map keyed by the name of the pipeline that
will use the resolved containers, but the worker's container resolve job
works on a slice, so we reread the content map to get the pipeline name
(instead of taking the first payload pipeline from the image type).
This requires that there be only one pipeline that embeds containers,
which currently true of all our image types.
Use the commit sources provided by the content on the initialised
manifest instead of the image options to resolve commits. The ostree
sources on the manifest are a map keyed by the name of the pipeline that
will use the resolved commit spec, but unlike with the package sets, the
worker's commit resolve job works on a slice, so we reread the content
map to get the pipeline name. This requires that there be only one
pipeline that requires a resolved ostree commit, which is currently true
of all our image types.
Setting the default ostree ref on the image options before calling
Manifest() isn't needed anymore.
OSTree commits are now resolved after manifest initialisation just like
packages and containers. The test commit hash handling is moved to the
resolver function.
Read the ostree options in the compose request into a copy of the struct
that's used to write them.
Read the ostree commits from the content part of the manifest files and
use them in the serialisation function.
When a test manifest requires a commit to be resolved for content, fake
the commit ID resolution deterministically by hashing the URL + ref.
Store the resolved commit spec with the manifest metadata alongside the
other content (packages and containers).
Also add the secrets field if RHSM is true, which is now supposed to be
done by the resolver.
In tests (and dev tools) that apply to all image types, set just the
ostree URL instead of all the options.
The default ref is handled by the image functions when needed, so it
doesn't need to be set from the caller.
When initialising a manifest, use the ostree commit source spec only.
Then, when serialising, use the resolved ostree commit.
This is the same process we use for the other content types, packages
and containers.
Two new functions are defined in the distros to handle resolving the
ostree options: one for creating the parent commit source spec and image
ref for image types that have an optional parent commit (ostree commits
and containers) and one for creating the payload commit source spec for
image types that require an ostree payload (ostree raw images and
installers).
The checksum won't be resolved before initialising the manifest (where
checkOptions() is called), so we can't rely on it for validating
options. Instead, we can just make sure that the URL was provided, when
required by the image type.
Also, if a parent ref is specified in the options, a URL *must* be
specified regardless of image type, so verify this combination here
and return the same error message that is returned from
ostree.Resolve().
The parameter combination check will soon be removed from the
ostree.Resolve() function.
Add an ostree commit source (instead of a resolved commit spec) to
pipelines that support ostree commits. Source specs are used when
initialising a manifest for package selection. The resolved commit spec
is added after manifest initialisation through the serialization
function for stage creation.
Pipelines that require or support an ostree commit (either as payload or
a parent) must return the source specs using getOSTreeCommitSources()
after initialisation and the commit specs using getOSTreeCommits()
during serialization.
The FetchChecksum on ostree.ImageOptions was the resolved commit ID of
the parent ref to be pulled (for ostree commits and containers) or the
commit ID of the content ref (for ostree installers and raw images).
With the new process of manifest creation and serialisation, using the
image options to transport resolved content references is bad and
confusing. Image options should only reflect user and image type
options before any references are resolved. With this change, the
ostree.ImageOptions should only reflect the ostree-related options
specified by the user. Commit IDs will only be available after the
manifest is initialised when the commit sources are resolved (before
serialisation).
Pipelines that don't require packages didn't need to implement the
serializeStart() method, but now we need to set the resolved ostree
commit spec when a pipelines requires it.
1. Run RHEL for Edge CI on osbuild/rhel-edge-ci repo
2. Use released RHEL 8.8 and 9.2 boot ISO
3. Extend VM memory to 3072 on ostree.sh to fix error
"Overriding memory to 3072 MiB needed for centos-stream9 network install."
4. Install and start firewalld, configure VM network as trusted zone
osbuild can return a json object with details about manifest validation
errors. This adds support for saving those, and printing them when the
Write function is called. eg. when using composer-cli compose log UUID
Includes tests for new behavior.
Creates the 'edge-ami' image type based on edgeRawImage, which generates
a raw image (x86_64, aarch64) ready to upload to AWS EC2.
This 'edge-ami' image type has Ignition support.
Signed-off-by: Irene Diez <idiez@redhat.com>
cloud-init and bash should be everywhere. Thus, there's no point in specifying
them as a customization. Actually, it might mask error if we ever stop
installing bash/enabling cloud-init.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
Our package set was quite outdated. Let's sync it with the Fedora Cloud
kickstart:
https://pagure.io/fedora-kickstarts/blob/c3b160775a3b159f949ba931dcb68e520a460e12/f/fedora-cloud-base.ks
I manually compared built images and our image contain kernel, kernel-modules
and linux-firmware above the official package set:
- removing kernel and kernel-modules is tricky, because we always assume that
the default kernel is called kernel.
- removing linux-firmware is a big hack, since it breaks the RPM dependencies
inside the image.
Thus, let's ignore these for now, it's definitely better than before.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
Fedora Cloud SIG considers the qcow2 (cloud base) image as a good fit also for
OpenStack. Let's make our openstack image just an alias of qcow2. Once again,
this removes some duplicated code.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
Fedora doesn't build a separate AMI image. The ordinary Cloud Base image
is what's used for AWS.
Here's the code that's responsible for uploading ec2 images - it searches
for Cloud raw.xz images:
fcbface137/fedimg/consumers.py (L114)
And here's the pungi configuration showing that qcow2 and raw.xz are actually
built from the same kickstart:
https://pagure.io/pungi-fedora/blob/e080c0702f38c033025889e5fcc8d9fee5bb2026/f/fedora-cloud.conf#_142
Thus, we can just do the same thing: Let's base the AMI on the qcow2 to save
some bytes.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
F38 is already GA and the latest snapshots reflect that (specifically,
they do not contain the 'branched' word in the URL).
Modify F38 repo definitions.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
