Some uses of `cloudbuild` GCP API have been left in our internal cloud
API implementation for GCP. We do not use `cloudbuild` to import GCE
images into GCP any more.
Do not request the `cloudbuild` authentication scope when getting new
GCP client.
Update vendored packages accordingly.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
For backward compatibility, revert changes related to hybrid boot mode
for RHEL (RHUI) EC2 images before 9.3 release.
This change does not affect CentOS Stream 9 AMI images nor the RHEL AMI
build by the service or on-premise.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
For backward compatibility, revert changes related to hybrid boot mode
for RHEL (RHUI) EC2 images before 8.9 release.
This change does not affect CentOS Stream 8 AMI images nor the RHEL AMI
build by the service or on-premise.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
The post install script customises the selinux policy, but is gated on
`selinuxenabled`, which will fail inside the buildroot container.
As a result it's never executed.
Add Fedora iot-raw-image test manifests with supported customizations,
specifically:
- custom users and groups
- custom enabled services
- custom files and directories
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Extend the `ostree-raw-image.sh` to use the directories and files
customizations for the raw image and test their effect using the ansible
playbook.
Custom files and directories are currently tested only on Fedora,
because they are allowed by policy only there.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Reformat calls of `ansible-playbook` by splitting them into multiple
lines. This makes it easier to read.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Break the execution of `ansible-playbook` into multiple lines to make it
easier to read.
Add a comment on top of the second `ansible-playbook` execution if
Ignitions is availble, explaining what differs. Otherwise this is hard
to spot.
There are 3 places in the script, where there are always 2 executions of
the `ansible-playbook`. First the user from the BP is used. On the
second run, the user created by Ignition is used. This was not the case
for the last 2 executions of `ansible-playbook` at the end of the
script. Adjust the order for consistency with the rest of the script.
The changes should have no effect on the test case.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
One of the IOT use cases for custom files and directories is to be able
to enable a custom systemd unit. This was previously not possible to do
via BP Customizations.
In addition, the test case for custom files and directories in
ostree-based images (currently only build-time images) takes advantage
of enabling a custom systemd unit file, this this will enable using the
same test scenario also for deploy-time ostree image types.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Set the user provided BP customizations related to custom files and
directories to the iot raw-image type, to ensure that these get
created while deploying a commit.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Extend the `OSTreeRawImage` with a slice of custom directories and
files, that can be created in the image. Pass these down to the ostree
deployment pipeline, so that it can add necessary osbuld stages if any
directories or files were specified by user.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Extend the `OSTreeDeployment` with a list of custom files and
directories, that can be created in the deployed ostree commit. This
functionality is equivalent to the one that was added for the OS
pipeline.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
When a blueprint containing package name globs is frozen it was failing
because it could not find the string in the dependency list. This fixes
it by replacing the package glob with all of the matching packages from
the dependency list.
This removes the setPkgEVRA function and adds a new expandBlueprintGlobs
function that handles the package name glob expansion, and replacement of
the version globs with the dependency EVRA.
Also includes testing for the new function.
GetEVRA will return the Epoch:Version-Release.Arch string, and
GetNEVRA will return Name-Epoch:Version-Release.Arch
with Epoch being left off if it is zero.
Also includes tests.
This is currently failing (fixed in the next commit). It tests to make
sure that a blueprint with package name globs can be frozen. The
resulting blueprint should replace the glob entries with the expanded
list of packages.
This tests to make sure that package name globs are working during
integration test runs. dnf supports this, and users have been using it,
so testing to make sure it keeps working is important.
Extend the Cloud API AWS test case to verify the uploaded AMI boot mode.
For informational purposes, also log the boot mode of the instance
created using the AMI by the test case.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
On RHEL-8, the x86_64 AMI / EC2 images used a BIOS-only partition table
layout, because the base partition table unification happened in the
past only on RHEL-9 and Fedora (inherited from RHEL-9).
To make things consistent and uniform across RHEL-8 and RHEL-9, I copied
the base partition table used by RHEL-9 AMI / EC2 images to RHEL-8. This
has a side-effect for aarch64 AMI / EC2, where the `/boot` partition
size changed from 512 MiB to 500 MiB, together with the partition GUID
to "Extended Boot Loader Partition GUID".
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
The image already used base partition table with necessary layout to
support hybrid boot mode, so the change was just a matter of modifying
the associated platform.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
The image already used base partition table with necessary layout to
support hybrid boot mode, so the change was just a matter of modifying
the associated platform.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Fedora distro definition contained an empty `s390x` architecture with no
image types added to it. Let's remove it from the distro definition,
since it's adding no value in its current form.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
