This commit also fixes the rpmrepo for 8.5 rt. The previously used one
was wrongly generated and had to be regenerated.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
When we firstly introduced the v2 manifests, we excluded docs from all rpm
stages because it doesn't make sense to include docs in edge images.
However, when we ported the other image types to v2, we left the flag on.
The side effect of --excludedocs is that we no longer install man pages into
the image. This the default behaviour of rpm and can be seen here:
b88f43b9a3/macros.in (L555)
This is actually quite a major regression in non-edge images, thus this commit
reverts this setting. It would be great to have the option not to install
docs in some rpm stages but as this is a difficult topic and we're already
past the deadline, we will consider this in the future.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
When we firstly introduced the v2 manifests, we excluded docs from all rpm
stages because it doesn't make sense to include docs in edge images.
However, when we ported the other image types to v2, we left the flag on.
The side effect of --excludedocs is that we no longer install man pages into
the image. This the default behaviour of rpm and can be seen here:
b88f43b9a3/macros.in (L555)
This is actually quite a major regression in non-edge images, thus this commit
reverts this setting. It would be great to have the option not to install
docs in some rpm stages but as this is a difficult topic and we're already
past the deadline, we will consider this in the future.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
Add test case to check the ability to create partitions for
the /var, /var/log & /var/log/audit mountpoints. This test is
checking that mountpoints with a depth of 3 or greater can be configured.
Previously it was only possible to configure separate partitions
for mountpoints in the allow list and their immediate subdirectories
only i.e. /var & /var/log
This fix allows for an arbitrary level of mountpoints, i.e. /var/log/audit,
/var/a/b/c/d/e and so on
Previously it was only possible to configure separate partitions
for mountpoints in the allow list and their immediate subdirectories
only i.e. /var & /var/log
This fix allows for an arbitrary level of mountpoints, i.e. /var/log/audit,
/var/a/b/c/d/e and so on
V2 is compliant with api.openshift.com design guidelines.
Errors are predefined, have codes, and are queryable.
All requests have an operationId set: a unique identifier which is
sortable by time. This is added to the response in case of an error.
All returned objects have the href, id, and kind field set.
The RHSM DNF plugins `product-id` and `subscription-manager` are now
by default enabled on the RHEL-8.5 and RHEL-9.0 `ec2`, `ec2-ha` and
`ami` images.
The desired default state of the RHSM DNF plugins has been decided by
the RHSM team.
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1996670
Signed-off-by: Tomas Hozza <thozza@redhat.com>
We don't want to give the impression we support building Fedora on RHEL or
CentOS Stream, or CentOS Stream on RHEL, so drop these repositories from
the package.
Also adjust dnf-json to use test repositories, rather than the upstream ones.
These are shipped in the test package, so makes sure we are unaffected by
what is shipped in the RPM shipped in the distros.
The golang-github-osbuild-composer package was created by mistake a long
time ago. Stop providing it in Fedora 34 and newer and add a note about
removing the condition when Fedora 33 hits EOL.
These changes enable the use of weldr-client with the test and also
there was a need to change the vm.create command a little bit. Without
the increased CPU and RAM RHEL-9 would not boot and a network adapter
had to be specified to use a newer one because the default one does not
work with RHEL-9.
the prepare-rhel-internal.sh script should be executed on a single
runner and it will loop through all architectures to prepare the
necessary definitions inside .json and .repo files. The resulting
osbuild-composer-tests repository is not multi-arch, containing all
versions of osbuild-composer-tests.rpm downloaded from Brew.
This is needed because jobs from subsequent stages will download
artifacts (.json & .repo files) from the prepare job but there's no
mechanism to control this easily. As a result artifacts are downloaded
from all of the prepare jobs and they overwrite themselves resulting in
test systems being configured with repo files for different CPU
architecture which leads to dnf errors.
We have limited resources in openstack. We can only run about 40 concurrent VMs.
Previously, the rate limiting was kinda stupid:
All (aws and openstack) jobs were run using the same runner. This runner was
globally limited to 60 concurrent jobs. For openstack, the individual
images were also limited to a certain number of concurrent jobs in
the gitlab-ci-terraform repository so we don't hit the quota. This limit
was applied at runtime - the first thing that an openstack job did was to
wait for a slot. This job counted towards the global limit of jobs (60)
and thus was blocking one slot without doing any useful work.
Applying local limits to please global quota is stupid though. We have much
more demand for rhel-8.5 runner than for e.g. Fedora. It would be much
better to just use global limit that would map much nicely to global
quota.
Today, I've introduced a new runner with tag terraform/openstack. It's
currently limited to 20 concurrent jobs. All jobs running on openstack should
run on the new runner. This runner has the local rate limiting for openstack
disabled. This means that we can run 20 concurrent openstack jobs and it
doesn't matter which distribution they run.
To sum it up, this has two benefits:
- no local limits, we can just use the full quota
- no idling jobs waiting for an openstack slot
Note that the openstack global limit is currently set to 20, I will raise
it once all PRs are rebased on top of this change.
Side effect: I moved all libvirt test to openstack. I think this is overall
better because testing guest images on KVM makes more sense than testing them
on TCG.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
#1717 broke the source preparedness check. This was probably caused by the
fact that the PR wasn't rebased on top of the latest main when it was merged.
I guess that some other PR made some incompatible changes in the meantime.
This commit is just a rerun of tools/prepare-source.sh
Merge trains are a nice idea, right?
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
2 configurations for the listeners are now possible:
- enableJWT=false with client ssl auth
- enableJWT=true with https
Actual verification of the tokens is handled by
https://github.com/openshift-online/ocm-sdk-go.
An authentication handler is run as the top level handler, before any
routing is done. Routes which do not require authentication should be
listed as exceptions.
Authentication can be restricted using an ACL file which allows
filtering based on JWT claims. For more information see the inline
comments in ocm-sdk/authentication.
As an added quirk the `-v` flag for the osbuild-composer executable was
changed to `-verbose` to avoid flag collision with glog which declares
the `-v` flag in the package `init()` function. The ocm-sdk depends on
glog and pulls it in.
