Commit graph

2073 commits

Author SHA1 Message Date
Christian Kellner
c5a5da5f56 distro/fedora: add container image type
Add a container image type that is based on the existing fedora
container image. There is a delta in terms of the configuration
because osbuild does not yet provide all the neccessary means,
but the package set is already very close.
2022-06-29 10:02:46 +02:00
Christian Kellner
59edcc4a46 distro/fedora: only pass kernelName to NewOSPipeline for bootable images
If the image is not bootable it means that we do not need the kernel
version and thus we should not pass it along to `NewOSPipeline`,
because we might not even have a kernel in the package set.
2022-06-29 10:02:46 +02:00
Christian Kellner
49559d53d7 pipeline/os: only infer kernel version if name is not empty
Do not try to infer the kernel verison if `kernelName` is the
empty string.
2022-06-29 10:02:46 +02:00
Christian Kellner
776dfd2da6 distro: option to exclude docs during installation
We don't ship documentation in container images, add an option to
ImageConfig to disable the installation of docs during installation.
2022-06-29 10:02:46 +02:00
Christian Kellner
f37a791bd2 distro: new image config to disable selinux
We don't need to label container artifacts, so include an option
in the image config to disable it.
NB: This is a boolean that with the default false in order to
not have to change every existing image configuration.
2022-06-29 10:02:46 +02:00
Christian Kellner
4b7dc3bbec pipelines/os: new option to exclude documentation
Add a new `ExcludeDocs` to control the if documentation is included
during the package installation.
2022-06-29 10:02:46 +02:00
Christian Kellner
d88bde8ab7 pipelines/os: new option to control selinux labeling
Make the SELinux labeling of the tree optional via a `SELinux`
variable.
2022-06-29 10:02:46 +02:00
Christian Kellner
516f30de17 distro: new blueprint helper where kernel package is optional
Add a new extended helper `GetPackagesEx` that includes a flag
to specify if the target is bootlable or not and only include
the kernel package in case it is set to true. Delegate to this
new helper from the existing `GetPackages`.
2022-06-29 10:02:46 +02:00
Christian Kellner
986f076276 container: add support for uploading to registries
Add a new generic container registry client via a new `container`
package. Use this to create a command line utility as well as a
new upload target for container registries.

The code uses the github.com/containers/* project and packages to
interact with container registires that is also used by skopeo,
podman et al. One if the dependencies is `proglottis/gpgme` that
is using cgo to bind libgpgme, so we have to add the corresponding
devel package to the BuildRequires as well as installing it on CI.

Checks will follow later via an integration test.
2022-06-29 10:02:46 +02:00
Chloe Kaubisch
765e93bfc8 cloudapi: get specific error from openapi
Error handling is structured in such a way that typically, a ServiceCodeError is passed
through the echo HTTP error, in reference to internally defined errors. We want to be able
to obtain and return specific external errors, for example during validation from openapi3.
Add a 'details' field to the serviceError struct, to contain extra / externally defined
information. Modify HTTPErrorHandler to anticipate either a string or a ServiceErrorCode
from echo, and respond accordingly. Edit the affected tests to expect the appropriate response.
2022-06-28 10:02:55 +02:00
Tom Gundersen
be2195b235 pipeline: add a bit more documentation
Make sure that each of the types have at least a bit of documentation.
2022-06-27 19:11:26 +01:00
Tom Gundersen
4556312d22 pipeline: split qcow2 into format specific pipelines
Stages are procedural and named after the tool they wrap, but pipelines are declarative and should
be named after the kind of artefact they produce.

This splits the qemu (the tool) pipeline into qcow2, vmdk, and vpc (the formats) pipelines. In theory
we may have wanted to implemented through some shared helpers, but for now it seems trivial
enough that it is not worth it.
2022-06-27 19:11:26 +01:00
Tom Gundersen
1fa92f9091 pipeline: distinguish between optional and mandatory properties
The ideal is that the constructor takes mandatory properties as arguments, and fields in the struct
are all optional.

This clarifies that across the pipelines (or leaves TODOs where work remains), and where possible
makes fields optional by providing a valid default value.
2022-06-27 19:11:26 +01:00
Tom Gundersen
c001af63ec pipeline: further cleanups
This adds more documentation and makes more properties implicitly inherited rather than
repeated. This makes for less boilerplate, and gives us fewer things to keep in sync.
2022-06-27 19:11:26 +01:00
Tom Gundersen
e5ef7933ac pipeline: drop stage_options.go
This was barely used. Making it explicit seemed more readable.
2022-06-27 19:11:26 +01:00
Tom Gundersen
f60092033b pipelines: make OSPipeline own the PartitionTable
The OSPipeline might need to know what disk layout it will be put onto, enforce this by making
the PartitionTable a property of the OSPipeline, and require child pipelines to query it when needed.
2022-06-27 19:11:26 +01:00
Tom Gundersen
ae34513d18 pipeline: move package to top level
The pipeline package is exists conceptually between the distro and the osbuild packages, so move
it to the top level rather than as a child of distro.

No functional change.
2022-06-27 19:11:26 +01:00
Tom Gundersen
e024ceb138 pipelines: cleanups
This is a collection of minor cleanups:
 - Start documenting the API
 - Enforce dependent pipelines have the correct type where necessary
 - Use data from dependent pipelines where possible
 - Start enforcing required fields
 - Move logic into the pipeline implementation where we can
2022-06-27 19:11:26 +01:00
Tom Gundersen
040a4ef6a1 pipelines: add Fedora IoT installer pipelines 2022-06-27 19:11:26 +01:00
Tom Gundersen
284eb9af59 distro/fedora: drop dead code 2022-06-27 19:11:26 +01:00
Tom Gundersen
0f015801d7 pipelines: add Fedora IoT commit and container pipelines 2022-06-27 19:11:26 +01:00
Tom Gundersen
1243f84cb0 pipelines: add fedora liveimg and qemu pipelines 2022-06-27 19:11:26 +01:00
Tom Gundersen
562a5b1127 pipelines: add fedora OS pipeline
This pulls out the OS pipeline, without changing the parameters. The dependency
between the OS pipeline and build pipeline, is now explicit, rather than by name.
2022-06-27 19:11:26 +01:00
Tom Gundersen
b6d6626a5d pipelines: introduce pipeline abstractions
Create a new package to encapsulate pipelines. This introduces only the build
pipeline and uses it in fedora.

No functional change.
2022-06-27 19:11:26 +01:00
Tom Gundersen
b8815aab4c distro/fedora: avoid double import
Fix typo. No functional chnage.
2022-06-27 19:11:26 +01:00
Achilleas Koutsou
365e1d109c distro/rhel7: remove vhd image type
1. Broken: specifies packages that aren't available in the repositories
   (langpacks-en and dhcp-client).
2. Not needed.
2022-06-23 10:12:35 +02:00
Christian Kellner
c38fcb128c distro/rhel7: add support for azure images
Add support for building Azure images, including RHUI based ones for
the private market place.
2022-06-21 00:06:26 +02:00
Christian Kellner
06e05df620 distro: add support for building a rhel 7 (qcow2)
Based on the RHEL 8.6 pipelines, needs a special buildroot with two
extra packages: python3-iniparse and python3-PyYAML.
Only x86_64 support for now.
2022-06-21 00:06:26 +02:00
Christian Kellner
13ce6140b9 distro: add YumConfig to ImageConfig
Not adding the actual option to any existing pipelines, since this is
only going to be relevant for rhel7.
2022-06-21 00:06:26 +02:00
Christian Kellner
42038ad47b osbuild2: support for the new vpc options in the qemu stage
Recently osbuild exposed the low level qemu options for the VPC
format. Add support for the `force_size` option.
2022-06-21 00:06:26 +02:00
Christian Kellner
5082c36ca5 osbuild2: add new Grub2LegacyStage for org.osbuild.grub2.legacy
Expose osbuild's `org.osbuild.grub2.legacy` stage.
2022-06-21 00:06:26 +02:00
Christian Kellner
75d7bbaaa3 osbuild2: optionally use sgdisk for partitioning
Add a new option to `GenImagePrepareStages`, which is used by all
modern pipelines for partitioning, to optionally use the `sgdisk`
partitioning tool via `org.osbuild.sgdisk`.
2022-06-21 00:06:26 +02:00
Christian Kellner
4b4e8ca810 osbuild2: add new SgdiskStage for org.osbuild.sgdisk
New partitioning stage that uses `sgdisk(8)` via `org.osbuild.sgdisk`.
2022-06-21 00:06:26 +02:00
Christian Kellner
074973e03d osbuild2: rename Partition to SfdiskPartition
Properly namespace the partition stage options for the Sfdisk stage.
2022-06-21 00:06:26 +02:00
Tomas Hozza
bdf009f800 UploadJobArtifact(): return 400 if not accepting artifacts
The worker server API handler `UploadJobArtifact()` was previously
silently discarding artifacts uploaded by the worker, if the server was
configured to not accept artifacts.

Change the behavior to return HTTP error "Bad Request" (`400`) to the
worker, in case it tries to upload artifact to the server, but the
server is configured to not accept any artifacts.

Add a new unit test testing the new behavior and adjust existing unit
tests, which were relying on the artifact being previously silently
discarded.
2022-06-17 17:37:15 +02:00
Tomas Hozza
fd82174469 worker/osbuild: consolidate Koji target options values meaning
When the Koji target support was added to the osbuild job, based on the
osbuild-koji job, the meaning of target option values got messed up.

The side effect of the issue is that when Koji composes are
submitted via Cloud API the resulting image is currently always uploaded
back to the worker server.

`OsBuildKoji` job
-----------------
- `OSBuildKojiJob.ImageName` is set to the filename of the image as
  exported by osbuild.
- `OSBuildKojiJob.KojiFilename` is set to the desired filename which
  should be used when uploading the image to Koji.

`OsBuild` job + `KojiTargetOptions` before
------------------------------------------
- `OSBuildJob.ImageName` is set to the filename of the image as exported
  by osbuild. This is done only by the Cloud API code for Koji composes.
  Cloud API does not set this for regular composes and any other target.
  The variable is set in common case only by Weldr API code with the
  same meaning and it is used by the `OsBuild` job implementation as an
  indication that the image should be uploaded back to the worker server.
- `Target.ImageName` is not set at all. Other targets use it for the
  desired filename which should be used when uploading the image to the
  target environment.
- `KojiTargetOptions.Filename` is set to the desired filename which
  should be used when uploading the image to Koji. All other target
  types use `Filename` variable in their options for the filename of the
  image as exported by osbuild.

`OsBuild` job + `KojiTargetOptions` after
-----------------------------------------
- `OSBuildJob.ImageName` is still set to the filename of the image as
  exported by osbuild. This is kept for a backward compatibility of new
  composer with older workers.
- `Target.ImageName` is set to the desired filename which should be used
  when uploading the image to Koji.
- `KojiTargetOptions.Filename` is set to the filename of the image as
  exported by osbuild.

This change is backward incompatible, meaning that old worker won't be
able to handle Koji compose requests submitted via Cloud API using a new
composer and also a new worker won't be able to handle Koji compose
requests submitted by a new composer. This is intentional, because after
discussion with Ondrej Budai, the Cloud API Koji integration is
currently not used anywhere in production.
2022-06-17 17:37:15 +02:00
Achilleas Koutsou
45ba071724 osbuild2: set the Insecure option for curl sources
When creating the curl source item for a package, set the Insecure
option on the source to the value of the IgnoreSSL field for the
package.
2022-06-15 20:13:47 +02:00
Achilleas Koutsou
2555910f77 distro: use GenSources in Manifest() creation methods
Use the new helper function to generate the "sources" section of the
manifest in all distros that use the v2 manifest format.
2022-06-15 20:13:47 +02:00
Achilleas Koutsou
5fe3d1f6d1 osbuild2: add GenSources helper function
This collects all the sources for a pipeline creates the "sources"
section for an osbuild manifest.
2022-06-15 20:13:47 +02:00
Achilleas Koutsou
c74bfe2aaf ostree: add new CommitSource type
Will be used by pipeline generators to specify the source URL for a
given commit in the manifest sources.
2022-06-15 20:13:47 +02:00
Achilleas Koutsou
e340687ab5 rpmmd: add IgnoreSSL field to PackageSpec
After a depsolve, each package inherits the `IgnoreSSL` value from its
repository configuration.

This information is not yet used.  It will be used to expose this
information to osbuild's org.osbuild.curl stage.

The test data is updated to match the new behaviour:
The test repository config specifies `IgnoreSSL=true` and the packages
in the response inherit the value.
2022-06-15 20:13:47 +02:00
Achilleas Koutsou
2f247847d6 rpmmd: add ignore_ssl to serialisable repo config
The internal repository configuration (RepoConfig) supports IgnoreSSL
which, when set to `true`, will run a depsolve job with the dnf repo
parameter `sslverify` set to `false`.

The serialisable repo object (repository) did not support reading this,
so it was impossible to set in global repo configs (from
/usr/share/osbuild-composer/repositories and
/etc/osbuild-composer/repositories).
It was, however, possible to set it through the weldr API when adding a
new source.
2022-06-15 20:13:47 +02:00
Achilleas Koutsou
000344937c osbuild: add Inscure field to CurlSourceOptions
Makes curl skip the verification step for secure connections and proceed
without checking.
The default (empty) value is 'false'.

osbuild counterpart: c8073b5836
2022-06-15 20:13:47 +02:00
Achilleas Koutsou
cd2c8e4c45 osbuild: rename URLWithSecrets to CurlSourceOptions
New options were added to the object in osbuild.  CurlSourceOptions is a
more appropriate name since the object isn't only used for adding
secrets.
2022-06-15 20:13:47 +02:00
Sanne Raymaekers
fe918fd8a0 dnfjson: Move subscriptions to Solver with config
The BaseSolver is an object which gets constructed when the worker
starts, and the subscriptions attached to it expire after about 3
days. By refreshing the subscriptions each time a new Solver is created,
valid subscriptions are used.
2022-06-15 15:15:23 +02:00
Achilleas Koutsou
af94d28b52 dnfjson: test for repo name and URL in error message 2022-06-14 11:39:07 +02:00
Achilleas Koutsou
0c13277940 dnfjson: append name and URL a repository to error message
If dnf-json returns an error that is related to a repository, it uses
the ID to identify the repository that caused the error.  Since IDs
can't easily be mapped back to a configuration, appending the URL and
name (if any) to the error message makes it easier to identify which
repository failed.
Keeping the ID in the message is also useful for finding the cache
directory of the repository if needed.
2022-06-14 11:39:07 +02:00
Achilleas Koutsou
460a85f245 osbuild1: remove UnmarshalJSON for Stage and StageOptions
OSBuild used to return the stage options as part of the result object
for v1 manifests.  We didn't use this information anywhere.  Currently
we convert v1 results to the v2 format while parsing the results of jobs
from old manifests (old distro definitions), but the StageOptions are
ignored and we only care about the StageMetadata.
2022-06-13 21:00:40 +01:00
Achilleas Koutsou
2a5aecb9f2 osbuild2: remove UnmarshalJSON for Stage and StageOptions
Initially added as a copy of the osbuild v1 parser.
OSBuild used to return the stage options as part of the result object,
but this is no longer the case in v2.
More importantly, it doesn't seem like we used this information
anywhere, so it's useless.
2022-06-13 21:00:40 +01:00
Ondřej Budai
caadee87ec azure: add an option to tag page blobs
We want to start tagging page blobs so this commit adds a small tagging method
to our azure library and exposes it in the osbuild-upload-azure helper.

Example:

go run ./cmd/osbuild-upload-azure/ \
  -container azure-container \
  -image ./sample.vhd \
  -storage-access-key KEY \
  -storage-account account \
  -tag key:value \
  -tag hello:world \
  -tag bird:toucan

This commit also has to downgrade the azblob library version to 0.13 so the
API for blob tags is the same as the one currently shipped to Fedora.
This is suboptimal but it should unblock us for now.

Signed-off-by: Ondřej Budai <ondrej@budai.cz>
2022-06-13 21:06:01 +02:00