Tracing the package set and repository journey, I found that the
container package defined on the image type is never really used.
Added notes to fix later.
The value comes from the command line args of the test binary
(osbuild-composer-manifest-tests). It works in our tests because we use
the default value, but if it was set differently it would have been
ignored.
Pass through all repos to the initalizeManifest() function. Each
pipeline will then select which repositories it needs based on the
PackageSets field of each repository.
Before, we only passed global repos down to the manifest generators and
pipeline-specific repositories would only be used if they were attached
to package sets and were handled explicitly by a pipeline generator.
The repositories of the "blueprint" package set are explicitly added to
the workload and returned by the "os" pipeline.
The repositories of the "installer" package set are explicitly added to
the "anaconda-tree" pipeline.
If a repository was specified for any other pipeline, for example
"build", the repositories for the that package set were never added to
the pipeline.
Fixes#3290
Match the key for the OS packages to the name of the OS pipeline ("os").
We will use this key to identify package sets that are returned from the
OS pipeline since the manifest returns package sets indexed by each
pipeline's name.
New test that runs through a few different scenarios of assigning
repositories to specific package sets. Each scenario defines a set of
global repositories (or none) and a set of pipeline-specific
repositories (or none) and an expected result. It then calls the
distro's PackageSets() method. The test checks that the package sets
that are returned are assigned the correct repositories based on the
test case's expected result.
A basic string-set struct is implemented to help with merging and
comparing string slices.
This test should currently fail due to #3290.
Add a default policy for custom directories and files to constrain what
users can do. The intention is to ensure that directories and files can
be created only in `/etc` and also that none of the important
configuration files can be overwritten by this customization.
Add the policy validation to all distro implementation.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Hook up the custom BP directories and files implementation with OS
pipeline implementation. The user-provided values are now set in the OS
customizations structure and will be used by the OS pipeline generator
when adding stages to the pipeline.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Move the `CheckMountpoints()` implementation to `blueprint` package,
since it does not operate on any data structures from the `disk`.
Move the default mountpoint allow list policy definition to the
`pathpolicy` package.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Unify how are allowed options checked in distro implementation in
relation to Ignition customization. Specifically, delete `HasIgnition()`
function and replace its use by `GetIgnition()` call and checking if it is
`nil`. This approach is consistent with how this is checked for other
customizations.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
When rhc is selected it will install the required packages, register
using rhc and always enable insights.
When rhc is not selected it will use subscription manager for
registration, and optionally enable insights. Also installing required
packages.
The rhui-azure-rhel8-sap-ha package is currently missing
the /etc/pki/rpm-gpg/RPM-GPG-KEY-microsoft-azure-release key.
This makes the image type unbuildable, which causes some of our tests
to fail.
Overlay the generic RHUI config, so the missing key isn't imported.
See CLOUDX-336 for more information.
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
DNF supports more than one GPG key. It is possible that one may be used for
signing packages, and another to sign the repository metadata. This
renamed GPGKey to GPGKeys internally. It does not change the on-disk
repository json format.
When the image definitions were updated to the new framework, I failed
to update the dracut modules for Anaconda installers to match the
existing ones.
The changes in the manifest are at commit
c4af0a1886.
The nvdimm module and the additional drivers were removed.
The nvdimm module in particular is required for http boot but should
only be specified for RHEL 9. In RHEL 8 it is part of the default set
of modules.
See 02bb7a0b4f and
dc95382ba3 for the original commits that
introduced these changes.
Similarly to the change made for rhel9, adding the sos package
gives users a built-in way to gather system logs and debug info.
Signed-off-by: Irene Diez <idiez@redhat.com>
Adds the sos package to the edge commit package set so that
users have built-in way to gather system logs and debug info.
Signed-off-by: Irene Diez <idiez@redhat.com>
The previous error didn't make it clear where the issue was coming from.
Now it explains that the problem is that a partition table for a given
architecture isn't specified on the image type.
The RHEL 7 images need to enable the force_autorelabel option for the
SELinux stage in osbuild. This option should almost never be used but
it was added specifically for RHEL 7. With the rewrite to the new
definitions and the sharing of pipeline code between all distros, we
need to add support to all stages of the pipeline generation to be able
to enable it.
The RHEL 7 vpc subformat in qemu does not support force_size so we need
to be able to disable it. The parameter in all parts is defined as a
pointer because the default value is 'true'. Not specifying it will
keep the option in the osbuild stage as 'nil', falling back to 'true' in
osbuild.
Older OS versions (RHEL 7) with older versions of grub2 don't support
BLS entries. Setting NoBLS to true configures the bootloader with
traditional menu entries through the grub2.legacy osbuild stage. This
requires specifying extra information for the OS to the pipeline:
version, product, and nick.
Add the partition tool as an option on the Raw pipeline. Set it to the
old value (sfdisk) by default.
Expose the option up through the liveImage image kind so that the
distribution can set it if needed.
For RHEL 7, set it to sgdisk.
- Replace Manifest() and PackageSets() imageType methods with (adapted)
copies from RHEL 8.
- Replace pipeline functions with liveImage image function.
- Specify xz compression for Azure RHUI.
- Add similar package name overrides as we did in RHEL 8. For RHEL 7,
we need to modify the capitalisation of python3-pyyaml.
Moved the qcow2 image type definition to the top of the file for
consistency with the other image type files.
Separated the default image config struct from the base image type
definition to make it easier to read.
Moved the Azure image type definition to the top of the file for
consistency with the other image type files.
Separated the default image config struct from the base image type
definition to make it easier to read.
Update the implementation of the distro.Distro interface to match the
one in RHEL 8, 9, and Fedora. The main change is that the runner is a
runner.Runner and not a string.
The runner name is now rhel79 (changed from rhel7). This is
functionally equivalent based on osbuild's runner version fallback
logic.
The qcow2 image type for RHEL 7 doesn't have packageset chains defined.
This means that the blueprint packages are never merged into the os
pipeline.
This is unnecessary right now because of the upcoming rewrite, but it
will minimise the differences that will show up in the manifest.
The qcow2-customize manifest has an added block of options for the
grub2.legacy stage because now the dracut-config-rescue package is being
installed in the image.
Azure RHUI and BYOS images use the respective BYOS / RHUI default image
configuration, inheriting the defaults from a common configuration. The
Azure SAP RHUI image was incorrectly using the common configuration and
was not inheriting any settings from the RHUI configuration. As a
result, the Azure SAP RHUI image was missing the following
configuration:
- Required GPG keys were not imported from the file system as part of
image build.
- No RHSM configuration was applied at all.
Add "Rhui" to the image type definition, to make it explicit that it is
RHUI-based. Make sure that the image type default configuration is based
on the common RHUI configuration. Regenerate affected image manifests.
Signed-off-by: Tomáš Hozza <thozza@redhat.com>
Every image type defines a list of build pipeline names and a list of
payload pipeline names. These should match the names of the pipelines
that will exist in the manifest when it's generated. They should match
exactly, otherwise issues can occur when reading the metadata from an
osbuild result. The cloud API needs to know the names of the pipelines
and specifically the name of the build pipeline and the payload pipeline
in order to differentiated between build and payload packages in the
metadata.
This new test generates every manifest, parses it into a minimal struct,
and compares the pipeline names with the ones reported statically on the
image type definition.
