version: '2' mpp-vars: # The name to use for deployment stateroot osname: fedora-coreos # The container image ref to follow for updates container_imgref: ostree-remote-registry:fedora:quay.io/fedora/fedora-coreos:stable # The container repo/tag to pull for this test container_repo: registry.gitlab.com/redhat/services/products/image-builder/ci/images/fedora-coreos container_tag: testing metal_image_size_mb: 3072 cloud_image_size_mb: 10240 bios_boot_size_mb: 1 efi_system_size_mb: 127 boot_size_mb: 384 sector_size: 512 four_k_sector_size: 4096 extra_kargs: "mitigations=auto,nosmt" # Filesystem UUID and label definitions. These UUIDs # are looked for on boot and if found replaced with # a new random UUID to make each install unique. boot_fs_uuid: 96d15588-3596-4b3c-adca-a2ff7279ea63 boot_fs_label: boot root_fs_uuid: 910678ff-f77e-4a7d-8d53-86f2ac47a823 root_fs_label: root # Set the buildroot string to use for most operations here. We create # the buildroot from the target OSTree contents so we have version # matches. Unfortunately for FCOS there is no python so we can't # really use FCOS as the buildroot so we'll use a generic Fedora # buildroot here. buildroot: "name:build" mpp-define-images: - id: image sector_size: mpp-format-int: "{sector_size}" size: mpp-format-string: "{metal_image_size_mb * 1024 * 1024}" table: uuid: 00000000-0000-4000-a000-000000000001 label: gpt partitions: - name: BIOS-BOOT type: 21686148-6449-6E6F-744E-656564454649 bootable: true size: mpp-format-int: "{bios_boot_size_mb * 1024 * 1024 / sector_size}" - name: EFI-SYSTEM type: C12A7328-F81F-11D2-BA4B-00A0C93EC93B size: mpp-format-int: "{efi_system_size_mb * 1024 * 1024 / sector_size}" - name: boot type: 0FC63DAF-8483-4772-8E79-3D69D8477DE4 size: mpp-format-int: "{boot_size_mb * 1024 * 1024 / sector_size}" - name: root type: 0FC63DAF-8483-4772-8E79-3D69D8477DE4 - id: image4k sector_size: mpp-format-int: "{four_k_sector_size}" size: mpp-format-string: "{metal_image_size_mb * 1024 * 1024}" table: uuid: 00000000-0000-4000-a000-000000000001 label: gpt partitions: - name: BIOS-BOOT type: 21686148-6449-6E6F-744E-656564454649 bootable: true size: mpp-format-int: "{bios_boot_size_mb * 1024 * 1024 / four_k_sector_size}" - name: EFI-SYSTEM type: C12A7328-F81F-11D2-BA4B-00A0C93EC93B size: mpp-format-int: "{efi_system_size_mb * 1024 * 1024 / four_k_sector_size}" - name: boot type: 0FC63DAF-8483-4772-8E79-3D69D8477DE4 size: mpp-format-int: "{boot_size_mb * 1024 * 1024 / four_k_sector_size}" - name: root type: 0FC63DAF-8483-4772-8E79-3D69D8477DE4 pipelines: - mpp-import-pipelines: path: fedora-vars.ipp.yaml - mpp-import-pipeline: path: fedora-build-v2.ipp.yaml id: build runner: mpp-format-string: org.osbuild.fedora{release} # Pull the container into a pipeline # Construct a tree here that is a representation of the filesystem # that you would see on a running OSTree system. i.e. instead of just # /ostree and /sysroot at the toplevel we see /usr/ /var/ /etc/ ... that # you would see inside an OSTree deployment. Having the plain files accessible # allows for this pipeline to be used as a buildroot for some stages # or as inputs for others (i.e. file_context input to the org.osbuild.selinux # stages). This pipeline isn't actually used for built artifacts but # to help during build. # # NOTE: this is only used as a buildroot on RHCOS (FCOS doesn't ship python). - name: deployed-tree build: mpp-format-string: '{buildroot}' stages: - type: org.osbuild.container-deploy inputs: images: type: org.osbuild.containers origin: org.osbuild.source mpp-resolve-images: images: - source: $container_repo tag: $container_tag - name: tree build: mpp-format-string: '{buildroot}' source-epoch: 1659397331 stages: # Set the context of the root of the tree so that we avoid unlabeled_t files. # https://github.com/coreos/fedora-coreos-tracker/issues/1772 - type: org.osbuild.selinux options: file_contexts: input://tree/etc/selinux/targeted/contexts/files/file_contexts target: tree:/// inputs: tree: type: org.osbuild.tree origin: org.osbuild.pipeline references: - name:deployed-tree - type: org.osbuild.ostree.init-fs - type: org.osbuild.ostree.os-init options: osname: mpp-format-string: '{osname}' - type: org.osbuild.ostree.config options: repo: /ostree/repo config: sysroot: readonly: true bootloader: none # https://github.com/coreos/fedora-coreos-tracker/issues/1333 bls-append-except-default: grub_users="" # Opt-in to https://github.com/ostreedev/ostree/pull/2705 which will # add /boot as the prefix on top of BLS config entries. This is OK # because there is a symlink that is created in the root of the boot # filesystem by OSTree (boot -> .) that makes it so that /boot paths # will always work. bootprefix: true - type: org.osbuild.mkdir options: paths: - path: /boot/efi mode: 493 - type: org.osbuild.ignition - type: org.osbuild.ostree.deploy.container options: osname: mpp-format-string: '{osname}' target_imgref: mpp-format-string: '{container_imgref}' mounts: - /boot - /boot/efi kernel_opts: - rw - '$ignition_firstboot' - mpp-format-string: '{extra_kargs}' inputs: images: type: org.osbuild.containers origin: org.osbuild.source mpp-resolve-images: images: - source: $container_repo tag: $container_tag - type: org.osbuild.ostree.aleph options: coreos_compat: true deployment: default: true - type: org.osbuild.ostree.selinux options: deployment: default: true - name: raw-image build: mpp-format-string: '{buildroot}' stages: - type: org.osbuild.truncate options: filename: disk.img size: mpp-format-string: '{image.size}' - type: org.osbuild.sfdisk devices: device: type: org.osbuild.loopback options: filename: disk.img options: mpp-format-json: '{image.layout}' - type: org.osbuild.mkfs.fat devices: device: type: org.osbuild.loopback options: filename: disk.img start: mpp-format-int: '{image.layout[''EFI-SYSTEM''].start}' size: mpp-format-int: '{image.layout[''EFI-SYSTEM''].size}' lock: true options: label: EFI-SYSTEM volid: 7B7795E7 - type: org.osbuild.mkfs.ext4 devices: device: type: org.osbuild.loopback options: filename: disk.img start: mpp-format-int: '{image.layout[''boot''].start}' size: mpp-format-int: '{image.layout[''boot''].size}' lock: true options: uuid: mpp-format-string: '{boot_fs_uuid}' label: mpp-format-string: '{boot_fs_label}' # Set manually the metadata_csum_seed ext4 option otherwise changing the # filesystem UUID while it's mounted doesn't work. Can remove this when # metadata_csum_seed is default in RHEL, which can be checked by looking # in /etc/mke2fs.conf. metadata_csum_seed: true - type: org.osbuild.mkfs.xfs devices: device: type: org.osbuild.loopback options: filename: disk.img start: mpp-format-int: '{image.layout[''root''].start}' size: mpp-format-int: '{image.layout[''root''].size}' lock: true options: uuid: mpp-format-string: '{root_fs_uuid}' label: mpp-format-string: '{root_fs_label}' # We've created the filesystems. Now let's create the mountpoints (directories) # on the filesystems and label them with appropriate SELinux labels. This also # covers things like filesystem autogenerated files like 'lost+found'. The labeling # will happen once with just the root filesystem mounted and once with the boot # filesystem mounted too (to make sure we get all potentially hidden mountpoints). # https://github.com/coreos/fedora-coreos-tracker/issues/1771 - type: org.osbuild.mkdir options: paths: - path: mount://root/boot mode: 493 - path: mount://boot/efi mode: 493 devices: disk: type: org.osbuild.loopback options: filename: disk.img partscan: true mounts: - name: root type: org.osbuild.xfs source: disk partition: mpp-format-int: '{image.layout[''root''].partnum}' target: /root-mount-point - name: boot type: org.osbuild.ext4 source: disk partition: mpp-format-int: '{image.layout[''boot''].partnum}' target: /boot-mount-point - type: org.osbuild.selinux options: file_contexts: input://tree/etc/selinux/targeted/contexts/files/file_contexts target: mount://root/ inputs: tree: type: org.osbuild.tree origin: org.osbuild.pipeline references: - name:deployed-tree devices: disk: type: org.osbuild.loopback options: filename: disk.img partscan: true mounts: - name: root type: org.osbuild.xfs source: disk partition: mpp-format-int: '{image.layout[''root''].partnum}' target: / - type: org.osbuild.selinux options: file_contexts: input://tree/etc/selinux/targeted/contexts/files/file_contexts target: mount://root/boot/ inputs: tree: type: org.osbuild.tree origin: org.osbuild.pipeline references: - name:deployed-tree devices: disk: type: org.osbuild.loopback options: filename: disk.img partscan: true mounts: - name: root type: org.osbuild.xfs source: disk partition: mpp-format-int: '{image.layout[''root''].partnum}' target: / - name: boot type: org.osbuild.ext4 source: disk partition: mpp-format-int: '{image.layout[''boot''].partnum}' target: /boot - type: org.osbuild.copy inputs: tree: type: org.osbuild.tree origin: org.osbuild.pipeline references: - name:tree options: paths: - from: input://tree/ to: mount://root/ devices: disk: type: org.osbuild.loopback options: filename: disk.img partscan: true mounts: - name: root type: org.osbuild.xfs source: disk partition: mpp-format-int: '{image.layout[''root''].partnum}' target: / - name: boot type: org.osbuild.ext4 source: disk partition: mpp-format-int: '{image.layout[''boot''].partnum}' target: /boot - name: efi type: org.osbuild.fat source: disk partition: mpp-format-int: '{image.layout[''EFI-SYSTEM''].partnum}' target: /boot/efi - type: org.osbuild.bootupd options: bios: device: disk static-configs: true deployment: default: true devices: disk: type: org.osbuild.loopback options: filename: disk.img partscan: true mounts: - name: root type: org.osbuild.xfs source: disk partition: mpp-format-int: '{image.layout[''root''].partnum}' target: / - name: boot type: org.osbuild.ext4 source: disk partition: mpp-format-int: '{image.layout[''boot''].partnum}' target: /boot - name: efi type: org.osbuild.fat source: disk partition: mpp-format-int: '{image.layout[''EFI-SYSTEM''].partnum}' target: /boot/efi - type: org.osbuild.chattr options: items: mount://root/: immutable: true devices: disk: type: org.osbuild.loopback options: filename: disk.img partscan: true mounts: - name: root type: org.osbuild.xfs source: disk partition: mpp-format-int: '{image.layout[''root''].partnum}' target: / - name: ostree.deployment type: org.osbuild.ostree.deployment options: source: mount deployment: default: true - name: raw-4k-image build: mpp-format-string: '{buildroot}' stages: - type: org.osbuild.truncate options: filename: disk.img size: mpp-format-string: '{image4k.size}' - type: org.osbuild.sfdisk devices: device: type: org.osbuild.loopback options: filename: disk.img sector-size: mpp-format-int: "{four_k_sector_size}" options: mpp-format-json: '{image4k.layout}' - type: org.osbuild.mkfs.fat devices: device: type: org.osbuild.loopback options: filename: disk.img start: mpp-format-int: '{image4k.layout[''EFI-SYSTEM''].start}' size: mpp-format-int: '{image4k.layout[''EFI-SYSTEM''].size}' lock: true sector-size: mpp-format-int: "{four_k_sector_size}" options: label: EFI-SYSTEM volid: 7B7795E7 - type: org.osbuild.mkfs.ext4 devices: device: type: org.osbuild.loopback options: filename: disk.img start: mpp-format-int: '{image4k.layout[''boot''].start}' size: mpp-format-int: '{image4k.layout[''boot''].size}' lock: true sector-size: mpp-format-int: "{four_k_sector_size}" options: uuid: mpp-format-string: '{boot_fs_uuid}' label: mpp-format-string: '{boot_fs_label}' # Set manually the metadata_csum_seed ext4 option otherwise changing the # filesystem UUID while it's mounted doesn't work. Can remove this when # metadata_csum_seed is default in RHEL, which can be checked by looking # in /etc/mke2fs.conf. metadata_csum_seed: true - type: org.osbuild.mkfs.xfs devices: device: type: org.osbuild.loopback options: filename: disk.img start: mpp-format-int: '{image4k.layout[''root''].start}' size: mpp-format-int: '{image4k.layout[''root''].size}' lock: true sector-size: mpp-format-int: "{four_k_sector_size}" options: uuid: mpp-format-string: '{root_fs_uuid}' label: mpp-format-string: '{root_fs_label}' # We've created the filesystems. Now let's create the mountpoints (directories) # on the filesystems and label them with appropriate SELinux labels. This also # covers things like filesystem autogenerated files like 'lost+found'. The labeling # will happen once with just the root filesystem mounted and once with the boot # filesystem mounted too (to make sure we get all potentially hidden mountpoints). # https://github.com/coreos/fedora-coreos-tracker/issues/1771 - type: org.osbuild.mkdir options: paths: - path: mount://root/boot mode: 493 - path: mount://boot/efi mode: 493 devices: disk: type: org.osbuild.loopback options: filename: disk.img partscan: true sector-size: mpp-format-int: "{four_k_sector_size}" mounts: - name: root type: org.osbuild.xfs source: disk partition: mpp-format-int: '{image4k.layout[''root''].partnum}' target: /root-mount-point - name: boot type: org.osbuild.ext4 source: disk partition: mpp-format-int: '{image4k.layout[''boot''].partnum}' target: /boot-mount-point - type: org.osbuild.selinux options: file_contexts: input://tree/etc/selinux/targeted/contexts/files/file_contexts target: mount://root/ inputs: tree: type: org.osbuild.tree origin: org.osbuild.pipeline references: - name:deployed-tree devices: disk: type: org.osbuild.loopback options: filename: disk.img partscan: true sector-size: mpp-format-int: "{four_k_sector_size}" mounts: - name: root type: org.osbuild.xfs source: disk partition: mpp-format-int: '{image4k.layout[''root''].partnum}' target: / - type: org.osbuild.selinux options: file_contexts: input://tree/etc/selinux/targeted/contexts/files/file_contexts target: mount://root/boot/ inputs: tree: type: org.osbuild.tree origin: org.osbuild.pipeline references: - name:deployed-tree devices: disk: type: org.osbuild.loopback options: filename: disk.img partscan: true sector-size: mpp-format-int: "{four_k_sector_size}" mounts: - name: root type: org.osbuild.xfs source: disk partition: mpp-format-int: '{image4k.layout[''root''].partnum}' target: / - name: boot type: org.osbuild.ext4 source: disk partition: mpp-format-int: '{image4k.layout[''boot''].partnum}' target: /boot - type: org.osbuild.copy inputs: tree: type: org.osbuild.tree origin: org.osbuild.pipeline references: - name:tree options: paths: - from: input://tree/ to: mount://root/ devices: disk: type: org.osbuild.loopback options: filename: disk.img partscan: true sector-size: mpp-format-int: "{four_k_sector_size}" mounts: - name: root type: org.osbuild.xfs source: disk partition: mpp-format-int: '{image4k.layout[''root''].partnum}' target: / - name: boot type: org.osbuild.ext4 source: disk partition: mpp-format-int: '{image4k.layout[''boot''].partnum}' target: /boot - name: efi type: org.osbuild.fat source: disk partition: mpp-format-int: '{image4k.layout[''EFI-SYSTEM''].partnum}' target: /boot/efi - type: org.osbuild.bootupd options: static-configs: true deployment: default: true devices: disk: type: org.osbuild.loopback options: filename: disk.img partscan: true sector-size: mpp-format-int: "{four_k_sector_size}" mounts: - name: root type: org.osbuild.xfs source: disk partition: mpp-format-int: '{image4k.layout[''root''].partnum}' target: / - name: boot type: org.osbuild.ext4 source: disk partition: mpp-format-int: '{image4k.layout[''boot''].partnum}' target: /boot - name: efi type: org.osbuild.fat source: disk partition: mpp-format-int: '{image4k.layout[''EFI-SYSTEM''].partnum}' target: /boot/efi - type: org.osbuild.chattr options: items: mount://root/: immutable: true devices: disk: type: org.osbuild.loopback options: filename: disk.img partscan: true sector-size: mpp-format-int: "{four_k_sector_size}" mounts: - name: root type: org.osbuild.xfs source: disk partition: mpp-format-int: '{image4k.layout[''root''].partnum}' target: / - name: ostree.deployment type: org.osbuild.ostree.deployment options: source: mount deployment: default: true - name: raw-metal-image build: mpp-format-string: '{buildroot}' stages: - type: org.osbuild.copy inputs: tree: type: org.osbuild.tree origin: org.osbuild.pipeline references: - name:raw-image options: paths: - from: input://tree/disk.img to: tree:///disk.img - type: org.osbuild.coreos.platform options: platform: metal devices: disk: type: org.osbuild.loopback options: filename: disk.img partscan: true mounts: - name: root type: org.osbuild.xfs source: disk partition: mpp-format-int: '{image.layout[''root''].partnum}' target: / - name: ostree.deployment type: org.osbuild.ostree.deployment options: source: mount deployment: default: true - name: boot type: org.osbuild.ext4 source: disk partition: mpp-format-int: '{image.layout[''boot''].partnum}' target: /boot - name: metal build: mpp-format-string: '{buildroot}' stages: - type: org.osbuild.copy inputs: tree: type: org.osbuild.tree origin: org.osbuild.pipeline references: - name:raw-metal-image options: paths: - from: input://tree/disk.img to: tree:///metal.raw - name: raw-metal4k-image build: mpp-format-string: '{buildroot}' stages: - type: org.osbuild.copy inputs: tree: type: org.osbuild.tree origin: org.osbuild.pipeline references: - name:raw-4k-image options: paths: - from: input://tree/disk.img to: tree:///disk.img - type: org.osbuild.coreos.platform options: platform: metal devices: disk: type: org.osbuild.loopback options: filename: disk.img partscan: true sector-size: mpp-format-int: "{four_k_sector_size}" mounts: - name: root type: org.osbuild.xfs source: disk partition: mpp-format-int: '{image4k.layout[''root''].partnum}' target: / - name: ostree.deployment type: org.osbuild.ostree.deployment options: source: mount deployment: default: true - name: boot type: org.osbuild.ext4 source: disk partition: mpp-format-int: '{image4k.layout[''boot''].partnum}' target: /boot - name: metal4k build: mpp-format-string: '{buildroot}' stages: - type: org.osbuild.copy inputs: tree: type: org.osbuild.tree origin: org.osbuild.pipeline references: - name:raw-metal4k-image options: paths: - from: input://tree/disk.img to: tree:///metal4k.raw - name: raw-qemu-image build: mpp-format-string: '{buildroot}' stages: - type: org.osbuild.copy inputs: tree: type: org.osbuild.tree origin: org.osbuild.pipeline references: - name:raw-image options: paths: - from: input://tree/disk.img to: tree:///disk.img # Increase the size to the cloud image size - type: org.osbuild.truncate options: filename: disk.img size: mpp-format-string: "{cloud_image_size_mb * 1024 * 1024}" - type: org.osbuild.coreos.platform options: platform: qemu devices: disk: type: org.osbuild.loopback options: filename: disk.img partscan: true mounts: - name: root type: org.osbuild.xfs source: disk partition: mpp-format-int: '{image.layout[''root''].partnum}' target: / - name: ostree.deployment type: org.osbuild.ostree.deployment options: source: mount deployment: default: true - name: boot type: org.osbuild.ext4 source: disk partition: mpp-format-int: '{image.layout[''boot''].partnum}' target: /boot - name: qemu build: mpp-format-string: '{buildroot}' stages: - type: org.osbuild.qemu inputs: image: type: org.osbuild.files origin: org.osbuild.pipeline references: name:raw-qemu-image: file: disk.img options: filename: qemu.qcow2 format: type: qcow2 compression: false compat: '1.1' - name: live build: mpp-format-string: '{buildroot}' stages: - type: org.osbuild.coreos.live-artifacts.mono inputs: deployed-tree: type: org.osbuild.tree origin: org.osbuild.pipeline references: - name:deployed-tree metal: type: org.osbuild.files origin: org.osbuild.pipeline references: name:metal: file: /metal.raw metal4k: type: org.osbuild.files origin: org.osbuild.pipeline references: name:metal4k: file: /metal4k.raw options: filenames: live-iso: mpp-format-string: 'coreos-live-iso.{arch}.iso' live-kernel: mpp-format-string: 'coreos-live-kernel.{arch}' live-initramfs: mpp-format-string: 'coreos-live-initramfs.{arch}.img' live-rootfs: mpp-format-string: 'coreos-live-rootfs.{arch}.img'