particle-os/debian-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
debian-forge/debian-forge-docs/debian-atomic-blueprints.md
robojerk 502e1469ae
Some checks failed
Checks / Spelling (push) Has been cancelled
Details
Checks / Python Linters (push) Has been cancelled
Details
Checks / Shell Linters (push) Has been cancelled
Details
Checks / 📦 Packit config lint (push) Has been cancelled
Details
Checks / 🔍 Check for valid snapshot urls (push) Has been cancelled
Details
Checks / 🔍 Check JSON files for formatting consistency (push) Has been cancelled
Details
Generate / Documentation (push) Has been cancelled
Details
Generate / Test Data (push) Has been cancelled
Details
Tests / Unittest (push) Has been cancelled
Details
Tests / Assembler test (legacy) (push) Has been cancelled
Details
Tests / Smoke run: unittest as normal user on default runner (push) Has been cancelled
Details
Move composer scripts to root directory and add comprehensive Debian Atomic support
2025-08-23 08:02:45 -07:00

300 lines
7 KiB
Markdown
Raw Permalink Blame History

# Debian Atomic Blueprints for OSBuild Composer
## Overview
This document defines the blueprint system for creating Debian atomic images using OSBuild Composer. The blueprints are based on debos recipe patterns and adapted for OSBuild's pipeline-based architecture.
## Blueprint Structure
### Basic Debian Atomic Blueprint
```json
{
"name": "debian-atomic-base",
"description": "Debian Atomic Base System",
"version": "0.0.1",
"packages": [
{"name": "systemd"},
{"name": "systemd-sysv"},
{"name": "dbus"},
{"name": "udev"},
{"name": "ostree"},
{"name": "linux-image-amd64"}
],
"modules": [],
"groups": [],
"customizations": {
"user": [
{
"name": "debian",
"description": "Debian user",
"password": "$6$rounds=656000$YQvKxqQKqQKqQKqQ$...",
"key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC...",
"home": "/home/debian",
"shell": "/bin/bash",
"groups": ["wheel"],
"uid": 1000,
"gid": 1000
}
],
"services": {
"enabled": ["sshd", "systemd-networkd"]
}
}
}
```
### Debian Atomic Workstation Blueprint
```json
{
"name": "debian-atomic-workstation",
"description": "Debian Atomic Workstation",
"version": "0.0.1",
"packages": [
{"name": "systemd"},
{"name": "systemd-sysv"},
{"name": "dbus"},
{"name": "udev"},
{"name": "ostree"},
{"name": "linux-image-amd64"},
{"name": "gnome-shell"},
{"name": "gnome-session"},
{"name": "gdm3"},
{"name": "network-manager"},
{"name": "firefox-esr"}
],
"modules": [],
"groups": [
{"name": "desktop"}
],
"customizations": {
"user": [
{
"name": "debian",
"description": "Debian user",
"password": "$6$rounds=656000$YQvKxqQKqQKqQKqQ$...",
"key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC...",
"home": "/home/debian",
"shell": "/bin/bash",
"groups": ["wheel", "desktop"],
"uid": 1000,
"gid": 1000
}
],
"services": {
"enabled": ["sshd", "systemd-networkd", "gdm3", "NetworkManager"]
},
"desktop": {
"enabled": true
}
}
}
```
### Debian Atomic Server Blueprint
```json
{
"name": "debian-atomic-server",
"description": "Debian Atomic Server",
"version": "0.0.1",
"packages": [
{"name": "systemd"},
{"name": "systemd-sysv"},
{"name": "dbus"},
{"name": "udev"},
{"name": "ostree"},
{"name": "linux-image-amd64"},
{"name": "nginx"},
{"name": "postgresql"},
{"name": "redis-server"},
{"name": "fail2ban"}
],
"modules": [],
"groups": [
{"name": "server"}
],
"customizations": {
"user": [
{
"name": "debian",
"description": "Debian user",
"password": "$6$rounds=656000$YQvKxqQKqQKqQKqQ$...",
"key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC...",
"home": "/home/debian",
"shell": "/bin/bash",
"groups": ["wheel", "server"],
"uid": 1000,
"gid": 1000
}
],
"services": {
"enabled": ["sshd", "systemd-networkd", "nginx", "postgresql", "redis-server", "fail2ban"]
},
"firewall": {
"services": {
"enabled": ["ssh", "http", "https"]
}
}
}
}
```
## Blueprint Variables
### Architecture Support
```json
{
"variables": {
"architecture": "amd64",
"suite": "bookworm",
"variant": "minbase",
"mirror": "http://deb.debian.org/debian",
"apt_proxy": "http://192.168.1.101:3142"
}
}
```
### Package Categories
```json
{
"package_groups": {
"base": ["systemd", "systemd-sysv", "dbus", "udev", "ostree"],
"desktop": ["gnome-shell", "gnome-session", "gdm3"],
"server": ["nginx", "postgresql", "redis-server"],
"development": ["build-essential", "git", "python3", "nodejs"],
"security": ["fail2ban", "unattended-upgrades", "rkhunter"]
}
}
```
## OSBuild Pipeline Integration
### Debian Bootstrap Stage
```json
{
"type": "org.osbuild.debootstrap",
"options": {
"suite": "bookworm",
"mirror": "http://deb.debian.org/debian",
"arch": "amd64",
"variant": "minbase",
"apt_proxy": "http://192.168.1.101:3142"
}
}
```
### Package Installation Stage
```json
{
"type": "org.osbuild.apt",
"options": {
"packages": ["systemd", "systemd-sysv", "dbus", "udev"],
"recommends": false,
"update": true,
"apt_proxy": "http://192.168.1.101:3142"
}
}
```
### OSTree Commit Stage
```json
{
"type": "org.osbuild.ostree.commit",
"options": {
"repo": "debian-atomic",
"branch": "debian/bookworm",
"subject": "Debian Bookworm atomic system",
"body": "Debian Bookworm minbase system with systemd and OSTree"
}
}
```
## Blueprint Validation
### Required Fields
- `name`: Unique identifier for the blueprint
- `description`: Human-readable description
- `version`: Semantic version string
- `packages`: Array of package specifications
### Optional Fields
- `modules`: Debian modules (currently empty for atomic)
- `groups`: Package groups
- `customizations`: User, service, and system customizations
- `variables`: Blueprint variables for templating
## Usage Examples
### Creating a Blueprint
```bash
# Submit blueprint to composer
composer-cli blueprints push debian-atomic-base.json
# List available blueprints
composer-cli blueprints list
# Show blueprint details
composer-cli blueprints show debian-atomic-base
```
### Building an Image
```bash
# Start a compose
composer-cli compose start debian-atomic-base qcow2
# Check compose status
composer-cli compose status
# Download the image
composer-cli compose image <compose-id>
```
## Integration with Debian Forge
### Build Orchestration
The blueprints integrate with our build orchestration system:
1. **Blueprint Submission**: User submits blueprint via composer API
2. **Pipeline Generation**: Composer generates OSBuild pipeline from blueprint
3. **Build Execution**: Our build orchestrator executes the pipeline
4. **OSTree Composition**: Debian stages create atomic filesystem
5. **Image Generation**: Output formats (ISO, QCOW2, RAW) generated
6. **Deployment**: OSTree commits available for deployment
### Customization Points
- **Package Selection**: Via blueprint packages array
- **User Configuration**: Via blueprint customizations
- **Service Management**: Via blueprint services
- **Security Settings**: Via blueprint security groups
- **Network Configuration**: Via blueprint network settings
## Future Enhancements
### Advanced Blueprint Features
- **Template Inheritance**: Base blueprints with specialization
- **Conditional Packages**: Architecture or suite-specific packages
- **Repository Management**: Custom Debian repositories
- **Security Policies**: SELinux, AppArmor, and security modules
- **Compliance**: FIPS, Common Criteria, and security certifications
### Integration Features
- **CI/CD Integration**: GitOps workflow integration
- **Multi-Architecture**: ARM64, RISC-V support
- **Container Integration**: Bootc and container-native workflows
- **Cloud Integration**: AWS, Azure, GCP image generation
- **Edge Computing**: IoT and edge deployment scenarios
Reference in a new issue View git blame Copy permalink