particle-os/debian-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
debian-forge/test/data/manifests/fedora-coreos-container.mpp.yaml
Dusty Mabe b7e3268ef0 manifests: updates for FCOS manifest 
There have been a lot of changes to the CoreOS definitions in [1].
Let's update the test manifest here to more closely match what is
running in the field there.

[1] dcd60cfe01/src/osbuild-manifests
2024-12-18 11:09:29 -05:00

875 lines
28 KiB
YAML
Raw Blame History

version: '2'
mpp-vars:
# The name to use for deployment stateroot
osname: fedora-coreos
# The container image ref to follow for updates
container_imgref: ostree-remote-registry:fedora:quay.io/fedora/fedora-coreos:stable
# The container repo/tag to pull for this test
container_repo: registry.gitlab.com/redhat/services/products/image-builder/ci/images/fedora-coreos
container_tag: testing
metal_image_size_mb: 3072
cloud_image_size_mb: 10240
bios_boot_size_mb: 1
efi_system_size_mb: 127
boot_size_mb: 384
sector_size: 512
four_k_sector_size: 4096
extra_kargs: "mitigations=auto,nosmt"
# Filesystem UUID and label definitions. These UUIDs
# are looked for on boot and if found replaced with
# a new random UUID to make each install unique.
boot_fs_uuid: 96d15588-3596-4b3c-adca-a2ff7279ea63
boot_fs_label: boot
root_fs_uuid: 910678ff-f77e-4a7d-8d53-86f2ac47a823
root_fs_label: root
# Set the buildroot string to use for most operations here. We create
# the buildroot from the target OSTree contents so we have version
# matches. Unfortunately for FCOS there is no python so we can't
# really use FCOS as the buildroot so we'll use a generic Fedora
# buildroot here.
buildroot: "name:build"
mpp-define-images:
- id: image
sector_size:
mpp-format-int: "{sector_size}"
size:
mpp-format-string: "{metal_image_size_mb * 1024 * 1024}"
table:
uuid: 00000000-0000-4000-a000-000000000001
label: gpt
partitions:
- name: BIOS-BOOT
type: 21686148-6449-6E6F-744E-656564454649
bootable: true
size:
mpp-format-int: "{bios_boot_size_mb * 1024 * 1024 / sector_size}"
- name: EFI-SYSTEM
type: C12A7328-F81F-11D2-BA4B-00A0C93EC93B
size:
mpp-format-int: "{efi_system_size_mb * 1024 * 1024 / sector_size}"
- name: boot
type: 0FC63DAF-8483-4772-8E79-3D69D8477DE4
size:
mpp-format-int: "{boot_size_mb * 1024 * 1024 / sector_size}"
- name: root
type: 0FC63DAF-8483-4772-8E79-3D69D8477DE4
- id: image4k
sector_size:
mpp-format-int: "{four_k_sector_size}"
size:
mpp-format-string: "{metal_image_size_mb * 1024 * 1024}"
table:
uuid: 00000000-0000-4000-a000-000000000001
label: gpt
partitions:
- name: BIOS-BOOT
type: 21686148-6449-6E6F-744E-656564454649
bootable: true
size:
mpp-format-int: "{bios_boot_size_mb * 1024 * 1024 / four_k_sector_size}"
- name: EFI-SYSTEM
type: C12A7328-F81F-11D2-BA4B-00A0C93EC93B
size:
mpp-format-int: "{efi_system_size_mb * 1024 * 1024 / four_k_sector_size}"
- name: boot
type: 0FC63DAF-8483-4772-8E79-3D69D8477DE4
size:
mpp-format-int: "{boot_size_mb * 1024 * 1024 / four_k_sector_size}"
- name: root
type: 0FC63DAF-8483-4772-8E79-3D69D8477DE4
pipelines:
- mpp-import-pipelines:
path: fedora-vars.ipp.yaml
- mpp-import-pipeline:
path: fedora-build-v2.ipp.yaml
id: build
runner:
mpp-format-string: org.osbuild.fedora{release}
# Pull the container into a pipeline
# Construct a tree here that is a representation of the filesystem
# that you would see on a running OSTree system. i.e. instead of just
# /ostree and /sysroot at the toplevel we see /usr/ /var/ /etc/ ... that
# you would see inside an OSTree deployment. Having the plain files accessible
# allows for this pipeline to be used as a buildroot for some stages
# or as inputs for others (i.e. file_context input to the org.osbuild.selinux
# stages). This pipeline isn't actually used for built artifacts but
# to help during build.
#
# NOTE: this is only used as a buildroot on RHCOS (FCOS doesn't ship python).
- name: deployed-tree
build:
mpp-format-string: '{buildroot}'
stages:
- type: org.osbuild.container-deploy
inputs:
images:
type: org.osbuild.containers
origin: org.osbuild.source
mpp-resolve-images:
images:
- source: $container_repo
tag: $container_tag
- name: tree
build:
mpp-format-string: '{buildroot}'
source-epoch: 1659397331
stages:
# Set the context of the root of the tree so that we avoid unlabeled_t files.
# https://github.com/coreos/fedora-coreos-tracker/issues/1772
- type: org.osbuild.selinux
options:
file_contexts: input://tree/etc/selinux/targeted/contexts/files/file_contexts
target: tree:///
inputs:
tree:
type: org.osbuild.tree
origin: org.osbuild.pipeline
references:
- name:deployed-tree
- type: org.osbuild.ostree.init-fs
- type: org.osbuild.ostree.os-init
options:
osname:
mpp-format-string: '{osname}'
- type: org.osbuild.ostree.config
options:
repo: /ostree/repo
config:
sysroot:
readonly: true
bootloader: none
# https://github.com/coreos/fedora-coreos-tracker/issues/1333
bls-append-except-default: grub_users=""
# Opt-in to https://github.com/ostreedev/ostree/pull/2705 which will
# add /boot as the prefix on top of BLS config entries. This is OK
# because there is a symlink that is created in the root of the boot
# filesystem by OSTree (boot -> .) that makes it so that /boot paths
# will always work.
bootprefix: true
- type: org.osbuild.mkdir
options:
paths:
- path: /boot/efi
mode: 493
- type: org.osbuild.ignition
- type: org.osbuild.ostree.deploy.container
options:
osname:
mpp-format-string: '{osname}'
target_imgref:
mpp-format-string: '{container_imgref}'
mounts:
- /boot
- /boot/efi
kernel_opts:
- rw
- '$ignition_firstboot'
- mpp-format-string: '{extra_kargs}'
inputs:
images:
type: org.osbuild.containers
origin: org.osbuild.source
mpp-resolve-images:
images:
- source: $container_repo
tag: $container_tag
- type: org.osbuild.ostree.aleph
options:
coreos_compat: true
deployment:
default: true
- type: org.osbuild.ostree.selinux
options:
deployment:
default: true
- name: raw-image
build:
mpp-format-string: '{buildroot}'
stages:
- type: org.osbuild.truncate
options:
filename: disk.img
size:
mpp-format-string: '{image.size}'
- type: org.osbuild.sfdisk
devices:
device:
type: org.osbuild.loopback
options:
filename: disk.img
options:
mpp-format-json: '{image.layout}'
- type: org.osbuild.mkfs.fat
devices:
device:
type: org.osbuild.loopback
options:
filename: disk.img
start:
mpp-format-int: '{image.layout[''EFI-SYSTEM''].start}'
size:
mpp-format-int: '{image.layout[''EFI-SYSTEM''].size}'
lock: true
options:
label: EFI-SYSTEM
volid: 7B7795E7
- type: org.osbuild.mkfs.ext4
devices:
device:
type: org.osbuild.loopback
options:
filename: disk.img
start:
mpp-format-int: '{image.layout[''boot''].start}'
size:
mpp-format-int: '{image.layout[''boot''].size}'
lock: true
options:
uuid:
mpp-format-string: '{boot_fs_uuid}'
label:
mpp-format-string: '{boot_fs_label}'
# Set manually the metadata_csum_seed ext4 option otherwise changing the
# filesystem UUID while it's mounted doesn't work. Can remove this when
# metadata_csum_seed is default in RHEL, which can be checked by looking
# in /etc/mke2fs.conf.
metadata_csum_seed: true
- type: org.osbuild.mkfs.xfs
devices:
device:
type: org.osbuild.loopback
options:
filename: disk.img
start:
mpp-format-int: '{image.layout[''root''].start}'
size:
mpp-format-int: '{image.layout[''root''].size}'
lock: true
options:
uuid:
mpp-format-string: '{root_fs_uuid}'
label:
mpp-format-string: '{root_fs_label}'
# We've created the filesystems. Now let's create the mountpoints (directories)
# on the filesystems and label them with appropriate SELinux labels. This also
# covers things like filesystem autogenerated files like 'lost+found'. The labeling
# will happen once with just the root filesystem mounted and once with the boot
# filesystem mounted too (to make sure we get all potentially hidden mountpoints).
# https://github.com/coreos/fedora-coreos-tracker/issues/1771
- type: org.osbuild.mkdir
options:
paths:
- path: mount://root/boot
mode: 493
- path: mount://boot/efi
mode: 493
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image.layout[''root''].partnum}'
target: /root-mount-point
- name: boot
type: org.osbuild.ext4
source: disk
partition:
mpp-format-int: '{image.layout[''boot''].partnum}'
target: /boot-mount-point
- type: org.osbuild.selinux
options:
file_contexts: input://tree/etc/selinux/targeted/contexts/files/file_contexts
target: mount://root/
inputs:
tree:
type: org.osbuild.tree
origin: org.osbuild.pipeline
references:
- name:deployed-tree
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image.layout[''root''].partnum}'
target: /
- type: org.osbuild.selinux
options:
file_contexts: input://tree/etc/selinux/targeted/contexts/files/file_contexts
target: mount://root/boot/
inputs:
tree:
type: org.osbuild.tree
origin: org.osbuild.pipeline
references:
- name:deployed-tree
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image.layout[''root''].partnum}'
target: /
- name: boot
type: org.osbuild.ext4
source: disk
partition:
mpp-format-int: '{image.layout[''boot''].partnum}'
target: /boot
- type: org.osbuild.copy
inputs:
tree:
type: org.osbuild.tree
origin: org.osbuild.pipeline
references:
- name:tree
options:
paths:
- from: input://tree/
to: mount://root/
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image.layout[''root''].partnum}'
target: /
- name: boot
type: org.osbuild.ext4
source: disk
partition:
mpp-format-int: '{image.layout[''boot''].partnum}'
target: /boot
- name: efi
type: org.osbuild.fat
source: disk
partition:
mpp-format-int: '{image.layout[''EFI-SYSTEM''].partnum}'
target: /boot/efi
- type: org.osbuild.bootupd
options:
bios:
device: disk
static-configs: true
deployment:
default: true
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image.layout[''root''].partnum}'
target: /
- name: boot
type: org.osbuild.ext4
source: disk
partition:
mpp-format-int: '{image.layout[''boot''].partnum}'
target: /boot
- name: efi
type: org.osbuild.fat
source: disk
partition:
mpp-format-int: '{image.layout[''EFI-SYSTEM''].partnum}'
target: /boot/efi
- type: org.osbuild.chattr
options:
items:
mount://root/:
immutable: true
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image.layout[''root''].partnum}'
target: /
- name: ostree.deployment
type: org.osbuild.ostree.deployment
options:
source: mount
deployment:
default: true
- name: raw-4k-image
build:
mpp-format-string: '{buildroot}'
stages:
- type: org.osbuild.truncate
options:
filename: disk.img
size:
mpp-format-string: '{image4k.size}'
- type: org.osbuild.sfdisk
devices:
device:
type: org.osbuild.loopback
options:
filename: disk.img
sector-size:
mpp-format-int: "{four_k_sector_size}"
options:
mpp-format-json: '{image4k.layout}'
- type: org.osbuild.mkfs.fat
devices:
device:
type: org.osbuild.loopback
options:
filename: disk.img
start:
mpp-format-int: '{image4k.layout[''EFI-SYSTEM''].start}'
size:
mpp-format-int: '{image4k.layout[''EFI-SYSTEM''].size}'
lock: true
sector-size:
mpp-format-int: "{four_k_sector_size}"
options:
label: EFI-SYSTEM
volid: 7B7795E7
- type: org.osbuild.mkfs.ext4
devices:
device:
type: org.osbuild.loopback
options:
filename: disk.img
start:
mpp-format-int: '{image4k.layout[''boot''].start}'
size:
mpp-format-int: '{image4k.layout[''boot''].size}'
lock: true
sector-size:
mpp-format-int: "{four_k_sector_size}"
options:
uuid:
mpp-format-string: '{boot_fs_uuid}'
label:
mpp-format-string: '{boot_fs_label}'
# Set manually the metadata_csum_seed ext4 option otherwise changing the
# filesystem UUID while it's mounted doesn't work. Can remove this when
# metadata_csum_seed is default in RHEL, which can be checked by looking
# in /etc/mke2fs.conf.
metadata_csum_seed: true
- type: org.osbuild.mkfs.xfs
devices:
device:
type: org.osbuild.loopback
options:
filename: disk.img
start:
mpp-format-int: '{image4k.layout[''root''].start}'
size:
mpp-format-int: '{image4k.layout[''root''].size}'
lock: true
sector-size:
mpp-format-int: "{four_k_sector_size}"
options:
uuid:
mpp-format-string: '{root_fs_uuid}'
label:
mpp-format-string: '{root_fs_label}'
# We've created the filesystems. Now let's create the mountpoints (directories)
# on the filesystems and label them with appropriate SELinux labels. This also
# covers things like filesystem autogenerated files like 'lost+found'. The labeling
# will happen once with just the root filesystem mounted and once with the boot
# filesystem mounted too (to make sure we get all potentially hidden mountpoints).
# https://github.com/coreos/fedora-coreos-tracker/issues/1771
- type: org.osbuild.mkdir
options:
paths:
- path: mount://root/boot
mode: 493
- path: mount://boot/efi
mode: 493
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
sector-size:
mpp-format-int: "{four_k_sector_size}"
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image4k.layout[''root''].partnum}'
target: /root-mount-point
- name: boot
type: org.osbuild.ext4
source: disk
partition:
mpp-format-int: '{image4k.layout[''boot''].partnum}'
target: /boot-mount-point
- type: org.osbuild.selinux
options:
file_contexts: input://tree/etc/selinux/targeted/contexts/files/file_contexts
target: mount://root/
inputs:
tree:
type: org.osbuild.tree
origin: org.osbuild.pipeline
references:
- name:deployed-tree
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
sector-size:
mpp-format-int: "{four_k_sector_size}"
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image4k.layout[''root''].partnum}'
target: /
- type: org.osbuild.selinux
options:
file_contexts: input://tree/etc/selinux/targeted/contexts/files/file_contexts
target: mount://root/boot/
inputs:
tree:
type: org.osbuild.tree
origin: org.osbuild.pipeline
references:
- name:deployed-tree
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
sector-size:
mpp-format-int: "{four_k_sector_size}"
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image4k.layout[''root''].partnum}'
target: /
- name: boot
type: org.osbuild.ext4
source: disk
partition:
mpp-format-int: '{image4k.layout[''boot''].partnum}'
target: /boot
- type: org.osbuild.copy
inputs:
tree:
type: org.osbuild.tree
origin: org.osbuild.pipeline
references:
- name:tree
options:
paths:
- from: input://tree/
to: mount://root/
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
sector-size:
mpp-format-int: "{four_k_sector_size}"
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image4k.layout[''root''].partnum}'
target: /
- name: boot
type: org.osbuild.ext4
source: disk
partition:
mpp-format-int: '{image4k.layout[''boot''].partnum}'
target: /boot
- name: efi
type: org.osbuild.fat
source: disk
partition:
mpp-format-int: '{image4k.layout[''EFI-SYSTEM''].partnum}'
target: /boot/efi
- type: org.osbuild.bootupd
options:
static-configs: true
deployment:
default: true
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
sector-size:
mpp-format-int: "{four_k_sector_size}"
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image4k.layout[''root''].partnum}'
target: /
- name: boot
type: org.osbuild.ext4
source: disk
partition:
mpp-format-int: '{image4k.layout[''boot''].partnum}'
target: /boot
- name: efi
type: org.osbuild.fat
source: disk
partition:
mpp-format-int: '{image4k.layout[''EFI-SYSTEM''].partnum}'
target: /boot/efi
- type: org.osbuild.chattr
options:
items:
mount://root/:
immutable: true
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
sector-size:
mpp-format-int: "{four_k_sector_size}"
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image4k.layout[''root''].partnum}'
target: /
- name: ostree.deployment
type: org.osbuild.ostree.deployment
options:
source: mount
deployment:
default: true
- name: raw-metal-image
build:
mpp-format-string: '{buildroot}'
stages:
- type: org.osbuild.copy
inputs:
tree:
type: org.osbuild.tree
origin: org.osbuild.pipeline
references:
- name:raw-image
options:
paths:
- from: input://tree/disk.img
to: tree:///disk.img
- type: org.osbuild.coreos.platform
options:
platform: metal
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image.layout[''root''].partnum}'
target: /
- name: ostree.deployment
type: org.osbuild.ostree.deployment
options:
source: mount
deployment:
default: true
- name: boot
type: org.osbuild.ext4
source: disk
partition:
mpp-format-int: '{image.layout[''boot''].partnum}'
target: /boot
- name: metal
build:
mpp-format-string: '{buildroot}'
stages:
- type: org.osbuild.copy
inputs:
tree:
type: org.osbuild.tree
origin: org.osbuild.pipeline
references:
- name:raw-metal-image
options:
paths:
- from: input://tree/disk.img
to: tree:///metal.raw
- name: raw-metal4k-image
build:
mpp-format-string: '{buildroot}'
stages:
- type: org.osbuild.copy
inputs:
tree:
type: org.osbuild.tree
origin: org.osbuild.pipeline
references:
- name:raw-4k-image
options:
paths:
- from: input://tree/disk.img
to: tree:///disk.img
- type: org.osbuild.coreos.platform
options:
platform: metal
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
sector-size:
mpp-format-int: "{four_k_sector_size}"
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image4k.layout[''root''].partnum}'
target: /
- name: ostree.deployment
type: org.osbuild.ostree.deployment
options:
source: mount
deployment:
default: true
- name: boot
type: org.osbuild.ext4
source: disk
partition:
mpp-format-int: '{image4k.layout[''boot''].partnum}'
target: /boot
- name: metal4k
build:
mpp-format-string: '{buildroot}'
stages:
- type: org.osbuild.copy
inputs:
tree:
type: org.osbuild.tree
origin: org.osbuild.pipeline
references:
- name:raw-metal4k-image
options:
paths:
- from: input://tree/disk.img
to: tree:///metal4k.raw
- name: raw-qemu-image
build:
mpp-format-string: '{buildroot}'
stages:
- type: org.osbuild.copy
inputs:
tree:
type: org.osbuild.tree
origin: org.osbuild.pipeline
references:
- name:raw-image
options:
paths:
- from: input://tree/disk.img
to: tree:///disk.img
# Increase the size to the cloud image size
- type: org.osbuild.truncate
options:
filename: disk.img
size:
mpp-format-string: "{cloud_image_size_mb * 1024 * 1024}"
- type: org.osbuild.coreos.platform
options:
platform: qemu
devices:
disk:
type: org.osbuild.loopback
options:
filename: disk.img
partscan: true
mounts:
- name: root
type: org.osbuild.xfs
source: disk
partition:
mpp-format-int: '{image.layout[''root''].partnum}'
target: /
- name: ostree.deployment
type: org.osbuild.ostree.deployment
options:
source: mount
deployment:
default: true
- name: boot
type: org.osbuild.ext4
source: disk
partition:
mpp-format-int: '{image.layout[''boot''].partnum}'
target: /boot
- name: qemu
build:
mpp-format-string: '{buildroot}'
stages:
- type: org.osbuild.qemu
inputs:
image:
type: org.osbuild.files
origin: org.osbuild.pipeline
references:
name:raw-qemu-image:
file: disk.img
options:
filename: qemu.qcow2
format:
type: qcow2
compression: false
compat: '1.1'
Reference in a new issue View git blame Copy permalink