--- openapi: 3.0.1 info: version: "1.0" title: Image-builder service description: Service that relays image build requests license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0.html servers: - url: "/api/image-builder/v1" - url: "/api/image-builder/v1.0" paths: /version: get: summary: get the service version description: "get the service version" operationId: getVersion tags: - meta responses: '200': description: a service version content: application/json: schema: $ref: '#/components/schemas/Version' /ready: get: summary: return the readiness operationId: getReadiness tags: - meta responses: '200': description: readiness content: application/json: schema: $ref: '#/components/schemas/Readiness' /openapi.json: get: summary: get the openapi json specification operationId: getOpenapiJson tags: - meta - noAuth responses: '200': description: returns this document content: application/json: schema: type: object /distributions: get: summary: get the distributions available to this user operationId: getDistributions tags: - distribution responses: '200': description: | A list of distributions this user has access to. Some distributions are restricted, so this list might not correspond to the Distributions (enum) schema for a given user. content: application/json: schema: $ref: '#/components/schemas/DistributionsResponse' /architectures/{distribution}: get: summary: get the architectures and their image types available for a given distribution parameters: - in: path name: distribution schema: $ref: '#/components/schemas/Distributions' required: true description: distribution for which to look up available architectures example: 'rhel-84' operationId: getArchitectures tags: - distribution - architecture responses: '200': description: a list of available architectures and their associated image types content: application/json: schema: $ref: '#/components/schemas/Architectures' '403': description: user is not allowed to build or query this distribution content: application/json: schema: $ref: '#/components/schemas/HTTPErrorList' /composes: get: summary: get a collection of previous compose requests for the logged in user operationId: getComposes tags: - compose parameters: - in: query name: limit schema: type: integer default: 100 minimum: 1 maximum: 100 description: max amount of composes, default 100 - in: query name: offset schema: type: integer default: 0 minimum: 0 description: composes page offset, default 0 - in: query name: ignoreImageTypes required: false schema: type: array items: $ref: '#/components/schemas/ImageTypes' example: ['rhel-edge-installer', 'rhel-edge-commit', ...] description: | Filter the composes on image type. The filter is optional and can be specified multiple times. responses: '200': description: a list of composes content: application/json: schema: $ref: '#/components/schemas/ComposesResponse' /composes/{composeId}: parameters: - in: path name: composeId schema: type: string format: uuid example: '123e4567-e89b-12d3-a456-426655440000' required: true description: Id of compose get: summary: get status of an image compose description: "status of an image compose" operationId: getComposeStatus tags: - compose responses: '200': description: compose status content: application/json: schema: $ref: '#/components/schemas/ComposeStatus' delete: summary: delete a compose description: | Deletes a compose, the compose will still count towards quota. operationId: deleteCompose responses: 200: description: OK /composes/{composeId}/metadata: get: summary: get metadata of an image compose parameters: - in: path name: composeId schema: type: string format: uuid example: '123e4567-e89b-12d3-a456-426655440000' required: true description: Id of compose metadata to get description: "metadata for an image compose" operationId: getComposeMetadata tags: - compose responses: '200': description: compose metadata content: application/json: schema: $ref: '#/components/schemas/ComposeMetadata' /composes/{composeId}/clone: post: summary: clone a compose description: | Clones a compose. Only composes with the 'aws' image type currently support cloning. parameters: - in: path name: composeId schema: type: string format: uuid example: '123e4567-e89b-12d3-a456-426655440000' required: true description: Id of compose to clone operationId: cloneCompose tags: - compose requestBody: required: true description: details of the new clone content: application/json: schema: $ref: "#/components/schemas/CloneRequest" responses: '201': description: cloning has started content: application/json: schema: $ref: "#/components/schemas/CloneResponse" /composes/{composeId}/clones: get: summary: get clones of a compose parameters: - in: path name: composeId schema: type: string format: uuid example: '123e4567-e89b-12d3-a456-426655440000' required: true description: Id of compose to get the clones of - in: query name: limit schema: type: integer default: 100 minimum: 1 maximum: 100 description: max amount of clones, default 100 - in: query name: offset schema: type: integer default: 0 minimum: 0 description: clones page offset, default 0 description: | Returns a list of all the clones which were started for a compose operationId: getComposeClones tags: - compose responses: '200': description: compose clones content: application/json: schema: $ref: '#/components/schemas/ClonesResponse' /clones/{id}: get: summary: get status of a compose clone parameters: - in: path name: id schema: type: string format: uuid example: '123e4567-e89b-12d3-a456-426655440000' required: true description: Id of clone status to get description: status of a clone operationId: getCloneStatus tags: - compose responses: '200': description: clone status content: application/json: schema: $ref: '#/components/schemas/CloneStatusResponse' /compose: post: summary: compose image description: "compose image" operationId: composeImage tags: - compose requestBody: required: true description: details of image to be composed content: application/json: schema: $ref: "#/components/schemas/ComposeRequest" responses: '201': description: compose has started content: application/json: schema: $ref: '#/components/schemas/ComposeResponse' '400': description: the compose request is malformed content: application/json: schema: $ref: '#/components/schemas/HTTPErrorList' '403': description: user is not allowed to build this distribution content: application/json: schema: $ref: '#/components/schemas/HTTPErrorList' /packages: get: parameters: - in: query name: distribution required: true schema: $ref: '#/components/schemas/Distributions' description: distribution to look up packages for - in: query name: architecture required: true schema: type: string enum: ['x86_64', 'aarch64'] description: architecture to look up packages for - in: query name: search required: true schema: type: string description: packages to look for - in: query name: limit schema: type: integer default: 100 minimum: 1 maximum: 100 description: max amount of packages, default 100 - in: query name: offset schema: type: integer default: 0 minimum: 0 description: packages page offset, default 0 operationId: getPackages tags: - package responses: '200': description: a list of packages content: application/json: schema: $ref: '#/components/schemas/PackagesResponse' '403': description: user is not allowed to build or query this distribution content: application/json: schema: $ref: '#/components/schemas/HTTPErrorList' /oscap/{distribution}/profiles: parameters: - in: path name: distribution schema: $ref: '#/components/schemas/Distributions' required: true get: summary: get the available profiles for a given distribution. This is a temporary endpoint meant to be removed soon. operationId: getOscapProfiles tags: - oscap responses: '200': description: | A list of profiles configurable for this distribution. content: application/json: schema: $ref: '#/components/schemas/DistributionProfileResponse' /oscap/{distribution}/{profile}/customizations: parameters: - in: path name: distribution schema: $ref: '#/components/schemas/Distributions' required: true - in: path name: profile schema: $ref: '#/components/schemas/DistributionProfileItem' required: true description: Name of the profile to retrieve customizations from get: summary: get the customizations for a given distribution and profile. This is a temporary endpoint meant to be removed soon. operationId: getOscapCustomizations tags: - oscap responses: '200': description: | A customizations array updated with the needed elements. content: application/json: schema: $ref: '#/components/schemas/Customizations' /experimental/blueprints: get: summary: get a collection of blueprints description: "get a collection of blueprints, returns just the latest version of each blueprint" operationId: getBlueprints tags: - blueprint parameters: - in: query name: name required: false schema: type: string description: fetch blueprint with specific name - in: query name: search required: false schema: type: string description: search for blueprints by name or description - in: query name: limit schema: type: integer default: 100 minimum: 1 maximum: 100 description: max amount of blueprints, default 100 - in: query name: offset schema: type: integer default: 0 minimum: 0 description: blueprint page offset, default 0 responses: '200': description: a list of blueprints content: application/json: schema: $ref: '#/components/schemas/BlueprintsResponse' post: summary: create blueprint description: "create blueprint" operationId: createBlueprint tags: - blueprint requestBody: required: true description: details of blueprint content: application/json: schema: $ref: "#/components/schemas/CreateBlueprintRequest" responses: '201': description: blueprint was saved content: application/json: schema: $ref: '#/components/schemas/CreateBlueprintResponse' '422': description: blueprint is malformed content: application/json: schema: $ref: '#/components/schemas/HTTPErrorList' '403': description: user is not allowed to create blueprints content: application/json: schema: $ref: '#/components/schemas/HTTPErrorList' /experimental/blueprints/{id}: parameters: - in: path name: id schema: type: string format: uuid example: '123e4567-e89b-12d3-a456-426655440000' required: true description: UUID of a blueprint put: summary: update blueprint description: "update blueprint" operationId: updateBlueprint tags: - blueprint requestBody: required: true description: details of blueprint content: application/json: schema: $ref: "#/components/schemas/CreateBlueprintRequest" responses: '200': description: blueprint was updated content: application/json: schema: $ref: '#/components/schemas/CreateBlueprintResponse' '404': description: blueprint was not found content: application/json: schema: $ref: '#/components/schemas/HTTPErrorList' get: summary: get detail of a blueprint description: "get a blueprint detail" operationId: getBlueprint tags: - blueprint responses: '200': description: detail of a blueprint content: application/json: schema: $ref: '#/components/schemas/BlueprintResponse' '404': description: blueprint was not found content: application/json: schema: $ref: '#/components/schemas/HTTPErrorList' delete: summary: delete a blueprint description: | Deletes all versions of Blueprint, the compose will still count towards quota. operationId: deleteBlueprint tags: - blueprint responses: '204': description: Successfully deleted '404': description: Blueprint to delete was not found content: application/json: schema: $ref: '#/components/schemas/HTTPErrorList' /experimental/blueprints/{id}/compose: post: parameters: - in: path name: id schema: type: string format: uuid example: '123e4567-e89b-12d3-a456-426655440000' required: true description: UUID of a blueprint summary: create new compose from blueprint description: "create new compose from blueprint" operationId: composeBlueprint tags: - blueprint responses: '201': description: compose was created content: application/json: schema: type: array items: $ref: '#/components/schemas/ComposeResponse' '403': description: user is not allowed to compose from blueprints content: application/json: schema: $ref: '#/components/schemas/HTTPErrorList' /experimental/blueprints/{id}/composes: get: summary: get composes associated with a blueprint description: "get a collection of composes associated to a blueprint, allows for filtering by version" operationId: getBlueprintComposes tags: - blueprint parameters: - in: path name: id schema: type: string format: uuid example: '123e4567-e89b-12d3-a456-426655440000' required: true description: UUID of a blueprint - in: query name: blueprint_version schema: type: integer description: | Filter by a specific version of the Blueprint we want to fetch composes for. Pass special value -1 to fetch composes for latest version of the Blueprint. - in: query name: limit schema: type: integer default: 100 minimum: 1 maximum: 100 description: max amount of composes, default 100 - in: query name: offset schema: type: integer default: 0 minimum: 0 description: composes page offset, default 0 - in: query name: ignoreImageTypes required: false schema: type: array items: $ref: '#/components/schemas/ImageTypes' example: ['rhel-edge-installer', 'rhel-edge-commit', ...] description: | Filter the composes on image type. The filter is optional and can be specified multiple times. responses: '200': description: a list of composes content: application/json: schema: $ref: '#/components/schemas/ComposesResponse' '404': description: blueprint was not found content: application/json: schema: $ref: '#/components/schemas/HTTPErrorList' /experimental/recommendations: post: summary: List recommended packages. description: "Returns a list of recommended packages for given list of packages." operationId: recommendPackage tags: - recommendations requestBody: content: application/json: schema: "$ref": "#/components/schemas/RecommendPackageRequest" required: true responses: '200': description: Return the recommended packages. content: application/json: schema: type: array items: $ref: "#/components/schemas/RecommendationsResponse" components: schemas: HTTPError: required: - title - detail properties: title: type: string detail: type: string HTTPErrorList: required: - errors properties: errors: type: array items: $ref: '#/components/schemas/HTTPError' Version: required: - version properties: version: type: string build_time: type: string build_commit: type: string Readiness: type: object required: - readiness properties: readiness: type: string ListResponseMeta: type: object required: - count properties: count: type: integer ListResponseLinks: type: object required: - first - last properties: first: type: string last: type: string DistributionsResponse: type: array description: | List of distributions this user is allowed to build. items: $ref: '#/components/schemas/DistributionItem' DistributionItem: type: object required: - name - description properties: description: type: string example: 'Red Hat Enterprise Linux (RHEL) 8.4' name: type: string example: 'rhel-84' Architectures: type: array items: $ref: '#/components/schemas/ArchitectureItem' ArchitectureItem: type: object required: - arch - image_types - repositories properties: arch: type: string example: 'x86_64' image_types: type: array items: type: string example: 'qcow2' repositories: type: array items: $ref: '#/components/schemas/Repository' description: Base repositories for the given distribution and architecture. ComposeStatus: required: - image_status - request properties: image_status: $ref: '#/components/schemas/ImageStatus' request: $ref: "#/components/schemas/ComposeRequest" ImageStatus: required: - status properties: status: type: string enum: ['success', 'failure', 'pending', 'building', 'uploading', 'registering'] example: 'success' upload_status: $ref: '#/components/schemas/UploadStatus' error: $ref: '#/components/schemas/ComposeStatusError' ComposeStatusError: required: - id - reason properties: id: type: integer reason: type: string details: {} CloneStatusResponse: required: - compose_id allOf: - type: object properties: compose_id: type: string format: uuid - $ref: '#/components/schemas/UploadStatus' UploadStatus: required: - status - type - options properties: status: type: string enum: ['success', 'failure', 'pending', 'running'] type: $ref: '#/components/schemas/UploadTypes' options: oneOf: - $ref: '#/components/schemas/AWSUploadStatus' - $ref: '#/components/schemas/AWSS3UploadStatus' - $ref: '#/components/schemas/GCPUploadStatus' - $ref: '#/components/schemas/AzureUploadStatus' - $ref: '#/components/schemas/OCIUploadStatus' AWSUploadStatus: type: object required: - ami - region properties: ami: type: string example: 'ami-0c830793775595d4b' region: type: string example: 'eu-west-1' AWSS3UploadStatus: type: object required: - url properties: url: type: string GCPUploadStatus: type: object required: - project_id - image_name properties: project_id: type: string example: 'ascendant-braid-303513' image_name: type: string example: 'my-image' AzureUploadStatus: type: object required: - image_name properties: image_name: type: string example: 'my-image' OCIUploadStatus: type: object required: - url properties: url: type: string ComposeRequest: type: object additionalProperties: false required: - distribution - image_requests properties: distribution: $ref: '#/components/schemas/Distributions' image_name: type: string example: "MyImageName" maxLength: 100 image_description: type: string example: "MyImageDescription" maxLength: 250 client_id: $ref: '#/components/schemas/ClientId' image_requests: type: array minItems: 1 maxItems: 1 items: $ref: '#/components/schemas/ImageRequest' uniqueItems: true description: | Array of exactly one image request. Having more image requests in one compose is currently not supported. customizations: $ref: '#/components/schemas/Customizations' CreateBlueprintRequest: type: object additionalProperties: false required: - name - distribution - image_requests - customizations properties: name: type: string example: "My Blueprint" maxLength: 100 description: type: string example: "My blueprint description" maxLength: 250 distribution: $ref: '#/components/schemas/Distributions' image_requests: type: array minItems: 1 items: $ref: '#/components/schemas/ImageRequest' uniqueItems: true description: | Array of image requests. Having more image requests in a single blueprint is currently not supported. customizations: $ref: '#/components/schemas/Customizations' CreateBlueprintResponse: required: - id properties: id: type: string format: uuid BlueprintsResponse: required: - meta - links - data properties: meta: $ref: '#/components/schemas/ListResponseMeta' links: $ref: '#/components/schemas/ListResponseLinks' data: type: array items: $ref: '#/components/schemas/BlueprintItem' BlueprintItem: required: - id - version - name - description - last_modified_at properties: id: type: string format: uuid version: type: integer name: type: string description: type: string last_modified_at: type: string BlueprintResponse: required: - id - name - description - distribution - image_requests - customizations properties: id: type: string format: uuid name: type: string description: type: string distribution: $ref: '#/components/schemas/Distributions' image_requests: type: array minItems: 1 items: $ref: '#/components/schemas/ImageRequest' uniqueItems: true description: | Array of image requests. Having more image requests in a single blueprint is currently not supported. customizations: $ref: '#/components/schemas/Customizations' Distributions: type: string description: | List of all distributions that image builder supports. A user might not have access to restricted distributions. Restricted distributions include the RHEL nightlies and the Fedora distributions. enum: - rhel-8 - rhel-8-nightly - rhel-84 - rhel-85 - rhel-86 - rhel-87 - rhel-88 - rhel-89 - rhel-9 - rhel-9-nightly - rhel-90 - rhel-91 - rhel-92 - rhel-93 - centos-8 - centos-9 - fedora-37 - fedora-38 - fedora-39 - fedora-40 - fedora-41 ImageRequest: type: object additionalProperties: false required: - architecture - image_type - upload_request properties: architecture: type: string enum: - x86_64 - aarch64 description: | CPU architecture of the image, x86_64 and aarch64 are currently supported. image_type: $ref: '#/components/schemas/ImageTypes' upload_request: $ref: '#/components/schemas/UploadRequest' ostree: $ref: '#/components/schemas/OSTree' size: x-go-type: uint64 example: 4294967296 description: | Size of image, in bytes. When set to 0 the image size is a minimum defined by the image type. snapshot_date: type: string description: | Snapshotted content will be used instead of the official repositories of the distribution. The snapshot that was made closest to, but before the specified date will be used. If no snapshots made before the specified date can be found, the snapshot closest to, but after the specified date will be used. If no snapshots can be found at all, the request will fail. ImageTypes: type: string enum: - aws - azure - edge-commit - edge-installer - gcp - guest-image - image-installer - oci - vsphere - vsphere-ova - wsl # backwards compatible aliases - ami # == aws - rhel-edge-commit # == edge-commit - rhel-edge-installer # == edge-installer - vhd # == azure ComposesResponse: required: - meta - links - data properties: meta: $ref: '#/components/schemas/ListResponseMeta' links: $ref: '#/components/schemas/ListResponseLinks' data: type: array items: $ref: '#/components/schemas/ComposesResponseItem' ComposesResponseItem: required: - id - request - created_at properties: id: type: string format: uuid request: $ref: "#/components/schemas/ComposeRequest" created_at: type: string image_name: type: string client_id: $ref: '#/components/schemas/ClientId' blueprint_id: type: string format: uuid nullable: true blueprint_version: type: integer nullable: true ClientId: type: string enum: ["api", "ui"] default: "api" ComposeResponse: required: - id properties: id: type: string format: uuid UploadRequest: type: object required: - type - options properties: type: $ref: '#/components/schemas/UploadTypes' options: anyOf: - $ref: '#/components/schemas/AWSUploadRequestOptions' - $ref: '#/components/schemas/AWSS3UploadRequestOptions' - $ref: '#/components/schemas/GCPUploadRequestOptions' - $ref: '#/components/schemas/AzureUploadRequestOptions' - $ref: '#/components/schemas/OCIUploadRequestOptions' UploadTypes: type: string enum: - aws - gcp - azure - aws.s3 - oci.objectstorage AWSUploadRequestOptions: type: object properties: share_with_accounts: type: array example: ['123456789012'] items: type: string uniqueItems: true share_with_sources: type: array example: ['12345'] items: type: string uniqueItems: true AWSS3UploadRequestOptions: type: object GCPUploadRequestOptions: type: object properties: share_with_accounts: type: array example: [ 'user:alice@example.com', 'serviceAccount:my-other-app@appspot.gserviceaccount.com', 'group:admins@example.com', 'domain:example.com' ] description: | List of valid Google accounts to share the imported Compute Node image with. Each string must contain a specifier of the account type. Valid formats are: - 'user:{emailid}': An email address that represents a specific Google account. For example, 'alice@example.com'. - 'serviceAccount:{emailid}': An email address that represents a service account. For example, 'my-other-app@appspot.gserviceaccount.com'. - 'group:{emailid}': An email address that represents a Google group. For example, 'admins@example.com'. - 'domain:{domain}': The G Suite domain (primary) that represents all the users of that domain. For example, 'google.com' or 'example.com'. If not specified, the imported Compute Node image is not shared with any account. items: type: string uniqueItems: true AzureUploadRequestOptions: type: object required: - resource_group properties: source_id: type: string example: '12345' description: | ID of the source that will be used to resolve the tenant and subscription IDs. Do not provide a tenant_id or subscription_id when providing a source_id. tenant_id: type: string example: '5c7ef5b6-1c3f-4da0-a622-0b060239d7d7' description: | ID of the tenant where the image should be uploaded. This link explains how to find it in the Azure Portal: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-to-find-tenant When providing a tenant_id, also be sure to provide a subscription_id and do not include a source_id. subscription_id: type: string example: '4e5d8b2c-ab24-4413-90c5-612306e809e2' description: | ID of subscription where the image should be uploaded. When providing a subscription_id, also be sure to provide a tenant_id and do not include a source_id. resource_group: type: string example: 'ToucanResourceGroup' description: | Name of the resource group where the image should be uploaded. image_name: type: string example: 'LinuxImage' pattern: '(^[a-zA-Z0-9]$)|(^[a-zA-Z0-9][a-zA-Z0-9_\.-]*[a-zA-Z0-9_]$)' minLength: 1 maxLength: 60 description: | Name of the created image. Must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens. The total length is limited to 60 characters. OCIUploadRequestOptions: type: object OSTree: type: object properties: url: type: string contenturl: type: string description: | A URL which, if set, is used for fetching content. Implies that `url` is set as well, which will be used for metadata only. ref: type: string example: 'rhel/8/x86_64/edge' parent: type: string description: > Can be either a commit (example: 02604b2da6e954bd34b8b82a835e5a77d2b60ffa), or a branch-like reference (example: rhel/8/x86_64/edge) example: 'rhel/8/x86_64/edge' rhsm: type: boolean description: | Determines whether a valid subscription manager (candlepin) identity is required to access this repository. Consumer certificates will be used as client certificates when fetching metadata and content. PackagesResponse: type: object required: - meta - links - data properties: meta: $ref: '#/components/schemas/ListResponseMeta' links: $ref: '#/components/schemas/ListResponseLinks' data: type: array items: $ref: '#/components/schemas/Package' Package: required: - name - summary properties: name: type: string summary: type: string ComposeMetadata: type: object properties: packages: type: array items: $ref: '#/components/schemas/PackageMetadata' description: 'Package list including NEVRA' ostree_commit: type: string description: 'ID (hash) of the built commit' PackageMetadata: required: - type - name - version - release - arch - sigmd5 properties: type: type: string name: type: string version: type: string release: type: string epoch: type: string arch: type: string sigmd5: type: string signature: type: string RecommendPackageRequest: required: - packages - recommendedPackages type: object properties: packages: type: array items: type: string recommendedPackages: type: integer format: int32 default: 3 RecommendationsResponse: required: - packages type: object properties: packages: type: array items: type: string ClonesResponse: required: - meta - links - data properties: meta: $ref: '#/components/schemas/ListResponseMeta' links: $ref: '#/components/schemas/ListResponseLinks' data: type: array items: $ref: '#/components/schemas/ClonesResponseItem' ClonesResponseItem: required: - id - compose_id - request - created_at properties: id: type: string format: uuid compose_id: type: string format: uuid description: 'UUID of the parent compose of the clone' request: $ref: '#/components/schemas/CloneRequest' created_at: type: string CloneRequest: oneOf: - $ref: '#/components/schemas/AWSEC2Clone' AWSEC2Clone: type: object required: - region properties: region: type: string description: | A region as described in https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-regions share_with_accounts: type: array maxItems: 100 example: ['123456789012'] description: | An array of AWS account IDs as described in https://docs.aws.amazon.com/IAM/latest/UserGuide/console_account-alias.html items: type: string pattern: '^[0-9]{12}$' share_with_sources: type: array example: ['12345'] items: type: string uniqueItems: true CloneResponse: required: - id properties: id: type: string format: uuid example: '123e4567-e89b-12d3-a456-426655440000' DistributionProfileResponse: type: array description: | List of profiles for a given distribution items: $ref: '#/components/schemas/DistributionProfileItem' DistributionProfileItem: type: string enum: - xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced - xccdf_org.ssgproject.content_profile_anssi_bp28_high - xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary - xccdf_org.ssgproject.content_profile_anssi_bp28_minimal - xccdf_org.ssgproject.content_profile_cis - xccdf_org.ssgproject.content_profile_cis_server_l1 - xccdf_org.ssgproject.content_profile_cis_workstation_l1 - xccdf_org.ssgproject.content_profile_cis_workstation_l2 - xccdf_org.ssgproject.content_profile_cui - xccdf_org.ssgproject.content_profile_e8 - xccdf_org.ssgproject.content_profile_hipaa - xccdf_org.ssgproject.content_profile_ism_o - xccdf_org.ssgproject.content_profile_ospp - xccdf_org.ssgproject.content_profile_pci-dss - xccdf_org.ssgproject.content_profile_standard - xccdf_org.ssgproject.content_profile_stig - xccdf_org.ssgproject.content_profile_stig_gui # all customizations and sub-objects Customizations: type: object properties: containers: type: array items: $ref: '#/components/schemas/Container' description: Container images to embed into the final artfact directories: type: array items: $ref: '#/components/schemas/Directory' description: Directories to create in the final artifact files: type: array items: $ref: '#/components/schemas/File' description: Files to create in the final artifact subscription: $ref: '#/components/schemas/Subscription' packages: type: array maxItems: 10000 example: ['postgresql'] items: type: string payload_repositories: type: array items: $ref: '#/components/schemas/Repository' custom_repositories: type: array items: $ref: '#/components/schemas/CustomRepository' openscap: $ref: '#/components/schemas/OpenSCAP' filesystem: type: array maxItems: 128 items: $ref: '#/components/schemas/Filesystem' users: type: array items: $ref: '#/components/schemas/User' description: "list of users that a customer can add, also specifying their respective groups and SSH keys" services: $ref: '#/components/schemas/Services' hostname: type: string description: Configures the hostname example: myhostname kernel: $ref: '#/components/schemas/Kernel' groups: type: array description: List of groups to create items: $ref: '#/components/schemas/Group' timezone: $ref: '#/components/schemas/Timezone' locale: $ref: '#/components/schemas/Locale' firewall: $ref: '#/components/schemas/FirewallCustomization' installation_device: type: string description: | Name of the installation device, currently only useful for the edge-simplified-installer type example: /dev/sda fdo: $ref: '#/components/schemas/FDO' ignition: $ref: '#/components/schemas/Ignition' partitioning_mode: type: string enum: - raw - lvm - auto-lvm description: | Select how the disk image will be partitioned. 'auto-lvm' will use raw unless there are one or more mountpoints in which case it will use LVM. 'lvm' always uses LVM, even when there are no extra mountpoints. 'raw' uses raw partitions even when there are one or more mountpoints. fips: $ref: '#/components/schemas/FIPS' installer: $ref: '#/components/schemas/Installer' Container: type: object required: - source properties: source: type: string description: Reference to the container to embed example: 'registry.example.com/image:tag' name: type: string description: Name to use for the container from the image tls_verify: type: boolean description: Control TLS verifification example: true FirewallCustomization: type: object description: Firewalld configuration additionalProperties: false properties: ports: type: array description: List of ports (or port ranges) and protocols to open example: ["22:tcp", "80:tcp", "imap:tcp"] items: type: string services: type: object description: Firewalld services to enable or disable additionalProperties: false properties: enabled: type: array description: List of services to enable example: ["ftp", "ntp"] items: type: string disabled: type: array description: List of services to disable example: ["telnet"] items: type: string Directory: type: object description: | A custom directory to create in the final artifact. required: - path properties: path: type: string description: Path to the directory example: '/etc/mydir' mode: type: string description: Permissions string for the directory in octal format example: "0755" user: oneOf: - type: string - type: integer description: Owner of the directory as a user name or a uid example: 'root' group: oneOf: - type: string - type: integer description: Group of the directory as a group name or a gid example: 'root' ensure_parents: type: boolean description: Ensure that the parent directories exist default: false File: type: object description: | A custom file to create in the final artifact. required: - path properties: path: type: string description: Path to the file example: '/etc/myfile' mode: type: string description: Permissions string for the file in octal format example: "0644" user: oneOf: - type: string - type: integer description: Owner of the file as a uid or a user name example: 'root' group: oneOf: - type: string - type: integer description: Group of the file as a gid or a group name example: 'root' data: type: string description: Contents of the file as plain text data_encoding: type: string enum: ['plain', 'base64'] description: When data is base64-encoded to prevent Akamai content filter false positives default: 'plain' ensure_parents: type: boolean description: Ensure that the parent directories exist example: true default: false Kernel: type: object additionalProperties: false properties: name: type: string description: Name of the kernel to use example: kernel-debug append: type: string description: Appends arguments to the bootloader kernel command line example: nosmt=force Services: type: object additionalProperties: false properties: enabled: description: List of services to enable by default type: array minItems: 1 items: type: string example: "nftables" disabled: description: List of services to disable by default type: array minItems: 1 items: type: string example: "firewalld" masked: description: List of services to mask by default type: array minItems: 1 items: type: string example: "telnet" Timezone: type: object description: Timezone configuration additionalProperties: false properties: timezone: type: string description: Name of the timezone, defaults to UTC example: US/Eastern ntpservers: type: array description: List of ntp servers example: ["0.north-america.pool.ntp.org", "1.north-america.pool.ntp.org"] items: type: string Locale: type: object description: Locale configuration additionalProperties: false properties: languages: type: array description: | List of locales to be installed, the first one becomes primary, subsequent ones are secondary example: ["en_US.UTF-8"] items: type: string keyboard: type: string description: Sets the keyboard layout example: us FDO: type: object additionalProperties: false description: FIDO device onboard configuration properties: manufacturing_server_url: type: string diun_pub_key_insecure: type: string diun_pub_key_hash: type: string diun_pub_key_root_certs: type: string FIPS: type: object additionalProperties: false description: System FIPS mode setup properties: enabled: type: boolean description: Enables the system FIPS mode default: false Installer: type: object additionalProperties: false description: Anaconda installer configuration properties: unattended: type: boolean description: | Create a kickstart file for a fully automated installation sudo-nopasswd: type: array items: type: string description: | Enable passwordless sudo for users or groups (groups must be prefixed by %) Ignition: type: object additionalProperties: false description: Ignition configuration properties: embedded: $ref: '#/components/schemas/IgnitionEmbedded' firstboot: $ref: '#/components/schemas/IgnitionFirstboot' IgnitionEmbedded: type: object additionalProperties: false required: - config properties: config: type: string IgnitionFirstboot: type: object additionalProperties: false required: - url properties: url: type: string description: Provisioning URL Group: type: object additionalProperties: false required: - name properties: name: type: string description: Name of the group to create gid: type: integer description: Group id of the group to create (optional) User: type: object required: - name - ssh_key properties: name: type: string example: "user1" ssh_key: type: string example: "ssh-rsa AAAAB3NzaC1" Filesystem: type: object required: - mountpoint - min_size properties: mountpoint: type: string example: '/var' min_size: x-go-type: uint64 example: 2147483648 description: 'size of the filesystem in bytes' Subscription: type: object required: - organization - activation-key - server-url - base-url - insights properties: organization: type: integer example: 2040324 activation-key: type: string format: password example: 'my-secret-key' server-url: type: string example: 'subscription.rhsm.redhat.com' base-url: type: string example: http://cdn.redhat.com/ insights: type: boolean example: true rhc: type: boolean default: false example: true description: | Optional flag to use rhc to register the system, which also always enables Insights. OpenSCAP: type: object required: - profile_id properties: profile_id: type: string example: "xccdf_org.ssgproject.content_profile_cis" description: "The policy reference ID" profile_name: type: string description: "The policy type" profile_description: type: string description: "The longform policy description" CustomRepository: type: object required: - id description: | Repository configuration for custom repositories. At least one of the 'baseurl', 'mirrorlist', 'metalink' properties must be specified. If more of them are specified, the order of precedence is the same as listed above. Id is required. properties: id: type: string name: type: string filename: type: string baseurl: type: array example: [ 'https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/' ] items: type: string format: uri mirrorlist: type: string format: uri example: 'http://mirrorlist.centos.org/?release=8-stream&arch=aarch64&repo=BaseOS' metalink: type: string format: uri example: 'https://mirrors.fedoraproject.org/metalink?repo=fedora-32&arch=x86_64' gpgkey: type: array example: [ "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINBGAcScoBEADLf8YHkezJ6adlMYw7aGGIlJalt8Jj2x/B2K+hIfIuxGtpVj7e\nLRgDU76jaT5pVD5mFMJ3pkeneR/cTmqqQkNyQshX2oQXwEzUSb1CNMCfCGgkX8Q2\nzZkrIcCrF0Q2wrKblaudhU+iVanADsm18YEqsb5AU37dtUrM3QYdWg9R+XiPfV8R\nKBjT03vVBOdMSsY39LaCn6Ip1Ovp8IEo/IeEVY1qmCOPAaK0bJH3ufg4Cueks+TS\nwQWTeCLxuZL6OMXoOPKwvMQfxbg1XD8vuZ0Ktj/cNH2xau0xmsAu9HJpekvOPRxl\nyqtjyZfroVieFypwZgvQwtnnM8/gSEu/JVTrY052mEUT7Ccb74kcHFTFfMklnkG/\n0fU4ARa504H3xj0ktbe3vKcPXoPOuKBVsHSv00UGYAyPeuy+87cU/YEhM7k3SVKj\n6eIZgyiMO0wl1YGDRKculwks9A+ulkg1oTb4s3zmZvP07GoTxW42jaK5WS+NhZee\n860XoVhbc1KpS+jfZojsrEtZ8PbUZ+YvF8RprdWArjHbJk2JpRKAxThxsQAsBhG1\n0Lux2WaMB0g2I5PcMdJ/cqjo08ccrjBXuixWri5iu9MXp8qT/fSzNmsdIgn8/qZK\ni8Qulfu77uqhW/wt2btnitgRsqjhxMujYU4Zb4hktF8hKU/XX742qhL5KwARAQAB\ntDFGZWRvcmEgKDM1KSA8ZmVkb3JhLTM1LXByaW1hcnlAZmVkb3JhcHJvamVjdC5v\ncmc+iQJOBBMBCAA4FiEEeH6mrhFH7uVsQLMM20Y5cZhnxY8FAmAcScoCGw8FCwkI\nBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ20Y5cZhnxY+NYA/7BYpglySAZYHhjyKh\n/+f6zPfVvbH20Eq3kI7OFBN0nLX+BU1muvS+qTuS3WLrB3m3GultpKREJKLtm5ED\n1rGzXAoT1yp9YI8LADdMCCOyjAjsoWU87YUuC+/bnjrTeR2LROCfyPC76W985iOV\nm5S+bsQDw7C2LrldAM4MDuoyZ1SitGaZ4KQLVt+TEa14isYSGCjzo7PY8V3JOk50\ngqWg82N/bm2EzS7T83WEDb1lvj4IlvxgIqKeg11zXYxmrYSZJJCfvzf+lNS6uxgH\njx/J0ylZ2LibGr6GAAyO9UWrAZSwSM0EcjT8wECnxkSDuyqmWwVvNBXuEIV8Oe3Y\nMiU1fJN8sd7DpsFx5M+XdnMnQS+HrjTPKD3mWrlAdnEThdYV8jZkpWhDys3/99eO\nhk0rLny0jNwkauf/iU8Oc6XvMkjLRMJg5U9VKyJuWWtzwXnjMN5WRFBqK4sZomMM\nftbTH1+5ybRW/A3vBbaxRW2t7UzNjczekSZEiaLN9L/HcJCIR1QF8682DdAlEF9d\nk2gQiYSQAaaJ0JJAzHvRkRJLLgK2YQYiHNVy2t3JyFfsram5wSCWOfhPeIyLBTZJ\nvrpNlPbefsT957Tf2BNIugzZrC5VxDSKkZgRh1VGvSIQnCyzkQy6EU2qPpiW59G/\nhPIXZrKocK3KLS9/izJQTRltjMA=\n=PfT7\n-----END PGP PUBLIC KEY BLOCK-----\n" ] description: 'GPG key used to sign packages in this repository. Can be a gpg key or a URL' items: type: string check_gpg: type: boolean check_repo_gpg: type: boolean enabled: type: boolean priority: type: integer ssl_verify: type: boolean module_hotfixes: type: boolean Repository: type: object required: - rhsm properties: rhsm: type: boolean baseurl: type: string format: uri example: 'https://cdn.redhat.com/content/dist/rhel8/8/x86_64/baseos/os/' mirrorlist: type: string format: uri example: 'http://mirrorlist.centos.org/?release=8-stream&arch=aarch64&repo=BaseOS' metalink: type: string format: uri example: 'https://mirrors.fedoraproject.org/metalink?repo=fedora-32&arch=x86_64' gpgkey: type: string check_gpg: type: boolean check_repo_gpg: type: boolean default: false description: | Enables gpg verification of the repository metadata ignore_ssl: type: boolean module_hotfixes: type: boolean