forked from openshift/os
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Make c9s variant contain c9s content only, no OCP content
This is a first stab at openshift#799, aimed at the c9s variant to start. In this model, the base (container and disk) images we build in the pipeline do not contain any OCP-specific details. The compose is made up purely of RPMs coming out directly from the c9s pungi composes. Let's go over details of this in bullet form: 1. To emphasize the binding to c9s composes, we change the versioning scheme: the version string is now *exactly* the same version as the pungi compose from which we've built (well, we do add a `.N` field because we want to be able to rebuild multiple times on top of the same base pungi compose). It's almost like if our builds are part of the c9s pungi composes directly. (And maybe one day they will be...) This is implemented using a `versionary` script that queries compose info. 2. We no longer include `packages-openshift.yaml`: this has all the OCP stuff that we want to do in a layered build instead. 3. We no longer completely rewrite `/etc/os-release`. The host *is* image-mode CentOS Stream and e.g. `ID` will now say `centos`. However, we do still inject `VARIANT` and `VARIANT_ID` fields to note that it's of the CoreOS kind. We should probably actually match FCOS here and properly add a CoreOS variant in the `centos-release` package. 4. Tests which have to do with the OpenShift layer now have the required tag `openshift`. This means that it'll no longer run in the default set of kola tests. When building the derived image, we will run just those tests using `kola run --tag openshift --oscontainer ...`. Note that to make this work, OCP itself still needs to actually have that derived image containing the OCP bits. For now, we will build this in the pipelines (as a separate artifact that we push to the repos) but the eventual goal is that we'd split that out of the pipeline and have it be more like how the rest of OCP is built (using Prow/OSBS/Konflux). Note also we don't currently build the c9s variant in the pipelines but this is a long time overdue IMO.
- Loading branch information
Showing
8 changed files
with
272 additions
and
107 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| # This container is currently built by `cosa buildextend-layered`, which will | ||
| # always set the base container image to be the one that was just built during | ||
| # base compose. In the future when this is a proper separate container image | ||
| # build (e.g. in OpenShift CI or Konflux), this would be a valid ref to the | ||
| # pushed RHCOS base image. | ||
| FROM overridden | ||
| RUN /run/src/config/scripts/apply-manifest /run/src/config/packages-openshift.yaml && \ | ||
| ostree container commit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,88 @@ | ||
| #!/usr/bin/python3 -u | ||
|
|
||
| # This is a hacky temporary script to apply an rpm-ostree manifest as part of a | ||
| # derived container build. It's only required because we're in this transitional | ||
| # state where some streams use the old way, and others use layering. Once all | ||
| # streams use layering, we should stop using manifests for tha layered bits. (An | ||
| # obvious question here is whether we should keep extending the `rpm-ostree ex | ||
| # rebuild` stuff to keep using manifests even in a layered build. Though likely | ||
| # similar functionality will live in dnf instead.) | ||
|
|
||
| # Note this only supports the subset of the manifest spec actually used in | ||
| # `packages-openshift.yaml`. | ||
|
|
||
| import os | ||
| import shutil | ||
| import subprocess | ||
| import sys | ||
| import yaml | ||
|
|
||
|
|
||
| def runcmd(args): | ||
| print("Running:", ' '.join(args)) | ||
| subprocess.check_call(args) | ||
|
|
||
|
|
||
| manifest_file = sys.argv[1] | ||
| manifest_dir = os.path.dirname(manifest_file) | ||
|
|
||
| with open(manifest_file) as f: | ||
| manifest = yaml.safe_load(f) | ||
|
|
||
| if len(manifest.get('packages', [])): | ||
|
|
||
| packages = [] | ||
| for pkg in manifest['packages']: | ||
| packages += pkg.split() | ||
| rpmostree_install = ['rpm-ostree', 'install', '-y'] + packages | ||
|
|
||
| # XXX: temporary hack for cri-o, which wants to create dirs under /opt | ||
| # https://github.com/CentOS/centos-bootc/issues/393 | ||
| if 'cri-o' in packages: | ||
| os.makedirs("/var/opt", exist_ok=True) | ||
|
|
||
| # move the canonical dir out of the way | ||
| moved_yum_repos_d = False | ||
| if 'repos' in manifest: | ||
| if os.path.isdir('/etc/yum.repos.d'): | ||
| # can't just os.rename here because of classic overlayfs | ||
| # non-POSIXness will hit EXDEV | ||
| shutil.copytree("/etc/yum.repos.d", "/etc/yum.repos.d.bak") | ||
| shutil.rmtree("/etc/yum.repos.d") | ||
| os.mkdir("/etc/yum.repos.d") | ||
| moved_yum_repos_d = True | ||
|
|
||
| for dir in [manifest_dir, "/run/src/yumrepos"]: | ||
| for ent in os.listdir(dir): | ||
| if ent.endswith(".repo"): | ||
| shutil.copy(os.path.join(dir, ent), "/etc/yum.repos.d") | ||
|
|
||
| rpmostree_install += ["--disablerepo=*"] | ||
| for repo in manifest['repos']: | ||
| rpmostree_install += [f"--enablerepo={repo}"] | ||
|
|
||
| if os.path.isfile("/etc/yum.repos.d/c9s.repo"): | ||
| # XXX: brutal hack for CentOS GPG key path because our c9s | ||
| # definitions have key paths that make sense for Fedora, not CentOS | ||
| # (note gpgcheck is still 1) | ||
| runcmd(['sed', '-i', '/gpgkey=/ d', '/etc/yum.repos.d/c9s.repo']) | ||
| # XXX: SHA1 version of the key isn't supported anymore. This isn't | ||
| # strictly required but squashes a warning. Should check why c9s is | ||
| # still shipping this; let it error out if it doesn't exist anymore, | ||
| # that way we'll know to remove this | ||
| os.unlink('/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Extras') | ||
|
|
||
| runcmd(rpmostree_install) | ||
|
|
||
| if moved_yum_repos_d: | ||
| shutil.rmtree("/etc/yum.repos.d") | ||
| os.rename("/etc/yum.repos.d.bak", "/etc/yum.repos.d") | ||
|
|
||
| if len(manifest.get('postprocess', [])): | ||
| for i, script in enumerate(manifest['postprocess']): | ||
| name = f"/tmp/postprocess-script-{i}" | ||
| with open(name, 'w') as f: | ||
| f.write(script) | ||
| os.chmod(name, 0o755) | ||
| runcmd([name]) | ||
| os.unlink(name) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.