wip

bootc/base/root/etc/systemd/system/flightctl-agent.service.d/override.conf

@@ -0,0 +1,3 @@
+[Service]
+# If the config file has been injected into the qcow2 image in /var, move it to the right place
+ExecStartPre=/bin/bash -Eeuo pipefail -c 'if [ -f /var/lib/flightctl/config.yaml -a ! -f /etc/flightctl/config.yaml ]; then mv /var/lib/flightctl/config.yaml /etc/flightctl/config.yaml; restorecon -RF /etc/flightctl/config.yaml; fi'

bootc/scenario1/root/etc/flightctl/hooks.d/afterupdating/30-nextcloud.yaml

@@ -0,0 +1,4 @@
+- if:
+  - path: /etc/containers/systemd/configs/nextcloud-config.env
+    op: [created, updated, removed]
+  run: systemctl restart nextcloud.target

bootc/scenario1/root/etc/systemd/system/nextcloud.target

@@ -5,6 +5,8 @@ Wants=nextcloud-db.service nextcloud-redis.service nextcloud-app.service nextclo
 After=nextcloud-db.service nextcloud-redis.service nextcloud-app.service nextcloud-nginx.service
 # Allow isolation - can stop/start this target independently
 AllowIsolate=yes
+# Only start if Nextcloud has been configured
+ConditionPathExists=/etc/containers/systemd/configs/nextcloud-config.env
 
 [Install]
 WantedBy=multi-user.target

bootc/scenario3a/Containerfile

@@ -5,4 +5,5 @@ ADD --chown=root:root root /
 RUN <<EOF
 set -Eeuo pipefail
 systemctl enable bootstrap-vm@nextcloud.service
+systemctl enable nftables.service
 EOF

bootc/scenario3a/root/etc/greenboot/check/required.d/30_nextcloud_check.sh

@@ -1,7 +1,5 @@
 #!/bin/bash
 
-exit 0 # Temporary disable the check
-
 set -Eeuo pipefail
 MAX_ATTEMPTS=60
 

bootc/scenario3a/root/etc/libvirt/qemu/networks/default.xml

@@ -11,9 +11,9 @@
   <ip address="192.168.122.1" netmask="255.255.255.0" localPtr="yes">
     <dhcp>
       <range start="192.168.122.100" end="192.168.122.200">
-        <lease expiry='1' unit='days'/>
+        <lease expiry='24' unit='hours'/>
       </range>
-      <host mac="04:00:00:00:00:01" name="vm.libvirt.test" ip="192.168.122.2" />
+      <host mac="04:00:00:00:00:01" name="nextcloud" ip="192.168.122.2" />
     </dhcp>
   </ip>
 </network>

bootc/scenario3a/root/etc/nftables/libvirt.nft

@@ -0,0 +1,16 @@
+#!/usr/sbin/nft -f
+
+destroy table ip libvirt-nat
+
+table ip libvirt-nat {
+    chain Pre-Routing {
+        type nat hook prerouting priority dstnat
+        policy accept
+
+        # Log incoming packets
+        iifname != lo iifname != virbr0 log prefix "PREROUTING: "
+
+        # Redirect port 80 to the Nextcloud VM
+        ip daddr 192.168.2.0/24 iifname != "virbr0" tcp dport { 80 } counter dnat to 192.168.122.2
+    }
+}

bootc/scenario3a/root/etc/sysconfig/nftables.conf

@@ -0,0 +1 @@
+include "/etc/nftables/libvirt.nft"

bootc/scenario3a/root/etc/systemd/system/bootstrap-vm@.service

@@ -3,13 +3,11 @@ Description=RHDE VM Bootstrap Service
 Documentation=man:systemd.service(5)
 
 # Only start if the VM root disk does not exist
-#ConditionPathExists=!/var/lib/libvirt/images/%i/root.qcow2
+ConditionPathExists=!/var/lib/libvirt/images/%i/root.qcow2
-ConditionPathExists=/dummy
 
 [Service]
 Type=oneshot
 Persistent=true
-#ExecStartPre=/usr/local/bin/configure-network.sh
 ExecStart=/usr/local/bin/bootstrap-vm.sh %i
 EnvironmentFile=/etc/default/bootstrap-vm-%i.env
 

bootc/scenario3a/root/usr/local/bin/bootstrap-vm.sh

@@ -9,7 +9,15 @@ fi
 
 VM="${1}"
 
-cp -a "/usr/local/libvirt/images/nextcloud/qcow2/disk.qcow2" "/var/lib/libvirt/images/${VM}/root.qcow2"
+mkdir -p "/var/lib/libvirt/images/${VM}"
+cp -a "/usr/local/libvirt/images/${VM}/qcow2/disk.qcow2" "/var/lib/libvirt/images/${VM}/root.qcow2"
+
+# Inject the Flightctl configuration file (w/ enrollment certificates) into the VM image
+if [ -f /etc/flightctl/config.yaml ]; then
+  guestfish --add /var/lib/libvirt/images/${VM}/root.qcow2 -m /dev/sda4 <<'EOF'
+copy-in /etc/flightctl/config.yaml /ostree/deploy/default/var/lib/flightctl/
+EOF
+fi
 
 virt-install --name "${VM}" \
              --autostart \
@@ -17,9 +25,10 @@ virt-install --name "${VM}" \
              --vcpus=${DOMAIN_VCPUS} \
              --ram=${DOMAIN_RAM} \
              --os-variant=${DOMAIN_OS_VARIANT} \
-             --disk=path=/var/lib/libvirt/images/${VM}/root.qcow2,bus=virtio,format=qcow2,size=${DOMAIN_DISK_SIZE}G \
+             --disk=path=/var/lib/libvirt/images/${VM}/root.qcow2,bus=virtio,format=qcow2,size=${DOMAIN_DISK_SIZE} \
              --console=pty,target_type=virtio \
              --serial=pty \
              --graphics=none \
              --import \
-             --network=network=bridged,mac=${DOMAIN_MAC_ADDRESS}
+             --network=network=default,mac=${DOMAIN_MAC_ADDRESS} \
+             --noautoconsole

bootc/scenario4/root/etc/flightctl/hooks.d/afterupdating/30-odoo.yaml

@@ -0,0 +1,4 @@
+- if:
+  - path: /etc/containers/systemd/configs/odoo-config.env
+    op: [created, updated, removed]
+  run: systemctl restart odoo.target

bootc/scenario4/root/etc/systemd/system/odoo.target

@@ -5,6 +5,8 @@ Wants=odoo-db.service odoo-init.service odoo-app.service
 After=odoo-db.service odoo-init.service odoo-app.service
 # Allow isolation - can stop/start this target independently
 AllowIsolate=yes
+# Only start if Odoo has been configured
+ConditionPathExists=/etc/containers/systemd/configs/odoo-config.env
 
 [Install]
 WantedBy=multi-user.target

flightctl/fleets.yaml

@@ -22,7 +22,7 @@ spec:
       - name: scenario1-config
         configType: GitConfigProviderSpec
         gitRef:
-          path: /flightctl/scenario1
+          path: /flightctl/scenario1/sites/{{ getOrDefault .metadata.labels "site" "default" }}/
           repository: demo-edge-retail
           targetRevision: main
   systemd:
@@ -32,6 +32,33 @@ spec:
 ---
 apiVersion: flightctl.io/v1alpha1
 kind: Fleet
+metadata:
+  annotations: {}
+  labels:
+    scenario: '3a'
+  name: scenario3a
+spec:
+  selector:
+    matchLabels:
+      scenario: '3a'
+      type: 'baremetal'
+  template:
+    metadata:
+      labels:
+        fleet: scenario3a
+    spec:
+      applications: []
+      config: []
+      os:
+        image: edge-registry.itix.fr/demo-edge-retail/scenario3a:latest
+  systemd:
+    matchPatterns:
+      - bootstrap-vm@nextcloud.service
+      - libvirtd.service
+      - nftables.service
+---
+apiVersion: flightctl.io/v1alpha1
+kind: Fleet
 metadata:
   annotations: {}
   labels:

flightctl/scenario1/sites/default/etc/motd.d/unconfigured

@@ -0,0 +1,6 @@
+
+
+HEADS UP !!!
+
+This system is not configured !
+

flightctl/scenario1/sites/villeneuve-d-ascq/etc/containers/systemd/configs/nextcloud-config.env

@@ -0,0 +1,16 @@
+##
+## Nextcloud Configuration Environment Variables
+##
+
+# Nextcloud domain configuration
+NEXTCLOUD_TRUSTED_DOMAINS=adlink-dlap-4001.itix.fr
+OVERWRITEHOST=adlink-dlap-4001.itix.fr
+OVERWRITEPROTOCOL=http
+OVERWRITECLIURL=http://adlink-dlap-4001.itix.fr
+
+# Nextcloud admin credentials
+NEXTCLOUD_ADMIN_USER=admin
+NEXTCLOUD_ADMIN_PASSWORD=nextcloud
+
+# Nextcloud server info token
+NEXTCLOUD_SERVERINFO_TOKEN=S3cr3t!

flightctl/scenario3a/sites/default/etc/motd.d/unconfigured

@@ -0,0 +1,6 @@
+
+
+HEADS UP !!!
+
+This system is not configured !
+

flightctl/scenario3a/sites/paris-wagram/etc/containers/systemd/villeneuve-d-ascq/odoo-config.env

@@ -0,0 +1,4 @@
+DATABASE=redhat
+ADMIN_PASSWORD=R3dH4t!
+RIBBON_COLOR=rgba(255,0,0,.6)
+RIBBON_NAME=Paris Wagram<br/>({db_name})

flightctl/scenario3a/sites/villeneuve-d-ascq/etc/containers/systemd/villeneuve-d-ascq/odoo-config.env

@@ -0,0 +1,4 @@
+DATABASE=redhat
+ADMIN_PASSWORD=R3dH4t!
+RIBBON_COLOR=rgba(0,0,255,.6)
+RIBBON_NAME=Villeneuve d'Ascq<br/>({db_name})