Bertrand d'Hérouville
2 years ago
committed by
GitHub
GitHub
23 changed files with 888 additions and 1691 deletions
@ -1 +1,2 @@ |
|||
# red-hat-kiosk |
|||
# A Kiosk based on Red Hat Device Edge and Microshift |
|||
|
|||
|
|||
@ -0,0 +1,32 @@ |
|||
# Sample kiosk application |
|||
|
|||
Build the container image. |
|||
|
|||
```sh |
|||
podman build -t localhost/kiosk-app:latest . |
|||
``` |
|||
|
|||
Run the container image. |
|||
|
|||
```sh |
|||
podman run -it --rm --name kiosk-app -p 5000:5000 localhost/kiosk-app:latest |
|||
``` |
|||
|
|||
Test it. |
|||
|
|||
```sh |
|||
curl -I http://localhost:5000/ |
|||
``` |
|||
|
|||
Login to the registry. |
|||
|
|||
```sh |
|||
podman login quay.io |
|||
``` |
|||
|
|||
Publish it to the registry. |
|||
|
|||
```sh |
|||
podman tag localhost/kiosk-app:latest quay.io/nmasse_itix/kiosk-app:latest |
|||
podman push quay.io/nmasse_itix/kiosk-app:latest |
|||
``` |
|||
@ -1,70 +0,0 @@ |
|||
# Google Chrome RPM Installation Guide |
|||
|
|||
This guide provides step-by-step instructions for downloading and rebuilding the Google Chrome RPM package on a RPM-based Linux distribution. |
|||
|
|||
## Prerequisites |
|||
|
|||
Before you proceed, ensure that you have the following prerequisites installed on your system: |
|||
|
|||
- `rpmrebuild`: A tool for rebuilding RPM packages. |
|||
- `rpmbuild`: The RPM Package Manager build tool. |
|||
|
|||
## Installation Steps |
|||
|
|||
1. **Download Google RPM** |
|||
|
|||
```bash |
|||
# Replace <URL> with the actual download URL |
|||
wget <URL>/google-chrome-stable-119.0.6045.199-1.x86_64.rpm |
|||
``` |
|||
|
|||
2. **Rebuild the RPM Package** |
|||
|
|||
```bash |
|||
rpmrebuild -s google-chrome-stable.spec -p google-chrome-stable-119.0.6045.199-1.x86_64.rpm |
|||
``` |
|||
|
|||
3. **Extract the Contents** |
|||
|
|||
```bash |
|||
rpm2cpio google-chrome-stable-119.0.6045.199-1.x86_64.rpm | cpio -idmv |
|||
``` |
|||
|
|||
4. **Move Google Chrome to the Desired Location** |
|||
|
|||
```bash |
|||
mv opt/google usr/bin/ |
|||
``` |
|||
|
|||
5. **Create Symbolic Links** |
|||
|
|||
```bash |
|||
cd usr/bin/ |
|||
rm -f google-chrome-stable |
|||
ln -s google/chrome/google-chrome google-chrome-stable |
|||
ln -s google/chrome/google-chrome chrome |
|||
cd ../.. |
|||
``` |
|||
|
|||
6. **Create RPM Build Directory** |
|||
|
|||
```bash |
|||
mkdir -p $HOME/rpmbuild/BUILDROOT/google-chrome-stable-119.0.6045.199-1.x86_64 |
|||
``` |
|||
|
|||
7. **Copy Files to RPM Build Directory** |
|||
|
|||
```bash |
|||
for i in etc usr; do cp -r $i $HOME/rpmbuild/BUILDROOT/google-chrome-stable-119.0.6045.199-1.x86_64/; done |
|||
``` |
|||
|
|||
8. **Build the RPM Package** |
|||
|
|||
```bash |
|||
rpmbuild -bb google-chrome-stable.spec |
|||
``` |
|||
|
|||
After completing these steps, you should have successfully downloaded, rebuilt, and repackaged the Google Chrome RPM for your system. The resulting RPM package will be available in the RPM build directory (`$HOME/rpmbuild/RPMS/x86_64/`). |
|||
|
|||
Note: Ensure that you replace `<URL>` with the actual download URL of the Google Chrome RPM. |
|||
|
|||
File diff suppressed because it is too large
@ -0,0 +1,296 @@ |
|||
# Installation on RHEL 9 |
|||
|
|||
## Pre-requisites |
|||
|
|||
RHEL 9 pre-requisites : |
|||
|
|||
- RHEL 9 is installed |
|||
- The Red Hat repositories **baseos** and **appstream** are reachable |
|||
|
|||
Microshift pre-requisites : |
|||
|
|||
- RHEL 9.2 or 9.3 |
|||
- LVM volume group (VG) with unused space |
|||
|
|||
## Install Pre-requisites |
|||
|
|||
```sh |
|||
sudo subscription-manager register --username $RHN_LOGIN --auto-attach |
|||
sudo subscription-manager attach --pool=$RHN_POOL_ID |
|||
sudo dnf install -y osbuild-composer composer-cli cockpit-composer |
|||
sudo systemctl enable --now osbuild-composer.socket |
|||
sudo systemctl enable --now cockpit.socket |
|||
sudo systemctl restart osbuild-composer |
|||
sudo usermod -a -G weldr "$(id -un)" |
|||
``` |
|||
|
|||
Check that **os-composer** is working. |
|||
|
|||
``` |
|||
$ source /etc/bash_completion.d/composer-cli |
|||
$ composer-cli status show |
|||
API server status: |
|||
Database version: 0 |
|||
Database supported: true |
|||
Schema version: 0 |
|||
API version: 1 |
|||
Backend: osbuild-composer |
|||
Build: NEVRA:osbuild-composer-88.3-1.el9_3.x86_64 |
|||
|
|||
$ composer-cli sources list |
|||
appstream |
|||
baseos |
|||
``` |
|||
|
|||
## Clone this repository |
|||
|
|||
```sh |
|||
git clone https://github.com/nmasse-itix/red-hat-kiosk.git |
|||
cd red-hat-kiosk |
|||
export GIT_REPO_CLONE="$PWD" |
|||
``` |
|||
|
|||
## Create the container image |
|||
|
|||
Install podman and buildah. |
|||
|
|||
```sh |
|||
sudo dnf install -y podman buildah |
|||
``` |
|||
|
|||
Define the target image properties. |
|||
|
|||
```sh |
|||
REGISTRY="quay.io" |
|||
IMAGE_NAME="nmasse_itix/kiosk-app" |
|||
IMAGE_TAG="latest" |
|||
``` |
|||
|
|||
Build and push the image to the registry. |
|||
|
|||
```sh |
|||
cd "$GIT_REPO_CLONE/application" |
|||
podman build -t localhost/kiosk-app:latest . |
|||
podman login "$REGISTRY" |
|||
podman tag localhost/kiosk-app:latest "$REGISTRY/$IMAGE_NAME:$IMAGE_TAG" |
|||
podman push "$REGISTRY/$IMAGE_NAME:$IMAGE_TAG" |
|||
``` |
|||
|
|||
## Nginx configuration |
|||
|
|||
```sh |
|||
sudo dnf install -y nginx |
|||
sudo systemctl enable --now nginx.service |
|||
sudo firewall-cmd --permanent --add-port={80/tcp,443/tcp} |
|||
sudo firewall-cmd --reload |
|||
sudo mkdir -p /var/www |
|||
sudo restorecon -Rv /var/www |
|||
sudo sed -i.${EPOCHREALTIME:-bak} 's|/usr/share/nginx/html|/var/www|g' /etc/nginx/nginx.conf |
|||
sudo systemctl restart nginx.service |
|||
``` |
|||
|
|||
## Build the RPMS |
|||
|
|||
Pre-requisites |
|||
|
|||
```sh |
|||
sudo dnf install -y git rpm-build rpmdevtools |
|||
rm $HOME/rpmbuild |
|||
ln -sf "$GIT_REPO_CLONE/rpms" $HOME/rpmbuild |
|||
``` |
|||
|
|||
Build the `kiosk-config` RPM |
|||
|
|||
```sh |
|||
spectool -g -R $HOME/rpmbuild/SPECS/kiosk-config.spec |
|||
rpmbuild -ba $HOME/rpmbuild/SPECS/kiosk-config.spec |
|||
``` |
|||
|
|||
Build the `microshift-manifests` RPM |
|||
|
|||
```sh |
|||
spectool -g -R $HOME/rpmbuild/SPECS/microshift-manifests.spec |
|||
rpmbuild -ba $HOME/rpmbuild/SPECS/microshift-manifests.spec |
|||
``` |
|||
|
|||
Rebuild the Google Chrome RPM |
|||
|
|||
```sh |
|||
mkdir $HOME/rpmbuild/VENDOR |
|||
curl -s -Lo $HOME/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm |
|||
rpmrebuild -s $HOME/rpmbuild/SPECS/google-chrome-stable.spec -p $HOME/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm |
|||
RPM=$(rpm -q $HOME/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm) |
|||
mkdir -p $HOME/rpmbuild/BUILDROOT/$RPM/ |
|||
rpm2cpio $HOME/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm | cpio -idmv -D $HOME/rpmbuild/BUILDROOT/$RPM/ |
|||
( |
|||
set -Eeuo pipefail |
|||
cd $HOME/rpmbuild/BUILDROOT/$RPM/ |
|||
mv opt/google/ usr/bin/ |
|||
cd usr/bin/ |
|||
rm -f google-chrome-stable |
|||
ln -s google/chrome/google-chrome google-chrome-stable |
|||
ln -s google/chrome/google-chrome chrome |
|||
) || echo 'Repackaging failed!' |
|||
sed -i.${EPOCHREALTIME:-bak} 's|/opt/google|/usr/bin/google|g' $HOME/rpmbuild/SPECS/google-chrome-stable.spec |
|||
rpmbuild -bb $HOME/rpmbuild/SPECS/google-chrome-stable.spec |
|||
ls -l $HOME/rpmbuild/RPMS/x86_64/ |
|||
``` |
|||
|
|||
## Repository Creation |
|||
|
|||
Customize the desired location of the RPM repository: |
|||
|
|||
```sh |
|||
REPO_LOCATION="/opt/custom-rpms/" |
|||
``` |
|||
|
|||
Create the custom RPM repository: |
|||
|
|||
```sh |
|||
sudo dnf install -y createrepo |
|||
sudo mkdir -p "$REPO_LOCATION" |
|||
sudo cp $HOME/rpmbuild/RPMS/x86_64/* "$REPO_LOCATION" |
|||
sudo createrepo "$REPO_LOCATION" |
|||
sudo tee /etc/yum.repos.d/custom.repo <<EOF |
|||
[custom] |
|||
name = Custom RPMS |
|||
baseurl = file://$REPO_LOCATION |
|||
enabled = 1 |
|||
gpgcheck = 0 |
|||
EOF |
|||
``` |
|||
|
|||
Verify all packages are present. |
|||
|
|||
```sh |
|||
sudo dnf clean all |
|||
sudo dnf info kiosk-config google-chrome-stable microshift-manifests |
|||
``` |
|||
|
|||
## Blueprint preparation |
|||
|
|||
Customize the **kiosk** and **admin** user password if desired. |
|||
Set the **admin** user SSH public key (if it's not you). |
|||
|
|||
```sh |
|||
ADMIN_PASSWORD="$(openssl rand -base64 9)" |
|||
echo "Admin password is '$ADMIN_PASSWORD'" |
|||
ADMIN_SSH_PUBLIC_KEY="$(ssh-add -L | head -n 1)" |
|||
echo "Admin SSH public key: $ADMIN_SSH_PUBLIC_KEY" |
|||
``` |
|||
|
|||
Prepare the os-builder blueprint. |
|||
|
|||
```sh |
|||
sudo subscription-manager repos --enable rhocp-4.14-for-rhel-9-$(uname -m)-rpms --enable fast-datapath-for-rhel-9-$(uname -m)-rpms |
|||
sudo dnf info microshift |
|||
sudo dnf install -y mkpasswd podman |
|||
cd "$GIT_REPO_CLONE/imagebuilder" |
|||
ADMIN_PASSWORD_HASH="$(mkpasswd -m bcrypt "$ADMIN_PASSWORD")" |
|||
sed -i.${EPOCHREALTIME:-bak} "s|__ADMIN_PASSWORD__|$ADMIN_PASSWORD_HASH|" kiosk.toml |
|||
sed -i.${EPOCHREALTIME:-bak} "s|__ADMIN_SSH_PUBLIC_KEY__|$ADMIN_SSH_PUBLIC_KEY|" kiosk.toml |
|||
composer-cli sources add /dev/fd/0 <<EOF |
|||
check_gpg = false |
|||
check_ssl = false |
|||
id = "custom" |
|||
name = "custom packages for RHEL" |
|||
system = false |
|||
type = "yum-baseurl" |
|||
url = "file://$REPO_LOCATION" |
|||
EOF |
|||
composer-cli sources add /dev/fd/0 <<EOF |
|||
id = "rhocp-4.14" |
|||
name = "Red Hat OpenShift Container Platform 4.14 for RHEL 9" |
|||
type = "yum-baseurl" |
|||
url = "https://cdn.redhat.com/content/dist/layered/rhel9/$(uname -m)/rhocp/4.14/os" |
|||
check_gpg = true |
|||
check_ssl = true |
|||
system = false |
|||
rhsm = true |
|||
EOF |
|||
composer-cli sources add /dev/fd/0 <<EOF |
|||
id = "fast-datapath" |
|||
name = "Fast Datapath for RHEL 9" |
|||
type = "yum-baseurl" |
|||
url = "https://cdn.redhat.com/content/dist/layered/rhel9/$(uname -m)/fast-datapath/os" |
|||
check_gpg = true |
|||
check_ssl = true |
|||
system = false |
|||
rhsm = true |
|||
EOF |
|||
composer-cli sources add /dev/fd/0 <<EOF |
|||
id = "epel" |
|||
name = "Extra Packages for Enterprise Linux" |
|||
type = "yum-baseurl" |
|||
url = "http://mirror.in2p3.fr/pub/epel/9/Everything/x86_64/" |
|||
check_gpg = false |
|||
check_ssl = false |
|||
system = false |
|||
rhsm = false |
|||
EOF |
|||
composer-cli blueprints push kiosk.toml |
|||
``` |
|||
|
|||
## Ostree construction |
|||
|
|||
Create the ostree image. |
|||
|
|||
```sh |
|||
composer-cli blueprints depsolve kiosk |
|||
BUILDID=$(composer-cli compose start-ostree --ref "rhel/9/$(uname -m)/edge" kiosk edge-container | awk '{print $2}') |
|||
echo "Build $BUILDID is running..." |
|||
composer-cli compose status |
|||
``` |
|||
|
|||
Download the ostree server and run it. |
|||
|
|||
```sh |
|||
CONTAINER_IMAGE_FILE="$(composer-cli compose image "${BUILDID}")" |
|||
IMAGEID="$(podman load < "${BUILDID}-container.tar" | grep -o -P '(?<=sha256[@:])[a-z0-9]*')" |
|||
echo "Using image with id = $IMAGEID" |
|||
podman stop -i minimal-microshift-server |
|||
podman rm -i minimal-microshift-server |
|||
podman run -d --rm --name=minimal-microshift-server -p 8085:8080 ${IMAGEID} |
|||
``` |
|||
|
|||
## Build the ISO |
|||
|
|||
```sh |
|||
composer-cli blueprints push /dev/fd/0 <<EOF |
|||
name = "microshift-installer" |
|||
|
|||
description = "" |
|||
version = "0.0.0" |
|||
modules = [] |
|||
groups = [] |
|||
packages = [] |
|||
EOF |
|||
BUILDID=$(composer-cli compose start-ostree --url http://localhost:8085/repo/ --ref "rhel/9/$(uname -m)/edge" microshift-installer edge-installer | awk '{print $2}') |
|||
composer-cli compose status |
|||
composer-cli compose image "${BUILDID}" |
|||
``` |
|||
|
|||
## Prepare the Kickstart script |
|||
|
|||
[Generate a pull secret](https://console.redhat.com/openshift/install/pull-secret) and set the `MICROSHIFT_PULL_SECRET` variable. |
|||
|
|||
```sh |
|||
MICROSHIFT_PULL_SECRET='' # Generate one on https://console.redhat.com/openshift/install/pull-secret |
|||
``` |
|||
|
|||
Prepare the Kickstart script. |
|||
|
|||
```sh |
|||
cd "$GIT_REPO_CLONE/imagebuilder" |
|||
sed -i.${EPOCHREALTIME:-bak} "s|__MICROSHIFT_PULL_SECRET__|$MICROSHIFT_PULL_SECRET|" kiosk.ks |
|||
``` |
|||
|
|||
## Inject the Kickstart in the ISO |
|||
|
|||
```sh |
|||
sudo dnf install -y lorax pykickstart |
|||
ksvalidator kiosk.ks || echo "Kickstart has errors, please fix them!" |
|||
rm -f kiosk.iso && mkksiso -r "inst.ks inst.stage2" --ks kiosk.ks "${BUILDID}-installer.iso" kiosk.iso |
|||
ls -lh kiosk.iso |
|||
file kiosk.iso |
|||
``` |
|||
@ -0,0 +1,114 @@ |
|||
# Local development |
|||
|
|||
## Create a RHEL 9 Virtual Machine to play with os-builder and microshift |
|||
|
|||
Pre-requisites : |
|||
- Fedora 39 [with Libvirt installed](https://docs.fedoraproject.org/en-US/quick-docs/virtualization-getting-started/) |
|||
|
|||
Download [RHEL 9.3](https://access.redhat.com/downloads/content/rhel) and save `rhel-9.3-x86_64-kvm.qcow2` in `/var/lib/libvirt/images/base-images`. |
|||
|
|||
Create a file named `user-data.yaml` with the follwing content. |
|||
|
|||
```yaml |
|||
#cloud-config |
|||
|
|||
users: |
|||
- name: nmasse |
|||
gecos: Nicolas MASSE |
|||
groups: wheel |
|||
lock_passwd: false |
|||
passwd: $6$...123 # generate the hash with the "mkpasswd" command |
|||
ssh_authorized_keys: |
|||
- ssh-ed25519 123...456 |
|||
|
|||
write_files: |
|||
- path: /etc/sudoers |
|||
content: | |
|||
Defaults !visiblepw |
|||
Defaults always_set_home |
|||
Defaults match_group_by_gid |
|||
Defaults always_query_group_plugin |
|||
Defaults env_reset |
|||
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS" |
|||
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE" |
|||
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES" |
|||
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE" |
|||
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY" |
|||
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin |
|||
root ALL=(ALL) ALL |
|||
%wheel ALL=(ALL) NOPASSWD: ALL |
|||
#includedir /etc/sudoers.d |
|||
permissions: '0440' |
|||
append: false |
|||
``` |
|||
|
|||
Create the RHEL9 VM. |
|||
|
|||
```sh |
|||
sudo mkdir -p /var/lib/libvirt/images/rhel9 /var/lib/libvirt/images/base-images |
|||
sudo dnf install -y cloud-utils genisoimage |
|||
sudo cloud-localds /var/lib/libvirt/images/rhel9/cloud-init.iso user-data.yaml |
|||
|
|||
sudo virt-install --name rhel9 --autostart --noautoconsole --cpu host-passthrough \ |
|||
--vcpus 4 --ram 8192 --os-variant rhel9.3 \ |
|||
--disk path=/var/lib/libvirt/images/rhel9/rhel9.qcow2,backing_store=/var/lib/libvirt/images/base-images/rhel-9.3-x86_64-kvm.qcow2,size=100 \ |
|||
--disk path=/var/lib/libvirt/images/rhel9/data.qcow2,size=20 \ |
|||
--network network=default \ |
|||
--console pty,target.type=virtio --serial pty --import \ |
|||
--disk path=/var/lib/libvirt/images/rhel9/cloud-init.iso,readonly=on \ |
|||
--sysinfo system.serial=ds=nocloud |
|||
|
|||
sudo virsh console rhel9 |
|||
``` |
|||
|
|||
Create a PV and a VG for Microshift. |
|||
|
|||
```sh |
|||
sudo pvcreate /dev/vdb |
|||
sudo vgcreate data /dev/vdb |
|||
``` |
|||
|
|||
## Utility script that creates a VM to install RHEL for Edge |
|||
|
|||
```sh |
|||
#!/bin/bash |
|||
|
|||
set -Eeuo pipefail |
|||
|
|||
DOMAIN="kiosk" |
|||
BASE_IMAGE_URL="your-user@rhel9-vm:red-hat-kiosk/imagebuilder/kiosk.iso" |
|||
BASE_IMAGE_FILENAME="$(basename "$BASE_IMAGE_URL")" |
|||
OS_VARIANT="rhel9.3" |
|||
|
|||
virsh destroy "$DOMAIN" || true |
|||
virsh undefine "$DOMAIN" --nvram || true |
|||
|
|||
rm -rf "/var/lib/libvirt/images/$DOMAIN/" |
|||
mkdir -p "/var/lib/libvirt/images/$DOMAIN" |
|||
|
|||
scp "$BASE_IMAGE_URL" "/var/lib/libvirt/images/$DOMAIN/install.iso" |
|||
|
|||
virt-install --name "$DOMAIN" --autostart --cpu host-passthrough \ |
|||
--vcpus 2 --ram 4096 --os-variant "$OS_VARIANT" \ |
|||
--disk "path=/var/lib/libvirt/images/$DOMAIN/os.qcow2,size=20" \ |
|||
--disk "path=/var/lib/libvirt/images/$DOMAIN/data.qcow2,size=100" \ |
|||
--network network=default \ |
|||
--console pty,target.type=virtio --serial pty \ |
|||
--cdrom "/var/lib/libvirt/images/$DOMAIN/install.iso" \ |
|||
--boot uefi |
|||
``` |
|||
|
|||
Use it like follow : |
|||
|
|||
```sh |
|||
eval $(ssh-agent) |
|||
ssh-add |
|||
sudo --preserve-env=SSH_AUTH_SOCK ./kiosk.sh |
|||
``` |
|||
|
|||
## Use Microshift |
|||
|
|||
```sh |
|||
export KUBECONFIG=/var/lib/microshift/resources/kubeadmin/kubeconfig |
|||
oc get nodes |
|||
``` |
|||
@ -1,60 +1,92 @@ |
|||
## |
|||
## Environment setup |
|||
## |
|||
|
|||
# French I18n |
|||
lang fr_FR.UTF-8 |
|||
|
|||
# French keyboard layout |
|||
keyboard fr |
|||
timezone UTC --isUtc --ntpservers=rhel.pool.ntp.org |
|||
|
|||
# Timezone is UTC to avoid issue with DST |
|||
timezone UTC --utc |
|||
|
|||
# Configure NTP |
|||
timesource --ntp-server=rhel.pool.ntp.org |
|||
|
|||
# Which action to perform after install: poweroff or reboot |
|||
reboot |
|||
|
|||
# Install mode: text (interactive installs) or cmdline (unattended installs) |
|||
text |
|||
|
|||
## |
|||
## Storage configuration |
|||
## |
|||
|
|||
# Clear the target disk |
|||
zerombr |
|||
|
|||
# Remove existing partitions |
|||
clearpart --all --initlabel |
|||
autopart --type=plain --fstype=xfs --nohome |
|||
network --bootproto=dhcp |
|||
rootpw --iscrypted $6$vnnc7bdpgCJMBDB.$TRBsboYscXsKPv57IHnKuy1BzLhuejJgft17s07ZQRSsgFhPI9QLPX6Spt4AiND4TaolQAR8FzMV2Osf2dhj10 |
|||
#Use this line if creating an Edge Installer ISO that includes a local ostree commit |
|||
#ostreesetup --osname=rhel --url=file:///ostree/repo --ref=rhel/9/x86_64/edge --nogpg |
|||
#Use this to fetch from a remote URL |
|||
ostreesetup --osname=rhel --url=http://192.168.0.116:30239/repo --ref=rhel/9/x86_64/edge --nogpg |
|||
|
|||
%post |
|||
#Default to graphical boot target |
|||
systemctl set-default graphical.target |
|||
|
|||
#Enable autologin for the user kiosk |
|||
|
|||
sed -i '/^\[daemon\]/a AutomaticLoginEnable=True\nAutomaticLogin=kiosk\n' /etc/gdm/custom.conf |
|||
|
|||
#Configure user kiosk to use the kiosk session |
|||
mkdir -p /var/lib/AccountsService/users |
|||
cat > /var/lib/AccountsService/users/kiosk << 'EOF' |
|||
[User] |
|||
Session=gnome-kiosk-script |
|||
SystemAccount=false |
|||
EOF |
|||
|
|||
#Add url environment variable |
|||
cat >> /home/kiosk/.bashrc << 'EOF' |
|||
export KIOSK_URL=http://`ip -br a | grep -oP 'br-ex\s+UNKNOWN\s+\K[0-9.]+'`:30000 |
|||
EOF |
|||
# Automatically create partitions required by hardware platform |
|||
# and add a separate /boot partition |
|||
reqpart --add-boot |
|||
|
|||
#Configure the kiosk script to run firefox in kiosk mode and display our example URL |
|||
mkdir -p /home/kiosk/.local/bin/ |
|||
cat > /home/kiosk/.local/bin/gnome-kiosk-script << 'EOF' |
|||
#!/bin/sh |
|||
. ~/.bashrc |
|||
while true; do |
|||
/usr/bin/google/chrome/chrome --password-store=basic --no-default-browser-check --no-first-run --ash-no-nudges --disable-search-engine-choice-screen -kiosk ${KIOSK_URL} |
|||
done |
|||
EOF |
|||
# Create a PV, VG add LV for the system |
|||
part pv.01 --size=1 --grow --ondisk=vda |
|||
volgroup system pv.01 |
|||
logvol / --fstype="xfs" --size=1 --grow --name=root --vgname=system |
|||
|
|||
# Create a PV and VG for Microshift |
|||
part pv.02 --size=1 --grow --ondisk=vdb |
|||
volgroup data pv.02 |
|||
|
|||
## |
|||
## Alternative partitioning on only one disk |
|||
## |
|||
#zerombr |
|||
#clearpart --all --initlabel |
|||
#reqpart --add-boot |
|||
#part pv.01 --size=10G --ondisk=sda |
|||
#volgroup system pv.01 |
|||
#logvol / --fstype="xfs" --size=1 --grow --name=root --vgname=system |
|||
#part pv.02 --size=1 --grow --ondisk=sda |
|||
#volgroup data pv.02 |
|||
|
|||
## |
|||
## Network configuration |
|||
## |
|||
|
|||
#Ensure the files are owned by our unprivileged user and the script is executable |
|||
chown -R 1001:1001 /home/kiosk |
|||
chmod 555 /home/kiosk/.local/bin/gnome-kiosk-script |
|||
# Configure the first network device |
|||
network --bootproto=dhcp --device=enp1s0 --noipv6 --activate |
|||
|
|||
/etc/crio/openshift-pull-secret |
|||
# Configure hostname |
|||
network --hostname=kiosk.localdomain |
|||
|
|||
## |
|||
## Ostree installation |
|||
## |
|||
|
|||
# Use this line if creating an Edge Installer ISO that includes a local ostree commit |
|||
ostreesetup --nogpg --osname=rhel --remote=edge --url=file:///run/install/repo/ostree/repo --ref=rhel/9/x86_64/edge |
|||
|
|||
# Use this to fetch from a remote URL |
|||
#ostreesetup --osname=rhel --url=http://192.168.0.116:30239/repo --ref=rhel/9/x86_64/edge --nogpg |
|||
|
|||
## |
|||
## Post install scripts |
|||
## |
|||
%post --log=/var/log/anaconda/post-install.log --erroronfail |
|||
# Add the pull secret to CRI-O and set root user-only read/write permissions |
|||
cat > /etc/crio/openshift-pull-secret << 'EOF' |
|||
<YOUR_PULL_SECRET> |
|||
__MICROSHIFT_PULL_SECRET__ |
|||
EOF |
|||
chmod 600 /etc/crio/openshift-pull-secret |
|||
|
|||
|
|||
# Configure the firewall with the mandatory rules for MicroShift |
|||
firewall-offline-cmd --zone=trusted --add-source=10.42.0.0/16 |
|||
firewall-offline-cmd --zone=trusted --add-source=169.254.169.1 |
|||
|
|||
%end |
|||
|
|||
@ -0,0 +1,4 @@ |
|||
RPMS |
|||
SRPMS |
|||
BUILD |
|||
BUILDROOT |
|||
@ -0,0 +1,42 @@ |
|||
# Kiosk Setup Configuration |
|||
|
|||
## Pre-requisites |
|||
|
|||
```sh |
|||
sudo dnf install -y git rpm-build rpmdevtools |
|||
cd rpms |
|||
rm $HOME/rpmbuild && ln -sf $PWD $HOME/rpmbuild |
|||
``` |
|||
|
|||
## Build the kiosk-config package |
|||
|
|||
```sh |
|||
spectool -g -R $HOME/rpmbuild/SPECS/kiosk-config.spec |
|||
rpmbuild -ba $HOME/rpmbuild/SPECS/kiosk-config.spec |
|||
``` |
|||
|
|||
The resulting package is in `$HOME/rpmbuild/RPMS/x86_64`. |
|||
|
|||
## Rebuild the Google Chrome RPM |
|||
|
|||
```sh |
|||
mkdir $HOME/rpmbuild/VENDOR |
|||
curl -s -Lo $HOME/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm |
|||
rpmrebuild -s $HOME/rpmbuild/SPECS/google-chrome-stable.spec -p $HOME/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm |
|||
RPM=$(rpm -q $HOME/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm) |
|||
mkdir -p $HOME/rpmbuild/BUILDROOT/$RPM/ |
|||
rpm2cpio $HOME/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm | cpio -idmv -D $HOME/rpmbuild/BUILDROOT/$RPM/ |
|||
( |
|||
set -Eeuo pipefail |
|||
cd $HOME/rpmbuild/BUILDROOT/$RPM/ |
|||
mv opt/google/ usr/bin/ |
|||
cd usr/bin/ |
|||
rm -f google-chrome-stable |
|||
ln -s google/chrome/google-chrome google-chrome-stable |
|||
ln -s google/chrome/google-chrome chrome |
|||
) || echo 'Repackaging failed!' |
|||
sed -i.${EPOCHREALTIME:-bak} 's|/opt/google|/usr/bin/google|g' $HOME/rpmbuild/SPECS/google-chrome-stable.spec |
|||
rpmbuild -bb $HOME/rpmbuild/SPECS/google-chrome-stable.spec |
|||
``` |
|||
|
|||
The resulting package is in `$HOME/rpmbuild/RPMS/x86_64`. |
|||
@ -0,0 +1,5 @@ |
|||
[Desktop Entry] |
|||
Name=Sample Application |
|||
Type=Application |
|||
Exec=redhat-kiosk-sampleapp |
|||
X-GNOME-HiddenUnderSystemd=true |
|||
@ -0,0 +1,9 @@ |
|||
[Unit] |
|||
Description=Sample Application (Kiosk mode) |
|||
BindsTo=gnome-session.target |
|||
After=gnome-session.target |
|||
|
|||
[Service] |
|||
ExecStart=/usr/bin/kiosk-app |
|||
Restart=always |
|||
SendSIGHUP=true |
|||
@ -0,0 +1,10 @@ |
|||
#!/bin/sh |
|||
|
|||
set -Eeuo pipefail |
|||
|
|||
while ! curl -sf --connect-timeout 5 --expect100-timeout 5 "$KIOSK_URL"; do |
|||
echo "Waiting for the Kiosk APP to become available..." |
|||
sleep 10 |
|||
done |
|||
|
|||
exec /usr/bin/google/chrome/chrome --password-store=basic --no-default-browser-check --no-first-run --ash-no-nudges --disable-search-engine-choice-screen -kiosk "$KIOSK_URL" |
|||
@ -0,0 +1 @@ |
|||
export KIOSK_URL=http://10.43.191.230/ |
|||
@ -0,0 +1,4 @@ |
|||
apiVersion: kustomize.config.k8s.io/v1beta1 |
|||
kind: Kustomization |
|||
resources: |
|||
- main-manifest.yaml |
|||
@ -0,0 +1,133 @@ |
|||
apiVersion: v1 |
|||
kind: Namespace |
|||
metadata: |
|||
labels: |
|||
kubernetes.io/metadata.name: kiosk-app |
|||
name: kiosk-app |
|||
spec: |
|||
finalizers: |
|||
- kubernetes |
|||
--- |
|||
apiVersion: v1 |
|||
kind: ConfigMap |
|||
metadata: |
|||
name: haproxy |
|||
namespace: kiosk-app |
|||
data: |
|||
haproxy.cfg: | |
|||
global |
|||
log stdout format raw local0 |
|||
maxconn 4000 |
|||
|
|||
defaults |
|||
mode http |
|||
log global |
|||
option dontlognull |
|||
option redispatch |
|||
retries 3 |
|||
timeout http-request 10s |
|||
timeout queue 1m |
|||
timeout connect 10s |
|||
timeout client 1m |
|||
timeout server 1m |
|||
timeout http-keep-alive 10s |
|||
timeout check 10s |
|||
maxconn 3000 |
|||
|
|||
frontend webserver |
|||
bind 0.0.0.0:8080 |
|||
acl main_service_failed nbsrv(appserver_main) le 0 |
|||
use_backend appserver_backup if main_service_failed |
|||
default_backend appserver_main |
|||
|
|||
backend appserver_main |
|||
http-request set-header Host ipinfo.io |
|||
balance roundrobin |
|||
# 34.117.186.192 is one of the IP Addresses serving the website "ipinfo.io" |
|||
server svc-main1 34.117.186.192:80 check |
|||
|
|||
backend appserver_backup |
|||
http-request set-header Host kiosk-app.kiosk-app.svc.cluster.local |
|||
balance roundrobin |
|||
server svc-backup1 kiosk-app:5000 check |
|||
--- |
|||
apiVersion: apps/v1 |
|||
kind: Deployment |
|||
metadata: |
|||
name: haproxy |
|||
namespace: kiosk-app |
|||
spec: |
|||
replicas: 1 |
|||
selector: |
|||
matchLabels: |
|||
app: haproxy |
|||
template: |
|||
metadata: |
|||
labels: |
|||
app: haproxy |
|||
spec: |
|||
containers: |
|||
- name: haproxy |
|||
image: haproxy:latest |
|||
volumeMounts: |
|||
- name: config-volume |
|||
mountPath: /usr/local/etc/haproxy/haproxy.cfg |
|||
subPath: haproxy.cfg |
|||
ports: |
|||
- containerPort: 8080 |
|||
volumes: |
|||
- name: config-volume |
|||
configMap: |
|||
name: haproxy |
|||
--- |
|||
apiVersion: v1 |
|||
kind: Service |
|||
metadata: |
|||
name: haproxy |
|||
namespace: kiosk-app |
|||
spec: |
|||
type: ClusterIP |
|||
ipFamilies: |
|||
- IPv4 |
|||
ipFamilyPolicy: SingleStack |
|||
clusterIP: 10.43.191.230 |
|||
ports: |
|||
- port: 80 |
|||
protocol: TCP |
|||
targetPort: 8080 |
|||
selector: |
|||
app: haproxy |
|||
--- |
|||
apiVersion: apps/v1 |
|||
kind: Deployment |
|||
metadata: |
|||
name: kiosk-app |
|||
namespace: kiosk-app |
|||
spec: |
|||
replicas: 1 |
|||
selector: |
|||
matchLabels: |
|||
app: kiosk-app |
|||
template: |
|||
metadata: |
|||
labels: |
|||
app: kiosk-app |
|||
spec: |
|||
containers: |
|||
- name: kiosk-app |
|||
image: quay.io/nmasse_itix/kiosk-app:latest |
|||
ports: |
|||
- containerPort: 5000 |
|||
--- |
|||
apiVersion: v1 |
|||
kind: Service |
|||
metadata: |
|||
name: kiosk-app |
|||
namespace: kiosk-app |
|||
spec: |
|||
type: ClusterIP |
|||
ports: |
|||
- port: 5000 |
|||
targetPort: 5000 |
|||
selector: |
|||
app: kiosk-app |
|||
@ -0,0 +1,8 @@ |
|||
[Desktop Entry] |
|||
Name=Sample Application (Kiosk mode) |
|||
Comment=This session logs you into a kiosk session showing a Sample Application |
|||
Exec=gnome-session --session redhat-kiosk-sampleapp |
|||
TryExec=gnome-session |
|||
Type=Application |
|||
DesktopNames=GNOME-Kiosk;GNOME; |
|||
X-GDM-SessionRegisters=true |
|||
@ -0,0 +1,3 @@ |
|||
[GNOME Session] |
|||
Name=Kiosk |
|||
RequiredComponents=org.gnome.Kiosk;com.redhat.Kiosk.SampleApp; |
|||
@ -0,0 +1,3 @@ |
|||
[Unit] |
|||
Requires=org.gnome.Kiosk.target |
|||
Requires=com.redhat.Kiosk.SampleApp.service |
|||
@ -0,0 +1,13 @@ |
|||
# This file contains defaults for new users. To edit, first |
|||
# copy it to /etc/accountsservice/user-templates and make changes |
|||
# there |
|||
[Template] |
|||
EnvironmentFiles=/etc/os-release; |
|||
|
|||
[com.redhat.AccountsServiceUser.System] |
|||
id='${ID}' |
|||
version-id='${VERSION_ID}' |
|||
|
|||
[User] |
|||
Session=redhat-kiosk-sampleapp |
|||
Icon=${HOME}/.face |
|||
@ -0,0 +1,92 @@ |
|||
Name: kiosk-config |
|||
Version: 0.0.1 |
|||
Release: rh1 |
|||
Summary: Custom config to run a RHEL workstation as kiosk |
|||
License: BSD |
|||
Source0: user-template |
|||
Source1: kiosk-environment |
|||
Source2: com.redhat.Kiosk.SampleApp.desktop |
|||
Source3: redhat-kiosk-sampleapp.session |
|||
Source4: redhat-kiosk-sampleapp.desktop |
|||
Source5: com.redhat.Kiosk.SampleApp.service |
|||
Source6: session.conf |
|||
Source7: kiosk-app |
|||
Requires(pre): shadow-utils |
|||
Requires: gnome-kiosk |
|||
Requires: gdm |
|||
Requires: google-chrome-stable |
|||
Requires: accountsservice |
|||
Requires(post): crudini |
|||
Requires(preun): crudini |
|||
BuildRequires: systemd-rpm-macros |
|||
ExclusiveArch: x86_64 |
|||
|
|||
%description |
|||
Custom config to run a RHEL workstation as kiosk |
|||
|
|||
# Since we don't recompile from source, disable the build_id checking |
|||
%global _missing_build_ids_terminate_build 0 |
|||
%global _build_id_links none |
|||
%global debug_package %{nil} |
|||
|
|||
# We are evil, we have no changelog ! |
|||
%global source_date_epoch_from_changelog 0 |
|||
|
|||
%prep |
|||
cp %{S:0} user-template |
|||
cp %{S:1} kiosk-environment |
|||
cp %{S:2} com.redhat.Kiosk.SampleApp.desktop |
|||
cp %{S:3} redhat-kiosk-sampleapp.session |
|||
cp %{S:4} redhat-kiosk-sampleapp.desktop |
|||
cp %{S:5} com.redhat.Kiosk.SampleApp.service |
|||
cp %{S:6} session.conf |
|||
cp %{S:7} kiosk-app |
|||
|
|||
%build |
|||
|
|||
%install |
|||
install -m 0644 -D kiosk-environment %{buildroot}/etc/profile.d/kiosk.sh |
|||
install -m 0644 -D com.redhat.Kiosk.SampleApp.desktop %{buildroot}/usr/share/applications/com.redhat.Kiosk.SampleApp.desktop |
|||
install -m 0644 -D redhat-kiosk-sampleapp.session %{buildroot}/usr/share/gnome-session/sessions/redhat-kiosk-sampleapp.session |
|||
install -m 0644 -D redhat-kiosk-sampleapp.desktop %{buildroot}/usr/share/wayland-sessions/redhat-kiosk-sampleapp.desktop |
|||
install -m 0644 -D redhat-kiosk-sampleapp.desktop %{buildroot}/usr/share/xsessions/redhat-kiosk-sampleapp.desktop |
|||
install -m 0644 -D com.redhat.Kiosk.SampleApp.service %{buildroot}%{_userunitdir}/com.redhat.Kiosk.SampleApp.service |
|||
install -m 0755 -d %{buildroot}%{_userunitdir}/gnome-session@redhat-kiosk-sampleapp.target.d |
|||
install -m 0644 -D session.conf %{buildroot}%{_userunitdir}/gnome-session@redhat-kiosk-sampleapp.target.d/session.conf |
|||
install -m 0755 -d %{buildroot}/etc/accountsservice/user-templates/ |
|||
install -m 0644 -D user-template %{buildroot}/etc/accountsservice/user-templates/standard |
|||
install -m 0644 -D user-template %{buildroot}/etc/accountsservice/user-templates/administrator |
|||
install -m 0755 -D kiosk-app %{buildroot}/usr/bin/kiosk-app |
|||
|
|||
%files |
|||
%config(noreplace) %attr(0644, root, root) /etc/profile.d/kiosk.sh |
|||
%attr(0644, root, root) /usr/share/applications/com.redhat.Kiosk.SampleApp.desktop |
|||
%attr(0644, root, root) /usr/share/gnome-session/sessions/redhat-kiosk-sampleapp.session |
|||
%attr(0644, root, root) /usr/share/wayland-sessions/redhat-kiosk-sampleapp.desktop |
|||
%attr(0644, root, root) /usr/share/xsessions/redhat-kiosk-sampleapp.desktop |
|||
%attr(0644, root, root) %{_userunitdir}/com.redhat.Kiosk.SampleApp.service |
|||
%attr(0644, root, root) %{_userunitdir}/gnome-session@redhat-kiosk-sampleapp.target.d/session.conf |
|||
%config(noreplace) %attr(0644, root, root) /etc/accountsservice/user-templates/standard |
|||
%config(noreplace) %attr(0644, root, root) /etc/accountsservice/user-templates/administrator |
|||
%attr(0755, root, root) /usr/bin/kiosk-app |
|||
|
|||
%pre |
|||
getent group kiosk >/dev/null 2>&1 || groupadd kiosk |
|||
getent passwd kiosk >/dev/null 2>&1 || useradd -r -N -g kiosk -d /home/kiosk -m kiosk |
|||
|
|||
%post |
|||
%systemd_user_post com.redhat.Kiosk.SampleApp.service |
|||
crudini --set /etc/gdm/custom.conf daemon AutomaticLoginEnable True |
|||
crudini --set /etc/gdm/custom.conf daemon AutomaticLogin kiosk |
|||
systemctl set-default graphical.target |
|||
|
|||
%preun |
|||
%systemd_user_preun com.redhat.Kiosk.SampleApp.service |
|||
if [ "$1" == "0" ]; then # Uninstall |
|||
crudini --set /etc/gdm/custom.conf daemon AutomaticLoginEnable False |
|||
fi |
|||
|
|||
%postun |
|||
%systemd_user_postun com.redhat.Kiosk.SampleApp.service |
|||
|
|||
%changelog |
|||
@ -0,0 +1,36 @@ |
|||
Name: microshift-manifests |
|||
Version: 0.0.1 |
|||
Release: rh1 |
|||
Summary: Custom manifests for Microshift |
|||
License: BSD |
|||
Source0: microshift-kustomization.yaml |
|||
Source1: microshift-main-manifest.yaml |
|||
Requires: microshift |
|||
|
|||
%description |
|||
Custom manifests for Microshift |
|||
|
|||
# Since we don't recompile from source, disable the build_id checking |
|||
%global _missing_build_ids_terminate_build 0 |
|||
%global _build_id_links none |
|||
%global debug_package %{nil} |
|||
|
|||
# We are evil, we have no changelog ! |
|||
%global source_date_epoch_from_changelog 0 |
|||
|
|||
%prep |
|||
cp %{S:0} kustomization.yaml |
|||
cp %{S:1} main-manifest.yaml |
|||
|
|||
%build |
|||
|
|||
%install |
|||
install -m 0755 -d %{buildroot}/usr/lib/microshift/manifests.d/custom/ |
|||
install -m 0644 -D kustomization.yaml %{buildroot}/usr/lib/microshift/manifests.d/custom/kustomization.yaml |
|||
install -m 0644 -D main-manifest.yaml %{buildroot}/usr/lib/microshift/manifests.d/custom/main-manifest.yaml |
|||
|
|||
%files |
|||
%attr(0644, root, root) /usr/lib/microshift/manifests.d/custom/kustomization.yaml |
|||
%attr(0644, root, root) /usr/lib/microshift/manifests.d/custom/main-manifest.yaml |
|||
|
|||
%changelog |
|||
Loading…
Reference in new issue