Merge pull request #5 from nmasse-itix/main

Implement remote ostree in kickstart
2 years ago · 2d7068476b
5 changed files with 146 additions and 25 deletions
--- a/documentation/INSTALL_RHEL9.md
+++ b/documentation/INSTALL_RHEL9.md
@ -78,6 +78,8 @@ podman push "$REGISTRY/$IMAGE_NAME:$IMAGE_TAG"

 ## Nginx configuration

+Install and configure nginx.
+
 ```sh
 sudo dnf install -y nginx
 sudo systemctl enable --now nginx.service
@ -89,13 +91,76 @@ sudo sed -i.${EPOCHREALTIME:-bak} 's|/usr/share/nginx/html|/var/www|g' /etc/ngin
 sudo systemctl restart nginx.service
 ```

+Find the IP address of the current server.
+
+```sh
+MYIP="$(ip -4 -br addr show scope global | awk 'NR == 1 { split($3, parts, "/"); print parts[1]; }')"
+```
+
+## Create the initial ostree repo
+
+Define two helper functions.
+
+```sh
+function compose_status () {
+  composer-cli compose info "$1" | awk 'NR == 1 { print $2 }'
+}
+function wait_for_compose () {
+  status="$(compose_status "$1")"
+
+  while [ "$status" == "RUNNING" ]; do
+    echo "Waiting for build $1 to finish..."
+    sleep 5
+    status="$(compose_status "$1")"
+  done
+
+  echo "Build status of $1 is: $status."
+  if [ "$status" == "FINISHED" ]; then
+    return 0
+  fi
+
+  return 1
+}
+```
+
+Bootstrap the initial ostree repository with ref = `rhel/9/x86_64/edge`.
+
+```sh
+composer-cli blueprints push /dev/fd/0 <<EOF
+name = "minimal-rhel9"
+description = "minimal blueprint for ostree commit"
+version = "1.1.0"
+modules = []
+groups = []
+distro = "rhel-93"
+EOF
+BUILDID=$(composer-cli compose start-ostree minimal-rhel9 edge-commit | awk '{print $2}')
+echo "Build $BUILDID is running..."
+wait_for_compose "$BUILDID"
+composer-cli compose image "$BUILDID"
+sudo rm -rf /var/www/repo
+sudo tar -xf "$BUILDID-commit.tar" -C /var/www
+ostree --repo=/var/www/repo refs
+```
+
+Create an empty commit with ref = `empty`.
+
+> [!TIP]
+> This is an optimization in order to trim 800 MB from the installer ISO image.
+
+```sh
+sudo mkdir -p /tmp/empty-tree
+sudo ostree --repo=/var/www/repo commit -b "empty" --tree=dir=/tmp/empty-tree
+ostree --repo=/var/www/repo refs
+```
+
 ## Build the RPMS

 Pre-requisites

 ```sh
 sudo dnf install -y git rpm-build rpmdevtools
-rm $HOME/rpmbuild
+rm -f $HOME/rpmbuild
 ln -sf "$GIT_REPO_CLONE/rpms" $HOME/rpmbuild
 ```

@ -169,7 +234,7 @@ sudo dnf info kiosk-config google-chrome-stable microshift-manifests

 ## Blueprint preparation

-Customize the **kiosk** and **admin** user password if desired.
+Customize the **admin** user password if desired.
 Set the **admin** user SSH public key (if it's not you).

 ```sh
@ -233,27 +298,24 @@ composer-cli blueprints push kiosk.toml

 ## Ostree construction

-Create the ostree image.
+Create the ostree image and add it to the ostree repository with ref = `rhel/9/x86_64/edge-kiosk`.

 ```sh
 composer-cli blueprints depsolve kiosk
-BUILDID=$(composer-cli compose start-ostree --ref "rhel/9/$(uname -m)/edge" kiosk edge-container | awk '{print $2}')
+BUILDID=$(composer-cli compose start-ostree kiosk edge-commit --url http://$MYIP/repo --ref "rhel/9/$(uname -m)/edge-kiosk" --parent "rhel/9/$(uname -m)/edge" | awk '{print $2}')
 echo "Build $BUILDID is running..."
-composer-cli compose status
+wait_for_compose "$BUILDID"
+composer-cli compose image "${BUILDID}"
+mkdir -p "/tmp/${BUILDID}-commit"
+tar -xf "${BUILDID}-commit.tar" -C "/tmp/${BUILDID}-commit"
+sudo ostree --repo=/var/www/repo pull-local "/tmp/${BUILDID}-commit/repo"
+ostree --repo=/var/www/repo refs
+ostree --repo=/var/www/repo log rhel/9/x86_64/edge-kiosk
 ```

-Download the ostree server and run it.
+## Generate the Installer ISO image

-```sh
-CONTAINER_IMAGE_FILE="$(composer-cli compose image "${BUILDID}")"
-IMAGEID="$(podman load < "${BUILDID}-container.tar" | grep -o -P '(?<=sha256[@:])[a-z0-9]*')"
-echo "Using image with id = $IMAGEID"
-podman stop -i minimal-microshift-server
-podman rm -i minimal-microshift-server
-podman run -d --rm --name=minimal-microshift-server -p 8085:8080 ${IMAGEID}
-```
-
-## Build the ISO
+Generate the ISO image of the installer.

 ```sh
 composer-cli blueprints push /dev/fd/0 <<EOF
@ -265,11 +327,15 @@ modules = []
 groups = []
 packages = []
 EOF
-BUILDID=$(composer-cli compose start-ostree --url http://localhost:8085/repo/ --ref "rhel/9/$(uname -m)/edge" microshift-installer edge-installer | awk '{print $2}')
-composer-cli compose status
+BUILDID=$(composer-cli compose start-ostree --url http://localhost/repo/ --ref empty microshift-installer edge-installer | awk '{print $2}')
+echo "Build $BUILDID is running..."
+wait_for_compose "$BUILDID"
 composer-cli compose image "${BUILDID}"
 ```

+> [!CAUTION]
+> While it is possible to use the stock RHEL 9.3 Boot ISO image here, there are subtle differences between the stock ISO image and the one generated here.
+
 ## Prepare the Kickstart script

 [Generate a pull secret](https://console.redhat.com/openshift/install/pull-secret) and set the `MICROSHIFT_PULL_SECRET` variable.
@ -283,6 +349,7 @@ Prepare the Kickstart script.
 ```sh
 cd "$GIT_REPO_CLONE/imagebuilder"
 sed -i.${EPOCHREALTIME:-bak} "s|__MICROSHIFT_PULL_SECRET__|$MICROSHIFT_PULL_SECRET|" kiosk.ks
+sed -i.${EPOCHREALTIME:-bak} "s|__MYIP__|$MYIP|" kiosk.ks
 ```

 ## Inject the Kickstart in the ISO
--- a/documentation/LOCAL_DEV.md
+++ b/documentation/LOCAL_DEV.md
@ -112,3 +112,55 @@ sudo --preserve-env=SSH_AUTH_SOCK ./kiosk.sh
 export KUBECONFIG=/var/lib/microshift/resources/kubeadmin/kubeconfig
 oc get nodes
 ```
+
+## Embed the ostree in the ISO
+
+Create the ostree image.
+
+```sh
+composer-cli blueprints depsolve kiosk
+BUILDID=$(composer-cli compose start-ostree --ref "rhel/9/$(uname -m)/edge" kiosk edge-container | awk '{print $2}')
+echo "Build $BUILDID is running..."
+wait_for_compose "$BUILDID"
+```
+
+Download the ostree server and run it.
+
+```sh
+CONTAINER_IMAGE_FILE="$(composer-cli compose image "${BUILDID}")"
+IMAGEID="$(podman load < "${BUILDID}-container.tar" | grep -o -P '(?<=sha256[@:])[a-z0-9]*')"
+echo "Using image with id = $IMAGEID"
+podman stop -i minimal-microshift-server
+podman rm -i minimal-microshift-server
+podman run -d --rm --name=minimal-microshift-server -p 8085:8080 ${IMAGEID}
+```
+
+When building the ISO :
+
+```sh
+composer-cli blueprints push /dev/fd/0 <<EOF
+name = "microshift-installer"
+
+description = ""
+version = "0.0.0"
+modules = []
+groups = []
+packages = []
+EOF
+BUILDID=$(composer-cli compose start-ostree --url http://localhost:8085/repo/ --ref "rhel/9/$(uname -m)/edge" microshift-installer edge-installer | awk '{print $2}')
+wait_for_compose "$BUILDID"
+composer-cli compose image "${BUILDID}"
+```
+
+In the Kickstart script :
+
+```
+ostreesetup --nogpg --osname=rhel --remote=edge --url=file:///run/install/repo/ostree/repo --ref=rhel/9/x86_64/edge
+```
+
+## Reclaim disk space
+
+```sh
+composer-cli compose list | awk 'NR > 1 { print $1 }' | xargs -n1 composer-cli compose delete
+rm -f $GIT_REPO_CLONE/imagebuilder/*.{iso,tar}
+```
--- a/imagebuilder/kiosk.ks
+++ b/imagebuilder/kiosk.ks
@ -70,10 +70,10 @@ network  --hostname=kiosk.localdomain
 ##

 # Use this line if creating an Edge Installer ISO that includes a local ostree commit
-ostreesetup --nogpg --osname=rhel --remote=edge --url=file:///run/install/repo/ostree/repo --ref=rhel/9/x86_64/edge
+#ostreesetup --nogpg --osname=rhel --remote=edge --url=file:///run/install/repo/ostree/repo --ref=rhel/9/x86_64/edge

 # Use this to fetch from a remote URL
-#ostreesetup --osname=rhel --url=http://192.168.0.116:30239/repo --ref=rhel/9/x86_64/edge --nogpg
+ostreesetup --nogpg --osname=rhel --remote=edge --url=http://__MYIP__/repo --ref=rhel/9/x86_64/edge-kiosk

 ##
 ## Post install scripts
@ -89,4 +89,7 @@ chmod 600 /etc/crio/openshift-pull-secret
 firewall-offline-cmd --zone=trusted --add-source=10.42.0.0/16
 firewall-offline-cmd --zone=trusted --add-source=169.254.169.1

+# Do not ask password for sudo
+sed -i.post-install -e "s/^%wheel\tALL=(ALL)\tALL/%wheel  ALL=(ALL)       NOPASSWD: ALL/" /etc/sudoers
+
 %end
--- a/imagebuilder/kiosk.toml
+++ b/imagebuilder/kiosk.toml
@ -8,7 +8,6 @@ groups = []
 name = "kiosk-config"
 version = "*"

-
 [[packages]]
 name = "cockpit"

@ -19,7 +18,6 @@ version = "*"
 [[packages]]
 name = "cockpit-system"

-
 [customizations]
 hostname = "kiosk.local"

--- a/rpms/SPECS/kiosk-config.spec
+++ b/rpms/SPECS/kiosk-config.spec
@ -19,6 +19,7 @@ Requires: accountsservice
 Requires(post): crudini
 Requires(preun): crudini
 BuildRequires: systemd-rpm-macros
+%systemd_requires
 ExclusiveArch: x86_64

 %description
@ -71,14 +72,14 @@ install -m 0755 -D kiosk-app %{buildroot}/usr/bin/kiosk-app
 %attr(0755, root, root) /usr/bin/kiosk-app

 %pre
-getent group kiosk >/dev/null 2>&1 || groupadd kiosk
+getent group kiosk >/dev/null 2>&1 || groupadd -r kiosk
 getent passwd kiosk >/dev/null 2>&1 || useradd -r -N -g kiosk -d /home/kiosk -m kiosk

 %post
 %systemd_user_post com.redhat.Kiosk.SampleApp.service
 crudini --set /etc/gdm/custom.conf daemon AutomaticLoginEnable True
 crudini --set /etc/gdm/custom.conf daemon AutomaticLogin kiosk
-systemctl set-default graphical.target
+/usr/bin/systemctl set-default graphical.target

 %preun
 %systemd_user_preun com.redhat.Kiosk.SampleApp.service