diff --git a/documentation/INSTALL_RHEL9.md b/documentation/INSTALL_RHEL9.md index 13020a4..056f1c7 100644 --- a/documentation/INSTALL_RHEL9.md +++ b/documentation/INSTALL_RHEL9.md @@ -78,6 +78,8 @@ podman push "$REGISTRY/$IMAGE_NAME:$IMAGE_TAG" ## Nginx configuration +Install and configure nginx. + ```sh sudo dnf install -y nginx sudo systemctl enable --now nginx.service @@ -89,13 +91,76 @@ sudo sed -i.${EPOCHREALTIME:-bak} 's|/usr/share/nginx/html|/var/www|g' /etc/ngin sudo systemctl restart nginx.service ``` +Find the IP address of the current server. + +```sh +MYIP="$(ip -4 -br addr show scope global | awk 'NR == 1 { split($3, parts, "/"); print parts[1]; }')" +``` + +## Create the initial ostree repo + +Define two helper functions. + +```sh +function compose_status () { + composer-cli compose info "$1" | awk 'NR == 1 { print $2 }' +} +function wait_for_compose () { + status="$(compose_status "$1")" + + while [ "$status" == "RUNNING" ]; do + echo "Waiting for build $1 to finish..." + sleep 5 + status="$(compose_status "$1")" + done + + echo "Build status of $1 is: $status." + if [ "$status" == "FINISHED" ]; then + return 0 + fi + + return 1 +} +``` + +Bootstrap the initial ostree repository with ref = `rhel/9/x86_64/edge`. + +```sh +composer-cli blueprints push /dev/fd/0 < [!TIP] +> This is an optimization in order to trim 800 MB from the installer ISO image. + +```sh +sudo mkdir -p /tmp/empty-tree +sudo ostree --repo=/var/www/repo commit -b "empty" --tree=dir=/tmp/empty-tree +ostree --repo=/var/www/repo refs +``` + ## Build the RPMS Pre-requisites ```sh sudo dnf install -y git rpm-build rpmdevtools -rm $HOME/rpmbuild +rm -f $HOME/rpmbuild ln -sf "$GIT_REPO_CLONE/rpms" $HOME/rpmbuild ``` @@ -169,7 +234,7 @@ sudo dnf info kiosk-config google-chrome-stable microshift-manifests ## Blueprint preparation -Customize the **kiosk** and **admin** user password if desired. +Customize the **admin** user password if desired. Set the **admin** user SSH public key (if it's not you). ```sh @@ -233,27 +298,24 @@ composer-cli blueprints push kiosk.toml ## Ostree construction -Create the ostree image. +Create the ostree image and add it to the ostree repository with ref = `rhel/9/x86_64/edge-kiosk`. ```sh composer-cli blueprints depsolve kiosk -BUILDID=$(composer-cli compose start-ostree --ref "rhel/9/$(uname -m)/edge" kiosk edge-container | awk '{print $2}') +BUILDID=$(composer-cli compose start-ostree kiosk edge-commit --url http://$MYIP/repo --ref "rhel/9/$(uname -m)/edge-kiosk" --parent "rhel/9/$(uname -m)/edge" | awk '{print $2}') echo "Build $BUILDID is running..." -composer-cli compose status +wait_for_compose "$BUILDID" +composer-cli compose image "${BUILDID}" +mkdir -p "/tmp/${BUILDID}-commit" +tar -xf "${BUILDID}-commit.tar" -C "/tmp/${BUILDID}-commit" +sudo ostree --repo=/var/www/repo pull-local "/tmp/${BUILDID}-commit/repo" +ostree --repo=/var/www/repo refs +ostree --repo=/var/www/repo log rhel/9/x86_64/edge-kiosk ``` -Download the ostree server and run it. +## Generate the Installer ISO image -```sh -CONTAINER_IMAGE_FILE="$(composer-cli compose image "${BUILDID}")" -IMAGEID="$(podman load < "${BUILDID}-container.tar" | grep -o -P '(?<=sha256[@:])[a-z0-9]*')" -echo "Using image with id = $IMAGEID" -podman stop -i minimal-microshift-server -podman rm -i minimal-microshift-server -podman run -d --rm --name=minimal-microshift-server -p 8085:8080 ${IMAGEID} -``` - -## Build the ISO +Generate the ISO image of the installer. ```sh composer-cli blueprints push /dev/fd/0 < [!CAUTION] +> While it is possible to use the stock RHEL 9.3 Boot ISO image here, there are subtle differences between the stock ISO image and the one generated here. + ## Prepare the Kickstart script [Generate a pull secret](https://console.redhat.com/openshift/install/pull-secret) and set the `MICROSHIFT_PULL_SECRET` variable. @@ -283,6 +349,7 @@ Prepare the Kickstart script. ```sh cd "$GIT_REPO_CLONE/imagebuilder" sed -i.${EPOCHREALTIME:-bak} "s|__MICROSHIFT_PULL_SECRET__|$MICROSHIFT_PULL_SECRET|" kiosk.ks +sed -i.${EPOCHREALTIME:-bak} "s|__MYIP__|$MYIP|" kiosk.ks ``` ## Inject the Kickstart in the ISO diff --git a/documentation/LOCAL_DEV.md b/documentation/LOCAL_DEV.md index 9079dab..9b7ee8e 100644 --- a/documentation/LOCAL_DEV.md +++ b/documentation/LOCAL_DEV.md @@ -111,4 +111,56 @@ sudo --preserve-env=SSH_AUTH_SOCK ./kiosk.sh ```sh export KUBECONFIG=/var/lib/microshift/resources/kubeadmin/kubeconfig oc get nodes -``` \ No newline at end of file +``` + +## Embed the ostree in the ISO + +Create the ostree image. + +```sh +composer-cli blueprints depsolve kiosk +BUILDID=$(composer-cli compose start-ostree --ref "rhel/9/$(uname -m)/edge" kiosk edge-container | awk '{print $2}') +echo "Build $BUILDID is running..." +wait_for_compose "$BUILDID" +``` + +Download the ostree server and run it. + +```sh +CONTAINER_IMAGE_FILE="$(composer-cli compose image "${BUILDID}")" +IMAGEID="$(podman load < "${BUILDID}-container.tar" | grep -o -P '(?<=sha256[@:])[a-z0-9]*')" +echo "Using image with id = $IMAGEID" +podman stop -i minimal-microshift-server +podman rm -i minimal-microshift-server +podman run -d --rm --name=minimal-microshift-server -p 8085:8080 ${IMAGEID} +``` + +When building the ISO : + +```sh +composer-cli blueprints push /dev/fd/0 < 1 { print $1 }' | xargs -n1 composer-cli compose delete +rm -f $GIT_REPO_CLONE/imagebuilder/*.{iso,tar} +``` diff --git a/imagebuilder/kiosk.ks b/imagebuilder/kiosk.ks index cf58e1e..70e8945 100644 --- a/imagebuilder/kiosk.ks +++ b/imagebuilder/kiosk.ks @@ -70,10 +70,10 @@ network --hostname=kiosk.localdomain ## # Use this line if creating an Edge Installer ISO that includes a local ostree commit -ostreesetup --nogpg --osname=rhel --remote=edge --url=file:///run/install/repo/ostree/repo --ref=rhel/9/x86_64/edge +#ostreesetup --nogpg --osname=rhel --remote=edge --url=file:///run/install/repo/ostree/repo --ref=rhel/9/x86_64/edge # Use this to fetch from a remote URL -#ostreesetup --osname=rhel --url=http://192.168.0.116:30239/repo --ref=rhel/9/x86_64/edge --nogpg +ostreesetup --nogpg --osname=rhel --remote=edge --url=http://__MYIP__/repo --ref=rhel/9/x86_64/edge-kiosk ## ## Post install scripts @@ -89,4 +89,7 @@ chmod 600 /etc/crio/openshift-pull-secret firewall-offline-cmd --zone=trusted --add-source=10.42.0.0/16 firewall-offline-cmd --zone=trusted --add-source=169.254.169.1 +# Do not ask password for sudo +sed -i.post-install -e "s/^%wheel\tALL=(ALL)\tALL/%wheel ALL=(ALL) NOPASSWD: ALL/" /etc/sudoers + %end diff --git a/imagebuilder/kiosk.toml b/imagebuilder/kiosk.toml index 0fc095c..4239c93 100644 --- a/imagebuilder/kiosk.toml +++ b/imagebuilder/kiosk.toml @@ -8,7 +8,6 @@ groups = [] name = "kiosk-config" version = "*" - [[packages]] name = "cockpit" @@ -19,7 +18,6 @@ version = "*" [[packages]] name = "cockpit-system" - [customizations] hostname = "kiosk.local"