wip

2 years ago · 96738b8f1f
3 changed files with 79 additions and 29 deletions
--- a/documentation/INSTALL_RHEL9.md
+++ b/documentation/INSTALL_RHEL9.md
@ -21,7 +21,7 @@ sudo dnf install -y osbuild-composer composer-cli cockpit-composer
 sudo systemctl enable --now osbuild-composer.socket
 sudo systemctl enable --now cockpit.socket
 sudo systemctl restart osbuild-composer
-sudo usermod -a -G weldr nmasse
+sudo usermod -a -G weldr "$(id -un)"
 ```

 Check that **os-composer** is working.
@ -89,8 +89,15 @@ ls -l $HOME/rpmbuild/RPMS/x86_64/

 ## Repository Creation

+Customize the desired location of the RPM repository:
+
+```sh
+REPO_LOCATION="/opt/custom-rpms/"
+```
+
+Create the custom RPM repository:
+
 ```sh
-export REPO_LOCATION="/opt/custom-rpms/"
 sudo dnf install -y createrepo
 sudo mkdir -p "$REPO_LOCATION"
 sudo cp $HOME/rpmbuild/RPMS/x86_64/* "$REPO_LOCATION"
@ -105,19 +112,26 @@ EOF
 sudo dnf info google-chrome-stable
 ```

-## os-builer configuration
+## Blueprint preparation
+
+Customize the **kiosk** and **admin** user password if desired.
+
+```sh
+KIOSK_PASSWORD="$(openssl rand -base64 9)"
+echo "Kiosk password is '$KIOSK_PASSWORD'"
+ADMIN_PASSWORD="$(openssl rand -base64 9)"
+echo "Admin password is '$ADMIN_PASSWORD'"
+```
+
+Prepare the os-builder blueprint.

 ```sh
 sudo subscription-manager repos --enable rhocp-4.14-for-rhel-9-$(uname -m)-rpms --enable fast-datapath-for-rhel-9-$(uname -m)-rpms
 sudo dnf info microshift
 sudo dnf install -y mkpasswd podman
 cd "$GIT_REPO_CLONE/imagebuilder"
-KIOSK_PASSWORD="$(openssl rand -base64 9)"
 KIOSK_PASSWORD_HASH="$(mkpasswd -m bcrypt "$KIOSK_PASSWORD")"
-echo "Kiosk password is '$KIOSK_PASSWORD'"
-ADMIN_PASSWORD="$(openssl rand -base64 9)"
 ADMIN_PASSWORD_HASH="$(mkpasswd -m bcrypt "$ADMIN_PASSWORD")"
-echo "Admin password is '$ADMIN_PASSWORD'"
 sed -i.orig1 "s|__KIOSK_PASSWORD__|$KIOSK_PASSWORD_HASH|" kiosk.toml
 sed -i.orig2 "s|__ADMIN_PASSWORD__|$ADMIN_PASSWORD_HASH|" kiosk.toml
 ADMIN_SSH_PUBLIC_KEY="$(ssh-add -L | head -n 1)"
@ -190,5 +204,35 @@ EOF
 BUILDID=$(composer-cli compose start-ostree --url http://localhost:8085/repo/ --ref "rhel/9/$(uname -m)/edge" microshift-installer edge-installer | awk '{print $2}')
 composer-cli compose status
 composer-cli compose image "${BUILDID}"
+```
+
+## Prepare the Kickstart script
+
+Customize the **root** user password if desired.

+```sh
+ROOT_PASSWORD="$(openssl rand -base64 9)"
+echo "Root password is '$ROOT_PASSWORD'"
+```
+
+[Generate a registry token](https://access.redhat.com/terms-based-registry/) and set the `MICROSHIFT_PULL_SECRET` variable.
+
+```sh
+MICROSHIFT_PULL_SECRET="1.2.3" # Generated by https://access.redhat.com/terms-based-registry/
+```
+
+Prepare the Kickstart script.
+
+```sh
+cd "$GIT_REPO_CLONE/imagebuilder"
+__ROOT_PASSWORD_HASH__="$(mkpasswd -m bcrypt "$ROOT_PASSWORD")"
+sed -i.orig1 "s|__MICROSHIFT_PULL_SECRET__|$MICROSHIFT_PULL_SECRET|" kiosk.ks
+sed -i.orig2 "s|__ROOT_PASSWORD_HASH__|$__ROOT_PASSWORD_HASH__|" kiosk.ks
+```
+
+## Inject the Kickstart in the ISO
+
+```sh
+sudo dnf install -y lorax
+mkksiso kiosk.ks "${BUILDID}-installer.iso" kiosk.iso
 ```
--- a/documentation/LOCAL_DEV.md
+++ b/documentation/LOCAL_DEV.md
@ -1,6 +1,6 @@
 # Local development

-## Create a RHEL 9 Virtual Machine
+## Create a RHEL 9 Virtual Machine to play with os-builder and microshift

 Pre-requisites :
 - Fedora 39 [with Libvirt installed](https://docs.fedoraproject.org/en-US/quick-docs/virtualization-getting-started/)
@ -51,8 +51,8 @@ sudo cloud-localds /var/lib/libvirt/images/rhel9/cloud-init.iso user-data.yaml

 sudo virt-install --name rhel9 --autostart --noautoconsole --cpu host-passthrough \
             --vcpus 4 --ram 8192 --os-variant rhel9.3 \
-             --disk path=/var/lib/libvirt/images/rhel9/rhel9.qcow2,backing_store=/var/lib/libvirt/images/base-images/rhel-9.3-x86_64-kvm.qcow2,size=20 \
-             --disk path=/var/lib/libvirt/images/rhel9/rhel9.qcow2,size=20 \
+             --disk path=/var/lib/libvirt/images/rhel9/rhel9.qcow2,backing_store=/var/lib/libvirt/images/base-images/rhel-9.3-x86_64-kvm.qcow2,size=100 \
+             --disk path=/var/lib/libvirt/images/rhel9/data.qcow2,size=20 \
             --network network=default \
             --console pty,target.type=virtio --serial pty --import \
             --disk path=/var/lib/libvirt/images/rhel9/cloud-init.iso,readonly=on \
@ -63,7 +63,10 @@ sudo virsh console rhel9

 Create a PV and a VG for Microshift.

-```
+```sh
 sudo pvcreate /dev/vdb
 sudo vgcreate data /dev/vdb
 ```
+
+## Create a VM to install RHEL for Edge
+
--- a/imagebuilder/kiosk.ks
+++ b/imagebuilder/kiosk.ks
@ -8,21 +8,22 @@ zerombr
 clearpart --all --initlabel
 autopart --type=plain --fstype=xfs --nohome
 network --bootproto=dhcp
-rootpw --iscrypted $6$vnnc7bdpgCJMBDB.$TRBsboYscXsKPv57IHnKuy1BzLhuejJgft17s07ZQRSsgFhPI9QLPX6Spt4AiND4TaolQAR8FzMV2Osf2dhj10 
-#Use this line if creating an Edge Installer ISO that includes a local ostree commit
-#ostreesetup --osname=rhel --url=file:///ostree/repo --ref=rhel/9/x86_64/edge --nogpg
-#Use this to fetch from a remote URL
-ostreesetup --osname=rhel --url=http://192.168.0.116:30239/repo --ref=rhel/9/x86_64/edge --nogpg
-
-%post
-#Default to graphical boot target
-systemctl set-default graphical.target
+rootpw --iscrypted __ROOT_PASSWORD_HASH__
+
+# Use this line if creating an Edge Installer ISO that includes a local ostree commit
+ostreesetup --nogpg --osname=rhel --remote=edge --url=file:///run/install/repo/ostree/repo --ref=rhel/9/x86_64/edge
+
+# Use this to fetch from a remote URL
+#ostreesetup --osname=rhel --url=http://192.168.0.116:30239/repo --ref=rhel/9/x86_64/edge --nogpg

-#Enable autologin for the user kiosk
+%post --log=/var/log/anaconda/post-install.log --erroronfail
+# Default to graphical boot target
+systemctl set-default graphical.target

+# Enable autologin for the user kiosk
 sed -i '/^\[daemon\]/a AutomaticLoginEnable=True\nAutomaticLogin=kiosk\n' /etc/gdm/custom.conf

-#Configure user kiosk to use the kiosk session
+# Configure user kiosk to use the kiosk session
 mkdir -p /var/lib/AccountsService/users
 cat > /var/lib/AccountsService/users/kiosk << 'EOF'
 [User]
@ -30,12 +31,12 @@ Session=gnome-kiosk-script
 SystemAccount=false
 EOF

-#Add url environment variable
+# Add url environment variable
 cat >> /home/kiosk/.bashrc << 'EOF'
 export KIOSK_URL=http://`ip -br a | grep -oP 'br-ex\s+UNKNOWN\s+\K[0-9.]+'`:30000
 EOF

-#Configure the kiosk script to run firefox in kiosk mode and display our example URL
+# Configure the kiosk script to run firefox in kiosk mode and display our example URL
 mkdir -p /home/kiosk/.local/bin/
 cat > /home/kiosk/.local/bin/gnome-kiosk-script << 'EOF'
 #!/bin/sh
@ -45,16 +46,18 @@ while true; do
 done
 EOF

-#Ensure the files are owned by our unprivileged user and the script is executable 
+# Ensure the files are owned by our unprivileged user and the script is executable 
 chown -R 1001:1001 /home/kiosk
 chmod 555 /home/kiosk/.local/bin/gnome-kiosk-script

-/etc/crio/openshift-pull-secret
-
+# Add the pull secret to CRI-O and set root user-only read/write permissions
 cat > /etc/crio/openshift-pull-secret << 'EOF'
-<YOUR_PULL_SECRET>
+__MICROSHIFT_PULL_SECRET__
 EOF
+chmod 600 /etc/crio/openshift-pull-secret

-
+# Configure the firewall with the mandatory rules for MicroShift
+firewall-offline-cmd --zone=trusted --add-source=10.42.0.0/16
+firewall-offline-cmd --zone=trusted --add-source=169.254.169.1

 %end