diff --git a/documentation/INSTALL_RHEL9.md b/documentation/INSTALL_RHEL9.md index 8fdbc20..b83eaee 100644 --- a/documentation/INSTALL_RHEL9.md +++ b/documentation/INSTALL_RHEL9.md @@ -21,7 +21,7 @@ sudo dnf install -y osbuild-composer composer-cli cockpit-composer sudo systemctl enable --now osbuild-composer.socket sudo systemctl enable --now cockpit.socket sudo systemctl restart osbuild-composer -sudo usermod -a -G weldr nmasse +sudo usermod -a -G weldr "$(id -un)" ``` Check that **os-composer** is working. @@ -89,8 +89,15 @@ ls -l $HOME/rpmbuild/RPMS/x86_64/ ## Repository Creation +Customize the desired location of the RPM repository: + +```sh +REPO_LOCATION="/opt/custom-rpms/" +``` + +Create the custom RPM repository: + ```sh -export REPO_LOCATION="/opt/custom-rpms/" sudo dnf install -y createrepo sudo mkdir -p "$REPO_LOCATION" sudo cp $HOME/rpmbuild/RPMS/x86_64/* "$REPO_LOCATION" @@ -105,19 +112,26 @@ EOF sudo dnf info google-chrome-stable ``` -## os-builer configuration +## Blueprint preparation + +Customize the **kiosk** and **admin** user password if desired. + +```sh +KIOSK_PASSWORD="$(openssl rand -base64 9)" +echo "Kiosk password is '$KIOSK_PASSWORD'" +ADMIN_PASSWORD="$(openssl rand -base64 9)" +echo "Admin password is '$ADMIN_PASSWORD'" +``` + +Prepare the os-builder blueprint. ```sh sudo subscription-manager repos --enable rhocp-4.14-for-rhel-9-$(uname -m)-rpms --enable fast-datapath-for-rhel-9-$(uname -m)-rpms sudo dnf info microshift sudo dnf install -y mkpasswd podman cd "$GIT_REPO_CLONE/imagebuilder" -KIOSK_PASSWORD="$(openssl rand -base64 9)" KIOSK_PASSWORD_HASH="$(mkpasswd -m bcrypt "$KIOSK_PASSWORD")" -echo "Kiosk password is '$KIOSK_PASSWORD'" -ADMIN_PASSWORD="$(openssl rand -base64 9)" ADMIN_PASSWORD_HASH="$(mkpasswd -m bcrypt "$ADMIN_PASSWORD")" -echo "Admin password is '$ADMIN_PASSWORD'" sed -i.orig1 "s|__KIOSK_PASSWORD__|$KIOSK_PASSWORD_HASH|" kiosk.toml sed -i.orig2 "s|__ADMIN_PASSWORD__|$ADMIN_PASSWORD_HASH|" kiosk.toml ADMIN_SSH_PUBLIC_KEY="$(ssh-add -L | head -n 1)" @@ -190,5 +204,35 @@ EOF BUILDID=$(composer-cli compose start-ostree --url http://localhost:8085/repo/ --ref "rhel/9/$(uname -m)/edge" microshift-installer edge-installer | awk '{print $2}') composer-cli compose status composer-cli compose image "${BUILDID}" +``` + +## Prepare the Kickstart script + +Customize the **root** user password if desired. +```sh +ROOT_PASSWORD="$(openssl rand -base64 9)" +echo "Root password is '$ROOT_PASSWORD'" +``` + +[Generate a registry token](https://access.redhat.com/terms-based-registry/) and set the `MICROSHIFT_PULL_SECRET` variable. + +```sh +MICROSHIFT_PULL_SECRET="1.2.3" # Generated by https://access.redhat.com/terms-based-registry/ +``` + +Prepare the Kickstart script. + +```sh +cd "$GIT_REPO_CLONE/imagebuilder" +__ROOT_PASSWORD_HASH__="$(mkpasswd -m bcrypt "$ROOT_PASSWORD")" +sed -i.orig1 "s|__MICROSHIFT_PULL_SECRET__|$MICROSHIFT_PULL_SECRET|" kiosk.ks +sed -i.orig2 "s|__ROOT_PASSWORD_HASH__|$__ROOT_PASSWORD_HASH__|" kiosk.ks +``` + +## Inject the Kickstart in the ISO + +```sh +sudo dnf install -y lorax +mkksiso kiosk.ks "${BUILDID}-installer.iso" kiosk.iso ``` diff --git a/documentation/LOCAL_DEV.md b/documentation/LOCAL_DEV.md index 2d5cf29..855e68c 100644 --- a/documentation/LOCAL_DEV.md +++ b/documentation/LOCAL_DEV.md @@ -1,6 +1,6 @@ # Local development -## Create a RHEL 9 Virtual Machine +## Create a RHEL 9 Virtual Machine to play with os-builder and microshift Pre-requisites : - Fedora 39 [with Libvirt installed](https://docs.fedoraproject.org/en-US/quick-docs/virtualization-getting-started/) @@ -51,8 +51,8 @@ sudo cloud-localds /var/lib/libvirt/images/rhel9/cloud-init.iso user-data.yaml sudo virt-install --name rhel9 --autostart --noautoconsole --cpu host-passthrough \ --vcpus 4 --ram 8192 --os-variant rhel9.3 \ - --disk path=/var/lib/libvirt/images/rhel9/rhel9.qcow2,backing_store=/var/lib/libvirt/images/base-images/rhel-9.3-x86_64-kvm.qcow2,size=20 \ - --disk path=/var/lib/libvirt/images/rhel9/rhel9.qcow2,size=20 \ + --disk path=/var/lib/libvirt/images/rhel9/rhel9.qcow2,backing_store=/var/lib/libvirt/images/base-images/rhel-9.3-x86_64-kvm.qcow2,size=100 \ + --disk path=/var/lib/libvirt/images/rhel9/data.qcow2,size=20 \ --network network=default \ --console pty,target.type=virtio --serial pty --import \ --disk path=/var/lib/libvirt/images/rhel9/cloud-init.iso,readonly=on \ @@ -63,7 +63,10 @@ sudo virsh console rhel9 Create a PV and a VG for Microshift. -``` +```sh sudo pvcreate /dev/vdb sudo vgcreate data /dev/vdb ``` + +## Create a VM to install RHEL for Edge + diff --git a/imagebuilder/kiosk.ks b/imagebuilder/kiosk.ks index 8e6a8ae..31ce460 100644 --- a/imagebuilder/kiosk.ks +++ b/imagebuilder/kiosk.ks @@ -8,21 +8,22 @@ zerombr clearpart --all --initlabel autopart --type=plain --fstype=xfs --nohome network --bootproto=dhcp -rootpw --iscrypted $6$vnnc7bdpgCJMBDB.$TRBsboYscXsKPv57IHnKuy1BzLhuejJgft17s07ZQRSsgFhPI9QLPX6Spt4AiND4TaolQAR8FzMV2Osf2dhj10 -#Use this line if creating an Edge Installer ISO that includes a local ostree commit -#ostreesetup --osname=rhel --url=file:///ostree/repo --ref=rhel/9/x86_64/edge --nogpg -#Use this to fetch from a remote URL -ostreesetup --osname=rhel --url=http://192.168.0.116:30239/repo --ref=rhel/9/x86_64/edge --nogpg - -%post -#Default to graphical boot target -systemctl set-default graphical.target +rootpw --iscrypted __ROOT_PASSWORD_HASH__ + +# Use this line if creating an Edge Installer ISO that includes a local ostree commit +ostreesetup --nogpg --osname=rhel --remote=edge --url=file:///run/install/repo/ostree/repo --ref=rhel/9/x86_64/edge + +# Use this to fetch from a remote URL +#ostreesetup --osname=rhel --url=http://192.168.0.116:30239/repo --ref=rhel/9/x86_64/edge --nogpg -#Enable autologin for the user kiosk +%post --log=/var/log/anaconda/post-install.log --erroronfail +# Default to graphical boot target +systemctl set-default graphical.target +# Enable autologin for the user kiosk sed -i '/^\[daemon\]/a AutomaticLoginEnable=True\nAutomaticLogin=kiosk\n' /etc/gdm/custom.conf -#Configure user kiosk to use the kiosk session +# Configure user kiosk to use the kiosk session mkdir -p /var/lib/AccountsService/users cat > /var/lib/AccountsService/users/kiosk << 'EOF' [User] @@ -30,12 +31,12 @@ Session=gnome-kiosk-script SystemAccount=false EOF -#Add url environment variable +# Add url environment variable cat >> /home/kiosk/.bashrc << 'EOF' export KIOSK_URL=http://`ip -br a | grep -oP 'br-ex\s+UNKNOWN\s+\K[0-9.]+'`:30000 EOF -#Configure the kiosk script to run firefox in kiosk mode and display our example URL +# Configure the kiosk script to run firefox in kiosk mode and display our example URL mkdir -p /home/kiosk/.local/bin/ cat > /home/kiosk/.local/bin/gnome-kiosk-script << 'EOF' #!/bin/sh @@ -45,16 +46,18 @@ while true; do done EOF -#Ensure the files are owned by our unprivileged user and the script is executable +# Ensure the files are owned by our unprivileged user and the script is executable chown -R 1001:1001 /home/kiosk chmod 555 /home/kiosk/.local/bin/gnome-kiosk-script -/etc/crio/openshift-pull-secret - +# Add the pull secret to CRI-O and set root user-only read/write permissions cat > /etc/crio/openshift-pull-secret << 'EOF' - +__MICROSHIFT_PULL_SECRET__ EOF +chmod 600 /etc/crio/openshift-pull-secret - +# Configure the firewall with the mandatory rules for MicroShift +firewall-offline-cmd --zone=trusted --add-source=10.42.0.0/16 +firewall-offline-cmd --zone=trusted --add-source=169.254.169.1 %end