From 448808889fc7f39acbd91dbc1a902628e9f25712 Mon Sep 17 00:00:00 2001 From: Ernest Pietryka <164904886+ePietry@users.noreply.github.com> Date: Mon, 25 Mar 2024 22:23:19 +0100 Subject: [PATCH 01/69] Update INSTALL_RHEL9.md --- documentation/INSTALL_RHEL9.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/documentation/INSTALL_RHEL9.md b/documentation/INSTALL_RHEL9.md index c6b0043..3a1a4e7 100644 --- a/documentation/INSTALL_RHEL9.md +++ b/documentation/INSTALL_RHEL9.md @@ -45,7 +45,7 @@ baseos ## Clone this repository ```sh -git clone https://github.com/nmasse-itix/red-hat-kiosk.git +git clone https://github.com/ePietry/red-hat-kiosk.git cd red-hat-kiosk export GIT_REPO_CLONE="$PWD" ``` From 3b7e9371cb6d037370ade181d8e01a6700fd4b63 Mon Sep 17 00:00:00 2001 From: Ernest Pietryka <164904886+ePietry@users.noreply.github.com> Date: Mon, 25 Mar 2024 22:24:00 +0100 Subject: [PATCH 02/69] Update INSTALL_RHEL9.md --- documentation/INSTALL_RHEL9.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/documentation/INSTALL_RHEL9.md b/documentation/INSTALL_RHEL9.md index 3a1a4e7..ebdd306 100644 --- a/documentation/INSTALL_RHEL9.md +++ b/documentation/INSTALL_RHEL9.md @@ -17,7 +17,7 @@ Microshift pre-requisites : ```sh sudo subscription-manager register --username $RHN_LOGIN --auto-attach sudo subscription-manager attach --pool=$RHN_POOL_ID -sudo dnf install -y osbuild-composer composer-cli cockpit-composer +sudo dnf install -y osbuild-composer composer-cli cockpit-composer git sudo systemctl enable --now osbuild-composer.socket sudo systemctl enable --now cockpit.socket sudo systemctl restart osbuild-composer From e3c33cbbb1c51a7b9dda16c42225b9b12a6bbe37 Mon Sep 17 00:00:00 2001 From: Ernest Pietryka <164904886+ePietry@users.noreply.github.com> Date: Tue, 26 Mar 2024 11:41:40 +0100 Subject: [PATCH 03/69] Update INSTALL_RHEL9.md --- documentation/INSTALL_RHEL9.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/documentation/INSTALL_RHEL9.md b/documentation/INSTALL_RHEL9.md index ebdd306..e77160c 100644 --- a/documentation/INSTALL_RHEL9.md +++ b/documentation/INSTALL_RHEL9.md @@ -17,8 +17,9 @@ Microshift pre-requisites : ```sh sudo subscription-manager register --username $RHN_LOGIN --auto-attach sudo subscription-manager attach --pool=$RHN_POOL_ID -sudo dnf install -y osbuild-composer composer-cli cockpit-composer git +sudo dnf install -y osbuild-composer composer-cli cockpit-composer git firewalld sudo systemctl enable --now osbuild-composer.socket +sudo systemctl enable --now firewalld sudo systemctl enable --now cockpit.socket sudo systemctl restart osbuild-composer sudo usermod -a -G weldr "$(id -un)" From e7fd8da1758a83f7d80982cbc10cdcabedb0862f Mon Sep 17 00:00:00 2001 From: Ernest Pietryka <164904886+ePietry@users.noreply.github.com> Date: Tue, 26 Mar 2024 13:09:31 +0100 Subject: [PATCH 04/69] Update INSTALL_RHEL9.md --- documentation/INSTALL_RHEL9.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/documentation/INSTALL_RHEL9.md b/documentation/INSTALL_RHEL9.md index e77160c..3eba1fa 100644 --- a/documentation/INSTALL_RHEL9.md +++ b/documentation/INSTALL_RHEL9.md @@ -17,7 +17,7 @@ Microshift pre-requisites : ```sh sudo subscription-manager register --username $RHN_LOGIN --auto-attach sudo subscription-manager attach --pool=$RHN_POOL_ID -sudo dnf install -y osbuild-composer composer-cli cockpit-composer git firewalld +sudo dnf install -y osbuild-composer composer-cli cockpit-composer git firewalld python3-toml sudo systemctl enable --now osbuild-composer.socket sudo systemctl enable --now firewalld sudo systemctl enable --now cockpit.socket From 27ff4243f2ca08629711d99f37dde7579f7600ef Mon Sep 17 00:00:00 2001 From: Ernest Pietryka Date: Tue, 26 Mar 2024 14:32:08 +0100 Subject: [PATCH 05/69] Add Ansible --- ansible/ansible.cfg | 2 ++ ansible/inventory.yaml | 7 ++++ ansible/playbooks-test.yaml | 6 ++++ ansible/playbooks/.vscode/settings.json | 3 ++ ansible/playbooks/blueprint.vars | 5 +++ ansible/playbooks/initial_ostree.yaml | 44 +++++++++++++++++++++++++ ansible/playbooks/setup.yaml | 31 +++++++++++++++++ 7 files changed, 98 insertions(+) create mode 100644 ansible/ansible.cfg create mode 100644 ansible/inventory.yaml create mode 100644 ansible/playbooks-test.yaml create mode 100644 ansible/playbooks/.vscode/settings.json create mode 100644 ansible/playbooks/blueprint.vars create mode 100644 ansible/playbooks/initial_ostree.yaml create mode 100644 ansible/playbooks/setup.yaml diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg new file mode 100644 index 0000000..ece41cd --- /dev/null +++ b/ansible/ansible.cfg @@ -0,0 +1,2 @@ +[defaults] +inventory= inventory.yaml diff --git a/ansible/inventory.yaml b/ansible/inventory.yaml new file mode 100644 index 0000000..9cb3432 --- /dev/null +++ b/ansible/inventory.yaml @@ -0,0 +1,7 @@ +aws: + hosts: + 192.168.122.45: + vars: + ansible_port: 22 + ansible_user: epietryk + ansible_key_file: /home/epietryk/.ssh/edge diff --git a/ansible/playbooks-test.yaml b/ansible/playbooks-test.yaml new file mode 100644 index 0000000..32dc3d9 --- /dev/null +++ b/ansible/playbooks-test.yaml @@ -0,0 +1,6 @@ +--- + - name: ping all inventory + hosts: all + tasks: + - name: ping + ansible.builtin.ping: diff --git a/ansible/playbooks/.vscode/settings.json b/ansible/playbooks/.vscode/settings.json new file mode 100644 index 0000000..9d14cfb --- /dev/null +++ b/ansible/playbooks/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "ansible.python.interpreterPath": "/bin/python" +} \ No newline at end of file diff --git a/ansible/playbooks/blueprint.vars b/ansible/playbooks/blueprint.vars new file mode 100644 index 0000000..72ab8fb --- /dev/null +++ b/ansible/playbooks/blueprint.vars @@ -0,0 +1,5 @@ +builder_blueprint_name: "minimal-rhel9" +builder_blueprint_description: "minimal blueprint for ostree commit" +builder_blueprint_distro: rhel-93 +builder_blueprint_customizations: + version: "1.1.0" \ No newline at end of file diff --git a/ansible/playbooks/initial_ostree.yaml b/ansible/playbooks/initial_ostree.yaml new file mode 100644 index 0000000..9224996 --- /dev/null +++ b/ansible/playbooks/initial_ostree.yaml @@ -0,0 +1,44 @@ +- name: Create the initial ostree repo + hosts: all + become: true + vars_files: + - blueprint.vars + tasks: + - name: Add user to weldr group + ansible.builtin.user: + name: "{{ ansible_user_id }}" + groups: weldr + append: true + # - name: Create a blueprint + # infra.osbuild.create_blueprint: + # dest: "/home/epietryk/blueprint/blueprint.toml" + # name: "rhel-edge-blueprint" + # description: "{{ builder_blueprint_description }}" + # distro: "{{ builder_blueprint_distro }}" + # groups: "{{ builder_blueprint_groups }}" + # packages: "{{ builder_blueprint_packages }}" + # customizations: "{{ builder_blueprint_customizations }}" + - name: Push a blueprint + infra.osbuild.push_blueprint: + src: "/home/epietryk/blueprint/blueprint.toml" + - name: Start ostree compose with idempotent transaction + infra.osbuild.start_compose: + blueprint: rhel-edge-blueprint + allow_duplicate: true + register: builder_compose_start_out + - name: Print compose UUID + ansible.builtin.debug: + var: builder_compose_start_out + - name: Wait for compose to finish + infra.osbuild.wait_compose: + compose_id: "{{ builder_compose_start_out['result']['body']['build_id'] }}" + timeout: 3600 + - name: Create /tmp repo + ansible.builtin.file: + path: /tmp/images/ + mode: '0755' + state: directory + - name: Export the compose artifact + infra.osbuild.export_compose: # noqa only-builtins + compose_id: "{{ builder_compose_start_out['result']['body']['build_id'] }}" + dest: /tmp/images/{{ builder_compose_start_out['result']['body']['build_id'] }}.tar diff --git a/ansible/playbooks/setup.yaml b/ansible/playbooks/setup.yaml new file mode 100644 index 0000000..c45b077 --- /dev/null +++ b/ansible/playbooks/setup.yaml @@ -0,0 +1,31 @@ +- name: Setup VM + hosts: all + become: true + tasks: + - name: Install software + ansible.builtin.dnf: + name: + - osbuild-composer + - composer-cli + - cockpit-composer + - git + - podman + - buildah + - nginx + - firewalld + state: present + - name: Config services + ansible.builtin.service: + name: "{{ item }}" + state: started + enabled: true + loop: + - osbuild-composer.socket + - cockpit.socket + - nginx.service + - firewalld + - name: Add user to weldr group + ansible.builtin.user: + name: "{{ ansible_user_id }}" + groups: weldr + append: true From bb620b80c1d0555179e1959dd750818414b1bafc Mon Sep 17 00:00:00 2001 From: Ernest Pietryka <164904886+ePietry@users.noreply.github.com> Date: Tue, 26 Mar 2024 15:06:23 +0100 Subject: [PATCH 06/69] Delete ansible/inventory.yaml --- ansible/inventory.yaml | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 ansible/inventory.yaml diff --git a/ansible/inventory.yaml b/ansible/inventory.yaml deleted file mode 100644 index 9cb3432..0000000 --- a/ansible/inventory.yaml +++ /dev/null @@ -1,7 +0,0 @@ -aws: - hosts: - 192.168.122.45: - vars: - ansible_port: 22 - ansible_user: epietryk - ansible_key_file: /home/epietryk/.ssh/edge From 3363f54d97e373d1bfe393cd52f6a133254ccd05 Mon Sep 17 00:00:00 2001 From: ePietry Date: Tue, 26 Mar 2024 15:06:48 +0100 Subject: [PATCH 07/69] remove inventory --- .gitignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..7eccd68 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +ansible/inventory.yaml From a6b9ef6e9b57496e97051a62659e9ac89a8ae4af Mon Sep 17 00:00:00 2001 From: ePietry Date: Tue, 26 Mar 2024 16:03:27 +0100 Subject: [PATCH 08/69] Add documentation --- .../.vscode => .vscode}/settings.json | 0 ansible/README.MD | 109 ++++++++++++++++++ ansible/playbooks-test.yaml | 6 - ansible/playbooks/initial_ostree.yaml | 25 ++-- 4 files changed, 124 insertions(+), 16 deletions(-) rename {ansible/playbooks/.vscode => .vscode}/settings.json (100%) create mode 100644 ansible/README.MD delete mode 100644 ansible/playbooks-test.yaml diff --git a/ansible/playbooks/.vscode/settings.json b/.vscode/settings.json similarity index 100% rename from ansible/playbooks/.vscode/settings.json rename to .vscode/settings.json diff --git a/ansible/README.MD b/ansible/README.MD new file mode 100644 index 0000000..c2df1fd --- /dev/null +++ b/ansible/README.MD @@ -0,0 +1,109 @@ +# Installation on RHEL 9 Automatisation + +Ansible Playbook allowing to create ostree images for edge using Ansible. + +## Pre-requisites + +RHEL 9 pre-requisites : + +- RHEL 9 is installed +- The Red Hat repositories **baseos** and **appstream** are reachable + +Microshift pre-requisites : + +- RHEL 9.2 or 9.3 +- LVM volume group (VG) with unused space + +## Install Pre-requisites + +```sh +sudo subscription-manager register --username $RHN_LOGIN --auto-attach +sudo subscription-manager attach --pool=$RHN_POOL_ID +sudo dnf install -y osbuild-composer composer-cli cockpit-composer git firewalld python3-toml +sudo systemctl enable --now osbuild-composer.socket +sudo systemctl enable --now firewalld +sudo systemctl enable --now cockpit.socket +sudo systemctl restart osbuild-composer +sudo usermod -a -G weldr "$(id -un)" +``` + +Check that **os-composer** is working. + +``` +$ source /etc/bash_completion.d/composer-cli +$ composer-cli status show +API server status: + Database version: 0 + Database supported: true + Schema version: 0 + API version: 1 + Backend: osbuild-composer + Build: NEVRA:osbuild-composer-88.3-1.el9_3.x86_64 + +$ composer-cli sources list +appstream +baseos +``` + +## Clone this repository + +```sh +git clone https://github.com/ePietry/red-hat-kiosk.git +cd red-hat-kiosk +export GIT_REPO_CLONE="$PWD" +``` + +## Create the container image + +Install podman and buildah. + +```sh +sudo dnf install -y podman buildah +``` + +Define the target image properties. + +```sh +REGISTRY="quay.io" +IMAGE_NAME="nmasse_itix/kiosk-app" +IMAGE_TAG="latest" +``` + +Build and push the image to the registry. + +```sh +cd "$GIT_REPO_CLONE/application" +podman build -t localhost/kiosk-app:latest . +podman login "$REGISTRY" +podman tag localhost/kiosk-app:latest "$REGISTRY/$IMAGE_NAME:$IMAGE_TAG" +podman push "$REGISTRY/$IMAGE_NAME:$IMAGE_TAG" +``` + +## Nginx configuration + +Install and configure nginx. + +```sh +sudo dnf install -y nginx +sudo systemctl enable --now nginx.service +sudo firewall-cmd --permanent --add-port={80/tcp,443/tcp} +sudo firewall-cmd --reload +sudo mkdir -p /var/www +sudo restorecon -Rv /var/www +sudo sed -i.${EPOCHREALTIME:-bak} 's|/usr/share/nginx/html|/var/www|g' /etc/nginx/nginx.conf +sudo systemctl restart nginx.service +``` + +Find the IP address of the current server. + +```sh +MYIP="$(ip -4 -br addr show scope global | awk 'NR == 1 { split($3, parts, "/"); print parts[1]; }')" +``` + +## Create the initial ostree repo + +Create a `inventory.yaml` file inside the Ansible folder or define the inventory path inside the `ansible.cfg` file + +Add blueprint file into the blueprint folder or use the `example_blueprint.toml` + +Create the initial ostree repo using... \ No newline at end of file diff --git a/ansible/playbooks-test.yaml b/ansible/playbooks-test.yaml deleted file mode 100644 index 32dc3d9..0000000 --- a/ansible/playbooks-test.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- - - name: ping all inventory - hosts: all - tasks: - - name: ping - ansible.builtin.ping: diff --git a/ansible/playbooks/initial_ostree.yaml b/ansible/playbooks/initial_ostree.yaml index 9224996..3fb4f91 100644 --- a/ansible/playbooks/initial_ostree.yaml +++ b/ansible/playbooks/initial_ostree.yaml @@ -9,19 +9,10 @@ name: "{{ ansible_user_id }}" groups: weldr append: true - # - name: Create a blueprint - # infra.osbuild.create_blueprint: - # dest: "/home/epietryk/blueprint/blueprint.toml" - # name: "rhel-edge-blueprint" - # description: "{{ builder_blueprint_description }}" - # distro: "{{ builder_blueprint_distro }}" - # groups: "{{ builder_blueprint_groups }}" - # packages: "{{ builder_blueprint_packages }}" - # customizations: "{{ builder_blueprint_customizations }}" - name: Push a blueprint infra.osbuild.push_blueprint: src: "/home/epietryk/blueprint/blueprint.toml" - - name: Start ostree compose with idempotent transaction + - name: Start ostree compose infra.osbuild.start_compose: blueprint: rhel-edge-blueprint allow_duplicate: true @@ -42,3 +33,17 @@ infra.osbuild.export_compose: # noqa only-builtins compose_id: "{{ builder_compose_start_out['result']['body']['build_id'] }}" dest: /tmp/images/{{ builder_compose_start_out['result']['body']['build_id'] }}.tar + - name: Recursively remove directory /var/www/repo + ansible.builtin.file: + path: /var/www/repo + state: absent + # - name: Create empty file /var/www/repo + # ansible.builtin.file: + # path: /var/www/repo + # state: directory + # mode: '0755' + - name: Extract compose artifact into /var/www/repo + ansible.builtin.unarchive: + src: /tmp/images/{{ builder_compose_start_out['result']['body']['build_id'] }}.tar + dest: /var/www/ + remote_src: true From 930522da96bd1509739e8275444287f362e5277d Mon Sep 17 00:00:00 2001 From: ePietry Date: Tue, 26 Mar 2024 16:46:12 +0100 Subject: [PATCH 09/69] Improvement to blueprint repertory --- ansible/blueprints/blueprint.toml | 6 ++++++ ansible/playbooks/blueprint.vars | 5 ----- ansible/playbooks/initial_ostree.yaml | 26 ++++++++++++-------------- 3 files changed, 18 insertions(+), 19 deletions(-) create mode 100755 ansible/blueprints/blueprint.toml delete mode 100644 ansible/playbooks/blueprint.vars mode change 100644 => 100755 ansible/playbooks/initial_ostree.yaml diff --git a/ansible/blueprints/blueprint.toml b/ansible/blueprints/blueprint.toml new file mode 100755 index 0000000..9b6bd48 --- /dev/null +++ b/ansible/blueprints/blueprint.toml @@ -0,0 +1,6 @@ +name = "minimal-rhel9" +description = "minimal blueprint for ostree commit" +version = "1.1.0" +modules = [] +groups = [] +distro = "rhel-93" diff --git a/ansible/playbooks/blueprint.vars b/ansible/playbooks/blueprint.vars deleted file mode 100644 index 72ab8fb..0000000 --- a/ansible/playbooks/blueprint.vars +++ /dev/null @@ -1,5 +0,0 @@ -builder_blueprint_name: "minimal-rhel9" -builder_blueprint_description: "minimal blueprint for ostree commit" -builder_blueprint_distro: rhel-93 -builder_blueprint_customizations: - version: "1.1.0" \ No newline at end of file diff --git a/ansible/playbooks/initial_ostree.yaml b/ansible/playbooks/initial_ostree.yaml old mode 100644 new mode 100755 index 3fb4f91..d56b377 --- a/ansible/playbooks/initial_ostree.yaml +++ b/ansible/playbooks/initial_ostree.yaml @@ -1,18 +1,21 @@ - name: Create the initial ostree repo hosts: all become: true - vars_files: - - blueprint.vars tasks: - - name: Add user to weldr group - ansible.builtin.user: - name: "{{ ansible_user_id }}" - groups: weldr - append: true + - name: Create blueprint repo + ansible.builtin.file: + path: /tmp/blueprints + mode: '0755' + state: directory + - name: Copy blueprint file + ansible.builtin.copy: + src: "{{ playbook_dir }}/../blueprints/blueprint.toml" + dest: /tmp/blueprints/blueprint.toml + mode: '0755' - name: Push a blueprint infra.osbuild.push_blueprint: - src: "/home/epietryk/blueprint/blueprint.toml" - - name: Start ostree compose + src: "/tmp/blueprints/blueprint.toml" + - name: Start ostree compose with idempotent transaction infra.osbuild.start_compose: blueprint: rhel-edge-blueprint allow_duplicate: true @@ -37,11 +40,6 @@ ansible.builtin.file: path: /var/www/repo state: absent - # - name: Create empty file /var/www/repo - # ansible.builtin.file: - # path: /var/www/repo - # state: directory - # mode: '0755' - name: Extract compose artifact into /var/www/repo ansible.builtin.unarchive: src: /tmp/images/{{ builder_compose_start_out['result']['body']['build_id'] }}.tar From 2664b8f044a1c00bf1c880d5d7e47e650589705a Mon Sep 17 00:00:00 2001 From: ePietry Date: Tue, 26 Mar 2024 16:56:29 +0100 Subject: [PATCH 10/69] Added possibility to choose blueprint --- ansible/blueprints/{blueprint.toml => blueprint_example.toml} | 0 ansible/playbooks/initial_ostree.yaml | 2 +- ansible/playbooks/setup.yaml | 0 3 files changed, 1 insertion(+), 1 deletion(-) rename ansible/blueprints/{blueprint.toml => blueprint_example.toml} (100%) mode change 100644 => 100755 ansible/playbooks/setup.yaml diff --git a/ansible/blueprints/blueprint.toml b/ansible/blueprints/blueprint_example.toml similarity index 100% rename from ansible/blueprints/blueprint.toml rename to ansible/blueprints/blueprint_example.toml diff --git a/ansible/playbooks/initial_ostree.yaml b/ansible/playbooks/initial_ostree.yaml index d56b377..700e38d 100755 --- a/ansible/playbooks/initial_ostree.yaml +++ b/ansible/playbooks/initial_ostree.yaml @@ -9,7 +9,7 @@ state: directory - name: Copy blueprint file ansible.builtin.copy: - src: "{{ playbook_dir }}/../blueprints/blueprint.toml" + src: "{{ playbook_dir }}/../blueprints/{{ blueprint }}" dest: /tmp/blueprints/blueprint.toml mode: '0755' - name: Push a blueprint diff --git a/ansible/playbooks/setup.yaml b/ansible/playbooks/setup.yaml old mode 100644 new mode 100755 From 40dc2a869ee984d40c61bd05d41812e8a9d4aa66 Mon Sep 17 00:00:00 2001 From: ePietry Date: Tue, 26 Mar 2024 16:58:01 +0100 Subject: [PATCH 11/69] Updated readme --- ansible/README.MD | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ansible/README.MD b/ansible/README.MD index c2df1fd..07f7f01 100644 --- a/ansible/README.MD +++ b/ansible/README.MD @@ -104,6 +104,9 @@ MYIP="$(ip -4 -br addr show scope global | awk 'NR == 1 { split($3, parts, "/"); Create a `inventory.yaml` file inside the Ansible folder or define the inventory path inside the `ansible.cfg` file -Add blueprint file into the blueprint folder or use the `example_blueprint.toml` +Add blueprint file into the blueprint folder or use the `blueprint_example.toml` -Create the initial ostree repo using... \ No newline at end of file +Create the initial ostree repo using `blueprint_example.toml` use the following command: +``` +ansible-playbook playbooks/initial_ostree.yaml -e blueprint=blueprint_example.toml +``` From e8f3d967a75bbe37fec70fbbf03c4abde29c902f Mon Sep 17 00:00:00 2001 From: ePietry Date: Tue, 26 Mar 2024 17:00:51 +0100 Subject: [PATCH 12/69] remove debugging lines --- ansible/playbooks/initial_ostree.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/ansible/playbooks/initial_ostree.yaml b/ansible/playbooks/initial_ostree.yaml index 700e38d..8322bb9 100755 --- a/ansible/playbooks/initial_ostree.yaml +++ b/ansible/playbooks/initial_ostree.yaml @@ -20,9 +20,6 @@ blueprint: rhel-edge-blueprint allow_duplicate: true register: builder_compose_start_out - - name: Print compose UUID - ansible.builtin.debug: - var: builder_compose_start_out - name: Wait for compose to finish infra.osbuild.wait_compose: compose_id: "{{ builder_compose_start_out['result']['body']['build_id'] }}" From ea4de46fc03331a0b53ee1c278c4cbe6586fe6af Mon Sep 17 00:00:00 2001 From: ePietry Date: Tue, 26 Mar 2024 17:01:59 +0100 Subject: [PATCH 13/69] minor imporvements --- ansible/playbooks/initial_ostree.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible/playbooks/initial_ostree.yaml b/ansible/playbooks/initial_ostree.yaml index 8322bb9..887409d 100755 --- a/ansible/playbooks/initial_ostree.yaml +++ b/ansible/playbooks/initial_ostree.yaml @@ -15,7 +15,7 @@ - name: Push a blueprint infra.osbuild.push_blueprint: src: "/tmp/blueprints/blueprint.toml" - - name: Start ostree compose with idempotent transaction + - name: Start ostree compose infra.osbuild.start_compose: blueprint: rhel-edge-blueprint allow_duplicate: true @@ -24,16 +24,16 @@ infra.osbuild.wait_compose: compose_id: "{{ builder_compose_start_out['result']['body']['build_id'] }}" timeout: 3600 - - name: Create /tmp repo + - name: Create /tmp/images repo ansible.builtin.file: path: /tmp/images/ mode: '0755' state: directory - - name: Export the compose artifact + - name: Export the compose artifact to /tmp/images infra.osbuild.export_compose: # noqa only-builtins compose_id: "{{ builder_compose_start_out['result']['body']['build_id'] }}" dest: /tmp/images/{{ builder_compose_start_out['result']['body']['build_id'] }}.tar - - name: Recursively remove directory /var/www/repo + - name: Clear directory /var/www/repo ansible.builtin.file: path: /var/www/repo state: absent From 8928243afa042fb56435d7d0824c07c531918784 Mon Sep 17 00:00:00 2001 From: ePietry Date: Tue, 26 Mar 2024 18:38:48 +0100 Subject: [PATCH 14/69] Fix Blueprint bug --- ansible/playbooks/initial_ostree.yaml | 30 +++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/ansible/playbooks/initial_ostree.yaml b/ansible/playbooks/initial_ostree.yaml index 887409d..ac589f2 100755 --- a/ansible/playbooks/initial_ostree.yaml +++ b/ansible/playbooks/initial_ostree.yaml @@ -2,22 +2,29 @@ hosts: all become: true tasks: - - name: Create blueprint repo + - name: Create Blueprint /tmp/blueprints repo ansible.builtin.file: path: /tmp/blueprints mode: '0755' state: directory - - name: Copy blueprint file + - name: Copy Blueprint file to /tmp/blueprints ansible.builtin.copy: src: "{{ playbook_dir }}/../blueprints/{{ blueprint }}" dest: /tmp/blueprints/blueprint.toml mode: '0755' - - name: Push a blueprint + - name: Read the content of the TOML file + ansible.builtin.slurp: + src: /tmp/blueprints/blueprint.toml + register: toml_file_content + - name: Parse TOML content using Python + ansible.builtin.shell: "echo '{{ toml_file_content.content | b64decode }}' | python -c 'import sys, toml; print(toml.loads(sys.stdin.read())[\"name\"])'" + register: blueprint_name + - name: Push Blueprint infra.osbuild.push_blueprint: src: "/tmp/blueprints/blueprint.toml" - name: Start ostree compose infra.osbuild.start_compose: - blueprint: rhel-edge-blueprint + blueprint: "{{ blueprint_name.stdout }}" allow_duplicate: true register: builder_compose_start_out - name: Wait for compose to finish @@ -42,3 +49,18 @@ src: /tmp/images/{{ builder_compose_start_out['result']['body']['build_id'] }}.tar dest: /var/www/ remote_src: true + - name: adding /var/www/repo to OSTree + ansible.builtin.shell: "ostree --repo=/var/www/repo refs" + - name: Create /tmp/empty-tree repo + ansible.builtin.file: + path: /tmp/empty-tree + mode: '0755' + state: directory + - name: optimazing OSTree + ansible.builtin.shell: "ostree --repo=/var/www/repo commit -b 'empty' --tree=dir=/tmp/empty-tree" + - name: adding /var/www/repo to OSTree + ansible.builtin.shell: "ostree --repo=/var/www/repo refs" + - name: Clear directory /tmp/images/ + ansible.builtin.file: + path: /tmp/images/ + state: absent From b157210cb17bf5fd01ec4c623da0ecb19a97ace4 Mon Sep 17 00:00:00 2001 From: Ernest Pietryka <164904886+ePietry@users.noreply.github.com> Date: Tue, 26 Mar 2024 18:39:45 +0100 Subject: [PATCH 15/69] Update README.MD --- ansible/README.MD | 33 --------------------------------- 1 file changed, 33 deletions(-) diff --git a/ansible/README.MD b/ansible/README.MD index 07f7f01..4c5762a 100644 --- a/ansible/README.MD +++ b/ansible/README.MD @@ -45,39 +45,6 @@ appstream baseos ``` -## Clone this repository - -```sh -git clone https://github.com/ePietry/red-hat-kiosk.git -cd red-hat-kiosk -export GIT_REPO_CLONE="$PWD" -``` - -## Create the container image - -Install podman and buildah. - -```sh -sudo dnf install -y podman buildah -``` - -Define the target image properties. - -```sh -REGISTRY="quay.io" -IMAGE_NAME="nmasse_itix/kiosk-app" -IMAGE_TAG="latest" -``` - -Build and push the image to the registry. - -```sh -cd "$GIT_REPO_CLONE/application" -podman build -t localhost/kiosk-app:latest . -podman login "$REGISTRY" -podman tag localhost/kiosk-app:latest "$REGISTRY/$IMAGE_NAME:$IMAGE_TAG" -podman push "$REGISTRY/$IMAGE_NAME:$IMAGE_TAG" -``` ## Nginx configuration From a781c600c0b5e73421bd388de71a929e7bb3c0a0 Mon Sep 17 00:00:00 2001 From: ePietry Date: Tue, 26 Mar 2024 18:44:35 +0100 Subject: [PATCH 16/69] names --- ansible/playbooks/initial_ostree.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/playbooks/initial_ostree.yaml b/ansible/playbooks/initial_ostree.yaml index ac589f2..a6398fb 100755 --- a/ansible/playbooks/initial_ostree.yaml +++ b/ansible/playbooks/initial_ostree.yaml @@ -12,11 +12,11 @@ src: "{{ playbook_dir }}/../blueprints/{{ blueprint }}" dest: /tmp/blueprints/blueprint.toml mode: '0755' - - name: Read the content of the TOML file + - name: Reading Blueprint file ansible.builtin.slurp: src: /tmp/blueprints/blueprint.toml register: toml_file_content - - name: Parse TOML content using Python + - name: Getting Blueprint Name ansible.builtin.shell: "echo '{{ toml_file_content.content | b64decode }}' | python -c 'import sys, toml; print(toml.loads(sys.stdin.read())[\"name\"])'" register: blueprint_name - name: Push Blueprint @@ -56,7 +56,7 @@ path: /tmp/empty-tree mode: '0755' state: directory - - name: optimazing OSTree + - name: optimizing OSTree ansible.builtin.shell: "ostree --repo=/var/www/repo commit -b 'empty' --tree=dir=/tmp/empty-tree" - name: adding /var/www/repo to OSTree ansible.builtin.shell: "ostree --repo=/var/www/repo refs" From 0bf0ba7bb1d94f9580646b248928895c85a63ce0 Mon Sep 17 00:00:00 2001 From: Ernest Pietryka <164904886+ePietry@users.noreply.github.com> Date: Tue, 26 Mar 2024 19:02:07 +0100 Subject: [PATCH 17/69] Update README.MD --- ansible/README.MD | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/ansible/README.MD b/ansible/README.MD index 4c5762a..94bdb10 100644 --- a/ansible/README.MD +++ b/ansible/README.MD @@ -45,6 +45,31 @@ appstream baseos ``` +## Create the container image + +Install podman and buildah. + +```sh +sudo dnf install -y podman buildah +``` + +Define the target image properties. + +```sh +REGISTRY="quay.io" +IMAGE_NAME="nmasse_itix/kiosk-app" +IMAGE_TAG="latest" +``` + +Build and push the image to the registry. + +```sh +cd "$GIT_REPO_CLONE/application" +podman build -t localhost/kiosk-app:latest . +podman login "$REGISTRY" +podman tag localhost/kiosk-app:latest "$REGISTRY/$IMAGE_NAME:$IMAGE_TAG" +podman push "$REGISTRY/$IMAGE_NAME:$IMAGE_TAG" +``` ## Nginx configuration From 02194b53e327ff34fdce71632e5851b1cba96f21 Mon Sep 17 00:00:00 2001 From: ePietry Date: Tue, 26 Mar 2024 19:02:41 +0100 Subject: [PATCH 18/69] Add build RPMS playbook --- ansible/playbooks/build_RPMS.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 ansible/playbooks/build_RPMS.yaml diff --git a/ansible/playbooks/build_RPMS.yaml b/ansible/playbooks/build_RPMS.yaml new file mode 100644 index 0000000..c2fa72c --- /dev/null +++ b/ansible/playbooks/build_RPMS.yaml @@ -0,0 +1,15 @@ +- name: Build the RPMS + hosts: all + tasks: + - name: Install software + become: true + ansible.builtin.dnf: + name: + - git + - rpm-build + - rpmdevtools + state: present + - name: Clear directory /tmp/images/ + ansible.builtin.file: + path: /tmp/images/ + state: absent From fd64fd3b21b9aba018036ae5cda3a152ec938f15 Mon Sep 17 00:00:00 2001 From: ePietry Date: Tue, 26 Mar 2024 19:53:22 +0100 Subject: [PATCH 19/69] test --- ansible/playbooks/build_RPMS.yaml | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/ansible/playbooks/build_RPMS.yaml b/ansible/playbooks/build_RPMS.yaml index c2fa72c..f4079fb 100644 --- a/ansible/playbooks/build_RPMS.yaml +++ b/ansible/playbooks/build_RPMS.yaml @@ -9,7 +9,16 @@ - rpm-build - rpmdevtools state: present - - name: Clear directory /tmp/images/ + - name: Get user home directory + ansible.builtin.set_fact: + user_home_dir: "{{ lookup('env', 'HOME') }}" + - name: Clear directory $HOME/rpmbuild ansible.builtin.file: - path: /tmp/images/ + path: "{{ user_home_dir }}/rpmbuild" state: absent + - name: Get user GIT_REPO_CLONE directory + ansible.builtin.shell: "printenv HOSTNAME" + register: user_git_dir + - name: DEbufrzq + ansible.builtin.debug: + msg: "GIT_REPO_CLONE value: {{ user_git_dir.stdout }}" From b6347648a8c1dd6298db8cf2ca4cddc7cbb34840 Mon Sep 17 00:00:00 2001 From: ePietry Date: Tue, 26 Mar 2024 23:28:38 +0100 Subject: [PATCH 20/69] Update RPMS --- ansible/playbooks/build_RPMS.yaml | 62 ++++++++++++++++++++++++++----- 1 file changed, 53 insertions(+), 9 deletions(-) diff --git a/ansible/playbooks/build_RPMS.yaml b/ansible/playbooks/build_RPMS.yaml index f4079fb..73bce4e 100644 --- a/ansible/playbooks/build_RPMS.yaml +++ b/ansible/playbooks/build_RPMS.yaml @@ -9,16 +9,60 @@ - rpm-build - rpmdevtools state: present - - name: Get user home directory - ansible.builtin.set_fact: - user_home_dir: "{{ lookup('env', 'HOME') }}" + - name: Install rpmrebuild + become: true + ansible.builtin.yum: + name: rpmrebuild + state: present - name: Clear directory $HOME/rpmbuild ansible.builtin.file: - path: "{{ user_home_dir }}/rpmbuild" + path: "{{ ansible_env.HOME }}/rpmbuild" state: absent - - name: Get user GIT_REPO_CLONE directory - ansible.builtin.shell: "printenv HOSTNAME" - register: user_git_dir - - name: DEbufrzq + - name: Clear symbolic link between + ansible.builtin.file: + src: "{{ ansible_env.HOME }}/red-hat-kiosk/rpms" + dest: "{{ ansible_env.HOME }}/rpmbuild" + state: link + - name: Build the kiosk-config RPMS + ansible.builtin.shell: + spectool -g -R $HOME/rpmbuild/SPECS/kiosk-config.spec | + rpmbuild -ba $HOME/rpmbuild/SPECS/kiosk-config.spec + - name: Build the microshift-manifests RPM + ansible.builtin.shell: + spectool -g -R $HOME/rpmbuild/SPECS/microshift-manifests.spec | + rpmbuild -ba $HOME/rpmbuild/SPECS/microshift-manifests.spec + - name: Ensure the VENDOR directory exists + ansible.builtin.file: + path: "{{ ansible_env.HOME }}/rpmbuild/VENDOR" + state: directory + mode: '0755' + - name: Download Google Chrome RPM + ansible.builtin.get_url: + url: https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm + dest: "{{ ansible_env.HOME }}/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm" + - name: Rebuild the Google Chrome RPM + ansible.builtin.shell: | + set -Eeuo pipefail + rpmrebuild -s {{ ansible_env.HOME }}/rpmbuild/SPECS/google-chrome-stable.spec -p {{ ansible_env.HOME }}/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm + RPM=$(rpm -q {{ ansible_env.HOME }}/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm) + mkdir -p {{ ansible_env.HOME }}/rpmbuild/BUILDROOT/$RPM/ + rpm2cpio {{ ansible_env.HOME }}/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm | cpio -idmv -D {{ ansible_env.HOME }}/rpmbuild/BUILDROOT/$RPM/ + mv {{ ansible_env.HOME }}/rpmbuild/BUILDROOT/$RPM/opt/google/ {{ ansible_env.HOME }}/rpmbuild/BUILDROOT/$RPM/usr/bin/ + cd {{ ansible_env.HOME }}/rpmbuild/BUILDROOT/$RPM/usr/bin/ + rm -f google-chrome-stable + ln -s google/chrome/google-chrome google-chrome-stable + ln -s google/chrome/google-chrome chrome + sed -i.${EPOCHREALTIME:-bak} 's|/opt/google|/usr/bin/google|g' {{ ansible_env.HOME }}/rpmbuild/SPECS/google-chrome-stable.spec + rpmbuild -bb {{ ansible_env.HOME }}/rpmbuild/SPECS/google-chrome-stable.spec + args: + executable: /bin/bash + register: rebuild_result + failed_when: rebuild_result.rc != 0 + + - name: List built RPMs + ansible.builtin.command: ls -l {{ ansible_env.HOME }}/rpmbuild/RPMS/x86_64/ + register: rpm_list + + - name: Display built RPMs ansible.builtin.debug: - msg: "GIT_REPO_CLONE value: {{ user_git_dir.stdout }}" + var: rpm_list.stdout \ No newline at end of file From c2a559ff3f6f33bbde112e2824ad25e0b6d4723c Mon Sep 17 00:00:00 2001 From: ePietry Date: Wed, 27 Mar 2024 10:52:13 +0100 Subject: [PATCH 21/69] add_repo_creation --- .gitignore | 1 + .vscode/settings.json | 3 --- ansible/playbooks/repo_creation.yml | 16 ++++++++++++++++ 3 files changed, 17 insertions(+), 3 deletions(-) delete mode 100644 .vscode/settings.json create mode 100644 ansible/playbooks/repo_creation.yml diff --git a/.gitignore b/.gitignore index 7eccd68..b1ef62f 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ ansible/inventory.yaml +.vscode \ No newline at end of file diff --git a/.vscode/settings.json b/.vscode/settings.json deleted file mode 100644 index 9d14cfb..0000000 --- a/.vscode/settings.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "ansible.python.interpreterPath": "/bin/python" -} \ No newline at end of file diff --git a/ansible/playbooks/repo_creation.yml b/ansible/playbooks/repo_creation.yml new file mode 100644 index 0000000..ef07d60 --- /dev/null +++ b/ansible/playbooks/repo_creation.yml @@ -0,0 +1,16 @@ +- name: Create a Custom RPM Repository + hosts: all + become: true + vars: + repo_location: "/opt/custom-rpms/" + tasks: + - name: Install createrepo + ansible.builtin.dnf: + name: createrepo + state: present + - name: Ensure the repository directory exists + ansible.builtin.file: + path: "{{ repo_location }}" + state: directory + - + From 8f9e2bcd95552a50accc25c753c530088eecc746 Mon Sep 17 00:00:00 2001 From: ePietry Date: Wed, 27 Mar 2024 11:08:05 +0100 Subject: [PATCH 22/69] Add epel install --- ansible/playbooks/build_RPMS.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ansible/playbooks/build_RPMS.yaml b/ansible/playbooks/build_RPMS.yaml index 73bce4e..bb471b4 100644 --- a/ansible/playbooks/build_RPMS.yaml +++ b/ansible/playbooks/build_RPMS.yaml @@ -1,6 +1,12 @@ - name: Build the RPMS hosts: all tasks: + - name: Install EPEL release package + become: true + ansible.builtin.dnf: + name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm + state: present + disable_gpg_check: yes - name: Install software become: true ansible.builtin.dnf: @@ -8,6 +14,7 @@ - git - rpm-build - rpmdevtools + - rpmrebuild state: present - name: Install rpmrebuild become: true From 2109b007079471bde40884c5b4f066cc33285975 Mon Sep 17 00:00:00 2001 From: Ernest Pietryka <164904886+ePietry@users.noreply.github.com> Date: Wed, 27 Mar 2024 11:08:23 +0100 Subject: [PATCH 23/69] Update INSTALL_RHEL9.md --- documentation/INSTALL_RHEL9.md | 1 + 1 file changed, 1 insertion(+) diff --git a/documentation/INSTALL_RHEL9.md b/documentation/INSTALL_RHEL9.md index 3eba1fa..156ff63 100644 --- a/documentation/INSTALL_RHEL9.md +++ b/documentation/INSTALL_RHEL9.md @@ -182,6 +182,7 @@ rpmbuild -ba $HOME/rpmbuild/SPECS/microshift-manifests.spec Rebuild the Google Chrome RPM ```sh +sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm mkdir $HOME/rpmbuild/VENDOR curl -s -Lo $HOME/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm rpmrebuild -s $HOME/rpmbuild/SPECS/google-chrome-stable.spec -p $HOME/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm From dd7e828f83315a67f0888087902ccf08be7e3d1c Mon Sep 17 00:00:00 2001 From: ePietry Date: Wed, 27 Mar 2024 11:27:32 +0100 Subject: [PATCH 24/69] add listing of List build RMPS --- ansible/playbooks/build_RPMS.yaml | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/ansible/playbooks/build_RPMS.yaml b/ansible/playbooks/build_RPMS.yaml index bb471b4..4f0efea 100644 --- a/ansible/playbooks/build_RPMS.yaml +++ b/ansible/playbooks/build_RPMS.yaml @@ -6,7 +6,7 @@ ansible.builtin.dnf: name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm state: present - disable_gpg_check: yes + disable_gpg_check: false - name: Install software become: true ansible.builtin.dnf: @@ -66,10 +66,15 @@ register: rebuild_result failed_when: rebuild_result.rc != 0 - - name: List built RPMs - ansible.builtin.command: ls -l {{ ansible_env.HOME }}/rpmbuild/RPMS/x86_64/ - register: rpm_list + - name: Get build RMPS + ansible.builtin.find: + path: "{{ ansible_env.HOME }}/rpmbuild/RPMS/x86_64/" + register: build_rpms - - name: Display built RPMs + - name: Extract filenames from paths of built RPMs + ansible.builtin.set_fact: + rpm_filenames: "{{ build_rpms.files | map(attribute='path') | map('basename') | list }}" + + - name: List build RMPS ansible.builtin.debug: - var: rpm_list.stdout \ No newline at end of file + msg: "{{ rpm_filenames }}" From 42cc79bd215e37b80536bec944242375847178eb Mon Sep 17 00:00:00 2001 From: ePietry Date: Wed, 27 Mar 2024 11:30:54 +0100 Subject: [PATCH 25/69] update README --- ansible/README.MD | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ansible/README.MD b/ansible/README.MD index 94bdb10..3428682 100644 --- a/ansible/README.MD +++ b/ansible/README.MD @@ -102,3 +102,11 @@ Create the initial ostree repo using `blueprint_example.toml` use the following ``` ansible-playbook playbooks/initial_ostree.yaml -e blueprint=blueprint_example.toml ``` + + +## Build the RPMS + +To build RPM for kiosk-config, microshift-manifests and Google Chrome, run the `build_RPMS.yaml` playbook +``` +ansible-playbook playbooks/build_RPMS.yaml +``` \ No newline at end of file From 0d7db0b3d0c4628a681db331f02c6a06d67de511 Mon Sep 17 00:00:00 2001 From: ePietry Date: Wed, 27 Mar 2024 12:06:19 +0100 Subject: [PATCH 26/69] Update repo_creation --- ansible/playbooks/repo_creation.yml | 56 ++++++++++++++++++++++++++--- 1 file changed, 51 insertions(+), 5 deletions(-) diff --git a/ansible/playbooks/repo_creation.yml b/ansible/playbooks/repo_creation.yml index ef07d60..7db43f5 100644 --- a/ansible/playbooks/repo_creation.yml +++ b/ansible/playbooks/repo_creation.yml @@ -1,16 +1,62 @@ -- name: Create a Custom RPM Repository +--- +- name: Create a custom RPM repository hosts: all - become: true vars: repo_location: "/opt/custom-rpms/" + tasks: - - name: Install createrepo + - name: Install createrepo package + become: true ansible.builtin.dnf: name: createrepo state: present + + - name: Clear the repository directory exists + become: true + ansible.builtin.file: + path: "{{ repo_location }}" + state: absent + - name: Ensure the repository directory exists + become: true ansible.builtin.file: path: "{{ repo_location }}" state: directory - - - + mode: '0755' + + - name: Copy RPMs to the repository location + ansible.builtin.shell: sudo cp {{ ansible_env.HOME }}/rpmbuild/RPMS/x86_64/* {{ repo_location }} + + - name: Initialize the repository with createrepo + become: true + ansible.builtin.command: + cmd: "createrepo {{ repo_location }}" + + - name: Create custom repo file + become: true + ansible.builtin.lineinfile: + path: /etc/yum.repos.d/custom.repo + line: "{{ item }}" + create: true + mode: '0755' + loop: + - "[custom]" + - "name = Custom RPMS" + - "baseurl = file://{{ repo_location }}" + - "enabled = 1" + - "gpgcheck = 0" + + - name: Clean dnf cache + become: true + ansible.builtin.command: + cmd: dnf clean all + + - name: Verify packages are present + ansible.builtin.shell: + cmd: "sudo dnf list available --disablerepo='*' --enablerepo='custom' kiosk-config google-chrome-stable microshift-manifests" + register: package_info + ignore_errors: true + + - name: Display package info output + ansible.builtin.debug: + var: package_info.stdout_lines \ No newline at end of file From b931c3b3f0aab52de9d7850c822c7a9c9c2a2807 Mon Sep 17 00:00:00 2001 From: ePietry Date: Wed, 27 Mar 2024 13:14:51 +0100 Subject: [PATCH 27/69] add blurprint preparation playbook --- ansible/playbooks/blueprint_preparation.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 ansible/playbooks/blueprint_preparation.yaml diff --git a/ansible/playbooks/blueprint_preparation.yaml b/ansible/playbooks/blueprint_preparation.yaml new file mode 100644 index 0000000..e69de29 From 5c92a630e8464d3999fef7ce11542882819d5838 Mon Sep 17 00:00:00 2001 From: Ernest Pietryka <164904886+ePietry@users.noreply.github.com> Date: Wed, 27 Mar 2024 13:19:50 +0100 Subject: [PATCH 28/69] Update README.MD --- ansible/README.MD | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/ansible/README.MD b/ansible/README.MD index 3428682..6b08715 100644 --- a/ansible/README.MD +++ b/ansible/README.MD @@ -109,4 +109,14 @@ ansible-playbook playbooks/initial_ostree.yaml -e blueprint=blueprint_example.to To build RPM for kiosk-config, microshift-manifests and Google Chrome, run the `build_RPMS.yaml` playbook ``` ansible-playbook playbooks/build_RPMS.yaml -``` \ No newline at end of file +``` + +## Repository Creation +to build a repository containing the RPMS we created, run the 'repo_creation.yaml' playbook and indicate the desiered repo directory suring the -e argument. + +For instance to create repository in the '/opt/custom-rpms/' directory use : +''' +ansible-playbook playbooks/repo_creation.yaml +''' + + From 8eb62705c74cf3a9351a3b55834518e9a1575cc8 Mon Sep 17 00:00:00 2001 From: Ernest Pietryka <164904886+ePietry@users.noreply.github.com> Date: Wed, 27 Mar 2024 13:25:37 +0100 Subject: [PATCH 29/69] Update README.MD --- ansible/README.MD | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/README.MD b/ansible/README.MD index 6b08715..fd36024 100644 --- a/ansible/README.MD +++ b/ansible/README.MD @@ -115,8 +115,8 @@ ansible-playbook playbooks/build_RPMS.yaml to build a repository containing the RPMS we created, run the 'repo_creation.yaml' playbook and indicate the desiered repo directory suring the -e argument. For instance to create repository in the '/opt/custom-rpms/' directory use : -''' -ansible-playbook playbooks/repo_creation.yaml -''' +``` +ansible-playbook playbooks/repo_creation.yaml -e repo_location=/opt/custom-rpms/ +``` From d4dfc00141ddc78f6a2582bb8619205574957a1c Mon Sep 17 00:00:00 2001 From: ePietry Date: Wed, 27 Mar 2024 13:26:40 +0100 Subject: [PATCH 30/69] improve repo creation --- ansible/playbooks/repo_creation.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/ansible/playbooks/repo_creation.yml b/ansible/playbooks/repo_creation.yml index 7db43f5..9a5e458 100644 --- a/ansible/playbooks/repo_creation.yml +++ b/ansible/playbooks/repo_creation.yml @@ -1,9 +1,6 @@ --- - name: Create a custom RPM repository hosts: all - vars: - repo_location: "/opt/custom-rpms/" - tasks: - name: Install createrepo package become: true From 74e599234f43c7ec00ccde9f35c34a195c6dc287 Mon Sep 17 00:00:00 2001 From: Ernest Pietryka <164904886+ePietry@users.noreply.github.com> Date: Wed, 27 Mar 2024 13:28:19 +0100 Subject: [PATCH 32/69] Update README.MD --- ansible/README.MD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/README.MD b/ansible/README.MD index fd36024..c15fe2a 100644 --- a/ansible/README.MD +++ b/ansible/README.MD @@ -112,9 +112,9 @@ ansible-playbook playbooks/build_RPMS.yaml ``` ## Repository Creation -to build a repository containing the RPMS we created, run the 'repo_creation.yaml' playbook and indicate the desiered repo directory suring the -e argument. +to build a repository containing the RPMS we created, run the `repo_creation.yaml` playbook and indicate the desiered repo directory using the `-e` argument. -For instance to create repository in the '/opt/custom-rpms/' directory use : +For instance to create repository in the `/opt/custom-rpms/` directory use : ``` ansible-playbook playbooks/repo_creation.yaml -e repo_location=/opt/custom-rpms/ ``` From c844835bdbae6f93afdb71decfc335e6f424e14f Mon Sep 17 00:00:00 2001 From: ePietry Date: Wed, 27 Mar 2024 13:46:39 +0100 Subject: [PATCH 33/69] update repo_creation --- ansible/playbooks/repo_creation.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/ansible/playbooks/repo_creation.yml b/ansible/playbooks/repo_creation.yml index 9a5e458..04fa4ae 100644 --- a/ansible/playbooks/repo_creation.yml +++ b/ansible/playbooks/repo_creation.yml @@ -14,6 +14,12 @@ path: "{{ repo_location }}" state: absent + - name: Old custom repo + become: true + ansible.builtin.file: + path: /etc/yum.repos.d/custom.repo + state: absent + - name: Ensure the repository directory exists become: true ansible.builtin.file: @@ -54,6 +60,11 @@ register: package_info ignore_errors: true + - name: Verify packages are present + become: true + ansible.builtin.shell: + cmd: "dnf config-manager --enable custom" + - name: Display package info output ansible.builtin.debug: var: package_info.stdout_lines \ No newline at end of file From 4ae757575653401b9c9afb309dd5b3458390d291 Mon Sep 17 00:00:00 2001 From: ePietry Date: Wed, 27 Mar 2024 14:50:07 +0100 Subject: [PATCH 34/69] update blueprint_prepa --- .gitignore | 4 +- ansible/playbooks/blueprint_preparation.yaml | 103 +++++++++++++++++++ 2 files changed, 106 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index b1ef62f..1a80ca8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ ansible/inventory.yaml -.vscode \ No newline at end of file +.vscode +ansible/test +ansible/test.pub \ No newline at end of file diff --git a/ansible/playbooks/blueprint_preparation.yaml b/ansible/playbooks/blueprint_preparation.yaml index e69de29..bf825bb 100644 --- a/ansible/playbooks/blueprint_preparation.yaml +++ b/ansible/playbooks/blueprint_preparation.yaml @@ -0,0 +1,103 @@ +- name: Create the initial ostree repo + hosts: all + tasks: + - name: Extract userspace architecture + ansible.builtin.set_fact: + userspace_arch: "{{ ansible_facts['userspace_architecture'] }}" + - name: Enable required rhocp repositories using subscription-manager + become: true + ansible.builtin.command: + cmd: "sudo subscription-manager repos --enable rhocp-4.14-for-rhel-9-{{ userspace_arch }}-rpms --enable fast-datapath-for-rhel-9-{{ userspace_arch }}-rpms" + - name: Get information about the microshift package + ansible.builtin.command: + cmd: "dnf info microshift" + register: microshift_info + + - name: Display microshift package information + ansible.builtin.debug: + var: microshift_info.stdout_lines + + - name: Install mkpasswd and podman packages + become: true + ansible.builtin.dnf: + name: + - mkpasswd + - podman + state: present + + - name: Generate bcrypt hash of the admin password + command: mkpasswd -m bcrypt "{{ ADMIN_PASSWORD }}" + register: admin_password_hash + changed_when: false + + - name: Update kiosk.toml with admin password hash and SSH public key + ansible.builtin.lineinfile: + path: "{{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.toml" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + loop: + - { regexp: '^__ADMIN_PASSWORD__=', line: '__ADMIN_PASSWORD__={{ admin_password_hash.stdout }}' } + - { regexp: '^__ADMIN_SSH_PUBLIC_KEY__=', line: '__ADMIN_SSH_PUBLIC_KEY__={{ ADMIN_SSH_PUBLIC_KEY }}' } + + - name: Add custom packages source to composer + ansible.builtin.shell: | + composer-cli sources add < Date: Wed, 27 Mar 2024 15:08:28 +0100 Subject: [PATCH 35/69] update blueprints prep --- .gitignore | 3 +-- ansible/playbooks/blueprint_preparation.yaml | 14 +++++++++++++- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 1a80ca8..65451b9 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,3 @@ ansible/inventory.yaml .vscode -ansible/test -ansible/test.pub \ No newline at end of file +ansible/credentials \ No newline at end of file diff --git a/ansible/playbooks/blueprint_preparation.yaml b/ansible/playbooks/blueprint_preparation.yaml index bf825bb..9475252 100644 --- a/ansible/playbooks/blueprint_preparation.yaml +++ b/ansible/playbooks/blueprint_preparation.yaml @@ -1,6 +1,11 @@ - name: Create the initial ostree repo hosts: all + tasks: + - name: Display microshift package information + ansible.builtin.debug: + var: "{{ ADMIN_SSH_PUBLIC_KEY }}" + - name: Extract userspace architecture ansible.builtin.set_fact: userspace_arch: "{{ ansible_facts['userspace_architecture'] }}" @@ -17,6 +22,7 @@ ansible.builtin.debug: var: microshift_info.stdout_lines + - name: Install mkpasswd and podman packages become: true ansible.builtin.dnf: @@ -37,7 +43,13 @@ line: "{{ item.line }}" loop: - { regexp: '^__ADMIN_PASSWORD__=', line: '__ADMIN_PASSWORD__={{ admin_password_hash.stdout }}' } - - { regexp: '^__ADMIN_SSH_PUBLIC_KEY__=', line: '__ADMIN_SSH_PUBLIC_KEY__={{ ADMIN_SSH_PUBLIC_KEY }}' } + + - name: Replace ADMIN_SSH_PUBLIC_KEY placeholder with the actual key + ansible.builtin.lineinfile: + path: "{{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.toml" + regexp: '^__ADMIN_SSH_PUBLIC_KEY__=' + line: '__ADMIN_SSH_PUBLIC_KEY__={{ ADMIN_SSH_PUBLIC_KEY }}' + backrefs: true - name: Add custom packages source to composer ansible.builtin.shell: | From a74fba8eebea005ecd96f94afbaf5ef19dfb0dfe Mon Sep 17 00:00:00 2001 From: ePietry Date: Wed, 27 Mar 2024 15:10:15 +0100 Subject: [PATCH 36/69] update --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 65451b9..2cb147e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ ansible/inventory.yaml .vscode -ansible/credentials \ No newline at end of file +ansible/credentials.yaml \ No newline at end of file From 3e7aca4c8a5647c2448f4af459d2c68797825637 Mon Sep 17 00:00:00 2001 From: ePietry Date: Wed, 27 Mar 2024 15:21:47 +0100 Subject: [PATCH 37/69] update --- .gitignore | 3 ++- ansible/playbooks/blueprint_preparation.yaml | 23 ++++++++++---------- ansible/playbooks/credentials.yaml | 2 ++ 3 files changed, 15 insertions(+), 13 deletions(-) create mode 100644 ansible/playbooks/credentials.yaml diff --git a/.gitignore b/.gitignore index 2cb147e..7848b25 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ ansible/inventory.yaml .vscode -ansible/credentials.yaml \ No newline at end of file +ansible/credentials.yaml +ansible/config.yaml \ No newline at end of file diff --git a/ansible/playbooks/blueprint_preparation.yaml b/ansible/playbooks/blueprint_preparation.yaml index 9475252..9ab8fb2 100644 --- a/ansible/playbooks/blueprint_preparation.yaml +++ b/ansible/playbooks/blueprint_preparation.yaml @@ -1,14 +1,10 @@ - name: Create the initial ostree repo hosts: all - + vars_files: ../credentials.yaml tasks: - - name: Display microshift package information - ansible.builtin.debug: - var: "{{ ADMIN_SSH_PUBLIC_KEY }}" - - name: Extract userspace architecture ansible.builtin.set_fact: - userspace_arch: "{{ ansible_facts['userspace_architecture'] }}" + userspace_arch: "{{ ansible_facts['userspace_architecture']}}" - name: Enable required rhocp repositories using subscription-manager become: true ansible.builtin.command: @@ -22,6 +18,13 @@ ansible.builtin.debug: var: microshift_info.stdout_lines + - name: Display ssh package information + ansible.builtin.debug: + var: ADMIN_SSH_PUBLIC_KEY + + - name: Display password package information + ansible.builtin.debug: + var: ADMIN_PASSWORD - name: Install mkpasswd and podman packages become: true @@ -43,13 +46,9 @@ line: "{{ item.line }}" loop: - { regexp: '^__ADMIN_PASSWORD__=', line: '__ADMIN_PASSWORD__={{ admin_password_hash.stdout }}' } + - { regexp: '^__ADMIN_SSH_PUBLIC_KEY__=', line: '__ADMIN_SSH_PUBLIC_KEY__={{ ADMIN_SSH_PUBLIC_KEY }}' } + - - name: Replace ADMIN_SSH_PUBLIC_KEY placeholder with the actual key - ansible.builtin.lineinfile: - path: "{{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.toml" - regexp: '^__ADMIN_SSH_PUBLIC_KEY__=' - line: '__ADMIN_SSH_PUBLIC_KEY__={{ ADMIN_SSH_PUBLIC_KEY }}' - backrefs: true - name: Add custom packages source to composer ansible.builtin.shell: | diff --git a/ansible/playbooks/credentials.yaml b/ansible/playbooks/credentials.yaml new file mode 100644 index 0000000..bf97294 --- /dev/null +++ b/ansible/playbooks/credentials.yaml @@ -0,0 +1,2 @@ +user: joe +home: /home/joe From 827c4cf62e7e6bb27ec9887a75c3f74497a3171c Mon Sep 17 00:00:00 2001 From: ePietry Date: Wed, 27 Mar 2024 15:29:52 +0100 Subject: [PATCH 38/69] update external vars --- ansible/README.MD | 22 +++++++++++++++++----- ansible/playbooks/initial_ostree.yaml | 1 + ansible/playbooks/repo_creation.yml | 1 + 3 files changed, 19 insertions(+), 5 deletions(-) diff --git a/ansible/README.MD b/ansible/README.MD index c15fe2a..f1c3224 100644 --- a/ansible/README.MD +++ b/ansible/README.MD @@ -91,16 +91,27 @@ Find the IP address of the current server. ```sh MYIP="$(ip -4 -br addr show scope global | awk 'NR == 1 { split($3, parts, "/"); print parts[1]; }')" ``` +## Ansible Config + +Create a `inventory.yaml` file inside the Ansible folder or define the inventory path inside the `ansible.cfg` file +Create a `config.yaml` file inside the Ansible folder following this model: +```yaml +blueprint: #name of the blueprint you want to use form the ansible/bluprint folder. EXAMPLE blueprint: blueprint_example.toml +repo_location: #EXAMPLE repo_location: /opt/custom-rpms/ +ADMIN_SSH_PUBLIC_KEY: # ssh-rsa AA... +ADMIN_PASSWORD: +``` + ## Create the initial ostree repo -Create a `inventory.yaml` file inside the Ansible folder or define the inventory path inside the `ansible.cfg` file Add blueprint file into the blueprint folder or use the `blueprint_example.toml` +The blueprint use in this opperation is define in `config.yaml` as `blueprint:` Create the initial ostree repo using `blueprint_example.toml` use the following command: ``` -ansible-playbook playbooks/initial_ostree.yaml -e blueprint=blueprint_example.toml +ansible-playbook playbooks/initial_ostree.yaml ``` @@ -112,11 +123,12 @@ ansible-playbook playbooks/build_RPMS.yaml ``` ## Repository Creation -to build a repository containing the RPMS we created, run the `repo_creation.yaml` playbook and indicate the desiered repo directory using the `-e` argument. +To build a repository containing the RPMS we created, run the `repo_creation.yaml` playbook +The directory where the repo is created is define in `config.yaml` as `repo_location:` -For instance to create repository in the `/opt/custom-rpms/` directory use : +To start tge build, run : ``` -ansible-playbook playbooks/repo_creation.yaml -e repo_location=/opt/custom-rpms/ +ansible-playbook playbooks/repo_creation.yaml ``` diff --git a/ansible/playbooks/initial_ostree.yaml b/ansible/playbooks/initial_ostree.yaml index a6398fb..3c0f1f5 100755 --- a/ansible/playbooks/initial_ostree.yaml +++ b/ansible/playbooks/initial_ostree.yaml @@ -1,6 +1,7 @@ - name: Create the initial ostree repo hosts: all become: true + vars_files: ../config.yaml tasks: - name: Create Blueprint /tmp/blueprints repo ansible.builtin.file: diff --git a/ansible/playbooks/repo_creation.yml b/ansible/playbooks/repo_creation.yml index 04fa4ae..1da2d24 100644 --- a/ansible/playbooks/repo_creation.yml +++ b/ansible/playbooks/repo_creation.yml @@ -1,6 +1,7 @@ --- - name: Create a custom RPM repository hosts: all + vars_files: ../config.yaml tasks: - name: Install createrepo package become: true From 6a28877971fac069fd10b2136ae5db502c9bf8f5 Mon Sep 17 00:00:00 2001 From: ePietry Date: Wed, 27 Mar 2024 15:30:43 +0100 Subject: [PATCH 39/69] update --- ansible/README.MD | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/README.MD b/ansible/README.MD index f1c3224..c6c464c 100644 --- a/ansible/README.MD +++ b/ansible/README.MD @@ -96,7 +96,7 @@ MYIP="$(ip -4 -br addr show scope global | awk 'NR == 1 { split($3, parts, "/"); Create a `inventory.yaml` file inside the Ansible folder or define the inventory path inside the `ansible.cfg` file Create a `config.yaml` file inside the Ansible folder following this model: ```yaml -blueprint: #name of the blueprint you want to use form the ansible/bluprint folder. EXAMPLE blueprint: blueprint_example.toml +blueprint: #name of the blueprint you want to use from the ansible/bluprint folder. EXAMPLE blueprint: blueprint_example.toml repo_location: #EXAMPLE repo_location: /opt/custom-rpms/ ADMIN_SSH_PUBLIC_KEY: # ssh-rsa AA... ADMIN_PASSWORD: From 4ccf9a4f7baadd3cea902bb663bcccd6e0d70af3 Mon Sep 17 00:00:00 2001 From: ePietry Date: Wed, 27 Mar 2024 15:31:15 +0100 Subject: [PATCH 40/69] typo --- ansible/README.MD | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ansible/README.MD b/ansible/README.MD index c6c464c..d4a89a2 100644 --- a/ansible/README.MD +++ b/ansible/README.MD @@ -94,6 +94,8 @@ MYIP="$(ip -4 -br addr show scope global | awk 'NR == 1 { split($3, parts, "/"); ## Ansible Config Create a `inventory.yaml` file inside the Ansible folder or define the inventory path inside the `ansible.cfg` file + + Create a `config.yaml` file inside the Ansible folder following this model: ```yaml blueprint: #name of the blueprint you want to use from the ansible/bluprint folder. EXAMPLE blueprint: blueprint_example.toml From b059a82ed87e7ef9b1dfca72d02ebaa7f03f0327 Mon Sep 17 00:00:00 2001 From: ePietry Date: Wed, 27 Mar 2024 15:32:27 +0100 Subject: [PATCH 41/69] typo --- ansible/README.MD | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ansible/README.MD b/ansible/README.MD index d4a89a2..5d1b4c9 100644 --- a/ansible/README.MD +++ b/ansible/README.MD @@ -93,8 +93,7 @@ MYIP="$(ip -4 -br addr show scope global | awk 'NR == 1 { split($3, parts, "/"); ``` ## Ansible Config -Create a `inventory.yaml` file inside the Ansible folder or define the inventory path inside the `ansible.cfg` file - +Create a `inventory.yaml` file inside the Ansible folder or define the inventory path inside the `ansible.cfg` file Create a `config.yaml` file inside the Ansible folder following this model: ```yaml @@ -108,7 +107,7 @@ ADMIN_PASSWORD: ## Create the initial ostree repo -Add blueprint file into the blueprint folder or use the `blueprint_example.toml` +Add blueprint file into the blueprint folder or use the `blueprint_example.toml` The blueprint use in this opperation is define in `config.yaml` as `blueprint:` Create the initial ostree repo using `blueprint_example.toml` use the following command: From 391bbe62fa1508c079739dafebeb2170c9b03d23 Mon Sep 17 00:00:00 2001 From: ePietry Date: Wed, 27 Mar 2024 15:33:22 +0100 Subject: [PATCH 42/69] typo --- ansible/README.MD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/README.MD b/ansible/README.MD index 5d1b4c9..5ea5ac4 100644 --- a/ansible/README.MD +++ b/ansible/README.MD @@ -93,9 +93,9 @@ MYIP="$(ip -4 -br addr show scope global | awk 'NR == 1 { split($3, parts, "/"); ``` ## Ansible Config -Create a `inventory.yaml` file inside the Ansible folder or define the inventory path inside the `ansible.cfg` file +Create a `inventory.yaml` file inside the ansible folder or define the inventory path inside the `ansible.cfg` file -Create a `config.yaml` file inside the Ansible folder following this model: +Create a `config.yaml` file inside the ansible folder following this model: ```yaml blueprint: #name of the blueprint you want to use from the ansible/bluprint folder. EXAMPLE blueprint: blueprint_example.toml repo_location: #EXAMPLE repo_location: /opt/custom-rpms/ From 50fbb6ebf0e1704507555c1fb2fee314bb87b7d4 Mon Sep 17 00:00:00 2001 From: ePietry Date: Wed, 27 Mar 2024 15:59:12 +0100 Subject: [PATCH 43/69] blueprint prepa update --- ansible/playbooks/blueprint_preparation.yaml | 86 +++++++++----------- 1 file changed, 37 insertions(+), 49 deletions(-) diff --git a/ansible/playbooks/blueprint_preparation.yaml b/ansible/playbooks/blueprint_preparation.yaml index 9ab8fb2..bea6b0f 100644 --- a/ansible/playbooks/blueprint_preparation.yaml +++ b/ansible/playbooks/blueprint_preparation.yaml @@ -18,14 +18,6 @@ ansible.builtin.debug: var: microshift_info.stdout_lines - - name: Display ssh package information - ansible.builtin.debug: - var: ADMIN_SSH_PUBLIC_KEY - - - name: Display password package information - ansible.builtin.debug: - var: ADMIN_PASSWORD - - name: Install mkpasswd and podman packages become: true ansible.builtin.dnf: @@ -39,76 +31,72 @@ register: admin_password_hash changed_when: false - - name: Update kiosk.toml with admin password hash and SSH public key + - name: Set admin password in kiosk.toml ansible.builtin.lineinfile: path: "{{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.toml" - regexp: "{{ item.regexp }}" - line: "{{ item.line }}" - loop: - - { regexp: '^__ADMIN_PASSWORD__=', line: '__ADMIN_PASSWORD__={{ admin_password_hash.stdout }}' } - - { regexp: '^__ADMIN_SSH_PUBLIC_KEY__=', line: '__ADMIN_SSH_PUBLIC_KEY__={{ ADMIN_SSH_PUBLIC_KEY }}' } + regexp: '^password =.*$' + line: 'password = "{{ ADMIN_PASSWORD }}"' + backrefs: yes + - name: Set admin SSH public key in kiosk.toml + ansible.builtin.lineinfile: + path: "{{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.toml" + regexp: '^key =.*$' + line: 'key = "{{ ADMIN_SSH_PUBLIC_KEY }}"' + backrefs: yes - name: Add custom packages source to composer ansible.builtin.shell: | - composer-cli sources add < Date: Wed, 27 Mar 2024 16:50:08 +0100 Subject: [PATCH 44/69] Add Ostree contruction playbook --- ansible/README.MD | 1 + ansible/playbooks/ostree_construction.yaml | 66 ++++++++++++++++++++++ 2 files changed, 67 insertions(+) create mode 100644 ansible/playbooks/ostree_construction.yaml diff --git a/ansible/README.MD b/ansible/README.MD index 5ea5ac4..33a5272 100644 --- a/ansible/README.MD +++ b/ansible/README.MD @@ -101,6 +101,7 @@ blueprint: #name of the blueprint you want to use from the ansible/bluprint fold repo_location: #EXAMPLE repo_location: /opt/custom-rpms/ ADMIN_SSH_PUBLIC_KEY: # ssh-rsa AA... ADMIN_PASSWORD: +MICROSHIFT_PULL_SECRET: # Generate one on https://console.redhat.com/openshift/install/pull-secret ``` diff --git a/ansible/playbooks/ostree_construction.yaml b/ansible/playbooks/ostree_construction.yaml new file mode 100644 index 0000000..2ba203e --- /dev/null +++ b/ansible/playbooks/ostree_construction.yaml @@ -0,0 +1,66 @@ +- name: Create the initial ostree repo + hosts: all + vars_files: ../credentials.yaml + tasks: + - name: Solve dependencies for the blueprint + ansible.builtin.command: composer-cli blueprints depsolve kiosk + + + - name: Start ostree compose + infra.osbuild.start_compose: + blueprint: kiosk + compose_type: edge-commit + allow_duplicate: true + ostree_url: http://{{ ansible_default_ipv4.address }}/repo + register: builder_compose_start_out + + - name: Wait for compose to finish + infra.osbuild.wait_compose: + compose_id: "{{ builder_compose_start_out['result']['body']['build_id'] }}" + timeout: 3600 + + - name: Create /tmp/commit repo + ansible.builtin.file: + path: /tmp/commit/ + mode: '0755' + state: directory + + - name: Export the compose artifact to /tmp/commit + infra.osbuild.export_compose: # noqa only-builtins + compose_id: "{{ builder_compose_start_out['result']['body']['build_id'] }}" + dest: /tmp/commit/{{ builder_compose_start_out['result']['body']['build_id'] }}.tar + + - name: Create /tmp/commit/ID repo + ansible.builtin.file: + path: /tmp/commit/{{ builder_compose_start_out['result']['body']['build_id'] }} + mode: '0755' + state: directory + + + - name: Extract compose artifact into /var/www/repo + ansible.builtin.unarchive: + src: /tmp/commit/{{ builder_compose_start_out['result']['body']['build_id'] }}.tar + dest: /tmp/commit/{{ builder_compose_start_out['result']['body']['build_id'] }} + remote_src: true + + - name: Pull local ostree repository + become: true + ansible.builtin.shell: ostree --repo=/var/www/repo pull-local "/tmp/commit/{{ builder_compose_start_out['result']['body']['build_id'] }}/repo" + + - name: config ostree ref + become: true + ansible.builtin.shell: ostree --repo=/var/www/repo refs + register: refs + + - name: Print refs + ansible.builtin.debug: + var: refs.stdout_lines + + - name: config ostree logs kiosk + become: true + ansible.builtin.shell: ostree --repo=/var/www/repo log rhel/9/x86_64/edge + register: logs + + - name: Print refs + ansible.builtin.debug: + var: logs.stdout_lines From d4fa1e14a834a56ff689ee1b0a54c02743ba2348 Mon Sep 17 00:00:00 2001 From: Ernest Pietryka <164904886+ePietry@users.noreply.github.com> Date: Thu, 28 Mar 2024 09:38:02 +0100 Subject: [PATCH 45/69] Delete ansible/playbooks/setup.yaml --- ansible/playbooks/setup.yaml | 31 ------------------------------- 1 file changed, 31 deletions(-) delete mode 100755 ansible/playbooks/setup.yaml diff --git a/ansible/playbooks/setup.yaml b/ansible/playbooks/setup.yaml deleted file mode 100755 index c45b077..0000000 --- a/ansible/playbooks/setup.yaml +++ /dev/null @@ -1,31 +0,0 @@ -- name: Setup VM - hosts: all - become: true - tasks: - - name: Install software - ansible.builtin.dnf: - name: - - osbuild-composer - - composer-cli - - cockpit-composer - - git - - podman - - buildah - - nginx - - firewalld - state: present - - name: Config services - ansible.builtin.service: - name: "{{ item }}" - state: started - enabled: true - loop: - - osbuild-composer.socket - - cockpit.socket - - nginx.service - - firewalld - - name: Add user to weldr group - ansible.builtin.user: - name: "{{ ansible_user_id }}" - groups: weldr - append: true From 2def96a891eb046b2d91400d58843ac85564a6e8 Mon Sep 17 00:00:00 2001 From: ePietry Date: Thu, 28 Mar 2024 09:39:12 +0100 Subject: [PATCH 46/69] add gen & kickstart --- ansible/playbooks/gen_iso_image.yaml | 55 ++++++++++++++++++++++ ansible/playbooks/kickstart.yaml | 11 +++++ ansible/playbooks/ostree_construction.yaml | 43 ++++++++++------- 3 files changed, 91 insertions(+), 18 deletions(-) create mode 100644 ansible/playbooks/gen_iso_image.yaml create mode 100644 ansible/playbooks/kickstart.yaml diff --git a/ansible/playbooks/gen_iso_image.yaml b/ansible/playbooks/gen_iso_image.yaml new file mode 100644 index 0000000..ab52ea8 --- /dev/null +++ b/ansible/playbooks/gen_iso_image.yaml @@ -0,0 +1,55 @@ +- name: Generate the Installer ISO image + hosts: all + vars_files: ../credentials.yaml + tasks: + - name: Clear /tmp/microshift_bluprint + ansible.builtin.file: + path: /tmp/microshift_bluprint.toml + state: absent + - name: Create /tmp/microshift_bluprint + ansible.builtin.file: + path: /tmp/microshift_bluprint.toml + state: file + mode: "0755" + - name: Write blueprint content to /tmp/microshift_bluprint file + ansible.builtin.copy: + dest: "/tmp/microshift_blueprint" + content: | + name = "microshift-installer" + + description = "" + version = "0.0.0" + modules = [] + groups = [] + packages = [] + become: true + + + - name: Push Blueprint + infra.osbuild.push_blueprint: + src: "/tmp/microshift_blueprint.toml" + + - name: Start the compose + ansible.builtin.shell: | + BUILDID=$(composer-cli compose start-ostree --url {{ repo_url }} --ref {{ ostree_ref }} {{ blueprint_name }} {{ compose_type }} | awk '{print $2}') + echo $BUILDID > /tmp/build_id + args: + executable: /bin/bash + register: start_compose_result + + - name: Wait for compose to finish (simplified example) + ansible.builtin.shell: | + BUILDID=$(cat /tmp/build_id) + until composer-cli compose status | grep -E "$BUILDID.*FINISHED"; do + sleep 30 + done + args: + executable: /bin/bash + + - name: Get BUILDID from file + ansible.builtin.shell: "cat /tmp/build_id" + register: build_id + + - name: Generate image from the compose + ansible.builtin.command: + cmd: "composer-cli compose image {{ build_id.stdout }}" diff --git a/ansible/playbooks/kickstart.yaml b/ansible/playbooks/kickstart.yaml new file mode 100644 index 0000000..9d16775 --- /dev/null +++ b/ansible/playbooks/kickstart.yaml @@ -0,0 +1,11 @@ +- name: creat kickstart + hosts: all + become: true + vars_files: ../config.yaml + tasks: + - name: set MICROSHIFT_PULL_SECRET + ansible.builtin.lineinfile: + path: "{{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.ks" + regexp: '--url=http://__MYIP__/repo' + line: '--url=http://"{{ ansible_default_ipv4.address }}"' + backrefs: yes \ No newline at end of file diff --git a/ansible/playbooks/ostree_construction.yaml b/ansible/playbooks/ostree_construction.yaml index 2ba203e..e6cf946 100644 --- a/ansible/playbooks/ostree_construction.yaml +++ b/ansible/playbooks/ostree_construction.yaml @@ -5,20 +5,21 @@ - name: Solve dependencies for the blueprint ansible.builtin.command: composer-cli blueprints depsolve kiosk - - - name: Start ostree compose - infra.osbuild.start_compose: - blueprint: kiosk - compose_type: edge-commit - allow_duplicate: true - ostree_url: http://{{ ansible_default_ipv4.address }}/repo - register: builder_compose_start_out + - name: Start OSTree Compose + ansible.builtin.shell: + cmd: composer-cli compose start-ostree kiosk edge-commit --url http://{{ ansible_default_ipv4.address }}/repo --ref "rhel/9/{{ ansible_architecture }}/edge-kiosk" --parent "rhel/9/{{ ansible_architecture }}/edge" | awk '{print $2}' + register: build_id + + - name: Echo BuildID for Microshift Installer + ansible.builtin.debug: + msg: "Build {{ build_id.stdout_lines | first }} is running..." - name: Wait for compose to finish infra.osbuild.wait_compose: - compose_id: "{{ builder_compose_start_out['result']['body']['build_id'] }}" + compose_id: "{{build_id.stdout_lines | first}}" timeout: 3600 + - name: Create /tmp/commit repo ansible.builtin.file: path: /tmp/commit/ @@ -27,26 +28,31 @@ - name: Export the compose artifact to /tmp/commit infra.osbuild.export_compose: # noqa only-builtins - compose_id: "{{ builder_compose_start_out['result']['body']['build_id'] }}" - dest: /tmp/commit/{{ builder_compose_start_out['result']['body']['build_id'] }}.tar + compose_id: "{{ build_id.stdout_lines | first }}" + dest: /tmp/commit/{{ build_id.stdout_lines | first }}.tar - name: Create /tmp/commit/ID repo ansible.builtin.file: - path: /tmp/commit/{{ builder_compose_start_out['result']['body']['build_id'] }} + path: /tmp/commit/{{ build_id.stdout_lines | first }} mode: '0755' state: directory - - name: Extract compose artifact into /var/www/repo + - name: Extract compose artifact into /tmp/commit/ID ansible.builtin.unarchive: - src: /tmp/commit/{{ builder_compose_start_out['result']['body']['build_id'] }}.tar - dest: /tmp/commit/{{ builder_compose_start_out['result']['body']['build_id'] }} + src: /tmp/commit/{{ build_id.stdout_lines | first }}.tar + dest: /tmp/commit/{{ build_id.stdout_lines | first }} remote_src: true - name: Pull local ostree repository become: true - ansible.builtin.shell: ostree --repo=/var/www/repo pull-local "/tmp/commit/{{ builder_compose_start_out['result']['body']['build_id'] }}/repo" - + ansible.builtin.shell: ostree --repo=/var/www/repo pull-local "/tmp/commit/{{ build_id.stdout_lines | first }}/repo" + +# - name: Clear /tmp/commit repo +# ansible.builtin.file: +# path: /tmp/commit/ +# state: absent + - name: config ostree ref become: true ansible.builtin.shell: ostree --repo=/var/www/repo refs @@ -58,9 +64,10 @@ - name: config ostree logs kiosk become: true - ansible.builtin.shell: ostree --repo=/var/www/repo log rhel/9/x86_64/edge + ansible.builtin.shell: ostree --repo=/var/www/repo log rhel/9/{{ ansible_architecture }}/edge-kiosk register: logs - name: Print refs ansible.builtin.debug: var: logs.stdout_lines + From 303df06cf25967d810d663f23103c708361be941 Mon Sep 17 00:00:00 2001 From: ePietry Date: Thu, 28 Mar 2024 09:44:07 +0100 Subject: [PATCH 47/69] Readme update --- ansible/README.MD | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/ansible/README.MD b/ansible/README.MD index 33a5272..f4c27a2 100644 --- a/ansible/README.MD +++ b/ansible/README.MD @@ -128,9 +128,17 @@ ansible-playbook playbooks/build_RPMS.yaml To build a repository containing the RPMS we created, run the `repo_creation.yaml` playbook The directory where the repo is created is define in `config.yaml` as `repo_location:` -To start tge build, run : +To start the build, run : ``` ansible-playbook playbooks/repo_creation.yaml ``` +## Blueprint preparation + +To work properly, this playbook needs the property `ADMIN_SSH_PUBLIC_KEY` and `ADMIN_PASSWORD` to be define in `config.yaml` + +To start the build, run : +``` +ansible-playbook playbooks/blueprint_preparation.yaml +``` \ No newline at end of file From d2597e5c699248a79590bea9fc1c575f15ae69c0 Mon Sep 17 00:00:00 2001 From: ePietry Date: Thu, 28 Mar 2024 09:52:39 +0100 Subject: [PATCH 48/69] remove file credentials --- ansible/playbooks/credentials.yaml | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 ansible/playbooks/credentials.yaml diff --git a/ansible/playbooks/credentials.yaml b/ansible/playbooks/credentials.yaml deleted file mode 100644 index bf97294..0000000 --- a/ansible/playbooks/credentials.yaml +++ /dev/null @@ -1,2 +0,0 @@ -user: joe -home: /home/joe From 6af76e0ddb44d2058649554882ba1394086f8872 Mon Sep 17 00:00:00 2001 From: ePietry Date: Thu, 28 Mar 2024 16:33:16 +0100 Subject: [PATCH 49/69] Update GPG check --- ansible/playbooks/build_RPMS.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/playbooks/build_RPMS.yaml b/ansible/playbooks/build_RPMS.yaml index 4f0efea..ee8f24d 100644 --- a/ansible/playbooks/build_RPMS.yaml +++ b/ansible/playbooks/build_RPMS.yaml @@ -6,7 +6,7 @@ ansible.builtin.dnf: name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm state: present - disable_gpg_check: false + disable_gpg_check: true - name: Install software become: true ansible.builtin.dnf: From 72a4a1db2ca0ab146eb46d49f5a2bd06f88f3fe2 Mon Sep 17 00:00:00 2001 From: ePietry Date: Thu, 28 Mar 2024 16:36:19 +0100 Subject: [PATCH 50/69] repo_creation name update --- ansible/playbooks/{repo_creation.yml => repo_creation.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename ansible/playbooks/{repo_creation.yml => repo_creation.yaml} (100%) diff --git a/ansible/playbooks/repo_creation.yml b/ansible/playbooks/repo_creation.yaml similarity index 100% rename from ansible/playbooks/repo_creation.yml rename to ansible/playbooks/repo_creation.yaml From e3f4209fd6321ec0f0d0154cee9c270c627a0cf6 Mon Sep 17 00:00:00 2001 From: ePietry Date: Thu, 28 Mar 2024 17:10:12 +0100 Subject: [PATCH 51/69] OStree Contrcition update and fix --- ansible/playbooks/ostree_construction.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ansible/playbooks/ostree_construction.yaml b/ansible/playbooks/ostree_construction.yaml index e6cf946..a9bf16f 100644 --- a/ansible/playbooks/ostree_construction.yaml +++ b/ansible/playbooks/ostree_construction.yaml @@ -14,6 +14,10 @@ ansible.builtin.debug: msg: "Build {{ build_id.stdout_lines | first }} is running..." + - name: Echo IPADRESS + ansible.builtin.debug: + msg: "{{ ansible_default_ipv4.address }}" + - name: Wait for compose to finish infra.osbuild.wait_compose: compose_id: "{{build_id.stdout_lines | first}}" From 42551a3f8e422942213e4f00c091c424ccc3b614 Mon Sep 17 00:00:00 2001 From: ePietry Date: Thu, 28 Mar 2024 17:11:57 +0100 Subject: [PATCH 52/69] update README --- ansible/README.MD | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ansible/README.MD b/ansible/README.MD index f4c27a2..dee765c 100644 --- a/ansible/README.MD +++ b/ansible/README.MD @@ -141,4 +141,11 @@ To work properly, this playbook needs the property `ADMIN_SSH_PUBLIC_KEY` and `A To start the build, run : ``` ansible-playbook playbooks/blueprint_preparation.yaml +``` + +## Ostree construction + +Create the ostree image and add it to the ostree repository with `ref = rhel/9/x86_64/edge-kiosk` by using the following playbook : +``` +ansible-playbook playbooks/blueprint_preparation.yaml ``` \ No newline at end of file From 6dad307377f725da431aed9d9a6dddc4d1e1793e Mon Sep 17 00:00:00 2001 From: ePietry Date: Thu, 28 Mar 2024 17:13:10 +0100 Subject: [PATCH 53/69] remove debuging plays --- ansible/playbooks/ostree_construction.yaml | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/ansible/playbooks/ostree_construction.yaml b/ansible/playbooks/ostree_construction.yaml index a9bf16f..6fe9fde 100644 --- a/ansible/playbooks/ostree_construction.yaml +++ b/ansible/playbooks/ostree_construction.yaml @@ -10,14 +10,6 @@ cmd: composer-cli compose start-ostree kiosk edge-commit --url http://{{ ansible_default_ipv4.address }}/repo --ref "rhel/9/{{ ansible_architecture }}/edge-kiosk" --parent "rhel/9/{{ ansible_architecture }}/edge" | awk '{print $2}' register: build_id - - name: Echo BuildID for Microshift Installer - ansible.builtin.debug: - msg: "Build {{ build_id.stdout_lines | first }} is running..." - - - name: Echo IPADRESS - ansible.builtin.debug: - msg: "{{ ansible_default_ipv4.address }}" - - name: Wait for compose to finish infra.osbuild.wait_compose: compose_id: "{{build_id.stdout_lines | first}}" @@ -52,10 +44,10 @@ become: true ansible.builtin.shell: ostree --repo=/var/www/repo pull-local "/tmp/commit/{{ build_id.stdout_lines | first }}/repo" -# - name: Clear /tmp/commit repo -# ansible.builtin.file: -# path: /tmp/commit/ -# state: absent + - name: Clear /tmp/commit repo + ansible.builtin.file: + path: /tmp/commit/ + state: absent - name: config ostree ref become: true From 6992116da58d4fab61014975986943aba36c47a4 Mon Sep 17 00:00:00 2001 From: ePietry Date: Thu, 28 Mar 2024 17:40:47 +0100 Subject: [PATCH 54/69] Update gen_iso_image --- ansible/playbooks/gen_iso_image.yaml | 36 +++++++++------------------- 1 file changed, 11 insertions(+), 25 deletions(-) diff --git a/ansible/playbooks/gen_iso_image.yaml b/ansible/playbooks/gen_iso_image.yaml index ab52ea8..550e797 100644 --- a/ansible/playbooks/gen_iso_image.yaml +++ b/ansible/playbooks/gen_iso_image.yaml @@ -2,18 +2,18 @@ hosts: all vars_files: ../credentials.yaml tasks: - - name: Clear /tmp/microshift_bluprint + - name: Clear /tmp/microshift_bluprint.toml ansible.builtin.file: path: /tmp/microshift_bluprint.toml state: absent - - name: Create /tmp/microshift_bluprint + - name: Create /tmp/microshift_bluprint.toml ansible.builtin.file: path: /tmp/microshift_bluprint.toml state: file mode: "0755" - name: Write blueprint content to /tmp/microshift_bluprint file ansible.builtin.copy: - dest: "/tmp/microshift_blueprint" + dest: "/tmp/microshift_blueprint.toml" content: | name = "microshift-installer" @@ -29,27 +29,13 @@ infra.osbuild.push_blueprint: src: "/tmp/microshift_blueprint.toml" - - name: Start the compose - ansible.builtin.shell: | - BUILDID=$(composer-cli compose start-ostree --url {{ repo_url }} --ref {{ ostree_ref }} {{ blueprint_name }} {{ compose_type }} | awk '{print $2}') - echo $BUILDID > /tmp/build_id - args: - executable: /bin/bash - register: start_compose_result - - - name: Wait for compose to finish (simplified example) - ansible.builtin.shell: | - BUILDID=$(cat /tmp/build_id) - until composer-cli compose status | grep -E "$BUILDID.*FINISHED"; do - sleep 30 - done - args: - executable: /bin/bash - - - name: Get BUILDID from file - ansible.builtin.shell: "cat /tmp/build_id" + - name: Start OSTree Compose + ansible.builtin.shell: + cmd: composer-cli compose start-ostree --url http://{{ ansible_default_ipv4.address }}/repo --ref empty microshift-installer edge-installer | awk '{print $2}' register: build_id - - name: Generate image from the compose - ansible.builtin.command: - cmd: "composer-cli compose image {{ build_id.stdout }}" + + - name: Wait for compose to finish + infra.osbuild.wait_compose: + compose_id: "{{build_id.stdout_lines | first}}" + timeout: 3600 From f0225c0b7a872a46666d67fc5e7142fa722d3a81 Mon Sep 17 00:00:00 2001 From: ePietry Date: Thu, 28 Mar 2024 17:41:57 +0100 Subject: [PATCH 55/69] Update README --- ansible/README.MD | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ansible/README.MD b/ansible/README.MD index dee765c..977a038 100644 --- a/ansible/README.MD +++ b/ansible/README.MD @@ -148,4 +148,11 @@ ansible-playbook playbooks/blueprint_preparation.yaml Create the ostree image and add it to the ostree repository with `ref = rhel/9/x86_64/edge-kiosk` by using the following playbook : ``` ansible-playbook playbooks/blueprint_preparation.yaml +``` + +## Generate the Installer ISO image + +Generate the ISO image of the installer by using the following playbook : +``` +ansible-playbook playbooks/ostree_construction.yaml ``` \ No newline at end of file From f2ca4bda1042df9038946147f2b0e95ccbe00538 Mon Sep 17 00:00:00 2001 From: ePietry Date: Thu, 28 Mar 2024 17:45:48 +0100 Subject: [PATCH 56/69] Update README --- ansible/README.MD | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/README.MD b/ansible/README.MD index 977a038..a00bee9 100644 --- a/ansible/README.MD +++ b/ansible/README.MD @@ -147,12 +147,12 @@ ansible-playbook playbooks/blueprint_preparation.yaml Create the ostree image and add it to the ostree repository with `ref = rhel/9/x86_64/edge-kiosk` by using the following playbook : ``` -ansible-playbook playbooks/blueprint_preparation.yaml +ansible-playbook playbooks/ostree_construction.yaml ``` ## Generate the Installer ISO image Generate the ISO image of the installer by using the following playbook : ``` -ansible-playbook playbooks/ostree_construction.yaml +ansible-playbook playbooks/gen_iso_image.yaml ``` \ No newline at end of file From b213ce43d9b4f9d79b6fcb63ef33e615ed51ee3d Mon Sep 17 00:00:00 2001 From: ePietry Date: Thu, 28 Mar 2024 17:54:48 +0100 Subject: [PATCH 57/69] Gen_Iso update --- ansible/README.MD | 5 ++++- ansible/playbooks/gen_iso_image.yaml | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ansible/README.MD b/ansible/README.MD index a00bee9..3bace0e 100644 --- a/ansible/README.MD +++ b/ansible/README.MD @@ -155,4 +155,7 @@ ansible-playbook playbooks/ostree_construction.yaml Generate the ISO image of the installer by using the following playbook : ``` ansible-playbook playbooks/gen_iso_image.yaml -``` \ No newline at end of file +``` + +## Prepare the Kickstart script + diff --git a/ansible/playbooks/gen_iso_image.yaml b/ansible/playbooks/gen_iso_image.yaml index 550e797..b249cfe 100644 --- a/ansible/playbooks/gen_iso_image.yaml +++ b/ansible/playbooks/gen_iso_image.yaml @@ -9,7 +9,7 @@ - name: Create /tmp/microshift_bluprint.toml ansible.builtin.file: path: /tmp/microshift_bluprint.toml - state: file + state: touch mode: "0755" - name: Write blueprint content to /tmp/microshift_bluprint file ansible.builtin.copy: From 06cd93b24b978332513d761cf38523c9900d24a3 Mon Sep 17 00:00:00 2001 From: ePietry Date: Thu, 28 Mar 2024 18:01:59 +0100 Subject: [PATCH 58/69] Update export compose --- ansible/playbooks/gen_iso_image.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ansible/playbooks/gen_iso_image.yaml b/ansible/playbooks/gen_iso_image.yaml index b249cfe..cc083fb 100644 --- a/ansible/playbooks/gen_iso_image.yaml +++ b/ansible/playbooks/gen_iso_image.yaml @@ -39,3 +39,8 @@ infra.osbuild.wait_compose: compose_id: "{{build_id.stdout_lines | first}}" timeout: 3600 + + - name: Export the compose artifact to /tmp/commit + infra.osbuild.export_compose: # noqa only-builtins + compose_id: "{{ build_id.stdout_lines | first }}" + dest: /{{ ansible_env.HOME }}/{{ build_id.stdout_lines | first }} #Ou mettre cette image ? From c5c1f6a4871762b7065f2216b6d47d4ef4d146fb Mon Sep 17 00:00:00 2001 From: ePietry Date: Fri, 29 Mar 2024 11:23:30 +0100 Subject: [PATCH 59/69] Update Kiosk ans kiskstart.yaml --- ansible/playbooks/kickstart.yaml | 37 +++++++++++++++++++++++++++----- imagebuilder/kiosk.ks | 2 +- 2 files changed, 33 insertions(+), 6 deletions(-) diff --git a/ansible/playbooks/kickstart.yaml b/ansible/playbooks/kickstart.yaml index 9d16775..4f01c43 100644 --- a/ansible/playbooks/kickstart.yaml +++ b/ansible/playbooks/kickstart.yaml @@ -1,11 +1,38 @@ -- name: creat kickstart +- name: Create kickstart hosts: all - become: true vars_files: ../config.yaml tasks: - - name: set MICROSHIFT_PULL_SECRET + - name : Remove existing kiosk.ks + ansible.builtin.file: + path: "{{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.ks" + state: absent + + - name: Copy fresh kiosk.ks + ansible.builtin.copy: + src: "{{ playbook_dir }}/../../imagebuilder/kiosk.ks" + dest: "{{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.ks" + mode: '0755' + + - name: Set repo adress ansible.builtin.lineinfile: path: "{{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.ks" regexp: '--url=http://__MYIP__/repo' - line: '--url=http://"{{ ansible_default_ipv4.address }}"' - backrefs: yes \ No newline at end of file + line: 'ostreesetup --nogpg --osname=rhel --remote=edge --url=http://{{ ansible_default_ipv4.address }} --ref=rhel/9/x86_64/edge-kiosk' + backrefs: true + + - name: Set MICROSHIFT_PULL_SECRET + ansible.builtin.lineinfile: + path: "{{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.ks" + regexp: '__MICROSHIFT_PULL_SECRET__' + line: "{{ MICROSHIFT_PULL_SECRET }}" + + - name: Install lorax & pykickstart packages + become: true + ansible.builtin.dnf: + state: present + name: + - lorax + - pykickstart + + + \ No newline at end of file diff --git a/imagebuilder/kiosk.ks b/imagebuilder/kiosk.ks index 1b463ef..839321b 100644 --- a/imagebuilder/kiosk.ks +++ b/imagebuilder/kiosk.ks @@ -42,7 +42,7 @@ reqpart --add-boot zerombr clearpart --all --initlabel reqpart --add-boot -part pv.01 --size=10G --ondisk=/dev/disk/by-path/pci-0000:00:12.0-ata-1 +part pv.01 --size=10240 --ondisk=/dev/disk/by-path/pci-0000:00:12.0-ata-1 volgroup system pv.01 logvol / --fstype="xfs" --size=1 --grow --name=root --vgname=system part pv.02 --size=1 --grow --ondisk=/dev/disk/by-path/pci-0000:00:12.0-ata-1 From 190d0e55ae300491779fe8311b07cdae3144e178 Mon Sep 17 00:00:00 2001 From: ePietry Date: Fri, 29 Mar 2024 11:39:02 +0100 Subject: [PATCH 60/69] Update kickstart playbook --- ansible/README.MD | 6 +++++- ansible/playbooks/gen_iso_image.yaml | 2 +- ansible/playbooks/kickstart.yaml | 29 ++++++++++++++++++++++++++-- 3 files changed, 33 insertions(+), 4 deletions(-) diff --git a/ansible/README.MD b/ansible/README.MD index 3bace0e..58631c8 100644 --- a/ansible/README.MD +++ b/ansible/README.MD @@ -157,5 +157,9 @@ Generate the ISO image of the installer by using the following playbook : ansible-playbook playbooks/gen_iso_image.yaml ``` -## Prepare the Kickstart script +## Prepare & inject the Kickstart script +Prepare & inject the Kisckstart script and create the final kiosk.ios, use the followin playbook : +``` +ansible-playbook playbooks/kickstart.yaml +``` diff --git a/ansible/playbooks/gen_iso_image.yaml b/ansible/playbooks/gen_iso_image.yaml index cc083fb..f4f59f3 100644 --- a/ansible/playbooks/gen_iso_image.yaml +++ b/ansible/playbooks/gen_iso_image.yaml @@ -43,4 +43,4 @@ - name: Export the compose artifact to /tmp/commit infra.osbuild.export_compose: # noqa only-builtins compose_id: "{{ build_id.stdout_lines | first }}" - dest: /{{ ansible_env.HOME }}/{{ build_id.stdout_lines | first }} #Ou mettre cette image ? + dest: /{{ ansible_env.HOME }}/installer.iso diff --git a/ansible/playbooks/kickstart.yaml b/ansible/playbooks/kickstart.yaml index 4f01c43..92e0aa5 100644 --- a/ansible/playbooks/kickstart.yaml +++ b/ansible/playbooks/kickstart.yaml @@ -34,5 +34,30 @@ - lorax - pykickstart - - \ No newline at end of file + - name: Validate kiosk.ks using ksvalidator + ansible.builtin.command: + cmd: "ksvalidator {{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.ks" + register: ksvalidator_output + ignore_errors: yes + + - name: Output error message if ksvalidator fails + ansible.builtin.debug: + msg: "{{ksvalidator_output.stderr_lines}}" + when: ksvalidator_output is failed + + - name : Remove existing kiosk.ios + ansible.builtin.file: + path: "{{ ansible_env.HOME }}/kiosk.iso" + state: absent + + - name: Create new kiosk.ios file + ansible.builtin.command: + cmd: "mkksiso -r 'inst.ks' --ks kiosk.ks 'installer.iso' kiosk.iso" + register: ksvalidator_output + + - name : Remove installer.iso + ansible.builtin.file: + path: "{{ ansible_env.HOME }}/installer.iso" + state: absent + + From 42607df3c7f93bcf54767715d63f6a2f57452f6d Mon Sep 17 00:00:00 2001 From: ePietry Date: Fri, 29 Mar 2024 12:15:56 +0100 Subject: [PATCH 61/69] Add Full play --- ansible/README.MD | 8 +++++++- ansible/playbooks/full_play.yaml | 22 ++++++++++++++++++++++ ansible/playbooks/kickstart.yaml | 12 +++++------- 3 files changed, 34 insertions(+), 8 deletions(-) create mode 100644 ansible/playbooks/full_play.yaml diff --git a/ansible/README.MD b/ansible/README.MD index 58631c8..32ad91f 100644 --- a/ansible/README.MD +++ b/ansible/README.MD @@ -104,6 +104,12 @@ ADMIN_PASSWORD: MICROSHIFT_PULL_SECRET: # Generate one on https://console.redhat.com/openshift/install/pull-secret ``` +## Run all the Ansible files +To run all of the ansible files, use the following command: +``` +ansible-playbook playbooks/full_play.yaml +``` + ## Create the initial ostree repo @@ -158,7 +164,7 @@ ansible-playbook playbooks/gen_iso_image.yaml ``` ## Prepare & inject the Kickstart script -Prepare & inject the Kisckstart script and create the final kiosk.ios, use the followin playbook : +Prepare & inject the Kisckstart script and create the final kiosk.iso, use the followin playbook : ``` ansible-playbook playbooks/kickstart.yaml ``` diff --git a/ansible/playbooks/full_play.yaml b/ansible/playbooks/full_play.yaml new file mode 100644 index 0000000..baec78b --- /dev/null +++ b/ansible/playbooks/full_play.yaml @@ -0,0 +1,22 @@ +- name: Generate the Installer ISO image + hosts: all + vars_files: ../credentials.yaml + tasks: + - name: Create the initial ostree repo + ansible.builtin.import_playbook: initial_ostree.yaml + + + - name: Build the RPMS + ansible.builtin.import_playbook: build_RPMS.yaml + + - name: Repository Creation + ansible.builtin.import_playbook: repo_creation.yaml + + - name: Ostree construction + ansible.builtin.import_playbook: ostree_construction.yaml + + - name: Generate the Installer ISO image + ansible.builtin.import_playbook: gen_iso_image.yaml + + - name: Prepare & inject the Kickstart script + ansible.builtin.import_playbook: kickstart.yaml diff --git a/ansible/playbooks/kickstart.yaml b/ansible/playbooks/kickstart.yaml index 92e0aa5..7f3b332 100644 --- a/ansible/playbooks/kickstart.yaml +++ b/ansible/playbooks/kickstart.yaml @@ -42,22 +42,20 @@ - name: Output error message if ksvalidator fails ansible.builtin.debug: - msg: "{{ksvalidator_output.stderr_lines}}" + msg: "{{ ksvalidator_output.stderr_lines }}" when: ksvalidator_output is failed - - name : Remove existing kiosk.ios + - name: Remove existing kiosk.ios ansible.builtin.file: path: "{{ ansible_env.HOME }}/kiosk.iso" state: absent - name: Create new kiosk.ios file ansible.builtin.command: - cmd: "mkksiso -r 'inst.ks' --ks kiosk.ks 'installer.iso' kiosk.iso" - register: ksvalidator_output + cmd: "mkksiso -r 'inst.ks' --ks {{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.ks '{{ ansible_env.HOME }}/installer.iso' kiosk.iso" + register: mkksiso_output - - name : Remove installer.iso + - name: Remove installer.iso ansible.builtin.file: path: "{{ ansible_env.HOME }}/installer.iso" state: absent - - From 6edf9c7fdad0377828e7f712085c83939ed4ddad Mon Sep 17 00:00:00 2001 From: ePietry Date: Fri, 29 Mar 2024 12:17:54 +0100 Subject: [PATCH 62/69] Update full play --- ansible/playbooks/full_play.yaml | 29 +++++++---------------------- 1 file changed, 7 insertions(+), 22 deletions(-) diff --git a/ansible/playbooks/full_play.yaml b/ansible/playbooks/full_play.yaml index baec78b..301b0fe 100644 --- a/ansible/playbooks/full_play.yaml +++ b/ansible/playbooks/full_play.yaml @@ -1,22 +1,7 @@ -- name: Generate the Installer ISO image - hosts: all - vars_files: ../credentials.yaml - tasks: - - name: Create the initial ostree repo - ansible.builtin.import_playbook: initial_ostree.yaml - - - - name: Build the RPMS - ansible.builtin.import_playbook: build_RPMS.yaml - - - name: Repository Creation - ansible.builtin.import_playbook: repo_creation.yaml - - - name: Ostree construction - ansible.builtin.import_playbook: ostree_construction.yaml - - - name: Generate the Installer ISO image - ansible.builtin.import_playbook: gen_iso_image.yaml - - - name: Prepare & inject the Kickstart script - ansible.builtin.import_playbook: kickstart.yaml +--- +- import_playbook: initial_ostree.yaml +- import_playbook: build_RPMS.yaml +- import_playbook: repo_creation.yaml +- import_playbook: ostree_construction.yaml +- import_playbook: gen_iso_image.yaml +- import_playbook: kickstart.yaml \ No newline at end of file From daf2ba7d3ce5b82579af09848de904bf3d601f0f Mon Sep 17 00:00:00 2001 From: ePietry Date: Fri, 29 Mar 2024 13:01:46 +0100 Subject: [PATCH 63/69] =?UTF-8?q?udp=C3=A2te?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ansible/playbooks/gen_iso_image.yaml | 2 +- ansible/playbooks/kickstart.yaml | 11 ++++++++--- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/ansible/playbooks/gen_iso_image.yaml b/ansible/playbooks/gen_iso_image.yaml index f4f59f3..a0a654a 100644 --- a/ansible/playbooks/gen_iso_image.yaml +++ b/ansible/playbooks/gen_iso_image.yaml @@ -43,4 +43,4 @@ - name: Export the compose artifact to /tmp/commit infra.osbuild.export_compose: # noqa only-builtins compose_id: "{{ build_id.stdout_lines | first }}" - dest: /{{ ansible_env.HOME }}/installer.iso + dest: /{{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/installer.iso diff --git a/ansible/playbooks/kickstart.yaml b/ansible/playbooks/kickstart.yaml index 7f3b332..9e1e1a6 100644 --- a/ansible/playbooks/kickstart.yaml +++ b/ansible/playbooks/kickstart.yaml @@ -7,6 +7,11 @@ path: "{{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.ks" state: absent + - name : Remove existing kiosk.ios + ansible.builtin.file: + path: "{{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.ios" + state: absent + - name: Copy fresh kiosk.ks ansible.builtin.copy: src: "{{ playbook_dir }}/../../imagebuilder/kiosk.ks" @@ -47,15 +52,15 @@ - name: Remove existing kiosk.ios ansible.builtin.file: - path: "{{ ansible_env.HOME }}/kiosk.iso" + path: "/{{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.iso" state: absent - name: Create new kiosk.ios file ansible.builtin.command: - cmd: "mkksiso -r 'inst.ks' --ks {{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.ks '{{ ansible_env.HOME }}/installer.iso' kiosk.iso" + cmd: "mkksiso -r 'inst.ks' --ks {{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.ks '{{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/installer.iso' {{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.iso" register: mkksiso_output - name: Remove installer.iso ansible.builtin.file: - path: "{{ ansible_env.HOME }}/installer.iso" + path: "{{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/installer.iso" state: absent From 8917adda209f16243189d96a1b8d9fd91b91cb30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= Date: Thu, 4 Apr 2024 17:01:42 +0200 Subject: [PATCH 64/69] rework the playbook --- .gitignore | 3 - ansible/.gitignore | 2 + ansible/README.MD | 147 ++-------- ansible/ansible.cfg | 7 +- ansible/bootstrap-ostree.yaml | 77 ++++++ ansible/build.yaml | 252 ++++++++++++++++++ ansible/files/edge-installer.toml | 6 + .../minimal.toml} | 0 ansible/group_vars/all/config.yaml | 4 + ansible/playbooks/blueprint_preparation.yaml | 102 ------- ansible/playbooks/build_RPMS.yaml | 80 ------ ansible/playbooks/full_play.yaml | 7 - ansible/playbooks/gen_iso_image.yaml | 46 ---- ansible/playbooks/initial_ostree.yaml | 67 ----- ansible/playbooks/kickstart.yaml | 66 ----- ansible/playbooks/ostree_construction.yaml | 69 ----- ansible/playbooks/repo_creation.yaml | 71 ----- ansible/prerequisites.yaml | 148 ++++++++++ ansible/requirements.yaml | 4 + ansible/templates/kiosk.ks.j2 | 88 ++++++ ansible/templates/kiosk.toml.j2 | 46 ++++ 21 files changed, 648 insertions(+), 644 deletions(-) create mode 100644 ansible/.gitignore create mode 100755 ansible/bootstrap-ostree.yaml create mode 100644 ansible/build.yaml create mode 100644 ansible/files/edge-installer.toml rename ansible/{blueprints/blueprint_example.toml => files/minimal.toml} (100%) create mode 100644 ansible/group_vars/all/config.yaml delete mode 100644 ansible/playbooks/blueprint_preparation.yaml delete mode 100644 ansible/playbooks/build_RPMS.yaml delete mode 100644 ansible/playbooks/full_play.yaml delete mode 100644 ansible/playbooks/gen_iso_image.yaml delete mode 100755 ansible/playbooks/initial_ostree.yaml delete mode 100644 ansible/playbooks/kickstart.yaml delete mode 100644 ansible/playbooks/ostree_construction.yaml delete mode 100644 ansible/playbooks/repo_creation.yaml create mode 100644 ansible/prerequisites.yaml create mode 100644 ansible/requirements.yaml create mode 100644 ansible/templates/kiosk.ks.j2 create mode 100644 ansible/templates/kiosk.toml.j2 diff --git a/.gitignore b/.gitignore index 7848b25..722d5e7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1 @@ -ansible/inventory.yaml .vscode -ansible/credentials.yaml -ansible/config.yaml \ No newline at end of file diff --git a/ansible/.gitignore b/ansible/.gitignore new file mode 100644 index 0000000..9b14a9f --- /dev/null +++ b/ansible/.gitignore @@ -0,0 +1,2 @@ +inventory.yaml +vault.yaml diff --git a/ansible/README.MD b/ansible/README.MD index 32ad91f..82942b7 100644 --- a/ansible/README.MD +++ b/ansible/README.MD @@ -14,158 +14,41 @@ Microshift pre-requisites : - RHEL 9.2 or 9.3 - LVM volume group (VG) with unused space -## Install Pre-requisites +## Pre-requisites on the target machine ```sh sudo subscription-manager register --username $RHN_LOGIN --auto-attach sudo subscription-manager attach --pool=$RHN_POOL_ID -sudo dnf install -y osbuild-composer composer-cli cockpit-composer git firewalld python3-toml -sudo systemctl enable --now osbuild-composer.socket -sudo systemctl enable --now firewalld -sudo systemctl enable --now cockpit.socket -sudo systemctl restart osbuild-composer -sudo usermod -a -G weldr "$(id -un)" ``` -Check that **os-composer** is working. - -``` -$ source /etc/bash_completion.d/composer-cli -$ composer-cli status show -API server status: - Database version: 0 - Database supported: true - Schema version: 0 - API version: 1 - Backend: osbuild-composer - Build: NEVRA:osbuild-composer-88.3-1.el9_3.x86_64 - -$ composer-cli sources list -appstream -baseos -``` - -## Create the container image +## Ansible Config -Install podman and buildah. +Create a `inventory.yaml` file inside the ansible folder or define the inventory path inside the `ansible.cfg` file -```sh -sudo dnf install -y podman buildah -``` +Update `config.yaml` in `ansible/group_vars/all/` to match your environment. -Define the target image properties. +Create an ansible vault named `vault.yaml` in `ansible/group_vars/all/` with the following content. -```sh -REGISTRY="quay.io" -IMAGE_NAME="nmasse_itix/kiosk-app" -IMAGE_TAG="latest" +```yaml +blueprint_admin_password_hash: # Generate one with "mkpasswd -m bcrypt" +kickstart_microshift_pull_secret: # Generate one on https://console.redhat.com/openshift/install/pull-secret ``` -Build and push the image to the registry. +Install the required collections. ```sh -cd "$GIT_REPO_CLONE/application" -podman build -t localhost/kiosk-app:latest . -podman login "$REGISTRY" -podman tag localhost/kiosk-app:latest "$REGISTRY/$IMAGE_NAME:$IMAGE_TAG" -podman push "$REGISTRY/$IMAGE_NAME:$IMAGE_TAG" +ansible-galaxy collection install -r requirements.yaml ``` -## Nginx configuration - -Install and configure nginx. +## Prepare the target machine ```sh -sudo dnf install -y nginx -sudo systemctl enable --now nginx.service -sudo firewall-cmd --permanent --add-port={80/tcp,443/tcp} -sudo firewall-cmd --reload -sudo mkdir -p /var/www -sudo restorecon -Rv /var/www -sudo sed -i.${EPOCHREALTIME:-bak} 's|/usr/share/nginx/html|/var/www|g' /etc/nginx/nginx.conf -sudo systemctl restart nginx.service +ansible-playbook prerequisites.yaml +ansible-playbook bootstrap-ostree.yaml ``` -Find the IP address of the current server. +## Regular builds ```sh -MYIP="$(ip -4 -br addr show scope global | awk 'NR == 1 { split($3, parts, "/"); print parts[1]; }')" -``` -## Ansible Config - -Create a `inventory.yaml` file inside the ansible folder or define the inventory path inside the `ansible.cfg` file - -Create a `config.yaml` file inside the ansible folder following this model: -```yaml -blueprint: #name of the blueprint you want to use from the ansible/bluprint folder. EXAMPLE blueprint: blueprint_example.toml -repo_location: #EXAMPLE repo_location: /opt/custom-rpms/ -ADMIN_SSH_PUBLIC_KEY: # ssh-rsa AA... -ADMIN_PASSWORD: -MICROSHIFT_PULL_SECRET: # Generate one on https://console.redhat.com/openshift/install/pull-secret -``` - -## Run all the Ansible files -To run all of the ansible files, use the following command: -``` -ansible-playbook playbooks/full_play.yaml -``` - - -## Create the initial ostree repo - - -Add blueprint file into the blueprint folder or use the `blueprint_example.toml` -The blueprint use in this opperation is define in `config.yaml` as `blueprint:` - -Create the initial ostree repo using `blueprint_example.toml` use the following command: -``` -ansible-playbook playbooks/initial_ostree.yaml +ansible-playbook build.yaml ``` - - -## Build the RPMS - -To build RPM for kiosk-config, microshift-manifests and Google Chrome, run the `build_RPMS.yaml` playbook -``` -ansible-playbook playbooks/build_RPMS.yaml -``` - -## Repository Creation -To build a repository containing the RPMS we created, run the `repo_creation.yaml` playbook -The directory where the repo is created is define in `config.yaml` as `repo_location:` - -To start the build, run : -``` -ansible-playbook playbooks/repo_creation.yaml -``` - - -## Blueprint preparation - -To work properly, this playbook needs the property `ADMIN_SSH_PUBLIC_KEY` and `ADMIN_PASSWORD` to be define in `config.yaml` - -To start the build, run : -``` -ansible-playbook playbooks/blueprint_preparation.yaml -``` - -## Ostree construction - -Create the ostree image and add it to the ostree repository with `ref = rhel/9/x86_64/edge-kiosk` by using the following playbook : -``` -ansible-playbook playbooks/ostree_construction.yaml -``` - -## Generate the Installer ISO image - -Generate the ISO image of the installer by using the following playbook : -``` -ansible-playbook playbooks/gen_iso_image.yaml -``` - -## Prepare & inject the Kickstart script -Prepare & inject the Kisckstart script and create the final kiosk.iso, use the followin playbook : -``` -ansible-playbook playbooks/kickstart.yaml -``` - diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg index ece41cd..5509ce7 100644 --- a/ansible/ansible.cfg +++ b/ansible/ansible.cfg @@ -1,2 +1,7 @@ [defaults] -inventory= inventory.yaml +# Use the provided inventory +inventory = inventory.yaml + +# To get the vault password from the KDE Wallet +vault_identity_list = itix@/home/nmasse/local/bin/get-vault-password + diff --git a/ansible/bootstrap-ostree.yaml b/ansible/bootstrap-ostree.yaml new file mode 100755 index 0000000..b5e1d33 --- /dev/null +++ b/ansible/bootstrap-ostree.yaml @@ -0,0 +1,77 @@ +- name: Create the initial ostree repo + hosts: all + become: false + tasks: + - name: Read blueprint + register: results + args: + executable: /usr/bin/python3 + stdin: "{{ lookup('ansible.builtin.file', playbook_dir ~ '/files/minimal.toml') }}" + shell: | + import toml + import json + import sys + str=sys.stdin.read() + obj=toml.loads(str) + print(json.dumps(obj)) + delegate_to: localhost + become: false + changed_when: false + + - set_fact: + blueprint_name: '{{ blueprint_object.name }}' + vars: + blueprint_object: '{{ results.stdout | from_json }}' + + - name: Push blueprint + infra.osbuild.push_blueprint: + blueprint: "{{ lookup('ansible.builtin.file', playbook_dir ~ '/files/minimal.toml') }}" + + - name: Start ostree compose + infra.osbuild.start_compose: + blueprint: "{{ blueprint_name }}" + allow_duplicate: true + compose_type: edge-commit + timeout: "{{ compose_timeout }}" + register: builder_compose_start_out + + - ansible.builtin.set_fact: + compose_id: "{{ builder_compose_start_out['result']['body']['build_id'] }}" + + - name: Wait for compose to finish + infra.osbuild.wait_compose: + compose_id: "{{ compose_id }}" + timeout: 3600 + + - ansible.builtin.tempfile: + state: directory + suffix: build + register: tmp + + - name: Export the compose artifact + infra.osbuild.export_compose: # noqa only-builtins + compose_id: "{{ compose_id }}" + dest: "{{ tmp.path }}/{{ compose_id }}.tar" + + - name: Clear directory /var/www/repo + ansible.builtin.file: + path: "{{ www_location }}/repo" + state: absent + + - name: Extract compose artifact into /var/www/repo + ansible.builtin.unarchive: + src: "{{ tmp.path }}/{{ compose_id }}.tar" + dest: "{{ www_location }}" + remote_src: true + become: true + + - name: Create an empty tree + ansible.builtin.file: + path: "{{ tmp.path }}/empty-tree" + mode: '0755' + state: directory + become: true + + - name: Create an empty commit + ansible.builtin.shell: "ostree --repo={{ www_location }}/repo commit -b 'empty' --tree=dir={{ tmp.path }}/empty-tree" + become: true diff --git a/ansible/build.yaml b/ansible/build.yaml new file mode 100644 index 0000000..3f5f89d --- /dev/null +++ b/ansible/build.yaml @@ -0,0 +1,252 @@ +- name: Build the Kiosk images + hosts: all + become: false + tasks: + - name: Checkout the git repo + ansible.builtin.git: + repo: 'https://github.com/nmasse-itix/red-hat-kiosk.git' + dest: "{{ ansible_user_dir }}/red-hat-kiosk" + update: yes + clone: yes + + ## + ## RPM construction + ## + + - debug: + msg: "Starting RPM build..." + + - name: Ensure ~/rpmbuild is a symbolic link + ansible.builtin.file: + src: "{{ ansible_user_dir }}/red-hat-kiosk/rpms" + dest: "{{ ansible_user_dir }}/rpmbuild" + state: link + + - name: Build the kiosk-config RPMS + ansible.builtin.shell: | + spectool -g -R {{ ansible_user_dir }}/rpmbuild/SPECS/kiosk-config.spec + rpmbuild -ba {{ ansible_user_dir }}/rpmbuild/SPECS/kiosk-config.spec + + - name: Build the microshift-manifests RPM + ansible.builtin.shell: | + spectool -g -R {{ ansible_user_dir }}/rpmbuild/SPECS/microshift-manifests.spec + rpmbuild -ba {{ ansible_user_dir }}/rpmbuild/SPECS/microshift-manifests.spec + + - name: Ensure the VENDOR directory exists + ansible.builtin.file: + path: "{{ ansible_user_dir }}/rpmbuild/VENDOR" + state: directory + mode: '0755' + + - name: Download Google Chrome RPM + ansible.builtin.get_url: + url: https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm + dest: "{{ ansible_user_dir }}/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm" + + - name: Rebuild the Google Chrome RPM + ansible.builtin.shell: | + set -Eeuo pipefail + rpmrebuild -s {{ ansible_user_dir }}/rpmbuild/SPECS/google-chrome-stable.spec -p {{ ansible_user_dir }}/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm + RPM=$(rpm -q {{ ansible_user_dir }}/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm) + mkdir -p {{ ansible_user_dir }}/rpmbuild/BUILDROOT/$RPM/ + rpm2cpio {{ ansible_user_dir }}/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm | cpio -idmv -D {{ ansible_user_dir }}/rpmbuild/BUILDROOT/$RPM/ + mv {{ ansible_user_dir }}/rpmbuild/BUILDROOT/$RPM/opt/google/ {{ ansible_user_dir }}/rpmbuild/BUILDROOT/$RPM/usr/bin/ + cd {{ ansible_user_dir }}/rpmbuild/BUILDROOT/$RPM/usr/bin/ + rm -f google-chrome-stable + ln -s google/chrome/google-chrome google-chrome-stable + ln -s google/chrome/google-chrome chrome + sed -i.${EPOCHREALTIME:-bak} 's|/opt/google|/usr/bin/google|g' {{ ansible_user_dir }}/rpmbuild/SPECS/google-chrome-stable.spec + rpmbuild -bb {{ ansible_user_dir }}/rpmbuild/SPECS/google-chrome-stable.spec + args: + executable: /bin/bash + register: rebuild_result + failed_when: rebuild_result.rc != 0 + + - name: Get built RPMS + ansible.builtin.find: + path: "{{ ansible_user_dir }}/rpmbuild/RPMS/x86_64/" + patterns: "*.rpm" + register: build_rpms + + - name: Extract filenames from paths of built RPMs + ansible.builtin.set_fact: + rpm_filenames: "{{ build_rpms.files | map(attribute='path') | list }}" + + - name: Copy RPMs to the repository location + ansible.builtin.copy: + src: '{{ item }}' + dest: "{{ repo_location }}" + owner: root + group: root + mode: '0644' + remote_src: yes + loop: '{{ rpm_filenames }}' + loop_control: + label: "{{ item | basename }}" + become: true + + - name: Update the repository with createrepo + become: true + ansible.builtin.command: + cmd: "createrepo {{ repo_location }}" + + - name: Clean dnf cache + become: true + ansible.builtin.command: + cmd: dnf clean all + + ## + ## Ostree construction + ## + + - debug: + msg: "Starting ostree build..." + + - name: Parse blueprint + register: results + args: + executable: /usr/bin/python3 + stdin: "{{ lookup('ansible.builtin.template', 'kiosk.toml.j2') }}" + shell: | + import toml + import json + import sys + str=sys.stdin.read() + obj=toml.loads(str) + print(json.dumps(obj)) + become: false + changed_when: false + + - set_fact: + blueprint_name: '{{ blueprint_object.name }}' + vars: + blueprint_object: '{{ results.stdout | from_json }}' + + - name: Push Blueprint + infra.osbuild.push_blueprint: + blueprint: "{{ lookup('ansible.builtin.template', 'kiosk.toml.j2') }}" + + - name: Start ostree compose + infra.osbuild.start_compose: + blueprint: "{{ blueprint_name }}" + allow_duplicate: true + compose_type: edge-commit + ostree_ref: "rhel/9/{{ ansible_facts['userspace_architecture'] }}/edge-kiosk" + ostree_parent: "rhel/9/{{ ansible_facts['userspace_architecture'] }}/edge" + ostree_url: http://{{ ansible_default_ipv4.address }}/repo + timeout: "{{ compose_timeout }}" + register: builder_compose_start_out + + - ansible.builtin.set_fact: + compose_id: "{{ builder_compose_start_out['result']['body']['build_id'] }}" + + - name: Wait for compose to finish + infra.osbuild.wait_compose: + compose_id: "{{ compose_id }}" + timeout: 3600 + + - ansible.builtin.tempfile: + state: directory + suffix: build + register: tmp + + - name: Export the compose artifact + infra.osbuild.export_compose: # noqa only-builtins + compose_id: "{{ compose_id }}" + dest: "{{ tmp.path }}/{{ compose_id }}.tar" + + - name: Create commit directory + ansible.builtin.file: + path: "{{ tmp.path }}/{{ compose_id }}" + mode: '0755' + state: directory + + - name: Extract compose artifact + ansible.builtin.unarchive: + src: "{{ tmp.path }}/{{ compose_id }}.tar" + dest: "{{ tmp.path }}/{{ compose_id }}" + remote_src: true + + - name: Pull local ostree repository + ansible.builtin.shell: ostree --repo={{ www_location }}/repo pull-local "{{ tmp.path }}/{{ compose_id }}/repo" + become: true + + ## + ## ISO Construction + ## + + - debug: + msg: "Starting ISO build..." + + - name: Read blueprint + register: results + args: + executable: /usr/bin/python3 + stdin: "{{ lookup('ansible.builtin.file', playbook_dir ~ '/files/edge-installer.toml') }}" + shell: | + import toml + import json + import sys + str=sys.stdin.read() + obj=toml.loads(str) + print(json.dumps(obj)) + delegate_to: localhost + become: false + changed_when: false + + - set_fact: + blueprint_name: '{{ blueprint_object.name }}' + vars: + blueprint_object: '{{ results.stdout | from_json }}' + + - name: Push blueprint + infra.osbuild.push_blueprint: + blueprint: "{{ lookup('ansible.builtin.file', playbook_dir ~ '/files/edge-installer.toml') }}" + + - name: Start ostree compose + infra.osbuild.start_compose: + blueprint: "{{ blueprint_name }}" + allow_duplicate: true + compose_type: edge-installer + ostree_ref: empty + ostree_url: http://{{ ansible_default_ipv4.address }}/repo + timeout: "{{ compose_timeout }}" + register: builder_compose_start_out + + - ansible.builtin.set_fact: + compose_id: "{{ builder_compose_start_out['result']['body']['build_id'] }}" + + - name: Wait for compose to finish + infra.osbuild.wait_compose: + compose_id: "{{ compose_id }}" + timeout: 3600 + + - ansible.builtin.tempfile: + state: directory + suffix: build + register: tmp + + - name: Export the compose artifact + infra.osbuild.export_compose: # noqa only-builtins + compose_id: "{{ compose_id }}" + dest: "{{ tmp.path }}/{{ compose_id }}.iso" + + - name: Create kiosk.ks from template + ansible.builtin.template: + src: "kiosk.ks.j2" + dest: "{{ tmp.path }}/kiosk.ks" + + - name: Validate kiosk.ks using ksvalidator + ansible.builtin.command: + cmd: "ksvalidator {{ tmp.path }}/kiosk.ks" + + - name: Create new kiosk.iso file + ansible.builtin.command: + cmd: "mkksiso -r 'inst.ks' --ks {{ tmp.path }}/kiosk.ks {{ tmp.path }}/{{ compose_id }}.iso {{ tmp.path }}/kiosk.iso" + + - name: Copy new ISO to /var/www + copy: + src: "{{ tmp.path }}/kiosk.iso" + dest: "{{ www_location }}/kiosk.iso" + remote_src: true + become: true diff --git a/ansible/files/edge-installer.toml b/ansible/files/edge-installer.toml new file mode 100644 index 0000000..8364105 --- /dev/null +++ b/ansible/files/edge-installer.toml @@ -0,0 +1,6 @@ +name = "edge-installer" +description = "" +version = "0.0.0" +modules = [] +groups = [] +packages = [] diff --git a/ansible/blueprints/blueprint_example.toml b/ansible/files/minimal.toml similarity index 100% rename from ansible/blueprints/blueprint_example.toml rename to ansible/files/minimal.toml diff --git a/ansible/group_vars/all/config.yaml b/ansible/group_vars/all/config.yaml new file mode 100644 index 0000000..6e75911 --- /dev/null +++ b/ansible/group_vars/all/config.yaml @@ -0,0 +1,4 @@ +repo_location: /opt/custom-rpms +blueprint_admin_ssh_public_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFW62WJXI1ZCMfNA4w0dMpL0fsldhbEfULNGIUB0nQui nmasse@localhost.localdomain +www_location: /var/www +compose_timeout: 300 diff --git a/ansible/playbooks/blueprint_preparation.yaml b/ansible/playbooks/blueprint_preparation.yaml deleted file mode 100644 index bea6b0f..0000000 --- a/ansible/playbooks/blueprint_preparation.yaml +++ /dev/null @@ -1,102 +0,0 @@ -- name: Create the initial ostree repo - hosts: all - vars_files: ../credentials.yaml - tasks: - - name: Extract userspace architecture - ansible.builtin.set_fact: - userspace_arch: "{{ ansible_facts['userspace_architecture']}}" - - name: Enable required rhocp repositories using subscription-manager - become: true - ansible.builtin.command: - cmd: "sudo subscription-manager repos --enable rhocp-4.14-for-rhel-9-{{ userspace_arch }}-rpms --enable fast-datapath-for-rhel-9-{{ userspace_arch }}-rpms" - - name: Get information about the microshift package - ansible.builtin.command: - cmd: "dnf info microshift" - register: microshift_info - - - name: Display microshift package information - ansible.builtin.debug: - var: microshift_info.stdout_lines - - - name: Install mkpasswd and podman packages - become: true - ansible.builtin.dnf: - name: - - mkpasswd - - podman - state: present - - - name: Generate bcrypt hash of the admin password - command: mkpasswd -m bcrypt "{{ ADMIN_PASSWORD }}" - register: admin_password_hash - changed_when: false - - - name: Set admin password in kiosk.toml - ansible.builtin.lineinfile: - path: "{{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.toml" - regexp: '^password =.*$' - line: 'password = "{{ ADMIN_PASSWORD }}"' - backrefs: yes - - - name: Set admin SSH public key in kiosk.toml - ansible.builtin.lineinfile: - path: "{{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.toml" - regexp: '^key =.*$' - line: 'key = "{{ ADMIN_SSH_PUBLIC_KEY }}"' - backrefs: yes - - - - name: Add custom packages source to composer - ansible.builtin.shell: | - echo " - check_gpg = false - check_ssl = false - id = 'custom' - name = 'custom packages for RHEL' - system = false - type = 'yum-baseurl' - url = 'file://{{ repo_location }}' - " | composer-cli sources add /dev/stdin - - - name: Add RH OCP 4.14 source to composer - ansible.builtin.shell: | - echo " - id = 'rhocp-4.14' - name = 'Red Hat OpenShift Container Platform 4.14 for RHEL 9' - type = 'yum-baseurl' - url = 'https://cdn.redhat.com/content/dist/layered/rhel9/{{ ansible_architecture }}/rhocp/4.14/os' - check_gpg = true - check_ssl = true - system = false - rhsm = true - " | composer-cli sources add /dev/stdin - - - name: Add Fast Datapath source to composer - ansible.builtin.shell: | - echo " - id = 'fast-datapath' - name = 'Fast Datapath for RHEL 9' - type = 'yum-baseurl' - url = 'https://cdn.redhat.com/content/dist/layered/rhel9/{{ ansible_architecture }}/fast-datapath/os' - check_gpg = true - check_ssl = true - system = false - rhsm = true - " | composer-cli sources add /dev/stdin - - - name: Add EPEL source to composer - ansible.builtin.shell: | - echo " - id = 'epel' - name = 'Extra Packages for Enterprise Linux' - type = 'yum-baseurl' - url = 'http://mirror.in2p3.fr/pub/epel/9/Everything/{{ ansible_architecture }}/' - check_gpg = false - check_ssl = false - system = false - rhsm = false - " | composer-cli sources add /dev/stdin - - - name: Push Blueprint - infra.osbuild.push_blueprint: - src: "{{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.toml" diff --git a/ansible/playbooks/build_RPMS.yaml b/ansible/playbooks/build_RPMS.yaml deleted file mode 100644 index ee8f24d..0000000 --- a/ansible/playbooks/build_RPMS.yaml +++ /dev/null @@ -1,80 +0,0 @@ -- name: Build the RPMS - hosts: all - tasks: - - name: Install EPEL release package - become: true - ansible.builtin.dnf: - name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm - state: present - disable_gpg_check: true - - name: Install software - become: true - ansible.builtin.dnf: - name: - - git - - rpm-build - - rpmdevtools - - rpmrebuild - state: present - - name: Install rpmrebuild - become: true - ansible.builtin.yum: - name: rpmrebuild - state: present - - name: Clear directory $HOME/rpmbuild - ansible.builtin.file: - path: "{{ ansible_env.HOME }}/rpmbuild" - state: absent - - name: Clear symbolic link between - ansible.builtin.file: - src: "{{ ansible_env.HOME }}/red-hat-kiosk/rpms" - dest: "{{ ansible_env.HOME }}/rpmbuild" - state: link - - name: Build the kiosk-config RPMS - ansible.builtin.shell: - spectool -g -R $HOME/rpmbuild/SPECS/kiosk-config.spec | - rpmbuild -ba $HOME/rpmbuild/SPECS/kiosk-config.spec - - name: Build the microshift-manifests RPM - ansible.builtin.shell: - spectool -g -R $HOME/rpmbuild/SPECS/microshift-manifests.spec | - rpmbuild -ba $HOME/rpmbuild/SPECS/microshift-manifests.spec - - name: Ensure the VENDOR directory exists - ansible.builtin.file: - path: "{{ ansible_env.HOME }}/rpmbuild/VENDOR" - state: directory - mode: '0755' - - name: Download Google Chrome RPM - ansible.builtin.get_url: - url: https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm - dest: "{{ ansible_env.HOME }}/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm" - - name: Rebuild the Google Chrome RPM - ansible.builtin.shell: | - set -Eeuo pipefail - rpmrebuild -s {{ ansible_env.HOME }}/rpmbuild/SPECS/google-chrome-stable.spec -p {{ ansible_env.HOME }}/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm - RPM=$(rpm -q {{ ansible_env.HOME }}/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm) - mkdir -p {{ ansible_env.HOME }}/rpmbuild/BUILDROOT/$RPM/ - rpm2cpio {{ ansible_env.HOME }}/rpmbuild/VENDOR/google-chrome-stable_current_x86_64.rpm | cpio -idmv -D {{ ansible_env.HOME }}/rpmbuild/BUILDROOT/$RPM/ - mv {{ ansible_env.HOME }}/rpmbuild/BUILDROOT/$RPM/opt/google/ {{ ansible_env.HOME }}/rpmbuild/BUILDROOT/$RPM/usr/bin/ - cd {{ ansible_env.HOME }}/rpmbuild/BUILDROOT/$RPM/usr/bin/ - rm -f google-chrome-stable - ln -s google/chrome/google-chrome google-chrome-stable - ln -s google/chrome/google-chrome chrome - sed -i.${EPOCHREALTIME:-bak} 's|/opt/google|/usr/bin/google|g' {{ ansible_env.HOME }}/rpmbuild/SPECS/google-chrome-stable.spec - rpmbuild -bb {{ ansible_env.HOME }}/rpmbuild/SPECS/google-chrome-stable.spec - args: - executable: /bin/bash - register: rebuild_result - failed_when: rebuild_result.rc != 0 - - - name: Get build RMPS - ansible.builtin.find: - path: "{{ ansible_env.HOME }}/rpmbuild/RPMS/x86_64/" - register: build_rpms - - - name: Extract filenames from paths of built RPMs - ansible.builtin.set_fact: - rpm_filenames: "{{ build_rpms.files | map(attribute='path') | map('basename') | list }}" - - - name: List build RMPS - ansible.builtin.debug: - msg: "{{ rpm_filenames }}" diff --git a/ansible/playbooks/full_play.yaml b/ansible/playbooks/full_play.yaml deleted file mode 100644 index 301b0fe..0000000 --- a/ansible/playbooks/full_play.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- import_playbook: initial_ostree.yaml -- import_playbook: build_RPMS.yaml -- import_playbook: repo_creation.yaml -- import_playbook: ostree_construction.yaml -- import_playbook: gen_iso_image.yaml -- import_playbook: kickstart.yaml \ No newline at end of file diff --git a/ansible/playbooks/gen_iso_image.yaml b/ansible/playbooks/gen_iso_image.yaml deleted file mode 100644 index a0a654a..0000000 --- a/ansible/playbooks/gen_iso_image.yaml +++ /dev/null @@ -1,46 +0,0 @@ -- name: Generate the Installer ISO image - hosts: all - vars_files: ../credentials.yaml - tasks: - - name: Clear /tmp/microshift_bluprint.toml - ansible.builtin.file: - path: /tmp/microshift_bluprint.toml - state: absent - - name: Create /tmp/microshift_bluprint.toml - ansible.builtin.file: - path: /tmp/microshift_bluprint.toml - state: touch - mode: "0755" - - name: Write blueprint content to /tmp/microshift_bluprint file - ansible.builtin.copy: - dest: "/tmp/microshift_blueprint.toml" - content: | - name = "microshift-installer" - - description = "" - version = "0.0.0" - modules = [] - groups = [] - packages = [] - become: true - - - - name: Push Blueprint - infra.osbuild.push_blueprint: - src: "/tmp/microshift_blueprint.toml" - - - name: Start OSTree Compose - ansible.builtin.shell: - cmd: composer-cli compose start-ostree --url http://{{ ansible_default_ipv4.address }}/repo --ref empty microshift-installer edge-installer | awk '{print $2}' - register: build_id - - - - name: Wait for compose to finish - infra.osbuild.wait_compose: - compose_id: "{{build_id.stdout_lines | first}}" - timeout: 3600 - - - name: Export the compose artifact to /tmp/commit - infra.osbuild.export_compose: # noqa only-builtins - compose_id: "{{ build_id.stdout_lines | first }}" - dest: /{{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/installer.iso diff --git a/ansible/playbooks/initial_ostree.yaml b/ansible/playbooks/initial_ostree.yaml deleted file mode 100755 index 3c0f1f5..0000000 --- a/ansible/playbooks/initial_ostree.yaml +++ /dev/null @@ -1,67 +0,0 @@ -- name: Create the initial ostree repo - hosts: all - become: true - vars_files: ../config.yaml - tasks: - - name: Create Blueprint /tmp/blueprints repo - ansible.builtin.file: - path: /tmp/blueprints - mode: '0755' - state: directory - - name: Copy Blueprint file to /tmp/blueprints - ansible.builtin.copy: - src: "{{ playbook_dir }}/../blueprints/{{ blueprint }}" - dest: /tmp/blueprints/blueprint.toml - mode: '0755' - - name: Reading Blueprint file - ansible.builtin.slurp: - src: /tmp/blueprints/blueprint.toml - register: toml_file_content - - name: Getting Blueprint Name - ansible.builtin.shell: "echo '{{ toml_file_content.content | b64decode }}' | python -c 'import sys, toml; print(toml.loads(sys.stdin.read())[\"name\"])'" - register: blueprint_name - - name: Push Blueprint - infra.osbuild.push_blueprint: - src: "/tmp/blueprints/blueprint.toml" - - name: Start ostree compose - infra.osbuild.start_compose: - blueprint: "{{ blueprint_name.stdout }}" - allow_duplicate: true - register: builder_compose_start_out - - name: Wait for compose to finish - infra.osbuild.wait_compose: - compose_id: "{{ builder_compose_start_out['result']['body']['build_id'] }}" - timeout: 3600 - - name: Create /tmp/images repo - ansible.builtin.file: - path: /tmp/images/ - mode: '0755' - state: directory - - name: Export the compose artifact to /tmp/images - infra.osbuild.export_compose: # noqa only-builtins - compose_id: "{{ builder_compose_start_out['result']['body']['build_id'] }}" - dest: /tmp/images/{{ builder_compose_start_out['result']['body']['build_id'] }}.tar - - name: Clear directory /var/www/repo - ansible.builtin.file: - path: /var/www/repo - state: absent - - name: Extract compose artifact into /var/www/repo - ansible.builtin.unarchive: - src: /tmp/images/{{ builder_compose_start_out['result']['body']['build_id'] }}.tar - dest: /var/www/ - remote_src: true - - name: adding /var/www/repo to OSTree - ansible.builtin.shell: "ostree --repo=/var/www/repo refs" - - name: Create /tmp/empty-tree repo - ansible.builtin.file: - path: /tmp/empty-tree - mode: '0755' - state: directory - - name: optimizing OSTree - ansible.builtin.shell: "ostree --repo=/var/www/repo commit -b 'empty' --tree=dir=/tmp/empty-tree" - - name: adding /var/www/repo to OSTree - ansible.builtin.shell: "ostree --repo=/var/www/repo refs" - - name: Clear directory /tmp/images/ - ansible.builtin.file: - path: /tmp/images/ - state: absent diff --git a/ansible/playbooks/kickstart.yaml b/ansible/playbooks/kickstart.yaml deleted file mode 100644 index 9e1e1a6..0000000 --- a/ansible/playbooks/kickstart.yaml +++ /dev/null @@ -1,66 +0,0 @@ -- name: Create kickstart - hosts: all - vars_files: ../config.yaml - tasks: - - name : Remove existing kiosk.ks - ansible.builtin.file: - path: "{{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.ks" - state: absent - - - name : Remove existing kiosk.ios - ansible.builtin.file: - path: "{{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.ios" - state: absent - - - name: Copy fresh kiosk.ks - ansible.builtin.copy: - src: "{{ playbook_dir }}/../../imagebuilder/kiosk.ks" - dest: "{{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.ks" - mode: '0755' - - - name: Set repo adress - ansible.builtin.lineinfile: - path: "{{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.ks" - regexp: '--url=http://__MYIP__/repo' - line: 'ostreesetup --nogpg --osname=rhel --remote=edge --url=http://{{ ansible_default_ipv4.address }} --ref=rhel/9/x86_64/edge-kiosk' - backrefs: true - - - name: Set MICROSHIFT_PULL_SECRET - ansible.builtin.lineinfile: - path: "{{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.ks" - regexp: '__MICROSHIFT_PULL_SECRET__' - line: "{{ MICROSHIFT_PULL_SECRET }}" - - - name: Install lorax & pykickstart packages - become: true - ansible.builtin.dnf: - state: present - name: - - lorax - - pykickstart - - - name: Validate kiosk.ks using ksvalidator - ansible.builtin.command: - cmd: "ksvalidator {{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.ks" - register: ksvalidator_output - ignore_errors: yes - - - name: Output error message if ksvalidator fails - ansible.builtin.debug: - msg: "{{ ksvalidator_output.stderr_lines }}" - when: ksvalidator_output is failed - - - name: Remove existing kiosk.ios - ansible.builtin.file: - path: "/{{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.iso" - state: absent - - - name: Create new kiosk.ios file - ansible.builtin.command: - cmd: "mkksiso -r 'inst.ks' --ks {{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.ks '{{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/installer.iso' {{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/kiosk.iso" - register: mkksiso_output - - - name: Remove installer.iso - ansible.builtin.file: - path: "{{ ansible_env.HOME }}/red-hat-kiosk/imagebuilder/installer.iso" - state: absent diff --git a/ansible/playbooks/ostree_construction.yaml b/ansible/playbooks/ostree_construction.yaml deleted file mode 100644 index 6fe9fde..0000000 --- a/ansible/playbooks/ostree_construction.yaml +++ /dev/null @@ -1,69 +0,0 @@ -- name: Create the initial ostree repo - hosts: all - vars_files: ../credentials.yaml - tasks: - - name: Solve dependencies for the blueprint - ansible.builtin.command: composer-cli blueprints depsolve kiosk - - - name: Start OSTree Compose - ansible.builtin.shell: - cmd: composer-cli compose start-ostree kiosk edge-commit --url http://{{ ansible_default_ipv4.address }}/repo --ref "rhel/9/{{ ansible_architecture }}/edge-kiosk" --parent "rhel/9/{{ ansible_architecture }}/edge" | awk '{print $2}' - register: build_id - - - name: Wait for compose to finish - infra.osbuild.wait_compose: - compose_id: "{{build_id.stdout_lines | first}}" - timeout: 3600 - - - - name: Create /tmp/commit repo - ansible.builtin.file: - path: /tmp/commit/ - mode: '0755' - state: directory - - - name: Export the compose artifact to /tmp/commit - infra.osbuild.export_compose: # noqa only-builtins - compose_id: "{{ build_id.stdout_lines | first }}" - dest: /tmp/commit/{{ build_id.stdout_lines | first }}.tar - - - name: Create /tmp/commit/ID repo - ansible.builtin.file: - path: /tmp/commit/{{ build_id.stdout_lines | first }} - mode: '0755' - state: directory - - - - name: Extract compose artifact into /tmp/commit/ID - ansible.builtin.unarchive: - src: /tmp/commit/{{ build_id.stdout_lines | first }}.tar - dest: /tmp/commit/{{ build_id.stdout_lines | first }} - remote_src: true - - - name: Pull local ostree repository - become: true - ansible.builtin.shell: ostree --repo=/var/www/repo pull-local "/tmp/commit/{{ build_id.stdout_lines | first }}/repo" - - - name: Clear /tmp/commit repo - ansible.builtin.file: - path: /tmp/commit/ - state: absent - - - name: config ostree ref - become: true - ansible.builtin.shell: ostree --repo=/var/www/repo refs - register: refs - - - name: Print refs - ansible.builtin.debug: - var: refs.stdout_lines - - - name: config ostree logs kiosk - become: true - ansible.builtin.shell: ostree --repo=/var/www/repo log rhel/9/{{ ansible_architecture }}/edge-kiosk - register: logs - - - name: Print refs - ansible.builtin.debug: - var: logs.stdout_lines - diff --git a/ansible/playbooks/repo_creation.yaml b/ansible/playbooks/repo_creation.yaml deleted file mode 100644 index 1da2d24..0000000 --- a/ansible/playbooks/repo_creation.yaml +++ /dev/null @@ -1,71 +0,0 @@ ---- -- name: Create a custom RPM repository - hosts: all - vars_files: ../config.yaml - tasks: - - name: Install createrepo package - become: true - ansible.builtin.dnf: - name: createrepo - state: present - - - name: Clear the repository directory exists - become: true - ansible.builtin.file: - path: "{{ repo_location }}" - state: absent - - - name: Old custom repo - become: true - ansible.builtin.file: - path: /etc/yum.repos.d/custom.repo - state: absent - - - name: Ensure the repository directory exists - become: true - ansible.builtin.file: - path: "{{ repo_location }}" - state: directory - mode: '0755' - - - name: Copy RPMs to the repository location - ansible.builtin.shell: sudo cp {{ ansible_env.HOME }}/rpmbuild/RPMS/x86_64/* {{ repo_location }} - - - name: Initialize the repository with createrepo - become: true - ansible.builtin.command: - cmd: "createrepo {{ repo_location }}" - - - name: Create custom repo file - become: true - ansible.builtin.lineinfile: - path: /etc/yum.repos.d/custom.repo - line: "{{ item }}" - create: true - mode: '0755' - loop: - - "[custom]" - - "name = Custom RPMS" - - "baseurl = file://{{ repo_location }}" - - "enabled = 1" - - "gpgcheck = 0" - - - name: Clean dnf cache - become: true - ansible.builtin.command: - cmd: dnf clean all - - - name: Verify packages are present - ansible.builtin.shell: - cmd: "sudo dnf list available --disablerepo='*' --enablerepo='custom' kiosk-config google-chrome-stable microshift-manifests" - register: package_info - ignore_errors: true - - - name: Verify packages are present - become: true - ansible.builtin.shell: - cmd: "dnf config-manager --enable custom" - - - name: Display package info output - ansible.builtin.debug: - var: package_info.stdout_lines \ No newline at end of file diff --git a/ansible/prerequisites.yaml b/ansible/prerequisites.yaml new file mode 100644 index 0000000..ce690b1 --- /dev/null +++ b/ansible/prerequisites.yaml @@ -0,0 +1,148 @@ +- name: Install prerequisites + hosts: all + become: true + tasks: + - community.general.rhsm_repository: + name: + - rhocp-4.14-for-rhel-9-{{ ansible_facts['userspace_architecture'] }}-rpms + - fast-datapath-for-rhel-9-{{ ansible_facts['userspace_architecture'] }}-rpms + state: enabled + + - name: Install EPEL release package + become: true + ansible.builtin.dnf: + name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm + state: present + disable_gpg_check: true + + - name: Install packages + ansible.builtin.dnf: + name: + - python3-toml + - createrepo + - git + - rpm-build + - rpmdevtools + - rpmrebuild + - mkpasswd + - podman + - buildah + - nginx + - lorax + - pykickstart + - osbuild-composer + - composer-cli + - cockpit-composer + - git + - firewalld + state: installed + + - name: Start services + ansible.builtin.systemd: + name: "{{ item }}" + enabled: yes + state: started + loop: + - osbuild-composer.socket + - firewalld.service + - cockpit.socket + - nginx.service + + - name: Adding ansible_user to the weldr group + ansible.builtin.user: + name: '{{ ansible_user | default(ansible_env.SUDO_USER) }}' + groups: weldr + append: yes + + - name: Allow HTTP and HTTPS + ansible.posix.firewalld: + service: '{{ item }}' + permanent: true + immediate: true + state: enabled + loop: + - http + - https + + - name: Ensure the ostree directory exists + become: true + ansible.builtin.file: + path: "{{ www_location }}" + state: directory + mode: '0755' + serole: object_r + setype: httpd_sys_content_t + seuser: system_u + + - name: Configure nginx + lineinfile: + path: /etc/nginx/nginx.conf + line: "root {{ www_location }};" + regexp: "^\\s*root\\s+.*;" + + - name: Restart nginx + ansible.builtin.systemd: + name: nginx.service + state: restarted + + - name: Ensure the repository directory exists + become: true + ansible.builtin.file: + path: "{{ repo_location }}" + state: directory + mode: '0755' + + - name: Update the repository with createrepo + become: true + ansible.builtin.command: + cmd: "createrepo {{ repo_location }}" + + - name: Add custom repository + ansible.builtin.yum_repository: + name: custom + file: custom + description: Custom RPMS + baseurl: file://{{ repo_location }} + enabled: true + gpgcheck: false + + - name: Add sources + infra.osbuild.repository: '{{ item }}' + loop: + - repo_name: custom packages for RHEL + type: yum-baseurl + base_url: file://{{ repo_location }} + check_gpg: false + check_ssl: false + rhsm: false + state: present + - repo_name: Red Hat OpenShift Container Platform 4.14 for RHEL 9 + type: yum-baseurl + base_url: https://cdn.redhat.com/content/dist/layered/rhel9/{{ ansible_facts['userspace_architecture'] }}/rhocp/4.14/os + check_gpg: true + check_ssl: true + rhsm: true + state: present + - repo_name: Fast Datapath for RHEL 9 + type: yum-baseurl + base_url: https://cdn.redhat.com/content/dist/layered/rhel9/{{ ansible_facts['userspace_architecture'] }}/fast-datapath/os + check_gpg: true + check_ssl: true + rhsm: true + state: present + - repo_name: Extra Packages for Enterprise Linux + type: yum-baseurl + base_url: http://mirror.in2p3.fr/pub/epel/9/Everything/{{ ansible_facts['userspace_architecture'] }}/ + check_gpg: false + check_ssl: false + rhsm: false + state: present + loop_control: + label: '{{ item.repo_name }}' + + - name: Install packages on the ansible controller + dnf: + name: + - python3-toml + state: installed + delegate_to: localhost diff --git a/ansible/requirements.yaml b/ansible/requirements.yaml new file mode 100644 index 0000000..4a8d5a8 --- /dev/null +++ b/ansible/requirements.yaml @@ -0,0 +1,4 @@ +collections: +- infra.osbuild +- community.general +- ansible.posix diff --git a/ansible/templates/kiosk.ks.j2 b/ansible/templates/kiosk.ks.j2 new file mode 100644 index 0000000..eee7d1e --- /dev/null +++ b/ansible/templates/kiosk.ks.j2 @@ -0,0 +1,88 @@ +## +## Environment setup +## + +# French I18n +lang fr_FR.UTF-8 + +# French keyboard layout +keyboard fr + +# Timezone is UTC to avoid issue with DST +timezone UTC --utc + +# Configure NTP +timesource --ntp-server=rhel.pool.ntp.org + +# Which action to perform after install: poweroff or reboot +reboot + +# Install mode: text (interactive installs) or cmdline (unattended installs) +text + +## +## Storage configuration +## + +# Clear the target disk +zerombr + +# Remove existing partitions +clearpart --all --initlabel + +# Automatically create partitions required by hardware platform +# and add a separate /boot partition +reqpart --add-boot + + +## +## Alternative partitioning on only one disk +## /dev/disk/by-path/pci-0000:00:12.0-ata-1 instead of sda when sda is taken by the usb stick +## +zerombr +clearpart --all --initlabel +reqpart --add-boot +part pv.01 --size=10240 --ondisk=/dev/disk/by-path/pci-0000:00:12.0-ata-1 +volgroup system pv.01 +logvol / --fstype="xfs" --size=1 --grow --name=root --vgname=system +part pv.02 --size=1 --grow --ondisk=/dev/disk/by-path/pci-0000:00:12.0-ata-1 +volgroup data pv.02 + +## +## Network configuration +## + +# Configure the first network device +network --bootproto=dhcp --device=enp1s0 --noipv6 --activate + +# Configure hostname +network --hostname=kiosk.localdomain + +## +## Ostree installation +## + +# Use this line if creating an Edge Installer ISO that includes a local ostree commit +#ostreesetup --nogpg --osname=rhel --remote=edge --url=file:///run/install/repo/ostree/repo --ref=rhel/9/x86_64/edge + +# Use this to fetch from a remote URL +ostreesetup --nogpg --osname=rhel --remote=edge --url=http://{{ ansible_default_ipv4.address }}/repo --ref=rhel/9/x86_64/edge-kiosk + +## +## Post install scripts +## +%post --log=/var/log/anaconda/post-install.log --erroronfail +# Add the pull secret to CRI-O and set root user-only read/write permissions +cat > /etc/crio/openshift-pull-secret << 'EOF' +{{ kickstart_microshift_pull_secret }} +EOF +chmod 600 /etc/crio/openshift-pull-secret + +# Configure the firewall with the mandatory rules for MicroShift +firewall-offline-cmd --zone=trusted --add-source=10.42.0.0/16 +firewall-offline-cmd --zone=trusted --add-source=169.254.169.1 + +# Do not ask password for sudo +sed -i.post-install -e "s/^%wheel\tALL=(ALL)\tALL/%wheel ALL=(ALL) NOPASSWD: ALL/" /etc/sudoers + +%end diff --git a/ansible/templates/kiosk.toml.j2 b/ansible/templates/kiosk.toml.j2 new file mode 100644 index 0000000..2086768 --- /dev/null +++ b/ansible/templates/kiosk.toml.j2 @@ -0,0 +1,46 @@ +name = "kiosk" +description = "Example Kiosk" +version = "0.0.8" +modules = [] +groups = [] + +[[packages]] +name = "kiosk-config" +version = "*" + +[[packages]] +name = "cockpit" + +[[packages]] +name = "microshift-manifests" +version = "*" + +[[packages]] +name = "cockpit-system" + +[customizations] +hostname = "kiosk.local" + +[customizations.services] +enabled = ["cockpit.socket", "sshd", "microshift"] + +[customizations.timezone] +timezone = "Europe/Paris" +ntpservers = ["0.fr.pool.ntp.org", "1.fr.pool.ntp.org"] + +[customizations.locale] +languages = ["fr_FR.UTF-8"] +keyboard = "fr" + +#22 ssh / 9090 cockpit / 6443 microshift +[customizations.firewall] +ports = ["22:tcp", "30000:tcp", "9090:tcp", "6443:tcp"] + +[[customizations.user]] +name = "admin" +description = "admin" +password = '{{ blueprint_admin_password_hash }}' +key = "{{ blueprint_admin_ssh_public_key }}" +home = "/home/admin/" +shell = "/usr/bin/bash" +groups = ["users", "wheel"] From 7cb7d78d2d4dc2ae83ac90fa71587ff97e026f47 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= Date: Thu, 4 Apr 2024 18:22:10 +0200 Subject: [PATCH 65/69] fix a bug with the start_compose module --- ansible/ansible.cfg | 5 +- ansible/build.yaml | 25 +- ansible/plugins/modules/README.md | 5 + ansible/plugins/modules/start_compose2.py | 339 ++++++++++++++++++++++ ansible/templates/kiosk.ks.j2 | 28 +- imagebuilder/kiosk.ks | 21 +- 6 files changed, 365 insertions(+), 58 deletions(-) create mode 100644 ansible/plugins/modules/README.md create mode 100644 ansible/plugins/modules/start_compose2.py diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg index 5509ce7..2d1ae5d 100644 --- a/ansible/ansible.cfg +++ b/ansible/ansible.cfg @@ -2,6 +2,5 @@ # Use the provided inventory inventory = inventory.yaml -# To get the vault password from the KDE Wallet -vault_identity_list = itix@/home/nmasse/local/bin/get-vault-password - +# Use a forked copy of the infra.osbuild plugins +library = plugins/modules diff --git a/ansible/build.yaml b/ansible/build.yaml index 3f5f89d..1659e3d 100644 --- a/ansible/build.yaml +++ b/ansible/build.yaml @@ -9,6 +9,11 @@ update: yes clone: yes + - ansible.builtin.tempfile: + state: directory + suffix: -build + register: tmp + ## ## RPM construction ## @@ -127,7 +132,7 @@ blueprint: "{{ lookup('ansible.builtin.template', 'kiosk.toml.j2') }}" - name: Start ostree compose - infra.osbuild.start_compose: + start_compose2: blueprint: "{{ blueprint_name }}" allow_duplicate: true compose_type: edge-commit @@ -145,11 +150,6 @@ compose_id: "{{ compose_id }}" timeout: 3600 - - ansible.builtin.tempfile: - state: directory - suffix: build - register: tmp - - name: Export the compose artifact infra.osbuild.export_compose: # noqa only-builtins compose_id: "{{ compose_id }}" @@ -204,7 +204,7 @@ blueprint: "{{ lookup('ansible.builtin.file', playbook_dir ~ '/files/edge-installer.toml') }}" - name: Start ostree compose - infra.osbuild.start_compose: + start_compose2: blueprint: "{{ blueprint_name }}" allow_duplicate: true compose_type: edge-installer @@ -221,11 +221,6 @@ compose_id: "{{ compose_id }}" timeout: 3600 - - ansible.builtin.tempfile: - state: directory - suffix: build - register: tmp - - name: Export the compose artifact infra.osbuild.export_compose: # noqa only-builtins compose_id: "{{ compose_id }}" @@ -250,3 +245,9 @@ dest: "{{ www_location }}/kiosk.iso" remote_src: true become: true + + post_tasks: + - ansible.builtin.file: + path: "{{ tmp.path }}.iso" + state: absent + when: tmp is defined diff --git a/ansible/plugins/modules/README.md b/ansible/plugins/modules/README.md new file mode 100644 index 0000000..c296fea --- /dev/null +++ b/ansible/plugins/modules/README.md @@ -0,0 +1,5 @@ +# README + +This is a modified version of the start_compose module from the repo https://github.com/redhat-cop/infra.osbuild, commit 6e3416233c84623b2edd503a4b50d15c61d6c155. + +The module has been patched to specify the ostree ref when starting a compose of type "ostree-commit". diff --git a/ansible/plugins/modules/start_compose2.py b/ansible/plugins/modules/start_compose2.py new file mode 100644 index 0000000..7280673 --- /dev/null +++ b/ansible/plugins/modules/start_compose2.py @@ -0,0 +1,339 @@ +#!/usr/bin/python +# Copyright: Red Hat Inc. +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +ANSIBLE_METADATA = { + "metadata_version": "1.1", + "status": ["preview"], + "supported_by": "community", +} + +DOCUMENTATION = """ +--- +module: start_compose2 +short_description: Start an ostree compose +description: + - Start an ostree compose +author: + - Adam Miller (@maxamillion) + - Chris Santiago (@resoluteCoder) +options: + blueprint: + description: + - Name of blueprint to iniate a build for + type: str + required: true + size: + description: + - Image size expressed in MiB + type: int + default: 0 + required: false + profile: + description: + - Path to profile toml file + type: str + default: "" + required: false + image_name: + description: + - Image name + type: str + default: "" + required: false + allow_duplicate: + description: + - Allow a duplicate version'd compose. + - (Default osbuild composer functionality is to allow duplicate composes) + type: bool + default: True + required: false + compose_type: + description: + - type of compose + type: str + default: "edge-commit" + required: false + choices: + - ami + - edge-commit + - edge-container + - edge-installer + - edge-raw-image + - edge-simplified-installer + - image-installer + - oci + - openstack + - qcow2 + - tar + - vhd + - vmdk + - iot-commit + - iot-container + - iot-installer + - iot-raw-image + - container + ostree_ref: + description: + - ostree ref + type: str + default: "" + required: false + ostree_parent: + description: + - ostree parent + type: str + default: "" + required: false + ostree_url: + description: + - ostree URL + type: str + default: "" + required: false + timeout: + description: + - timeout for osbuild-compose requests, in seconds + type: int + default: 120 + required: false +notes: + - THIS MODULE IS NOT IDEMPOTENT UNLESS C(allow_duplicate) is set to C(false) + - The params C(profile) and C(image_name) are required together. + - The C(profile) option is not fully implemented at this time. +""" + +EXAMPLES = """ +- name: Start ostree compose size 4096 + start_compose2: + blueprint: rhel-for-edge-demo + image_name: testimage + size: 4096 + +- name: Start ostree compose with idempotent transaction + start_compose2: + blueprint: rhel-for-edge-demo + allow_duplicate: false +""" +import json # noqa E402 +import socket +from typing import Any # noqa E402 + +from ansible.module_utils.basic import AnsibleModule # noqa E402 +from ansible_collections.infra.osbuild.plugins.module_utils.weldr import Weldr # noqa E402 + +argument_spec = dict( + blueprint=dict(type="str", required=True), + size=dict(type="int", required=False, default=0), + profile=dict(type="str", required=False, default=""), + image_name=dict(type="str", required=False, default=""), + allow_duplicate=dict(type="bool", required=False, default=True), + compose_type=dict( + type="str", + required=False, + default="edge-commit", + choices=[ + "ami", + "edge-commit", + "edge-container", + "edge-installer", + "edge-raw-image", + "edge-simplified-installer", + "image-installer", + "oci", + "openstack", + "qcow2", + "tar", + "vhd", + "vmdk", + "iot-commit", + "iot-container", + "iot-installer", + "iot-raw-image", + "container", + ], + ), + ostree_ref=dict(type="str", required=False, default=""), + ostree_parent=dict(type="str", required=False, default=""), + ostree_url=dict(type="str", required=False, default=""), + timeout=dict(type="int", required=False, default=120), +) + + +def start_compose(module, weldr): + changed: bool = False + dupe_compose: list = [] + blueprint_info: dict = weldr.api.get_blueprints_info(module.params["blueprint"]) + blueprint_version: int = blueprint_info["blueprints"][0]["version"] + + # Add check if compose_type is supported + supported_compose_type: dict = weldr.api.get_compose_types() + + is_supported: dict = next((item for item in supported_compose_type["types"] if item["name"] == module.params["compose_type"]), {}) + + if not is_supported: + module.fail_json( + msg="%s is not a valid image type, valid types are: %s" + % (module.params["compose_type"], [[v for k, v in t.items() if k == "name"] for t in supported_compose_type["types"]]), + changed=changed + ) + else: + if not is_supported["enabled"]: + module.fail_json( + msg="%s is not a supported image type, supported image types are: %s" + % (module.params["compose_type"], [[v for k, v in t.items() if k == "enabled" and v is True] for t in supported_compose_type["types"]]), + changed=changed + ) + + if not module.params["allow_duplicate"]: + # only do all this query and filtering if needed + + compose_queue: dict = weldr.api.get_compose_queue() + # {"new":[],"run":[{"id":"930a1584-8737-4b61-ba77-582780f0ff2d","blueprint":"base-image-with-tmux","version":"0.0.5","compose_type":"edge-commit","image_size":0,"queue_status":"RUNNING","job_created":1654620015.4107578,"job_started":1654620015.415151}]} + + compose_queue_run_dupe: list = [ + compose for compose in compose_queue["run"] if (compose["blueprint"] == module.params["blueprint"]) and (compose["version"] == blueprint_version) + ] + compose_queue_new_dupe: list = [ + compose for compose in compose_queue["new"] if (compose["blueprint"] == module.params["blueprint"]) and (compose["version"] == blueprint_version) + ] + + compose_finished: dict = weldr.api.get_compose_finished() + # {"finished":[{"id":"930a1584-8737-4b61-ba77-582780f0ff2d","blueprint":"base-image-with-tmux","version":"0.0.5","compose_type":"edge-commit","image_size":8192,"queue_status":"FINISHED","job_created":1654620015.4107578,"job_started":1654620015.415151,"job_finished":1654620302.9069786}]} + compose_finished_dupe: list = [ + compose + for compose in compose_finished["finished"] + if (compose["blueprint"] == module.params["blueprint"]) and (compose["version"] == blueprint_version) + ] + + compose_failed: dict = weldr.api.get_compose_failed() + # {"failed":[]} + compose_failed_dupe: list = [ + compose + for compose in compose_failed["failed"] + if (compose["blueprint"] == module.params["blueprint"]) and (compose["version"] == blueprint_version) + ] + + dupe_compose: list = compose_queue_run_dupe + compose_queue_new_dupe + compose_failed_dupe + compose_finished_dupe + + if module.params["allow_duplicate"] or (len(dupe_compose) == 0): + # FIXME - build to POST payload and POST that ish + compose_settings: dict[str, Any] = { + "blueprint_name": module.params["blueprint"], + "compose_type": module.params["compose_type"], + "branch": "master", + "size": module.params["size"], + } + + if "edge-commit" in module.params["compose_type"] or "installer" in module.params["compose_type"] or "raw" in module.params["compose_type"]: + compose_settings["ostree"] = { + "ref": module.params["ostree_ref"], + "parent": module.params["ostree_parent"], + "url": module.params["ostree_url"], + } + + try: + result: dict = weldr.api.post_compose(json.dumps(compose_settings), timeout=module.params["timeout"]) + except socket.timeout: + # it's possible we don't get a response back from weldr because on the + # very first run including a new content source composer will build a repo cache + # and when that happens we get an empty JSON response + + compose_queue: dict = weldr.api.get_compose_queue() + # {"new":[],"run":[{"id":"930a1584-8737-4b61-ba77-582780f0ff2d","blueprint":"base-image-with-tmux","version":"0.0.5","compose_type":"edge-commit","image_size":0,"queue_status":"RUNNING","job_created":1654620015.4107578,"job_started":1654620015.415151}]} + + submitted_compose_uuid: str = "" + + submitted_compose_found_run: list[dict[str, str]] = [ + compose + for compose in compose_queue["run"] + if (compose["blueprint"] == module.params["blueprint"]) and (compose["version"] == blueprint_version) + ] + if submitted_compose_found_run: + # we expect it to be RUNNING, so check that first + submitted_compose_uuid: str = submitted_compose_found_run[0]["id"] + else: + # didn't find it running, check for NEW queue status + submitted_compose_found_new: list = [ + compose + for compose in compose_queue["new"] + if (compose["blueprint"] == module.params["blueprint"]) and (compose["version"] == blueprint_version) + ] + + if submitted_compose_found_new: + submitted_compose_uuid: str = submitted_compose_found_new[0]["id"] + + else: + # it's not RUNNING and not NEW, so check for FAILURE state + compose_failed: dict = weldr.api.get_compose_failed() + # {"failed":[]} + submitted_compose_found_failed: list = [ + compose + for compose in compose_failed["failed"] + if (compose["blueprint"] == module.params["blueprint"]) and (compose["version"] == blueprint_version) + ] + if submitted_compose_found_failed: + submitted_compose_uuid: str = submitted_compose_found_failed[0]["id"] + else: + module.fail_json( + msg="Unable to determine state of build, check osbuild-composer system logs. Also, consider increasing the request timeout", + changed=changed + ) + + if submitted_compose_uuid: + result: dict = weldr.api.get_compose_status(submitted_compose_uuid) + result['body'] = { + 'build_id': submitted_compose_uuid + } + + if "status_code" in result.keys(): + if result["status_code"] >= 400: + module.fail_json( + msg="Compose returned body: {0}, msg {1}, and status_code {2}".format(result["body"], result["error_msg"], result["status_code"]), + changed=changed + ) + + # Having received a non-400+ response, we know a compose has started + changed: bool = True + + compose_output_types: dict[str, list[str]] = { + "tar": ["tar", "edge-commit", "iot-commit", "edge-container", "iot-container", "container"], + "iso": ["edge-installer", "edge-simplified-installer", "iot-installer", "image-installer"], + "qcow2": ["qcow2", "openstack", "oci"], + "vmdk": ["vmdk"], + "vhd": ["vhd"], + "raw.xz": ["edge-raw-image", "iot-raw-image"], + "ami": ["ami"], + } + + output_type: str = "" + for compose_type, compose_type_list in compose_output_types.items(): + if module.params["compose_type"] in compose_type_list: + output_type: str = compose_type + result["output_type"] = output_type + + module.exit_json(msg="Compose submitted to queue", result=result, changed=changed) + + else: + changed: bool = False + module.exit_json( + msg="Not queuing a duplicate versioned compose without allow_duplicate set to true", + changed=changed, + ) + + +def main() -> None: + module: AnsibleModule = AnsibleModule( + argument_spec=argument_spec, + required_together=[["image_name", "profile"]], + required_if=[ + ["compose_type", "edge-installer", ["ostree_url"]], + ["compose_type", "iot-installer", ["ostree_url"]], + ], + ) + weldr: Weldr = Weldr(module) + start_compose(module, weldr) + + +if __name__ == "__main__": + main() diff --git a/ansible/templates/kiosk.ks.j2 b/ansible/templates/kiosk.ks.j2 index eee7d1e..c9f0a87 100644 --- a/ansible/templates/kiosk.ks.j2 +++ b/ansible/templates/kiosk.ks.j2 @@ -21,32 +21,15 @@ reboot text ## -## Storage configuration -## - -# Clear the target disk -zerombr - -# Remove existing partitions -clearpart --all --initlabel - -# Automatically create partitions required by hardware platform -# and add a separate /boot partition -reqpart --add-boot - - -## -## Alternative partitioning on only one disk +## Storage configuration for only one disk ## /dev/disk/by-path/pci-0000:00:12.0-ata-1 instead of sda when sda is taken by the usb stick ## zerombr clearpart --all --initlabel reqpart --add-boot -part pv.01 --size=10240 --ondisk=/dev/disk/by-path/pci-0000:00:12.0-ata-1 -volgroup system pv.01 -logvol / --fstype="xfs" --size=1 --grow --name=root --vgname=system -part pv.02 --size=1 --grow --ondisk=/dev/disk/by-path/pci-0000:00:12.0-ata-1 -volgroup data pv.02 +part pv.01 --size=1024 --grow --ondisk=/dev/disk/by-path/pci-0000:00:12.0-ata-1 +volgroup rhel pv.01 +logvol / --fstype="xfs" --size=10240 --name=root --vgname=rhel ## ## Network configuration @@ -62,9 +45,6 @@ network --hostname=kiosk.localdomain ## Ostree installation ## -# Use this line if creating an Edge Installer ISO that includes a local ostree commit -#ostreesetup --nogpg --osname=rhel --remote=edge --url=file:///run/install/repo/ostree/repo --ref=rhel/9/x86_64/edge - # Use this to fetch from a remote URL ostreesetup --nogpg --osname=rhel --remote=edge --url=http://{{ ansible_default_ipv4.address }}/repo --ref=rhel/9/x86_64/edge-kiosk diff --git a/imagebuilder/kiosk.ks b/imagebuilder/kiosk.ks index 839321b..2126483 100644 --- a/imagebuilder/kiosk.ks +++ b/imagebuilder/kiosk.ks @@ -21,32 +21,15 @@ reboot text ## -## Storage configuration -## - -# Clear the target disk -zerombr - -# Remove existing partitions -clearpart --all --initlabel - -# Automatically create partitions required by hardware platform -# and add a separate /boot partition -reqpart --add-boot - - -## -## Alternative partitioning on only one disk +## Storage configuration for only one disk ## /dev/disk/by-path/pci-0000:00:12.0-ata-1 instead of sda when sda is taken by the usb stick ## zerombr clearpart --all --initlabel reqpart --add-boot part pv.01 --size=10240 --ondisk=/dev/disk/by-path/pci-0000:00:12.0-ata-1 -volgroup system pv.01 +volgroup rhel pv.01 logvol / --fstype="xfs" --size=1 --grow --name=root --vgname=system -part pv.02 --size=1 --grow --ondisk=/dev/disk/by-path/pci-0000:00:12.0-ata-1 -volgroup data pv.02 ## ## Network configuration From 40f5b416dd056fb032cf16a0e6eaf60cf2a021f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= Date: Thu, 4 Apr 2024 21:19:34 +0200 Subject: [PATCH 66/69] add var --- ansible/group_vars/all/config.yaml | 1 + ansible/templates/kiosk.ks.j2 | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ansible/group_vars/all/config.yaml b/ansible/group_vars/all/config.yaml index 6e75911..124553d 100644 --- a/ansible/group_vars/all/config.yaml +++ b/ansible/group_vars/all/config.yaml @@ -2,3 +2,4 @@ repo_location: /opt/custom-rpms blueprint_admin_ssh_public_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFW62WJXI1ZCMfNA4w0dMpL0fsldhbEfULNGIUB0nQui nmasse@localhost.localdomain www_location: /var/www compose_timeout: 300 +kickstart_root_disk: /dev/vda diff --git a/ansible/templates/kiosk.ks.j2 b/ansible/templates/kiosk.ks.j2 index c9f0a87..7ffd110 100644 --- a/ansible/templates/kiosk.ks.j2 +++ b/ansible/templates/kiosk.ks.j2 @@ -27,7 +27,7 @@ text zerombr clearpart --all --initlabel reqpart --add-boot -part pv.01 --size=1024 --grow --ondisk=/dev/disk/by-path/pci-0000:00:12.0-ata-1 +part pv.01 --size=1024 --grow --ondisk={{ kickstart_root_disk }} volgroup rhel pv.01 logvol / --fstype="xfs" --size=10240 --name=root --vgname=rhel From b294f79b5d3704e6da6fc51f31715bbc8e9d4c61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= Date: Thu, 4 Apr 2024 21:23:20 +0200 Subject: [PATCH 67/69] wip --- ansible/templates/kiosk.ks.j2 | 4 ++++ rpms/SPECS/kiosk-config.spec | 9 +++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/ansible/templates/kiosk.ks.j2 b/ansible/templates/kiosk.ks.j2 index 7ffd110..7ddd157 100644 --- a/ansible/templates/kiosk.ks.j2 +++ b/ansible/templates/kiosk.ks.j2 @@ -58,6 +58,10 @@ cat > /etc/crio/openshift-pull-secret << 'EOF' EOF chmod 600 /etc/crio/openshift-pull-secret +# User creation in the ostree is now deprecated. Doing it in the Kickstart, then. +groupadd -r kiosk +useradd -r -N -g kiosk -d /home/kiosk -m kiosk + # Configure the firewall with the mandatory rules for MicroShift firewall-offline-cmd --zone=trusted --add-source=10.42.0.0/16 firewall-offline-cmd --zone=trusted --add-source=169.254.169.1 diff --git a/rpms/SPECS/kiosk-config.spec b/rpms/SPECS/kiosk-config.spec index 1682805..c565a84 100644 --- a/rpms/SPECS/kiosk-config.spec +++ b/rpms/SPECS/kiosk-config.spec @@ -72,8 +72,13 @@ install -m 0755 -D kiosk-app %{buildroot}/usr/bin/kiosk-app %attr(0755, root, root) /usr/bin/kiosk-app %pre -getent group kiosk >/dev/null 2>&1 || groupadd -r kiosk -getent passwd kiosk >/dev/null 2>&1 || useradd -r -N -g kiosk -d /home/kiosk -m kiosk +## +## HEADS UP !!! +## +## The kiosk user needs to be created in the kickstart now. +## +#getent group kiosk >/dev/null 2>&1 || groupadd -r kiosk +#getent passwd kiosk >/dev/null 2>&1 || useradd -r -N -g kiosk -d /home/kiosk -m kiosk %post %systemd_user_post com.redhat.Kiosk.SampleApp.service From c84a334163c385074743729ca825a303fb979454 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= Date: Fri, 5 Apr 2024 14:07:44 +0200 Subject: [PATCH 68/69] automatic update + kiosk fix --- ansible/README.MD | 1 + ansible/build.yaml | 17 +++++++++++++++++ ansible/templates/kiosk.ks.j2 | 4 ---- ansible/templates/kiosk.toml.j2 | 33 ++++++++++++++++++++++++++++++++- 4 files changed, 50 insertions(+), 5 deletions(-) diff --git a/ansible/README.MD b/ansible/README.MD index 82942b7..ffa5f9a 100644 --- a/ansible/README.MD +++ b/ansible/README.MD @@ -31,6 +31,7 @@ Create an ansible vault named `vault.yaml` in `ansible/group_vars/all/` with the ```yaml blueprint_admin_password_hash: # Generate one with "mkpasswd -m bcrypt" +blueprint_kiosk_password_hash: # Generate one with "mkpasswd -m bcrypt" kickstart_microshift_pull_secret: # Generate one on https://console.redhat.com/openshift/install/pull-secret ``` diff --git a/ansible/build.yaml b/ansible/build.yaml index 1659e3d..2b32ea6 100644 --- a/ansible/build.yaml +++ b/ansible/build.yaml @@ -14,6 +14,23 @@ suffix: -build register: tmp + ## + ## Cleanup + ## + + - name: Get all images for removal + ansible.builtin.command: /usr/bin/composer-cli compose list + register: builder_output + changed_when: false + + - name: Remove each image by UUID + ansible.builtin.command: "/usr/bin/composer-cli compose delete {{ (item | split)[0] }}" + loop: "{{ builder_output.stdout_lines }}" + loop_control: + label: "{{ (item | split)[0] }}" + changed_when: true + when: (item | split)[0] != "ID" + ## ## RPM construction ## diff --git a/ansible/templates/kiosk.ks.j2 b/ansible/templates/kiosk.ks.j2 index 7ddd157..7ffd110 100644 --- a/ansible/templates/kiosk.ks.j2 +++ b/ansible/templates/kiosk.ks.j2 @@ -58,10 +58,6 @@ cat > /etc/crio/openshift-pull-secret << 'EOF' EOF chmod 600 /etc/crio/openshift-pull-secret -# User creation in the ostree is now deprecated. Doing it in the Kickstart, then. -groupadd -r kiosk -useradd -r -N -g kiosk -d /home/kiosk -m kiosk - # Configure the firewall with the mandatory rules for MicroShift firewall-offline-cmd --zone=trusted --add-source=10.42.0.0/16 firewall-offline-cmd --zone=trusted --add-source=169.254.169.1 diff --git a/ansible/templates/kiosk.toml.j2 b/ansible/templates/kiosk.toml.j2 index 2086768..f862dd8 100644 --- a/ansible/templates/kiosk.toml.j2 +++ b/ansible/templates/kiosk.toml.j2 @@ -11,6 +11,9 @@ version = "*" [[packages]] name = "cockpit" +[[packages]] +name = "htop" + [[packages]] name = "microshift-manifests" version = "*" @@ -22,7 +25,7 @@ name = "cockpit-system" hostname = "kiosk.local" [customizations.services] -enabled = ["cockpit.socket", "sshd", "microshift"] +enabled = ["cockpit.socket", "sshd", "microshift", "rpm-ostreed", "rpm-ostreed-automatic.timer"] [customizations.timezone] timezone = "Europe/Paris" @@ -36,6 +39,26 @@ keyboard = "fr" [customizations.firewall] ports = ["22:tcp", "30000:tcp", "9090:tcp", "6443:tcp"] +## +## Automatic updates +## +## This file is used by the rpm-ostreed service that is triggered by the +## rpm-ostreed-automatic systemd timer: +## +## [Timer] +## OnBootSec=1h # 1 hour after boot +## OnUnitInactiveSec=1d # 1 day after last check +## +## But you can trigger a check manually with: +## +## sudo rpm-ostree upgrade --trigger-automatic-update-policy +## +[[customizations.files]] +path = "/etc/rpm-ostreed.conf" +data = """[Daemon] +AutomaticUpdatePolicy=apply +""" + [[customizations.user]] name = "admin" description = "admin" @@ -44,3 +67,11 @@ key = "{{ blueprint_admin_ssh_public_key }}" home = "/home/admin/" shell = "/usr/bin/bash" groups = ["users", "wheel"] + +[[customizations.user]] +name = "kiosk" +description = "kiosk" +password = '{{ blueprint_kiosk_password_hash }}' +home = "/home/kiosk/" +shell = "/bin/bash" + From 2b62a17ebaf74989a44cc59f70a8fbe719d51d84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= Date: Fri, 5 Apr 2024 14:10:57 +0200 Subject: [PATCH 69/69] wip --- ansible/group_vars/all/config.yaml | 2 +- ansible/templates/kiosk.toml.j2 | 3 --- imagebuilder/kiosk.toml | 29 ++++++++++++++++++++++++++++- 3 files changed, 29 insertions(+), 5 deletions(-) diff --git a/ansible/group_vars/all/config.yaml b/ansible/group_vars/all/config.yaml index 124553d..6ae268f 100644 --- a/ansible/group_vars/all/config.yaml +++ b/ansible/group_vars/all/config.yaml @@ -2,4 +2,4 @@ repo_location: /opt/custom-rpms blueprint_admin_ssh_public_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFW62WJXI1ZCMfNA4w0dMpL0fsldhbEfULNGIUB0nQui nmasse@localhost.localdomain www_location: /var/www compose_timeout: 300 -kickstart_root_disk: /dev/vda +kickstart_root_disk: /dev/disk/by-path/pci-0000:00:12.0-ata-1 diff --git a/ansible/templates/kiosk.toml.j2 b/ansible/templates/kiosk.toml.j2 index f862dd8..1992f8f 100644 --- a/ansible/templates/kiosk.toml.j2 +++ b/ansible/templates/kiosk.toml.j2 @@ -11,9 +11,6 @@ version = "*" [[packages]] name = "cockpit" -[[packages]] -name = "htop" - [[packages]] name = "microshift-manifests" version = "*" diff --git a/imagebuilder/kiosk.toml b/imagebuilder/kiosk.toml index 4239c93..7973870 100644 --- a/imagebuilder/kiosk.toml +++ b/imagebuilder/kiosk.toml @@ -22,7 +22,7 @@ name = "cockpit-system" hostname = "kiosk.local" [customizations.services] -enabled = ["cockpit.socket", "sshd", "microshift"] +enabled = ["cockpit.socket", "sshd", "microshift", "rpm-ostreed", "rpm-ostreed-automatic.timer"] [customizations.timezone] timezone = "Europe/Paris" @@ -36,6 +36,26 @@ keyboard = "fr" [customizations.firewall] ports = ["22:tcp", "30000:tcp", "9090:tcp", "6443:tcp"] +## +## Automatic updates +## +## This file is used by the rpm-ostreed service that is triggered by the +## rpm-ostreed-automatic systemd timer: +## +## [Timer] +## OnBootSec=1h # 1 hour after boot +## OnUnitInactiveSec=1d # 1 day after last check +## +## But you can trigger a check manually with: +## +## sudo rpm-ostree upgrade --trigger-automatic-update-policy +## +[[customizations.files]] +path = "/etc/rpm-ostreed.conf" +data = """[Daemon] +AutomaticUpdatePolicy=apply +""" + [[customizations.user]] name = "admin" description = "admin" @@ -44,3 +64,10 @@ key = "__ADMIN_SSH_PUBLIC_KEY__" home = "/home/admin/" shell = "/usr/bin/bash" groups = ["users", "wheel"] + +[[customizations.user]] +name = "kiosk" +description = "kiosk" +password = '__KIOSK_PASSWORD__' +home = "/home/kiosk/" +shell = "/bin/bash"