nicolas
/
red-hat-kiosk
mirror of https://github.com/nmasse-itix/red-hat-kiosk.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Add documentation

ca-cert-and-multi-ks
ePietry 2 years ago
parent
3363f54d97
commit
a6b9ef6e9b
4 changed files with 124 additions and 16 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 0
      .vscode/settings.json
  2. 109
      ansible/README.MD
  3. 6
      ansible/playbooks-test.yaml
  4. 25
      ansible/playbooks/initial_ostree.yaml

0
ansible/playbooks/.vscode/settings.json → .vscode/settings.json
View File

109
ansible/README.MD
View File

@ -0,0 +1,109 @@
# Installation on RHEL 9 Automatisation
Ansible Playbook allowing to create ostree images for edge using Ansible.
## Pre-requisites
RHEL 9 pre-requisites :
- RHEL 9 is installed
- The Red Hat repositories **baseos** and **appstream** are reachable
Microshift pre-requisites :
- RHEL 9.2 or 9.3
- LVM volume group (VG) with unused space
## Install Pre-requisites
```sh
sudo subscription-manager register --username $RHN_LOGIN --auto-attach
sudo subscription-manager attach --pool=$RHN_POOL_ID
sudo dnf install -y osbuild-composer composer-cli cockpit-composer git firewalld python3-toml
sudo systemctl enable --now osbuild-composer.socket
sudo systemctl enable --now firewalld
sudo systemctl enable --now cockpit.socket
sudo systemctl restart osbuild-composer
sudo usermod -a -G weldr "$(id -un)"
```
Check that **os-composer** is working.
```
$ source /etc/bash_completion.d/composer-cli
$ composer-cli status show
API server status:
Database version: 0
Database supported: true
Schema version: 0
API version: 1
Backend: osbuild-composer
Build: NEVRA:osbuild-composer-88.3-1.el9_3.x86_64
$ composer-cli sources list
appstream
baseos
```
## Clone this repository
```sh
git clone https://github.com/ePietry/red-hat-kiosk.git
cd red-hat-kiosk
export GIT_REPO_CLONE="$PWD"
```
## Create the container image
Install podman and buildah.
```sh
sudo dnf install -y podman buildah
```
Define the target image properties.
```sh
REGISTRY="quay.io"
IMAGE_NAME="nmasse_itix/kiosk-app"
IMAGE_TAG="latest"
```
Build and push the image to the registry.
```sh
cd "$GIT_REPO_CLONE/application"
podman build -t localhost/kiosk-app:latest .
podman login "$REGISTRY"
podman tag localhost/kiosk-app:latest "$REGISTRY/$IMAGE_NAME:$IMAGE_TAG"
podman push "$REGISTRY/$IMAGE_NAME:$IMAGE_TAG"
```
## Nginx configuration
Install and configure nginx.
```sh
sudo dnf install -y nginx
sudo systemctl enable --now nginx.service
sudo firewall-cmd --permanent --add-port={80/tcp,443/tcp}
sudo firewall-cmd --reload
sudo mkdir -p /var/www
sudo restorecon -Rv /var/www
sudo sed -i.${EPOCHREALTIME:-bak} 's|/usr/share/nginx/html|/var/www|g' /etc/nginx/nginx.conf
sudo systemctl restart nginx.service
```
Find the IP address of the current server.
```sh
MYIP="$(ip -4 -br addr show scope global | awk 'NR == 1 { split($3, parts, "/"); print parts[1]; }')"
```
## Create the initial ostree repo
Create a `inventory.yaml` file inside the Ansible folder or define the inventory path inside the `ansible.cfg` file
Add blueprint file into the blueprint folder or use the `example_blueprint.toml`
Create the initial ostree repo using...

6
ansible/playbooks-test.yaml
View File

@ -1,6 +0,0 @@
---
- name: ping all inventory
hosts: all
tasks:
- name: ping
ansible.builtin.ping:

25
ansible/playbooks/initial_ostree.yaml
View File

@ -9,19 +9,10 @@
name: "{{ ansible_user_id }}" name: "{{ ansible_user_id }}"
groups: weldr groups: weldr
append: true append: true
# - name: Create a blueprint
# infra.osbuild.create_blueprint:
# dest: "/home/epietryk/blueprint/blueprint.toml"
# name: "rhel-edge-blueprint"
# description: "{{ builder_blueprint_description }}"
# distro: "{{ builder_blueprint_distro }}"
# groups: "{{ builder_blueprint_groups }}"
# packages: "{{ builder_blueprint_packages }}"
# customizations: "{{ builder_blueprint_customizations }}"
- name: Push a blueprint - name: Push a blueprint
infra.osbuild.push_blueprint: infra.osbuild.push_blueprint:
src: "/home/epietryk/blueprint/blueprint.toml" src: "/home/epietryk/blueprint/blueprint.toml"
- name: Start ostree compose with idempotent transaction - name: Start ostree compose
infra.osbuild.start_compose: infra.osbuild.start_compose:
blueprint: rhel-edge-blueprint blueprint: rhel-edge-blueprint
allow_duplicate: true allow_duplicate: true
@ -42,3 +33,17 @@
infra.osbuild.export_compose: # noqa only-builtins infra.osbuild.export_compose: # noqa only-builtins
compose_id: "{{ builder_compose_start_out['result']['body']['build_id'] }}" compose_id: "{{ builder_compose_start_out['result']['body']['build_id'] }}"
dest: /tmp/images/{{ builder_compose_start_out['result']['body']['build_id'] }}.tar dest: /tmp/images/{{ builder_compose_start_out['result']['body']['build_id'] }}.tar
- name: Recursively remove directory /var/www/repo
ansible.builtin.file:
path: /var/www/repo
state: absent
# - name: Create empty file /var/www/repo
# ansible.builtin.file:
# path: /var/www/repo
# state: directory
# mode: '0755'
- name: Extract compose artifact into /var/www/repo
ansible.builtin.unarchive:
src: /tmp/images/{{ builder_compose_start_out['result']['body']['build_id'] }}.tar
dest: /var/www/
remote_src: true

Write Preview
Loading…
Cancel
Save