2 changed files with 263 additions and 0 deletions
@ -0,0 +1,194 @@ |
|||||
|
# Installation on RHEL 9 |
||||
|
|
||||
|
## Pre-requisites |
||||
|
|
||||
|
RHEL 9 pre-requisites : |
||||
|
|
||||
|
- RHEL 9 is installed |
||||
|
- The Red Hat repositories **baseos** and **appstream** are reachable |
||||
|
|
||||
|
Microshift pre-requisites : |
||||
|
|
||||
|
- RHEL 9.2 or 9.3 |
||||
|
- LVM volume group (VG) with unused space |
||||
|
|
||||
|
## Install Pre-requisites |
||||
|
|
||||
|
```sh |
||||
|
sudo subscription-manager register --username $RHN_LOGIN --auto-attach |
||||
|
sudo subscription-manager attach --pool=$RHN_POOL_ID |
||||
|
sudo dnf install -y osbuild-composer composer-cli cockpit-composer |
||||
|
sudo systemctl enable --now osbuild-composer.socket |
||||
|
sudo systemctl enable --now cockpit.socket |
||||
|
sudo systemctl restart osbuild-composer |
||||
|
sudo usermod -a -G weldr nmasse |
||||
|
``` |
||||
|
|
||||
|
Check that **os-composer** is working. |
||||
|
|
||||
|
``` |
||||
|
$ source /etc/bash_completion.d/composer-cli |
||||
|
$ composer-cli status show |
||||
|
API server status: |
||||
|
Database version: 0 |
||||
|
Database supported: true |
||||
|
Schema version: 0 |
||||
|
API version: 1 |
||||
|
Backend: osbuild-composer |
||||
|
Build: NEVRA:osbuild-composer-88.3-1.el9_3.x86_64 |
||||
|
|
||||
|
$ composer-cli sources list |
||||
|
appstream |
||||
|
baseos |
||||
|
``` |
||||
|
|
||||
|
## Clone this repository |
||||
|
|
||||
|
```sh |
||||
|
git clone https://github.com/nmasse-itix/red-hat-kiosk.git |
||||
|
cd red-hat-kiosk |
||||
|
export GIT_REPO_CLONE="$PWD" |
||||
|
``` |
||||
|
|
||||
|
## Nginx configuration |
||||
|
|
||||
|
```sh |
||||
|
sudo dnf install -y nginx |
||||
|
sudo systemctl enable --now nginx.service |
||||
|
sudo firewall-cmd --permanent --add-port={80/tcp,443/tcp} |
||||
|
sudo firewall-cmd --reload |
||||
|
sudo mkdir -p /var/www |
||||
|
sudo restorecon -Rv /var/www |
||||
|
sudo sed -i.bak 's|/usr/share/nginx/html|/var/www|g' /etc/nginx/nginx.conf |
||||
|
sudo systemctl restart nginx.service |
||||
|
``` |
||||
|
|
||||
|
## Rebuild of Google Chrome |
||||
|
|
||||
|
```sh |
||||
|
sudo dnf install -y git rpm-build |
||||
|
sudo dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm |
||||
|
sudo dnf install -y rpmrebuild |
||||
|
cd "$GIT_REPO_CLONE/chrome_repackage" |
||||
|
curl -s -Lo google-chrome-stable_current_x86_64.rpm https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm |
||||
|
rpmrebuild -s google-chrome-stable.spec -p google-chrome-stable_current_x86_64.rpm |
||||
|
rpm2cpio google-chrome-stable_current_x86_64.rpm | cpio -idmv |
||||
|
mv opt/google/ usr/bin/ |
||||
|
cd usr/bin/ |
||||
|
rm -f google-chrome-stable |
||||
|
ln -s google/chrome/google-chrome google-chrome-stable |
||||
|
ln -s google/chrome/google-chrome chrome |
||||
|
cd ../.. |
||||
|
RPM=$(rpm -q google-chrome-stable_current_x86_64.rpm) |
||||
|
mkdir -p $HOME/rpmbuild/BUILDROOT/$RPM/ |
||||
|
for i in etc usr; do cp -r $i $HOME/rpmbuild/BUILDROOT/$RPM/; done |
||||
|
sed -i.bak 's|/opt/google|/usr/bin/google|g' google-chrome-stable.spec |
||||
|
rpmbuild -bb google-chrome-stable.spec |
||||
|
ls -l $HOME/rpmbuild/RPMS/x86_64/ |
||||
|
``` |
||||
|
|
||||
|
## Repository Creation |
||||
|
|
||||
|
```sh |
||||
|
export REPO_LOCATION="/opt/custom-rpms/" |
||||
|
sudo dnf install -y createrepo |
||||
|
sudo mkdir -p "$REPO_LOCATION" |
||||
|
sudo cp $HOME/rpmbuild/RPMS/x86_64/* "$REPO_LOCATION" |
||||
|
sudo createrepo "$REPO_LOCATION" |
||||
|
sudo tee /etc/yum.repos.d/custom.repo <<EOF |
||||
|
[custom] |
||||
|
name = Custom RPMS |
||||
|
baseurl = file://$REPO_LOCATION |
||||
|
enabled = 1 |
||||
|
gpgcheck = 0 |
||||
|
EOF |
||||
|
sudo dnf info google-chrome-stable |
||||
|
``` |
||||
|
|
||||
|
## os-builer configuration |
||||
|
|
||||
|
```sh |
||||
|
sudo subscription-manager repos --enable rhocp-4.14-for-rhel-9-$(uname -m)-rpms --enable fast-datapath-for-rhel-9-$(uname -m)-rpms |
||||
|
sudo dnf info microshift |
||||
|
sudo dnf install -y mkpasswd podman |
||||
|
cd "$GIT_REPO_CLONE/imagebuilder" |
||||
|
KIOSK_PASSWORD="$(openssl rand -base64 9)" |
||||
|
KIOSK_PASSWORD_HASH="$(mkpasswd -m bcrypt "$KIOSK_PASSWORD")" |
||||
|
echo "Kiosk password is '$KIOSK_PASSWORD'" |
||||
|
ADMIN_PASSWORD="$(openssl rand -base64 9)" |
||||
|
ADMIN_PASSWORD_HASH="$(mkpasswd -m bcrypt "$ADMIN_PASSWORD")" |
||||
|
echo "Admin password is '$ADMIN_PASSWORD'" |
||||
|
sed -i.orig1 "s|__KIOSK_PASSWORD__|$KIOSK_PASSWORD_HASH|" kiosk.toml |
||||
|
sed -i.orig2 "s|__ADMIN_PASSWORD__|$ADMIN_PASSWORD_HASH|" kiosk.toml |
||||
|
ADMIN_SSH_PUBLIC_KEY="$(ssh-add -L | head -n 1)" |
||||
|
echo "Admin SSH public key: $ADMIN_SSH_PUBLIC_KEY" |
||||
|
sed -i.orig3 "s|__ADMIN_SSH_PUBLIC_KEY__|$ADMIN_SSH_PUBLIC_KEY|" kiosk.toml |
||||
|
composer-cli sources add /dev/fd/0 <<EOF |
||||
|
check_gpg = false |
||||
|
check_ssl = false |
||||
|
id = "custom" |
||||
|
name = "custom packages for RHEL" |
||||
|
system = false |
||||
|
type = "yum-baseurl" |
||||
|
url = "file://$REPO_LOCATION" |
||||
|
EOF |
||||
|
composer-cli sources add /dev/fd/0 <<EOF |
||||
|
id = "rhocp-4.14" |
||||
|
name = "Red Hat OpenShift Container Platform 4.14 for RHEL 9" |
||||
|
type = "yum-baseurl" |
||||
|
url = "https://cdn.redhat.com/content/dist/layered/rhel9/$(uname -m)/rhocp/4.14/os" |
||||
|
check_gpg = true |
||||
|
check_ssl = true |
||||
|
system = false |
||||
|
rhsm = true |
||||
|
EOF |
||||
|
composer-cli sources add /dev/fd/0 <<EOF |
||||
|
id = "fast-datapath" |
||||
|
name = "Fast Datapath for RHEL 9" |
||||
|
type = "yum-baseurl" |
||||
|
url = "https://cdn.redhat.com/content/dist/layered/rhel9/$(uname -m)/fast-datapath/os" |
||||
|
check_gpg = true |
||||
|
check_ssl = true |
||||
|
system = false |
||||
|
rhsm = true |
||||
|
EOF |
||||
|
composer-cli blueprints push kiosk.toml |
||||
|
``` |
||||
|
|
||||
|
## Ostree construction |
||||
|
|
||||
|
Create the ostree image. |
||||
|
|
||||
|
```sh |
||||
|
composer-cli blueprints depsolve kiosk |
||||
|
BUILDID=$(composer-cli compose start-ostree --ref "rhel/9/$(uname -m)/edge" kiosk edge-container | awk '{print $2}') |
||||
|
echo "Build $BUILDID is running..." |
||||
|
composer-cli compose status |
||||
|
``` |
||||
|
|
||||
|
Download the ostree server and run it. |
||||
|
|
||||
|
```sh |
||||
|
CONTAINER_IMAGE_FILE="$(composer-cli compose image "${BUILDID}")" |
||||
|
IMAGEID="$(podman load < "${BUILDID}-container.tar" | grep -o -P '(?<=sha256[@:])[a-z0-9]*')" |
||||
|
echo "Using image with id = $IMAGEID" |
||||
|
podman run -d --name=minimal-microshift-server -p 8085:8080 ${IMAGEID} |
||||
|
``` |
||||
|
|
||||
|
## Build the ISO |
||||
|
|
||||
|
```sh |
||||
|
composer-cli blueprints push /dev/fd/0 <<EOF |
||||
|
name = "microshift-installer" |
||||
|
|
||||
|
description = "" |
||||
|
version = "0.0.0" |
||||
|
modules = [] |
||||
|
groups = [] |
||||
|
packages = [] |
||||
|
EOF |
||||
|
BUILDID=$(composer-cli compose start-ostree --url http://localhost:8085/repo/ --ref "rhel/9/$(uname -m)/edge" microshift-installer edge-installer | awk '{print $2}') |
||||
|
composer-cli compose status |
||||
|
composer-cli compose image "${BUILDID}" |
||||
|
|
||||
|
``` |
||||
@ -0,0 +1,69 @@ |
|||||
|
# Local development |
||||
|
|
||||
|
## Create a RHEL 9 Virtual Machine |
||||
|
|
||||
|
Pre-requisites : |
||||
|
- Fedora 39 [with Libvirt installed](https://docs.fedoraproject.org/en-US/quick-docs/virtualization-getting-started/) |
||||
|
|
||||
|
Download [RHEL 9.3](https://access.redhat.com/downloads/content/rhel) and save `rhel-9.3-x86_64-kvm.qcow2` in `/var/lib/libvirt/images/base-images`. |
||||
|
|
||||
|
Create a file named `user-data.yaml` with the follwing content. |
||||
|
|
||||
|
```yaml |
||||
|
#cloud-config |
||||
|
|
||||
|
users: |
||||
|
- name: nmasse |
||||
|
gecos: Nicolas MASSE |
||||
|
groups: wheel |
||||
|
lock_passwd: false |
||||
|
passwd: $6$...123 # generate the hash with the "mkpasswd" command |
||||
|
ssh_authorized_keys: |
||||
|
- ssh-ed25519 123...456 |
||||
|
|
||||
|
write_files: |
||||
|
- path: /etc/sudoers |
||||
|
content: | |
||||
|
Defaults !visiblepw |
||||
|
Defaults always_set_home |
||||
|
Defaults match_group_by_gid |
||||
|
Defaults always_query_group_plugin |
||||
|
Defaults env_reset |
||||
|
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS" |
||||
|
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE" |
||||
|
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES" |
||||
|
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE" |
||||
|
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY" |
||||
|
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin |
||||
|
root ALL=(ALL) ALL |
||||
|
%wheel ALL=(ALL) NOPASSWD: ALL |
||||
|
#includedir /etc/sudoers.d |
||||
|
permissions: '0440' |
||||
|
append: false |
||||
|
``` |
||||
|
|
||||
|
Create the RHEL9 VM. |
||||
|
|
||||
|
```sh |
||||
|
sudo mkdir -p /var/lib/libvirt/images/rhel9 /var/lib/libvirt/images/base-images |
||||
|
sudo dnf install -y cloud-utils genisoimage |
||||
|
sudo cloud-localds /var/lib/libvirt/images/rhel9/cloud-init.iso user-data.yaml |
||||
|
|
||||
|
sudo virt-install --name rhel9 --autostart --noautoconsole --cpu host-passthrough \ |
||||
|
--vcpus 4 --ram 8192 --os-variant rhel9.3 \ |
||||
|
--disk path=/var/lib/libvirt/images/rhel9/rhel9.qcow2,backing_store=/var/lib/libvirt/images/base-images/rhel-9.3-x86_64-kvm.qcow2,size=20 \ |
||||
|
--disk path=/var/lib/libvirt/images/rhel9/rhel9.qcow2,size=20 \ |
||||
|
--network network=default \ |
||||
|
--console pty,target.type=virtio --serial pty --import \ |
||||
|
--disk path=/var/lib/libvirt/images/rhel9/cloud-init.iso,readonly=on \ |
||||
|
--sysinfo system.serial=ds=nocloud |
||||
|
|
||||
|
sudo virsh console rhel9 |
||||
|
``` |
||||
|
|
||||
|
Create a PV and a VG for Microshift. |
||||
|
|
||||
|
``` |
||||
|
sudo pvcreate /dev/vdb |
||||
|
sudo vgcreate data /dev/vdb |
||||
|
``` |
||||
Loading…
Reference in new issue