Commit Graph

2222 Commits

Author SHA1 Message Date
Brian C. Lane
2ad4b20a91 dnf changed the type of gpgkey to a tuple
And in an intermediate version it returns a VectorString object which
isn't serializable by the json or toml modules.

So convert it to a list so that the type is consistent in the sources
code.

(cherry picked from commit e9e5139750)

Resolves: rhbz#1655876
2018-12-07 11:52:22 -08:00
Brian C. Lane
6a2f574ed7 lorax-composer: Add CDN repo checks to startup and compose start.
This will block starting a compose if the sources only reference
cdn.redhat.com urls.

Resolves: rhbz#1655623
2018-12-07 11:50:52 -08:00
Brian C. Lane
f1af108e5b lorax-composer: Check for CDN only repos
Anaconda is currently not able to handle cdn repo urls in the kickstart.
Add a new function that checks for extra repos and returns True.

Related: rhbz#1655623
2018-12-07 11:50:52 -08:00
Brian C. Lane
15c64d9f8d There is no support for edk2-ovmf on arm/arm64
Resolves: rhbz#1655512
2018-12-07 11:48:59 -08:00
Brian C. Lane
f0bac40d7f lorax-composer: Check the queue and results at startup
If the system ran out of space, or was rebooted unexpectedly, the state
of the queue symlinks, or the results STATUS files may be inconsistent.
This checks them and:
 * Removes broken symlinks from queue/new and queue/run
 * Removes symlinks from run and sets the build to FAILED
 * Sets builds w/o a STATUS to FAILED
 * Sets builds with STATUS of RUNNING to FAILED
 * Creates missing queue/new symlinks to results with STATUS of WAITING

So, any builds that were running during the reboot will be FAILED, and
any that were waiting to be started will be started upon rebooting.

Resolves: rhbz#1647985
(cherry picked from commit 4dd9004d13)
2018-12-06 15:27:48 -08:00
Brian C. Lane
580e771dea Automatic commit of package [lorax] release [28.14.17-1].
Created by command:

/bin/tito tag
2018-11-29 13:21:21 -08:00
Brian C. Lane
32b3df0892 Update documentation for - 28.14.17
Regenerate the documentation for the SELinux changes.

Related: rhbz#1645189
2018-11-29 13:08:44 -08:00
Brian C. Lane
97b138c3d1 lorax-composer: Install selinux-policy-targeted in images
This is required to ensure that SELinux is configured properly while
building. It fixes the problem with building tar, and should be
installed in the other image types for consistency.

Resolves: rhbz#1645189
2018-11-29 13:05:01 -08:00
Brian C. Lane
22061ed4ab Remove setfiles from mkrootfsimage
SELinux applies the correct labels, setfiles is no longer needed.
This allows lorax to run with SELinux in Enforcing mode.

Related: rhbz#1645189
2018-11-29 13:05:01 -08:00
Brian C. Lane
14fb4a9156 Remove SELinux Permissive checks
Anaconda, Lorax, lorax-composer, and livemedia-creator can all now run
with SELinux in Enforcing mode. It does not need to be disabled and if
there are denials they should be reported as a bug.

Log the current state of SELinux when starting, update the
documentation.

Resolves: rhbz#1645189
2018-11-29 13:05:01 -08:00
Brian C. Lane
8a5176a17c New lorax documentation - 28.14.17
Related: rhbz#1639132
2018-11-27 10:03:06 -08:00
Brian C. Lane
a4881ddd6d Build manpages for composer-cli and lorax-composer
Add manpage creation to make docs target to keep them updated.

Resolves: rhbz#1639132
2018-11-27 10:00:36 -08:00
Brian C. Lane
6de44cd241 Add --no-system-repos to lorax-composer
Running lorax-composer --no-system-repos will prevent it from copying
the dnf repositories from /etc/yum.repos.d/ into the lorax-composer repo
directory. It will *only* use repositories setup using the sources api
or written to /var/lib/lorax/composer/repos.d/

If lorax-composer has previously been run without this switch the system
repos will need to be removed from the composer/repos.d/ directory. It
would also be a good idea to remove the cached metadata in
/var/tmp/composer/

Resolves: rhbz#1650363
2018-11-15 16:19:24 -08:00
Brian C. Lane
8b114327b1 Automatic commit of package [lorax] release [28.14.16-1].
Created by command:

/usr/bin/tito tag
2018-10-12 12:45:56 -07:00
Vendula Poncova
b594fa99bc Fix vhd images
Images don't work without these fixes:

* Enable Network Manager.
* Disable cloud-init.
* Add Hyper-V modules into initramfs.

Fixes specific for RHEL:

* Create ifcfg-eth0 required by waagent.
* Install python3 and net-tools required by waagent.

Recommended changes:

* Use recommended kernel boot args.
* Disable kdump.

Related: rhbz#1628648
2018-10-12 12:37:50 -07:00
Brian C. Lane
5b8341884d Update depsolving with suggestions from dnf (#1636239)
The previous method worked, but wasn't exactly idiomatic. This is more
correct, and appears to work the same (templates depsolve, version globs
work, multiple repos work).

Note that this does use a private dnf attribute ._goal, but the word is
that this is going to become a public api soon, so yes it is there on
purpose.

Resolves: rhbz#1638683
2018-10-12 10:58:04 -07:00
Brian C. Lane
ee2ec1bfe4 Automatic commit of package [lorax] release [28.14.15-1].
Created by command:

/usr/bin/tito tag
2018-10-09 12:05:32 -07:00
Brian C. Lane
58236a6b61 Add an openstack image type
This is a qcow2 image with cloud-init in the template.

(cherry picked from commit 98f8b23129)

Resolves: rhbz#1628645
2018-10-09 11:55:30 -07:00
David Shea
da0435bc90 Add cloud-init to vhd images.
cloud-init can be used in Azure now

(cherry picked from commit ac9a2fdbc5)

Related: rhbz#1628648
2018-10-09 11:35:42 -04:00
David Shea
6bcb2823d4 Replace /etc/machine-id with an empty file
Since these images can be used to create multiple machines, they should
not have a unique machine-id attached to them. Replace /etc/machine-id
with an empty file so that it will be regenerated at boot time.

(cherry picked from commit 6fab72d894)

Related: rhbz#1628645
Related: rhbz#1628646
Related: rhbz#1628647
Related: rhbz#1628648
2018-10-09 11:34:48 -04:00
Brian C. Lane
37051dbe2b Automatic commit of package [lorax] release [28.14.14-1].
Created by command:

/usr/bin/tito tag
2018-10-08 16:22:54 -07:00
Brian C. Lane
0ad0a47968 Update cli tests to use composer-cli name
Related: rhbz#1635763
2018-10-08 16:22:20 -07:00
Brian C. Lane
077582ee49 Revert "Rename composer-cli to composer"
This reverts commit 2c2e3156d0.

It conflicts with the PHP dependency manager project named 'composer'

Related: rhbz#1635763
2018-10-08 16:22:15 -07:00
Brian C. Lane
8dc43a7124 Automatic commit of package [lorax] release [28.14.13-1].
Created by command:

/usr/bin/tito tag
2018-10-05 09:56:02 -07:00
Brian C. Lane
091820b5d6 New lorax documentation - 28.14.12
Related: rhbz#1635763
2018-10-05 09:54:44 -07:00
Brian C. Lane
b1a2d635d0 Adjust the composer-cli tests for the rename to composer
Related: rhbz#1635763
2018-10-05 08:30:34 -07:00
Lars Karlitski
2c2e3156d0 Rename composer-cli to composer
Resolves: rhbz#1635763
2018-10-05 08:30:34 -07:00
Lars Karlitski
43aedf6a15 Add and enable cloud-init for ami images
Images don't work at all on AWS without cloud-init.

Fixes #492

(cherry picked from commit 81d38b6445)

Related: rhbz#1628647
2018-10-05 11:28:17 -04:00
David Shea
c13aa84f02 Make no-virt generated images sparser
At the end of disk image installs, use fstrim on the generated filesystem to
discard any blocks that were allocated during the install and are now unused.
This will allow tools such as qemu-img to create images that do not include
deleted data.

For raw disk images that do not go through qemu-img, use fallocate --dig-holes
to create sparse holes in place of the unused blocks.

(cherry picked from commit 9717b3fd98)

Related: rhbz#1628645
Related: rhbz#1628646
Related: rhbz#1628647
Related: rhbz#1628648
2018-10-05 11:27:04 -04:00
Brian C. Lane
63a6e72a59 Automatic commit of package [lorax] release [28.14.12-1].
Created by command:

/usr/bin/tito tag
2018-10-03 15:55:10 -07:00
Brian C. Lane
212e0bcb3e Write a rootpw line if no root customizations in the blueprint
Anaconda requires the root password to be set or locked, so if there
isn't anything setting it we write out 'rootpw --lock'

Also adds tests for this.

Resolves: rhbz#1626122
2018-10-03 08:29:33 -07:00
Brian C. Lane
25ee5c9ee7 Automatic commit of package [lorax] release [28.14.11-1].
Created by command:

/usr/bin/tito tag
2018-10-02 17:01:23 -07:00
Brian C. Lane
de3294280b Add beakerlib to Dockerfile.test
Also kill the lorax-composer process and remove /run/weldr/api.socket
so that when this is run with podman you don't get an error about
attempting to tar up the socket.

Related: rhbz#1613058
2018-10-02 16:50:28 -07:00
Alexander Todorov
920aed16e2 New cli test covering basic compose commands
- need to specify --sharedir so lorax-composer can find its
  kickstart files

- each test script writes results into a separate directory to
  avoid a passing test overwriting the results from a failing one.
  To avoid reporting failures in case of previously failing tests
  (e.g. during development) remove the temporary directories holding
  tets results before execution!
2018-10-02 22:52:57 +02:00
Alexander Todorov
959589652b Execute bash tests for composer-cli
these are built on top of beakerlib and we use its internal
protocol to figure out the result without relying on the full
test runner that is tipically used inside of a RHEL environment!

Includes a disabled test snippet for Issue #460
2018-10-02 22:52:57 +02:00
David Shea
d94ed86cd3 Add virt guest agents to the qcow2 compose
(cherry picked from commit d5a1993640)

Resolves: rhbz#1628645
2018-10-02 13:06:59 -04:00
David Shea
1a23dc0f2b Add a vmdk compose type.
This is similar to the AMI type, but also adds open-vm-tools and does not do
anything special to the partitioning

(cherry picked from commit 1056bfc25b)

Resolves: rhbz#1628646
2018-10-02 13:06:56 -04:00
David Shea
1c1f97ad70 Add a vhd compose type for Azure images
This does pretty much the same things as the AMI compose type, but also
replaces NetworkManager with the Azure linux agent.

(cherry picked from commit e0c236ff36)

Resolves: rhbz#1628648
2018-10-02 13:06:10 -04:00
David Shea
253689ff49 Add an ami compose type for AWS images
This differs from lmc's --make-ami in that creates a full disk image instead of
an fsimage. Create a raw disk image with a / and /boot partitions, and enable
sshd, chronyd, and cockpit by default.

(cherry picked from commit 18188bf6cf)

Resolves: rhbz#1628647
2018-10-02 13:05:40 -04:00
David Shea
b8a7774629 Remove --fstype from the generated part line
Instead of specifying the fstype, just let anaconda use the default.

(cherry picked from commit 847fff4e11)

Related: rhbz#1628647
Related: rhbz#1628648
2018-10-02 12:57:38 -04:00
Brian C. Lane
cec5f941bf Automatic commit of package [lorax] release [28.14.10-1].
Created by command:

/usr/bin/tito tag
2018-10-01 15:30:19 -07:00
Brian C. Lane
5eb9272c41 Add tito support for Related/Resolves to the branch
This will make it easier to generate the changelog, copied from
rhel7-branch.

Related: rhbz#1613058
2018-10-01 15:28:50 -07:00
Brian C. Lane
ca2eb38d92 Always update repo metadata when building an image
When the kickstart is handed off to Anaconda for building it will
download its own copy of the metadata and re-run the depsolve. So if the
dnf cache isn't current there will be a mismatch and the build will
fail to find some of the versions in final-kickstart.ks

This adds a new context to DNFLock, .lock_check, that will force a check
of the metadata. It also implements its own timeout and forces a
refresh of the metadata when that expires because the dnf expiration
doesn't always work as expected.

Resolves: rhbz#1631561
2018-10-01 14:50:11 -07:00
Brian C. Lane
31c1899a02 Add a test for repo metadata expiration
This tests to make sure that the metadata timer is working (by setting
it to 10s and adding a new package to the repo), and that
DNFLock.lock_check immediately picks up a new package.

This depends on rpmfluff which is available from Fedora or EPEL repos.

Related: rhbz#1631561
2018-10-01 14:47:49 -07:00
Brian C. Lane
e48bd5be96 Add tests for setting root password and ssh key with blueprints
Related: rhbz#1626120
2018-09-28 15:38:33 -07:00
Brian C. Lane
1c99408542 Use rootpw for setting the root password instead of user
Ends up you cannot use the kickstart user command on root, since it
already exists, so we have to translate that into a rootpw command.

So [[customizations.user]] with name = "root" only support key, which
will set the ssh key, and password which will use rootpw to set the
password. plain text or encrypted are supported.

Related: rhbz#1626122
2018-09-28 15:38:02 -07:00
Brian C. Lane
85d7d3d01a Lock the root account, except on live-iso
If we leave the root account w/o a password people will use it that way,
leading to insecure images. Also if we use a default password. So lock
the root account in the templates.

Users will need to do one of these things:
 1. Use [[customizations.user]] in their blueprint to configure root or
    another user.
 2. Use [[customizations.sshkey]] to set a key for root
 2. Install a package that configures a user at install time
 3. Install a package that sets up a user at boot time (eg. cloud-init)

This also drops the auth line from the kickstart templates, allowing it
to use the default password algoritm instead of md5.

Resolves: rhbz#1626122
2018-09-28 15:34:58 -07:00
Brian C. Lane
546c8b5a62 Automatic commit of package [lorax] release [28.14.9-1].
Created by command:

/usr/bin/tito tag
2018-09-25 10:07:19 -07:00
Brian C. Lane
c355f0f203 lorax: Only run depmod on the installed kernels
In the near-future there may be /lib/modules/ directories for older
kernels with weak dependencies listed. These may not match the installed
kernel(s) so we cannot depend on them to drive generate_module_data.

Instead use the existing findkernels() function to get the list of
installed kernels and iterate those, running depmod on them.

Resolves: rhbz#1632140

(cherry picked from commit 07acd2e780)
2018-09-25 09:17:01 -07:00
Brian C. Lane
9cb0df6223 Automatic commit of package [lorax] release [28.14.8-1].
Created by command:

/usr/bin/tito tag
2018-09-18 10:25:47 -07:00