Commit Graph

2020 Commits

Author SHA1 Message Date
Lars Karlitski
ec47fe12a9 cli: Clarify error message for unprivileged access
`os.path.exists("/run/weldr/api.socket")` returns False for users which have no
access. This leads to composer printing that the file does not exist, which is
misleading.

Since it's no possible to distinguish the two cases, fix this problem by
combining them and showing a single error message.
2018-10-05 09:09:10 -07:00
Brian C. Lane
c7b4dce2b6 Write a rootpw line if no root customizations in the blueprint
Anaconda requires the root password to be set or locked, so if there
isn't anything setting it we write out 'rootpw --lock'

Also adds tests for this.

Resolves: rhbz#1626122
2018-10-05 09:09:10 -07:00
Brian C. Lane
b35fe9d32a Add beakerlib to Dockerfile.test
Also kill the lorax-composer process and remove /run/weldr/api.socket
so that when this is run with podman you don't get an error about
attempting to tar up the socket.
2018-10-05 09:09:10 -07:00
Brian C. Lane
75523f7a49 Adjust the new templates for locked root
also remote the auth line so that it uses the defaults.

Related: rhbz#1628645
Related: rhbz#1628646
Related: rhbz#1628647
Related: rhbz#1628648
2018-10-05 09:09:10 -07:00
Brian C. Lane
1f514a3e55 Adjust projects test for DNF 3.6.1 tuple issue 2018-10-05 09:09:10 -07:00
Adam Williamson
8bc6282083 Don't try to append to DNF config value that can't take it
See https://bugzilla.redhat.com/show_bug.cgi?id=1595917 and
https://github.com/rpm-software-management/dnf/pull/1200 for
more on this. Briefly, DNF before 3.0 presented this config
value as a list...and mutating it worked. DNF from 3.0 until
3.6 presented it as a list...mutating it didn't work, but also
didn't *fail*, so this has actually not been doing anything on
DNF 3.x but we haven't noticed.

In DNF 3.6 values like this are presented as tuples instead of
lists, to try and catch usages like this, and it worked! We
need to change this one.

There is an additional weirdness here. tsflags is actually, in
libdnf terms, an OptionStringListAppend option: that means that
when something tries to *set* its value, the new value is just
appended to the existing list of values. This is very weird
behaviour when you're interacting with it like this, but
happens to be quite useful, as we can just 'set' the value to
a list like this and it will actually get appended (which is
what we want), and this one syntax happens to work correctly in
DNF 2.x, 3.0 through 3.5.1, and 3.6.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2018-10-05 09:09:10 -07:00
Brian C. Lane
6e86328865 Always update repo metadata when building an image
When the kickstart is handed off to Anaconda for building it will
download its own copy of the metadata and re-run the depsolve. So if the
dnf cache isn't current there will be a mismatch and the build will
fail to find some of the versions in final-kickstart.ks

This adds a new context to DNFLock, .lock_check, that will force a check
of the metadata. It also implements its own timeout and forces a
refresh of the metadata when that expires because the dnf expiration
doesn't always work as expected.

Resolves: rhbz#1631561
2018-10-05 09:09:10 -07:00
Brian C. Lane
5184ccef9f Add a test for repo metadata expiration
This tests to make sure that the metadata timer is working (by setting
it to 10s and adding a new package to the repo), and that
DNFLock.lock_check immediately picks up a new package.

This depends on rpmfluff which is available from Fedora or EPEL repos.

Related: rhbz#1631561
2018-10-05 09:09:10 -07:00
Brian C. Lane
1c0705f4e0 Add tests for setting root password and ssh key with blueprints
Related: rhbz#1626120
2018-10-05 09:09:10 -07:00
Brian C. Lane
891729528f Use rootpw for setting the root password instead of user
Ends up you cannot use the kickstart user command on root, since it
already exists, so we have to translate that into a rootpw command.

So [[customizations.user]] with name = "root" only support key, which
will set the ssh key, and password which will use rootpw to set the
password. plain text or encrypted are supported.

Related: rhbz#1626122
2018-10-05 09:09:10 -07:00
Brian C. Lane
8963c33e16 Lock the root account, except on live-iso
If we leave the root account w/o a password people will use it that way,
leading to insecure images. Also if we use a default password. So lock
the root account in the templates.

Users will need to do one of these things:
 1. Use [[customizations.user]] in their blueprint to configure root or
    another user.
 2. Use [[customizations.sshkey]] to set a key for root
 2. Install a package that configures a user at install time
 3. Install a package that sets up a user at boot time (eg. cloud-init)

This also drops the auth line from the kickstart templates, allowing it
to use the default password algoritm instead of md5.

Resolves: rhbz#1626122
2018-10-05 09:09:10 -07:00
David Shea
3ad5a5cccf Add new compose types to compose sanity test 2018-10-05 09:09:10 -07:00
David Shea
bd8fdb8c0e Add virt guest agents to the qcow2 compose 2018-10-05 09:09:10 -07:00
David Shea
ecd4327a01 Add a vmdk compose type.
This is similar to the AMI type, but also adds open-vm-tools and does not do
anything special to the partitioning
2018-10-05 09:09:10 -07:00
David Shea
d6274ec413 Add a vhd compose type for Azure images
This does pretty much the same things as the AMI compose type, but also
replaces NetworkManager with the Azure linux agent.
2018-10-05 09:09:10 -07:00
David Shea
af3cab0dfe Add an ami compose type for AWS images
This differs from lmc's --make-ami in that creates a full disk image instead of
an fsimage. Create a raw disk image with a / and /boot partitions, and enable
sshd, chronyd, and cockpit by default.
2018-10-05 09:09:10 -07:00
David Shea
0e629f3d2a Remove --fstype from the generated part line
Instead of specifying the fstype, just let anaconda use the default.
2018-10-05 09:09:10 -07:00
Lars Karlitski
3cd4a3cb49 Also run make check on travis 2018-10-05 09:09:10 -07:00
Lars Karlitski
e559418ec4 Fix pylint errors and warnings
Remove `except` block which immediately raises the same exception again (it's
not a subclass of another caught exception, so this is safe).

Remove a false positive, because it is not emitted from the code base.

Disable subprocess-popen-preexec-fn in startProgram, which is not used
internally.
2018-10-05 09:09:10 -07:00
Alexander Todorov
79422eb78b New cli test covering basic compose commands
- need to specify --sharedir so lorax-composer can find its
  kickstart files

- each test script writes results into a separate directory to
  avoid a passing test overwriting the results from a failing one.
  To avoid reporting failures in case of previously failing tests
  (e.g. during development) remove the temporary directories holding
  tets results before execution!
2018-10-05 09:09:10 -07:00
Alexander Todorov
e2e73973dc Execute bash tests for composer-cli
these are built on top of beakerlib and we use its internal
protocol to figure out the result without relying on the full
test runner that is tipically used inside of a RHEL environment!

Includes a disabled test snippet for Issue #460
2018-10-05 09:09:10 -07:00
Lars Karlitski
d540ba3a23 Rename composer-cli to composer 2018-10-05 09:09:10 -07:00
Brian C. Lane
490f7f6cf1 Include python3-pyatspi on boot.iso (#1506595)
Including this makes it easier for dogtail tests to be run on the
various releases.
2018-10-05 09:09:10 -07:00
Stef Walter
0ec66e3ef2 Start a HACKING.md file and document how to run the tests 2018-10-05 09:09:10 -07:00
Stef Walter
f32ef25fd1 tests: Fix tests so they run on Fedora 28
Broaden the match for Samba in the glusterfs blueprint so it
can work on Fedora 28
2018-10-05 09:09:10 -07:00
Stef Walter
c37b9f57e5 Ignore files created by tests 2018-10-05 09:09:10 -07:00
Stef Walter
a148f8edde Makefile: Fix the 'make install' target
This fixes the 'make install' target to work on a typical RHEL or
Fedora system. We now by default install to a prefix of /usr instead
of /usr/local

The prefix is overridable like so:

     $ make install PREFIX=/opt/
2018-10-05 09:09:10 -07:00
Akira TAGOH
d329ebd519 Replace CJK fonts with Google Noto CJK 2018-10-05 09:09:10 -07:00
David Shea
41a91d031f Fix a DeprecationWarning
SafeConfigParser is just a deprecated version of ConfigParser in
python3, so use ConfigParser.
2018-10-05 09:09:10 -07:00
David Shea
9ee2d46a32 Fix the expected versions of blueprint components 2018-10-05 09:09:10 -07:00
Brian C. Lane
bb73d93663 Automatic commit of package [lorax] release [29.15-1].
Created by command:

/usr/bin/tito tag
2018-10-05 09:09:10 -07:00
Brian C. Lane
9de0948511 Add a Makefile target for building html docs using a rawhide environment
This makes it easier to generate new documentation for
http://weldr.io/lorax/

It requires having a current welder/lorax-composer:latest image (created with
the test-in-docker target), then run docs-in-docker to rerun sphinx with
the docs/html directory mounted from the container.
2018-10-05 09:09:10 -07:00
Radek Vykydal
576888bd31 Revert "Don't activate default auto connections after switchroot"
This reverts commit 044d7381a2.
2018-10-05 09:09:10 -07:00
Brian C. Lane
5204e3c6f4 New lorax documentation - 29.14 2018-10-05 09:09:10 -07:00
Brian C. Lane
38e03dad63 Automatic commit of package [lorax] release [29.14-1].
Created by command:

/usr/bin/tito tag
2018-10-05 09:09:10 -07:00
Peter Robinson
bc4c230128 Add the create ISO component for ARMv7
The ostree compose process in pungi wants ISOs and it was the last part
of the ARMv7 components that weren't at parity with other architectures.
Add the missing functionality.

Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
2018-10-05 09:09:10 -07:00
Radek Vykydal
3e4bed4df3 Don't activate default auto connections after switchroot
Resolves: rhbz#1555934

Add NetworkManager config file turning default auto connections off.
2018-10-05 09:09:10 -07:00
Brian C. Lane
77ba534832 Ignore a pylint warning about UnquotingConfigParser get args
The args differ, but we are accepting and passing through all args so
it's ok.

Related: rhbz#1613058
2018-10-05 09:09:10 -07:00
Adam Williamson
75400f6a7f Ditch all use of pyanaconda's simpleconfig
lorax uses pyanaconda's SimpleConfigParser in three different
places (twice with a copy that's been dumped into pylorax, once
by importing it), just to do a fairly simple job: read some
values out of /etc/os-release. The only value SimpleConfigParser
is adding over Python's own ConfigParser here is to read a file
with no section headers, and to unquote the values. The cost is
either a dependency on pyanaconda, or needing to copy the whole
of simpleparser plus some other utility bits from pyanaconda
into lorax. This seems like a bad trade-off.

This changes the approach: we copy one very simple utility
function from pyanaconda (`unquote`), and do some very simple
wrapping of ConfigParser to handle reading a file without any
section headers, and returning unquoted values. This way we can
read what we need out of os-release without needing a dep on
pyanaconda or to copy lots of things from it into pylorax.

Resolves: #449
Resolves: #450

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2018-10-05 09:09:10 -07:00
Brian C. Lane
fa1ba96a73 Automatic commit of package [lorax] release [29.13-1].
Created by command:

/usr/bin/tito tag
2018-10-05 09:09:10 -07:00
Brian C. Lane
cbf3599636 Update the example blueprints for rawhide 2018-10-05 09:09:10 -07:00
Brian C. Lane
ed9fc1885a Bump required dnf version to 3.2.0 for module_platform_id support 2018-10-05 09:09:10 -07:00
Brian C. Lane
f41ca1e0fb Add support for DNF 3.2 module_platform_id config value
This borrows simpleconfig.py from Anaconda to make parsing os-release
easier.

It defaults to platform:el8
2018-10-05 09:09:10 -07:00
Brian C. Lane
9a83a5cb3f lorax: Only run depmod on the installed kernels
In the near-future there may be /lib/modules/ directories for older
kernels with weak dependencies listed. These may not match the installed
kernel(s) so we cannot depend on them to drive generate_module_data.

Instead use the existing findkernels() function to get the list of
installed kernels and iterate those, running depmod on them.

Resolves: rhbz#1622213
2018-10-05 09:09:10 -07:00
David Shea
b0872c8f17 Make no-virt generated images sparser
At the end of disk image installs, use fstrim on the generated filesystem to
discard any blocks that were allocated during the install and are now unused.
This will allow tools such as qemu-img to create images that do not include
deleted data.

For raw disk images that do not go through qemu-img, use fallocate --dig-holes
to create sparse holes in place of the unused blocks.

(cherry picked from commit 9717b3fd98)
2018-10-05 11:26:13 -04:00
Brian C. Lane
c7ba2e6231 Update Dockerfile.test to use f29 from fedora registry
Related: rhbz#1636207
2018-10-04 12:37:52 -07:00
Brian C. Lane
7ac3e20234 Need to explicitly require python3-librepo (#1626413)
python3-dnf no longer requires it, so add it to lorax.spec
2018-09-27 15:28:57 -07:00
Brian C. Lane
55e9653cde Automatic commit of package [lorax] release [29.12-1].
Created by command:

/usr/bin/tito tag
2018-08-28 13:00:22 -07:00
Peter Robinson
8b0d2648dd Minor package fixes for aarch64/ARMv7
The grub2-tools-efi is Mac specific, we still need uboot-tools in some corner cases.

Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
2018-08-28 12:56:20 -07:00
Brian C. Lane
e0cad3dcf8 Automatic commit of package [lorax] release [29.11-1].
Created by command:

/usr/bin/tito tag
2018-08-27 15:34:15 -07:00