To maintain consistency with the other options this changes firewall to
combine the existing settings from the image template with the settings
from the blueprint.
Also updated the docs, added a new test for it, and sorted the output
for consistency.
(cherry picked from commit 3e08389a0f)
Make it clear that the services are added to services already listed in
the image templates, and that you can specify any systemd unit filename.
Older releases are more restrictive, and this documentation will need to
be updated when these changes are backported.
(cherry picked from commit 4f701e7e92)
Add support for enabling and disabling systemd services in the
blueprint. It works like this:
[customizations.services]
enabled = ["sshd", "cockpit.socket", "httpd"]
disabled = ["postfix", "telnetd"]
They are *added* to any existing settings in the kickstart templates.
(cherry picked from commit 1111aee92d)
You can now open ports in the firewall, using port numbers or service
names:
[customizations.firewall]
ports = ["22:tcp", "80:tcp", "imap:tcp", "53:tcp", "53:udp"]
Or enable/disable services registered with firewalld:
[customizations.firewall.services]
enabled = ["ftp", "ntp", "dhcp"]
disabled = ["telnet"]
If the template contains firewall --disabled it cannot be overridden,
under the assumption that it is required for the image to boot in the
selected environment.
(cherry picked from commit 4d35668ab5)
You can now set the keyboard layout and language. Eg.
[customizations.locale]
languages = ["en_CA.utf8", "en_HK.utf8"]
keyboard = "de (dvorak)"
Existing entries in the kickstart templates are replaced with the new
ones. If there are no entries then it will default to 'keyboard us' and
'lang en_US.UTF-8'
Includes tests, and leaves the existing keyboard and lang entries in the
templates with a note that they can be replaced by the blueprint.
(cherry picked from commit e5a8700bdf)
This fixes the customizations list problem earlier than in
add_customizations.
In the recipe it should be [customizations] not [[customizations]]
which creates a list. If it was used that way grab the first element and
replace the list with it.
(cherry picked from commit 67007dfa60)
For example:
[customizations.timezone]
timezone = "US/Samoa"
ntpservers = ["0.pool.ntp.org"]
Also includes tests.
This removes the timezone kickstart command from all of the templates
except for google.ks which needs to set it's own ntp servers and timezone.
If timezone isn't included in the blueprint, and it is not already in a
template, it will be set to 'timezone UTC' by default.
If timezone is set in a template it is left as-is, under the assumption
that the image type requires it to boot correctly.
(cherry picked from commit 9bdbb29662)
The goal here is to do the minimum needed to get the images setup for
use so they can have more complex customizations applied later.
I think this list is a pretty good minimal set of features without going
full kickstart.
(cherry picked from commit 95c288d829)
> bcl: this should really be [[packages]] since [[modules]] is
> going to change to actual modules at some point
(cherry picked from commit 933fad9ded)
- verify SemVer .patch number will be automatically updated when
we push the blueprint a second time without changing version
- verify show displays the content in TOML format and it matches
what is on disk. Because of that also start with empty packages
and groups fields in the initial toml. If they are missing they
will be added automatically by lorax-composer and this simplifies
the test
- verify delete works
(cherry picked from commit 7cbb324ae5)
Fixes related to a few issues in the locked root account test I somehow
managed to overlook in the initial commit.
(cherry picked from commit 209bdd6911)
The original "recipes" term is indicated in the composer-cli description,
but the identifier has been changed to "blueprints" with later releases.
This commit changes the string to "blueprints".
(cherry picked from commit 613d91299d)
Instances, Volumes, Snapshots, AMIs and s3 objects with the "keep_me" tag will
not be deleted automatically even if they are older then the specified time limit.
(cherry picked from commit db7b1e4fcd)
This compose type creates a partitioned disk as a qcow2 file, but with
only one partition instead of using a separate /boot.
(cherry picked from commit 44e14176bb)
This is based on the VHD compose type, with the following differences:
* Use the vhdx format instead of vhd
* No WALinuxAgent
* Install hyperv-daemons
The hyperv-daemons are activated through udev rules, so there is no need
to add them to the services line.
(cherry picked from commit 434fe58c28)
This option will create an optionally compressed tarball containing a
disk image. This format is used by Google's Compute Engine.
This also adds a new option, tar_disk_name, to set the name of the disk
image that will be wrapped in the final tarball. opts.image_name
continues to be the final output file name.
(cherry picked from commit c941b82b0c)
Modify imgutils.compress to allow the "rootdir" argument to be either a
directory or a single file to add to an archive.
(cherry picked from commit c585b91422)
If provided, round the disk image size up to a multiple of the value.
This allows for image formats with specific size-alignment requirements
(e.g., disk size must be in GiB).
(cherry picked from commit 8ef4f431d8)
Make sure that dotfiles are installed when not directly under /
Make sure / is not packaged in the rpm (it will cause a conflict with
the filesystem package).
Make sure that using destination="/" works
(cherry picked from commit 6fd06c6931)
rpmfluff was including / in the rpm, which conflicts with
filesystem.rpm
The rpm globs are pretty limited, and we don't actually know the file
paths until later, so we have to use a glob or a directory.
So when the destination is / it now uses /* to select all the files and
sub-directories in the archive. The limitation of this is that it cannot
support dotfiles directly under /, they will cause a rpmbuild error.
For destinations other than / it uses the name of the directory, so
dotfiles are fine in that situation.
(cherry picked from commit 049f68cb60)
Change the docs-in-docker target to generate the docs for the NEXT
release, not the current one. Also pass in uid/gid so that the new files
can be set to the correct ownership instead of root.
Modify docs/conf.py to bump the version of the docs if
LORAX_VERSION=next is set in the environment.
(cherry picked from commit 2acd13d612)
The root account checks are applied to generated and deployed images
to make sure that root account is locked, except for live ISO.
(cherry picked from commit 655e7e40c0)
- Check final-kickstart.ks for the rpm source
- Check final-kickstart.ks for the rpm package name and version
- Make sure depsolve works
- Make sure errors from a bad repo are returned correctly
- Make sure errors from a bad reference are returned correctly
This moves _wait_for_status into a helper function so it can be shared
between the test classes.
(cherry picked from commit 8c2184d59e)
This hooks up creation of the rpm to the build, adds it to the
kickstart, and passes the url to Anaconda. The dnf repo with the rpms is
created under the results directory so it will be included when
downloading the build's results.
(cherry picked from commit cd8c884adb)
This handles creating the rpm from the dictionary describing the
repository and rpm. Also adds tests for archive and rpm creation.
(cherry picked from commit f6f2308765)
This adds support, documentation, and testing for a [[repos.git]]
blueprint section that can be used to install files from a git
repository. It will create an rpm that will be added to the build,
and included in the metadata that can be downloaded. This allows you to
accurately keep track of the source of configuration files and extra
metadata that is added to the build.
The source repo and reference will be listed in the rpm's summary making
it easy to discover on the installed system.
(cherry picked from commit d7b96c8f0f)
this minimizes the possibility of these two to diverge over time.
make ci is the default for Jenkins and will also be used for
internal gating tests.
(cherry picked from commit f5286e1243)
this will allow you to test against installed RPM like so:
# export CLI="/usr/bin/composer-cli"
# make test_images
If you already have lorax-composer running then you can directly
execute test scripts:
# ./tests/cli/test_build_and_deploy_aws.sh
(cherry picked from commit 85dfbd7911)
Reading a blueprint wasn't checking to see if it had been deleted so it
was returning the most recent commit before it had been deleted. This
allowed things like starting a compose with a blueprint that technically
doesn't exist.
One exception to this is the /changes/ route, it must be available so
that you can use the commit hash to undo a delete.
This also adds tests for the various operations.
Resolves: rhbz#1682113
(cherry picked from commit d32f477e0b)
