Commit Graph

937 Commits

Author SHA1 Message Date
Brian C. Lane
acad424005 lorax-composer: Fix customizations when creating a recipe
This fixes the customizations list problem earlier than in
add_customizations.

In the recipe it should be [customizations] not [[customizations]]
which creates a list. If it was used that way grab the first element and
replace the list with it.

(cherry picked from commit 67007dfa60)
(cherry picked from commit 84a9fcccde)
2019-05-06 12:09:00 -07:00
Brian C. Lane
2c03c49149 lorax-composer: Add timezone support to blueprint
For example:

[customizations.timezone]
timezone = "US/Samoa"
ntpservers = ["0.pool.ntp.org"]

Also includes tests.

This removes the timezone kickstart command from all of the templates
except for google.ks which needs to set it's own ntp servers and timezone.

If timezone isn't included in the blueprint, and it is not already in a
template, it will be set to 'timezone UTC' by default.

If timezone is set in a template it is left as-is, under the assumption
that the image type requires it to boot correctly.

(cherry picked from commit 9bdbb29662)
(cherry picked from commit 40150508b8)
2019-05-06 12:09:00 -07:00
David Shea
9a4a45f05a Add a compose type for alibaba.
This compose type creates a partitioned disk as a qcow2 file, but with
only one partition instead of using a separate /boot.

(cherry picked from commit 44e14176bb)
(cherry picked from commit 0f59e576d8)
2019-05-06 12:07:29 -07:00
David Shea
0220077242 Add a new compose type for Hyper-V
This is based on the VHD compose type, with the following differences:

  * Use the vhdx format instead of vhd
  * No WALinuxAgent
  * Install hyperv-daemons

The hyperv-daemons are activated through udev rules, so there is no need
to add them to the services line.

(cherry picked from commit 434fe58c28)
(cherry picked from commit 367c2583e4)
2019-05-06 12:07:29 -07:00
David Shea
4e144e15b7 Add a new output type, tar-disk.
This option will create an optionally compressed tarball containing a
disk image. This format is used by Google's Compute Engine.

This also adds a new option, tar_disk_name, to set the name of the disk
image that will be wrapped in the final tarball. opts.image_name
continues to be the final output file name.

(cherry picked from commit c941b82b0c)
(cherry picked from commit 121717ac4a)
2019-05-06 12:07:29 -07:00
David Shea
b52877b63c Support compressing single files.
Modify imgutils.compress to allow the "rootdir" argument to be either a
directory or a single file to add to an archive.

(cherry picked from commit c585b91422)
(cherry picked from commit 5308e7bfec)
2019-05-06 12:07:29 -07:00
David Shea
c74e50d99d Add an option to align the image size to a multiplier.
If provided, round the disk image size up to a multiple of the value.
This allows for image formats with specific size-alignment requirements
(e.g., disk size must be in GiB).

(cherry picked from commit 8ef4f431d8)
(cherry picked from commit b2a33d5654)
2019-05-06 12:07:29 -07:00
Brian C. Lane
e84bf3a64c lorax-composer: Fix installing files from [[repos.git]] to /
rpmfluff was including / in the rpm, which conflicts with
filesystem.rpm

The rpm globs are pretty limited, and we don't actually know the file
paths until later, so we have to use a glob or a directory.

So when the destination is / it now uses /* to select all the files and
sub-directories in the archive. The limitation of this is that it cannot
support dotfiles directly under /, they will cause a rpmbuild error.

For destinations other than / it uses the name of the directory, so
dotfiles are fine in that situation.

(cherry picked from commit 049f68cb60)
(cherry picked from commit 4073dd4e4d)
2019-05-06 12:07:06 -07:00
Brian C. Lane
b25995d9d4 rpmgit: catch potential errors while running git
Log them and report them as RuntimeError. Also add a couple tests for
them.

(cherry picked from commit 61efa91a03)
(cherry picked from commit 087b0fe8c6)
2019-05-06 12:06:06 -07:00
Brian C. Lane
8696f197d4 Add repos.git support to lorax-composer builds
This hooks up creation of the rpm to the build, adds it to the
kickstart, and passes the url to Anaconda. The dnf repo with the rpms is
created under the results directory so it will be included when
downloading the build's results.

(cherry picked from commit cd8c884adb)
(cherry picked from commit 2e596010d3)
2019-05-06 12:05:34 -07:00
Brian C. Lane
0169422746 Add pylorax.api.gitrpm module and tests
This handles creating the rpm from the dictionary describing the
repository and rpm. Also adds tests for archive and rpm creation.

(cherry picked from commit f6f2308765)
(cherry picked from commit efc77c1d71)
2019-05-06 12:05:34 -07:00
Brian C. Lane
21b03c2108 Add support for [[repos.git]] section to blueprints
This adds support, documentation, and testing for a [[repos.git]]
blueprint section that can be used to install files from a git
repository. It will create an rpm that will be added to the build,
and included in the metadata that can be downloaded. This allows you to
accurately keep track of the source of configuration files and extra
metadata that is added to the build.

The source repo and reference will be listed in the rpm's summary making
it easy to discover on the installed system.

(cherry picked from commit d7b96c8f0f)
(cherry picked from commit 047f174dcf)
2019-05-06 12:05:34 -07:00
Brian C. Lane
2dd3dd54c5 lorax-composer: Return UnknownBlueprint errors when using deleted blueprints
Reading a blueprint wasn't checking to see if it had been deleted so it
was returning the most recent commit before it had been deleted. This
allowed things like starting a compose with a blueprint that technically
doesn't exist.

One exception to this is the /changes/ route, it must be available so
that you can use the commit hash to undo a delete.

This also adds tests for the various operations.

Resolves: rhbz#1682113
(cherry picked from commit d32f477e0b)
(cherry picked from commit 82aa9cdbc6)
2019-05-06 12:00:22 -07:00
Brian C. Lane
d0458750df lorax-composer: Delete workspace copy when deleting blueprint
Also extends the blueprint delete test to also check the workspace.

(cherry picked from commit 26bd2c1378)
(cherry picked from commit 5c0f127b3c)
2019-05-06 12:00:22 -07:00
Brian C. Lane
35faa61f7e lorax-composer: pass customization.kernel append to extra_boot_args
This allows iso builds to include the extra kernel boot parameters by
passing them to the arch-specific live/*tmpl template.

Also adds tests to make sure it is written to config.toml in the build
metadata.

(cherry picked from commit 5dea308080)
(cherry picked from commit 2861bdb95e)
2019-05-06 11:56:17 -07:00
Brian C. Lane
78ccea2231 Improve logging for template syntax errors
The shlex splitting can fail, resulting in error messages like:

ERROR livemedia-creator: No closing quotation

without any context in the log files. This logs the line that failed to
be split and expanded.

(cherry picked from commit f9665940bb)
(cherry picked from commit 4c0e632b93)
2019-05-06 11:56:17 -07:00
Brian C. Lane
6aa0a3fdf6 Add extra boot args to the livemedia-creator iso templates
This adds a new livemedia-creator argument, --extra-boot-args, which can
be used to add arguments to the kernel command-line in the templates.

(cherry picked from commit 235813212f)
(cherry picked from commit 48548722b3)
2019-05-06 11:56:09 -07:00
Brian C. Lane
afa68df873 lorax-composer: Add the ability to append to the kernel command-line
Sometimes it is necessary to modify the kernel command-line of the
image, this adds support for a [customizations.kernel] section to the
blueprint:

[customizations.kernel]
append = "nosmt=force"

This will be appended to the kickstart's bootloader --append argument.

Includes tests for modifying the bootloader line, the kickstart
template, and examining the final-kickstart.ks created for a compose.

(cherry picked from commit 59464286f9)
(cherry picked from commit c5f4dfe113)
2019-05-06 11:54:56 -07:00
Brian C. Lane
935f66662b qemu wasn't restoring the terminal if it was terminated early
You would need to run reset to regain control of your terminal after
this happened, so this turns off the monitor and serial port mux to
stdout.

(cherry picked from commit 1accce819afac96a6d58f24a4908a4913e46624c)
(cherry picked from commit ae07d8d888)
2019-05-06 11:54:17 -07:00
Brian C. Lane
53c4daa529 Switch the --virt-uefi method to use SecureBoot
This updates the qemu arguments so that it will actually work, and
switches to using SecureBoot OVMF firmware.

(cherry picked from commit f2b19cfcf7e23dfdb7176fcb1fa8b0335da5aa9a)
(cherry picked from commit 79c38687f3)
2019-05-06 11:51:32 -07:00
Brian C. Lane
1fd73cde52 Move the package requirements for live-iso setup out of the template
In order to support iso creation on multiple arches with the templates
we need to be able to select different packages based on arch.
lorax-composer uses the arch-specific Lorax templates in order to
generate the output iso so this patch:

1. Creates a new template and type to parse it, live-install.tmpl
   which contains only installpkg commands and #if clauses for arch
2. Removes bootloader related packages from the live-iso.ks
3. Remove dracut-config-rescue exclusion because it can cause problems
   with some blueprints.
4. Switch logo requirement to system-logos which is satisfied by
   generic-logos or fedora-logos. This prevents conflicts when a blueprint
   installs fedora-release-workstation.

So in the future, if x86.tmpl, etc. need a new package to support
creating the iso it should be added to the correct section in
./share/live/live-install.tmpl

(cherry picked from commit 3b8de2a233)
2019-05-06 11:45:32 -07:00
Brian C. Lane
4f07db73a5 Add LiveTemplateRunner to parse per-arch live-iso package requirements
This template runner only uses the installpkg command to gather a list
of package NEVRA to be installed to support live iso creation.

(cherry picked from commit 6c5e89ed14)
2019-05-06 11:45:32 -07:00
Brian C. Lane
54fe00d16e Move the run part of LoraxTemplateRunner into new TemplateRunner class
This will make it easier to add a new subclass that only handles
installpkg for use with livemedia-creator and lorax-composer iso
creation.

(cherry picked from commit 8eaad3bc5e)
2019-05-06 11:45:32 -07:00
Brian C. Lane
19375b9d4e livemedia-creator: Add support for reqpart kickstart command
reqpart can be used to make kickstarts more platform agnostic, creating
needed partitions without lmc having to keep track of the arch-specific
needs. eg. ppc64 needs prepboot and /boot

This increases the size of the disk based on whether reqpart or
reqpart --add-boot is in the kickstart.

Note that this is only valid for partitioned disk output types, not
for filesystem images or live iso output.

(cherry picked from commit b47554d716)
2019-05-06 11:45:32 -07:00
Brian C. Lane
3d2c085cf0 Clarify the ks repo only error message
This also moves the run_creator kickstart checks into check_kickstart
so that tests may be added.

This will close #164

(cherry picked from commit 3676cb65bb)
2019-05-06 11:45:09 -07:00
Brian C. Lane
b537d653c4 Drop _unique_dicts function
It is not actually needed. projects_info deduplicates the package list,
placing other builds into the builds list instead of making a new
package entry. So it returns a sorted and deduped list of packages, as
expected.

(cherry picked from commit 6443f34337)
2019-05-03 17:05:36 -07:00
Brian C. Lane
a08dd1585c Remove 3G minimum from lorax-composer
The reason for the 3G minimum was because anaconda had a bug with how it
calculated minimum disk size when using kickstart. The gix for this has
been in Anaconda since 29.19-1, so we can now remove our limit and
create somewhat smaller disk images.

(cherry picked from commit 7e78dc368f)
2019-05-03 17:02:28 -07:00
Chris Lumens
1a76c4816f Run as root/weldr by default.
We need to be root to read the certificates that give access to the
package repos.  Right now, the alternative seems to be changing
permissions on the certs themselves, which seems less good.  We're
running anaconda as root anyway.

(cherry picked from commit 022e9eba3e)
2019-05-03 17:01:30 -07:00
Lars Karlitski
8814231a09 Pass ssl certificate options to anaconda
If a repository has `sslcacert`, `sslclientcert`, or `ssclientkey` set,
pass them to anaconda through the kickstart file. This is mostly the
case when using RHEL repositories that are accessed through a
subscription.

(cherry picked from commit e194b5926c)
2019-05-03 17:01:30 -07:00
Brian C. Lane
2fd6c6b549 Add timestamps to program.log and dnf.log
In lorax, lorax-composer, and livemedia-creator.

(cherry picked from commit fd173f7265)
2019-05-03 16:54:37 -07:00
Brian C. Lane
faad43ced8 Create a kpartx_disk_img function
So that it can be used in tests as well as in imgutils

(cherry picked from commit d69f01d4a8)
2019-05-03 16:39:12 -07:00
Brian C. Lane
5fa5b8e142 Fix make_appliance and the libvirt.tmpl
Apparently nobody has used these since the switch to py3, xrange is now
range and it needs to read the file in binary mode when generating the
sha256.

(cherry picked from commit 8e749efbbf)
2019-05-03 16:38:54 -07:00
Marek Marczykowski-Górecki
a8d8a4a2ef Add --squashfs-only option to drop inner rootfs.img layer
Make runtime directly into squashfs image. This reduces largely
unreproducible ext4 layer, but requires anaconda's dracut module
modification to properly mount the image.

(cherry picked from commit 27e611629f)
2019-05-03 16:34:50 -07:00
Brian C. Lane
ccb11427d0 lorax: Log when SOURCE_DATE_EPOCH is used for the current time
(cherry picked from commit 5409748e75)
2019-05-03 16:34:42 -07:00
Marek Marczykowski-Górecki
df5f67e690 Use SOURCE_DATE_EPOCH for volumeid of efi boot image
By default mkfs.mksdos choose volume id based on current time. If
SOURCE_DATE_EPOCH is set, use that instead.

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
(cherry picked from commit de8124366e)
2019-05-03 16:34:32 -07:00
Marek Marczykowski-Górecki
d04d176cb4 Preserve timestamps when building fs image
Even when FS do not support owner/modes, preserve timestamps.

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
(cherry picked from commit e7f45d333f)
2019-05-03 16:34:26 -07:00
Marek Marczykowski-Górecki
376eda543c Use SOURCE_DATE_EPOCH for metadata timestamps
This include .buildinfo, .treeinfo and .discinfo.

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
(cherry picked from commit 876ec52215)
2019-05-03 16:34:21 -07:00
Brian C. Lane
7248355756 Add some extra cancel_func protection to QEMUInstall
In livemedia-creator's usage of this it can never pass in None, but if
someone were to import the library and use it, it would crash with
NoneType. So add the extra checks to make sure cancel_func isn't None,
just in case.

(cherry picked from commit 9041174142)
2019-02-28 09:38:15 -08:00
Yuval Turgeman
1c5b0d1237 installer: make sure cancel_func has a value (#612)
When using LMC to virt-install a system to an image, cancel_func is not
provided in run_creator, causing a TypeError (NoneType object is not
callable).

Signed-off-by: Yuval Turgeman <yturgema@redhat.com>
(cherry picked from commit 1c731b5618)
2019-02-28 09:38:06 -08:00
Brian C. Lane
47a909209f Remove duplicate repositories from the sources list
In some cases when the host has, for whatever reason, multiple copies of
the same repo listed the build may fail with an error about running out
of space.

So this commit removes duplicate entries after the host's repos have been
loaded. It also adjusts some of the test repos to use different
temporary repo names for the tests.

(cherry picked from commit 98482e444d)
2019-01-30 08:43:37 -08:00
Brian C. Lane
80e35d8d0e lorax: Move default tmp dir to /var/tmp/lorax
If systemd's tmpfiles.d timer is executed while lorax is running it will
remove any files and directories older than 30 days. This is what has
been causing the occasional error where /proc/ would seem to vanish
during the install.

Upstream has proposed this solution, https://github.com/systemd/systemd/pull/11482
but until that is released we need a work-around to protect the lorax
files.

This commit does several things:

* Move the default tmpdir from /var/tmp/ to /var/tmp/lorax/
* Add a lorax.conf tmpfiles.d file that prevents systemd-tmpfiles from
  removing anything under /var/tmp/lorax/
* Add an exit handler to lorax so that temporary directories are removed on
  exit or on a python traceback.
* Use flock to lock access to the tempdir while lorax is running.
* Remove any unlocked tempdirs named /var/tmp/lorax/lorax.* at startup

Note that the exit handler will not remove the tempdir if lorax is
killed with a signal -- those are being caught by dnf and prevent the
exit handler from running.

systemd-tmpfiles cannot clean up the tempdirs at boot time because they
contain files labeled as shadow_t, so we have to remove those when lorax
runs. It uses the flock to prevent removing any directories created by
parallel instances of lorax and only removes ones that are unlocked.
Worst case they will be around until the first run of lorax after a
reboot.

If you want to keep the working directory around for debugging purposes
use --workdir /var/tmp/lorax/my-workdir and it won't be removed by
lorax.

(cherry picked from commit e4fe1aab32)
2019-01-29 13:58:19 -08:00
Adam Williamson
36aeffc337 Don't exclude /dev from the setfiles in novirt_install
After a novirt disk image install, we run `setfiles` in the
install root to ensure some SELinux contexts are correct. /dev
is currently excluded from this run. However, as reported and
discussed in https://bugzilla.redhat.com/show_bug.cgi?id=1663040
it seems that with a recent systemd change, startup of many
services will fail if /dev itself is incorrectly labelled, and
in current Rawhide live images, it *is* incorrectly labelled.
Including `/dev` in this setfiles command appears to resolve the
problem in my testing.

Resolves: rhbz#1663040

Signed-off-by: Adam Williamson <awilliam@redhat.com>
(cherry picked from commit 2d3f266373)
2019-01-18 09:34:35 -08:00
Brian C. Lane
486dd3f629 Turn off pylint warning about docstring with backslash
(cherry picked from commit 4fe21135e3)
2019-01-08 13:47:12 -08:00
Anthony F McInerney
efcfdbff4f fixes #543 qemu -nodefconfig deprecated
(cherry picked from commit f66bff5aa7)
2019-01-08 13:47:00 -08:00
Anthony F McInerney
eb9a591fbc fix spinx build warnings
(cherry picked from commit 6bb64f94ff)
2019-01-08 13:46:51 -08:00
David Shea
cfff807df8 Allow customizations to be specified as a toml list
Support both

  [customizations]
  hostname = "whatever"

and

  [[customizations]]
  hostname = "whatever"

in the blueprint data. The [[ syntax matches the other customization
directives (user, group, sshkey), and as such it's easy to accidentally
use it for the hostname without even realizing it's specifying something
different.

Add some tests for converting customizations to kickstarts.

(cherry picked from commit 35ab6a1336)
2019-01-08 13:46:08 -08:00
Brian C. Lane
9af706dbe3 Revert "lorax-composer: Cancel running Anaconda process"
Drop running pkill. This causes problems if more than one is running on
a system (eg. in parallel using mock). It can kill off other processes
unrelated to this instance of anaconda.

This reverts commit 42addfc2b5.
2019-01-08 13:45:42 -08:00
Brian C. Lane
6be0ca9bb0 Make sure cancel_func is not None
(cherry picked from commit ca2c3d9e77)
2019-01-07 14:11:35 -08:00
Brian C. Lane
251306e1ab lorax: Save information about rootfs filesystem size and usage
Run df on the filesystem image after it has been created.
Output will be in program.log, eg:

Running... df /var/tmp/lorax.imgutils.wm04pg_v
Filesystem     1K-blocks    Used Available Use% Mounted on
/dev/loop0       1998672 1619508    362780  82% /var/tmp/lorax.imgutils.wm04pg_v
Return code: 0
2018-12-17 16:24:49 -08:00
Brian C. Lane
42addfc2b5 lorax-composer: Cancel running Anaconda process
It ends up that this isn't as easy as you'd think. Anaconda sets up some
signal handlers to handle cleanly exiting, but they are not being run
when sent a TERM after package installation has started. I think DNF
resets them causing it to get ignored.

When the cancel is sent it can take several minutes for it to have an
effect. In my testing it usually takes around 2 minutes for anaconda to
notice and exit.

This sends a TERM to the process and then waits for it to exit. When it
returns it then removed any device-mapper devices that were setup for
image installations, removes any hanging loop devices.

It then kills off any process with pyanaconda. in the cmdline, and
anaconda-bus.conf (because anaconda starts a bunch of helpers and if it
doesn't shut down cleanly they remain running).

Resolves: rhbz#1656691
2018-12-17 16:22:23 -08:00