Commit Graph

800 Commits

Author SHA1 Message Date
Lars Karlitski
e194b5926c Pass ssl certificate options to anaconda
If a repository has `sslcacert`, `sslclientcert`, or `ssclientkey` set,
pass them to anaconda through the kickstart file. This is mostly the
case when using RHEL repositories that are accessed through a
subscription.
2019-02-11 16:20:39 -08:00
Brian C. Lane
98482e444d Remove duplicate repositories from the sources list
In some cases when the host has, for whatever reason, multiple copies of
the same repo listed the build may fail with an error about running out
of space.

So this commit removes duplicate entries after the host's repos have been
loaded. It also adjusts some of the test repos to use different
temporary repo names for the tests.
2019-01-30 08:30:40 -08:00
Brian C. Lane
3676cb65bb Clarify the ks repo only error message
This also moves the run_creator kickstart checks into check_kickstart
so that tests may be added.

This will close #164
2019-01-29 14:03:11 -08:00
Brian C. Lane
e4fe1aab32 lorax: Move default tmp dir to /var/tmp/lorax
If systemd's tmpfiles.d timer is executed while lorax is running it will
remove any files and directories older than 30 days. This is what has
been causing the occasional error where /proc/ would seem to vanish
during the install.

Upstream has proposed this solution, https://github.com/systemd/systemd/pull/11482
but until that is released we need a work-around to protect the lorax
files.

This commit does several things:

* Move the default tmpdir from /var/tmp/ to /var/tmp/lorax/
* Add a lorax.conf tmpfiles.d file that prevents systemd-tmpfiles from
  removing anything under /var/tmp/lorax/
* Add an exit handler to lorax so that temporary directories are removed on
  exit or on a python traceback.
* Use flock to lock access to the tempdir while lorax is running.
* Remove any unlocked tempdirs named /var/tmp/lorax/lorax.* at startup

Note that the exit handler will not remove the tempdir if lorax is
killed with a signal -- those are being caught by dnf and prevent the
exit handler from running.

systemd-tmpfiles cannot clean up the tempdirs at boot time because they
contain files labeled as shadow_t, so we have to remove those when lorax
runs. It uses the flock to prevent removing any directories created by
parallel instances of lorax and only removes ones that are unlocked.
Worst case they will be around until the first run of lorax after a
reboot.

If you want to keep the working directory around for debugging purposes
use --workdir /var/tmp/lorax/my-workdir and it won't be removed by
lorax.
2019-01-29 13:57:12 -08:00
Adam Williamson
2d3f266373 Don't exclude /dev from the setfiles in novirt_install
After a novirt disk image install, we run `setfiles` in the
install root to ensure some SELinux contexts are correct. /dev
is currently excluded from this run. However, as reported and
discussed in https://bugzilla.redhat.com/show_bug.cgi?id=1663040
it seems that with a recent systemd change, startup of many
services will fail if /dev itself is incorrectly labelled, and
in current Rawhide live images, it *is* incorrectly labelled.
Including `/dev` in this setfiles command appears to resolve the
problem in my testing.

Resolves: rhbz#1663040

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2019-01-18 09:13:52 -08:00
Brian C. Lane
4fe21135e3 Turn off pylint warning about docstring with backslash 2019-01-08 11:37:56 -08:00
Anthony F McInerney
f66bff5aa7 fixes #543 qemu -nodefconfig deprecated 2019-01-08 10:19:00 -08:00
Anthony F McInerney
6bb64f94ff fix spinx build warnings 2019-01-08 10:17:44 -08:00
Brian C. Lane
7ee3b3d661 Revert "lorax-composer: Cancel running Anaconda process"
Drop running pkill. This causes problems if more than one is running on
a system (eg. in parallel using mock). It can kill off other processes
unrelated to this instance of anaconda.

This reverts commit 6b5c4df8b5.
2019-01-08 10:14:29 -08:00
David Shea
35ab6a1336 Allow customizations to be specified as a toml list
Support both

  [customizations]
  hostname = "whatever"

and

  [[customizations]]
  hostname = "whatever"

in the blueprint data. The [[ syntax matches the other customization
directives (user, group, sshkey), and as such it's easy to accidentally
use it for the hostname without even realizing it's specifying something
different.

Add some tests for converting customizations to kickstarts.
2019-01-08 10:21:07 -05:00
Brian C. Lane
ca2c3d9e77 Make sure cancel_func is not None 2019-01-07 13:53:44 -08:00
Dan Horák
a477db33d6 drop big endian ppc/ppc64 support 2019-01-07 13:52:46 -08:00
Dan Horák
34ab13b68a add qemu command mapping for ppc64le 2019-01-07 13:52:46 -08:00
Dan Horák
d34acfc14c don't reduce initrd size on ppc64/ppc64le 2019-01-07 13:52:46 -08:00
Brian C. Lane
fd173f7265 Add timestamps to program.log and dnf.log
In lorax, lorax-composer, and livemedia-creator.
2018-12-19 12:13:24 -08:00
Brian C. Lane
6f141658d4 lorax: Save information about rootfs filesystem size and usage
Run df on the filesystem image after it has been created.
Output will be in program.log, eg:

Running... df /var/tmp/lorax.imgutils.wm04pg_v
Filesystem     1K-blocks    Used Available Use% Mounted on
/dev/loop0       1998672 1619508    362780  82% /var/tmp/lorax.imgutils.wm04pg_v
Return code: 0
2018-12-17 16:24:23 -08:00
Brian C. Lane
6b5c4df8b5 lorax-composer: Cancel running Anaconda process
It ends up that this isn't as easy as you'd think. Anaconda sets up some
signal handlers to handle cleanly exiting, but they are not being run
when sent a TERM after package installation has started. I think DNF
resets them causing it to get ignored.

When the cancel is sent it can take several minutes for it to have an
effect. In my testing it usually takes around 2 minutes for anaconda to
notice and exit.

This sends a TERM to the process and then waits for it to exit. When it
returns it then removed any device-mapper devices that were setup for
image installations, removes any hanging loop devices.

It then kills off any process with pyanaconda. in the cmdline, and
anaconda-bus.conf (because anaconda starts a bunch of helpers and if it
doesn't shut down cleanly they remain running).

Resolves: rhbz#1656691
2018-12-17 16:10:04 -08:00
Brian C. Lane
26a684932b Add cancel_func to virt and novirt_install functions
In addition to monitoring the logs for errors, call a function (or
functions) that tell it to cancel the anaconda process and cleanup.

Also check for a cancel after creating the squashfs image for live-iso
since that's a long running process.

This required adding a new argument to a number of existing functions,
passing it down to QEMUInstall and novirt_install where the function is
called.

Resolves: rhbz#1656691
2018-12-17 16:10:04 -08:00
Brian C. Lane
3762264f56 lorax-composer: Check for STATUS before deleting
When there is no run or new symlink do one last check to make sure no
STATUS file was written. If it is missing, go ahead and remove the
results directory.

Related: rhbz#1656691
2018-12-17 16:10:04 -08:00
Brian C. Lane
fa461dc837 Check for existing CANCEL request, and exit on FINISHED
If another CANCEL request has already been made just exit from
uuid_cancel. If the build is FINISHED before it times out just exit,
don't remove the finished results.

Related: rhbz#1656691
2018-12-17 16:10:04 -08:00
Brian C. Lane
d18934775c lorax-composer: Handle packages with multiple builds
When the repository has multiple arches, eg. i686 and x86_64, it should
add a new entry to the project's builds list, not create a new project
in the list.

This handles that by adding a modified insort_left function and
examining the packages returned from dnf to make sure they aren't
already listed in the results. It also handles adding them in sorted
order so that no further sorting needs to be done on the results.

Resolves: rhbz#1656642
2018-12-06 15:48:58 -08:00
Brian C. Lane
4dd9004d13 lorax-composer: Check the queue and results at startup
If the system ran out of space, or was rebooted unexpectedly, the state
of the queue symlinks, or the results STATUS files may be inconsistent.
This checks them and:
 * Removes broken symlinks from queue/new and queue/run
 * Removes symlinks from run and sets the build to FAILED
 * Sets builds w/o a STATUS to FAILED
 * Sets builds with STATUS of RUNNING to FAILED
 * Creates missing queue/new symlinks to results with STATUS of WAITING

So, any builds that were running during the reboot will be FAILED, and
any that were waiting to be started will be started upon rebooting.

Resolves: rhbz#1647985
2018-12-06 15:13:28 -08:00
Brian C. Lane
8b11705ea0 Remove setfiles from mkrootfsimage
SELinux applies the correct labels, setfiles is no longer needed.
This allows lorax to run with SELinux in Enforcing mode.
2018-11-29 11:06:27 -08:00
Brian C. Lane
35b8957f12 Remove SELinux Permissive checks
Anaconda, Lorax, lorax-composer, and livemedia-creator can all now run
with SELinux in Enforcing mode. It does not need to be disabled and if
there are denials they should be reported as a bug.

Log the current state of SELinux when starting, update the
documentation.
2018-11-29 11:06:26 -08:00
Brian C. Lane
c11bffc357 Add --no-system-repos to lorax-composer
Running lorax-composer --no-system-repos will prevent it from copying
the dnf repositories from /etc/yum.repos.d/ into the lorax-composer repo
directory. It will *only* use repositories setup using the sources api
or written to /var/lib/lorax/composer/repos.d/

If lorax-composer has previously been run without this switch the system
repos will need to be removed from the composer/repos.d/ directory. It
would also be a good idea to remove the cached metadata in
/var/tmp/composer/

Resolves: rhbz#1650363
2018-11-26 17:05:08 -08:00
Brian C. Lane
d69f01d4a8 Create a kpartx_disk_img function
So that it can be used in tests as well as in imgutils
2018-11-12 11:13:37 -08:00
Brian C. Lane
8e749efbbf Fix make_appliance and the libvirt.tmpl
Apparently nobody has used these since the switch to py3, xrange is now
range and it needs to read the file in binary mode when generating the
sha256.
2018-11-12 11:13:37 -08:00
Brian C. Lane
a4783ba29f Add tests for ltmpl.py
This covers things like installing globbed package names from multiple
repos, pinned package versions, and ltmpl functions

Related: rhbz#1548586
2018-10-29 13:55:19 -07:00
Brian C. Lane
befa3128d7 Move get_dnf_base_object into a module
This allows it to be imported by tests.
2018-10-29 13:49:54 -07:00
Marek Marczykowski-Górecki
27e611629f Add --squashfs-only option to drop inner rootfs.img layer
Make runtime directly into squashfs image. This reduces largely
unreproducible ext4 layer, but requires anaconda's dracut module
modification to properly mount the image.
2018-10-29 13:16:38 -07:00
Brian C. Lane
e9e5139750 dnf changed the type of gpgkey to a tuple
And in an intermediate version it returns a VectorString object which
isn't serializable by the json or toml modules.

So convert it to a list so that the type is consistent in the sources
code.
2018-10-24 10:22:40 -07:00
Marek Marczykowski-Górecki
de8124366e Use SOURCE_DATE_EPOCH for volumeid of efi boot image
By default mkfs.mksdos choose volume id based on current time. If
SOURCE_DATE_EPOCH is set, use that instead.

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
2018-10-19 14:43:29 -07:00
Marek Marczykowski-Górecki
e7f45d333f Preserve timestamps when building fs image
Even when FS do not support owner/modes, preserve timestamps.

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
2018-10-19 14:43:29 -07:00
Marek Marczykowski-Górecki
876ec52215 Use SOURCE_DATE_EPOCH for metadata timestamps
This include .buildinfo, .treeinfo and .discinfo.

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
2018-10-19 14:43:29 -07:00
Brian C. Lane
7e0a288f5b Update depsolving with suggestions from dnf (#1636239)
The previous method worked, but wasn't exactly idiomatic. This is more
correct, and appears to work the same (templates depsolve, version globs
work, multiple repos work).

Note that this does use a private dnf attribute ._goal, but the word is
that this is going to become a public api soon, so yes it is there on
purpose.
2018-10-12 12:00:25 -07:00
Brian C. Lane
faa65bca3c Disable false context-manager pylint error 2018-10-12 12:00:25 -07:00
Brian C. Lane
65b769984b Change make_dnf_dirs to be run as root
It needs to be root in order to set the ownership and permissions on the
directories that are under /var/lib/lorax/composer/

Refactor the directory creation into a utility function, and use a umask
of 0o006 to ensure that the parent directories created do not have o+rw
set on them (makedirs behavior is different between Python 3.6 and 3.7
so umask of 0 doesn't work consistently).
2018-10-12 11:59:32 -07:00
Brian C. Lane
98f8b23129 Add an openstack image type
This is a qcow2 image with cloud-init in the template.
2018-10-09 10:17:14 -07:00
Brian C. Lane
3b41faae2c Work around dnf problem with multiple repos
If a package is in multiple repos dnf may return more than 1 of them
when using best...glob so we pick the highest NEVRA one and install
that.

Related: rhbz#1636239
2018-10-05 11:23:41 -07:00
David Shea
9717b3fd98 Make no-virt generated images sparser
At the end of disk image installs, use fstrim on the generated filesystem to
discard any blocks that were allocated during the install and are now unused.
This will allow tools such as qemu-img to create images that do not include
deleted data.

For raw disk images that do not go through qemu-img, use fallocate --dig-holes
to create sparse holes in place of the unused blocks.
2018-10-05 11:24:18 -04:00
Brian C. Lane
6da3079349 Report an error if the blueprint doesn't exist
composer-cli uses TOML for 'blueprints save' which was returning an
empty 200 response if the blueprint didn't exist. Change this to return
a standard 400 error response if the blueprint doesn't exist.

composer-cli is already setup to handle receiving json when an error is
returned so just the toml API response for `blueprints/save` needed to
be changed.
2018-10-03 16:41:49 -07:00
Brian C. Lane
e7bfab8b4a Write a rootpw line if no root customizations in the blueprint
Anaconda requires the root password to be set or locked, so if there
isn't anything setting it we write out 'rootpw --lock'

Also adds tests for this.

Resolves: rhbz#1626122
2018-10-03 08:30:31 -07:00
Adam Williamson
37f264c010 Don't try to append to DNF config value that can't take it
See https://bugzilla.redhat.com/show_bug.cgi?id=1595917 and
https://github.com/rpm-software-management/dnf/pull/1200 for
more on this. Briefly, DNF before 3.0 presented this config
value as a list...and mutating it worked. DNF from 3.0 until
3.6 presented it as a list...mutating it didn't work, but also
didn't *fail*, so this has actually not been doing anything on
DNF 3.x but we haven't noticed.

In DNF 3.6 values like this are presented as tuples instead of
lists, to try and catch usages like this, and it worked! We
need to change this one.

There is an additional weirdness here. tsflags is actually, in
libdnf terms, an OptionStringListAppend option: that means that
when something tries to *set* its value, the new value is just
appended to the existing list of values. This is very weird
behaviour when you're interacting with it like this, but
happens to be quite useful, as we can just 'set' the value to
a list like this and it will actually get appended (which is
what we want), and this one syntax happens to work correctly in
DNF 2.x, 3.0 through 3.5.1, and 3.6.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2018-10-02 14:07:06 -07:00
Brian C. Lane
51c73f7570 Always update repo metadata when building an image
When the kickstart is handed off to Anaconda for building it will
download its own copy of the metadata and re-run the depsolve. So if the
dnf cache isn't current there will be a mismatch and the build will
fail to find some of the versions in final-kickstart.ks

This adds a new context to DNFLock, .lock_check, that will force a check
of the metadata. It also implements its own timeout and forces a
refresh of the metadata when that expires because the dnf expiration
doesn't always work as expected.

Resolves: rhbz#1631561
2018-10-02 13:59:42 -07:00
Brian C. Lane
b2eadff77c Use rootpw for setting the root password instead of user
Ends up you cannot use the kickstart user command on root, since it
already exists, so we have to translate that into a rootpw command.

So [[customizations.user]] with name = "root" only support key, which
will set the ssh key, and password which will use rootpw to set the
password. plain text or encrypted are supported.

Related: rhbz#1626122
2018-10-02 13:59:42 -07:00
David Shea
1056bfc25b Add a vmdk compose type.
This is similar to the AMI type, but also adds open-vm-tools and does not do
anything special to the partitioning
2018-10-02 11:54:41 -04:00
David Shea
e0c236ff36 Add a vhd compose type for Azure images
This does pretty much the same things as the AMI compose type, but also
replaces NetworkManager with the Azure linux agent.
2018-10-02 11:54:41 -04:00
David Shea
18188bf6cf Add an ami compose type for AWS images
This differs from lmc's --make-ami in that creates a full disk image instead of
an fsimage. Create a raw disk image with a / and /boot partitions, and enable
sshd, chronyd, and cockpit by default.
2018-10-02 11:54:38 -04:00
David Shea
847fff4e11 Remove --fstype from the generated part line
Instead of specifying the fstype, just let anaconda use the default.
2018-09-28 15:27:15 -04:00
Lars Karlitski
160044ba9d Fix pylint errors and warnings
Remove `except` block which immediately raises the same exception again (it's
not a subclass of another caught exception, so this is safe).

Remove a false positive, because it is not emitted from the code base.

Disable subprocess-popen-preexec-fn in startProgram, which is not used
internally.
2018-09-25 13:49:40 +03:00
David Shea
c00036251e Fix a DeprecationWarning
SafeConfigParser is just a deprecated version of ConfigParser in
python3, so use ConfigParser.
2018-09-07 13:34:30 -04:00
Brian C. Lane
a0aab15311 Ignore a pylint warning about UnquotingConfigParser get args
The args differ, but we are accepting and passing through all args so
it's ok.

Related: rhbz#1613058
2018-09-04 11:16:39 -07:00
Adam Williamson
5c0dfb74e6 Ditch all use of pyanaconda's simpleconfig
lorax uses pyanaconda's SimpleConfigParser in three different
places (twice with a copy that's been dumped into pylorax, once
by importing it), just to do a fairly simple job: read some
values out of /etc/os-release. The only value SimpleConfigParser
is adding over Python's own ConfigParser here is to read a file
with no section headers, and to unquote the values. The cost is
either a dependency on pyanaconda, or needing to copy the whole
of simpleparser plus some other utility bits from pyanaconda
into lorax. This seems like a bad trade-off.

This changes the approach: we copy one very simple utility
function from pyanaconda (`unquote`), and do some very simple
wrapping of ConfigParser to handle reading a file without any
section headers, and returning unquoted values. This way we can
read what we need out of os-release without needing a dep on
pyanaconda or to copy lots of things from it into pylorax.

Resolves: #449
Resolves: #450

Signed-off-by: Adam Williamson <awilliam@redhat.com>
2018-08-30 16:21:09 -07:00
Brian C. Lane
4d9ef60460 Add support for DNF 3.2 module_platform_id config value
This borrows simpleconfig.py from Anaconda to make parsing os-release
easier.

It defaults to platform:el8
2018-08-29 11:04:50 -07:00
Brian C. Lane
07acd2e780 lorax: Only run depmod on the installed kernels
In the near-future there may be /lib/modules/ directories for older
kernels with weak dependencies listed. These may not match the installed
kernel(s) so we cannot depend on them to drive generate_module_data.

Instead use the existing findkernels() function to get the list of
installed kernels and iterate those, running depmod on them.

Resolves: rhbz#1622213
2018-08-28 16:56:50 -07:00
Brian C. Lane
ec908fcd2a Fix blueprints/list and blueprints/changes to return the correct total 2018-08-27 11:08:01 -07:00
David Shea
deff4d325f Allow '*' as a uuid in /compose/status/<uuid>
This will display all UUIDs that match the filter arguments
2018-08-21 16:42:18 -07:00
David Shea
40f23f093d Add filter arguments to /compose/status
This adds the following optional arguments to the /compose/status route:

  - type, matches the compose_type field
  - status, matches the queue_status field
  - blueprint, matches the blueprint field
2018-08-21 16:42:07 -07:00
Brian C. Lane
c8283adc17 Move disklabel and UEFI support to compose.py
Currently we are making MBR disk images for qcow2 and partitioned disk,
so the UEFI packages aren't required at this point.

Move the clearpart command into compose.py so that in the futute it can
use clearpart --disklabel to create a GPT image, and add the required
packages to the package set.
2018-08-09 15:17:27 -07:00
Chris Lumens
faba254be5 Change INVALID_NAME to INVALID_CHARS.
It's getting used in a whole lot more places now, so make it a bit more
generic sounding.

(cherry picked from commit bf0318eab6)
2018-08-09 16:20:23 -04:00
Chris Lumens
d03a198a8c Add default error IDs everywhere else.
The idea here is to make sure all return points have the same type for
the error cases.  There's not really all that many, so they just go in
one patch.  Some of these could potentially turn into more specialized
errors later.

(cherry picked from commit fd901c5e3f)
2018-08-09 16:20:01 -04:00
Chris Lumens
6a3ccd6ade Add error IDs to things that can go wrong when running a compose.
Note the exception string checking around compose_type.  I didn't really
want to introduce a new exception type just for this, but also didn't
want to duplicate strings.  I'd be open to other suggestions for how to
do this.

(cherry picked from commit b3bb438254)
2018-08-09 16:19:19 -04:00
Chris Lumens
c1af7dd69d Add error IDs for common source-related errors.
(cherry picked from commit e43adfc7af)
2018-08-09 16:19:12 -04:00
Chris Lumens
f67e2c5d52 Add error IDs for unknown modules and unknown projects.
(cherry picked from commit 2adcfc9563)
2018-08-09 16:19:08 -04:00
Chris Lumens
785ee7bcc3 Add error IDs for when an unknown commit is requested.
(cherry picked from commit 07528a431e)
2018-08-09 16:19:03 -04:00
Chris Lumens
2f8f076b1f Add error IDs for when an unknown blueprint is requested.
This adds some fairly redundant code to the beginning of all the
blueprint routes to attempt reading a commit from git for the
blueprint's recipe.  If it succeeds, the blueprint exists and the route
can continue.  Otherwise, return an error.  Hopefully this doesn't slow
things down too much.

(cherry picked from commit a925cc7ddb)
2018-08-09 16:18:49 -04:00
Chris Lumens
a2ce0686ca Add error IDs for when an unknown build UUID is requested.
Note that this also changes the return type of uuid_info to return None
when an unknown ID is given.  The other uuid_* functions are fine
because they are checked ahead of time.

(cherry picked from commit 6497b4fb65)
2018-08-09 16:18:40 -04:00
Chris Lumens
b26d12e457 Add error IDs for bad state conditions.
(cherry picked from commit d76e24053a)
2018-08-09 16:18:23 -04:00
Chris Lumens
2efbd7cae5 Change the error return type for bad limit= and offset=.
Each element in the errors value is now a dict, with a msg field and an
id field.  The id field contains a value out of errors.py that can be
used by the front end to key on.  The msg field is the same as what's
been there.

The idea is to keep the number of IDs somewhat limited so there's not a
huge number of things for the front end to know.

(cherry picked from commit 9677b012da)
2018-08-09 16:18:17 -04:00
Chris Lumens
6c3b0b3cd2 Don't sort error messages.
This should make it easier to return more complex error structures.  It
also doesn't appear to matter - tests still pass without changes.

(cherry picked from commit 4c3f93e329)
2018-08-09 16:18:11 -04:00
Brian C. Lane
0e97afdbd6 Add + to the allowed API string character set 2018-08-07 16:47:54 -07:00
Brian C. Lane
ec4c555174 Add input string checks to the branch and format arguments
Make sure no UTF8 characters are allowed and return an error if they
are.

Also includes tests to make sure the correct error is returned.

(cherry picked from commit 86d79cd8a6)
2018-08-07 10:12:02 -07:00
Brian C. Lane
f93f64a061 Add a test for invalid characters in the API route
Currently the code is not UTF8 safe, so we need to return a clear error
when invalid characters are passed in.

This also adds tests for the routes to confirm that an error is
correctly returned.

(cherry picked from commit 74f5def3d4)
2018-08-07 10:12:02 -07:00
Brian C. Lane
741e73265c Fix logging argument 2018-08-07 09:24:11 -07:00
Brian C. Lane
b4f9fb5c1f Fix write_timestamp for py3
toml.dumps() returns a string for write() so .encode is not needed.
2018-08-07 09:22:18 -07:00
Chris Lumens
8a2a43be99 Return a JSON error instead of a 404 on certain malformed URLs.
This handles the case where a route is requested, but without a required
parameter.  So, /blueprints/info is requested instead of
/blueprints/info/http-server.  It accomplishes this via a decorator, so
a lot of these route-related functions now have quite a few decorators
attached to them.

Typo'd URLs (/blueprints/nfo for instance) will still return a 404.  I
think this is a reasonable thing to do.

(cherry picked from commit 5daf2d416a)
2018-08-06 16:57:49 -07:00
Chris Lumens
76f714eab5 Return an error if /modules/info doesn't return anything.
Unfortunately, this isn't very useful if /modules/info is provided with
multiple modules.  yum doesn't traceback when doPackageLists is given
something that doesn't exist.  It just returns an empty list.  If
/modules/info is given just one module and yum gives us an empty list,
it's easy to say what happened.  If /modules/info is given several
modules and just one does not exist, we will not be able to detect that.

Fixing this would require doing more yum operations, which is likely to
slow things down and isn't the direction I want to be going.

(cherry picked from commit 8e948e4a4d)
2018-08-06 16:57:40 -07:00
Chris Lumens
ea7b22a8f5 Update documentation (#409).
(cherry picked from commit 6193a7c9d8)
2018-08-06 16:57:34 -07:00
Chris Lumens
022734ab01 Use constants instead of strings (#409).
(cherry picked from commit fdf4d63f3b)
2018-08-06 16:57:26 -07:00
Chris Lumens
495dcd13ec Write timestamps when important events happen during the compose (#409).
Right now, this is when the compose is queued up, when it is started by
anaconda, and when it is finished (whether that's success or not).

(cherry picked from commit 3ba9d53b8b)
2018-08-06 16:57:19 -07:00
Chris Lumens
e42b797295 Return multiple timestamps in API results (#409).
If one of the timestamps isn't present (for instance, the finished
timestamp for a job that is still running), null is returned.

(cherry picked from commit 17c40ef271)
2018-08-06 16:57:13 -07:00
Chris Lumens
ab76c6170e Add a new timestamp.py file to the API directory (#409).
This is responsible for writing out a new times.toml file, containing
important timestamps in the life of a compose.  This seems a little more
reliable than attempting to infer things from the filesystem, especially
in light of the fact that we can't ever really know when a file was
created.

(cherry picked from commit b59d59b124)
2018-08-06 16:57:07 -07:00
Brian C. Lane
b1dd22afa6 Log and exit on metadata update errors at startup
A bad system repo can cause lorax-composer to fail to start. Instead of
a traceback log the error and exit.

(note that the exit still results in an OSError traceback due to part of
it running as root, this needs to be addressed in another commit).
2018-07-18 16:09:03 -07:00
Brian C. Lane
816f1658db Clarify error message from /source/new
(cherry picked from commit b20aa4609c)
2018-07-18 16:01:06 -07:00
Chris Lumens
fbda20b8b7 Support loading groups from the kickstart template files.
(cherry picked from commit c8d2045f89)
2018-07-18 15:38:40 -07:00
Chris Lumens
8c4804eb15 Include groups in depsolving.
This adds a new argument to projects_depsolve and
projects_depsolve_with_size that contains the group list, unfortunately.
I would have prefered adding a function that just returns a list of all
the contents of a group and then add that to what was being passed into
projects_depsolve.  However, there does not appear to be any good way to
do that in yum aside from a lot of grubbing around in the comps object,
which I am unwilling to do.

(cherry picked from commit 5fe4b47072)
2018-07-18 14:36:28 -07:00
Chris Lumens
76d376fe18 Add support for groups to blueprints.
Nothing is currently being done with this information, but it will be
soon.

(cherry picked from commit 0f69d2084c)
2018-07-18 13:48:25 -07:00
Brian C. Lane
460a277d4e Check the compose templates at startup
Depsolve the packages included in the templates and report any errors
using the /api/status 'msgs' field. This should help narrow down
problems with package sources not being setup correctly.
2018-07-13 10:18:07 -07:00
Adam Williamson
4a3f9e12aa DNF 3: progress callback constants moved to dnf.transaction
Signed-off-by: Adam Williamson <awilliam@redhat.com>
2018-06-27 16:12:25 -07:00
Brian C. Lane
56926baaec Add the ability to enable DNF plugins for lorax
Pass --dnfplugin='*' to enable all of them.
Pass --dnfplugin='plugin-name' to enable one fo them. You can use it
multiple times to enable multiple plugins. Globs work as well.
2018-06-22 09:07:01 -07:00
Chris Lumens
e8894b7266 It's /compose/cancel, not /blueprints/cancel. 2018-06-18 10:51:12 -04:00
Brian C. Lane
936d193413 Retry losetup if loop_attach fails
It appears that sometimes the loop device doesn't get setup properly,
this may be a race with other users of loop devices on the system, or
some other mechanism that isn't understood.

To try and prevent total failure when this happens this patch retries
the loop setup 3 times before giving up. Previously it would wait for
the loop device to appear (checking 5 times), that operation is now
executed 3 times with a new losetup attempt each time.

Resolves: rhbz#1589084
(cherry picked from commit c746e8b0c3)
2018-06-11 14:00:05 -07:00
Brian C. Lane
594e762d63 Increase default ram used with lmc and virt to 2048
1024 is a bit small in some situations, double it.

Resolves: rhbz#1538747
2018-06-08 11:44:09 -07:00
Brian C. Lane
d8ce013a2b Add --dracut-arg support to lorax
Use it to override the default dracut arguments (displayed as part of
the --help output). If you want to extend the default arguments they
all need to be passed in on the cmdline as well. eg.

--dracut-arg='--xz' --dracut-arg='--install /.buildstamp' ...

Resolves: rhbz#1452220
2018-06-06 17:10:35 -07:00
Martin Kolman
d5d3dd3be3 Make LogRequestHandler configurable
Make it possible to manipulate the simple and regexp
tests the LogRequestHandler class uses to check error
messages for potential error states.

This is accomplished by moving the simple and regexp test
strings to class members, where they can be easily
manipulated by users of the pylorax module.

It's also now possible to set the log request handler class
for a LogMonitor.

This functionality can then be used for example like this:

customized_log_request_handler = monitor.LogRequestHandler
customized_log_request_handler.simple_tests.remove("Call Trace:")
log_monitor = monitor.LogMonitor(install_log,
                                 timeout=opts.timeout,
                                 log_request_handler_class = customized_log_request_handler)

This way installation will continue even if there was a call
trace in the logs. In a similar way additional tests and regexps can be
also added.
2018-06-06 14:30:28 -07:00
Brian C. Lane
afa89ea657 Fix DNF related issues with source selection
DNF Repo.dump() function cannot be used as a .repo file for dnf due to
it writing baseurl and gpgkey as a list instead of a string. Add a new
function to write this in the correct format, and limited to the fields
we use.

Add a test for the new function.

Fix /projects/source/info to return an error 400 if a nonexistant TOML
source is requested. If JSON is used the error is part of the standard
response.

Update test_server.py to check for the correct error code.
2018-06-04 15:45:36 -07:00
Brian C. Lane
dd8e4d9e99 Fix handling bad source repos and add a test
When adding a source failed it wasn't being removed from the dnf object.
This fixes that, and returns an error when setting up the source fails.
Also adds a test for it.
This also includes detecting rawhide vs. non-rawhide releases and
adjusting the tests accordingly (some of the source names change).
2018-06-04 15:45:36 -07:00
Brian C. Lane
23f4b2a3ec Fix make_dnf_dirs
It was chopping off an extra directory level due to realpath removing
the trailing / from the paths when they are setup.
2018-06-04 15:45:36 -07:00
Brian C. Lane
6d677b2207 Add support for user defined package sources API
This lives under /api/v0/projects/source/*

See the documentation for details
2018-06-04 15:45:36 -07:00
Colin Walters
bb3d8edd06 templates: Stop using gconfset
We had only been indirectly pulling in GConf, and anyways
nothing was listening to these keys.

<kalev> I still think it's a fallout from 27a90d973f

Really in general, if we wanted to make changes like this
it'd probably be a lot simpler to do them on boot or so.

https://bugzilla.redhat.com/show_bug.cgi?id=1581838
2018-05-23 14:20:44 -07:00
Brian C. Lane
095829171a Add support for version globs to blueprints
This uses dnf's version__glob filter to implement it. It amounts to '*'
wildcards and '?' for single character matching.
2018-05-18 12:03:26 -07:00
Brian C. Lane
db67c1267a Move lorax-composer and composer-cli argument parsing into modules
This allows sphinx-argparse to document them automatically.
2018-05-14 13:00:15 -07:00
Brian C. Lane
6e5ca1f062 Add new cmdline args to compose_args settings 2018-05-14 13:00:15 -07:00
Brian C. Lane
b1319c7bc1 Remove temporary files after run_compose
A crash can also leave temporary lmc-* files, remove them as well.
2018-05-14 13:00:15 -07:00
Brian C. Lane
0455a5d740 Add --proxy to lorax-composer cmdline
Overrides the [dnf] proxy setting in the config file.
2018-05-14 13:00:15 -07:00
Brian C. Lane
12cb2736ac Pass the --tmp value into run_creator and cleanup after a crash
Crashing can sometimes leave directories in /var/tmp/lmc-* so clean
those up after run_creator is finished.
2018-05-14 13:00:15 -07:00
Brian C. Lane
9a1dce5619 Set lorax_templates to the correct directory
Templates are under the share dir, so use find_templates() to find them.
2018-05-14 13:00:15 -07:00
Brian C. Lane
3974a4e479 Adjust the disk size estimates to match Anaconda
First is Anaconda uses 6k blocks per file for its estimate, and it
fudges by 10% so adjust for those with an extra 10% of headroom just in
case.

Second is an Anaconda bug that won't allow it to do a kickstart install
to a disk smaller than 3000 MB. There is a PR to fix it upstream, but
for now the minimum size has to be 3000e9
2018-05-14 13:00:15 -07:00
Brian C. Lane
a363aee971 Skip creating groups with the same name as a user
Otherwise the user creation fails when anaconda sees there is already a
group with that name. Log a warning and continue on.
2018-05-14 13:00:15 -07:00
Brian C. Lane
07ea61be77 Add user and group creation to blueprint
[[customize.user]] and [[customize.group]]
2018-05-14 13:00:15 -07:00
Brian C. Lane
25bec0b50d Add blueprint customization support for hostname and ssh key
This adds support for the optional blueprint section [customizations].

Use it like this:

[customizations]
hostname = yourhostnamehere

[[customiations.sshkey]]
user = root
key = root user key
2018-05-14 13:00:15 -07:00
Brian C. Lane
a9b626a706 Fix the compose arguments for the Fedora version of Anaconda
This adds make_oci, and moves qcow2 to the more generic image_type
(which just uses qemu-img disk names).
2018-05-14 13:00:15 -07:00
Brian C. Lane
c9187ce4ca Convert Yum usage to DNF
The DNF api is similar, but not the same, as Yum. Make the needed
changes, and rename yum references to dnf to avoid confustion later.
2018-05-14 13:00:15 -07:00
Brian C. Lane
48671b682a workspace read and write needs UTF-8 conversion
reading needs to decode the bytes to str and writing needs to encode the
str to bytes.
2018-05-14 13:00:15 -07:00
Brian C. Lane
d478864fb3 Return an empty list if depsolve results are empty 2018-05-14 13:00:15 -07:00
Brian C. Lane
8ed039107b The git blob needs to be bytes
In py3 str is unicode so it needs to be encoded as UTF-8 when writing to
the blob.
2018-05-14 13:00:15 -07:00
Brian C. Lane
719aceac82 Use default commit sort order instead of TIME
Different versions of libgit2 act differently. Using TIME results in
some commits (like a revert) being listed correctly, but the rest being
listed in reverse order. Leaving it at the default works for
libgit2-0.26.3
2018-05-14 13:00:15 -07:00
Brian C. Lane
9b9b627fe5 Update pylorax.api.projects for DNF usage
And adjust tests to match.
2018-05-14 13:00:14 -07:00
Brian C. Lane
e86f4f9a36 Update dnfbase (formerly yumbase) for DNF support
And adjust tests to match.
2018-05-14 13:00:14 -07:00
Brian C. Lane
06c227598c Move core of livemedia-creator into pylorax.creator
This moves everything except the cmdline checking into run_creator in
pylorax.creator

It also rearranges some functions to prevent import loops, and adds a
utility function to imgutils (mkfsimage_from_disk for copying a
partition into a filesystem image).
2018-05-14 13:00:14 -07:00
Brian C. Lane
63b473d4ba Convert lorax-composer yum base object to DNF
This no longer uses the enabled configuration setting to select repos to
use. It uses everything in the repo_dir, and if system repos have not
been disabled it copies them into the repo_dir at startup, overwriting
the previous copy.
2018-05-14 13:00:14 -07:00
Brian C. Lane
d31bea7bd3 Use 2to3 to convert the python2 lorax-composer code to python3 2018-05-14 13:00:14 -07:00
Brian C. Lane
89050f068d livemedia-creator: Move core functions into pylorax modules
This reduces the amount of code in livemedia-creator to the cmdline
parsing and calling of the installer functions. Moving them into other
modules will allow them to be used by other projects, like the
lorax-composer API server.
2018-05-14 13:00:14 -07:00
Jiri Konecny
2f3de6060b Update default releasever to Fedora 29 (rawhide)
There was Fedora 25 which is now unsupported.
2018-03-15 12:07:34 -07:00
Brian C. Lane
e1c839de1c Fix _install_branding
filter(provides=...) doesn't work with paths. The release packages
provide system-release so just look for that instead of a file.

Now it finds the release package and selects it along with the
corresponding logos package.

Note, this has been broken since commit 431ca6ce
2018-02-23 12:50:07 -08:00
Yuval Turgeman
68d1f4208d LMC: Make the QEMU RNG device optional
Added a new QEMU argument '--with-rng' to specify a RNG device other
than /dev/random or "none".

Signed-off-by: Yuval Turgeman <yturgema@redhat.com>
2018-01-23 08:22:38 -08:00
Brian C. Lane
dc635a97f6 Write the --variant string to .buildstamp as 'Variant=' 2018-01-17 09:38:16 -08:00
Brian C. Lane
629d04dc68 Fix installpkg exclude operation
Commit 8edaefd4d1 added the ability to install specific NVR's of
packages, but it did not adjust the exclude operation to account for
this.

This patch fixes that, applying the exclude only to the name part of the
package NVR, and changes some variable names to pkgnvr/pkgnvrs to make
it more clear that the content has changed to <name>-<version>-<release>
2018-01-15 08:38:43 -08:00
Brian C. Lane
73628a6e07 Log a more descriptive error when setfiles fails (#1499771)
Some lorax users run it from inside mock, which isn't able to detect
whether the host is in Permissive mode. This can lead to confusing
error messages, so this points them in the right direction.
2017-11-27 12:03:45 -08:00
Claudio Zumbo
8edaefd4d1 Allow installpkgs to do version pinning through globbing 2017-11-10 09:56:27 -08:00
Alexander Todorov
fdb7593cb0 Rename parameters to match names that dnf uses
avoids 'Parameters differ from overridden method' warnings
2017-10-09 13:38:56 -07:00
Alexander Todorov
ac1623d9cd Don't override 'line' from outer scope 2017-10-09 13:38:56 -07:00
Brian C. Lane
3382a24498 Fix systemctl command (#1478247)
When multiple units are passed to systemctl and one fails it doesn't
finish the others. Change the template command to call systemctl for
each unit individually.

This also removes the lvm2-activation-generator in runtime-cleanup.tmpl
2017-08-14 14:29:47 -07:00
Brian C. Lane
e3dcb1e329 Add version output (#1335456)
Add -V to livemedia-creator, and log the running version when lorax or
lmc is started.
2017-08-14 13:54:02 -07:00
Brian C. Lane
8154b3f7a3 Include the dracut fips module in the initrd (#1341280)
This will allow anaconda to fetch kickstarts using https when installing
with fips=1

Leave vmlinuz and .vmlinuz.hmac in /boot

dracut-fips module needs the vmlinuz.hmac file in order to boot.
2017-08-14 13:20:27 -07:00
Brian C. Lane
7bc818507c Make sure loop device is setup (#1462150)
It seems that on rare occasions losetup can return before the /dev/loopX
is ready for use, causing problems with mkfs. This tries to make sure
that the loop device really is associated with the backing file before
continuing.

NOTE that using losetup --list -O to return the backing store
associated with the loop device can fail due to losetup truncating
the output filename if sysfs isn't setup. Instead of printing the full
path it will truncate it to 64 characters with a * at the end.

See util-linux lib/loopdev.c for the code that does this.

Use the existing get_loop_name function, which uses losetup -j, to lookup
the loop device associated with the backing store which should work the
same, just in the opposite direction.
2017-08-14 09:20:42 -07:00
Stephen Gallagher
2c3007beb8 Use anaconda-core to detect buildarch
For historical reasons, lorax used the 'anaconda' package as a
touchstone to determine the architecture for the build. At some
point, this package became a metapackage that pulls in both the
GUI and headless installers.

In the modular world, it's possible that only the core and TUI bits
may be available for use. The only subpackage of anaconda that is
guaranteed to be on any viable system is anaconda-core, so let's
switch to using that for the touchstone instead of the metapackage.

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2017-05-31 10:07:41 -07:00
Brian C. Lane
1c6b083260 Try all packages when installpkg --optional is used.
Also sort the expanded list of packages so that any failures will
be consistent instead of depending on the randomness of a set().
And add better logging when things fail.

The core issue is that repodata may have packages that match globs, but
they cannot actually be installed (eg. sigrok-firmware). This can cause
*some* of the globbed packages to be installed before hitting the
failure package.

With this change it will log the expanded list of packages if a glob is
used. It will skip any packages that fail to install when using
--optional with the glob, and continue to install the rest.

Related: rhbz#1440417
2017-05-30 09:47:37 -07:00
Brian C. Lane
a92aa63491 pylint: Ignore different argument lengths for dnf callback.
It may or may not be used with a newer version of dnf. The callback
doesn't use the argument so just ignore it.
2017-05-24 09:13:42 -07:00
Jaroslav Mracek
10bbeac6d1 Adds additional callbacks keyword for start()
It reflects latest changes in dnf-2.5.0-1
2017-05-24 08:05:15 -07:00
Brian C. Lane
cc56a5b5c9 Add --noverifyssl to lorax (#1430483)
Previously lorax had no way to use repos with self-signed certificates.
This adds the --noverifyssl cmdline option which will ignore certificate
errors.

Resolves: rhbz#1430483
2017-03-08 13:27:22 -08:00
Brian C. Lane
f8c9e8c120 Print the full NEVRA when installing packages.
(cherry picked from commit 92e60d7dd1)
2017-01-30 09:43:31 -08:00
Colin Walters
3fa3d20489 imgutils: Don't relabel /ostree
OSTree is a deduplicating hardlink store using a new file path
`/ostree`, which SELinux policy doesn't know about.  However, OSTree
has SELinux support built in, and rpm-ostree (for example) uses this
to ensure the attributes on files stored there are simply always
correct.  Relabeling it will corrupt it.

Hence, let's skip it.
2016-11-16 16:39:53 -05:00
Pat Riehecky
7ca356845b Added option to remove packages (parallel to installpkgs) 2016-11-14 09:06:10 -08:00
Colin Walters
5aa6fea8c3 templates: When a subprocess fatally errors, output its stderr directly
Right now we dump all subprocess output to `program.log`.  Unfortunately,
The pungi/koji stack doesn't know how to scrape out the lorax logs.

And even when running interactively, it's annoying that *some* fatal
errors show up on stderr, but if it's from a subprocess, I need to go
over and `tail program.log`.

Let's output the subprocess stderr directly, since the user is
going to want it prominently anyways.
2016-11-14 09:04:08 -08:00
Brian C. Lane
492ab9e4a5 livemedia-creator: Check for packaging failures in the logs (#1374809)
anaconda-26.1 changed how package scriptlet failures are handled. They
are now fatal, and anaconda hangs after logging an Installation failure.

ERR packaging: Installation failed: PayloadInstallError('DNF error:
Non-fatal POSTIN scriptlet failure in rpm package mlocate',)

Catch this (the 'packaging: Installation failed' part) and terminate the
image creation.
2016-09-21 09:00:49 -07:00
Manjunath A Kumatagi
f4a1302358 Add ppc64le kernel path
(cherry picked from commit b76fba85ea)
2016-09-08 12:12:07 -07:00
Brian C. Lane
37d36daa9c lorax: Add --rootfs-size (#1368743)
This controls how big the root filesystem is for the squashfs used in
the boot.iso, the default is 2GiB.

Note that larger rootfs sizes will require more memory and may cause the
build to fail.
2016-08-22 17:20:48 -07:00
Brian C. Lane
442d0a0140 Revert "Use size=10 by default"
This reverts commit e61223d486.

On systems with less RAM (eg. ARM with 4G) this size change causes the
build to get stuck.
2016-08-22 16:17:35 -07:00
Colin Walters
e61223d486 Use size=10 by default
I'm working on
https://fedoraproject.org/wiki/Changes/WorkstationOstree and when
using lorax to make an installer ISO with content embedded, I run out
of disk space since the desktop+various apps is large.

Since this ends up being compressed anyways, let's just bump the
currently arbitrary `2` to `10` - the only real cost I can think of is
going to be a few more superblock entries.
2016-08-12 13:05:40 -07:00