From 144326e5255d7df05bce68a084ff6c0d707b8687 Mon Sep 17 00:00:00 2001 From: Josue David Hernandez Gutierrez Date: Thu, 31 Oct 2024 01:02:28 +0000 Subject: [PATCH 05/10] Increase support for OCI images Add support for OCI images: - Support for OCI hybrid images - Add selinux auto-relabeling during first boot - Support dnf variables inside OCI built images Signed-off-by: Josue David Hernandez Gutierrez Signed-off-by: Alex Burmashev --- .../osbuild/images/pkg/distro/image_config.go | 2 + .../images/pkg/distro/rhel/distribution.go | 10 +- .../osbuild/images/pkg/distro/rhel/images.go | 5 + .../images/pkg/distro/rhel/rhel8/distro.go | 3 +- .../images/pkg/distro/rhel/rhel8/qcow2.go | 201 +++++++++++++++++- .../images/pkg/distro/rhel/rhel9/distro.go | 3 +- .../images/pkg/distro/rhel/rhel9/qcow2.go | 197 ++++++++++++++++- .../osbuild/images/pkg/manifest/os.go | 14 ++ 8 files changed, 420 insertions(+), 15 deletions(-) diff --git a/vendor/github.com/osbuild/images/pkg/distro/image_config.go b/vendor/github.com/osbuild/images/pkg/distro/image_config.go index 8cee15e..a7b06fd 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/image_config.go +++ b/vendor/github.com/osbuild/images/pkg/distro/image_config.go @@ -45,6 +45,7 @@ type ImageConfig struct { Modprobe []*osbuild.ModprobeStageOptions DracutConf []*osbuild.DracutConfStageOptions SystemdUnit []*osbuild.SystemdUnitStageOptions + SystemdUnitCreate []*osbuild.SystemdUnitCreateStageOptions Authselect *osbuild.AuthselectStageOptions SELinuxConfig *osbuild.SELinuxConfigStageOptions Tuned *osbuild.TunedStageOptions @@ -67,6 +68,7 @@ type ImageConfig struct { Files []*fsnode.File Directories []*fsnode.Directory + Hostonly *bool // KernelOptionsBootloader controls whether kernel command line options // should be specified in the bootloader grubenv configuration. Otherwise diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel/distribution.go b/vendor/github.com/osbuild/images/pkg/distro/rhel/distribution.go index 40fcf8e..55884e7 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel/distribution.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/distribution.go @@ -144,14 +144,14 @@ func NewDistribution(name string, major, minor int) (*Distribution, error) { } case "ol": rd = &Distribution{ - name: fmt.Sprintf("ol-%d.%d", major, minor), - product: "Oracle Linux", - osVersion: fmt.Sprintf("%d.%d", major, minor), + name: fmt.Sprintf("ol-%d.%d", major, minor), + product: "Oracle Linux", + osVersion: fmt.Sprintf("%d.%d", major, minor), releaseVersion: fmt.Sprintf("%d", major), modulePlatformID: fmt.Sprintf("platform:el%d", major), - vendor: "redhat", + vendor: "redhat", ostreeRefTmpl: fmt.Sprintf("ol/%d/%%s/edge", major), - runner: &runner.RHEL{Major: uint64(major), Minor: uint64(minor)}, + runner: &runner.RHEL{Major: uint64(major), Minor: uint64(minor)}, } default: return nil, fmt.Errorf("unknown distro name: %s", name) diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel/images.go b/vendor/github.com/osbuild/images/pkg/distro/rhel/images.go index 9045bc9..432c349 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel/images.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/images.go @@ -68,6 +68,10 @@ func osCustomizations( osc.ExcludeDocs = *imageConfig.ExcludeDocs } + if imageConfig.Hostonly != nil { + osc.Hostonly = *imageConfig.Hostonly + } + if !t.BootISO { // don't put users and groups in the payload of an installer // add them via kickstart instead @@ -246,6 +250,7 @@ func osCustomizations( osc.Modprobe = imageConfig.Modprobe osc.DracutConf = imageConfig.DracutConf osc.SystemdUnit = imageConfig.SystemdUnit + osc.SystemdUnitCreate = imageConfig.SystemdUnitCreate osc.Authselect = imageConfig.Authselect osc.SELinuxConfig = imageConfig.SELinuxConfig osc.Tuned = imageConfig.Tuned diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/distro.go b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/distro.go index 7539479..3767cf1 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/distro.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/distro.go @@ -98,7 +98,7 @@ func newDistro(name string, minor int) *rhel.Distribution { }, }, mkQcow2ImgType(rd), - mkOCIImgType(rd), + mkOCIImgType(rd, true), ) ec2X86Platform := &platform.X86{ @@ -161,6 +161,7 @@ func newDistro(name string, minor int) *rhel.Distribution { }, }, mkQcow2ImgType(rd), + mkOCIImgType(rd, false), ) aarch64.AddImageTypes( diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/qcow2.go b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/qcow2.go index fc40edd..96afabd 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/qcow2.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel8/qcow2.go @@ -1,11 +1,15 @@ package rhel8 import ( + "os" + "github.com/osbuild/images/internal/common" + "github.com/osbuild/images/pkg/customizations/fsnode" "github.com/osbuild/images/pkg/customizations/subscription" "github.com/osbuild/images/pkg/datasizes" "github.com/osbuild/images/pkg/distro" "github.com/osbuild/images/pkg/distro/rhel" + "github.com/osbuild/images/pkg/osbuild" "github.com/osbuild/images/pkg/rpmmd" ) @@ -32,13 +36,13 @@ func mkQcow2ImgType(rd *rhel.Distribution) *rhel.ImageType { return it } -func mkOCIImgType(rd *rhel.Distribution) *rhel.ImageType { +func mkOCIImgType(rd *rhel.Distribution, isX86_64 bool) *rhel.ImageType { it := rhel.NewImageType( "oci", "disk.qcow2", "application/x-qemu-disk", map[string]rhel.PackageSetFunc{ - rhel.OSPkgsKey: qcow2CommonPackageSet, + rhel.OSPkgsKey: OCIqcow2CommonPackageSet, }, rhel.DiskImage, []string{"build"}, @@ -46,8 +50,23 @@ func mkOCIImgType(rd *rhel.Distribution) *rhel.ImageType { []string{"qcow2"}, ) - it.DefaultImageConfig = qcowImageConfig(rd) - it.KernelOptions = "console=tty0 console=ttyS0,115200n8 no_timer_check net.ifnames=0 crashkernel=auto" + it.DefaultImageConfig = &distro.ImageConfig{ + DefaultTarget: common.ToPtr("multi-user.target"), + Hostonly: common.ToPtr(true), + SELinuxForceRelabel: common.ToPtr(true), + Files: []*fsnode.File{earlySetupFile(isX86_64)}, + EnabledServices: []string{"oci-repo-installer.service"}, + SystemdUnitCreate: []*osbuild.SystemdUnitCreateStageOptions { + ociRepoServiceInstaller(), + }, + } + + if isX86_64 { + it.KernelOptions = "console=tty0 console=ttyS0,115200n8 no_timer_check rd.net.timeout.dhcp=10 rd.net.timeout.carrier=5 netroot=iscsi:169.254.0.2:::1:iqn.2015-02.oracle.boot:uefi rd.iscsi.param=node.session.timeo.replacement_timeout=6000 net.ifnames=1 nvme_core.shutdown_timeout=10 ipmi_si.tryacpi=0 ipmi_si.trydmi=0 libiscsi.debug_libiscsi_eh=1 loglevel=4 crash_kexec_post_notifiers" + } else { + it.KernelOptions = "ro crashkernel=auto LANG=en_US.UTF-8 console=ttyAMA0 console=ttyAMA0,115200 rd.net.timeout.carrier=5 netroot=iscsi:169.254.0.2:::1:iqn.2015-02.oracle.boot:uefi rd.iscsi.param=node.session.timeo.replacement_timeout=6000 net.ifnames=1 nvme_core.shutdown_timeout=10 ipmi_si.tryacpi=0 ipmi_si.trydmi=0 libiscsi.debug_libiscsi_eh=1 loglevel=4 ip=dhcp,dhcp6 rd.net.timeout.dhcp=10 crash_kexec_post_notifiers" + } + it.Bootable = true it.DefaultSize = 10 * datasizes.GibiByte it.BasePartitionTables = defaultBasePartitionTables @@ -55,6 +74,104 @@ func mkOCIImgType(rd *rhel.Distribution) *rhel.ImageType { return it } +func earlySetupFile(isX86_64 bool) *fsnode.File { + arch := "aarch64" + if isX86_64 { + arch = "x86_64" + } + file, err := fsnode.NewFile("/sbin/early-oci-setup", common.ToPtr(os.FileMode(0700)), "root", "root", []byte(`#!/usr/bin/env bash +arch=` + arch + ` + +imds_domain=$(curl -H "Authorization:Bearer Oracle" -sfm 25 http://169.254.169.254/opc/v2/instance/ 2>/dev/null | jq -r '.regionInfo.realmDomainComponent') +imds_region=$(curl -H "Authorization:Bearer Oracle" -sfm 25 http://169.254.169.254/opc/v2/instance/ 2>/dev/null | jq -r '.regionInfo.regionIdentifier') +imds_realm=$(curl -H "Authorization:Bearer Oracle" -sfm 25 http://169.254.169.254/opc/v2/instance/ 2>/dev/null | jq -r '.regionInfo.realmKey') + +function retry_command() { + + retry_attempts=5 + retry_interval_sec=2 + while [[ "$retry_attempts" -gt 0 ]]; do + command_success=true + "$@" || { command_success=false; } + if [[ "$command_success" == false ]]; then + (( retry_attempts-- )) + logger -t earlyocisetup "Error occurred running command $@. Will retry in $retry_interval_sec seconds" + sleep $retry_interval_sec + else + break + fi + done + + if [[ "$command_success" == false ]]; then + logger -t earlyocisetup "ERROR: failed to execute command '$@' (Retried $retry_attempts times)" + exit 1 + fi +} + +if [[ -n "$imds_realm" ]]; then + domain="oci.$imds_domain" + region="$imds_region" + ociregion=".$region" + reponame="oci_install" + repourl="https://yum$ociregion.$domain/repo/OracleLinux/OL8/oci/included/$arch/" +else + logger -t earlyocisetup 'Running out of OCI region' + exit 1 +fi + +echo $region > /etc/dnf/vars/region +echo $domain > /etc/dnf/vars/ocidomain +echo $ociregion > /etc/dnf/vars/ociregion + +cat < /etc/yum.repos.d/oci-install.repo +[$reponame] +name=Install OCI repo ($arch) +baseurl=$repourl +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle +gpgcheck=1 +enabled=1 +EOF + +retry_command yum install -y oci-included-release-el8 +retry_command yum install -y oci-linux-config +retry_command yum install -y python36-oci-sdk + +if $(yum repolist |grep -q "$reponame"); then + rm -f /etc/yum.repos.d/oci-install.repo +fi + +mkdir -p /var/lib/oci-repo-installer +touch /var/lib/oci-repo-installer/oci-repo-installed + +rm -f /usr/lib/systemd/system/oci-repo-installer.service /sbin/early-oci-setup +`)) + if err != nil { + panic(err) + } + return file +} + +func ociRepoServiceInstaller() *osbuild.SystemdUnitCreateStageOptions { + return &osbuild.SystemdUnitCreateStageOptions{ + Filename: "oci-repo-installer.service", + Config: osbuild.SystemdUnit{ + Unit: &osbuild.UnitSection{ + Description: "First-boot service for installing oci repository once OCI image has booted", + ConditionPathExists: []string{"!/var/lib/oci-repo-installer/oci-repo-installed"}, + Requires: []string{"network-online.target"}, + }, + Service: &osbuild.ServiceSection{ + Type: osbuild.OneshotServiceType, + RemainAfterExit: false, + ExecStart: []string{"/usr/bin/bash /sbin/early-oci-setup"}, + }, + Install: &osbuild.InstallSection{ + WantedBy: []string{"network-online.target"}, + }, + }, + } +} + func mkOpenstackImgType() *rhel.ImageType { it := rhel.NewImageType( "openstack", @@ -77,6 +194,82 @@ func mkOpenstackImgType() *rhel.ImageType { return it } +func OCIqcow2CommonPackageSet(t *rhel.ImageType) rpmmd.PackageSet { + ps := rpmmd.PackageSet{ + Include: []string{ + "@core", + "authselect-compat", + "iscsi-initiator-utils", + "chrony", + "cloud-init", + "cloud-utils-growpart", + "cockpit-system", + "cockpit-ws", + "dhcp-client", + "dnf", + "dnf-utils", + "dosfstools", + "dracut-norescue", + "net-tools", + "NetworkManager", + "nfs-utils", + "oddjob", + "oddjob-mkhomedir", + "psmisc", + "python3-jsonschema", + "qemu-guest-agent", + "redhat-release", + "rsync", + "tar", + "tcpdump", + "yum", + "jq", + }, + Exclude: []string{ + "aic94xx-firmware", + "alsa-firmware", + "alsa-lib", + "alsa-tools-firmware", + "biosdevname", + "dracut-config-rescue", + "fedora-release", + "fedora-repos", + "firewalld", + "fwupd", + "iprutils", + "ivtv-firmware", + "iwl1000-firmware", + "iwl100-firmware", + "iwl105-firmware", + "iwl135-firmware", + "iwl2000-firmware", + "iwl2030-firmware", + "iwl3160-firmware", + "iwl3945-firmware", + "iwl4965-firmware", + "iwl5000-firmware", + "iwl5150-firmware", + "iwl6000-firmware", + "iwl6000g2a-firmware", + "iwl6000g2b-firmware", + "iwl6050-firmware", + "iwl7260-firmware", + "langpacks-*", + "langpacks-en", + "langpacks-en", + "libertas-sd8686-firmware", + "libertas-sd8787-firmware", + "libertas-usb8388-firmware", + "nss", + "plymouth", + "rng-tools", + "udisks2", + }, + }.Append(distroSpecificPackageSet(t)) + + return ps +} + func qcow2CommonPackageSet(t *rhel.ImageType) rpmmd.PackageSet { ps := rpmmd.PackageSet{ Include: []string{ diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel9/distro.go b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel9/distro.go index 6745702..180dab4 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel9/distro.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel9/distro.go @@ -100,7 +100,7 @@ func newDistro(name string, major, minor int) *rhel.Distribution { }, }, mkQcow2ImgType(rd), - mkOCIImgType(rd), + mkOCIImgType(rd, true), ) @@ -123,6 +123,7 @@ func newDistro(name string, major, minor int) *rhel.Distribution { }, }, mkQcow2ImgType(rd), + mkOCIImgType(rd, false), ) ppc64le.AddImageTypes( diff --git a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel9/qcow2.go b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel9/qcow2.go index 20a8022..8e239b2 100644 --- a/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel9/qcow2.go +++ b/vendor/github.com/osbuild/images/pkg/distro/rhel/rhel9/qcow2.go @@ -1,11 +1,15 @@ package rhel9 import ( + "os" + "github.com/osbuild/images/internal/common" + "github.com/osbuild/images/pkg/customizations/fsnode" "github.com/osbuild/images/pkg/customizations/subscription" "github.com/osbuild/images/pkg/datasizes" "github.com/osbuild/images/pkg/distro" "github.com/osbuild/images/pkg/distro/rhel" + "github.com/osbuild/images/pkg/osbuild" "github.com/osbuild/images/pkg/rpmmd" ) @@ -32,13 +36,13 @@ func mkQcow2ImgType(d *rhel.Distribution) *rhel.ImageType { return it } -func mkOCIImgType(d *rhel.Distribution) *rhel.ImageType { +func mkOCIImgType(d *rhel.Distribution, isX86_64 bool) *rhel.ImageType { it := rhel.NewImageType( "oci", "disk.qcow2", "application/x-qemu-disk", map[string]rhel.PackageSetFunc{ - rhel.OSPkgsKey: qcow2CommonPackageSet, + rhel.OSPkgsKey: OCIqcow2CommonPackageSet, }, rhel.DiskImage, []string{"build"}, @@ -46,8 +50,23 @@ func mkOCIImgType(d *rhel.Distribution) *rhel.ImageType { []string{"qcow2"}, ) - it.DefaultImageConfig = qcowImageConfig(d) - it.KernelOptions = "console=tty0 console=ttyS0,115200n8 no_timer_check net.ifnames=0" + it.DefaultImageConfig = &distro.ImageConfig{ + DefaultTarget: common.ToPtr("multi-user.target"), + Hostonly: common.ToPtr(true), + SELinuxForceRelabel: common.ToPtr(true), + Files: []*fsnode.File{earlySetupFile(isX86_64)}, + EnabledServices: []string{"oci-repo-installer.service"}, + SystemdUnitCreate: []*osbuild.SystemdUnitCreateStageOptions { + ociRepoServiceInstaller(), + }, + } + + if isX86_64 { + it.KernelOptions = "console=tty0 console=ttyS0,115200n8 no_timer_check rd.net.timeout.dhcp=10 rd.net.timeout.carrier=5 netroot=iscsi:169.254.0.2:::1:iqn.2015-02.oracle.boot:uefi rd.iscsi.param=node.session.timeo.replacement_timeout=6000 net.ifnames=1 nvme_core.shutdown_timeout=10 ipmi_si.tryacpi=0 ipmi_si.trydmi=0 libiscsi.debug_libiscsi_eh=1 loglevel=4 crash_kexec_post_notifiers" + } else { + it.KernelOptions = "ro crashkernel=auto LANG=en_US.UTF-8 console=ttyAMA0 console=ttyAMA0,115200 rd.net.timeout.carrier=5 netroot=iscsi:169.254.0.2:::1:iqn.2015-02.oracle.boot:uefi rd.iscsi.param=node.session.timeo.replacement_timeout=6000 net.ifnames=1 nvme_core.shutdown_timeout=10 ipmi_si.tryacpi=0 ipmi_si.trydmi=0 libiscsi.debug_libiscsi_eh=1 loglevel=4 ip=dhcp,dhcp6 rd.net.timeout.dhcp=10 crash_kexec_post_notifiers" + } + it.DefaultSize = 10 * datasizes.GibiByte it.Bootable = true it.BasePartitionTables = defaultBasePartitionTables @@ -55,6 +74,105 @@ func mkOCIImgType(d *rhel.Distribution) *rhel.ImageType { return it } +func earlySetupFile(isX86_64 bool) *fsnode.File { + arch := "aarch64" + if isX86_64 { + arch = "x86_64" + } + file, err := fsnode.NewFile("/sbin/early-oci-setup", common.ToPtr(os.FileMode(0700)), "root", "root", []byte(`#!/usr/bin/env bash +arch=` + arch + ` + +imds_domain=$(curl -H "Authorization:Bearer Oracle" -sfm 25 http://169.254.169.254/opc/v2/instance/ 2>/dev/null | jq -r '.regionInfo.realmDomainComponent') +imds_region=$(curl -H "Authorization:Bearer Oracle" -sfm 25 http://169.254.169.254/opc/v2/instance/ 2>/dev/null | jq -r '.regionInfo.regionIdentifier') +imds_realm=$(curl -H "Authorization:Bearer Oracle" -sfm 25 http://169.254.169.254/opc/v2/instance/ 2>/dev/null | jq -r '.regionInfo.realmKey') + +function retry_command() { + + retry_attempts=5 + retry_interval_sec=2 + while [[ "$retry_attempts" -gt 0 ]]; do + command_success=true + "$@" || { command_success=false; } + if [[ "$command_success" == false ]]; then + (( retry_attempts-- )) + logger -t earlyocisetup "Error occurred running command $@. Will retry in $retry_interval_sec seconds" + sleep $retry_interval_sec + else + break + fi + done + + if [[ "$command_success" == false ]]; then + logger -t earlyocisetup "ERROR: failed to execute command '$@' (Retried $retry_attempts times)" + exit 1 + fi +} + +if [[ -n "$imds_realm" ]]; then + domain="oci.$imds_domain" + region="$imds_region" + ociregion=".$region" + reponame="oci_install" + repourl="https://yum$ociregion.$domain/repo/OracleLinux/OL9/oci/included/$arch/" +else + logger -t earlyocisetup 'Running out of OCI region' + exit 1 +fi + +echo $region > /etc/dnf/vars/region +echo $domain > /etc/dnf/vars/ocidomain +echo $ociregion > /etc/dnf/vars/ociregion + +cat < /etc/yum.repos.d/oci-install.repo +[$reponame] +name=Install OCI repo ($arch) +baseurl=$repourl +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle +gpgcheck=1 +enabled=1 +EOF + +retry_command yum install -y oci-included-release-el9 +retry_command yum install -y oci-linux-config +retry_command yum install -y python39-oci-sdk + +if $(yum repolist |grep -q "$reponame"); then + rm -f /etc/yum.repos.d/oci-install.repo +fi + +mkdir -p /var/lib/oci-repo-installer +touch /var/lib/oci-repo-installer/oci-repo-installed + +rm -f /usr/lib/systemd/system/oci-repo-installer.service /sbin/early-oci-setup + +`)) + if err != nil { + panic(err) + } + return file +} + +func ociRepoServiceInstaller() *osbuild.SystemdUnitCreateStageOptions { + return &osbuild.SystemdUnitCreateStageOptions{ + Filename: "oci-repo-installer.service", + Config: osbuild.SystemdUnit{ + Unit: &osbuild.UnitSection{ + Description: "First-boot service for installing oci repository once OCI image has booted", + ConditionPathExists: []string{"!/var/lib/oci-repo-installer/oci-repo-installed"}, + Requires: []string{"network-online.target"}, + }, + Service: &osbuild.ServiceSection{ + Type: osbuild.OneshotServiceType, + RemainAfterExit: false, + ExecStart: []string{"/usr/bin/bash /sbin/early-oci-setup"}, + }, + Install: &osbuild.InstallSection{ + WantedBy: []string{"network-online.target"}, + }, + }, + } +} + func mkOpenstackImgType() *rhel.ImageType { it := rhel.NewImageType( "openstack", @@ -80,6 +198,77 @@ func mkOpenstackImgType() *rhel.ImageType { return it } +func OCIqcow2CommonPackageSet(t *rhel.ImageType) rpmmd.PackageSet { + ps := rpmmd.PackageSet{ + Include: []string{ + "@core", + "authselect-compat", + "iscsi-initiator-utils", + "chrony", + "cloud-init", + "cloud-utils-growpart", + "cockpit-system", + "cockpit-ws", + "dnf-utils", + "dosfstools", + "nfs-utils", + "oddjob", + "oddjob-mkhomedir", + "psmisc", + "python3-jsonschema", + "qemu-guest-agent", + "redhat-release", + "rsync", + "tar", + "tuned", + "tcpdump", + }, + Exclude: []string{ + "aic94xx-firmware", + "alsa-firmware", + "alsa-lib", + "alsa-tools-firmware", + "biosdevname", + "dnf-plugin-spacewalk", + "dracut-config-rescue", + "fedora-release", + "fedora-repos", + "firewalld", + "iprutils", + "ivtv-firmware", + "iwl1000-firmware", + "iwl100-firmware", + "iwl105-firmware", + "iwl135-firmware", + "iwl2000-firmware", + "iwl2030-firmware", + "iwl3160-firmware", + "iwl3945-firmware", + "iwl4965-firmware", + "iwl5000-firmware", + "iwl5150-firmware", + "iwl6000-firmware", + "iwl6000g2a-firmware", + "iwl6000g2b-firmware", + "iwl6050-firmware", + "iwl7260-firmware", + "langpacks-*", + "langpacks-en", + "libertas-sd8787-firmware", + "nss", + "plymouth", + "rhn-check", + "rhn-setup", + "rhnsd", + "dnf-plugin-spacewalk", + "rng-tools", + "udisks2", + }, + }.Append(distroSpecificPackageSet(t)) + + return ps +} + func qcow2CommonPackageSet(t *rhel.ImageType) rpmmd.PackageSet { ps := rpmmd.PackageSet{ Include: []string{ diff --git a/vendor/github.com/osbuild/images/pkg/manifest/os.go b/vendor/github.com/osbuild/images/pkg/manifest/os.go index 5b5081c..d0b6944 100644 --- a/vendor/github.com/osbuild/images/pkg/manifest/os.go +++ b/vendor/github.com/osbuild/images/pkg/manifest/os.go @@ -107,6 +107,7 @@ type OSCustomizations struct { Modprobe []*osbuild.ModprobeStageOptions DracutConf []*osbuild.DracutConfStageOptions SystemdUnit []*osbuild.SystemdUnitStageOptions + SystemdUnitCreate []*osbuild.SystemdUnitCreateStageOptions Authselect *osbuild.AuthselectStageOptions SELinuxConfig *osbuild.SELinuxConfigStageOptions Tuned *osbuild.TunedStageOptions @@ -144,6 +145,7 @@ type OSCustomizations struct { CACerts []string FIPS bool + Hostonly bool // NoBLS configures the image bootloader with traditional menu entries // instead of BLS. Required for legacy systems like RHEL 7. @@ -541,6 +543,10 @@ func (p *OS) serialize() osbuild.Pipeline { pipeline.AddStage(osbuild.NewSystemdUnitStage(systemdUnitConfig)) } + for _, systemdUnitCreateConfig := range p.SystemdUnitCreate { + pipeline.AddStage(osbuild.NewSystemdUnitCreateStage(systemdUnitCreateConfig)) + } + if p.Authselect != nil { pipeline.AddStage(osbuild.NewAuthselectStage(p.Authselect)) } @@ -620,6 +626,14 @@ func (p *OS) serialize() osbuild.Pipeline { pipeline.AddStage(osbuild.NewUdevRulesStage(p.UdevRules)) } + if p.Hostonly { + pipeline.AddStage(osbuild.NewDracutStage(&osbuild.DracutStageOptions{ + Kernel: []string{p.kernelVer}, + EarlyMicrocode: true, + Reproducible: true, + })) + } + if pt := p.PartitionTable; pt != nil { kernelOptions := osbuild.GenImageKernelOptions(p.PartitionTable) kernelOptions = append(kernelOptions, p.KernelOptionsAppend...) -- 2.43.5