RHELAI-429: Adding upgrade informer service

Upgrade informer will run every couple of our and will be triggered by systemd timer. In order to start it on boot and run once i enabled it and timer. Disabling auto upgrade service in order to remove unexpected reboots. Service will run "bootc upgrade --check" and in case new version exists it will create motd file with upgrade info. Removed unused grow-part services
containers · Jul 10, 2024 · 859d019 · 859d019
1 parent 241e0e4
commit 859d019
Show file tree

Hide file tree

Showing 8 changed files with 70 additions and 64 deletions.
diff --git a/training/common/Makefile.common b/training/common/Makefile.common
@@ -50,7 +50,7 @@ ENABLE_RT ?=
 SSH_PUBKEY ?= $(shell cat ${HOME}/.ssh/id_rsa.pub 2> /dev/null)
 
 .PHONY: prepare-files
-prepare-files: $(OUTDIR)/$(WRAPPER) $(OUTDIR)/$(QLORA_WRAPPER) $(OUTDIR)/$(TRAIN_WRAPPER) $(OUTDIR)
+prepare-files: $(OUTDIR)/$(WRAPPER) $(OUTDIR)/$(QLORA_WRAPPER) $(OUTDIR)/$(TRAIN_WRAPPER) $(OUTDIR) common-services
 
 $(OUTDIR):
 	mkdir -p $(OUTDIR)
@@ -61,6 +61,11 @@ $(OUTDIR)/$(QLORA_WRAPPER): $(OUTDIR)
 $(OUTDIR)/$(TRAIN_WRAPPER): $(OUTDIR)
 	cp -pf $(TRAIN_WRAPPER) $(OUTDIR)
 
+.PHONY: common-services
+common-services:
+	mkdir -p build; cp -pR ../common/usr build
+
+
 .PHONY: check-sshkey
 check-sshkey:
 	@test -n "$(SSH_PUBKEY)" || \

diff --git a/training/common/usr/lib/systemd/system/bootc-generic-growpart.service b/training/common/usr/lib/systemd/system/bootc-generic-growpart.service
diff --git a/training/common/usr/lib/systemd/system/local-fs.target.wants/bootc-generic-growpart.service b/training/common/usr/lib/systemd/system/local-fs.target.wants/bootc-generic-growpart.service
diff --git a/training/common/usr/lib/systemd/system/upgrade-informer.service b/training/common/usr/lib/systemd/system/upgrade-informer.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Check for available operating system updates
+ConditionPathExists=/run/ostree-booted
+After=network-online.target
+StartLimitIntervalSec=400
+StartLimitBurst=3
+
+[Service]
+Type=oneshot
+ExecStart=/usr/libexec/upgrade-informer
+Restart=on-failure
+RestartSec=90
diff --git a/training/common/usr/lib/systemd/system/upgrade-informer.timer b/training/common/usr/lib/systemd/system/upgrade-informer.timer
@@ -0,0 +1,11 @@
+[Unit]
+Description=Runs upgrade informer periodically
+ConditionPathExists=/run/ostree-booted
+
+[Timer]
+OnBootSec=1h
+OnUnitInactiveSec=8h
+RandomizedDelaySec=2h
+
+[Install]
+WantedBy=timers.target
diff --git a/training/common/usr/libexec/bootc-generic-growpart b/training/common/usr/libexec/bootc-generic-growpart
diff --git a/training/common/usr/libexec/upgrade-informer b/training/common/usr/libexec/upgrade-informer
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# Run the command and capture its output
+output=$(bootc upgrade --check | sed -e 1q)
+message_file="/etc/motd.d/upgrade-message"
+bootc_auth="/etc/ostree/auth.json"
+
+if [[ $output == Update\ available* ]]; then
+  if [[ ! -f $message_file ]]; then
+    echo "New version was found"
+    bootc_image=$(echo "$output" | awk '{print $4}')
+    # If auth file exists we should use it
+    auth_params=""
+    if [[ -f $bootc_auth ]]; then
+      auth_params="--authfile $bootc_auth"
+    fi
+
+    # Get image version
+    # shellcheck disable=SC2086
+    image_version=$(skopeo inspect --format json $auth_params "$bootc_image" | jq '.Labels | .["image_version"] // empty' | tr -d '"')
+
+    # If upgrade available, write the output to the file
+    echo -e "\n\n   **   Attention!   ** \n** A new $image_version version is available **\n\
+** In order to apply it run: bootc upgrade --apply \n\
+** Please note that the system will reboot after the upgrade ** \n\n"  > $message_file
+  fi
+else
+  echo "No upgrade was found"
+  rm $message_file 2> /dev/null
+fi
+
+echo "Finished running upgrade informer"
diff --git a/training/nvidia-bootc/Containerfile b/training/nvidia-bootc/Containerfile
@@ -98,6 +98,8 @@ COPY --from=builder /home/builder/yum-packaging-precompiled-kmod/RPMS/*/*.rpm /r
 COPY --from=builder --chmod=444 /home/builder/yum-packaging-precompiled-kmod/tmp/firmware/*.bin /lib/firmware/nvidia/${DRIVER_VERSION}/
 # Temporary workaround until the permanent fix for libdnf is merged
 COPY nvidia-toolkit-firstboot.service /usr/lib/systemd/system/nvidia-toolkit-firstboot.service
+# Enable common services
+COPY build/usr /usr
 
 # TODO: rework this monstrosity into a build.sh (or even not shell script)
 # The need for the `cp /etc/dnf/dnf.conf` is a workaround for https://github.com/containers/bootc/issues/637
@@ -149,7 +151,13 @@ RUN mv /etc/selinux /etc/selinux.tmp \
     && echo "blacklist nouveau" > /etc/modprobe.d/blacklist_nouveau.conf \
     && sed '/\[Unit\]/a ConditionPathExists = /dev/nvidia-nvswitchctl' /usr/lib/systemd/system/nvidia-fabricmanager.service \
     && ln -s /usr/lib/systemd/system/nvidia-fabricmanager.service /etc/systemd/system/multi-user.target.wants/nvidia-fabricmanager.service \
-    && ln -s /usr/lib/systemd/system/nvidia-persistenced.service /etc/systemd/system/multi-user.target.wants/nvidia-persistenced.service
+    && ln -s /usr/lib/systemd/system/nvidia-persistenced.service /etc/systemd/system/multi-user.target.wants/nvidia-persistenced.service \
+    # enable upgrade informer timer
+    && ln -s /usr/lib/systemd/system/upgrade-informer.timer /usr/lib/systemd/system/timers.target.wants/upgrade-informer.timer \
+    # enable upgrade informer service, added as we need it to start on boot
+    && ln -s /usr/lib/systemd/system/upgrade-informer.service /usr/lib/systemd/system/basic.target.wants/upgrade-informer.service \
+    # disable auto upgrade service
+    && rm -f /usr/lib/systemd/system/default.target.wants/bootc-fetch-apply-updates.timer
 
 ARG SSHPUBKEY