support ignition in edge simplified-installer and raw-image

Signed-off-by: Antonio Murdaca <[email protected]> Signed-off-by: Antonio Murdaca <[email protected]> Signed-off-by: Irene Diez <[email protected]> Co-authored-by: Irene Diez <[email protected]> Signed-off-by: Antonio Murdaca <[email protected]>
osbuild · Jan 11, 2023 · 6a799e1 · 6a799e1
1 parent f26e684
commit 6a799e1
Show file tree

Hide file tree

Showing 8 changed files with 209 additions and 18 deletions.
diff --git a/internal/distro/rhel9/edge.go b/internal/distro/rhel9/edge.go
@@ -382,6 +382,10 @@ func edgeCommitPackageSet(t *imageType) rpmmd.PackageSet {
 		ps = ps.Append(aarch64EdgeCommitPackageSet(t))
 	}
 
+	if !common.VersionLessThan(t.arch.distro.osVersion, "9.2") || !common.VersionLessThan(t.arch.distro.osVersion, "9-stream") {
+		ps.Include = append(ps.Include, "ignition", "ignition-edge", "ssh-key-dir")
+	}
+
 	return ps
 
 }

diff --git a/internal/distro/rhel9/images.go b/internal/distro/rhel9/images.go
@@ -5,6 +5,7 @@ import (
 	"math/rand"
 
 	"github.com/osbuild/osbuild-composer/internal/blueprint"
+	"github.com/osbuild/osbuild-composer/internal/common"
 	"github.com/osbuild/osbuild-composer/internal/container"
 	"github.com/osbuild/osbuild-composer/internal/distro"
 	"github.com/osbuild/osbuild-composer/internal/fdo"
@@ -243,6 +244,9 @@ func edgeContainerImage(workload workload.Workload,
 
 	img.Platform = t.platform
 	img.OSCustomizations = osCustomizations(t, packageSets[osPkgsKey], options, containers, customizations)
+	if !common.VersionLessThan(t.arch.distro.osVersion, "9.2") || !common.VersionLessThan(t.arch.distro.osVersion, "9-stream") {
+		img.OSCustomizations.EnabledServices = append(img.OSCustomizations.EnabledServices, "ignition-firstboot-complete.service", "coreos-ignition-write-issues", "coreos-ignition-write-issues")
+	}
 	img.ContainerLanguage = img.OSCustomizations.Language
 	img.Environment = t.environment
 	img.Workload = workload
@@ -375,6 +379,7 @@ func edgeSimplifiedInstallerImage(workload workload.Workload,
 		Checksum:   options.OSTree.FetchChecksum,
 	}
 	rawImg := image.NewOSTreeRawImage(commit)
+	rawImg.Ignition = true
 
 	rawImg.Users = users.UsersFromBP(customizations.GetUsers())
 	rawImg.Groups = users.GroupsFromBP(customizations.GetGroups())

diff --git a/internal/image/ostree_raw.go b/internal/image/ostree_raw.go
@@ -36,6 +36,8 @@ type OSTreeRawImage struct {
 	Locale              string
 
 	Filename string
+
+	Ignition bool
 }
 
 func NewOSTreeRawImage(commit ostree.CommitSpec) *OSTreeRawImage {
@@ -46,7 +48,7 @@ func NewOSTreeRawImage(commit ostree.CommitSpec) *OSTreeRawImage {
 }
 
 func ostreeCompressedImagePipelines(img *OSTreeRawImage, m *manifest.Manifest, buildPipeline *manifest.Build) *manifest.XZ {
-	osPipeline := manifest.NewOSTreeDeployment(m, buildPipeline, img.Commit, img.OSName, img.Platform)
+	osPipeline := manifest.NewOSTreeDeployment(m, buildPipeline, img.Commit, img.OSName, img.Ignition, img.Platform)
 	osPipeline.PartitionTable = img.PartitionTable
 	osPipeline.Remote = img.Remote
 	osPipeline.KernelOptionsAppend = img.KernelOptionsAppend

diff --git a/internal/manifest/commit_deployment.go b/internal/manifest/commit_deployment.go
@@ -37,6 +37,9 @@ type OSTreeDeployment struct {
 	platform platform.Platform
 
 	PartitionTable *disk.PartitionTable
+
+	// Whether ignition is in use or not
+	ignition bool
 }
 
 // NewOSTreeDeployment creates a pipeline for an ostree deployment from a
@@ -45,13 +48,15 @@ func NewOSTreeDeployment(m *Manifest,
 	buildPipeline *Build,
 	commit ostree.CommitSpec,
 	osName string,
+	ignition bool,
 	platform platform.Platform) *OSTreeDeployment {
 
 	p := &OSTreeDeployment{
 		Base:     NewBase(m, "image-tree", buildPipeline),
 		commit:   commit,
 		osName:   osName,
 		platform: platform,
+		ignition: ignition,
 	}
 	buildPipeline.addDependent(p)
 	m.addPipeline(p)
@@ -95,6 +100,14 @@ func (p *OSTreeDeployment) serialize() osbuild.Pipeline {
 	kernelOpts := osbuild.GenImageKernelOptions(p.PartitionTable)
 	kernelOpts = append(kernelOpts, p.KernelOptionsAppend...)
 
+	if p.ignition {
+		kernelOpts = append(kernelOpts,
+			"coreos.no_persist_ip", // users cannot add connections as we don't have a live iso, this prevents connections to bleed into the system from the ign initrd
+			"ignition.platform.id=metal",
+			"$ignition_firstboot",
+		)
+	}
+
 	pipeline.AddStage(osbuild.NewOSTreeDeployStage(
 		&osbuild.OSTreeDeployStageOptions{
 			OsName: p.osName,
@@ -170,6 +183,10 @@ func (p *OSTreeDeployment) serialize() osbuild.Pipeline {
 		pipeline.AddStage(grpStage)
 	}
 
+	if p.ignition {
+		pipeline.AddStage(osbuild.NewIgnitionStage(&osbuild.IgnitionStageOptions{}))
+	}
+
 	// if no root password is set, lock the root account
 	hasRoot := false
 	for _, user := range p.Users {
@@ -216,6 +233,7 @@ func (p *OSTreeDeployment) serialize() osbuild.Pipeline {
 		p.platform.GetBIOSPlatform(),
 		p.platform.GetUEFIVendor(), true)
 	grubOptions.Greenboot = true
+	grubOptions.Ignition = p.ignition
 	grubOptions.Config = &osbuild.GRUB2Config{
 		Default:        "saved",
 		Timeout:        1,

diff --git a/internal/osbuild/grub2_stage.go b/internal/osbuild/grub2_stage.go
@@ -26,6 +26,7 @@ type GRUB2StageOptions struct {
 	Greenboot          bool         `json:"greenboot,omitempty"`
 	WriteCmdLine       *bool        `json:"write_cmdline,omitempty"`
 	Config             *GRUB2Config `json:"config,omitempty"`
+	Ignition           bool         `json:"ignition,omitempty"`
 }
 
 type GRUB2UEFI struct {

diff --git a/internal/osbuild/ignition_stage.go b/internal/osbuild/ignition_stage.go
@@ -5,6 +5,18 @@ import (
 	"fmt"
 )
 
+type IgnitionStageOptions struct {
+}
+
+func (IgnitionStageOptions) isStageOptions() {}
+
+func NewIgnitionStage(options *IgnitionStageOptions) *Stage {
+	return &Stage{
+		Type:    "org.osbuild.ignition",
+		Options: options,
+	}
+}
+
 type IgnitionStageInputInline struct {
 	InlineFile IgnitionStageInput `json:"inlinefile"`
 }