From 03d107fb0d35cbcd1f0225f7168a75a3a1088099 Mon Sep 17 00:00:00 2001 From: yih Date: Tue, 21 Nov 2023 20:19:23 +0800 Subject: [PATCH] test: add iot-simplified-installer test case --- check-ostree.yaml | 64 ++++++++++++++- files/fedora-39.json | 8 +- ostree-simplified-installer.sh | 142 +++++++++++++++++++++++---------- 3 files changed, 171 insertions(+), 43 deletions(-) diff --git a/check-ostree.yaml b/check-ostree.yaml index ace368ae2..14d57bccf 100644 --- a/check-ostree.yaml +++ b/check-ostree.yaml @@ -213,6 +213,27 @@ when: - "'/dev/mapper/rootvg-rootlv' in result_sysroot_source.stdout" - fdo_credential == "true" + - ansible_facts['distribution'] == 'RedHat' + + # on fedora, it grows to 18.49G + - name: "pv size should bigger than 18G" + block: + - assert: + that: + - "'18' in result_pv_size.stdout" + fail_msg: "pv size is not bigger than 18G" + success_msg: "pv size is bigger than 18G" + always: + - set_fact: + total_counter: "{{ total_counter | int + 1 }}" + rescue: + - name: failed count + 1 + set_fact: + failed_counter: "{{ failed_counter | int + 1 }}" + when: + - "'/dev/mapper/rootvg-rootlv' in result_sysroot_source.stdout" + - fdo_credential == "true" + - ansible_facts['distribution'] == "Fedora" # raw image does not have coreos-installer to grow fs to 19G - name: "pv size should keep at 9G for raw image" @@ -253,7 +274,28 @@ - name: failed count + 1 set_fact: failed_counter: "{{ failed_counter | int + 1 }}" - when: "'/dev/mapper/rootvg-rootlv' in result_sysroot_source.stdout" + when: + - "'/dev/mapper/rootvg-rootlv' in result_sysroot_source.stdout" + - ansible_facts['distribution'] == 'RedHat' + + # lv size on fedora is 7.8G, https://github.com/osbuild/osbuild-composer/issues/3529 + - name: "/sysroot lv size should be 7.8G on fedora" + block: + - assert: + that: + - "'7.8G' in result_sysroot_lv_size.stdout" + fail_msg: "lv size is not 7.8G" + success_msg: "lv size is 7.8G" + always: + - set_fact: + total_counter: "{{ total_counter | int + 1 }}" + rescue: + - name: failed count + 1 + set_fact: + failed_counter: "{{ failed_counter | int + 1 }}" + when: + - "'/dev/mapper/rootvg-rootlv' in result_sysroot_source.stdout" + - ansible_facts['distribution'] == "Fedora" # case: check /sysroot mount status - name: check /sysroot mount status @@ -1108,6 +1150,7 @@ when: - fdo_credential == "true" - ansible_facts['architecture'] == "x86_64" + - ansible_facts['distribution'] == 'RedHat' # Check re-encryption status on aarch64 - name: wait for FDO re-encryption @@ -1129,6 +1172,25 @@ - fdo_credential == "true" - ansible_facts['architecture'] == "aarch64" + # Check re-encryption status on fedora + - name: wait for FDO re-encryption + block: + - shell: cryptsetup luksDump /dev/vda3 + register: result + until: not result.stdout_lines is search("cipher_null-ecb") + retries: 30 + delay: 60 + always: + - set_fact: + total_counter: "{{ total_counter | int + 1 }}" + rescue: + - name: failed count + 1 + set_fact: + failed_counter: "{{ failed_counter | int + 1 }}" + when: + - fdo_credential == "true" + - ansible_facts['distribution'] == "Fedora" + # Check FDO status and task status - name: check fdo-client-linuxapp logs command: journalctl -u fdo-client-linuxapp diff --git a/files/fedora-39.json b/files/fedora-39.json index d3a851b3d..6963010f2 100644 --- a/files/fedora-39.json +++ b/files/fedora-39.json @@ -2,7 +2,13 @@ "x86_64": [ { "name": "fedora", - "baseurl": "https://dl.fedoraproject.org/pub/fedora/linux/development/39/Everything/x86_64/os/", + "baseurl": "https://dl.fedoraproject.org/pub/fedora/linux/releases/39/Everything/x86_64/os/", + "gpgkey": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINBGLykg8BEADURjKtgQpQNoluifXia+U3FuqGCTQ1w7iTqx1UvNhLX6tb9Qjy\nl/vjl1iXxucrd2JBnrT/21BdtaABhu2hPy7bpcGEkG8MDinAMZBzcyzHcS/JiGHZ\nd/YmMWQUgbDlApbxFSGWiXMgT0Js5QdcywHI5oiCmV0lkZ+khZ4PkVWmk6uZgYWf\nJOG5wp5TDPnoYXlA4CLb6hu2691aDm9b99XYqEjhbeIzS9bFQrdrQzRMKyzLr8NW\ns8Pq2tgyzu8txlWdBXJyAMKldTPstqtygLL9UUdo7CIQQzWqeDbAnv+WdOmiI/hR\netbbwNV+thkLJz0WD90C2L3JEeUJX5Qa4oPvfNLDeCKmJFEFUTCEdm0AYoQDjLJQ\n3d3q9M09thXO/jYM0cSnJDclssLNsNWfjJAerLadLwNnYRuralw7f74QSLYdJAJU\nSFShBlctWKnlhQ7ehockqtgXtWckkqPZZjGiMXwHde9b9Yyi+VqtUQWxSWny+9g9\n6tcoa3AdnmpqSTHQxYajD0EGXJ0z0NXfqxkI0lo8UxzypEBy4sARZ4XhTU73Zwk0\nLGhEUHlfyxXgRs6RRvM2UIoo+gou2M9rn/RWkhuHJNSfgrM0BmIBCjhjwGiS33Qh\nysLDWJMdch8lsu1fTmLEFQrOB93oieOJQ0Ysi5gQY8TOT+oZvVi9pSMJuwARAQAB\ntDFGZWRvcmEgKDM5KSA8ZmVkb3JhLTM5LXByaW1hcnlAZmVkb3JhcHJvamVjdC5v\ncmc+iQJOBBMBCAA4FiEE6PI5lvIyGGQMtEy+dc9axBi450wFAmLykg8CGw8FCwkI\nBwIGFQoJCAsCBBYCAwECHgECF4AACgkQdc9axBi450yd4w//ZtghbZX5KFstOdBS\nrcbBfCK9zmRvzeejzGl6lPKfqwx7OOHYxFlRa9MYLl8QG7Aq6yRRWzzEHiSb0wJw\nWXz5tbkAmV/fpS4wnb3FDArD44u317UAnaU+UlhgK1g62lwI2dGpvTSvohMBMeBY\nB5aBd+sLi3UtiSRM2XhxvxaWwr/oFLjKDukgrPQzeV3F/XdxGhSz/GZUVFVprcrB\nh/dIo4k0Za7YVRhlVM0coOIcKbcjxAK9CCZ8+jtdIh3/BN5zJ0RFMgqSsrWYWeft\nBI3KWLbyMfRwEtp7xSi17WXbRfsSoqwIVgP+RCSaAdVuiYs/GCRsT3ydYcDvutuJ\nYZoE53yczemM/1HZZFI04zI7KBsKm9NFH0o4K2nBWuowBm59iFvWHFpX6em54cq4\n45NwY01FkSQUqntfqCWFSowwFHAZM4gblOikq2B5zHoIntCiJlPGuaJiVSw9ZpEc\n+IEQfmXJjKGSkMbU9tmNfLR9skVQJizMTtoUQ12DWC+14anxnnR2hxnhUDAabV6y\nJ5dGeb/ArmxQj3IMrajdNwjuk9GMeMSSS2EMY8ryOuYwRbFhBOLhGAnmM5OOSUxv\nA4ipWraXDW0bK/wXI7yHMkc6WYrdV3SIXEqJBTp7npimv3JC+exWEbTLcgvV70FP\nX55M9nDtzUSayJuEcfFP2c9KQCE=\n=J4qZ\n-----END PGP PUBLIC KEY BLOCK-----\n", + "check_gpg": true + }, + { + "name": "updates", + "baseurl": "https://dl.fedoraproject.org/pub/fedora/linux/updates/39/Everything/x86_64/", "gpgkey": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINBGLykg8BEADURjKtgQpQNoluifXia+U3FuqGCTQ1w7iTqx1UvNhLX6tb9Qjy\nl/vjl1iXxucrd2JBnrT/21BdtaABhu2hPy7bpcGEkG8MDinAMZBzcyzHcS/JiGHZ\nd/YmMWQUgbDlApbxFSGWiXMgT0Js5QdcywHI5oiCmV0lkZ+khZ4PkVWmk6uZgYWf\nJOG5wp5TDPnoYXlA4CLb6hu2691aDm9b99XYqEjhbeIzS9bFQrdrQzRMKyzLr8NW\ns8Pq2tgyzu8txlWdBXJyAMKldTPstqtygLL9UUdo7CIQQzWqeDbAnv+WdOmiI/hR\netbbwNV+thkLJz0WD90C2L3JEeUJX5Qa4oPvfNLDeCKmJFEFUTCEdm0AYoQDjLJQ\n3d3q9M09thXO/jYM0cSnJDclssLNsNWfjJAerLadLwNnYRuralw7f74QSLYdJAJU\nSFShBlctWKnlhQ7ehockqtgXtWckkqPZZjGiMXwHde9b9Yyi+VqtUQWxSWny+9g9\n6tcoa3AdnmpqSTHQxYajD0EGXJ0z0NXfqxkI0lo8UxzypEBy4sARZ4XhTU73Zwk0\nLGhEUHlfyxXgRs6RRvM2UIoo+gou2M9rn/RWkhuHJNSfgrM0BmIBCjhjwGiS33Qh\nysLDWJMdch8lsu1fTmLEFQrOB93oieOJQ0Ysi5gQY8TOT+oZvVi9pSMJuwARAQAB\ntDFGZWRvcmEgKDM5KSA8ZmVkb3JhLTM5LXByaW1hcnlAZmVkb3JhcHJvamVjdC5v\ncmc+iQJOBBMBCAA4FiEE6PI5lvIyGGQMtEy+dc9axBi450wFAmLykg8CGw8FCwkI\nBwIGFQoJCAsCBBYCAwECHgECF4AACgkQdc9axBi450yd4w//ZtghbZX5KFstOdBS\nrcbBfCK9zmRvzeejzGl6lPKfqwx7OOHYxFlRa9MYLl8QG7Aq6yRRWzzEHiSb0wJw\nWXz5tbkAmV/fpS4wnb3FDArD44u317UAnaU+UlhgK1g62lwI2dGpvTSvohMBMeBY\nB5aBd+sLi3UtiSRM2XhxvxaWwr/oFLjKDukgrPQzeV3F/XdxGhSz/GZUVFVprcrB\nh/dIo4k0Za7YVRhlVM0coOIcKbcjxAK9CCZ8+jtdIh3/BN5zJ0RFMgqSsrWYWeft\nBI3KWLbyMfRwEtp7xSi17WXbRfsSoqwIVgP+RCSaAdVuiYs/GCRsT3ydYcDvutuJ\nYZoE53yczemM/1HZZFI04zI7KBsKm9NFH0o4K2nBWuowBm59iFvWHFpX6em54cq4\n45NwY01FkSQUqntfqCWFSowwFHAZM4gblOikq2B5zHoIntCiJlPGuaJiVSw9ZpEc\n+IEQfmXJjKGSkMbU9tmNfLR9skVQJizMTtoUQ12DWC+14anxnnR2hxnhUDAabV6y\nJ5dGeb/ArmxQj3IMrajdNwjuk9GMeMSSS2EMY8ryOuYwRbFhBOLhGAnmM5OOSUxv\nA4ipWraXDW0bK/wXI7yHMkc6WYrdV3SIXEqJBTp7npimv3JC+exWEbTLcgvV70FP\nX55M9nDtzUSayJuEcfFP2c9KQCE=\n=J4qZ\n-----END PGP PUBLIC KEY BLOCK-----\n", "check_gpg": true } diff --git a/ostree-simplified-installer.sh b/ostree-simplified-installer.sh index fbd957fec..6c6d0bd6c 100755 --- a/ostree-simplified-installer.sh +++ b/ostree-simplified-installer.sh @@ -39,7 +39,11 @@ sudo cp files/fdo/serviceinfo-api-server.yml /etc/fdo/serviceinfo-api-server.con sudo pip3 install yq # Prepare service api server config file sudo /usr/local/bin/yq -iy '.service_info.diskencryption_clevis |= [{disk_label: "/dev/vda4", reencrypt: true, binding: {pin: "tpm2", config: "{}"}}]' /etc/fdo/serviceinfo-api-server.conf.d/serviceinfo-api-server.yml - +# Fedora iot-simplified-installer uses /dev/vda3, https://github.com/osbuild/osbuild-composer/issues/3527 +if [[ "${ID}" == "fedora" ]]; then + echo "Change vda4 to vda3 for fedora in serviceinfo config file" + sudo sed -i 's/vda4/vda3/' /etc/fdo/serviceinfo-api-server.conf.d/serviceinfo-api-server.yml +fi # Start FDO services sudo systemctl start \ fdo-owner-onboarding-server.service \ @@ -91,6 +95,7 @@ SYSROOT_RO="false" # No FDO and Ignition in simplified installer is only supported started from 8.8 and 9.2 NO_FDO="false" +OS_NAME="redhat" # Prepare osbuild-composer repository file sudo mkdir -p /etc/osbuild-composer/repositories @@ -106,13 +111,6 @@ case "${ID}-${VERSION_ID}" in IMAGE_NAME="disk.img.xz" sudo mkdir -p /var/lib/fdo ;; - "rhel-8.7") - OSTREE_REF="rhel/8/${ARCH}/edge" - PARENT_REF="rhel/8/${ARCH}/edge" - OS_VARIANT="rhel8.7" - IMAGE_NAME="disk.img.xz" - sudo mkdir -p /var/lib/fdo - ;; "rhel-8.8") OSTREE_REF="rhel/8/${ARCH}/edge" PARENT_REF="rhel/8/${ARCH}/edge" @@ -150,13 +148,6 @@ case "${ID}-${VERSION_ID}" in IMAGE_NAME="disk.img.xz" sudo mkdir -p /var/lib/fdo ;; - "rhel-9.1") - OSTREE_REF="rhel/9/${ARCH}/edge" - PARENT_REF="rhel/9/${ARCH}/edge" - OS_VARIANT="rhel9.1" - IMAGE_NAME="disk.img.xz" - sudo mkdir -p /var/lib/fdo - ;; "rhel-9.2") OSTREE_REF="rhel/9/${ARCH}/edge" PARENT_REF="rhel/9/${ARCH}/edge" @@ -222,6 +213,22 @@ case "${ID}-${VERSION_ID}" in BLUEPRINT_USER="simple" NO_FDO="true" ;; + "fedora-"*) + OSTREE_REF="fedora/${VERSION_ID}/${ARCH}/iot" + PARENT_REF="fedora/${VERSION_ID}/${ARCH}/iot" + OS_VARIANT="fedora-unknown" + IMAGE_NAME="image.raw.xz" + CONTAINER_TYPE="iot-container" + INSTALLER_TYPE="iot-simplified-installer" + REF_PREFIX="fedora-iot" + OS_NAME="fedora" + SYSROOT_RO="true" + ANSIBLE_USER=fdouser + FDO_USER_ONBOARDING="true" + USER_IN_BLUEPRINT="true" + BLUEPRINT_USER="simple" + NO_FDO="true" + ;; *) echo "unsupported distro: ${ID}-${VERSION_ID}" exit 1;; @@ -457,9 +464,6 @@ groups = [] name = "python3" version = "*" -[customizations.kernel] -name = "kernel-rt" - [[customizations.user]] name = "admin" description = "Administrator account" @@ -469,6 +473,14 @@ home = "/home/admin/" groups = ["wheel"] EOF +# Fedora does not have kernel-rt +if [[ "$ID" != "fedora" ]]; then + tee -a "$BLUEPRINT_FILE" >> /dev/null << EOF +[customizations.kernel] +name = "kernel-rt" +EOF +fi + greenprint "๐Ÿ“„ container blueprint" cat "$BLUEPRINT_FILE" @@ -527,6 +539,14 @@ groups = [] [customizations] installation_device = "/dev/vda" + +[[customizations.user]] +name = "simple" +description = "Administrator account" +password = "\$6\$GRmb7S0p8vsYmXzH\$o0E020S.9JQGaHkszoog4ha4AQVs3sk8q0DvLjSMxoxHBKnB2FBXGQ/OkwZQfW/76ktHd0NX5nls2LPxPuUdl." +key = "${SSH_KEY_PUB}" +home = "/home/simple/" +groups = ["wheel"] EOF greenprint "๐Ÿ“„ No FDO, No ignition blueprint" @@ -588,7 +608,7 @@ EOF done # Reboot one more time to make /sysroot as RO by new ostree-libs-2022.6-3.el9.x86_64 - sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "admin@${NOFDO_GUEST_ADDRESS}" 'nohup sudo systemctl reboot &>/dev/null & exit' + sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "${BLUEPRINT_USER}@${NOFDO_GUEST_ADDRESS}" 'nohup sudo systemctl reboot &>/dev/null & exit' # Sleep 10 seconds here to make sure vm restarted already sleep 10 for _ in $(seq 0 30); do @@ -612,7 +632,7 @@ EOF ${NOFDO_GUEST_ADDRESS} [ostree_guest:vars] ansible_python_interpreter=/usr/bin/python3 -ansible_user=admin +ansible_user=${BLUEPRINT_USER} ansible_private_key_file=${SSH_KEY} ansible_ssh_common_args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" ansible_become=yes @@ -621,7 +641,7 @@ ansible_become_pass=${EDGE_USER_PASSWORD} EOF # Test IoT/Edge OS - podman run --annotation run.oci.keep_original_groups=1 -v "$(pwd)":/work:z -v "${TEMPDIR}":/tmp:z --rm quay.io/rhel-edge/ansible-runner:latest ansible-playbook -v -i /tmp/inventory -e os_name=redhat -e ostree_commit="${INSTALL_HASH}" -e ostree_ref="${REF_PREFIX}:${OSTREE_REF}" -e sysroot_ro="$SYSROOT_RO" check-ostree.yaml || RESULTS=0 + podman run --annotation run.oci.keep_original_groups=1 -v "$(pwd)":/work:z -v "${TEMPDIR}":/tmp:z --rm quay.io/rhel-edge/ansible-runner:latest ansible-playbook -v -i /tmp/inventory -e os_name="${OS_NAME}" -e ostree_commit="${INSTALL_HASH}" -e ostree_ref="${REF_PREFIX}:${OSTREE_REF}" -e sysroot_ro="$SYSROOT_RO" check-ostree.yaml || RESULTS=0 check_result greenprint "๐Ÿงน Clean up VM" @@ -763,7 +783,7 @@ for _ in $(seq 0 30); do done # Reboot one more time to make /sysroot as RO by new ostree-libs-2022.6-3.el9.x86_64 -sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "admin@${HTTP_GUEST_ADDRESS}" 'nohup sudo systemctl reboot &>/dev/null & exit' +sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "${BLUEPRINT_USER}@${HTTP_GUEST_ADDRESS}" 'nohup sudo systemctl reboot &>/dev/null & exit' # Sleep 10 seconds here to make sure vm restarted already sleep 10 for _ in $(seq 0 30); do @@ -798,7 +818,7 @@ ansible_become_pass=${EDGE_USER_PASSWORD} EOF # Test IoT/Edge OS -podman run --annotation run.oci.keep_original_groups=1 -v "$(pwd)":/work:z -v "${TEMPDIR}":/tmp:z --rm quay.io/rhel-edge/ansible-runner:latest ansible-playbook -v -i /tmp/inventory -e os_name=redhat -e ostree_commit="${INSTALL_HASH}" -e ostree_ref="${REF_PREFIX}:${OSTREE_REF}" -e fdo_credential="true" -e sysroot_ro="$SYSROOT_RO" check-ostree.yaml || RESULTS=0 +podman run --annotation run.oci.keep_original_groups=1 -v "$(pwd)":/work:z -v "${TEMPDIR}":/tmp:z --rm quay.io/rhel-edge/ansible-runner:latest ansible-playbook -v -i /tmp/inventory -e os_name="${OS_NAME}" -e ostree_commit="${INSTALL_HASH}" -e ostree_ref="${REF_PREFIX}:${OSTREE_REF}" -e fdo_credential="true" -e sysroot_ro="$SYSROOT_RO" check-ostree.yaml || RESULTS=0 # Check test result check_result @@ -826,13 +846,28 @@ description = "A rhel-edge simplified-installer image" version = "0.0.1" modules = [] groups = [] + [customizations] installation_device = "/dev/vda" + [customizations.fdo] manufacturing_server_url="http://${FDO_SERVER_ADDRESS}:8080" diun_pub_key_hash="${DIUN_PUB_KEY_HASH}" EOF +# Only RHEL 8.8, 9.2 and above support user in simplified installer bluepint +if [[ "$USER_IN_BLUEPRINT" == "true" ]]; then + tee -a "$BLUEPRINT_FILE" > /dev/null << EOF +[[customizations.user]] +name = "simple" +description = "Administrator account" +password = "\$6\$GRmb7S0p8vsYmXzH\$o0E020S.9JQGaHkszoog4ha4AQVs3sk8q0DvLjSMxoxHBKnB2FBXGQ/OkwZQfW/76ktHd0NX5nls2LPxPuUdl." +key = "${SSH_KEY_PUB}" +home = "/home/simple/" +groups = ["wheel"] +EOF +fi + greenprint "๐Ÿ“„ fdosshkey blueprint" cat "$BLUEPRINT_FILE" @@ -897,7 +932,7 @@ for _ in $(seq 0 30); do done # Reboot one more time to make /sysroot as RO by new ostree-libs-2022.6-3.el9.x86_64 -sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "admin@${PUB_KEY_GUEST_ADDRESS}" 'nohup sudo systemctl reboot &>/dev/null & exit' +sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "${BLUEPRINT_USER}@${PUB_KEY_GUEST_ADDRESS}" 'nohup sudo systemctl reboot &>/dev/null & exit' # Sleep 10 seconds here to make sure vm restarted already sleep 10 for _ in $(seq 0 30); do @@ -946,7 +981,7 @@ if [[ "$ANSIBLE_USER" == "fdouser" ]]; then fi # Test IoT/Edge OS -podman run --annotation run.oci.keep_original_groups=1 -v "$(pwd)":/work:z -v "${TEMPDIR}":/tmp:z --rm quay.io/rhel-edge/ansible-runner:latest ansible-playbook -v -i /tmp/inventory -e os_name=redhat -e ostree_commit="${INSTALL_HASH}" -e ostree_ref="${REF_PREFIX}:${OSTREE_REF}" -e fdo_credential="true" -e sysroot_ro="$SYSROOT_RO" check-ostree.yaml || RESULTS=0 +podman run --annotation run.oci.keep_original_groups=1 -v "$(pwd)":/work:z -v "${TEMPDIR}":/tmp:z --rm quay.io/rhel-edge/ansible-runner:latest ansible-playbook -v -i /tmp/inventory -e os_name="${OS_NAME}" -e ostree_commit="${INSTALL_HASH}" -e ostree_ref="${REF_PREFIX}:${OSTREE_REF}" -e fdo_credential="true" -e sysroot_ro="$SYSROOT_RO" check-ostree.yaml || RESULTS=0 # Check test result check_result @@ -980,9 +1015,6 @@ version = "*" name = "wget" version = "*" -[customizations.kernel] -name = "kernel-rt" - [[customizations.user]] name = "admin" description = "Administrator account" @@ -991,6 +1023,14 @@ home = "/home/admin/" groups = ["wheel"] EOF +# Fedora does not have kernel-rt +if [[ "$ID" != "fedora" ]]; then + tee -a "$BLUEPRINT_FILE" >> /dev/null << EOF +[customizations.kernel] +name = "kernel-rt" +EOF +fi + greenprint "๐Ÿ“„ rebase blueprint" cat "$BLUEPRINT_FILE" @@ -1047,8 +1087,8 @@ sudo composer-cli blueprints delete rebase > /dev/null # Rebase to new REF. greenprint "๐Ÿ—ณ Rebase to new ostree REF" -sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" admin@${PUB_KEY_GUEST_ADDRESS} "echo ${EDGE_USER_PASSWORD} |sudo -S rpm-ostree rebase ${REF_PREFIX}:${OSTREE_REF}" -sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" admin@${PUB_KEY_GUEST_ADDRESS} "echo ${EDGE_USER_PASSWORD} |nohup sudo -S systemctl reboot &>/dev/null & exit" +sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" ${BLUEPRINT_USER}@${PUB_KEY_GUEST_ADDRESS} "echo ${EDGE_USER_PASSWORD} |sudo -S rpm-ostree rebase ${REF_PREFIX}:${OSTREE_REF}" +sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" ${BLUEPRINT_USER}@${PUB_KEY_GUEST_ADDRESS} "echo ${EDGE_USER_PASSWORD} |nohup sudo -S systemctl reboot &>/dev/null & exit" # Sleep 10 seconds here to make sure vm restarted already sleep 10 @@ -1085,7 +1125,7 @@ if [[ "$ANSIBLE_USER" == "fdouser" ]]; then fi # Test IoT/Edge OS -podman run --annotation run.oci.keep_original_groups=1 -v "$(pwd)":/work:z -v "${TEMPDIR}":/tmp:z --rm quay.io/rhel-edge/ansible-runner:latest ansible-playbook -v -i /tmp/inventory -e os_name=redhat -e ostree_commit="${REBASE_HASH}" -e ostree_ref="${REF_PREFIX}:${OSTREE_REF}" -e fdo_credential="true" -e sysroot_ro="$SYSROOT_RO" check-ostree.yaml || RESULTS=0 +podman run --annotation run.oci.keep_original_groups=1 -v "$(pwd)":/work:z -v "${TEMPDIR}":/tmp:z --rm quay.io/rhel-edge/ansible-runner:latest ansible-playbook -v -i /tmp/inventory -e os_name="${OS_NAME}" -e ostree_commit="${REBASE_HASH}" -e ostree_ref="${REF_PREFIX}:${OSTREE_REF}" -e fdo_credential="true" -e sysroot_ro="$SYSROOT_RO" check-ostree.yaml || RESULTS=0 # Check test result check_result @@ -1122,14 +1162,29 @@ description = "A rhel-edge simplified-installer image" version = "0.0.1" modules = [] groups = [] + [customizations] installation_device = "/dev/vda" + [customizations.fdo] manufacturing_server_url="http://${FDO_SERVER_ADDRESS}:8080" diun_pub_key_root_certs=""" ${DIUN_PUB_KEY_ROOT_CERTS}""" EOF +# Only RHEL 8.8, 9.2 and above support user in simplified installer bluepint +if [[ "$USER_IN_BLUEPRINT" == "true" ]]; then + tee -a "$BLUEPRINT_FILE" > /dev/null << EOF +[[customizations.user]] +name = "simple" +description = "Administrator account" +password = "\$6\$GRmb7S0p8vsYmXzH\$o0E020S.9JQGaHkszoog4ha4AQVs3sk8q0DvLjSMxoxHBKnB2FBXGQ/OkwZQfW/76ktHd0NX5nls2LPxPuUdl." +key = "${SSH_KEY_PUB}" +home = "/home/simple/" +groups = ["wheel"] +EOF +fi + greenprint "๐Ÿ“„ fdosshkey blueprint" cat "$BLUEPRINT_FILE" @@ -1194,7 +1249,7 @@ for _ in $(seq 0 30); do done # Reboot one more time to make /sysroot as RO by new ostree-libs-2022.6-3.el9.x86_64 -sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "admin@${ROOT_CERT_GUEST_ADDRESS}" 'nohup sudo systemctl reboot &>/dev/null & exit' +sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" "${BLUEPRINT_USER}@${ROOT_CERT_GUEST_ADDRESS}" 'nohup sudo systemctl reboot &>/dev/null & exit' # Sleep 10 seconds here to make sure vm restarted already sleep 10 for _ in $(seq 0 30); do @@ -1218,7 +1273,7 @@ tee "${TEMPDIR}"/inventory > /dev/null << EOF ${ROOT_CERT_GUEST_ADDRESS} [ostree_guest:vars] ansible_python_interpreter=/usr/bin/python3 -ansible_user=admin +ansible_user=${BLUEPRINT_USER} ansible_private_key_file=${SSH_KEY} ansible_ssh_common_args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" ansible_become=yes @@ -1227,7 +1282,7 @@ ansible_become_pass=${EDGE_USER_PASSWORD} EOF # Test IoT/Edge OS -podman run --annotation run.oci.keep_original_groups=1 -v "$(pwd)":/work:z -v "${TEMPDIR}":/tmp:z --rm quay.io/rhel-edge/ansible-runner:latest ansible-playbook -v -i /tmp/inventory -e os_name=redhat -e ostree_commit="${INSTALL_HASH}" -e ostree_ref="${REF_PREFIX}:${OSTREE_REF}" -e fdo_credential="true" -e sysroot_ro="$SYSROOT_RO" check-ostree.yaml || RESULTS=0 +podman run --annotation run.oci.keep_original_groups=1 -v "$(pwd)":/work:z -v "${TEMPDIR}":/tmp:z --rm quay.io/rhel-edge/ansible-runner:latest ansible-playbook -v -i /tmp/inventory -e os_name="${OS_NAME}" -e ostree_commit="${INSTALL_HASH}" -e ostree_ref="${REF_PREFIX}:${OSTREE_REF}" -e fdo_credential="true" -e sysroot_ro="$SYSROOT_RO" check-ostree.yaml || RESULTS=0 # Check test result check_result @@ -1258,9 +1313,6 @@ version = "*" name = "wget" version = "*" -[customizations.kernel] -name = "kernel-rt" - [[customizations.user]] name = "admin" description = "Administrator account" @@ -1269,6 +1321,14 @@ home = "/home/admin/" groups = ["wheel"] EOF +# Fedora does not have kernel-rt +if [[ "$ID" != "fedora" ]]; then + tee -a "$BLUEPRINT_FILE" >> /dev/null << EOF +[customizations.kernel] +name = "kernel-rt" +EOF +fi + greenprint "๐Ÿ“„ upgrade blueprint" cat "$BLUEPRINT_FILE" @@ -1325,8 +1385,8 @@ sudo composer-cli compose delete "${COMPOSE_ID}" > /dev/null sudo composer-cli blueprints delete upgrade > /dev/null greenprint "๐Ÿ—ณ Upgrade ostree image/commit" -sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" admin@${ROOT_CERT_GUEST_ADDRESS} "echo ${EDGE_USER_PASSWORD} |sudo -S rpm-ostree upgrade" -sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" admin@${ROOT_CERT_GUEST_ADDRESS} "echo ${EDGE_USER_PASSWORD} |nohup sudo -S systemctl reboot &>/dev/null & exit" +sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" ${BLUEPRINT_USER}@${ROOT_CERT_GUEST_ADDRESS} "echo ${EDGE_USER_PASSWORD} |sudo -S rpm-ostree upgrade" +sudo ssh "${SSH_OPTIONS[@]}" -i "${SSH_KEY}" ${BLUEPRINT_USER}@${ROOT_CERT_GUEST_ADDRESS} "echo ${EDGE_USER_PASSWORD} |nohup sudo -S systemctl reboot &>/dev/null & exit" # Sleep 10 seconds here to make sure vm restarted already sleep 10 @@ -1352,7 +1412,7 @@ ${ROOT_CERT_GUEST_ADDRESS} [ostree_guest:vars] ansible_python_interpreter=/usr/bin/python3 -ansible_user=admin +ansible_user=${BLUEPRINT_USER} ansible_private_key_file=${SSH_KEY} ansible_ssh_common_args="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" ansible_become=yes @@ -1361,7 +1421,7 @@ ansible_become_pass=${EDGE_USER_PASSWORD} EOF # Test IoT/Edge OS -podman run --annotation run.oci.keep_original_groups=1 -v "$(pwd)":/work:z -v "${TEMPDIR}":/tmp:z --rm quay.io/rhel-edge/ansible-runner:latest ansible-playbook -v -i /tmp/inventory -e os_name=redhat -e ostree_commit="${UPGRADE_HASH}" -e ostree_ref="${REF_PREFIX}:${OSTREE_REF}" -e fdo_credential="true" -e sysroot_ro="$SYSROOT_RO" check-ostree.yaml || RESULTS=0 +podman run --annotation run.oci.keep_original_groups=1 -v "$(pwd)":/work:z -v "${TEMPDIR}":/tmp:z --rm quay.io/rhel-edge/ansible-runner:latest ansible-playbook -v -i /tmp/inventory -e os_name="${OS_NAME}" -e ostree_commit="${UPGRADE_HASH}" -e ostree_ref="${REF_PREFIX}:${OSTREE_REF}" -e fdo_credential="true" -e sysroot_ro="$SYSROOT_RO" check-ostree.yaml || RESULTS=0 # Check test result check_result