From 6f257facbec85b07270da20c1e85c6ca9febbd2d Mon Sep 17 00:00:00 2001 From: Jonathon Anderson Date: Fri, 29 Dec 2023 01:23:57 -0700 Subject: [PATCH] Rocky Linux Containerfile refactor - Generate point-release containerfiles from templates - Simplified configuration of dnf - SELinux support moved to examples/ - Update READMEs, including build instructions - Add disclaimer about support for point-releases Signed-off-by: Jonathon Anderson --- .github/workflows/container-publish.yml | 5 ++ README.md | 31 +++++++++- examples/rockylinux-9-selinux/Containerfile | 16 +++++ examples/rockylinux-9-selinux/README.md | 16 +++++ rockylinux-8/.gitignore | 1 + rockylinux-8/Containerfile | 13 ++-- rockylinux-8/Containerfile-8.6 | 48 -------------- rockylinux-8/Containerfile-8.7 | 48 -------------- rockylinux-8/Containerfile-8.8 | 48 -------------- rockylinux-8/Containerfile-8.9 | 48 -------------- .../Containerfile-fixed | 27 +++----- .../Containerfile-vault | 31 ++++------ rockylinux-8/Makefile | 15 +++++ rockylinux-8/README.md | 16 +++++ rockylinux-8/container_exit.sh | 9 +++ .../Containerfile-9.3 => rockylinux-8/fixed | 31 ++++------ .../yum.repos.d-8.6/Rocky-AppStream.repo | 7 --- .../yum.repos.d-8.6/Rocky-BaseOS.repo | 7 --- .../yum.repos.d-8.6/Rocky-Extras.repo | 7 --- .../yum.repos.d-8.6/Rocky-PowerTools.repo | 7 --- .../yum.repos.d-8.7/Rocky-AppStream.repo | 7 --- .../yum.repos.d-8.7/Rocky-BaseOS.repo | 7 --- .../yum.repos.d-8.7/Rocky-Extras.repo | 7 --- .../yum.repos.d-8.7/Rocky-PowerTools.repo | 7 --- .../yum.repos.d-8.8/Rocky-AppStream.repo | 7 --- .../yum.repos.d-8.8/Rocky-BaseOS.repo | 7 --- .../yum.repos.d-8.8/Rocky-Extras.repo | 7 --- .../yum.repos.d-8.8/Rocky-PowerTools.repo | 7 --- .../yum.repos.d-8.9/Rocky-AppStream.repo | 7 --- .../yum.repos.d-8.9/Rocky-BaseOS.repo | 7 --- .../yum.repos.d-8.9/Rocky-Extras.repo | 7 --- .../yum.repos.d-8.9/Rocky-PowerTools.repo | 7 --- rockylinux-9/.gitignore | 1 + rockylinux-9/Containerfile | 14 ----- rockylinux-9/Containerfile-9.0 | 62 ------------------- rockylinux-9/Containerfile-fixed | 44 +++++++++++++ rockylinux-9/Containerfile-vault | 45 ++++++++++++++ rockylinux-9/Makefile | 15 +++++ rockylinux-9/README.md | 16 +++++ rockylinux-9/container_exit.sh | 8 +++ 40 files changed, 279 insertions(+), 441 deletions(-) create mode 100644 examples/rockylinux-9-selinux/Containerfile create mode 100644 examples/rockylinux-9-selinux/README.md create mode 100644 rockylinux-8/.gitignore delete mode 100644 rockylinux-8/Containerfile-8.6 delete mode 100644 rockylinux-8/Containerfile-8.7 delete mode 100644 rockylinux-8/Containerfile-8.8 delete mode 100644 rockylinux-8/Containerfile-8.9 rename rockylinux-9/Containerfile-9.1 => rockylinux-8/Containerfile-fixed (53%) rename rockylinux-9/Containerfile-9.2 => rockylinux-8/Containerfile-vault (53%) create mode 100644 rockylinux-8/Makefile create mode 100644 rockylinux-8/README.md rename rockylinux-9/Containerfile-9.3 => rockylinux-8/fixed (53%) delete mode 100644 rockylinux-8/yum.repos.d-8.6/Rocky-AppStream.repo delete mode 100644 rockylinux-8/yum.repos.d-8.6/Rocky-BaseOS.repo delete mode 100644 rockylinux-8/yum.repos.d-8.6/Rocky-Extras.repo delete mode 100644 rockylinux-8/yum.repos.d-8.6/Rocky-PowerTools.repo delete mode 100644 rockylinux-8/yum.repos.d-8.7/Rocky-AppStream.repo delete mode 100644 rockylinux-8/yum.repos.d-8.7/Rocky-BaseOS.repo delete mode 100644 rockylinux-8/yum.repos.d-8.7/Rocky-Extras.repo delete mode 100644 rockylinux-8/yum.repos.d-8.7/Rocky-PowerTools.repo delete mode 100644 rockylinux-8/yum.repos.d-8.8/Rocky-AppStream.repo delete mode 100644 rockylinux-8/yum.repos.d-8.8/Rocky-BaseOS.repo delete mode 100644 rockylinux-8/yum.repos.d-8.8/Rocky-Extras.repo delete mode 100644 rockylinux-8/yum.repos.d-8.8/Rocky-PowerTools.repo delete mode 100644 rockylinux-8/yum.repos.d-8.9/Rocky-AppStream.repo delete mode 100644 rockylinux-8/yum.repos.d-8.9/Rocky-BaseOS.repo delete mode 100644 rockylinux-8/yum.repos.d-8.9/Rocky-Extras.repo delete mode 100644 rockylinux-8/yum.repos.d-8.9/Rocky-PowerTools.repo create mode 100644 rockylinux-9/.gitignore delete mode 100644 rockylinux-9/Containerfile-9.0 create mode 100644 rockylinux-9/Containerfile-fixed create mode 100644 rockylinux-9/Containerfile-vault create mode 100644 rockylinux-9/Makefile create mode 100644 rockylinux-9/README.md diff --git a/.github/workflows/container-publish.yml b/.github/workflows/container-publish.yml index f34d3d0..c0c5f26 100644 --- a/.github/workflows/container-publish.yml +++ b/.github/workflows/container-publish.yml @@ -91,6 +91,11 @@ jobs: - name: Checkout repository uses: actions/checkout@v3 + - name: Make Containerfiles + run: | + make -C rockylinux-8 + make -C rockylinux-9 + # Install the cosign tool # https://github.com/sigstore/cosign-installer - name: Install Cosign diff --git a/README.md b/README.md index b699d92..94a1e36 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,34 @@ # Warewulf node images -Example node images for use with Warewulf 4. +Example node container images for use with Warewulf v4. https://warewulf.org -Node images are published on Docker Hub at https://hub.docker.com/u/warewulf. +## Built examples + +These containers are published on the [GitHub container registry][1]. + +[1]: https://github.com/orgs/hpcng/packages?repo_name=warewulf-node-images + +* [Rocky Linux 8](rockylinux-8) +* [Rocky Linux 9](rockylinux-9) +* [openSUSE Leap](leap) + +## Additional examples + +Additional container definitions that are not actively built and published, but +may still be useful. + +* [Rocky Linux 9 with SELinux][examples/rockylinux-9-selinux] + +You can build any of these (or the other container definitions) locally for +import into Warewulf v4. + +```shell + +podman build examples/rockylinux-9-selinux \ + --file examples/rockylinux-9-selinux/Containerfile \ + --tag warewulf-rockylinux-selinux:9 +podman save warewulf-rockylinux-selinux:9 --output warewulf-rockylinux-selinux-9.tar +wwctl container import warewulf-rockylinux-selinux-9.tar rockylinux-selinux-9 +``` diff --git a/examples/rockylinux-9-selinux/Containerfile b/examples/rockylinux-9-selinux/Containerfile new file mode 100644 index 0000000..2c55cc7 --- /dev/null +++ b/examples/rockylinux-9-selinux/Containerfile @@ -0,0 +1,16 @@ +FROM ghcr.io/hpcng/warewulf-rockylinux:9 + +RUN dnf -y install \ + policycoreutils-python-utils \ + selinux-policy-targeted + +# For SELinux enabled nodes: +# The wwclient service fails to start on boot if an appropriate SELinux file +# context label is not set for /warewulf/wwclient. +# +# NOTE: THE FOLLOWING EXITS NONZERO WITH libsemanage VERSIONS IN EL9 +# PRIOR TO 3.3.3 SO WE FORCE A CLEAN EXIT CODE +# +# See: https://github.com/SELinuxProject/selinux/issues/343 +# +RUN semanage fcontext -N -a -t bin_t /warewulf/wwclient || true diff --git a/examples/rockylinux-9-selinux/README.md b/examples/rockylinux-9-selinux/README.md new file mode 100644 index 0000000..758d448 --- /dev/null +++ b/examples/rockylinux-9-selinux/README.md @@ -0,0 +1,16 @@ +# Rocky Linux 9 with SELinux + +Warewulf can be used to boot an selinux-equipped node. This example installs +required packages and configures SELinux policy for the `wwclient` binary +(which communicates with the Warewulf server and receives runtime overlays). + +``` +podman build . --tag rockylinux-selinux:9 +``` + +Booting a node image with selinux enabled requires (at least up to Warewulf +v4.4.1) setting `--root=tmpfs` on the relevant node and setting +`rootfstype=ramfs` as a kernel argument. For more information on these +settings, look at [wwinit/init][1]. + +[1]: https://github.com/hpcng/warewulf/blob/main/overlays/wwinit/init diff --git a/rockylinux-8/.gitignore b/rockylinux-8/.gitignore new file mode 100644 index 0000000..7375754 --- /dev/null +++ b/rockylinux-8/.gitignore @@ -0,0 +1 @@ +Containerfile-8.* diff --git a/rockylinux-8/Containerfile b/rockylinux-8/Containerfile index ca620c4..d5b818d 100644 --- a/rockylinux-8/Containerfile +++ b/rockylinux-8/Containerfile @@ -14,7 +14,7 @@ RUN dnf update -y \ kernel-core \ kernel-modules \ net-tools \ - network-scripts \ + NetworkManager \ nfs-utils \ openssh-clients \ openssh-server \ @@ -28,10 +28,13 @@ RUN dnf update -y \ words \ && dnf clean all -RUN rm -f /etc/sysconfig/network-scripts/ifcfg-e* \ - && systemctl unmask console-getty.service dev-hugepages.mount getty.target sys-fs-fuse-connections.mount systemd-logind.service systemd-remount-fs.service \ - && systemctl enable network \ - && touch /etc/sysconfig/disable-deprecation-warnings +RUN systemctl unmask \ + console-getty.service \ + dev-hugepages.mount \ + getty.target \ + sys-fs-fuse-connections.mount \ + systemd-logind.service \ + systemd-remount-fs.service COPY excludes /etc/warewulf/ COPY container_exit.sh /etc/warewulf/ diff --git a/rockylinux-8/Containerfile-8.6 b/rockylinux-8/Containerfile-8.6 deleted file mode 100644 index e1f2e78..0000000 --- a/rockylinux-8/Containerfile-8.6 +++ /dev/null @@ -1,48 +0,0 @@ -FROM docker.io/library/rockylinux:8.6 - -RUN rm -f /etc/yum.repos.d/*.repo \ - && dnf clean all - -COPY yum.repos.d-8.6/*.repo /etc/yum.repos.d - -RUN dnf update -y \ - && dnf install -y --allowerasing \ - coreutils \ - cpio \ - dhclient \ - e2fsprogs \ - ethtool \ - findutils \ - initscripts \ - ipmitool \ - iproute \ - kernel-core \ - kernel-modules \ - net-tools \ - network-scripts \ - nfs-utils \ - openssh-clients \ - openssh-server \ - pciutils \ - psmisc \ - rsync \ - rsyslog \ - strace \ - wget \ - which \ - words \ - && dnf clean all - -RUN rm -f /etc/sysconfig/network-scripts/ifcfg-e* \ - && systemctl unmask console-getty.service dev-hugepages.mount getty.target sys-fs-fuse-connections.mount systemd-logind.service systemd-remount-fs.service \ - && systemctl enable network \ - && touch /etc/sysconfig/disable-deprecation-warnings - -COPY excludes /etc/warewulf/ -COPY container_exit.sh /etc/warewulf/ - -CMD [ "/bin/echo", "-e", \ - "This image is intended to be used with the Warewulf cluster management and", \ - "\nprovisioning system.", \ - "\n", \ - "\nFor more information about Warewulf, visit https://warewulf.org" ] diff --git a/rockylinux-8/Containerfile-8.7 b/rockylinux-8/Containerfile-8.7 deleted file mode 100644 index 4b22091..0000000 --- a/rockylinux-8/Containerfile-8.7 +++ /dev/null @@ -1,48 +0,0 @@ -FROM docker.io/library/rockylinux:8.7 - -RUN rm -f /etc/yum.repos.d/*.repo \ - && dnf clean all - -COPY yum.repos.d-8.7/*.repo /etc/yum.repos.d - -RUN dnf update -y \ - && dnf install -y --allowerasing \ - coreutils \ - cpio \ - dhclient \ - e2fsprogs \ - ethtool \ - findutils \ - initscripts \ - ipmitool \ - iproute \ - kernel-core \ - kernel-modules \ - net-tools \ - network-scripts \ - nfs-utils \ - openssh-clients \ - openssh-server \ - pciutils \ - psmisc \ - rsync \ - rsyslog \ - strace \ - wget \ - which \ - words \ - && dnf clean all - -RUN rm -f /etc/sysconfig/network-scripts/ifcfg-e* \ - && systemctl unmask console-getty.service dev-hugepages.mount getty.target sys-fs-fuse-connections.mount systemd-logind.service systemd-remount-fs.service \ - && systemctl enable network \ - && touch /etc/sysconfig/disable-deprecation-warnings - -COPY excludes /etc/warewulf/ -COPY container_exit.sh /etc/warewulf/ - -CMD [ "/bin/echo", "-e", \ - "This image is intended to be used with the Warewulf cluster management and", \ - "\nprovisioning system.", \ - "\n", \ - "\nFor more information about Warewulf, visit https://warewulf.org" ] diff --git a/rockylinux-8/Containerfile-8.8 b/rockylinux-8/Containerfile-8.8 deleted file mode 100644 index 14d4e2d..0000000 --- a/rockylinux-8/Containerfile-8.8 +++ /dev/null @@ -1,48 +0,0 @@ -FROM docker.io/library/rockylinux:8.8 - -RUN rm -f /etc/yum.repos.d/*.repo \ - && dnf clean all - -COPY yum.repos.d-8.8/*.repo /etc/yum.repos.d - -RUN dnf update -y \ - && dnf install -y --allowerasing \ - coreutils \ - cpio \ - dhclient \ - e2fsprogs \ - ethtool \ - findutils \ - initscripts \ - ipmitool \ - iproute \ - kernel-core \ - kernel-modules \ - net-tools \ - network-scripts \ - nfs-utils \ - openssh-clients \ - openssh-server \ - pciutils \ - psmisc \ - rsync \ - rsyslog \ - strace \ - wget \ - which \ - words \ - && dnf clean all - -RUN rm -f /etc/sysconfig/network-scripts/ifcfg-e* \ - && systemctl unmask console-getty.service dev-hugepages.mount getty.target sys-fs-fuse-connections.mount systemd-logind.service systemd-remount-fs.service \ - && systemctl enable network \ - && touch /etc/sysconfig/disable-deprecation-warnings - -COPY excludes /etc/warewulf/ -COPY container_exit.sh /etc/warewulf/ - -CMD [ "/bin/echo", "-e", \ - "This image is intended to be used with the Warewulf cluster management and", \ - "\nprovisioning system.", \ - "\n", \ - "\nFor more information about Warewulf, visit https://warewulf.org" ] diff --git a/rockylinux-8/Containerfile-8.9 b/rockylinux-8/Containerfile-8.9 deleted file mode 100644 index ac09f27..0000000 --- a/rockylinux-8/Containerfile-8.9 +++ /dev/null @@ -1,48 +0,0 @@ -FROM docker.io/library/rockylinux:8.9 - -RUN rm -f /etc/yum.repos.d/*.repo \ - && dnf clean all - -COPY yum.repos.d-8.9/*.repo /etc/yum.repos.d - -RUN dnf update -y \ - && dnf install -y --allowerasing \ - coreutils \ - cpio \ - dhclient \ - e2fsprogs \ - ethtool \ - findutils \ - initscripts \ - ipmitool \ - iproute \ - kernel-core \ - kernel-modules \ - net-tools \ - network-scripts \ - nfs-utils \ - openssh-clients \ - openssh-server \ - pciutils \ - psmisc \ - rsync \ - rsyslog \ - strace \ - wget \ - which \ - words \ - && dnf clean all - -RUN rm -f /etc/sysconfig/network-scripts/ifcfg-e* \ - && systemctl unmask console-getty.service dev-hugepages.mount getty.target sys-fs-fuse-connections.mount systemd-logind.service systemd-remount-fs.service \ - && systemctl enable network \ - && touch /etc/sysconfig/disable-deprecation-warnings - -COPY excludes /etc/warewulf/ -COPY container_exit.sh /etc/warewulf/ - -CMD [ "/bin/echo", "-e", \ - "This image is intended to be used with the Warewulf cluster management and", \ - "\nprovisioning system.", \ - "\n", \ - "\nFor more information about Warewulf, visit https://warewulf.org" ] diff --git a/rockylinux-9/Containerfile-9.1 b/rockylinux-8/Containerfile-fixed similarity index 53% rename from rockylinux-9/Containerfile-9.1 rename to rockylinux-8/Containerfile-fixed index 2c80686..86469e5 100644 --- a/rockylinux-9/Containerfile-9.1 +++ b/rockylinux-8/Containerfile-fixed @@ -1,10 +1,8 @@ -FROM docker.io/library/rockylinux:9.1 +FROM docker.io/library/rockylinux:${releasever} -RUN rm -f /etc/yum.repos.d/*.repo \ +RUN echo "${releasever}" >/etc/dnf/vars/releasever \ && dnf clean all -COPY yum.repos.d-9.1/*.repo /etc/yum.repos.d - RUN dnf update -y \ && dnf install -y --allowerasing \ coreutils \ @@ -18,35 +16,28 @@ RUN dnf update -y \ iproute \ kernel-core \ kernel-modules \ - ncurses \ net-tools \ NetworkManager \ nfs-utils \ openssh-clients \ openssh-server \ pciutils \ - policycoreutils-python-utils \ psmisc \ rsync \ rsyslog \ strace \ - selinux-policy-targeted \ wget \ which \ words \ - rdma-core \ && dnf clean all -RUN touch /etc/sysconfig/disable-deprecation-warnings - -# For SELinux enabled nodes: -# The wwclient service fails to start on boot if appropriate SELinux file -# context label is not set for /warewulf/wwclient. -# Permanently assign bin_t fcontent label for wwclient binary that is -# deployed by wwinit overlay because warewulf runs `restorecon -R /` on node -# boot, clobbering any existing labels set in the overlay itself. -# -RUN semanage fcontext -N -a -t bin_t /warewulf/wwclient +RUN systemctl unmask \ + console-getty.service \ + dev-hugepages.mount \ + getty.target \ + sys-fs-fuse-connections.mount \ + systemd-logind.service \ + systemd-remount-fs.service COPY excludes /etc/warewulf/ COPY container_exit.sh /etc/warewulf/ diff --git a/rockylinux-9/Containerfile-9.2 b/rockylinux-8/Containerfile-vault similarity index 53% rename from rockylinux-9/Containerfile-9.2 rename to rockylinux-8/Containerfile-vault index a6b12f3..a0b8f38 100644 --- a/rockylinux-9/Containerfile-9.2 +++ b/rockylinux-8/Containerfile-vault @@ -1,10 +1,12 @@ -FROM docker.io/library/rockylinux:9.2 +FROM docker.io/library/rockylinux:${releasever} -RUN rm -f /etc/yum.repos.d/*.repo \ +RUN sed -i /etc/yum.repos.d/Rocky*.repo \ + -e 's/^#baseurl=/baseurl=/' \ + -e 's/^mirrorlist=/#mirrorlist=/' \ + && echo 'vault/rocky' >/etc/dnf/vars/contentdir \ + && echo "${releasever}" >/etc/dnf/vars/releasever \ && dnf clean all -COPY yum.repos.d-9.2/*.repo /etc/yum.repos.d - RUN dnf update -y \ && dnf install -y --allowerasing \ coreutils \ @@ -18,35 +20,28 @@ RUN dnf update -y \ iproute \ kernel-core \ kernel-modules \ - ncurses \ net-tools \ NetworkManager \ nfs-utils \ openssh-clients \ openssh-server \ pciutils \ - policycoreutils-python-utils \ psmisc \ rsync \ rsyslog \ strace \ - selinux-policy-targeted \ wget \ which \ words \ - rdma-core \ && dnf clean all -RUN touch /etc/sysconfig/disable-deprecation-warnings - -# For SELinux enabled nodes: -# The wwclient service fails to start on boot if appropriate SELinux file -# context label is not set for /warewulf/wwclient. -# Permanently assign bin_t fcontent label for wwclient binary that is -# deployed by wwinit overlay because warewulf runs `restorecon -R /` on node -# boot, clobbering any existing labels set in the overlay itself. -# -RUN semanage fcontext -N -a -t bin_t /warewulf/wwclient +RUN systemctl unmask \ + console-getty.service \ + dev-hugepages.mount \ + getty.target \ + sys-fs-fuse-connections.mount \ + systemd-logind.service \ + systemd-remount-fs.service COPY excludes /etc/warewulf/ COPY container_exit.sh /etc/warewulf/ diff --git a/rockylinux-8/Makefile b/rockylinux-8/Makefile new file mode 100644 index 0000000..fceaaec --- /dev/null +++ b/rockylinux-8/Makefile @@ -0,0 +1,15 @@ +.PHONY: all +all: Containerfile-8.6 +all: Containerfile-8.7 +all: Containerfile-8.8 +all: Containerfile-8.9 + +.PHONY: clean +clean: + rm -f Containerfile-8.* + +Containerfile-8.%: Containerfile-vault + env releasever=8.$* envsubst $@ + +Containerfile-8.9: Containerfile-fixed + env releasever=8.9 envsubst $@ diff --git a/rockylinux-8/README.md b/rockylinux-8/README.md new file mode 100644 index 0000000..898a7e1 --- /dev/null +++ b/rockylinux-8/README.md @@ -0,0 +1,16 @@ +# Rocky Linux 8 + +A Warewulf container definition based on Rocky Linux 8. + +``` +wwctl container import docker://ghcr.io/hpcng/warewulf-rockylinux:8 rockylinux-8 +``` + +Also available are definitions for individual point releases (e.g., Rocky Linux +8.6). To generate these Containerfiles, run `make`. + +The Rocky Linux community provides updates for the current point release of +Rocky Linux 8. If you need to remain on a specific point release you may want +to engage with a commercial support provider for long-term support. + +https://rockylinux.org/support diff --git a/rockylinux-8/container_exit.sh b/rockylinux-8/container_exit.sh index 84993a5..49e0936 100755 --- a/rockylinux-8/container_exit.sh +++ b/rockylinux-8/container_exit.sh @@ -4,3 +4,12 @@ LANG=C LC_CTYPE=C export LANG LC_CTYPE dnf clean all +set +x +echo " +The Rocky Linux community provides updates for the current point release of +Rocky Linux 8. If you need to remain on a specific point release (e.g., Rocky +Linux 8.8) you may want to engage with a commercial support provider for +long-term support. + +https://rockylinux.org/support +" diff --git a/rockylinux-9/Containerfile-9.3 b/rockylinux-8/fixed similarity index 53% rename from rockylinux-9/Containerfile-9.3 rename to rockylinux-8/fixed index 5f0d013..42560bf 100644 --- a/rockylinux-9/Containerfile-9.3 +++ b/rockylinux-8/fixed @@ -1,10 +1,12 @@ -FROM docker.io/library/rockylinux:9.3 +FROM docker.io/library/rockylinux:8.6 -RUN rm -f /etc/yum.repos.d/*.repo \ +RUN sed -i /etc/yum.repos.d/Rocky*.repo \ + -e 's/^#baseurl=/baseurl=/' \ + -e 's/^mirrorlist=/#mirrorlist=/' \ + && echo 'vault/rocky' >/etc/dnf/vars/contentdir \ + && echo "8.6" >/etc/dnf/vars/releasever \ && dnf clean all -COPY yum.repos.d-9.3/*.repo /etc/yum.repos.d - RUN dnf update -y \ && dnf install -y --allowerasing \ coreutils \ @@ -18,35 +20,28 @@ RUN dnf update -y \ iproute \ kernel-core \ kernel-modules \ - ncurses \ net-tools \ NetworkManager \ nfs-utils \ openssh-clients \ openssh-server \ pciutils \ - policycoreutils-python-utils \ psmisc \ rsync \ rsyslog \ strace \ - selinux-policy-targeted \ wget \ which \ words \ - rdma-core \ && dnf clean all -RUN touch /etc/sysconfig/disable-deprecation-warnings - -# For SELinux enabled nodes: -# The wwclient service fails to start on boot if appropriate SELinux file -# context label is not set for /warewulf/wwclient. -# Permanently assign bin_t fcontent label for wwclient binary that is -# deployed by wwinit overlay because warewulf runs `restorecon -R /` on node -# boot, clobbering any existing labels set in the overlay itself. -# -RUN semanage fcontext -N -a -t bin_t /warewulf/wwclient +RUN systemctl unmask \ + console-getty.service \ + dev-hugepages.mount \ + getty.target \ + sys-fs-fuse-connections.mount \ + systemd-logind.service \ + systemd-remount-fs.service COPY excludes /etc/warewulf/ COPY container_exit.sh /etc/warewulf/ diff --git a/rockylinux-8/yum.repos.d-8.6/Rocky-AppStream.repo b/rockylinux-8/yum.repos.d-8.6/Rocky-AppStream.repo deleted file mode 100644 index 548b556..0000000 --- a/rockylinux-8/yum.repos.d-8.6/Rocky-AppStream.repo +++ /dev/null @@ -1,7 +0,0 @@ -[appstream] -name=Rocky Linux - AppStream -baseurl=http://dl.rockylinux.org/vault/rocky/8.6/AppStream/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.6/Rocky-BaseOS.repo b/rockylinux-8/yum.repos.d-8.6/Rocky-BaseOS.repo deleted file mode 100644 index 1fa3144..0000000 --- a/rockylinux-8/yum.repos.d-8.6/Rocky-BaseOS.repo +++ /dev/null @@ -1,7 +0,0 @@ -[baseos] -name=Rocky Linux - BaseOS -baseurl=http://dl.rockylinux.org/vault/rocky/8.6/BaseOS/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.6/Rocky-Extras.repo b/rockylinux-8/yum.repos.d-8.6/Rocky-Extras.repo deleted file mode 100644 index deff30c..0000000 --- a/rockylinux-8/yum.repos.d-8.6/Rocky-Extras.repo +++ /dev/null @@ -1,7 +0,0 @@ -[extras] -name=Rocky Linux - Extras -baseurl=http://dl.rockylinux.org/vault/rocky/8.6/extras/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.6/Rocky-PowerTools.repo b/rockylinux-8/yum.repos.d-8.6/Rocky-PowerTools.repo deleted file mode 100644 index 582d53e..0000000 --- a/rockylinux-8/yum.repos.d-8.6/Rocky-PowerTools.repo +++ /dev/null @@ -1,7 +0,0 @@ -[powertools] -name=Rocky Linux - PowerTools -baseurl=http://dl.rockylinux.org/vault/rocky/8.6/PowerTools/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.7/Rocky-AppStream.repo b/rockylinux-8/yum.repos.d-8.7/Rocky-AppStream.repo deleted file mode 100644 index 8c8b6f2..0000000 --- a/rockylinux-8/yum.repos.d-8.7/Rocky-AppStream.repo +++ /dev/null @@ -1,7 +0,0 @@ -[appstream] -name=Rocky Linux - AppStream -baseurl=http://dl.rockylinux.org/vault/rocky/8.7/AppStream/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.7/Rocky-BaseOS.repo b/rockylinux-8/yum.repos.d-8.7/Rocky-BaseOS.repo deleted file mode 100644 index fb478d2..0000000 --- a/rockylinux-8/yum.repos.d-8.7/Rocky-BaseOS.repo +++ /dev/null @@ -1,7 +0,0 @@ -[baseos] -name=Rocky Linux - BaseOS -baseurl=http://dl.rockylinux.org/vault/rocky/8.7/BaseOS/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.7/Rocky-Extras.repo b/rockylinux-8/yum.repos.d-8.7/Rocky-Extras.repo deleted file mode 100644 index 2c33c4b..0000000 --- a/rockylinux-8/yum.repos.d-8.7/Rocky-Extras.repo +++ /dev/null @@ -1,7 +0,0 @@ -[extras] -name=Rocky Linux - Extras -baseurl=http://dl.rockylinux.org/vault/rocky/8.7/extras/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.7/Rocky-PowerTools.repo b/rockylinux-8/yum.repos.d-8.7/Rocky-PowerTools.repo deleted file mode 100644 index c65b0ea..0000000 --- a/rockylinux-8/yum.repos.d-8.7/Rocky-PowerTools.repo +++ /dev/null @@ -1,7 +0,0 @@ -[powertools] -name=Rocky Linux - PowerTools -baseurl=http://dl.rockylinux.org/vault/rocky/8.7/PowerTools/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.8/Rocky-AppStream.repo b/rockylinux-8/yum.repos.d-8.8/Rocky-AppStream.repo deleted file mode 100644 index 7ee43c0..0000000 --- a/rockylinux-8/yum.repos.d-8.8/Rocky-AppStream.repo +++ /dev/null @@ -1,7 +0,0 @@ -[appstream] -name=Rocky Linux - AppStream -baseurl=http://dl.rockylinux.org/vault/rocky/8.8/AppStream/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.8/Rocky-BaseOS.repo b/rockylinux-8/yum.repos.d-8.8/Rocky-BaseOS.repo deleted file mode 100644 index 28b24f3..0000000 --- a/rockylinux-8/yum.repos.d-8.8/Rocky-BaseOS.repo +++ /dev/null @@ -1,7 +0,0 @@ -[baseos] -name=Rocky Linux - BaseOS -baseurl=http://dl.rockylinux.org/vault/rocky/8.8/BaseOS/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.8/Rocky-Extras.repo b/rockylinux-8/yum.repos.d-8.8/Rocky-Extras.repo deleted file mode 100644 index 2b40517..0000000 --- a/rockylinux-8/yum.repos.d-8.8/Rocky-Extras.repo +++ /dev/null @@ -1,7 +0,0 @@ -[extras] -name=Rocky Linux - Extras -baseurl=http://dl.rockylinux.org/vault/rocky/8.8/extras/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.8/Rocky-PowerTools.repo b/rockylinux-8/yum.repos.d-8.8/Rocky-PowerTools.repo deleted file mode 100644 index 79e7ac2..0000000 --- a/rockylinux-8/yum.repos.d-8.8/Rocky-PowerTools.repo +++ /dev/null @@ -1,7 +0,0 @@ -[powertools] -name=Rocky Linux - PowerTools -baseurl=http://dl.rockylinux.org/vault/rocky/8.8/PowerTools/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.9/Rocky-AppStream.repo b/rockylinux-8/yum.repos.d-8.9/Rocky-AppStream.repo deleted file mode 100644 index 2a5c8a0..0000000 --- a/rockylinux-8/yum.repos.d-8.9/Rocky-AppStream.repo +++ /dev/null @@ -1,7 +0,0 @@ -[appstream] -name=Rocky Linux - AppStream -baseurl=http://dl.rockylinux.org/pub/rocky/8.9/AppStream/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.9/Rocky-BaseOS.repo b/rockylinux-8/yum.repos.d-8.9/Rocky-BaseOS.repo deleted file mode 100644 index 21d478a..0000000 --- a/rockylinux-8/yum.repos.d-8.9/Rocky-BaseOS.repo +++ /dev/null @@ -1,7 +0,0 @@ -[baseos] -name=Rocky Linux - BaseOS -baseurl=http://dl.rockylinux.org/pub/rocky/8.9/BaseOS/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.9/Rocky-Extras.repo b/rockylinux-8/yum.repos.d-8.9/Rocky-Extras.repo deleted file mode 100644 index 4adff31..0000000 --- a/rockylinux-8/yum.repos.d-8.9/Rocky-Extras.repo +++ /dev/null @@ -1,7 +0,0 @@ -[extras] -name=Rocky Linux - Extras -baseurl=http://dl.rockylinux.org/pub/rocky/8.9/extras/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.9/Rocky-PowerTools.repo b/rockylinux-8/yum.repos.d-8.9/Rocky-PowerTools.repo deleted file mode 100644 index 3dedd7f..0000000 --- a/rockylinux-8/yum.repos.d-8.9/Rocky-PowerTools.repo +++ /dev/null @@ -1,7 +0,0 @@ -[powertools] -name=Rocky Linux - PowerTools -baseurl=http://dl.rockylinux.org/pub/rocky/8.9/PowerTools/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-9/.gitignore b/rockylinux-9/.gitignore new file mode 100644 index 0000000..8657872 --- /dev/null +++ b/rockylinux-9/.gitignore @@ -0,0 +1 @@ +Containerfile-9.* diff --git a/rockylinux-9/Containerfile b/rockylinux-9/Containerfile index f4a5980..34d98a2 100644 --- a/rockylinux-9/Containerfile +++ b/rockylinux-9/Containerfile @@ -13,35 +13,21 @@ RUN dnf update -y \ iproute \ kernel-core \ kernel-modules \ - ncurses \ net-tools \ NetworkManager \ nfs-utils \ openssh-clients \ openssh-server \ pciutils \ - policycoreutils-python-utils \ psmisc \ rsync \ rsyslog \ strace \ - selinux-policy-targeted \ wget \ which \ words \ - rdma-core \ && dnf clean all -RUN touch /etc/sysconfig/disable-deprecation-warnings - -# For SELinux enabled nodes: -# The wwclient service fails to start on boot if appropriate SELinux file -# context label is not set for /warewulf/wwclient. -# Permanently assign bin_t fcontent label for wwclient binary that is -# deployed by wwinit overlay because warewulf runs `restorecon -R /` on node -# boot, clobbering any existing labels set in the overlay itself. -RUN semanage fcontext -N -a -t bin_t /warewulf/wwclient - COPY excludes /etc/warewulf/ COPY container_exit.sh /etc/warewulf/ diff --git a/rockylinux-9/Containerfile-9.0 b/rockylinux-9/Containerfile-9.0 deleted file mode 100644 index 1e7e85c..0000000 --- a/rockylinux-9/Containerfile-9.0 +++ /dev/null @@ -1,62 +0,0 @@ -FROM docker.io/library/rockylinux:9.0 - -RUN rm -f /etc/yum.repos.d/*.repo \ - && dnf clean all - -COPY yum.repos.d-9.0/*.repo /etc/yum.repos.d - -RUN dnf update -y \ - && dnf install -y --allowerasing \ - coreutils \ - cpio \ - dhclient \ - e2fsprogs \ - ethtool \ - findutils \ - initscripts \ - ipmitool \ - iproute \ - kernel-core \ - kernel-modules \ - ncurses \ - net-tools \ - NetworkManager \ - nfs-utils \ - openssh-clients \ - openssh-server \ - pciutils \ - policycoreutils-python-utils \ - psmisc \ - rsync \ - rsyslog \ - strace \ - selinux-policy-targeted \ - wget \ - which \ - words \ - rdma-core \ - && dnf clean all - -RUN touch /etc/sysconfig/disable-deprecation-warnings - -# For SELinux enabled nodes: -# The wwclient service fails to start on boot if appropriate SELinux file -# context label is not set for /warewulf/wwclient. -# Permanently assign bin_t fcontent label for wwclient binary that is -# deployed by wwinit overlay because warewulf runs `restorecon -R /` on node -# boot, clobbering any existing labels set in the overlay itself. -# -# WARNING: THE FOLLOWING RETURNS AN ERROR WITH libsemanage VERSIONS IN EL9 -# PRIOR TO 3.3.3 SO WE FORCE A CLEAN EXIT CODE -# See: https://github.com/SELinuxProject/selinux/issues/343 -# -RUN semanage fcontext -N -a -t bin_t /warewulf/wwclient || true - -COPY excludes /etc/warewulf/ -COPY container_exit.sh /etc/warewulf/ - -CMD [ "/bin/echo", "-e", \ - "This image is intended to be used with the Warewulf cluster management and", \ - "\nprovisioning system.", \ - "\n", \ - "\nFor more information about Warewulf, visit https://warewulf.org" ] diff --git a/rockylinux-9/Containerfile-fixed b/rockylinux-9/Containerfile-fixed new file mode 100644 index 0000000..1413d54 --- /dev/null +++ b/rockylinux-9/Containerfile-fixed @@ -0,0 +1,44 @@ +FROM docker.io/library/rockylinux:${releasever} + +RUN sed -i /etc/yum.repos.d/rocky*.repo \ + -e 's/^#baseurl=/baseurl=/' \ + -e 's/^mirrorlist=/#mirrorlist=/' \ + && echo "${releasever}" >/etc/dnf/vars/releasever \ + && dnf clean all + +RUN dnf update -y \ + && dnf install -y --allowerasing \ + coreutils \ + cpio \ + dhclient \ + e2fsprogs \ + ethtool \ + findutils \ + initscripts \ + ipmitool \ + iproute \ + kernel-core \ + kernel-modules \ + net-tools \ + NetworkManager \ + nfs-utils \ + openssh-clients \ + openssh-server \ + pciutils \ + psmisc \ + rsync \ + rsyslog \ + strace \ + wget \ + which \ + words \ + && dnf clean all + +COPY excludes /etc/warewulf/ +COPY container_exit.sh /etc/warewulf/ + +CMD [ "/bin/echo", "-e", \ + "This image is intended to be used with the Warewulf cluster management and", \ + "\nprovisioning system.", \ + "\n", \ + "\nFor more information about Warewulf, visit https://warewulf.org" ] diff --git a/rockylinux-9/Containerfile-vault b/rockylinux-9/Containerfile-vault new file mode 100644 index 0000000..6692f37 --- /dev/null +++ b/rockylinux-9/Containerfile-vault @@ -0,0 +1,45 @@ +FROM docker.io/library/rockylinux:${releasever} + +RUN sed -i /etc/yum.repos.d/rocky*.repo \ + -e 's/^#baseurl=/baseurl=/' \ + -e 's/^mirrorlist=/#mirrorlist=/' \ + && echo 'vault/rocky' >/etc/dnf/vars/contentdir \ + && echo "${releasever}" >/etc/dnf/vars/releasever \ + && dnf clean all + +RUN dnf update -y \ + && dnf install -y --allowerasing \ + coreutils \ + cpio \ + dhclient \ + e2fsprogs \ + ethtool \ + findutils \ + initscripts \ + ipmitool \ + iproute \ + kernel-core \ + kernel-modules \ + net-tools \ + NetworkManager \ + nfs-utils \ + openssh-clients \ + openssh-server \ + pciutils \ + psmisc \ + rsync \ + rsyslog \ + strace \ + wget \ + which \ + words \ + && dnf clean all + +COPY excludes /etc/warewulf/ +COPY container_exit.sh /etc/warewulf/ + +CMD [ "/bin/echo", "-e", \ + "This image is intended to be used with the Warewulf cluster management and", \ + "\nprovisioning system.", \ + "\n", \ + "\nFor more information about Warewulf, visit https://warewulf.org" ] diff --git a/rockylinux-9/Makefile b/rockylinux-9/Makefile new file mode 100644 index 0000000..0529d81 --- /dev/null +++ b/rockylinux-9/Makefile @@ -0,0 +1,15 @@ +.PHONY: all +all: Containerfile-9.0 +all: Containerfile-9.1 +all: Containerfile-9.2 +all: Containerfile-9.3 + +.PHONY: clean +clean: + rm -f Containerfile-9.* + +Containerfile-9.%: Containerfile-vault + env releasever=9.$* envsubst $@ + +Containerfile-9.3: Containerfile-fixed + env releasever=9.3 envsubst $@ diff --git a/rockylinux-9/README.md b/rockylinux-9/README.md new file mode 100644 index 0000000..b736b81 --- /dev/null +++ b/rockylinux-9/README.md @@ -0,0 +1,16 @@ +# Rocky Linux 8 + +A Warewulf container definition based on Rocky Linux 9. + +``` +wwctl container import docker://ghcr.io/hpcng/warewulf-rockylinux:9 rockylinux-9 +``` + +Also available are definitions for individual point releases (e.g., Rocky Linux +9.0). To generate these Containerfiles, run `make`. + +The Rocky Linux community provides updates for the current point release of +Rocky Linux 9. If you need to remain on a specific point release you may want +to engage with a commercial support provider for long-term support. + +https://rockylinux.org/support diff --git a/rockylinux-9/container_exit.sh b/rockylinux-9/container_exit.sh index 84993a5..96b140b 100755 --- a/rockylinux-9/container_exit.sh +++ b/rockylinux-9/container_exit.sh @@ -4,3 +4,11 @@ LANG=C LC_CTYPE=C export LANG LC_CTYPE dnf clean all +echo " +The Rocky Linux community provides updates for the current point release of +Rocky Linux 8. If you need to remain on a specific point release (e.g., Rocky +Linux 8.8) you may want to engage with a commercial support provider for +long-term support. + +https://rockylinux.org/support +"