From a59264cd6692f43bfefd1ca0948f46c4c2a921fb Mon Sep 17 00:00:00 2001 From: Jonathon Anderson Date: Fri, 29 Dec 2023 01:23:57 -0700 Subject: [PATCH] Initial commit of a Rocky Linux Containerfile refactor - Generate point-release containerfiles from templates - Simplified configuration of dnf - selinux support moved to examples/ - Update READMEs Signed-off-by: Jonathon Anderson --- .github/workflows/container-publish.yml | 5 ++ README.md | 19 +++++- examples/rockylinux-9-selinux/Containerfile | 16 +++++ examples/rockylinux-9-selinux/README.md | 16 +++++ rockylinux-8/.gitignore | 1 + rockylinux-8/Containerfile | 15 +++-- rockylinux-8/Containerfile-8.6 | 48 -------------- rockylinux-8/Containerfile-8.7 | 48 -------------- rockylinux-8/Containerfile-8.8 | 48 -------------- rockylinux-8/Containerfile-8.9 | 48 -------------- .../Containerfile-fixed | 29 ++++----- .../Containerfile-vault | 33 +++++----- rockylinux-8/Makefile | 15 +++++ rockylinux-8/README.md | 7 +++ .../Containerfile-9.3 => rockylinux-8/fixed | 31 ++++------ .../yum.repos.d-8.6/Rocky-AppStream.repo | 7 --- .../yum.repos.d-8.6/Rocky-BaseOS.repo | 7 --- .../yum.repos.d-8.6/Rocky-Extras.repo | 7 --- .../yum.repos.d-8.6/Rocky-PowerTools.repo | 7 --- .../yum.repos.d-8.7/Rocky-AppStream.repo | 7 --- .../yum.repos.d-8.7/Rocky-BaseOS.repo | 7 --- .../yum.repos.d-8.7/Rocky-Extras.repo | 7 --- .../yum.repos.d-8.7/Rocky-PowerTools.repo | 7 --- .../yum.repos.d-8.8/Rocky-AppStream.repo | 7 --- .../yum.repos.d-8.8/Rocky-BaseOS.repo | 7 --- .../yum.repos.d-8.8/Rocky-Extras.repo | 7 --- .../yum.repos.d-8.8/Rocky-PowerTools.repo | 7 --- .../yum.repos.d-8.9/Rocky-AppStream.repo | 7 --- .../yum.repos.d-8.9/Rocky-BaseOS.repo | 7 --- .../yum.repos.d-8.9/Rocky-Extras.repo | 7 --- .../yum.repos.d-8.9/Rocky-PowerTools.repo | 7 --- rockylinux-9/.gitignore | 1 + rockylinux-9/Containerfile | 16 +---- rockylinux-9/Containerfile-9.0 | 62 ------------------- rockylinux-9/Containerfile-fixed | 46 ++++++++++++++ rockylinux-9/Containerfile-vault | 47 ++++++++++++++ rockylinux-9/Makefile | 15 +++++ rockylinux-9/README.md | 7 +++ 38 files changed, 244 insertions(+), 441 deletions(-) create mode 100644 examples/rockylinux-9-selinux/Containerfile create mode 100644 examples/rockylinux-9-selinux/README.md create mode 100644 rockylinux-8/.gitignore delete mode 100644 rockylinux-8/Containerfile-8.6 delete mode 100644 rockylinux-8/Containerfile-8.7 delete mode 100644 rockylinux-8/Containerfile-8.8 delete mode 100644 rockylinux-8/Containerfile-8.9 rename rockylinux-9/Containerfile-9.1 => rockylinux-8/Containerfile-fixed (53%) rename rockylinux-9/Containerfile-9.2 => rockylinux-8/Containerfile-vault (53%) create mode 100644 rockylinux-8/Makefile create mode 100644 rockylinux-8/README.md rename rockylinux-9/Containerfile-9.3 => rockylinux-8/fixed (53%) delete mode 100644 rockylinux-8/yum.repos.d-8.6/Rocky-AppStream.repo delete mode 100644 rockylinux-8/yum.repos.d-8.6/Rocky-BaseOS.repo delete mode 100644 rockylinux-8/yum.repos.d-8.6/Rocky-Extras.repo delete mode 100644 rockylinux-8/yum.repos.d-8.6/Rocky-PowerTools.repo delete mode 100644 rockylinux-8/yum.repos.d-8.7/Rocky-AppStream.repo delete mode 100644 rockylinux-8/yum.repos.d-8.7/Rocky-BaseOS.repo delete mode 100644 rockylinux-8/yum.repos.d-8.7/Rocky-Extras.repo delete mode 100644 rockylinux-8/yum.repos.d-8.7/Rocky-PowerTools.repo delete mode 100644 rockylinux-8/yum.repos.d-8.8/Rocky-AppStream.repo delete mode 100644 rockylinux-8/yum.repos.d-8.8/Rocky-BaseOS.repo delete mode 100644 rockylinux-8/yum.repos.d-8.8/Rocky-Extras.repo delete mode 100644 rockylinux-8/yum.repos.d-8.8/Rocky-PowerTools.repo delete mode 100644 rockylinux-8/yum.repos.d-8.9/Rocky-AppStream.repo delete mode 100644 rockylinux-8/yum.repos.d-8.9/Rocky-BaseOS.repo delete mode 100644 rockylinux-8/yum.repos.d-8.9/Rocky-Extras.repo delete mode 100644 rockylinux-8/yum.repos.d-8.9/Rocky-PowerTools.repo create mode 100644 rockylinux-9/.gitignore delete mode 100644 rockylinux-9/Containerfile-9.0 create mode 100644 rockylinux-9/Containerfile-fixed create mode 100644 rockylinux-9/Containerfile-vault create mode 100644 rockylinux-9/Makefile create mode 100644 rockylinux-9/README.md diff --git a/.github/workflows/container-publish.yml b/.github/workflows/container-publish.yml index f34d3d0..c0c5f26 100644 --- a/.github/workflows/container-publish.yml +++ b/.github/workflows/container-publish.yml @@ -91,6 +91,11 @@ jobs: - name: Checkout repository uses: actions/checkout@v3 + - name: Make Containerfiles + run: | + make -C rockylinux-8 + make -C rockylinux-9 + # Install the cosign tool # https://github.com/sigstore/cosign-installer - name: Install Cosign diff --git a/README.md b/README.md index b699d92..9ff74b5 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,22 @@ # Warewulf node images -Example node images for use with Warewulf 4. +Example node container images for use with Warewulf v4. https://warewulf.org -Node images are published on Docker Hub at https://hub.docker.com/u/warewulf. +## Built examples + +These node images are published on the [GitHub container registry][1]. + +[1]: https://github.com/orgs/hpcng/packages?repo_name=warewulf-node-images + +* [Rocky Linux 8](rockylinux-8) +* [Rocky Linux 9](rockylinux-9) +* [openSUSE Leap](leap) + +## Additional examples + +Additional node container images that are not actively built and published, but +may still be useful. + +* [Rocky Linux 9 with SELinux][examples/rockylinux-9-selinux] diff --git a/examples/rockylinux-9-selinux/Containerfile b/examples/rockylinux-9-selinux/Containerfile new file mode 100644 index 0000000..2c55cc7 --- /dev/null +++ b/examples/rockylinux-9-selinux/Containerfile @@ -0,0 +1,16 @@ +FROM ghcr.io/hpcng/warewulf-rockylinux:9 + +RUN dnf -y install \ + policycoreutils-python-utils \ + selinux-policy-targeted + +# For SELinux enabled nodes: +# The wwclient service fails to start on boot if an appropriate SELinux file +# context label is not set for /warewulf/wwclient. +# +# NOTE: THE FOLLOWING EXITS NONZERO WITH libsemanage VERSIONS IN EL9 +# PRIOR TO 3.3.3 SO WE FORCE A CLEAN EXIT CODE +# +# See: https://github.com/SELinuxProject/selinux/issues/343 +# +RUN semanage fcontext -N -a -t bin_t /warewulf/wwclient || true diff --git a/examples/rockylinux-9-selinux/README.md b/examples/rockylinux-9-selinux/README.md new file mode 100644 index 0000000..758d448 --- /dev/null +++ b/examples/rockylinux-9-selinux/README.md @@ -0,0 +1,16 @@ +# Rocky Linux 9 with SELinux + +Warewulf can be used to boot an selinux-equipped node. This example installs +required packages and configures SELinux policy for the `wwclient` binary +(which communicates with the Warewulf server and receives runtime overlays). + +``` +podman build . --tag rockylinux-selinux:9 +``` + +Booting a node image with selinux enabled requires (at least up to Warewulf +v4.4.1) setting `--root=tmpfs` on the relevant node and setting +`rootfstype=ramfs` as a kernel argument. For more information on these +settings, look at [wwinit/init][1]. + +[1]: https://github.com/hpcng/warewulf/blob/main/overlays/wwinit/init diff --git a/rockylinux-8/.gitignore b/rockylinux-8/.gitignore new file mode 100644 index 0000000..7375754 --- /dev/null +++ b/rockylinux-8/.gitignore @@ -0,0 +1 @@ +Containerfile-8.* diff --git a/rockylinux-8/Containerfile b/rockylinux-8/Containerfile index ca620c4..090cdc9 100644 --- a/rockylinux-8/Containerfile +++ b/rockylinux-8/Containerfile @@ -1,5 +1,7 @@ FROM docker.io/library/rockylinux:8 +RUN localectl set-locale LANG=C.UTF-8 + RUN dnf update -y \ && dnf install -y --allowerasing \ coreutils \ @@ -14,7 +16,7 @@ RUN dnf update -y \ kernel-core \ kernel-modules \ net-tools \ - network-scripts \ + NetworkManager \ nfs-utils \ openssh-clients \ openssh-server \ @@ -28,10 +30,13 @@ RUN dnf update -y \ words \ && dnf clean all -RUN rm -f /etc/sysconfig/network-scripts/ifcfg-e* \ - && systemctl unmask console-getty.service dev-hugepages.mount getty.target sys-fs-fuse-connections.mount systemd-logind.service systemd-remount-fs.service \ - && systemctl enable network \ - && touch /etc/sysconfig/disable-deprecation-warnings +RUN systemctl unmask \ + console-getty.service \ + dev-hugepages.mount \ + getty.target \ + sys-fs-fuse-connections.mount \ + systemd-logind.service \ + systemd-remount-fs.service COPY excludes /etc/warewulf/ COPY container_exit.sh /etc/warewulf/ diff --git a/rockylinux-8/Containerfile-8.6 b/rockylinux-8/Containerfile-8.6 deleted file mode 100644 index e1f2e78..0000000 --- a/rockylinux-8/Containerfile-8.6 +++ /dev/null @@ -1,48 +0,0 @@ -FROM docker.io/library/rockylinux:8.6 - -RUN rm -f /etc/yum.repos.d/*.repo \ - && dnf clean all - -COPY yum.repos.d-8.6/*.repo /etc/yum.repos.d - -RUN dnf update -y \ - && dnf install -y --allowerasing \ - coreutils \ - cpio \ - dhclient \ - e2fsprogs \ - ethtool \ - findutils \ - initscripts \ - ipmitool \ - iproute \ - kernel-core \ - kernel-modules \ - net-tools \ - network-scripts \ - nfs-utils \ - openssh-clients \ - openssh-server \ - pciutils \ - psmisc \ - rsync \ - rsyslog \ - strace \ - wget \ - which \ - words \ - && dnf clean all - -RUN rm -f /etc/sysconfig/network-scripts/ifcfg-e* \ - && systemctl unmask console-getty.service dev-hugepages.mount getty.target sys-fs-fuse-connections.mount systemd-logind.service systemd-remount-fs.service \ - && systemctl enable network \ - && touch /etc/sysconfig/disable-deprecation-warnings - -COPY excludes /etc/warewulf/ -COPY container_exit.sh /etc/warewulf/ - -CMD [ "/bin/echo", "-e", \ - "This image is intended to be used with the Warewulf cluster management and", \ - "\nprovisioning system.", \ - "\n", \ - "\nFor more information about Warewulf, visit https://warewulf.org" ] diff --git a/rockylinux-8/Containerfile-8.7 b/rockylinux-8/Containerfile-8.7 deleted file mode 100644 index 4b22091..0000000 --- a/rockylinux-8/Containerfile-8.7 +++ /dev/null @@ -1,48 +0,0 @@ -FROM docker.io/library/rockylinux:8.7 - -RUN rm -f /etc/yum.repos.d/*.repo \ - && dnf clean all - -COPY yum.repos.d-8.7/*.repo /etc/yum.repos.d - -RUN dnf update -y \ - && dnf install -y --allowerasing \ - coreutils \ - cpio \ - dhclient \ - e2fsprogs \ - ethtool \ - findutils \ - initscripts \ - ipmitool \ - iproute \ - kernel-core \ - kernel-modules \ - net-tools \ - network-scripts \ - nfs-utils \ - openssh-clients \ - openssh-server \ - pciutils \ - psmisc \ - rsync \ - rsyslog \ - strace \ - wget \ - which \ - words \ - && dnf clean all - -RUN rm -f /etc/sysconfig/network-scripts/ifcfg-e* \ - && systemctl unmask console-getty.service dev-hugepages.mount getty.target sys-fs-fuse-connections.mount systemd-logind.service systemd-remount-fs.service \ - && systemctl enable network \ - && touch /etc/sysconfig/disable-deprecation-warnings - -COPY excludes /etc/warewulf/ -COPY container_exit.sh /etc/warewulf/ - -CMD [ "/bin/echo", "-e", \ - "This image is intended to be used with the Warewulf cluster management and", \ - "\nprovisioning system.", \ - "\n", \ - "\nFor more information about Warewulf, visit https://warewulf.org" ] diff --git a/rockylinux-8/Containerfile-8.8 b/rockylinux-8/Containerfile-8.8 deleted file mode 100644 index 14d4e2d..0000000 --- a/rockylinux-8/Containerfile-8.8 +++ /dev/null @@ -1,48 +0,0 @@ -FROM docker.io/library/rockylinux:8.8 - -RUN rm -f /etc/yum.repos.d/*.repo \ - && dnf clean all - -COPY yum.repos.d-8.8/*.repo /etc/yum.repos.d - -RUN dnf update -y \ - && dnf install -y --allowerasing \ - coreutils \ - cpio \ - dhclient \ - e2fsprogs \ - ethtool \ - findutils \ - initscripts \ - ipmitool \ - iproute \ - kernel-core \ - kernel-modules \ - net-tools \ - network-scripts \ - nfs-utils \ - openssh-clients \ - openssh-server \ - pciutils \ - psmisc \ - rsync \ - rsyslog \ - strace \ - wget \ - which \ - words \ - && dnf clean all - -RUN rm -f /etc/sysconfig/network-scripts/ifcfg-e* \ - && systemctl unmask console-getty.service dev-hugepages.mount getty.target sys-fs-fuse-connections.mount systemd-logind.service systemd-remount-fs.service \ - && systemctl enable network \ - && touch /etc/sysconfig/disable-deprecation-warnings - -COPY excludes /etc/warewulf/ -COPY container_exit.sh /etc/warewulf/ - -CMD [ "/bin/echo", "-e", \ - "This image is intended to be used with the Warewulf cluster management and", \ - "\nprovisioning system.", \ - "\n", \ - "\nFor more information about Warewulf, visit https://warewulf.org" ] diff --git a/rockylinux-8/Containerfile-8.9 b/rockylinux-8/Containerfile-8.9 deleted file mode 100644 index ac09f27..0000000 --- a/rockylinux-8/Containerfile-8.9 +++ /dev/null @@ -1,48 +0,0 @@ -FROM docker.io/library/rockylinux:8.9 - -RUN rm -f /etc/yum.repos.d/*.repo \ - && dnf clean all - -COPY yum.repos.d-8.9/*.repo /etc/yum.repos.d - -RUN dnf update -y \ - && dnf install -y --allowerasing \ - coreutils \ - cpio \ - dhclient \ - e2fsprogs \ - ethtool \ - findutils \ - initscripts \ - ipmitool \ - iproute \ - kernel-core \ - kernel-modules \ - net-tools \ - network-scripts \ - nfs-utils \ - openssh-clients \ - openssh-server \ - pciutils \ - psmisc \ - rsync \ - rsyslog \ - strace \ - wget \ - which \ - words \ - && dnf clean all - -RUN rm -f /etc/sysconfig/network-scripts/ifcfg-e* \ - && systemctl unmask console-getty.service dev-hugepages.mount getty.target sys-fs-fuse-connections.mount systemd-logind.service systemd-remount-fs.service \ - && systemctl enable network \ - && touch /etc/sysconfig/disable-deprecation-warnings - -COPY excludes /etc/warewulf/ -COPY container_exit.sh /etc/warewulf/ - -CMD [ "/bin/echo", "-e", \ - "This image is intended to be used with the Warewulf cluster management and", \ - "\nprovisioning system.", \ - "\n", \ - "\nFor more information about Warewulf, visit https://warewulf.org" ] diff --git a/rockylinux-9/Containerfile-9.1 b/rockylinux-8/Containerfile-fixed similarity index 53% rename from rockylinux-9/Containerfile-9.1 rename to rockylinux-8/Containerfile-fixed index 2c80686..f115bc5 100644 --- a/rockylinux-9/Containerfile-9.1 +++ b/rockylinux-8/Containerfile-fixed @@ -1,9 +1,9 @@ -FROM docker.io/library/rockylinux:9.1 +FROM docker.io/library/rockylinux:${releasever} -RUN rm -f /etc/yum.repos.d/*.repo \ - && dnf clean all +RUN localectl set-locale LANG=C.UTF-8 -COPY yum.repos.d-9.1/*.repo /etc/yum.repos.d +RUN echo "${releasever}" >/etc/dnf/vars/releasever \ + && dnf clean all RUN dnf update -y \ && dnf install -y --allowerasing \ @@ -18,35 +18,28 @@ RUN dnf update -y \ iproute \ kernel-core \ kernel-modules \ - ncurses \ net-tools \ NetworkManager \ nfs-utils \ openssh-clients \ openssh-server \ pciutils \ - policycoreutils-python-utils \ psmisc \ rsync \ rsyslog \ strace \ - selinux-policy-targeted \ wget \ which \ words \ - rdma-core \ && dnf clean all -RUN touch /etc/sysconfig/disable-deprecation-warnings - -# For SELinux enabled nodes: -# The wwclient service fails to start on boot if appropriate SELinux file -# context label is not set for /warewulf/wwclient. -# Permanently assign bin_t fcontent label for wwclient binary that is -# deployed by wwinit overlay because warewulf runs `restorecon -R /` on node -# boot, clobbering any existing labels set in the overlay itself. -# -RUN semanage fcontext -N -a -t bin_t /warewulf/wwclient +RUN systemctl unmask \ + console-getty.service \ + dev-hugepages.mount \ + getty.target \ + sys-fs-fuse-connections.mount \ + systemd-logind.service \ + systemd-remount-fs.service COPY excludes /etc/warewulf/ COPY container_exit.sh /etc/warewulf/ diff --git a/rockylinux-9/Containerfile-9.2 b/rockylinux-8/Containerfile-vault similarity index 53% rename from rockylinux-9/Containerfile-9.2 rename to rockylinux-8/Containerfile-vault index a6b12f3..54267b6 100644 --- a/rockylinux-9/Containerfile-9.2 +++ b/rockylinux-8/Containerfile-vault @@ -1,9 +1,13 @@ -FROM docker.io/library/rockylinux:9.2 +FROM docker.io/library/rockylinux:${releasever} -RUN rm -f /etc/yum.repos.d/*.repo \ - && dnf clean all +RUN localectl set-locale LANG=C.UTF-8 -COPY yum.repos.d-9.2/*.repo /etc/yum.repos.d +RUN sed -i /etc/yum.repos.d/Rocky*.repo \ + -e 's/^#baseurl=/baseurl=/' \ + -e 's/^mirrorlist=/#mirrorlist=/' \ + && echo 'vault/rocky' >/etc/dnf/vars/contentdir \ + && echo "${releasever}" >/etc/dnf/vars/releasever \ + && dnf clean all RUN dnf update -y \ && dnf install -y --allowerasing \ @@ -18,35 +22,28 @@ RUN dnf update -y \ iproute \ kernel-core \ kernel-modules \ - ncurses \ net-tools \ NetworkManager \ nfs-utils \ openssh-clients \ openssh-server \ pciutils \ - policycoreutils-python-utils \ psmisc \ rsync \ rsyslog \ strace \ - selinux-policy-targeted \ wget \ which \ words \ - rdma-core \ && dnf clean all -RUN touch /etc/sysconfig/disable-deprecation-warnings - -# For SELinux enabled nodes: -# The wwclient service fails to start on boot if appropriate SELinux file -# context label is not set for /warewulf/wwclient. -# Permanently assign bin_t fcontent label for wwclient binary that is -# deployed by wwinit overlay because warewulf runs `restorecon -R /` on node -# boot, clobbering any existing labels set in the overlay itself. -# -RUN semanage fcontext -N -a -t bin_t /warewulf/wwclient +RUN systemctl unmask \ + console-getty.service \ + dev-hugepages.mount \ + getty.target \ + sys-fs-fuse-connections.mount \ + systemd-logind.service \ + systemd-remount-fs.service COPY excludes /etc/warewulf/ COPY container_exit.sh /etc/warewulf/ diff --git a/rockylinux-8/Makefile b/rockylinux-8/Makefile new file mode 100644 index 0000000..fceaaec --- /dev/null +++ b/rockylinux-8/Makefile @@ -0,0 +1,15 @@ +.PHONY: all +all: Containerfile-8.6 +all: Containerfile-8.7 +all: Containerfile-8.8 +all: Containerfile-8.9 + +.PHONY: clean +clean: + rm -f Containerfile-8.* + +Containerfile-8.%: Containerfile-vault + env releasever=8.$* envsubst $@ + +Containerfile-8.9: Containerfile-fixed + env releasever=8.9 envsubst $@ diff --git a/rockylinux-8/README.md b/rockylinux-8/README.md new file mode 100644 index 0000000..9211d38 --- /dev/null +++ b/rockylinux-8/README.md @@ -0,0 +1,7 @@ +# Rocky Linux 8 + +A Warewulf container definition based on Rocky Linux 8. + +``` +wwctl container import docker://ghcr.io/hpcng/warewulf-rockylinux:8 rockylinux-8 +``` diff --git a/rockylinux-9/Containerfile-9.3 b/rockylinux-8/fixed similarity index 53% rename from rockylinux-9/Containerfile-9.3 rename to rockylinux-8/fixed index 5f0d013..42560bf 100644 --- a/rockylinux-9/Containerfile-9.3 +++ b/rockylinux-8/fixed @@ -1,10 +1,12 @@ -FROM docker.io/library/rockylinux:9.3 +FROM docker.io/library/rockylinux:8.6 -RUN rm -f /etc/yum.repos.d/*.repo \ +RUN sed -i /etc/yum.repos.d/Rocky*.repo \ + -e 's/^#baseurl=/baseurl=/' \ + -e 's/^mirrorlist=/#mirrorlist=/' \ + && echo 'vault/rocky' >/etc/dnf/vars/contentdir \ + && echo "8.6" >/etc/dnf/vars/releasever \ && dnf clean all -COPY yum.repos.d-9.3/*.repo /etc/yum.repos.d - RUN dnf update -y \ && dnf install -y --allowerasing \ coreutils \ @@ -18,35 +20,28 @@ RUN dnf update -y \ iproute \ kernel-core \ kernel-modules \ - ncurses \ net-tools \ NetworkManager \ nfs-utils \ openssh-clients \ openssh-server \ pciutils \ - policycoreutils-python-utils \ psmisc \ rsync \ rsyslog \ strace \ - selinux-policy-targeted \ wget \ which \ words \ - rdma-core \ && dnf clean all -RUN touch /etc/sysconfig/disable-deprecation-warnings - -# For SELinux enabled nodes: -# The wwclient service fails to start on boot if appropriate SELinux file -# context label is not set for /warewulf/wwclient. -# Permanently assign bin_t fcontent label for wwclient binary that is -# deployed by wwinit overlay because warewulf runs `restorecon -R /` on node -# boot, clobbering any existing labels set in the overlay itself. -# -RUN semanage fcontext -N -a -t bin_t /warewulf/wwclient +RUN systemctl unmask \ + console-getty.service \ + dev-hugepages.mount \ + getty.target \ + sys-fs-fuse-connections.mount \ + systemd-logind.service \ + systemd-remount-fs.service COPY excludes /etc/warewulf/ COPY container_exit.sh /etc/warewulf/ diff --git a/rockylinux-8/yum.repos.d-8.6/Rocky-AppStream.repo b/rockylinux-8/yum.repos.d-8.6/Rocky-AppStream.repo deleted file mode 100644 index 548b556..0000000 --- a/rockylinux-8/yum.repos.d-8.6/Rocky-AppStream.repo +++ /dev/null @@ -1,7 +0,0 @@ -[appstream] -name=Rocky Linux - AppStream -baseurl=http://dl.rockylinux.org/vault/rocky/8.6/AppStream/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.6/Rocky-BaseOS.repo b/rockylinux-8/yum.repos.d-8.6/Rocky-BaseOS.repo deleted file mode 100644 index 1fa3144..0000000 --- a/rockylinux-8/yum.repos.d-8.6/Rocky-BaseOS.repo +++ /dev/null @@ -1,7 +0,0 @@ -[baseos] -name=Rocky Linux - BaseOS -baseurl=http://dl.rockylinux.org/vault/rocky/8.6/BaseOS/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.6/Rocky-Extras.repo b/rockylinux-8/yum.repos.d-8.6/Rocky-Extras.repo deleted file mode 100644 index deff30c..0000000 --- a/rockylinux-8/yum.repos.d-8.6/Rocky-Extras.repo +++ /dev/null @@ -1,7 +0,0 @@ -[extras] -name=Rocky Linux - Extras -baseurl=http://dl.rockylinux.org/vault/rocky/8.6/extras/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.6/Rocky-PowerTools.repo b/rockylinux-8/yum.repos.d-8.6/Rocky-PowerTools.repo deleted file mode 100644 index 582d53e..0000000 --- a/rockylinux-8/yum.repos.d-8.6/Rocky-PowerTools.repo +++ /dev/null @@ -1,7 +0,0 @@ -[powertools] -name=Rocky Linux - PowerTools -baseurl=http://dl.rockylinux.org/vault/rocky/8.6/PowerTools/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.7/Rocky-AppStream.repo b/rockylinux-8/yum.repos.d-8.7/Rocky-AppStream.repo deleted file mode 100644 index 8c8b6f2..0000000 --- a/rockylinux-8/yum.repos.d-8.7/Rocky-AppStream.repo +++ /dev/null @@ -1,7 +0,0 @@ -[appstream] -name=Rocky Linux - AppStream -baseurl=http://dl.rockylinux.org/vault/rocky/8.7/AppStream/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.7/Rocky-BaseOS.repo b/rockylinux-8/yum.repos.d-8.7/Rocky-BaseOS.repo deleted file mode 100644 index fb478d2..0000000 --- a/rockylinux-8/yum.repos.d-8.7/Rocky-BaseOS.repo +++ /dev/null @@ -1,7 +0,0 @@ -[baseos] -name=Rocky Linux - BaseOS -baseurl=http://dl.rockylinux.org/vault/rocky/8.7/BaseOS/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.7/Rocky-Extras.repo b/rockylinux-8/yum.repos.d-8.7/Rocky-Extras.repo deleted file mode 100644 index 2c33c4b..0000000 --- a/rockylinux-8/yum.repos.d-8.7/Rocky-Extras.repo +++ /dev/null @@ -1,7 +0,0 @@ -[extras] -name=Rocky Linux - Extras -baseurl=http://dl.rockylinux.org/vault/rocky/8.7/extras/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.7/Rocky-PowerTools.repo b/rockylinux-8/yum.repos.d-8.7/Rocky-PowerTools.repo deleted file mode 100644 index c65b0ea..0000000 --- a/rockylinux-8/yum.repos.d-8.7/Rocky-PowerTools.repo +++ /dev/null @@ -1,7 +0,0 @@ -[powertools] -name=Rocky Linux - PowerTools -baseurl=http://dl.rockylinux.org/vault/rocky/8.7/PowerTools/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.8/Rocky-AppStream.repo b/rockylinux-8/yum.repos.d-8.8/Rocky-AppStream.repo deleted file mode 100644 index 7ee43c0..0000000 --- a/rockylinux-8/yum.repos.d-8.8/Rocky-AppStream.repo +++ /dev/null @@ -1,7 +0,0 @@ -[appstream] -name=Rocky Linux - AppStream -baseurl=http://dl.rockylinux.org/vault/rocky/8.8/AppStream/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.8/Rocky-BaseOS.repo b/rockylinux-8/yum.repos.d-8.8/Rocky-BaseOS.repo deleted file mode 100644 index 28b24f3..0000000 --- a/rockylinux-8/yum.repos.d-8.8/Rocky-BaseOS.repo +++ /dev/null @@ -1,7 +0,0 @@ -[baseos] -name=Rocky Linux - BaseOS -baseurl=http://dl.rockylinux.org/vault/rocky/8.8/BaseOS/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.8/Rocky-Extras.repo b/rockylinux-8/yum.repos.d-8.8/Rocky-Extras.repo deleted file mode 100644 index 2b40517..0000000 --- a/rockylinux-8/yum.repos.d-8.8/Rocky-Extras.repo +++ /dev/null @@ -1,7 +0,0 @@ -[extras] -name=Rocky Linux - Extras -baseurl=http://dl.rockylinux.org/vault/rocky/8.8/extras/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.8/Rocky-PowerTools.repo b/rockylinux-8/yum.repos.d-8.8/Rocky-PowerTools.repo deleted file mode 100644 index 79e7ac2..0000000 --- a/rockylinux-8/yum.repos.d-8.8/Rocky-PowerTools.repo +++ /dev/null @@ -1,7 +0,0 @@ -[powertools] -name=Rocky Linux - PowerTools -baseurl=http://dl.rockylinux.org/vault/rocky/8.8/PowerTools/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.9/Rocky-AppStream.repo b/rockylinux-8/yum.repos.d-8.9/Rocky-AppStream.repo deleted file mode 100644 index 2a5c8a0..0000000 --- a/rockylinux-8/yum.repos.d-8.9/Rocky-AppStream.repo +++ /dev/null @@ -1,7 +0,0 @@ -[appstream] -name=Rocky Linux - AppStream -baseurl=http://dl.rockylinux.org/pub/rocky/8.9/AppStream/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.9/Rocky-BaseOS.repo b/rockylinux-8/yum.repos.d-8.9/Rocky-BaseOS.repo deleted file mode 100644 index 21d478a..0000000 --- a/rockylinux-8/yum.repos.d-8.9/Rocky-BaseOS.repo +++ /dev/null @@ -1,7 +0,0 @@ -[baseos] -name=Rocky Linux - BaseOS -baseurl=http://dl.rockylinux.org/pub/rocky/8.9/BaseOS/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.9/Rocky-Extras.repo b/rockylinux-8/yum.repos.d-8.9/Rocky-Extras.repo deleted file mode 100644 index 4adff31..0000000 --- a/rockylinux-8/yum.repos.d-8.9/Rocky-Extras.repo +++ /dev/null @@ -1,7 +0,0 @@ -[extras] -name=Rocky Linux - Extras -baseurl=http://dl.rockylinux.org/pub/rocky/8.9/extras/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-8/yum.repos.d-8.9/Rocky-PowerTools.repo b/rockylinux-8/yum.repos.d-8.9/Rocky-PowerTools.repo deleted file mode 100644 index 3dedd7f..0000000 --- a/rockylinux-8/yum.repos.d-8.9/Rocky-PowerTools.repo +++ /dev/null @@ -1,7 +0,0 @@ -[powertools] -name=Rocky Linux - PowerTools -baseurl=http://dl.rockylinux.org/pub/rocky/8.9/PowerTools/$basearch/os/ -gpgcheck=1 -enabled=1 -countme=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial diff --git a/rockylinux-9/.gitignore b/rockylinux-9/.gitignore new file mode 100644 index 0000000..8657872 --- /dev/null +++ b/rockylinux-9/.gitignore @@ -0,0 +1 @@ +Containerfile-9.* diff --git a/rockylinux-9/Containerfile b/rockylinux-9/Containerfile index f4a5980..010f686 100644 --- a/rockylinux-9/Containerfile +++ b/rockylinux-9/Containerfile @@ -1,5 +1,7 @@ FROM docker.io/library/rockylinux:9 +RUN localectl set-locale LANG=C.UTF-8 + RUN dnf update -y \ && dnf install -y --allowerasing \ coreutils \ @@ -13,35 +15,21 @@ RUN dnf update -y \ iproute \ kernel-core \ kernel-modules \ - ncurses \ net-tools \ NetworkManager \ nfs-utils \ openssh-clients \ openssh-server \ pciutils \ - policycoreutils-python-utils \ psmisc \ rsync \ rsyslog \ strace \ - selinux-policy-targeted \ wget \ which \ words \ - rdma-core \ && dnf clean all -RUN touch /etc/sysconfig/disable-deprecation-warnings - -# For SELinux enabled nodes: -# The wwclient service fails to start on boot if appropriate SELinux file -# context label is not set for /warewulf/wwclient. -# Permanently assign bin_t fcontent label for wwclient binary that is -# deployed by wwinit overlay because warewulf runs `restorecon -R /` on node -# boot, clobbering any existing labels set in the overlay itself. -RUN semanage fcontext -N -a -t bin_t /warewulf/wwclient - COPY excludes /etc/warewulf/ COPY container_exit.sh /etc/warewulf/ diff --git a/rockylinux-9/Containerfile-9.0 b/rockylinux-9/Containerfile-9.0 deleted file mode 100644 index 1e7e85c..0000000 --- a/rockylinux-9/Containerfile-9.0 +++ /dev/null @@ -1,62 +0,0 @@ -FROM docker.io/library/rockylinux:9.0 - -RUN rm -f /etc/yum.repos.d/*.repo \ - && dnf clean all - -COPY yum.repos.d-9.0/*.repo /etc/yum.repos.d - -RUN dnf update -y \ - && dnf install -y --allowerasing \ - coreutils \ - cpio \ - dhclient \ - e2fsprogs \ - ethtool \ - findutils \ - initscripts \ - ipmitool \ - iproute \ - kernel-core \ - kernel-modules \ - ncurses \ - net-tools \ - NetworkManager \ - nfs-utils \ - openssh-clients \ - openssh-server \ - pciutils \ - policycoreutils-python-utils \ - psmisc \ - rsync \ - rsyslog \ - strace \ - selinux-policy-targeted \ - wget \ - which \ - words \ - rdma-core \ - && dnf clean all - -RUN touch /etc/sysconfig/disable-deprecation-warnings - -# For SELinux enabled nodes: -# The wwclient service fails to start on boot if appropriate SELinux file -# context label is not set for /warewulf/wwclient. -# Permanently assign bin_t fcontent label for wwclient binary that is -# deployed by wwinit overlay because warewulf runs `restorecon -R /` on node -# boot, clobbering any existing labels set in the overlay itself. -# -# WARNING: THE FOLLOWING RETURNS AN ERROR WITH libsemanage VERSIONS IN EL9 -# PRIOR TO 3.3.3 SO WE FORCE A CLEAN EXIT CODE -# See: https://github.com/SELinuxProject/selinux/issues/343 -# -RUN semanage fcontext -N -a -t bin_t /warewulf/wwclient || true - -COPY excludes /etc/warewulf/ -COPY container_exit.sh /etc/warewulf/ - -CMD [ "/bin/echo", "-e", \ - "This image is intended to be used with the Warewulf cluster management and", \ - "\nprovisioning system.", \ - "\n", \ - "\nFor more information about Warewulf, visit https://warewulf.org" ] diff --git a/rockylinux-9/Containerfile-fixed b/rockylinux-9/Containerfile-fixed new file mode 100644 index 0000000..c59e608 --- /dev/null +++ b/rockylinux-9/Containerfile-fixed @@ -0,0 +1,46 @@ +FROM docker.io/library/rockylinux:${releasever} + +RUN localectl set-locale LANG=C.UTF-8 + +RUN sed -i /etc/yum.repos.d/rocky*.repo \ + -e 's/^#baseurl=/baseurl=/' \ + -e 's/^mirrorlist=/#mirrorlist=/' \ + && echo "${releasever}" >/etc/dnf/vars/releasever \ + && dnf clean all + +RUN dnf update -y \ + && dnf install -y --allowerasing \ + coreutils \ + cpio \ + dhclient \ + e2fsprogs \ + ethtool \ + findutils \ + initscripts \ + ipmitool \ + iproute \ + kernel-core \ + kernel-modules \ + net-tools \ + NetworkManager \ + nfs-utils \ + openssh-clients \ + openssh-server \ + pciutils \ + psmisc \ + rsync \ + rsyslog \ + strace \ + wget \ + which \ + words \ + && dnf clean all + +COPY excludes /etc/warewulf/ +COPY container_exit.sh /etc/warewulf/ + +CMD [ "/bin/echo", "-e", \ + "This image is intended to be used with the Warewulf cluster management and", \ + "\nprovisioning system.", \ + "\n", \ + "\nFor more information about Warewulf, visit https://warewulf.org" ] diff --git a/rockylinux-9/Containerfile-vault b/rockylinux-9/Containerfile-vault new file mode 100644 index 0000000..e64e44c --- /dev/null +++ b/rockylinux-9/Containerfile-vault @@ -0,0 +1,47 @@ +FROM docker.io/library/rockylinux:${releasever} + +RUN localectl set-locale LANG=C.UTF-8 + +RUN sed -i /etc/yum.repos.d/rocky*.repo \ + -e 's/^#baseurl=/baseurl=/' \ + -e 's/^mirrorlist=/#mirrorlist=/' \ + && echo 'vault/rocky' >/etc/dnf/vars/contentdir \ + && echo "${releasever}" >/etc/dnf/vars/releasever \ + && dnf clean all + +RUN dnf update -y \ + && dnf install -y --allowerasing \ + coreutils \ + cpio \ + dhclient \ + e2fsprogs \ + ethtool \ + findutils \ + initscripts \ + ipmitool \ + iproute \ + kernel-core \ + kernel-modules \ + net-tools \ + NetworkManager \ + nfs-utils \ + openssh-clients \ + openssh-server \ + pciutils \ + psmisc \ + rsync \ + rsyslog \ + strace \ + wget \ + which \ + words \ + && dnf clean all + +COPY excludes /etc/warewulf/ +COPY container_exit.sh /etc/warewulf/ + +CMD [ "/bin/echo", "-e", \ + "This image is intended to be used with the Warewulf cluster management and", \ + "\nprovisioning system.", \ + "\n", \ + "\nFor more information about Warewulf, visit https://warewulf.org" ] diff --git a/rockylinux-9/Makefile b/rockylinux-9/Makefile new file mode 100644 index 0000000..0529d81 --- /dev/null +++ b/rockylinux-9/Makefile @@ -0,0 +1,15 @@ +.PHONY: all +all: Containerfile-9.0 +all: Containerfile-9.1 +all: Containerfile-9.2 +all: Containerfile-9.3 + +.PHONY: clean +clean: + rm -f Containerfile-9.* + +Containerfile-9.%: Containerfile-vault + env releasever=9.$* envsubst $@ + +Containerfile-9.3: Containerfile-fixed + env releasever=9.3 envsubst $@ diff --git a/rockylinux-9/README.md b/rockylinux-9/README.md new file mode 100644 index 0000000..41e802e --- /dev/null +++ b/rockylinux-9/README.md @@ -0,0 +1,7 @@ +# Rocky Linux 8 + +A Warewulf container definition based on Rocky Linux 9. + +``` +wwctl container import docker://ghcr.io/hpcng/warewulf-rockylinux:9 rockylinux-9 +```