Skip to content

Commit

Permalink
Merge pull request #44 from anderbubble/rockylinux-refactor
Browse files Browse the repository at this point in the history
Rocky Linux Containerfile refactor
  • Loading branch information
anderbubble authored Dec 30, 2023
2 parents 1e64182 + 073b530 commit f8b122f
Show file tree
Hide file tree
Showing 56 changed files with 286 additions and 1,233 deletions.
5 changes: 5 additions & 0 deletions .github/workflows/container-publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,11 @@ jobs:
- name: Checkout repository
uses: actions/checkout@v3

- name: Make Containerfiles
run: |
make -C rockylinux-8
make -C rockylinux-9
# Install the cosign tool
# https://github.com/sigstore/cosign-installer
- name: Install Cosign
Expand Down
31 changes: 29 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,34 @@
# Warewulf node images

Example node images for use with Warewulf 4.
Example node container images for use with Warewulf v4.

https://warewulf.org

Node images are published on Docker Hub at https://hub.docker.com/u/warewulf.
## Built examples

These containers are published on the [GitHub container registry][1].

[1]: https://github.com/orgs/hpcng/packages?repo_name=warewulf-node-images

* [Rocky Linux 8](rockylinux-8)
* [Rocky Linux 9](rockylinux-9)
* [openSUSE Leap](leap)

## Additional examples

Additional container definitions that are not actively built and published, but
may still be useful.

* [Rocky Linux 9 with SELinux][examples/rockylinux-9-selinux]

You can build any of these (or the other container definitions) locally for
import into Warewulf v4.

```shell

podman build examples/rockylinux-9-selinux \
--file examples/rockylinux-9-selinux/Containerfile \
--tag warewulf-rockylinux-selinux:9
podman save warewulf-rockylinux-selinux:9 --output warewulf-rockylinux-selinux-9.tar
wwctl container import warewulf-rockylinux-selinux-9.tar rockylinux-selinux-9
```
16 changes: 16 additions & 0 deletions examples/rockylinux-9-selinux/Containerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
FROM ghcr.io/hpcng/warewulf-rockylinux:9

RUN dnf -y install \
policycoreutils-python-utils \
selinux-policy-targeted

# For SELinux enabled nodes:
# The wwclient service fails to start on boot if an appropriate SELinux file
# context label is not set for /warewulf/wwclient.
#
# NOTE: THE FOLLOWING EXITS NONZERO WITH libsemanage VERSIONS IN EL9
# PRIOR TO 3.3.3 SO WE FORCE A CLEAN EXIT CODE
#
# See: https://github.com/SELinuxProject/selinux/issues/343
#
RUN semanage fcontext -N -a -t bin_t /warewulf/wwclient || true
16 changes: 16 additions & 0 deletions examples/rockylinux-9-selinux/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# Rocky Linux 9 with SELinux

Warewulf can be used to boot an selinux-equipped node. This example installs
required packages and configures SELinux policy for the `wwclient` binary
(which communicates with the Warewulf server and receives runtime overlays).

```
podman build . --tag rockylinux-selinux:9
```

Booting a node image with selinux enabled requires (at least up to Warewulf
v4.4.1) setting `--root=tmpfs` on the relevant node and setting
`rootfstype=ramfs` as a kernel argument. For more information on these
settings, look at [wwinit/init][1].

[1]: https://github.com/hpcng/warewulf/blob/main/overlays/wwinit/init
1 change: 1 addition & 0 deletions rockylinux-8/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Containerfile-8.*
13 changes: 8 additions & 5 deletions rockylinux-8/Containerfile
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ RUN dnf update -y \
kernel-core \
kernel-modules \
net-tools \
network-scripts \
NetworkManager \
nfs-utils \
openssh-clients \
openssh-server \
Expand All @@ -28,10 +28,13 @@ RUN dnf update -y \
words \
&& dnf clean all

RUN rm -f /etc/sysconfig/network-scripts/ifcfg-e* \
&& systemctl unmask console-getty.service dev-hugepages.mount getty.target sys-fs-fuse-connections.mount systemd-logind.service systemd-remount-fs.service \
&& systemctl enable network \
&& touch /etc/sysconfig/disable-deprecation-warnings
RUN systemctl unmask \
console-getty.service \
dev-hugepages.mount \
getty.target \
sys-fs-fuse-connections.mount \
systemd-logind.service \
systemd-remount-fs.service

COPY excludes /etc/warewulf/
COPY container_exit.sh /etc/warewulf/
Expand Down
48 changes: 0 additions & 48 deletions rockylinux-8/Containerfile-8.6

This file was deleted.

48 changes: 0 additions & 48 deletions rockylinux-8/Containerfile-8.7

This file was deleted.

48 changes: 0 additions & 48 deletions rockylinux-8/Containerfile-8.8

This file was deleted.

48 changes: 0 additions & 48 deletions rockylinux-8/Containerfile-8.9

This file was deleted.

Original file line number Diff line number Diff line change
@@ -1,10 +1,8 @@
FROM docker.io/library/rockylinux:9.1
FROM docker.io/library/rockylinux:${releasever}

RUN rm -f /etc/yum.repos.d/*.repo \
RUN echo "${releasever}" >/etc/dnf/vars/releasever \
&& dnf clean all

COPY yum.repos.d-9.1/*.repo /etc/yum.repos.d

RUN dnf update -y \
&& dnf install -y --allowerasing \
coreutils \
Expand All @@ -18,35 +16,28 @@ RUN dnf update -y \
iproute \
kernel-core \
kernel-modules \
ncurses \
net-tools \
NetworkManager \
nfs-utils \
openssh-clients \
openssh-server \
pciutils \
policycoreutils-python-utils \
psmisc \
rsync \
rsyslog \
strace \
selinux-policy-targeted \
wget \
which \
words \
rdma-core \
&& dnf clean all

RUN touch /etc/sysconfig/disable-deprecation-warnings

# For SELinux enabled nodes:
# The wwclient service fails to start on boot if appropriate SELinux file
# context label is not set for /warewulf/wwclient.
# Permanently assign bin_t fcontent label for wwclient binary that is
# deployed by wwinit overlay because warewulf runs `restorecon -R /` on node
# boot, clobbering any existing labels set in the overlay itself.
#
RUN semanage fcontext -N -a -t bin_t /warewulf/wwclient
RUN systemctl unmask \
console-getty.service \
dev-hugepages.mount \
getty.target \
sys-fs-fuse-connections.mount \
systemd-logind.service \
systemd-remount-fs.service

COPY excludes /etc/warewulf/
COPY container_exit.sh /etc/warewulf/
Expand Down
Loading

0 comments on commit f8b122f

Please sign in to comment.