From 251c1e95888d838eef536b61706cad6f8e1b912f Mon Sep 17 00:00:00 2001 From: Prashanth684 Date: Thu, 27 Feb 2025 08:05:17 -0800 Subject: [PATCH 1/2] ci/get-ocp-repo.sh: Fixes for scos to accomodate building images in CI - For scos, we need the rhel-9.x-server-ose repo to get the Openshift releated binaries (kubelet, oc..) - Append the c9s.repo so the packages for the rest of the images come from the CentOS Stream repos. - Install centos stream packages so GPG keys are available when accessing the CentOS Stream repos --- Containerfile | 1 + ci/get-ocp-repo.sh | 69 +++++++++++++++++++++++++++++++++++++++++-- extensions/Dockerfile | 10 +------ 3 files changed, 68 insertions(+), 12 deletions(-) diff --git a/Containerfile b/Containerfile index cf5004be1..af6b1c0dc 100644 --- a/Containerfile +++ b/Containerfile @@ -35,5 +35,6 @@ RUN --mount=type=bind,target=/run/src --mount=type=secret,id=yumrepos,target=/et find /usr -name '*.pyc' -exec mv {} {}.bak \; && \ if [ "${OPENSHIFT_CI}" != 0 ]; then /run/src/ci/get-ocp-repo.sh --ocp-layer /run/src/packages-openshift.yaml --output-dir /etc/yum.repos.d; fi && \ /run/src/scripts/apply-manifest /run/src/packages-openshift.yaml && \ + if [ "${OPENSHIFT_CI}" != 0 ]; then /run/src/ci/get-ocp-repo.sh --output-dir /etc/yum.repos.d --cleanup; fi && \ find /usr -name '*.pyc.bak' -exec sh -c 'mv $1 ${1%.bak}' _ {} \; && \ ostree container commit diff --git a/ci/get-ocp-repo.sh b/ci/get-ocp-repo.sh index 2c41eefce..e50b391fe 100755 --- a/ci/get-ocp-repo.sh +++ b/ci/get-ocp-repo.sh @@ -29,11 +29,50 @@ info() { echo "INFO:" "$@" >&2 } +cleanup_repos() { + # if we had installed the packages and created symlinks, remove it + if rpm -q centos-release-cloud; then + dnf remove -y centos-release-{cloud,nfv,virt}-common + find "/usr/share/distribution-gpg-keys/centos" -type l -exec rm -f {} \; + echo "Removed all symbolic links and packages installed for scos" + fi + # remove ocp.repo file + if [ -n "$ocp_manifest" ]; then + if [ -z "$output_dir" ]; then + output_dir=$(dirname "$ocp_manifest") + fi + else + if [ -z "$output_dir" ]; then + output_dir="$cosa_workdir/src/config" + fi + fi + rm "$output_dir/ocp.repo" + echo "Removed repo file $output_dir/ocp.repo" +} + +create_gpg_keys() { + # Check if centos-stream-release is installed and centos-release-cloud is not + if rpm -q centos-stream-release && ! rpm -q centos-release-cloud; then + dnf install -y centos-release-{cloud,nfv,virt}-common + fi + + # Create directory for CentOS distribution GPG keys + mkdir -p /usr/share/distribution-gpg-keys/centos + # Create symbolic links for GPG keys + if [ ! -e "/usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official" ]; then + ln -s /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial /usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official + ln -s {/etc/pki/rpm-gpg,/usr/share/distribution-gpg-keys/centos}/RPM-GPG-KEY-CentOS-SIG-Cloud + ln -s {/etc/pki/rpm-gpg,/usr/share/distribution-gpg-keys/centos}/RPM-GPG-KEY-CentOS-SIG-Extras-SHA512 + ln -s {/etc/pki/rpm-gpg,/usr/share/distribution-gpg-keys/centos}/RPM-GPG-KEY-CentOS-SIG-NFV + ln -s {/etc/pki/rpm-gpg,/usr/share/distribution-gpg-keys/centos}/RPM-GPG-KEY-CentOS-SIG-Virtualization + fi +} + cosa_workdir= ocp_manifest= output_dir= rc=0 -options=$(getopt --options h --longoptions help,cosa-workdir:,ocp-layer:,output-dir: -- "$@") || rc=$? +options=$(getopt --options h --longoptions help,cosa-workdir:,ocp-layer:,output-dir:,cleanup,create-gpg-keys -- "$@") || rc=$? [ $rc -eq 0 ] || print_usage_and_exit eval set -- "$options" while [ $# -ne 0 ]; do @@ -42,6 +81,8 @@ while [ $# -ne 0 ]; do --cosa-workdir) cosa_workdir=$2; shift;; --ocp-layer) ocp_manifest=$2; shift;; --output-dir) output_dir=$2; shift;; + --cleanup) cleanup_repos; exit 0;; + --create-gpg-keys) create_gpg_keys; exit 0;; --) break;; *) echo "$0: invalid argument: $1" >&2; exit 1;; esac @@ -50,8 +91,6 @@ done if [ -n "$ocp_manifest" ]; then # --ocp-layer path - rhel_version=$(source /usr/lib/os-release; echo ${VERSION_ID//./}) - info "Got RHEL version $rhel_version from /usr/lib/os-release" ocp_version=$(rpm-ostree compose tree --print-only "$ocp_manifest" | jq -r '.metadata.ocp_version') ocp_version=${ocp_version//./-} info "Got OpenShift version $ocp_version from $ocp_manifest" @@ -61,6 +100,21 @@ if [ -n "$ocp_manifest" ]; then if [ -z "$output_dir" ]; then output_dir=$(dirname "$ocp_manifest") fi + + # get rhel version corresponding to the release so we can get the + # correct OpenShift rpms from those for scos. These packages are not + # available in CentOS Stream + if [ "$osname" = scos ]; then + workdir=$(dirname "$ocp_manifest") + manifest="$workdir/manifest.yaml" + json=$(rpm-ostree compose tree --print-only "$manifest") + version=$(jq -r '.["automatic-version-prefix"]' <<< "$json") + rhel_version=$(cut -f2 -d. <<< "$version") + info "Got RHEL version $rhel_version from rhel manifest for scos" + else + rhel_version=$(source /usr/lib/os-release; echo ${VERSION_ID//./}) + info "Got RHEL version $rhel_version from /usr/lib/os-release" + fi else [ -n "$cosa_workdir" ] # --cosa-workdir path @@ -132,7 +186,16 @@ fi if [ "$osname" = scos ]; then info "Neutering RHEL repos for SCOS" awk '/server-ose/,/^$/' "$repo_path" > "$repo_path.tmp" + # only pull in certain Openshift packages as the rest come from the c9s repo + sed -i '/^baseurl = /a includepkgs=openshift-* ose-aws-ecr-* ose-azure-acr-* ose-gcp-gcr-*' "$repo_path.tmp" + # add the contents of the CentOS Stream repo + workdir="$cosa_workdir/src/config" + if [ -n "$ocp_manifest" ]; then + workdir=$(dirname "$ocp_manifest") + fi + cat "$workdir/c9s.repo" >> "$repo_path.tmp" mv "$repo_path.tmp" "$repo_path" + create_gpg_keys fi cat "$repo_path" diff --git a/extensions/Dockerfile b/extensions/Dockerfile index ec870a643..6d3168deb 100644 --- a/extensions/Dockerfile +++ b/extensions/Dockerfile @@ -8,15 +8,7 @@ WORKDIR /os ADD . . ARG COSA ARG VARIANT -RUN if [[ -z "$COSA" ]] ; then ci/get-ocp-repo.sh --ocp-layer packages-openshift.yaml; fi -# on SCOS, we need to add the GPG keys of the various SIGs we need -RUN if rpm -q centos-stream-release && ! rpm -q centos-release-cloud; then dnf install -y centos-release-{cloud,nfv,virt}-common; fi -RUN mkdir -p /usr/share/distribution-gpg-keys/centos -RUN ln -s /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial /usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official -RUN ln -s {/etc/pki/rpm-gpg,/usr/share/distribution-gpg-keys/centos}/RPM-GPG-KEY-CentOS-SIG-Cloud -RUN ln -s {/etc/pki/rpm-gpg,/usr/share/distribution-gpg-keys/centos}/RPM-GPG-KEY-CentOS-SIG-Extras-SHA512 -RUN ln -s {/etc/pki/rpm-gpg,/usr/share/distribution-gpg-keys/centos}/RPM-GPG-KEY-CentOS-SIG-NFV -RUN ln -s {/etc/pki/rpm-gpg,/usr/share/distribution-gpg-keys/centos}/RPM-GPG-KEY-CentOS-SIG-Virtualization +RUN if [[ -z "$COSA" ]] ; then ci/get-ocp-repo.sh --ocp-layer packages-openshift.yaml; else ci/get-ocp-repo.sh --create-gpg-keys; fi RUN if [[ -n "${VARIANT}" ]]; then MANIFEST="manifest-${VARIANT}.yaml"; EXTENSIONS="extensions-${VARIANT}.yaml"; else MANIFEST="manifest.yaml"; EXTENSIONS="extensions.yaml"; fi && rpm-ostree compose extensions --rootfs=/ --output-dir=/usr/share/rpm-ostree/extensions/ ./"${MANIFEST}" ./"${EXTENSIONS}" ## Creates the repo metadata for the extensions. From 8e3900219c7aa9da73a68151c404382857901603 Mon Sep 17 00:00:00 2001 From: Prashanth684 Date: Wed, 5 Mar 2025 08:51:02 -0800 Subject: [PATCH 2/2] packages-openshift: fix the disabling of repo files that are mountpoints --- packages-openshift.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages-openshift.yaml b/packages-openshift.yaml index 6ede94add..a7c9f5265 100644 --- a/packages-openshift.yaml +++ b/packages-openshift.yaml @@ -33,7 +33,7 @@ postprocess: for x in $(find /etc/yum.repos.d/ -name '*.repo'); do # ignore repo files that are mountpoints since they're likely secrets if ! mountpoint "$x"; then - sed -i -e s,enabled=1,enabled=0, $x + sed -i -e 's/enabled\s*=\s*1/enabled=0/g' $x fi done