Revert the rebase to RHEL 8.6

ci/prow-build.sh

@@ -43,10 +43,12 @@ fi
 ocpver=$(rpm-ostree compose tree --print-only src/config/manifest.yaml | jq -r '.["mutate-os-release"]')
 ocpver_mut=$(rpm-ostree compose tree --print-only src/config/manifest.yaml | jq -r '.["mutate-os-release"]' | sed 's|\.|-|')
 prev_build_url=${REDIRECTOR_URL}/rhcos-${ocpver}/
-
-# Fetch RHEL 8.6 repos
-curl -L http://base-"${ocpver_mut}"-rhel86.ocp.svc.cluster.local > src/config/ocp.repo
-
+# we want to use RHEL 8.5 for testing until we can start using 8.6
+# see https://github.com/openshift/release/pull/26193
+curl -L http://base-"${ocpver_mut}"-rhel85.ocp.svc.cluster.local > src/config/ocp.repo
+# fetch the 8.6 appstream repo to enable building of extensions
+# see: https://github.com/openshift/os/issues/795
+curl -Ls http://base-"${ocpver_mut}"-rhel86.ocp.svc.cluster.local | grep -A 3 rhel-8-appstream | sed '1,3 s/rhel-8-appstream/rhel-86-appstream/g' >> src/config/ocp.repo
 cosa buildfetch --url=${prev_build_url}
 cosa fetch
 cosa build

extensions.yaml

@@ -57,6 +57,6 @@ extensions:
       enable:
         - virt:rhel
     repos:
-      - rhel-8-appstream
+      - rhel-86-appstream
     packages:
       - kata-containers

kola-denylist.yaml

@@ -27,3 +27,12 @@
   tracker: https://github.com/coreos/coreos-assembler/issues/2725
   arches:
   - ppc64le
+# Disable until we rebase back to RHEL 8.6
+- pattern: ext.config.shared.var-mount.scsi-id
+  tracker: https://github.com/openshift/os/issues/710
+  arches:
+  - s390x
+# Disable until we revert NM back to RHEL 8.6
+- pattern: ext.config.shared.networking.default-network-behavior-change
+  tracker: https://bugzilla.redhat.com/show_bug.cgi?id=2077605
+  snooze: 2022-05-05

manifest.yaml

@@ -7,12 +7,13 @@ rojig:
 include:
   - fedora-coreos-config/manifests/ignition-and-ostree.yaml
   - fedora-coreos-config/manifests/file-transfer.yaml
-  - fedora-coreos-config/manifests/networking-tools.yaml
+  # - fedora-coreos-config/manifests/networking-tools.yaml
   - fedora-coreos-config/manifests/system-configuration.yaml
   - fedora-coreos-config/manifests/user-experience.yaml
   - fedora-coreos-config/manifests/shared-workarounds.yaml
   # RHCOS owned packages
   - rhcos-packages.yaml
+  - networking-tools.yaml
 
 ostree-layers:
   - overlay/01fcos
@@ -23,7 +24,7 @@ ostree-layers:
   - overlay/15rhcos-tuned-bits
   - overlay/20platform-chrony
   - overlay/21dhcp-chrony
-  - overlay/25rhcos-azure-udev
+  - overlay/25rhcos-azure-udev-rules
 
 arch-include:
   x86_64:
@@ -46,7 +47,7 @@ repos:
 rpmdb: bdb
 
 # We include hours/minutes to avoid version number reuse
-automatic-version-prefix: "411.86.<date:%Y%m%d%H%M>"
+automatic-version-prefix: "411.85.<date:%Y%m%d%H%M>"
 # This ensures we're semver-compatible which OpenShift wants
 automatic-version-suffix: "-"
 # Keep this is sync with the version in postprocess
@@ -155,20 +156,17 @@ postprocess:
      OSTREE_VERSION="${OSTREE_VERSION}"
      EOF
      )
-     rm -f /etc/os-release
-     ln -s ../usr/lib/os-release /etc/os-release
 
      # Tweak /etc/system-release, /etc/system-release-cpe & /etc/redhat-release
      (
      . /etc/os-release
-     cat > /usr/lib/system-release-cpe <<EOF
+     cat > /etc/system-release-cpe <<EOF
      ${CPE_NAME}
      EOF
-     cat > /usr/lib/system-release <<EOF
+     cat > /usr/lib/redhat-release <<EOF
      ${NAME} release ${VERSION_ID}
      EOF
-     rm -f /etc/system-release-cpe /etc/system-release /etc/redhat-release
-     ln -s /usr/lib/system-release-cpe /etc/system-release-cpe
+     rm -f /etc/system-release /etc/redhat-release
      ln -s /usr/lib/system-release /etc/system-release
      ln -s /usr/lib/system-release /etc/redhat-release
      )
@@ -355,24 +353,32 @@ repo-packages:
       - nss-altfiles
   - repo: rhel-8-server-ose
     packages:
-      # Starting with 4.11, we are working with the Containers team to build
-      # certain container-tools RPMs in the RHAOS branches for RHCOS + RHEL
-      # worker nodes.
-      - conmon
+      # eventually, we want the one from the container-tools module, but we're
+      # not there yet
+      - toolbox
+      # These are the only container stack packages we don't get from modularity
+      # nor from base RHEL for various reasons. See:
+      # https://github.com/openshift/os/pull/681#issuecomment-1022443830
+      #
+      # newer than what is included in RHEL 8.4.Z EUS, but addresses some BZs
+      # that customers were encountering
       - container-selinux
-      - containernetworking-plugins
-      - containers-common
-      - criu
+      # newer than what is included in RHEL 8.4.Z EUS, because the k8s folks
+      # wanted to start testing with 1.x versions of crun
       - crun
-      - fuse-overlayfs
-      - podman
+      # slightly newer than what is included in RHEL 8.4.Z EUS, because we had
+      # previously shipped a newer version in OCP/RHCOS 4.9 and had to preserve
+      # the upgrade path
       - runc
+      # Need an updated skopeo for https://github.com/containers/skopeo/pull/1476
+      # for coreos layering work
+      - containers-common
       - skopeo
-      - slirp4netns
-      - toolbox
 
 modules:
   enable:
+    # podman stack; see https://github.com/openshift/os/pull/681#issuecomment-1022443830
+    - container-tools:rhel8
     # qemu-guest-agent
     - virt:rhel
 

networking-tools.yaml

@@ -0,0 +1,16 @@
+# This defines a set of tools that are useful for configuring, debugging,
+# or manipulating the network of a system.  It is desired to keep this list
+# generic enough to be shared downstream with RHCOS.
+
+packages:
+  # Standard tools for configuring network/hostname
+  - hostname
+  # Teaming https://github.com/coreos/fedora-coreos-config/pull/289 
+  # and http://bugzilla.redhat.com/1758162
+  - teamd
+  # Route manipulation and QoS
+  - iproute iproute-tc
+  # Firewall manipulation
+  - iptables nftables
+  # Interactive network tools for admins
+  - socat net-tools bind-utils

overlay.d/25rhcos-azure-udev-rules/statoverride

@@ -0,0 +1,2 @@
+# Config file for overriding permission bits on overlay files/dirs
+# Format: =<file mode in decimal> <absolute path to a file or directory>

overlay.d/25rhcos-azure-udev-rules/usr/lib/udev/rules.d/66-azure-storage.rules

@@ -0,0 +1,28 @@
+ACTION=="add|change", SUBSYSTEM=="block", ENV{ID_VENDOR}=="Msft", ENV{ID_MODEL}=="Virtual_Disk", GOTO="azure_disk"
+GOTO="azure_end"
+
+LABEL="azure_disk"
+# Root has a GUID of 0000 as the second value
+# The resource/resource has GUID of 0001 as the second value
+ATTRS{device_id}=="?00000000-0000-*", ENV{fabric_name}="root", GOTO="azure_names"
+ATTRS{device_id}=="?00000000-0001-*", ENV{fabric_name}="resource", GOTO="azure_names"
+ATTRS{device_id}=="?00000001-0001-*", ENV{fabric_name}="BEK", GOTO="azure_names"
+# Wellknown SCSI controllers
+ATTRS{device_id}=="{f8b3781a-1e82-4818-a1c3-63d806ec15bb}", ENV{fabric_scsi_controller}="scsi0", GOTO="azure_datadisk"
+ATTRS{device_id}=="{f8b3781b-1e82-4818-a1c3-63d806ec15bb}", ENV{fabric_scsi_controller}="scsi1", GOTO="azure_datadisk"
+ATTRS{device_id}=="{f8b3781c-1e82-4818-a1c3-63d806ec15bb}", ENV{fabric_scsi_controller}="scsi2", GOTO="azure_datadisk"
+ATTRS{device_id}=="{f8b3781d-1e82-4818-a1c3-63d806ec15bb}", ENV{fabric_scsi_controller}="scsi3", GOTO="azure_datadisk"
+GOTO="azure_end"
+
+# Retrieve LUN number for datadisks
+LABEL="azure_datadisk"
+ENV{DEVTYPE}=="partition", PROGRAM="/bin/sh -c 'readlink /sys/class/block/%k/../device|cut -d: -f4'", ENV{fabric_name}="$env{fabric_scsi_controller}/lun$result", GOTO="azure_names"
+PROGRAM="/bin/sh -c 'readlink /sys/class/block/%k/device|cut -d: -f4'", ENV{fabric_name}="$env{fabric_scsi_controller}/lun$result", GOTO="azure_names"
+GOTO="azure_end"
+
+# Create the symlinks
+LABEL="azure_names"
+ENV{DEVTYPE}=="disk", SYMLINK+="disk/azure/$env{fabric_name}"
+ENV{DEVTYPE}=="partition", SYMLINK+="disk/azure/$env{fabric_name}-part%n"
+
+LABEL="azure_end"

overlay.d/25rhcos-azure-udev-rules/usr/lib/udev/rules.d/99-azure-product-uuid.rules

@@ -0,0 +1,9 @@
+SUBSYSTEM!="dmi", GOTO="product_uuid-exit"
+ATTR{sys_vendor}!="Microsoft Corporation", GOTO="product_uuid-exit"
+ATTR{product_name}!="Virtual Machine", GOTO="product_uuid-exit"
+TEST!="/sys/devices/virtual/dmi/id/product_uuid", GOTO="product_uuid-exit"
+
+RUN+="/bin/chmod 0444 /sys/devices/virtual/dmi/id/product_uuid"
+
+LABEL="product_uuid-exit"
+

overlay.d/README.md

@@ -38,10 +38,11 @@ and handling in 20-chrony and chrony-helper using the defaults
 lands in downstream packages. See upstream thread:
 https://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-dev/2020/05/msg00022.html
 
-25rhcos-azure-udev
--------------
-
-We want to provide Azure udev rules as part of the initrd, so that Ignition
-is able to detect disks and act on them. The WALinuxAgent-udev has been
-changed to install udev rules into the initramfs, but that change isn't
-in el8 yet. This can be dropped when moving to el9.
+25rhcos-azure-udev-rules
+------------------------
+
+Ships udev rules for Azure. This works in tandem with the
+`25coreos-azure-udev` dracut module in 05core which ships
+them in the initramfs. In the future, we should be able to
+drop this overlay and instead ship `WALinuxAgent-udev` as we
+do in FCOS (https://bugzilla.redhat.com/show_bug.cgi?id=1913074).