feat: build rocky linux 9.1 images

[supershal]

What problem does this PR solve?:

• E2E tests for rocky linux 9.1

Which issue(s) does this PR fix?:

• https://d2iq.atlassian.net/browse/D2IQ-94873

Special notes for your reviewer:

We had disabled yum version lock for RHEL 8 because of dependency errors with already installed packets.
https://github.com/mesosphere/konvoy-image-builder/blob/main/ansible/roles/setup_versionlock/tasks/redhat.yaml#L2-L5
We had fixed this issue by not upgrading already installed packages.
We will need to revisit this logic for RHEL 8 and see if we can add back this version lock for RHEL 8.
I will test and file separate PR for this.

Does this PR introduce a user-facing change?:

[supershal]

yum versionlock commands try to download repo metadata from internet. Adding logic for preventing yum from updating repo metadata when using yum versionlock in air-gapped installations for "RHEL" ansible distributions.

[dkoshkin]

Wow so that means the rockylinux already comes wit Containerd installed? 🤔

[dkoshkin]

Discussed offline, the behavior for RockyLinux is different from CentoOS/RHEL yum and it tries to reach other repos when running yum versionlock.
But this is a good generic change that will prevent this bug in future RHEL releases too.

[github-actions]

File	Coverage
All files	14%	❌
cmd/konvoy-image-wrapper/cmd/wrapper.go	8%	❌
cmd/konvoy-image-wrapper/image/common.go	0%	❌
cmd/konvoy-image-wrapper/image/image_not_embedded.go	0%	❌
pkg/ansible/runner.go	0%	❌
pkg/app/artifacts.go	0%	❌
pkg/app/build.go	0%	❌
pkg/app/build_azure.go	2%	❌
pkg/app/build_gcp.go	0%	❌
pkg/app/config.go	50%	❌
pkg/app/errors.go	0%	❌
pkg/app/provision.go	0%	❌
pkg/app/root.go	0%	❌
pkg/app/utils.go	7%	❌
pkg/app/validate.go	0%	❌
pkg/appansible/io.go	0%	❌
pkg/appansible/playbook.go	0%	❌
pkg/azure/azure.go	0%	❌
pkg/logging/logger.go	0%	❌
pkg/packer/manifest.go	0%	❌
pkg/packer/packer.go	0%	❌
pkg/stringutil/rand.go	0%	❌
pkg/version/info.go	8%	❌

Minimum allowed coverage is 75%

Generated by 🐒 cobertura-action against cc4575c

[faiq]

should we not do these any more?

[supershal]

I am keeping it in sync with other related targets for other OS. We can remove all related target at once when we deprecate them in separate PR.

[supershal]

This is ID for the official free rocky linux image template. https://portal.azure.com/#view/Microsoft_Azure_Marketplace/GalleryItemDetailsBladeNopdl/id/erockyenterprisesoftwarefoundationinc1653071250513.rockylinux-9

[dkoshkin]

🤮

[supershal]

Created TC configurations for building Rockylinux release AMI (fips, non-fips) , Azure image (non-fips)

[dkoshkin]

Wow so that means the rockylinux already comes wit Containerd installed? 🤔

[dkoshkin]

🤮

[dkoshkin]

Did we build FIPS offline packages? I do't think RockyLinux supports the correct 140-2 FIPS version only https://rockylinux.org/news/certifications-fips-2022-06-11/ 140-3.

[supershal]

FIPS offline packages for rocky. Link
I have still not run any FIPS validation tests

[supershal]

Azure plan information needed to use marketplace image.
Packer throwing following error when plan information was not provided.
Creating a virtual machine from Marketplace image or a custom image sourced from a Marketplace image requires Plan information in the request . TC log link

[dkoshkin]

This thread has lots of useful information https://forums.rockylinux.org/t/azure-rocky-image-on-marketplace/5230/46

[supershal]

Thank you for looking it up

[faiq]

wow good find.

[supershal]

RHEL 8.6 NVIDIA tests are failing because kernel header rpm version 4.18.0-372.41.1.el8_6.x86_64 is not available yet. To unblock further work on rockylinux, I plan to merge this PR now.