diff --git a/packaging/imagemode/Containerfile.repobase b/packaging/imagemode/Containerfile.repobase new file mode 100644 index 0000000000..0d7738bf47 --- /dev/null +++ b/packaging/imagemode/Containerfile.repobase @@ -0,0 +1,18 @@ +ARG BASE_IMAGE_URL +ARG BASE_IMAGE_TAG +FROM ${BASE_IMAGE_URL}:${BASE_IMAGE_TAG} + +RUN dnf upgrade -y && \ + dnf install -y firewalld microshift && \ + systemctl enable microshift && \ + dnf clean all + +# Mandatory firewall configuration +RUN firewall-offline-cmd --zone=public --add-port=22/tcp && \ + firewall-offline-cmd --zone=trusted --add-source=10.42.0.0/16 && \ + firewall-offline-cmd --zone=trusted --add-source=169.254.169.1 + +# Create a systemd unit to recursively make the root filesystem subtree +# shared as required by OVN images +COPY ./systemd/microshift-make-rshared.service /etc/systemd/system/microshift-make-rshared.service +RUN systemctl enable microshift-make-rshared.service diff --git a/packaging/imagemode/Containerfile.repourl b/packaging/imagemode/Containerfile.repourl new file mode 100644 index 0000000000..8867d60951 --- /dev/null +++ b/packaging/imagemode/Containerfile.repourl @@ -0,0 +1,41 @@ +ARG BASE_IMAGE_URL +ARG BASE_IMAGE_TAG +FROM ${BASE_IMAGE_URL}:${BASE_IMAGE_TAG} + +ARG USHIFT_VER +ARG USHIFT_URL +ARG OCPDEP_URL +ARG USHIFT_REPO="microshift-${USHIFT_VER}-repository" +ARG OCPDEP_REPO="openshift-${USHIFT_VER}-dependencies" + +RUN cat > "/etc/yum.repos.d/${USHIFT_REPO}.repo" < "/etc/yum.repos.d/${OCPDEP_REPO}.repo" < | run | clean]" + @echo " rhocp: build a MicroShift bootc image using 'rhocp' repository packages" + @echo " with versions specified as 'USHIFT_VER=value'" + @echo " repourl: build a MicroShift bootc image using custom repository URLs" + @echo " specified as 'USHIFT_URL=value' and 'OCPDEP_URL=value'" + @echo " repobase: build a MicroShift bootc image using preconfigured repositories" + @echo " from the base image specified as 'BASE_IMAGE_URL=value' and" + @echo " 'BASE_IMAGE_TAG=value'. The produced image version should also" + @echo " be provided as 'IMAGE_VER=value' in this case." + @echo " : build a MicroShift bootc image of a specific version from the" + @echo " available predefined configurations listed below" + @echo " run: run the 'localhost/microshift-\$${IMAGE_VER}' bootc image version" + @echo " specified as 'IMAGE_VER=value'" + @echo " stop: stop all running 'microshift-*' containers" + @echo " clean: delete all 'localhost/microshift-*' container images" + @echo "" + @echo "Available build versions:" + @$(MAKE) -qp | awk -F':' '/^4.[^\t]*:([^=]|$$)/ {print " " $$1}' | sort -u + +.PHONY: rhocp +rhocp: +ifndef USHIFT_VER + $(error Run 'make rhocp USHIFT_VER=value') +endif + IMAGE_VER=$$(sudo dnf repoquery microshift \ + --quiet \ + --queryformat '%{version}' \ + --repo "rhocp-${USHIFT_VER}-for-rhel-9-$$(uname -m)-rpms" \ + --latest-limit 1) ; \ + IMAGE_NAME="microshift-$${IMAGE_VER}" ; \ + sudo podman build \ + --no-cache \ + --authfile "${PULL_SECRET}" \ + --build-arg BASE_IMAGE_URL=${BASE_IMAGE_URL} \ + --build-arg BASE_IMAGE_TAG=${BASE_IMAGE_TAG} \ + --build-arg USHIFT_VER=$${USHIFT_VER} \ + -t "$${IMAGE_NAME}" \ + -f Containerfile.rhocp + +.PHONY: repourl +repourl: +ifndef USHIFT_URL + $(error Run 'make repourl USHIFT_URL=value OCPDEP_URL=value') +endif +ifndef OCPDEP_URL + $(error Run 'make repourl USHIFT_URL=value OCPDEP_URL=value') +endif + IMAGE_VER=$$(sudo dnf repoquery microshift \ + --quiet \ + --queryformat '%{version}' \ + --disablerepo '*' \ + --repofrompath "this,${USHIFT_URL}" \ + --latest-limit 1 | sed 's/~/-/g') ; \ + IMAGE_NAME="microshift-$${IMAGE_VER}" ; \ + sudo podman build \ + --no-cache \ + --authfile "${PULL_SECRET}" \ + --build-arg BASE_IMAGE_URL=${BASE_IMAGE_URL} \ + --build-arg BASE_IMAGE_TAG=${BASE_IMAGE_TAG} \ + --build-arg USHIFT_VER=$${IMAGE_VER} \ + --build-arg USHIFT_URL=$${USHIFT_URL} \ + --build-arg OCPDEP_URL=$${OCPDEP_URL} \ + -t "$${IMAGE_NAME}" \ + -f Containerfile.repourl + +.PHONY: repobase +repobase: +ifndef BASE_IMAGE_URL + $(error Run 'make repobase BASE_IMAGE_URL=value BASE_IMAGE_TAG=value IMAGE_VER=value') +endif +ifndef BASE_IMAGE_TAG + $(error Run 'make repobase BASE_IMAGE_URL=value BASE_IMAGE_TAG=value IMAGE_VER=value') +endif +ifndef IMAGE_VER + $(error Run 'make repobase BASE_IMAGE_URL=value BASE_IMAGE_TAG=value IMAGE_VER=value') +endif + IMAGE_NAME="microshift-$${IMAGE_VER}" ; \ + sudo podman build \ + --no-cache \ + --authfile "${PULL_SECRET}" \ + --build-arg BASE_IMAGE_URL=${BASE_IMAGE_URL} \ + --build-arg BASE_IMAGE_TAG=${BASE_IMAGE_TAG} \ + -t "$${IMAGE_NAME}" \ + -f Containerfile.repobase + +.PHONY: run +run: +ifndef IMAGE_VER + $(error Run 'make run IMAGE_VER=value') +endif + IMAGE_NAME="microshift-${IMAGE_VER}" ; \ + sudo modprobe openvswitch ; \ + CONT_ID=$$(sudo podman run --rm -d --privileged \ + -v "${PULL_SECRET}":/etc/crio/openshift-pull-secret:ro \ + -v /var/lib/containers/storage:/var/lib/containers/storage \ + --replace \ + --name "$${IMAGE_NAME}" \ + "localhost/$${IMAGE_NAME}") ; \ + echo "sudo podman exec -it $${CONT_ID} bash" + +.PHONY: stop +stop: + CONT_IDS=$$(sudo podman ps --format "{{.Names}}" | grep '^microshift-' || true) ; \ + if [ -n "$${CONT_IDS}" ] ; then sudo podman stop $${CONT_IDS} ; fi + +.PHONY: clean +clean: + IMAGES=$$(sudo podman images --format "{{.Repository}}" | grep ^localhost/microshift- || true) ; \ + if [ -n "$${IMAGES}" ] ; then sudo podman rmi -f $${IMAGES} ; fi + +# +# Predefined container image builds +# +.PHONY: 4.16-el94 +4.16-el94: + @$(MAKE) rhocp USHIFT_VER=4.16 + +.PHONY: 4.17-rc-el94 +4.17-rc-el94: + @$(MAKE) repourl \ + USHIFT_URL=https://mirror.openshift.com/pub/openshift-v4/$$(uname -m)/microshift/ocp/latest-4.17/el9/os/ \ + OCPDEP_URL=https://mirror.openshift.com/pub/openshift-v4/$$(uname -m)/dependencies/rpms/4.17-el9-beta/ + +.PHONY: 4.18-ec-el94 +4.18-ec-el94: + @$(MAKE) repourl \ + USHIFT_URL=https://mirror.openshift.com/pub/openshift-v4/$$(uname -m)/microshift/ocp-dev-preview/latest-4.18/el9/os/ \ + OCPDEP_URL=https://mirror.openshift.com/pub/openshift-v4/$$(uname -m)/dependencies/rpms/4.18-el9-beta/ + +# +# ISO builds are named 'microshift-' (the '.iso' suffix is part of +# the make target name) and stored at the ${BIB_OUTBASE} directory. +# Each build uses 'localhost/microshift-' container image as input. +# +# BIB_IMAGE_URL ?= registry.redhat.io/rhel9/bootc-image-builder +# BIB_IMAGE_TAG ?= latest +# BIB_OUTBASE ?= $(HOME)/imagemode +# .PHONY: 4.16-el94.iso +# 4.16-el94.iso: 4.16-el94 +# IMAGE_NAME="microshift-$$(echo $@ | sed 's/\.iso$$//')" ; \ +# ISO_FNAME="microshift-$@" ; \ +# BIB_OUTDIR="${BIB_OUTBASE}/$@" ; \ +# sudo podman pull \ +# --authfile "${PULL_SECRET}" \ +# "${BIB_IMAGE_URL}:${BIB_IMAGE_TAG}" && \ +# sudo mkdir -p "$${BIB_OUTDIR}" && \ +# sudo podman run \ +# --rm -i --privileged \ +# --pull=never \ +# --security-opt "label=type:unconfined_t" \ +# -v "$${BIB_OUTDIR}:/output" \ +# -v "/var/lib/containers/storage:/var/lib/containers/storage" \ +# "${BIB_IMAGE_URL}:${BIB_IMAGE_TAG}" \ +# --type anaconda-iso \ +# --local \ +# "localhost/$${IMAGE_NAME_URL}" && \ +# sudo mv -f "$${BIB_OUTDIR}/bootiso/install.iso" "${BIB_OUTBASE}/$${ISO_FNAME}" diff --git a/packaging/imagemode/README.md b/packaging/imagemode/README.md new file mode 100644 index 0000000000..3c0504eb0c --- /dev/null +++ b/packaging/imagemode/README.md @@ -0,0 +1,329 @@ +# Image Mode Container Build Tools + +Image mode container build tools are implemented in the `microshift/packaging/imagemode` +directory using `make` rules. Run the following command to see the available options. + +```bash +$ cd packaging/imagemode +$ make +make [rhocp | repourl | repobase | | run | clean] + rhocp: build a MicroShift bootc image using 'rhocp' repository packages + with versions specified as 'USHIFT_VER=value' + repourl: build a MicroShift bootc image using custom repository URLs + specified as 'USHIFT_URL=value' and 'OCPDEP_URL=value' + repobase: build a MicroShift bootc image using preconfigured repositories + from the base image specified as 'BASE_IMAGE_URL=value' and + 'BASE_IMAGE_TAG=value'. The produced image version should also + be provided as 'IMAGE_VER=value' in this case. + : build a MicroShift bootc image of a specific version from the + available predefined configurations listed below + run: run the 'localhost/microshift-${IMAGE_VER}' bootc image version + specified as 'IMAGE_VER=value' + stop: stop all running 'microshift-*' containers + clean: delete all 'localhost/microshift-*' container images + +Available build versions: + 4.16-el94 + 4.17-rc-el94 + 4.18-ec-el94 +``` + +## Build Image Mode Containers + +Log into the `RHEL 9.4 host` using the user credentials that have SUDO permissions +configured. + +The `rhocp`, `repourl` and `repobase` targets can be used for building `bootc` +container images. + +### Build from `rhocp` Repository + +The `rhocp` target allows for building `bootc` container images that include MicroShift +packages from the `rhocp--for-rhel-9-$(uname -m)-rpms` repository. + +The target requires the `USHIFT_VER=value` argument, which defines the version +of the `rhocp` repository to be used when building the image. + +For example, run the following command to build an image including the latest +released MicroShift 4.16 version. + +```bash +make rhocp USHIFT_VER=4.16 +``` + +The resulting image will be named `microshift-4.16.z` where `z` is the latest +available MicroShift package version in the repository. + +```bash +$ sudo podman images --format "{{.Repository}}" | grep ^localhost/microshift-4.16 +localhost/microshift-4.16.8 +``` + +### Build from Custom URL Repository + +The `repourl` target allows for building `bootc` container images that include +MicroShift packages from custom repositories defined by URLs specified in the +command line. + +The target requires the `USHIFT_URL=value` and `OCPDEP_URL=value` arguments +which define the URL of repositories containing MicroShift RPM packages and +OpenShift dependency RPM packages. + +For example, run the following command to build an image including the MicroShift +4.17 Release Candidate version from `mirror.openshift.com` site. + +```bash +BASE_URL="https://mirror.openshift.com/pub/openshift-v4" +make repourl \ + USHIFT_URL="${BASE_URL}/$(uname -m)/microshift/ocp/latest-4.17/el9/os/" \ + OCPDEP_URL="${BASE_URL}/$(uname -m)/dependencies/rpms/4.17-el9-beta/" +``` + +The resulting image will be named `microshift-4.17.z` where `z` is the latest +available MicroShift package version in the repository. + +```bash +$ sudo podman images --format "{{.Repository}}" | grep ^localhost/microshift-4.17 +localhost/microshift-4.17.0-rc.0 +``` + +### Build from Custom Base Image Repository + +The `repobase` target allows for building `bootc` container images that include +MicroShift packages from custom repositories defined in the base image specified +in the command line. + +The target requires the `BASE_IMAGE_URL=value`, `BASE_IMAGE_TAG=value` and `IMAGE_VER=value` +arguments, which define the base image URL, tag and the version of the produced +local MicroShift `bootc` container image (i.e. `microshift-${IMAGE_VER}`). All +the required RPM repository configuration is assumed to be part of the base image. + +For example, run the following command to build an image using the local MicroShift +4.16 image with `rhocp` repositories built in the previous step. + +> This example is superficial for the sake of simplicity. The typical use of the +> `repobase` target would be to decouple the repository configuration and MicroShift +> image build steps. + +```bash +BASE_IMAGE_URL="localhost/microshift-4.16.9" +BASE_IMAGE_TAG="latest" +IMAGE_VER="4.16.9-update" + +make repobase \ + BASE_IMAGE_URL="${BASE_IMAGE_URL}" \ + BASE_IMAGE_TAG="${BASE_IMAGE_TAG}" \ + IMAGE_VER="${IMAGE_VER}" +``` + +The resulting image will be named `microshift-4.16.9-update` as defined by the +`IMAGE_VER` argument. + +```bash +$ sudo podman images --format "{{.Repository}}" | grep ^localhost/microshift-"${IMAGE_VER}" +localhost/microshift-4.16.9-update +``` + +### Predefined Build Targets + +Run the following command to see the list of predefined build targets for selected +MicroShift versions and configurations. + +```bash +$ make | grep -A10 'Available build versions' +Available build versions: + 4.16-el94 + 4.17-rc-el94 + 4.18-ec-el94 +``` + +These builds use `rhocp` and `repourl` targets with hardcoded parameters to simplify +`make` command invocation. + +For example, run the following command to build an image including the MicroShift +4.17 Release Candidate version from `mirror.openshift.com` site. + +```bash +make 4.17-rc-el94 +``` + +### Override Build Variables + +The following container build parameters can be used to override some of the +default values used in `Containerfile` for `rhocp` and `repourl` targets. + +| Parameter Name | Default Value | Comment | +|----------------|---------------|---------| +| PULL_SECRET | `~/.pull-secret.json` | Used for accessing base `bootc` images | +| BASE_IMAGE_URL | `registry.redhat.io/rhel9/rhel-bootc` | Base `bootc` image URL | +| BASE_IMAGE_TAG | `9.4` | Base `bootc` image tag | + +For example, run the following command to override the base `bootc` image default +tag when building the container image. + +```bash +make rhocp USHIFT_VER=4.16 \ + BASE_IMAGE_TAG=latest +``` + +### Clean Local MicroShift Container Images + +Run the following command to delete all the `localhost/microshift-*` container images. + +```bash +make clean +``` + +## Appendix A: Run Image Mode Containers + +> The purpose of this section is to demonstrate how to test generated MicroShift +> image mode containers. + +Log into the `RHEL 9.4 host` using the user credentials that have SUDO permissions +configured. + +The `run` target allows for running the specified `localhost/microshift-*` container +image. The target requires the `IMAGE_VER=value` argument which defines the version +of the image to be started. + +For example, run the following commands to see the available images and start +one of them. + +```bash +$ sudo podman images --format "{{.Repository}}" | grep ^localhost/microshift- +localhost/microshift-4.17.0-rc.0 +localhost/microshift-4.16.8 + +$ make run IMAGE_VER=4.16.8 +... +... +sudo podman exec -it 65339346b957c7b02353bf859b07d75a2127398266d6d3f3b2708b692745609f bash +``` + +> If the container is started successfully, the last line of the output shows a +> command to be used for logging into the running container. + +The `stop` target stops all running `microshift-*` containers. + +For example, run the following command to stop all the running MicroShift containers. + +```bash +$ make stop +... +... +microshift-4.16.8 +``` + +## Appendix B: Boot RHEL Using Image Mode Containers + +> The purpose of this section is to demonstrate how to test generated MicroShift +> image mode containers. + +Follow the procedure below to create a virtual machine using pre-built MicroShift +bootc images. A similar procedure can be used for booting physical devices. + +Log into the physical hypervisor host using the user credentials that have SUDO +permissions configured. + +### Prepare Kickstart File + +Set variables pointing to secrets that are included in `kickstart.ks`. +* `USER_PASSWD` is used to set a password for the `redhat` user +* `PULL_SECRET` file contents are copied to `/etc/crio/openshift-pull-secret` +to authenticate OpenShift registry access + +``` +USER_PASSWD= +PULL_SECRET=~/.pull-secret.json +``` + +Run the following commands to create the `kickstart.ks` file to be used during +the virtual machine installation. + +``` +cat > kickstart.ks < /etc/crio/openshift-pull-secret <<'EOF' +$(cat "${PULL_SECRET}") +EOF +chmod 600 /etc/crio/openshift-pull-secret + +%end +EOFKS +``` + +The kickstart file uses a special [ostreecontainer](https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#ostreecontainer) +directive to pull a `bootc` image from the remote registry and use it to install +the RHEL operating system. + +> Replace `registry.redhat.io/microshift-4.18-bootc:latest` with the image reference +> you would like to install. + +### Create Virtual Machine + +Download a RHEL boot ISO image from https://developers.redhat.com/products/rhel/download. +Copy the downloaded file to the `/var/lib/libvirt/images` directory. + +Run the following commands to create a RHEL virtual machine with 2 cores, 2GB of +RAM and 20GB of storage. The command uses the kickstart file prepared in the +previous step to install the RHEL operating system. + +``` +VMNAME=microshift-4.18-el94 +NETNAME=default + +sudo virt-install \ + --name ${VMNAME} \ + --vcpus 2 \ + --memory 2048 \ + --disk path=/var/lib/libvirt/images/${VMNAME}.qcow2,size=20 \ + --network network=${NETNAME},model=virtio \ + --events on_reboot=restart \ + --location "/var/lib/libvirt/images/${VMNAME}.iso" \ + --osinfo detect=on \ + --initrd-inject kickstart.ks \ + --extra-args "inst.ks=file://kickstart.ks" \ + --wait +``` + +Log into the virtual machine using the `redhat:` credentials. +Run the following command to verify that all the MicroShift pods are up and running +without errors. + +``` +watch sudo oc get pods -A \ + --kubeconfig /var/lib/microshift/resources/kubeadmin/kubeconfig +``` diff --git a/packaging/imagemode/systemd/microshift-make-rshared.service b/packaging/imagemode/systemd/microshift-make-rshared.service new file mode 100644 index 0000000000..8860d3bc29 --- /dev/null +++ b/packaging/imagemode/systemd/microshift-make-rshared.service @@ -0,0 +1,9 @@ +[Unit] +Description=Make root filesystem shared +Before=microshift.service +ConditionVirtualization=container +[Service] +Type=oneshot +ExecStart=/usr/bin/mount --make-rshared / +[Install] +WantedBy=multi-user.target