From c112bed0133bef6c19ea9064811502e41ff901ea Mon Sep 17 00:00:00 2001 From: Alejandro Gullon Date: Thu, 21 May 2026 15:55:22 +0200 Subject: [PATCH 1/3] USHIFT-6499: Switch RHEL 9.8 and 10.2 bootc images to GA repos RHEL 9.8 and 10.2 are now GA. Replace staging registry references with official registry.redhat.io images and remove pre-GA workarounds (disabled repos, mirror repo injection, BIB localhost workaround). Co-Authored-By: Claude Opus 4.6 pre-commit.check-secrets: ENABLED --- .../group1/rhel102-test-agent.containerfile | 12 ++----- .../group2/rhel102-bootc.image-bootc | 8 +---- .../group1/rhel98-test-agent.containerfile | 11 ++----- .../group2/rhel98-bootc.image-bootc | 7 +---- .../package-sources-bootc/rhel102-mirror.repo | 31 ------------------- test/package-sources-bootc/rhel98-mirror.repo | 31 ------------------- 6 files changed, 6 insertions(+), 94 deletions(-) delete mode 100644 test/package-sources-bootc/rhel102-mirror.repo delete mode 100644 test/package-sources-bootc/rhel98-mirror.repo diff --git a/test/image-blueprints-bootc/el10/layer1-base/group1/rhel102-test-agent.containerfile b/test/image-blueprints-bootc/el10/layer1-base/group1/rhel102-test-agent.containerfile index 9441297f95..7deeb1cc84 100644 --- a/test/image-blueprints-bootc/el10/layer1-base/group1/rhel102-test-agent.containerfile +++ b/test/image-blueprints-bootc/el10/layer1-base/group1/rhel102-test-agent.containerfile @@ -1,19 +1,12 @@ -FROM registry.stage.redhat.io/rhel10/rhel-bootc:10.2 +FROM registry.redhat.io/rhel10/rhel-bootc:10.2 # Build arguments ARG USHIFT_RPM_REPO_NAME=microshift-local ARG USHIFT_RPM_REPO_PATH=/tmp/$USHIFT_RPM_REPO_NAME # Configure the RPM repositories -# - No EUS repositories in staging environment -# - Disable default repositories to avoid pre-release repo access errors COPY --chmod=755 ./bootc-images/rpm-repo-config.sh /tmp/rpm-repo-config.sh -RUN /tmp/rpm-repo-config.sh --disable-all && rm -f /tmp/rpm-repo-config.sh - -# Configure the RHEL mirror RPM repositories (for use in the staging environment) -ARG RHEL_MIRROR_REPO_NAME=rhel102-mirror.repo -ARG RHEL_MIRROR_REPO_PATH=/etc/yum.repos.d/$RHEL_MIRROR_REPO_NAME -COPY --chmod=644 ./bootc-images/$RHEL_MIRROR_REPO_NAME $RHEL_MIRROR_REPO_PATH +RUN /tmp/rpm-repo-config.sh --enable-eus && rm -f /tmp/rpm-repo-config.sh # Copy the MicroShift repository contents COPY ./rpm-repos/$USHIFT_RPM_REPO_NAME $USHIFT_RPM_REPO_PATH @@ -27,4 +20,3 @@ RUN dnf install -y microshift-test-agent pcp pcp-zeroconf && \ rm -vf /etc/yum.repos.d/microshift-*.repo && \ rm -rvf $USHIFT_RPM_REPO_PATH && \ dnf clean all - diff --git a/test/image-blueprints-bootc/el10/layer1-base/group2/rhel102-bootc.image-bootc b/test/image-blueprints-bootc/el10/layer1-base/group2/rhel102-bootc.image-bootc index 49161c5354..bc99b29173 100644 --- a/test/image-blueprints-bootc/el10/layer1-base/group2/rhel102-bootc.image-bootc +++ b/test/image-blueprints-bootc/el10/layer1-base/group2/rhel102-bootc.image-bootc @@ -1,7 +1 @@ - -# TODO: Replace this by a RHEL 10.2 image when its RPM repositories are released. -# Bootc Image Builder has a limitation does not allowing it to build ISO images -# from containers that use repositories protected by credentials. Thus, we build -# from the test agent container image which uses proxy for accessing repositories. -# registry.redhat.io/rhel10/rhel-bootc:10.2 -localhost/rhel102-test-agent:latest +registry.redhat.io/rhel10/rhel-bootc:10.2 diff --git a/test/image-blueprints-bootc/el9/layer1-base/group1/rhel98-test-agent.containerfile b/test/image-blueprints-bootc/el9/layer1-base/group1/rhel98-test-agent.containerfile index 6d156f2fdb..f96c05df69 100644 --- a/test/image-blueprints-bootc/el9/layer1-base/group1/rhel98-test-agent.containerfile +++ b/test/image-blueprints-bootc/el9/layer1-base/group1/rhel98-test-agent.containerfile @@ -1,19 +1,12 @@ -FROM registry.stage.redhat.io/rhel9/rhel-bootc:9.8 +FROM registry.redhat.io/rhel9/rhel-bootc:9.8 # Build arguments ARG USHIFT_RPM_REPO_NAME=microshift-local ARG USHIFT_RPM_REPO_PATH=/tmp/$USHIFT_RPM_REPO_NAME # Configure the RPM repositories -# - No EUS repositories in staging environment -# - Disable default repositories to avoid pre-release repo access errors COPY --chmod=755 ./bootc-images/rpm-repo-config.sh /tmp/rpm-repo-config.sh -RUN /tmp/rpm-repo-config.sh --disable-all && rm -f /tmp/rpm-repo-config.sh - -# Configure the RHEL mirror RPM repositories (for use in the staging environment) -ARG RHEL_MIRROR_REPO_NAME=rhel98-mirror.repo -ARG RHEL_MIRROR_REPO_PATH=/etc/yum.repos.d/$RHEL_MIRROR_REPO_NAME -COPY --chmod=644 ./bootc-images/$RHEL_MIRROR_REPO_NAME $RHEL_MIRROR_REPO_PATH +RUN /tmp/rpm-repo-config.sh --enable-eus && rm -f /tmp/rpm-repo-config.sh # Copy the MicroShift repository contents COPY ./rpm-repos/$USHIFT_RPM_REPO_NAME $USHIFT_RPM_REPO_PATH diff --git a/test/image-blueprints-bootc/el9/layer1-base/group2/rhel98-bootc.image-bootc b/test/image-blueprints-bootc/el9/layer1-base/group2/rhel98-bootc.image-bootc index 37c2e81fd7..5f7660fd31 100644 --- a/test/image-blueprints-bootc/el9/layer1-base/group2/rhel98-bootc.image-bootc +++ b/test/image-blueprints-bootc/el9/layer1-base/group2/rhel98-bootc.image-bootc @@ -1,6 +1 @@ -# TODO: Replace this by a RHEL 9.8 image when its RPM repositories are released. -# Bootc Image Builder has a limitation does not allowing it to build ISO images -# from containers that use repositories protected by credentials. Thus, we build -# from the test agent container image which uses proxy for accessing repositories. -# registry.redhat.io/rhel9/rhel-bootc:9.8 -localhost/rhel98-test-agent:latest \ No newline at end of file +registry.redhat.io/rhel9/rhel-bootc:9.8 diff --git a/test/package-sources-bootc/rhel102-mirror.repo b/test/package-sources-bootc/rhel102-mirror.repo deleted file mode 100644 index a7eb27b06d..0000000000 --- a/test/package-sources-bootc/rhel102-mirror.repo +++ /dev/null @@ -1,31 +0,0 @@ -[rhel-10.2-appstream] -name = rhel-10.2-appstream -baseurl = http://localhost:{{ .Env.WEB_SERVER_PORT }}/ocp-mirror/reposync/4.22{{ if eq .Env.UNAME_M "aarch64" }}_aarch64{{ end }}/rhel-102-appstream -enabled = 1 -sslverify = false -gpgcheck = 0 -# Increase the priority of the RHEL mirror baseos / appstream repositories to -# ensure its packages take precedence over RHEL mirror early-kernel repositories, -# but not over RHOCP beta repositories with higher priority. -priority=60 -skip_if_unavailable = false - -[rhel-10.2-baseos] -name = rhel-10.2-baseos -baseurl = http://localhost:{{ .Env.WEB_SERVER_PORT }}/ocp-mirror/reposync/4.22{{ if eq .Env.UNAME_M "aarch64" }}_aarch64{{ end }}/rhel-102-baseos -enabled = 1 -sslverify = false -gpgcheck = 0 -# Increase the priority of the RHEL mirror baseos / appstream repositories to -# ensure its packages take precedence over RHEL mirror early-kernel repositories, -# but not over RHOCP beta repositories with higher priority. -priority=60 -skip_if_unavailable = false - -[rhel-10.2-early-kernel] -name = rhel-10.2-early-kernel -baseurl = http://localhost:{{ .Env.WEB_SERVER_PORT }}/ocp-mirror/reposync/4.22{{ if eq .Env.UNAME_M "aarch64" }}_aarch64{{ end }}/rhel-102-early-kernel -enabled = 1 -sslverify = false -gpgcheck = 0 -skip_if_unavailable = false diff --git a/test/package-sources-bootc/rhel98-mirror.repo b/test/package-sources-bootc/rhel98-mirror.repo deleted file mode 100644 index 32d2d2d93a..0000000000 --- a/test/package-sources-bootc/rhel98-mirror.repo +++ /dev/null @@ -1,31 +0,0 @@ -[rhel-9.8-appstream] -name = rhel-9.8-appstream -baseurl = http://localhost:{{ .Env.WEB_SERVER_PORT }}/ocp-mirror/reposync/4.22{{ if eq .Env.UNAME_M "aarch64" }}_aarch64{{ end }}/rhel-98-appstream -enabled = 1 -sslverify = false -gpgcheck = 0 -# Increase the priority of the RHEL mirror baseos / appstream repositories to -# ensure its packages take precedence over RHEL mirror early-kernel repositories, -# but not over RHOCP beta repositories with higher priority. -priority=60 -skip_if_unavailable = false - -[rhel-9.8-baseos] -name = rhel-9.8-baseos -baseurl = http://localhost:{{ .Env.WEB_SERVER_PORT }}/ocp-mirror/reposync/4.22{{ if eq .Env.UNAME_M "aarch64" }}_aarch64{{ end }}/rhel-98-baseos -enabled = 1 -sslverify = false -gpgcheck = 0 -# Increase the priority of the RHEL mirror baseos / appstream repositories to -# ensure its packages take precedence over RHEL mirror early-kernel repositories, -# but not over RHOCP beta repositories with higher priority. -priority=60 -skip_if_unavailable = false - -[rhel-9.8-early-kernel] -name = rhel-9.8-early-kernel -baseurl = http://localhost:{{ .Env.WEB_SERVER_PORT }}/ocp-mirror/reposync/4.22{{ if eq .Env.UNAME_M "aarch64" }}_aarch64{{ end }}/rhel-98-early-kernel -enabled = 1 -sslverify = false -gpgcheck = 0 -skip_if_unavailable = false From 585fff80f672d66505430d1d9dc14a9b3945cee8 Mon Sep 17 00:00:00 2001 From: Alejandro Gullon Date: Thu, 21 May 2026 15:55:37 +0200 Subject: [PATCH 2/3] USHIFT-6499: OStree pipeline cleanup for RHEL 9.8 GA Now that the build host runs RHEL 9.8: - Re-enable GPG checks in ostree package sources (rhocp-y, rhocp-y1, rhocp-y2, fast-datapath) as indicated by existing TODO comments - Fix rhel98-installer to use rhel-9.8 instead of rhel-9.7 workaround - Remove all pre-GA workarounds from configure-composer.sh: enable_copr_repositories, disable_gpg_check, and enable_ocp_mirror_repositories with their function definitions Co-Authored-By: Claude Opus 4.6 pre-commit.check-secrets: ENABLED --- scripts/devenv-builder/configure-composer.sh | 74 +------------------ .../group2/rhel98-installer.image-installer | 5 +- test/package-sources/fast-datapath-rhel9.toml | 3 +- test/package-sources/rhocp-y.toml | 3 +- test/package-sources/rhocp-y1.toml | 3 +- test/package-sources/rhocp-y2.toml | 3 +- 6 files changed, 6 insertions(+), 85 deletions(-) diff --git a/scripts/devenv-builder/configure-composer.sh b/scripts/devenv-builder/configure-composer.sh index 2b785131d4..f6d25fa41f 100755 --- a/scripts/devenv-builder/configure-composer.sh +++ b/scripts/devenv-builder/configure-composer.sh @@ -4,22 +4,11 @@ set -euxo pipefail SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" DNF_RETRY="${SCRIPTDIR}/../dnf_retry.sh" -enable_copr_repositories() { - local -r version_id=$1 - local -r version_id_major="$(awk -F. '{print $1}' <<< "${version_id}")" - - sudo dnf copr enable -y @osbuild/osbuild-composer "rhel-${version_id_major}-$(uname -m)" - sudo dnf copr enable -y @osbuild/osbuild "epel-${version_id_major}-$(uname -m)" -} - install_and_configure_composer() { local -r version_id=$1 local -r version_id_major="$(awk -F. '{print $1}' <<< "${version_id}")" - # The osbuild packages may come from 'copr' repositories. - # They are installed separately to resolve potential RPM package dependency - # conflicts with the system packages. - "${DNF_RETRY}" "install" "--nobest osbuild osbuild-composer" + "${DNF_RETRY}" "install" "osbuild osbuild-composer" "${DNF_RETRY}" "install" \ "git composer-cli ostree rpm-ostree \ cockpit-composer bash-completion podman runc genisoimage \ @@ -144,59 +133,6 @@ EOF fi } -disable_gpg_check() { - local -r composer_config=$1 - - sudo cp "${composer_config}" "${composer_config}.with-gpg-check" - sudo sed -i 's;"check_gpg": true;"check_gpg": false;g' "${composer_config}" -} - -enable_ocp_mirror_repositories() { - local -r version_id=$1 - local -r composer_config=$3 - - local version_id_ocp=$2 - if [ "$(uname -m)" = "aarch64" ]; then - version_id_ocp="${version_id_ocp}_aarch64" - fi - - # Check if OCP mirror credentials are present - local -r ocp_mirror_ufile="${HOME}/.ocp_mirror_username" - local -r ocp_mirror_pfile="${HOME}/.ocp_mirror_password" - if ! [ -f "${ocp_mirror_ufile}" ] || ! [ -f "${ocp_mirror_pfile}" ]; then - echo "WARNING: OCP mirror credentials are not present" - return - fi - - # Read the OCP mirror credentials from the files - local -r ocp_mirror_username=$(cat "${ocp_mirror_ufile}") - local -r ocp_mirror_password=$(cat "${ocp_mirror_pfile}") - local -r version_id_short="$(tr -d '.' <<< "${version_id}")" - - # Create the configuration file in the composer configuration directory - sudo mkdir -p "$(dirname "${composer_config}")" - sudo tee "${composer_config}" &>/dev/null < Date: Thu, 21 May 2026 15:55:49 +0200 Subject: [PATCH 3/3] USHIFT-6499: Switch DevEnv defaults to RHEL 9.8 Update default RHEL version for development VMs and AWS stacks from 9.4 to 9.8 now that RHEL 9.8 is GA. Fix stale 9.2 references in cloud and quay mirror documentation. Co-Authored-By: Claude Opus 4.6 pre-commit.check-secrets: ENABLED --- docs/contributor/devenv_cloud.md | 2 +- docs/contributor/devenv_setup.md | 2 +- docs/contributor/howto_quay_mirror.md | 2 +- scripts/aws/manage_aws_stack.sh | 4 ++-- scripts/devenv-builder/manage-vm.sh | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/contributor/devenv_cloud.md b/docs/contributor/devenv_cloud.md index 1f61a7a4dc..d0f359a43c 100644 --- a/docs/contributor/devenv_cloud.md +++ b/docs/contributor/devenv_cloud.md @@ -143,7 +143,7 @@ Run the following command to create a new virtual machine using **nested** virtu ```bash VMNAME=microshift-bench -ISO="/var/lib/libvirt/images/rhel-9.2-$(uname -m)-dvd.iso" +ISO="/var/lib/libvirt/images/rhel-9.8-$(uname -m)-dvd.iso" export NCPUS=2 export RAMSIZE=2 diff --git a/docs/contributor/devenv_setup.md b/docs/contributor/devenv_setup.md index c19d7ef5b8..b675122b7f 100644 --- a/docs/contributor/devenv_setup.md +++ b/docs/contributor/devenv_setup.md @@ -4,7 +4,7 @@ in a virtual machine. ## Create Development Virtual Machine Start by downloading one of the DVD ISO images for the `x86_64` or `aarch64` architecture: -* RHEL 9.4 from https://developers.redhat.com/products/rhel/download +* RHEL 9.8 from https://developers.redhat.com/products/rhel/download * CentOS 9 Stream from https://www.centos.org/download ### Creating VM diff --git a/docs/contributor/howto_quay_mirror.md b/docs/contributor/howto_quay_mirror.md index c2df4f65c9..2a0ead60d1 100644 --- a/docs/contributor/howto_quay_mirror.md +++ b/docs/contributor/howto_quay_mirror.md @@ -41,7 +41,7 @@ export DISKSIZE=30 export SWAPSIZE=0 VMNAME=microshift-quay -ISO=/var/lib/libvirt/images/rhel-9.2-$(uname -m)-dvd.iso +ISO=/var/lib/libvirt/images/rhel-9.8-$(uname -m)-dvd.iso ./scripts/devenv-builder/manage-vm.sh create -n ${VMNAME} -i ${ISO} ``` diff --git a/scripts/aws/manage_aws_stack.sh b/scripts/aws/manage_aws_stack.sh index 004e908673..7e045d8ee5 100755 --- a/scripts/aws/manage_aws_stack.sh +++ b/scripts/aws/manage_aws_stack.sh @@ -178,7 +178,7 @@ Arguments: the latest build will be selected. [--os ]: (create/ami only) specific version of RHEL, - e.g. 'rhel-9.3'. Defaults to rhel-9.4. + e.g. 'rhel-9.3'. Defaults to rhel-9.8. [--arch ]: (ami only) Filter AMIs based on arch. Must be one of: x86_64, arm64. Lists all when not set. @@ -199,7 +199,7 @@ inst_type="" region="" pub_key="${HOME}/.ssh/id_rsa.pub" ami="" -os="rhel-9.4" +os="rhel-9.8" arch="" while [ $# -gt 0 ]; do diff --git a/scripts/devenv-builder/manage-vm.sh b/scripts/devenv-builder/manage-vm.sh index 0502d45f7b..39e9c7ca69 100755 --- a/scripts/devenv-builder/manage-vm.sh +++ b/scripts/devenv-builder/manage-vm.sh @@ -56,7 +56,7 @@ function get_base_isofile { echo "rhel-${rhel_version}-$(uname -m)-dvd.iso" ;; 9) - echo "rhel-9.4-$(uname -m)-dvd.iso" + echo "rhel-9.8-$(uname -m)-dvd.iso" ;; 9.*) echo "rhel-${rhel_version}-$(uname -m)-dvd.iso"