USHIFT-6499: Switch RHEL 9.8 and 10.2 bootc images to GA repos

docs/contributor/devenv_cloud.md

@@ -143,7 +143,7 @@ Run the following command to create a new virtual machine using **nested** virtu
 
 ```bash
 VMNAME=microshift-bench
-ISO="/var/lib/libvirt/images/rhel-9.2-$(uname -m)-dvd.iso"
+ISO="/var/lib/libvirt/images/rhel-9.8-$(uname -m)-dvd.iso"
 
 export NCPUS=2
 export RAMSIZE=2

docs/contributor/devenv_setup.md

@@ -4,7 +4,7 @@ in a virtual machine.
 
 ## Create Development Virtual Machine
 Start by downloading one of the DVD ISO images for the `x86_64` or `aarch64` architecture:
-* RHEL 9.4 from https://developers.redhat.com/products/rhel/download
+* RHEL 9.8 from https://developers.redhat.com/products/rhel/download
 * CentOS 9 Stream from https://www.centos.org/download
 
 ### Creating VM

docs/contributor/howto_quay_mirror.md

@@ -41,7 +41,7 @@ export DISKSIZE=30
 export SWAPSIZE=0
 
 VMNAME=microshift-quay
-ISO=/var/lib/libvirt/images/rhel-9.2-$(uname -m)-dvd.iso
+ISO=/var/lib/libvirt/images/rhel-9.8-$(uname -m)-dvd.iso
 
 ./scripts/devenv-builder/manage-vm.sh create -n ${VMNAME} -i ${ISO}
 ```

scripts/aws/manage_aws_stack.sh

@@ -178,7 +178,7 @@ Arguments:
                             the latest build will be selected.
 
     [--os <os>]:            (create/ami only) specific version of RHEL, 
-                            e.g. 'rhel-9.3'. Defaults to rhel-9.4.
+                            e.g. 'rhel-9.3'. Defaults to rhel-9.8.
 
     [--arch <arch>]:        (ami only) Filter AMIs based on arch. Must be 
                             one of: x86_64, arm64. Lists all when not set.
@@ -199,7 +199,7 @@ inst_type=""
 region=""
 pub_key="${HOME}/.ssh/id_rsa.pub"
 ami=""
-os="rhel-9.4"
+os="rhel-9.8"
 arch=""
 
 while [ $# -gt 0 ]; do

scripts/devenv-builder/configure-composer.sh

@@ -4,22 +4,11 @@ set -euxo pipefail
 SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 DNF_RETRY="${SCRIPTDIR}/../dnf_retry.sh"
 
-enable_copr_repositories() {
-    local -r version_id=$1
-    local -r version_id_major="$(awk -F. '{print $1}' <<< "${version_id}")"
-
-    sudo dnf copr enable -y @osbuild/osbuild-composer "rhel-${version_id_major}-$(uname -m)"
-    sudo dnf copr enable -y @osbuild/osbuild          "epel-${version_id_major}-$(uname -m)"
-}
-
 install_and_configure_composer() {
     local -r version_id=$1
     local -r version_id_major="$(awk -F. '{print $1}' <<< "${version_id}")"
 
-    # The osbuild packages may come from 'copr' repositories.
-    # They are installed separately to resolve potential RPM package dependency
-    # conflicts with the system packages.
-    "${DNF_RETRY}" "install" "--nobest osbuild osbuild-composer"
+    "${DNF_RETRY}" "install" "osbuild osbuild-composer"
     "${DNF_RETRY}" "install" \
         "git composer-cli ostree rpm-ostree \
         cockpit-composer bash-completion podman runc genisoimage \
@@ -144,59 +133,6 @@ EOF
     fi
 }
 
-disable_gpg_check() {
-    local -r composer_config=$1
-
-    sudo cp "${composer_config}" "${composer_config}.with-gpg-check"
-    sudo sed -i 's;"check_gpg": true;"check_gpg": false;g' "${composer_config}"
-}
-
-enable_ocp_mirror_repositories() {
-    local -r version_id=$1
-    local -r composer_config=$3
-
-    local version_id_ocp=$2
-    if [ "$(uname -m)" = "aarch64" ]; then
-        version_id_ocp="${version_id_ocp}_aarch64"
-    fi
-
-    # Check if OCP mirror credentials are present
-    local -r ocp_mirror_ufile="${HOME}/.ocp_mirror_username"
-    local -r ocp_mirror_pfile="${HOME}/.ocp_mirror_password"
-    if ! [ -f "${ocp_mirror_ufile}" ] || ! [ -f "${ocp_mirror_pfile}" ]; then
-        echo "WARNING: OCP mirror credentials are not present"
-        return
-    fi
-
-    # Read the OCP mirror credentials from the files
-    local -r ocp_mirror_username=$(cat "${ocp_mirror_ufile}")
-    local -r ocp_mirror_password=$(cat "${ocp_mirror_pfile}")
-    local -r version_id_short="$(tr -d '.' <<< "${version_id}")"
-
-    # Create the configuration file in the composer configuration directory
-    sudo mkdir -p "$(dirname "${composer_config}")"
-    sudo tee "${composer_config}" &>/dev/null <<EOF
-{
-  "$(uname -m)": [
-    {
-      "name": "baseos",
-      "baseurl": "https://${ocp_mirror_username}:${ocp_mirror_password}@mirror2.openshift.com/enterprise/reposync/${version_id_ocp}/rhel-${version_id_short}-baseos/",
-      "rhsm": false,
-      "check_gpg": false
-    },
-    {
-      "name": "appstream",
-      "baseurl": "https://${ocp_mirror_username}:${ocp_mirror_password}@mirror2.openshift.com/enterprise/reposync/${version_id_ocp}/rhel-${version_id_short}-appstream/",
-      "rhsm": false,
-      "check_gpg": false
-    }
-  ]
-}
-EOF
-    sudo chmod 0640 "${composer_config}"
-    sudo chgrp _osbuild-composer "${composer_config}"
-}
-
 #
 # Main
 #
@@ -205,21 +141,13 @@ EOF
 source /etc/os-release
 
 # shellcheck disable=SC2153
-enable_copr_repositories       "${VERSION_ID}"
 install_and_configure_composer "${VERSION_ID}"
 check_umask_and_permissions
 
 # Configure repositories for the current OS
 enable_rt_repositories          "${VERSION_ID}" "/etc/osbuild-composer/repositories/rhel-${VERSION_ID}.json"
 enable_beta_or_eus_repositories "${VERSION_ID}" "/etc/osbuild-composer/repositories/rhel-${VERSION_ID}.json"
 
-# Disable GPG check for all repositories to work around the issue with signing
-# across different OS versions due to the introduction of post-quantum keys
-disable_gpg_check "/etc/osbuild-composer/repositories/rhel-${VERSION_ID}.json"
-
-# Configure OCP mirror repositories for pre-release versions
-enable_ocp_mirror_repositories "9.8" "4.22" "/etc/osbuild-composer/repositories/rhel-9.8.json"
-
 # This step must come in the end to make sure all the potential configuration
 # changes are picked up by the service
 enable_or_restart_composer_services

scripts/devenv-builder/manage-vm.sh

@@ -56,7 +56,7 @@ function get_base_isofile {
             echo "rhel-${rhel_version}-$(uname -m)-dvd.iso"
             ;;
         9)
-            echo "rhel-9.4-$(uname -m)-dvd.iso"
+            echo "rhel-9.8-$(uname -m)-dvd.iso"
             ;;
         9.*)
             echo "rhel-${rhel_version}-$(uname -m)-dvd.iso"

test/image-blueprints-bootc/el10/layer1-base/group1/rhel102-test-agent.containerfile

@@ -1,19 +1,12 @@
-FROM registry.stage.redhat.io/rhel10/rhel-bootc:10.2
+FROM registry.redhat.io/rhel10/rhel-bootc:10.2
 
 # Build arguments
 ARG USHIFT_RPM_REPO_NAME=microshift-local
 ARG USHIFT_RPM_REPO_PATH=/tmp/$USHIFT_RPM_REPO_NAME
 
 # Configure the RPM repositories
-# - No EUS repositories in staging environment
-# - Disable default repositories to avoid pre-release repo access errors
 COPY --chmod=755 ./bootc-images/rpm-repo-config.sh /tmp/rpm-repo-config.sh
-RUN /tmp/rpm-repo-config.sh --disable-all && rm -f /tmp/rpm-repo-config.sh
-
-# Configure the RHEL mirror RPM repositories (for use in the staging environment)
-ARG RHEL_MIRROR_REPO_NAME=rhel102-mirror.repo
-ARG RHEL_MIRROR_REPO_PATH=/etc/yum.repos.d/$RHEL_MIRROR_REPO_NAME
-COPY --chmod=644 ./bootc-images/$RHEL_MIRROR_REPO_NAME $RHEL_MIRROR_REPO_PATH
+RUN /tmp/rpm-repo-config.sh --enable-eus && rm -f /tmp/rpm-repo-config.sh
 
 # Copy the MicroShift repository contents
 COPY ./rpm-repos/$USHIFT_RPM_REPO_NAME $USHIFT_RPM_REPO_PATH
@@ -27,4 +20,3 @@ RUN dnf install -y microshift-test-agent pcp pcp-zeroconf && \
     rm -vf /etc/yum.repos.d/microshift-*.repo && \
     rm -rvf $USHIFT_RPM_REPO_PATH && \
     dnf clean all
-

test/image-blueprints-bootc/el10/layer1-base/group2/rhel102-bootc.image-bootc

@@ -1,7 +1 @@
-
-# TODO: Replace this by a RHEL 10.2 image when its RPM repositories are released.
-# Bootc Image Builder has a limitation does not allowing it to build ISO images
-# from containers that use repositories protected by credentials. Thus, we build
-# from the test agent container image which uses proxy for accessing repositories.
-# registry.redhat.io/rhel10/rhel-bootc:10.2
-localhost/rhel102-test-agent:latest
+registry.redhat.io/rhel10/rhel-bootc:10.2

test/image-blueprints-bootc/el9/layer1-base/group1/rhel98-test-agent.containerfile

@@ -1,19 +1,12 @@
-FROM registry.stage.redhat.io/rhel9/rhel-bootc:9.8
+FROM registry.redhat.io/rhel9/rhel-bootc:9.8
 
 # Build arguments
 ARG USHIFT_RPM_REPO_NAME=microshift-local
 ARG USHIFT_RPM_REPO_PATH=/tmp/$USHIFT_RPM_REPO_NAME
 
 # Configure the RPM repositories
-# - No EUS repositories in staging environment
-# - Disable default repositories to avoid pre-release repo access errors
 COPY --chmod=755 ./bootc-images/rpm-repo-config.sh /tmp/rpm-repo-config.sh
-RUN /tmp/rpm-repo-config.sh --disable-all && rm -f /tmp/rpm-repo-config.sh
-
-# Configure the RHEL mirror RPM repositories (for use in the staging environment)
-ARG RHEL_MIRROR_REPO_NAME=rhel98-mirror.repo
-ARG RHEL_MIRROR_REPO_PATH=/etc/yum.repos.d/$RHEL_MIRROR_REPO_NAME
-COPY --chmod=644 ./bootc-images/$RHEL_MIRROR_REPO_NAME $RHEL_MIRROR_REPO_PATH
+RUN /tmp/rpm-repo-config.sh --enable-eus && rm -f /tmp/rpm-repo-config.sh
 
 # Copy the MicroShift repository contents
 COPY ./rpm-repos/$USHIFT_RPM_REPO_NAME $USHIFT_RPM_REPO_PATH

test/image-blueprints-bootc/el9/layer1-base/group2/rhel98-bootc.image-bootc

@@ -1,6 +1 @@
-# TODO: Replace this by a RHEL 9.8 image when its RPM repositories are released.
-# Bootc Image Builder has a limitation does not allowing it to build ISO images
-# from containers that use repositories protected by credentials. Thus, we build
-# from the test agent container image which uses proxy for accessing repositories.
-# registry.redhat.io/rhel9/rhel-bootc:9.8
-localhost/rhel98-test-agent:latest
+registry.redhat.io/rhel9/rhel-bootc:9.8

test/image-blueprints-bootc/el9/layer1-base/group2/rhel98-installer.image-installer

@@ -1,4 +1 @@
-
-# TODO: Replace this by a RHEL 9.8 image when its RPM repositories are released.
-# rhel-9.8
-rhel-9.7
+rhel-9.8

test/package-sources/fast-datapath-rhel9.toml

@@ -2,8 +2,7 @@ id = "fast-datapath"
 name = "Fast Datapath for RHEL 9"
 type = "yum-baseurl"
 url = "https://cdn.redhat.com/content/dist/layered/rhel9/{{ .Env.UNAME_M }}/fast-datapath/os"
-# Reenable GPG check when build platform switches to RHEL 9.8
-check_gpg = false
+check_gpg = true
 check_ssl = true
 system = false
 rhsm = true

test/package-sources/rhocp-y.toml

@@ -3,8 +3,7 @@ id = "rhocp-y"
 name = "Red Hat OpenShift Container Platform {{ .Env.RHOCP_MAJOR_Y }}.{{ .Env.RHOCP_MINOR_Y }} for RHEL 9"
 type = "yum-baseurl"
 url = "https://cdn.redhat.com/content/dist/layered/rhel9/{{ .Env.UNAME_M }}/rhocp/{{ .Env.RHOCP_MAJOR_Y }}.{{ .Env.RHOCP_MINOR_Y }}/os"
-# Reenable GPG check when build platform switches to RHEL 9.8
-check_gpg = false
+check_gpg = true
 check_ssl = true
 system = false
 rhsm = true

test/package-sources/rhocp-y1.toml

@@ -3,8 +3,7 @@ id = "rhocp-y1"
 name = "Red Hat OpenShift Container Platform {{ .Env.RHOCP_MAJOR_Y1 }}.{{ .Env.RHOCP_MINOR_Y1 }} for RHEL 9"
 type = "yum-baseurl"
 url = "https://cdn.redhat.com/content/dist/layered/rhel9/{{ .Env.UNAME_M }}/rhocp/{{ .Env.RHOCP_MAJOR_Y1 }}.{{ .Env.RHOCP_MINOR_Y1 }}/os"
-# Reenable GPG check when build platform switches to RHEL 9.8
-check_gpg = false
+check_gpg = true
 check_ssl = true
 system = false
 rhsm = true

test/package-sources/rhocp-y2.toml

@@ -3,8 +3,7 @@ id = "rhocp-y2"
 name = "Red Hat OpenShift Container Platform {{ .Env.RHOCP_MAJOR_Y2 }}.{{ .Env.RHOCP_MINOR_Y2 }} for RHEL 9"
 type = "yum-baseurl"
 url = "https://cdn.redhat.com/content/dist/layered/rhel9/{{ .Env.UNAME_M }}/rhocp/{{ .Env.RHOCP_MAJOR_Y2 }}.{{ .Env.RHOCP_MINOR_Y2 }}/os"
-# Reenable GPG check when build platform switches to RHEL 9.8
-check_gpg = false
+check_gpg = true
 check_ssl = true
 system = false
 rhsm = true