test: test root user setup #363
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mvo5
force-pushed
the
test-root-customizations
branch
2 times, most recently
from
a52b2c8
to
7f55f24
Compare
mvo5
force-pushed
the
test-root-customizations
branch
from
5c15ead
to
7325f31
Compare
mvo5
force-pushed
the
test-root-customizations
branch
from
7325f31
to
40912b6
Compare
achilleas-k
previously approved these changes
May 3, 2024
mvo5
force-pushed
the
test-root-customizations
branch
2 times, most recently
from
d3a379c
to
00d7193
Compare
achilleas-k
approved these changes
May 6, 2024
achilleas-k
requested changes
May 6, 2024
mvo5
force-pushed
the
test-root-customizations
branch
from
18b544d
to
3425576
Compare
mvo5
added a commit
to mvo5/osbuild
that referenced
this pull request
May 6, 2024
There was a bug found in osbuild/bootc-image-builder#363 where a stray newlnine in the ssh key broke the kickstart file.
This allows us to test our customization with something actually really useful as it will give us easier debug when test runs fail.
With ssh a root login is only possible via a sshkey. So let's support this so that we can run `bootc status` which requires root privs. With the switch to bootc we need to adjust the testing. We inject a root ssh key now and just use that for login.
mvo5
force-pushed
the
test-root-customizations
branch
from
3425576
to
65faf11
Compare
I removed the fixup commit now and fixed the bug in the PR that prevented the tests from working - it turns out we wrote invalid kickstart files because the keyfile read from disk contained a (not stripped) newline at the end and with the kickstart file looked somehting like: I opened osbuild/osbuild#1772 with one idea |
achilleas-k
approved these changes
May 7, 2024
mvo5
added a commit
to mvo5/osbuild
that referenced
this pull request
May 16, 2024
There was a bug in osbuild/bootc-image-builder#363 where a stray newlnine in the ssh key broke the kickstart file. The isse is that when auto-generating the config.json for an ssh keyfile it's easy to accidentally include the final `\n` in the ssh key json string. This will break in very non-obvious ways, i.e. the image will be generated but the kickstart file is broken because now it looks like: ``` sshkey --username foo "ssh-key " ``` which make the kickstart invalid but that is only discovered much later when the image booted (or even later after the installer put the kickstart into the target system). We probably want to disallow `\n` in any kickstart option via the schema as I don't see how this could possibly not break.
mvo5
added a commit
to mvo5/osbuild
that referenced
this pull request
May 16, 2024
There was a bug in osbuild/bootc-image-builder#363 where a stray newlnine in the ssh key broke the kickstart file. The isse is that when auto-generating the config.json for an ssh keyfile it's easy to accidentally include the final `\n` in the ssh key json string. This will break in very non-obvious ways, i.e. the image will be generated but the kickstart file is broken because now it looks like: ``` sshkey --username foo "ssh-key " ``` which make the kickstart invalid but that is only discovered much later when the image booted (or even later after the installer put the kickstart into the target system). This commit runs `ksvalidator` (if available) to detect this kind of issue early. It requires `pykickstart` in the buildroot but that seems to be not too bad as we already have `python3-kickstart` in our buildroots AFAICT (unless I read the manifest-db incorrectly). So it does require an extra tweak to `images` before it's fully useful.
mvo5
added a commit
to mvo5/osbuild
that referenced
this pull request
May 16, 2024
There was a bug in osbuild/bootc-image-builder#363 where a stray newlnine in the ssh key broke the kickstart file. The isse is that when auto-generating the config.json for an ssh keyfile it's easy to accidentally include the final `\n` in the ssh key json string. This will break in very non-obvious ways, i.e. the image will be generated but the kickstart file is broken because now it looks like: ``` sshkey --username foo "ssh-key " ``` which make the kickstart invalid but that is only discovered much later when the image booted (or even later after the installer put the kickstart into the target system). This commit runs `ksvalidator` (if available) to detect this kind of issue early. It requires `pykickstart` in the buildroot but that seems to be not too bad as we already have `python3-kickstart` in our buildroots AFAICT (unless I read the manifest-db incorrectly). So it does require an extra tweak to `images` before it's fully useful.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
A continuation of #357 - the root user is used to do a
bootc statusinside the booted container to ensure the setup is correct. This is nicer then the previoussudoapproach and it has the added benefit of testing the root user creation/setup during the build too.