Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

COS-2692: Add new variants to enable pure CentOS Stream/RHEL CoreOS builds, add Containerfile for layered OKD/OCP builds #1445

Merged
merged 3 commits into from
May 29, 2024

Conversation

jlebon
Copy link
Member

@jlebon jlebon commented Feb 21, 2024

Add new okd-c9s and ocp-rhel-9.4 variants

To make introducing the base RHCOS/SCOS images safer, let's create two
new variants: okd-c9s and ocp-rhel-9.4. These variants are cloned
from the existing c9s and rhel-9.4 variants to start.

The new variants will track the status quo: building SCOS/RHCOS with the
OpenShift components baked in (hence the okd/ocp prefixes). This is
what the pipeline will keep building.

Meanwhile, what is currently the c9s and rhel-9.4` variants will
become the new base SCOS/RHCOS streams containing purely CentOS
Stream/RHEL content.

The default variant is still ocp-rhel-9.4 for now.


Make c9s and rhel-9.4 variants be pure C9S/RHEL 9.4 content

This is the second step now in this switcheroo dance (see previous
commit). We make the c9s and rhel-9.4 variants contain only C9S/
RHEL 9.4 content and then make the okd-c9s and ocp-rhel-9.4 variants
inherit from those and add the OCP-specific stuff.


Containerfile: new file

This Containerfile allows us to build the OpenShift node image on top
of the base RHCOS/SCOS image (i.e. built from the c9s or rhel-9.4
image).

Currently, the resulting image is at parity with the base image you'd
get from building the okd-c9s or ocp-rhel-9.4 variant. In the
future, those variants will go away and this will become the only way to
build the node image.

Part of: #799

@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Feb 21, 2024
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Feb 21, 2024
Copy link
Contributor

openshift-ci bot commented Feb 21, 2024

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@openshift-merge-robot openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Feb 21, 2024
@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 21, 2024
jlebon added a commit to jlebon/coreos-assembler that referenced this pull request Feb 21, 2024
jlebon added a commit to jlebon/coreos-assembler that referenced this pull request Feb 21, 2024
This is part of openshift/os#1445.

Those tests are all actually testing OCP components. In the new model,
they should be run against an OCP layered image instead.
jlebon added a commit to jlebon/fedora-coreos-config that referenced this pull request Feb 21, 2024
We don't have to be super strict here in how we find the bootloader
entry. There should only be one, so simplify the logic using a glob
instead.

Motivated by the fact that this will break otherwise as part of
openshift/os#1445 where the `ID` will be
`centos`, but the stateroot will still be `scos`.
jlebon added a commit to jlebon/fedora-coreos-config that referenced this pull request Feb 21, 2024
The `ID` will change to `centos` as part of
openshift/os#1445.
@jlebon
Copy link
Member Author

jlebon commented Feb 21, 2024

The major gap left for this is adapting the pipeline to build the layered OCP image.

@LorbusChris
Copy link
Member

/cc @lmzuccarelli @aguidirh @sherine-k
we'll have make sure okd-coreos-pipeline is adapted accordingly

jlebon added a commit to coreos/fedora-coreos-config that referenced this pull request Feb 22, 2024
We don't have to be super strict here in how we find the bootloader
entry. There should only be one, so simplify the logic using a glob
instead.

Motivated by the fact that this will break otherwise as part of
openshift/os#1445 where the `ID` will be
`centos`, but the stateroot will still be `scos`.
jlebon added a commit to coreos/fedora-coreos-config that referenced this pull request Feb 22, 2024
The `ID` will change to `centos` as part of
openshift/os#1445.
@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Feb 29, 2024
@cgwalters cgwalters self-assigned this Mar 1, 2024
Copy link
Member

@cgwalters cgwalters left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just skimming, LGTM at a high level

jlebon added a commit to jlebon/coreos-assembler that referenced this pull request Mar 5, 2024
This is part of openshift/os#1445.

Those tests are all actually testing OCP components. In the new model,
they should be run against an OCP layered image instead. Add a tag on
them so that we'll be able to run them separately.
@jlebon jlebon changed the title Make c9s variant contain c9s content only, no OCP content COS-2692: Make c9s variant contain c9s content only, no OCP content Mar 5, 2024
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Mar 5, 2024
@openshift-ci-robot
Copy link

openshift-ci-robot commented Mar 5, 2024

@jlebon: This pull request references COS-2692 which is a valid jira issue.

In response to this:

This is a first stab at #799, aimed at the c9s variant to start.

In this model, the base (container and disk) images we build in the
pipeline do not contain any OCP-specific details. The compose is made up
purely of RPMs coming out directly from the c9s pungi composes.

Let's go over details of this in bullet form:

  1. To emphasize the binding to c9s composes, we change the versioning
    scheme: the version string is now exactly the same version as the
    pungi compose from which we've built (well, we do add a .N field
    because we want to be able to rebuild multiple times on top of the
    same base pungi compose). It's almost like if our builds are part of
    the c9s pungi composes directly. (And maybe one day they will be...)
    This is implemented using a versionary script that queries compose
    info.
  2. We no longer include packages-openshift.yaml: this has all the OCP
    stuff that we want to do in a layered build instead.
  3. We no longer completely rewrite /etc/os-release. The host is
    image-mode CentOS Stream and e.g. ID will now say centos.
    However, we do still inject VARIANT and VARIANT_ID fields to
    note that it's of the CoreOS kind. We should probably actually match
    FCOS here and properly add a CoreOS variant in the centos-release
    package.
  4. Tests which have to do with the OpenShift layer now have the required
    tag openshift. This means that it'll no longer run in the default
    set of kola tests. When building the derived image, we will run just
    those tests using kola run --tag openshift --oscontainer ....

Note that to make this work, OCP itself still needs to actually have
that derived image containing the OCP bits. For now, we will build this
in the pipelines (as a separate artifact that we push to the repos) but
the eventual goal is that we'd split that out of the pipeline and have
it be more like how the rest of OCP is built (using Prow/OSBS/Konflux).

Note also we don't currently build the c9s variant in the pipelines but
this is a long time overdue IMO.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

jlebon added a commit to coreos/coreos-assembler that referenced this pull request Mar 6, 2024
This is part of openshift/os#1445.

Those tests are all actually testing OCP components. In the new model,
they should be run against an OCP layered image instead. Add a tag on
them so that we'll be able to run them separately.
@jlebon
Copy link
Member Author

jlebon commented May 16, 2024

So one way to verify that this doesn't change anything consequential in the ocp-rhel-9.4 variant is to do a full diff of the ostree checkout of builds on master vs on this PR:

$ ostree checkout -U 416.94.202405140214-0 416.94.202405140214-0 # build on master
$ ostree checkout -U 416.94.202405141630-0 416.94.202405141630-0 # build on this PR
$ git diff --no-index 416.94.202405140214-0 416.94.202405141630-0
diff --git a/416.94.202405140214-0/usr/etc/motd b/416.94.202405141630-0/usr/etc/motd
index 9b7963d..be4f12b 100644
--- a/416.94.202405140214-0/usr/etc/motd
+++ b/416.94.202405141630-0/usr/etc/motd
@@ -1,4 +1,4 @@
-Red Hat Enterprise Linux CoreOS 416.94.202405140214-0
+Red Hat Enterprise Linux CoreOS 416.94.202405141630-0
   Part of OpenShift 4.16, RHCOS is a Kubernetes-native operating system
   managed by the Machine Config Operator (`clusteroperator/machine-config`).
 
diff --git a/416.94.202405140214-0/usr/etc/nvme/hostid b/416.94.202405141630-0/usr/etc/nvme/hostid
index 17397b3..d4a6f03 100644
--- a/416.94.202405140214-0/usr/etc/nvme/hostid
+++ b/416.94.202405141630-0/usr/etc/nvme/hostid
@@ -1 +1 @@
-170647b0-2e83-456d-acba-7fe18da81580
+da0b2c64-b00b-4c6e-a8bf-fe1428078775
diff --git a/416.94.202405140214-0/usr/etc/nvme/hostnqn b/416.94.202405141630-0/usr/etc/nvme/hostnqn
index eacacf7..4d2d7d9 100644
--- a/416.94.202405140214-0/usr/etc/nvme/hostnqn
+++ b/416.94.202405141630-0/usr/etc/nvme/hostnqn
@@ -1 +1 @@
-nqn.2014-08.org.nvmexpress:uuid:170647b0-2e83-456d-acba-7fe18da81580
+nqn.2014-08.org.nvmexpress:uuid:da0b2c64-b00b-4c6e-a8bf-fe1428078775
diff --git a/416.94.202405140214-0/usr/etc/pki/ca-trust/extracted/java/cacerts b/416.94.202405141630-0/usr/etc/pki/ca-trust/extracted/java/cacerts
index 6209c84..887550c 100644
Binary files a/416.94.202405140214-0/usr/etc/pki/ca-trust/extracted/java/cacerts and b/416.94.202405141630-0/usr/etc/pki/ca-trust/extracted/java/cacerts differ
diff --git a/416.94.202405140214-0/usr/lib/modules/5.14.0-427.16.1.el9_4.x86_64/initramfs.img b/416.94.202405141630-0/usr/lib/modules/5.14.0-427.16.1.el9_4.x86_64/initramfs.img
index 3f76681..0150375 100644
Binary files a/416.94.202405140214-0/usr/lib/modules/5.14.0-427.16.1.el9_4.x86_64/initramfs.img and b/416.94.202405141630-0/usr/lib/modules/5.14.0-427.16.1.el9_4.x86_64/initramfs.img differ
diff --git a/416.94.202405140214-0/usr/lib/os-release b/416.94.202405141630-0/usr/lib/os-release
index ac467fb..a97b0f4 100644
--- a/416.94.202405140214-0/usr/lib/os-release
+++ b/416.94.202405141630-0/usr/lib/os-release
@@ -1,12 +1,12 @@
 NAME="Red Hat Enterprise Linux CoreOS"
 ID="rhcos"
 ID_LIKE="rhel fedora"
-VERSION="416.94.202405140214-0"
+VERSION="416.94.202405141630-0"
 VERSION_ID="4.16"
 VARIANT="CoreOS"
 VARIANT_ID=coreos
 PLATFORM_ID="platform:el9"
-PRETTY_NAME="Red Hat Enterprise Linux CoreOS 416.94.202405140214-0"
+PRETTY_NAME="Red Hat Enterprise Linux CoreOS 416.94.202405141630-0"
 ANSI_COLOR="0;31"
 CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos::coreos"
 HOME_URL="https://www.redhat.com/"
@@ -18,4 +18,4 @@ REDHAT_SUPPORT_PRODUCT="OpenShift Container Platform"
 REDHAT_SUPPORT_PRODUCT_VERSION="4.16"
 OPENSHIFT_VERSION="4.16"
 RHEL_VERSION=9.4
-OSTREE_VERSION="416.94.202405140214-0"
+OSTREE_VERSION="416.94.202405141630-0"
diff --git a/416.94.202405140214-0/usr/lib/os-release.rhel b/416.94.202405141630-0/usr/lib/os-release.rhel
index c631281..d24345c 100644
--- a/416.94.202405140214-0/usr/lib/os-release.rhel
+++ b/416.94.202405141630-0/usr/lib/os-release.rhel
@@ -1,10 +1,10 @@
-NAME="Red Hat Enterprise Linux"
+NAME="Red Hat Enterprise Linux CoreOS"
 VERSION="9.4 (Plow)"
 ID="rhel"
 ID_LIKE="fedora"
 VERSION_ID="9.4"
 PLATFORM_ID="platform:el9"
-PRETTY_NAME="Red Hat Enterprise Linux 9.4 (Plow)"
+PRETTY_NAME="Red Hat Enterprise Linux CoreOS 9.4 (Plow)"
 ANSI_COLOR="0;31"
 LOGO="fedora-logo-icon"
 CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos"
@@ -15,3 +15,5 @@ REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 9"
 REDHAT_BUGZILLA_PRODUCT_VERSION=9.4
 REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
 REDHAT_SUPPORT_PRODUCT_VERSION="9.4"
+VARIANT=CoreOS
+VARIANT_ID=coreos
diff --git a/416.94.202405140214-0/usr/lib/python3.9/site-packages/pkg_resources/_vendor/__pycache__/__init__.cpython-39.pyc b/416.94.202405141630-0/usr/lib/python3.9/site-packages/pkg_resources/_vendor/__pycache__/__init__.cpython-39.pyc
index 79ca821..2817c63 100644
Binary files a/416.94.202405140214-0/usr/lib/python3.9/site-packages/pkg_resources/_vendor/__pycache__/__init__.cpython-39.pyc and b/416.94.202405141630-0/usr/lib/python3.9/site-packages/pkg_resources/_vendor/__pycache__/__init__.cpython-39.pyc differ
diff --git a/416.94.202405140214-0/usr/lib/python3.9/site-packages/sepolgen/__pycache__/__init__.cpython-39.pyc b/416.94.202405141630-0/usr/lib/python3.9/site-packages/sepolgen/__pycache__/__init__.cpython-39.pyc
index 401c88d..7e0c612 100644
Binary files a/416.94.202405140214-0/usr/lib/python3.9/site-packages/sepolgen/__pycache__/__init__.cpython-39.pyc and b/416.94.202405141630-0/usr/lib/python3.9/site-packages/sepolgen/__pycache__/__init__.cpython-39.pyc differ
diff --git a/416.94.202405140214-0/usr/lib/sysimage/rpm-ostree-base-db/rpmdb.sqlite b/416.94.202405141630-0/usr/lib/sysimage/rpm-ostree-base-db/rpmdb.sqlite
index 86138ef..19b7a8c 100644
Binary files a/416.94.202405140214-0/usr/lib/sysimage/rpm-ostree-base-db/rpmdb.sqlite and b/416.94.202405141630-0/usr/lib/sysimage/rpm-ostree-base-db/rpmdb.sqlite differ
diff --git a/416.94.202405140214-0/usr/lib64/python3.9/__pycache__/gettext.cpython-39.pyc b/416.94.202405141630-0/usr/lib64/python3.9/__pycache__/gettext.cpython-39.pyc
index d98c139..bea7d75 100644
Binary files a/416.94.202405140214-0/usr/lib64/python3.9/__pycache__/gettext.cpython-39.pyc and b/416.94.202405141630-0/usr/lib64/python3.9/__pycache__/gettext.cpython-39.pyc differ
diff --git a/416.94.202405140214-0/usr/lib64/python3.9/__pycache__/hashlib.cpython-39.pyc b/416.94.202405141630-0/usr/lib64/python3.9/__pycache__/hashlib.cpython-39.pyc
index 3f878db..75cf573 100644
Binary files a/416.94.202405140214-0/usr/lib64/python3.9/__pycache__/hashlib.cpython-39.pyc and b/416.94.202405141630-0/usr/lib64/python3.9/__pycache__/hashlib.cpython-39.pyc differ
diff --git a/416.94.202405140214-0/usr/lib64/python3.9/__pycache__/socket.cpython-39.pyc b/416.94.202405141630-0/usr/lib64/python3.9/__pycache__/socket.cpython-39.pyc
index 7932334..aae98e8 100644
Binary files a/416.94.202405140214-0/usr/lib64/python3.9/__pycache__/socket.cpython-39.pyc and b/416.94.202405141630-0/usr/lib64/python3.9/__pycache__/socket.cpython-39.pyc differ
diff --git a/416.94.202405140214-0/usr/lib64/python3.9/__pycache__/typing.cpython-39.pyc b/416.94.202405141630-0/usr/lib64/python3.9/__pycache__/typing.cpython-39.pyc
index e03dcb6..8c0434b 100644
Binary files a/416.94.202405140214-0/usr/lib64/python3.9/__pycache__/typing.cpython-39.pyc and b/416.94.202405141630-0/usr/lib64/python3.9/__pycache__/typing.cpython-39.pyc differ
diff --git a/416.94.202405140214-0/usr/lib64/python3.9/__pycache__/zipfile.cpython-39.pyc b/416.94.202405141630-0/usr/lib64/python3.9/__pycache__/zipfile.cpython-39.pyc
index bf08024..d4df94c 100644
Binary files a/416.94.202405140214-0/usr/lib64/python3.9/__pycache__/zipfile.cpython-39.pyc and b/416.94.202405141630-0/usr/lib64/python3.9/__pycache__/zipfile.cpython-39.pyc differ
diff --git a/416.94.202405140214-0/usr/lib64/python3.9/urllib/__pycache__/__init__.cpython-39.pyc b/416.94.202405141630-0/usr/lib64/python3.9/urllib/__pycache__/__init__.cpython-39.pyc
index 3e3e59e..4772afa 100644
Binary files a/416.94.202405140214-0/usr/lib64/python3.9/urllib/__pycache__/__init__.cpython-39.pyc and b/416.94.202405141630-0/usr/lib64/python3.9/urllib/__pycache__/__init__.cpython-39.pyc differ
diff --git a/416.94.202405140214-0/usr/share/crypto-policies/python/cryptopolicies/__pycache__/cryptopolicies.cpython-39.pyc b/416.94.202405141630-0/usr/share/crypto-policies/python/cryptopolicies/__pycache__/cryptopolicies.cpython-39.pyc
index b3a2c4c..497833e 100644
Binary files a/416.94.202405140214-0/usr/share/crypto-policies/python/cryptopolicies/__pycache__/cryptopolicies.cpython-39.pyc and b/416.94.202405141630-0/usr/share/crypto-policies/python/cryptopolicies/__pycache__/cryptopolicies.cpython-39.pyc differ
diff --git a/416.94.202405140214-0/usr/share/crypto-policies/python/policygenerators/__pycache__/gnutls.cpython-39.pyc b/416.94.202405141630-0/usr/share/crypto-policies/python/policygenerators/__pycache__/gnutls.cpython-39.pyc
index 0fa61d5..3f40ad5 100644
Binary files a/416.94.202405140214-0/usr/share/crypto-policies/python/policygenerators/__pycache__/gnutls.cpython-39.pyc and b/416.94.202405141630-0/usr/share/crypto-policies/python/policygenerators/__pycache__/gnutls.cpython-39.pyc differ
diff --git a/416.94.202405140214-0/usr/share/crypto-policies/python/policygenerators/__pycache__/java.cpython-39.pyc b/416.94.202405141630-0/usr/share/crypto-policies/python/policygenerators/__pycache__/java.cpython-39.pyc
index 6d16826..61342b7 100644
Binary files a/416.94.202405140214-0/usr/share/crypto-policies/python/policygenerators/__pycache__/java.cpython-39.pyc and b/416.94.202405141630-0/usr/share/crypto-policies/python/policygenerators/__pycache__/java.cpython-39.pyc differ
diff --git a/416.94.202405140214-0/usr/share/crypto-policies/python/policygenerators/__pycache__/openssh.cpython-39.pyc b/416.94.202405141630-0/usr/share/crypto-policies/python/policygenerators/__pycache__/openssh.cpython-39.pyc
index 45475e8..bc0cc43 100644
Binary files a/416.94.202405140214-0/usr/share/crypto-policies/python/policygenerators/__pycache__/openssh.cpython-39.pyc and b/416.94.202405141630-0/usr/share/crypto-policies/python/policygenerators/__pycache__/openssh.cpython-39.pyc differ
diff --git a/416.94.202405140214-0/usr/share/crypto-policies/python/policygenerators/__pycache__/openssl.cpython-39.pyc b/416.94.202405141630-0/usr/share/crypto-policies/python/policygenerators/__pycache__/openssl.cpython-39.pyc
index 4d9b018..d2756de 100644
Binary files a/416.94.202405140214-0/usr/share/crypto-policies/python/policygenerators/__pycache__/openssl.cpython-39.pyc and b/416.94.202405141630-0/usr/share/crypto-policies/python/policygenerators/__pycache__/openssl.cpython-39.pyc differ
diff --git a/416.94.202405140214-0/usr/share/rpm/rpmdb.sqlite b/416.94.202405141630-0/usr/share/rpm/rpmdb.sqlite
index 86138ef..19b7a8c 100644
Binary files a/416.94.202405140214-0/usr/share/rpm/rpmdb.sqlite and b/416.94.202405141630-0/usr/share/rpm/rpmdb.sqlite differ
diff --git a/416.94.202405140214-0/usr/share/rpm-ostree/treefile.json b/416.94.202405141630-0/usr/share/rpm-ostree/treefile.json
index 786c381..a512b0e 100644
--- a/416.94.202405140214-0/usr/share/rpm-ostree/treefile.json
+++ b/416.94.202405141630-0/usr/share/rpm-ostree/treefile.json
@@ -153,7 +153,7 @@
   "basearch": "x86_64",
   "rojig": {
     "name": "rhcos",
-    "summary": "OpenShift 4",
+    "summary": "OpenShift 4.16",
     "license": "MIT",
     "description": null
   },
@@ -227,6 +227,7 @@
     "#!/bin/bash\nset -xeuo pipefail\n# Transforms /usr/lib/ostree-boot into a bootupd-compatible update payload\n/usr/bin/bootupctl backend generate-update-metadata\n",
     "#!/usr/bin/env bash\nset -xeuo pipefail\nrm -rf /etc/systemd/system/*\nsystemctl preset-all\nrm -rf /etc/systemd/user/*\nsystemctl --user --global preset-all\n",
     "#!/usr/bin/env bash\nsystemctl mask systemd-repart.service\n",
+    "#!/usr/bin/bash\nset -euo pipefail\ncat >> /usr/lib/os-release <<EOF\nVARIANT=CoreOS\nVARIANT_ID=coreos\nEOF\n\n# And put \"CoreOS\" in NAME and PRETTY_NAME\nsed -i -e 's/^NAME=\"\\(.*\\)\"/NAME=\"\\1 CoreOS\"/' /usr/lib/os-release\n. /usr/lib/os-release\nsed -i -e \"s/^PRETTY_NAME=.*/PRETTY_NAME=\\\"$NAME $VERSION\\\"/\" /usr/lib/os-release\n",
     "#!/usr/bin/env bash\nset -xeo pipefail\nif [ \"$(uname -m)\" == \"x86_64\" ]; then\n  cat > /etc/vmware-tools/tools.conf <<'EOF'\n[guestosinfo]\nshort-name = rhel8-64\nEOF\nfi\n",
     "#!/usr/bin/env bash\nset -xeo pipefail\nif [ \"$(uname -m)\" == \"s390x\" ]; then\n  chmod -R g-w /usr/etc/zkey\nfi\n",
     "#!/usr/bin/env bash\nset -xeo pipefail\nrm -rf /etc/rc.d/init.d/network /etc/rc.d/rc*.d/*network\n\n# We're not using resolved yet\nrm -f /usr/lib/systemd/system/systemd-resolved.service\n",
@@ -235,7 +236,7 @@
     "#!/usr/bin/env bash\nset -xeo pipefail\n\n# FIXME: Why is this only broken here?  NM isn't removing the link?\nsed -i '/etc.resolv/d' /usr/lib/tmpfiles.d/etc.conf\n",
     "#!/usr/bin/env bash\nset -xeuo pipefail\n# Enable tmp-on-tmpfs by default because we don't want to have things leak\n# across reboots, it increases alignment with FCOS, and also fixes the\n# Live ISO. First, verify that RHEL is still disabling.\ngrep -q '# RHEL-only: Disable /tmp on tmpfs' /usr/lib/systemd/system/basic.target\necho '# RHCOS-only: we follow the Fedora/upstream default' >> /usr/lib/systemd/system/basic.target\necho 'Wants=tmp.mount' >> /usr/lib/systemd/system/basic.target\n",
     "#!/usr/bin/env bash\nset -xeo pipefail\n# See https://issues.redhat.com/browse/LOG-3117\n# Something changed between rhel8 and rhel9 to not generate this by default\n# but we have containers that expect it to be mounted so for now let's continue\n# generating it.\nln -sr /usr/share/zoneinfo/UTC /etc/localtime\n",
-    "#!/usr/bin/env bash\nset -xeo pipefail\n\n# Tweak /usr/lib/os-release\ngrep -v -e \"OSTREE_VERSION\" -e \"OPENSHIFT_VERSION\" /etc/os-release > /usr/lib/os-release.rhel\n(\n. /etc/os-release\ncat > /usr/lib/os-release <<EOF\nNAME=\"${NAME} CoreOS\"\nID=\"rhcos\"\nID_LIKE=\"rhel fedora\"\nVERSION=\"${OSTREE_VERSION}\"\nVERSION_ID=\"${OPENSHIFT_VERSION}\"\nVARIANT=\"CoreOS\"\nVARIANT_ID=coreos\nPLATFORM_ID=\"${PLATFORM_ID}\"\nPRETTY_NAME=\"${NAME} CoreOS ${OSTREE_VERSION}\"\nANSI_COLOR=\"${ANSI_COLOR}\"\nCPE_NAME=\"${CPE_NAME}::coreos\"\nHOME_URL=\"${HOME_URL}\"\nDOCUMENTATION_URL=\"https://docs.okd.io/latest/welcome/index.html\"\nBUG_REPORT_URL=\"https://access.redhat.com/labs/rhir/\"\nREDHAT_BUGZILLA_PRODUCT=\"OpenShift Container Platform\"\nREDHAT_BUGZILLA_PRODUCT_VERSION=\"${OPENSHIFT_VERSION}\"\nREDHAT_SUPPORT_PRODUCT=\"OpenShift Container Platform\"\nREDHAT_SUPPORT_PRODUCT_VERSION=\"${OPENSHIFT_VERSION}\"\nOPENSHIFT_VERSION=\"${OPENSHIFT_VERSION}\"\nRHEL_VERSION=9.4\nOSTREE_VERSION=\"${OSTREE_VERSION}\"\nEOF\n)\nrm -f /etc/os-release\nln -s ../usr/lib/os-release /etc/os-release\n\n# Tweak /etc/system-release, /etc/system-release-cpe & /etc/redhat-release\n(\n. /etc/os-release\ncat > /usr/lib/system-release-cpe <<EOF\n${CPE_NAME}\nEOF\ncat > /usr/lib/system-release <<EOF\n${NAME} release ${VERSION_ID}\nEOF\nrm -f /etc/system-release-cpe /etc/system-release /etc/redhat-release\nln -s /usr/lib/system-release-cpe /etc/system-release-cpe\nln -s /usr/lib/system-release /etc/system-release\nln -s /usr/lib/system-release /etc/redhat-release\n)\n\n# Tweak /usr/lib/issue\ncat > /usr/lib/issue <<EOF\n\\S \\S{VERSION_ID}\nEOF\nrm -f /etc/issue /etc/issue.net\nln -s /usr/lib/issue /etc/issue\nln -s /usr/lib/issue /etc/issue.net\n"
+    "#!/usr/bin/env bash\nset -xeo pipefail\n\n# Tweak /usr/lib/os-release\ngrep -v -e \"OSTREE_VERSION\" -e \"OPENSHIFT_VERSION\" /etc/os-release > /usr/lib/os-release.rhel\n(\n. /etc/os-release\ncat > /usr/lib/os-release <<EOF\nNAME=\"${NAME}\"\nID=\"rhcos\"\nID_LIKE=\"rhel fedora\"\nVERSION=\"${OSTREE_VERSION}\"\nVERSION_ID=\"${OPENSHIFT_VERSION}\"\nVARIANT=\"${VARIANT}\"\nVARIANT_ID=${VARIANT_ID}\nPLATFORM_ID=\"${PLATFORM_ID}\"\nPRETTY_NAME=\"${NAME} ${OSTREE_VERSION}\"\nANSI_COLOR=\"${ANSI_COLOR}\"\nCPE_NAME=\"${CPE_NAME}::coreos\"\nHOME_URL=\"${HOME_URL}\"\nDOCUMENTATION_URL=\"https://docs.okd.io/latest/welcome/index.html\"\nBUG_REPORT_URL=\"https://access.redhat.com/labs/rhir/\"\nREDHAT_BUGZILLA_PRODUCT=\"OpenShift Container Platform\"\nREDHAT_BUGZILLA_PRODUCT_VERSION=\"${OPENSHIFT_VERSION}\"\nREDHAT_SUPPORT_PRODUCT=\"OpenShift Container Platform\"\nREDHAT_SUPPORT_PRODUCT_VERSION=\"${OPENSHIFT_VERSION}\"\nOPENSHIFT_VERSION=\"${OPENSHIFT_VERSION}\"\nRHEL_VERSION=9.4\nOSTREE_VERSION=\"${OSTREE_VERSION}\"\nEOF\n)\nrm -f /etc/os-release\nln -s ../usr/lib/os-release /etc/os-release\n\n# Tweak /etc/system-release, /etc/system-release-cpe & /etc/redhat-release\n(\n. /etc/os-release\ncat > /usr/lib/system-release-cpe <<EOF\n${CPE_NAME}\nEOF\ncat > /usr/lib/system-release <<EOF\n${NAME} release ${VERSION_ID}\nEOF\nrm -f /etc/system-release-cpe /etc/system-release /etc/redhat-release\nln -s /usr/lib/system-release-cpe /etc/system-release-cpe\nln -s /usr/lib/system-release /etc/system-release\nln -s /usr/lib/system-release /etc/redhat-release\n)\n\n# Tweak /usr/lib/issue\ncat > /usr/lib/issue <<EOF\n\\S \\S{VERSION_ID}\nEOF\nrm -f /etc/issue /etc/issue.net\nln -s /usr/lib/issue /etc/issue\nln -s /usr/lib/issue /etc/issue.net\n"
   ],
   "remove-files": [
     "usr/share/info",

So one obvious thing we notice here totally unrelated to this is that we're currently baking some NVMe-related UUID things that should probably instead be generated on first boot. Something to look into. But otherwise, the only noteworthy difference is that the os-release.rhel backup we do now includes some CoreOS stuff because of the order in which we now run postprocess scripts.

@jlebon
Copy link
Member Author

jlebon commented May 21, 2024

Now waiting on #1511 (which is waiting on openshift/release#52325).

@jlebon
Copy link
Member Author

jlebon commented May 21, 2024

/refresh

To make introducing the base RHCOS/SCOS images safer, let's create two
new variants: `okd-c9s` and `ocp-rhel-9.4`. These variants are cloned
from the existing `c9s` and `rhel-9.4` variants to start.

The new variants will track the status quo: building SCOS/RHCOS with the
OpenShift components baked in (hence the `okd`/`ocp` prefixes). This is
what the pipeline will keep building.

Meanwhile, what is currently the `c9s` and rhel-9.4` variants will
become the new base SCOS/RHCOS streams containing *purely* CentOS
Stream/RHEL content.

The default variant is still `ocp-rhel-9.4` for now.
@jlebon jlebon force-pushed the pr/c9s-split branch 2 times, most recently from 3aad6fe to 05ab4e8 Compare May 24, 2024 17:48
This is the second step now in this switcheroo dance (see previous
commit). We make the `c9s` and `rhel-9.4` variants contain only C9S/
RHEL 9.4 content and then make the `okd-c9s` and `ocp-rhel-9.4` variants
inherit from those and add the OCP-specific stuff.
This Containerfile allows us to build the OpenShift node image on top
of the base RHCOS/SCOS image (i.e. built from the `c9s` or `rhel-9.4`
image).

Currently, the resulting image is at parity with the base image you'd
get from building the `okd-c9s` or `ocp-rhel-9.4` variant. In the
future, those variants will go away and this will become the only way to
build the node image.

Part of: openshift#799
@@ -3,108 +3,29 @@
rojig:
license: MIT
name: rhcos
summary: OpenShift 4
summary: RHEL CoreOS 9.4
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Red Hat Enterprise Linux CoreOS 9.4

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can stay as is as I don't think that's used anywhere.

@travier
Copy link
Member

travier commented May 28, 2024

Only have one note:

  • We will have to remove all the extensions for the non OCP variants.

@travier
Copy link
Member

travier commented May 28, 2024

So one obvious thing we notice here totally unrelated to this is that we're currently baking some NVMe-related UUID things that should probably instead be generated on first boot.

I though that this had been fixed already. This is weird but it's not due to this change so let's not hold it.

/lgtm
/hold

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 28, 2024
@travier
Copy link
Member

travier commented May 28, 2024

Feel free to unhold when you think it's ready to go / when we've completed the 4.16 branching.

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label May 28, 2024
Copy link
Contributor

openshift-ci bot commented May 28, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cgwalters, jlebon, travier

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [cgwalters,jlebon,travier]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jlebon
Copy link
Member Author

jlebon commented May 29, 2024

Thanks for the review!
/hold cancel

@openshift-ci openshift-ci bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 29, 2024
@travier
Copy link
Member

travier commented May 29, 2024

I've filed #1519

Copy link
Contributor

openshift-ci bot commented May 29, 2024

@jlebon: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@openshift-merge-bot openshift-merge-bot bot merged commit f6cad58 into openshift:master May 29, 2024
7 checks passed
jlebon added a commit to jlebon/fedora-coreos-config that referenced this pull request Jun 18, 2024
A big part of the new variants added in
openshift/os#1445 is that we only minimally
modify `/etc/os-release`. This means that e.g. `ID` is still `rhel` and
`VERSION_ID` is e.g. `9.4` for the `rhel-9.4` variant. We do still
inject `VARIANT` and `VARIANT_ID` though.

Adapt these library functions here to handle this.
jlebon added a commit to coreos/fedora-coreos-config that referenced this pull request Jun 19, 2024
A big part of the new variants added in
openshift/os#1445 is that we only minimally
modify `/etc/os-release`. This means that e.g. `ID` is still `rhel` and
`VERSION_ID` is e.g. `9.4` for the `rhel-9.4` variant. We do still
inject `VARIANT` and `VARIANT_ID` though.

Adapt these library functions here to handle this.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants