manifests: Add initial c10s based variants

See: openshift#1466

README.md

@@ -15,8 +15,8 @@ supported:
 
 - `rhel-9.4`: RHEL 9.4-based CoreOS; without OpenShift components.
 - `ocp-rhel-9.4`: RHEL 9.4-based CoreOS; including OpenShift components.
-- `c9s`: CentOS Stream-based CoreOS, without OKD components.
-- `okd-c9s`: CentOS Stream-based CoreOS, including OpenShift components. This
+- `c9s`/`c10s`: CentOS Stream-based CoreOS, without OKD components.
+- `okd-c9s`/`okd-c10s`: CentOS Stream-based CoreOS, including OpenShift components. This
   currently includes some packages from RHEL because not all packages required
   by OpenShift are provided in CentOS Stream.
 

c10s.repo

@@ -0,0 +1,63 @@
+[c10s-baseos]
+name=CentOS Stream 10 - BaseOS
+baseurl=https://composes.stream.centos.org/stream-10/production/latest-CentOS-Stream/compose/BaseOS/$basearch/os
+gpgcheck=1
+repo_gpgcheck=0
+enabled=1
+gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
+
+[c10s-appstream]
+name=CentOS Stream 10 - AppStream
+baseurl=https://composes.stream.centos.org/stream-10/production/latest-CentOS-Stream/compose/AppStream/$basearch/os
+gpgcheck=1
+repo_gpgcheck=0
+enabled=1
+gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
+
+# [c10s-extras-common]
+# name=CentOS Stream 10 - Extras packages
+# baseurl=https://mirror.stream.centos.org/SIGs/10-stream/extras/$basearch/extras-common
+# gpgcheck=1
+# repo_gpgcheck=0
+# enabled=1
+# gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-SIG-Extras-SHA512
+
+[c10s-nfv]
+name=CentOS Stream 10 - NFV
+baseurl=https://composes.stream.centos.org/stream-10/production/latest-CentOS-Stream/compose/NFV/$basearch/os
+gpgcheck=1
+repo_gpgcheck=0
+enabled=1
+gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
+
+[c10s-rt]
+name=CentOS Stream 10 - RT
+baseurl=https://composes.stream.centos.org/stream-10/production/latest-CentOS-Stream/compose/RT/$basearch/os
+gpgcheck=1
+repo_gpgcheck=0
+enabled=1
+gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
+
+# [c10s-sig-nfv]
+# name=CentOS Stream 10 - SIG NFV
+# baseurl=https://mirror.stream.centos.org/SIGs/10-stream/nfv/$basearch/openvswitch-2/
+# gpgcheck=1
+# repo_gpgcheck=0
+# enabled=1
+# gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-SIG-NFV
+
+# [c10s-sig-virtualization]
+# name=CentOS Stream 10 - SIG Virtualization
+# baseurl=https://mirror.stream.centos.org/SIGs/10-stream/virt/$basearch/kata-containers/
+# gpgcheck=1
+# repo_gpgcheck=0
+# enabled=1
+# gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-SIG-Virtualization
+
+# [c10s-sig-cloud-okd]
+# name=CentOS Stream 10 - SIG Cloud OKD 4.15
+# baseurl=https://mirror.stream.centos.org/SIGs/10-stream/cloud/$basearch/okd-4.15/
+# gpgcheck=1
+# repo_gpgcheck=0
+# enabled=1
+# gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-SIG-Cloud

extensions-c10s.yaml

@@ -0,0 +1,85 @@
+# RPMs as operating system extensions, distinct from the base ostree commit/image
+# https://github.com/openshift/enhancements/blob/master/enhancements/rhcos/extensions.md
+# and https://github.com/coreos/fedora-coreos-tracker/issues/401
+
+# repos:
+#   - sig-virtualization
+
+extensions:
+  # https://issues.redhat.com/browse/RFE-4177
+  # wasm:
+  #   architectures:
+  #     - x86_64
+  #     - aarch64
+  #   repos:
+  #     - appstream
+  #   packages:
+  #     - crun-wasm
+  # https://github.com/coreos/fedora-coreos-tracker/issues/1504
+  ipsec:
+    packages:
+      - libreswan
+      - NetworkManager-libreswan
+  # https://github.com/coreos/fedora-coreos-tracker/issues/326
+  usbguard:
+    packages:
+      - usbguard
+  kerberos:
+    packages:
+      - krb5-workstation
+      - libkadm5
+  # https://github.com/kmods-via-containers/kmods-via-containers/issues/3
+  # https://gitlab.cee.redhat.com/coreos/redhat-coreos/merge_requests/866
+  # These are currently overlaid onto the host so that they can be bind-mounted
+  # into build containers... in the future they should be a `development`
+  # extension: https://github.com/openshift/machine-config-operator/pull/2143.
+  kernel-devel:
+    packages:
+      - kernel-devel
+      - kernel-headers
+    match-base-evr: kernel
+  # These are already in the base, so they're not OS extensions, but they're
+  # useful to have in RPM form to install in kmod build containers.
+  kernel:
+    kind: development
+    packages:
+      - kernel
+      - kernel-core
+      - kernel-modules
+      - kernel-modules-extra
+    match-base-evr: kernel
+  # GRPA-2822
+  # https://github.com/openshift/machine-config-operator/pull/1330
+  # https://github.com/openshift/enhancements/blob/master/enhancements/support-for-realtime-kernel.md
+  kernel-rt:
+    architectures:
+      - x86_64
+    repos:
+      - c10s-nfv
+    packages:
+      - kernel-rt-core
+      - kernel-rt-kvm
+      - kernel-rt-modules
+      - kernel-rt-modules-extra
+      - kernel-rt-devel
+    match-base-evr: kernel
+  # https://github.com/openshift/machine-config-operator/pull/2456
+  # https://github.com/openshift/enhancements/blob/master/enhancements/sandboxed-containers/sandboxed-containers-tech-preview.md
+  # GRPA-3123
+  # - kata-containers
+  # sandboxed-containers:
+  #   architectures:
+  #     - x86_64
+  #   repos:
+  #     - sig-virtualization10
+  #   packages:
+  #     - kata-containers
+  # https://issues.redhat.com/browse/COS-2402
+  kernel-64k:
+    architectures:
+      - aarch64
+    packages:
+      - kernel-64k-core
+      - kernel-64k-modules
+      - kernel-64k-modules-core
+      - kernel-64k-modules-extra

extensions-okd-c10s.yaml

@@ -0,0 +1 @@
+extensions-c10s.yaml

image-c10s.yaml

@@ -0,0 +1 @@
+image-rhel-9.4.yaml

image-okd-c10s.yaml

@@ -0,0 +1 @@
+image-c10s.yaml

manifest-c10s.yaml

@@ -0,0 +1,28 @@
+# Manifest for CentOS Stream CoreOS 10
+
+rojig:
+  license: MIT
+  name: scos
+  summary: CentOS Stream CoreOS 10
+
+variables:
+  osversion: "c10s"
+
+# Include manifests common to all RHEL and CentOS Stream versions
+include:
+  - common.yaml
+  # - fedora-coreos-config/manifests/shared-el10.yaml
+
+repos:
+  - c10s-baseos
+  - c10s-appstream
+
+# Eventually we should try to build these images as part of the c9s composes.
+# In that case, the versioning should instead be exactly the same as the pungi
+# compose ID.
+automatic-version-prefix: "10.<date:%Y%m%d%H%M>"
+
+mutate-os-release: "10"
+
+packages:
+ - centos-stream-release

manifest-okd-c10s.yaml

@@ -0,0 +1,116 @@
+# Manifest for OKD node based on CentOS Stream CoreOS 1à
+# Note: this manifest is temporary; in the future, OKD components will be layered instead.
+
+rojig:
+  license: MIT
+  name: scos
+  summary: OKD 4.17
+
+variables:
+  osversion: "c10s"
+
+include:
+  - manifest-c10s.yaml
+  - packages-openshift.yaml
+
+# Additional repos we need for OKD components
+repos:
+  # For containernetworking-plugins for cri-o
+  - rhel-9.4-appstream
+  # CentOS Extras Common repo for SIG RPM GPG keys
+  # - c10s-extras-common
+  # CentOS NFV SIG repo for openvswitch
+  # - c10s-sig-nfv
+  # For openvswitch
+  - rhel-9.4-fast-datapath
+  # CentOS Cloud SIG repo for cri-o, cri-tools and conmon-rs
+  # - c10s-sig-cloud-okd
+  # Include RHCOS 9 repo for oc, hyperkube
+  - rhel-9.4-server-ose-4.17
+
+# We include hours/minutes to avoid version number reuse
+automatic-version-prefix: "417.10.<date:%Y%m%d%H%M>"
+# This ensures we're semver-compatible which OpenShift wants
+automatic-version-suffix: "-"
+# Keep this is sync with the version in postprocess
+mutate-os-release: "4.17"
+
+postprocess:
+  - |
+     #!/usr/bin/env bash
+     set -xeo pipefail
+
+     # Tweak /usr/lib/os-release
+     grep -v -e "OSTREE_VERSION" -e "OPENSHIFT_VERSION" /etc/os-release > /usr/lib/os-release.stream
+     (
+     . /etc/os-release
+     cat > /usr/lib/os-release <<EOF
+     NAME="${NAME}"
+     ID="scos"
+     ID_LIKE="rhel fedora"
+     VERSION="${OSTREE_VERSION}"
+     VERSION_ID="${OPENSHIFT_VERSION}"
+     VARIANT="${VARIANT}"
+     VARIANT_ID=${VARIANT_ID}
+     PLATFORM_ID="${PLATFORM_ID}"
+     PRETTY_NAME="${NAME} ${OSTREE_VERSION}"
+     ANSI_COLOR="${ANSI_COLOR}"
+     CPE_NAME="${CPE_NAME}::coreos"
+     HOME_URL="${HOME_URL}"
+     DOCUMENTATION_URL="https://docs.okd.io/latest/welcome/index.html"
+     BUG_REPORT_URL="https://access.redhat.com/labs/rhir/"
+     REDHAT_BUGZILLA_PRODUCT="OpenShift Container Platform"
+     REDHAT_BUGZILLA_PRODUCT_VERSION="${OPENSHIFT_VERSION}"
+     REDHAT_SUPPORT_PRODUCT="OpenShift Container Platform"
+     REDHAT_SUPPORT_PRODUCT_VERSION="${OPENSHIFT_VERSION}"
+     OPENSHIFT_VERSION="${OPENSHIFT_VERSION}"
+     OSTREE_VERSION="${OSTREE_VERSION}"
+     EOF
+     )
+     rm -f /etc/os-release
+     ln -s ../usr/lib/os-release /etc/os-release
+
+     # Tweak /etc/system-release, /etc/system-release-cpe & /etc/redhat-release
+     (
+     . /etc/os-release
+     cat > /usr/lib/system-release-cpe <<EOF
+     ${CPE_NAME}
+     EOF
+     cat > /usr/lib/system-release <<EOF
+     ${NAME} release ${VERSION_ID}
+     EOF
+     rm -f /etc/system-release-cpe /etc/system-release /etc/redhat-release
+     ln -s /usr/lib/system-release-cpe /etc/system-release-cpe
+     ln -s /usr/lib/system-release /etc/system-release
+     ln -s /usr/lib/system-release /etc/redhat-release
+     )
+
+     # Tweak /usr/lib/issue
+     cat > /usr/lib/issue <<EOF
+     \S \S{VERSION_ID}
+     EOF
+     rm -f /etc/issue /etc/issue.net
+     ln -s /usr/lib/issue /etc/issue
+     ln -s /usr/lib/issue /etc/issue.net
+
+packages:
+ # RPM GPG keys for CentOS SIG repos
+ # - centos-release-cloud-common
+ # - centos-release-nfv-common
+ # - centos-release-virt-common
+
+# Packages pinned to specific repos in SCOS 9
+repo-packages:
+  # We always want the kernel from BaseOS
+  - repo: c10s-baseos
+    packages:
+      - kernel
+  - repo: c10s-appstream
+    packages:
+      # We want the one shipping in C9S, not the equivalently versioned one in RHAOS
+      - nss-altfiles
+      # Use the new containers/toolbox
+      - toolbox
+      # The one shipping in C9S is temporarily lower versioned, so be explicit
+      # https://github.com/openshift/os/issues/1505
+      # - containers-common