Skip to content

Compose and Repo Sync for Rocky Linux and Peridot

This SOP covers how the Rocky Linux Release Engineering Team handles composes and repository syncs for the distribution. It contains information of the scripts that are utilized and in what order, depending on the use case.

Contact Information

Owner Release Engineering Team
Email Contact releng@rockylinux.org
Email Contact infrastructure@rockylinux.org
Mattermost Contacts @label @mustafa @neil @tgo
Mattermost Channels ~Development

There are several git repositories used in the overall composition of a repository or a set of repositories.

Pungi - This repository contains all the necessary pungi configuration files that peridot translates into its own configuration. Pungi is no longer used for Rocky Linux.

Comps - This repository contains all the necessary comps (which are groups and other data) for a given major version. Peridot (and pungi) use this information to properly build repositories.

Toolkit - This repository contains various scripts and utilities used by Release Engineering, such as syncing composes, functionality testing, and mirror maintenance.

Composing Repositories

Mount Structure

There is a designated system that takes care of composing repositories. These systems contain the necessary EFS/NFS mounts for the staging and production repositories as well as composes.

  • /mnt/compose -> Compose data
  • /mnt/repos-staging -> Staging
  • /mnt/repos-production -> Production

Empanadas

Each repository or set of repositories are controlled by various comps and pungi configurations that are translated into peridot. Empanadas is used to run a reposync from peridot's yumrepofs repositories, generate ISO's, and create a pungi compose look-a-like. Because of this, the comps and pungi-rocky configuration is not referenced with empanadas.

Running a Compose

First, the toolkit must be cloned. In the iso/empanadas directory, run poetry install. You'll then have access to the various commands needed:

  • sync-from-peridot
  • build-iso
  • build-iso-extra
  • pull-unpack-tree
  • pull-cloud-image
  • finalize-compose

Full Compose

To perform a full compose, this order is expected (replacing X with major version or config profile)

# This creates a brand new directory under /mnt/compose/X and symlinks it to latest-Rocky-X
poertry run sync-from-peridot --release X --hashed --repoclosure --full-run

# On each architecture, this must be ran to generate the lorax images
# !! Use --rc if the image is a release candidate or a beta image
# Note: This is typically done using kubernetes and uploaded to a bucket
poetry run build-iso --release X --isolation=None

# The images are pulled from the bucket
poetry run pull-unpack-tree --release X

# The extra ISO's (usually just DVD) are generated
# !! Use --rc if the image is a release candidate or a beta image
# !! Set --extra-iso-mode to mock if desired
# !! If there is more than the dvd, remove --extra-iso dvd
poetry run build-iso-extra --release X --extra-iso dvd --extra-iso-mode podman

# This pulls the generic and EC2 cloud images
poetry run pull-cloud-image --release X

# This ensures everything is closed out for a release. This copies iso's, images,
# generates metadata, and the like.
# !! DO NOT RUN DURING INCREMENTAL UPDATES !!
poetry run finalize-compose --release X

Incremental Compose

It is possible to simply compose singular repos if you know which ones you want to sync. This can be done when it's not for a brand new release.

# Set your repos as desired. --arch is also acceptable.
# --ignore-debug and --ignore-source are also acceptable options.
poetry run sync-from-peridot --release X --hashed --clean-old-packages --repo X,Y,Z

Syncing Composes

Syncing utilizes the sync scripts provided in the release engineering toolkit.

When the scripts are being ran, they are usually ran with a specific purpose, as each major version may be different.

The below are common vars files. common_X will override what's in common. Typically these set what repositories exist and how they are named or look at the top level. These also set the current major.minor release as necessary.

.
├── common
├── common_8
├── common_9

These are for the releases in general. What they do is noted below.

├── gen-torrents.sh                  -> Generates torrents for images
├── minor-release-sync-to-staging.sh -> Syncs a minor release to staging
├── prep-staging-X.sh                -> Preps staging updates and signs repos (only for 8)
├── sign-repos-only.sh               -> Signs the repomd (only for 8)
├── sync-file-list-parallel.sh       -> Generates file lists in parallel for mirror sync scripts
├── sync-to-prod.sh                  -> Syncs staging to production
├── sync-to-prod.delete.sh           -> Syncs staging to production (deletes artifacts that are no longer in staging)
├── sync-to-prod-sig.sh              -> Syncs a sig provided compose to production
├── sync-to-staging.sh               -> Syncs a provided compose to staging
├── sync-to-staging.delete.sh        -> Syncs a provided compose to staging (deletes artifacts that are no longer in the compose)
├── sync-to-staging-sig.sh           -> Syncs a sig provided compose to staging

Generally, you will only run sync-to-staging.sh or sync-to-staging.delete.sh to sync. The former is for older releases, the latter is for newer releases. Optionally, if you are syncing a "beta" or "lookahead" release, you will need to also provide the RLREL variable as beta or lookahead.

# The below syncs to staging for Rocky Linux 8
RLVER=8 bash sync-to-staging.sh Rocky
# The below syncs to staging for Rocky Linux 9
RLVER=9 bash sync-to-staging.delete.sh Rocky

Once the syncs are done, staging must be tested and vetted before being sent to production. Once staging is completed, it is synced to production.

# Set X to whatever release
RLVER=X bash sync-to-prod.delete.sh
bash sync-file-list-parallel.sh
# Sends data to the vault and masks repodata
RLVER=X bash vault-release-no-repodata.sh

During this phase, staging is rsynced with production, the file list is updated, and the full time list is also updated to allow mirrors to know that the repositories have been updated and that they can sync.

Note: If multiple releases are being updated, it is important to run the syncs to completion before running the file list parallel script.