mirror of
https://git.resf.org/sig_core/wiki.git
synced 2024-12-22 19:28:29 +00:00
1 line
66 KiB
JSON
1 line
66 KiB
JSON
{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"SIG/Core Wiki","text":""},{"location":"#about","title":"About","text":"<p>The Rocky Linux Core Special Interest Group (SIG/Core) dedicates themselves to the development, building, management, production, and release of Rocky Linux for the Enterprise Linux community and the many users around the world. This group is a mixture of core Rocky Linux developers and infrastructure and the members of this group are also members of other groups within the Rocky Linux community (such as SIG/AltArch) as well as the Enterprise Linux community as a whole.</p>"},{"location":"#mission","title":"Mission","text":"<p>SIG/Core strives to ensure a stable distribution is developed, built, tested, and provided to the community from the RESF as a compatible derivative of Red Hat Enterprise Linux. To achieve this goal, some of the things we do are:</p> <ul> <li>Ensuring a quality and fully compatible release product</li> <li>Developing and iterating on the build systems and architecture</li> <li>Developing all code in the open</li> <li>Setting the technical direction for the build system architecture</li> <li>Release of beta and final products to the end users and mirrors</li> <li>Release of timely updates to the end users and mirrors</li> </ul> <p>See the What We Do page for a more detailed explanation of our activities.</p>"},{"location":"#getting-in-touch-contributing","title":"Getting In Touch / Contributing","text":"<p>There are various ways to get in touch with SIG/Core and provide help, assistance, or even just ideas that can benefit us or the entire community.</p> <ul> <li> <p>Chat</p> <ul> <li>Mattermost: ~development on Mattermost</li> <li>IRC: #rockylinux and #rockylinux-devel on libera.chat</li> <li>Matrix: Rocky Linux General / Support and Rocky Linux Development</li> </ul> </li> <li> <p>RESF SIG/Core Issue Tracker</p> </li> <li>Mail List</li> </ul> <p>For a list of our members, see the Members page.</p>"},{"location":"#resources-and-rocky-linux-policies","title":"Resources and Rocky Linux Policies","text":"<ul> <li>RESF Git Service</li> <li>Rocky Linux GitHub</li> <li>Rocky Linux GitLab</li> <li>Rocky Linux Image Guide</li> <li>Rocky Linux Repository Guide</li> <li>Rocky Linux Release Version Guide/Policy</li> </ul>"},{"location":"members/","title":"Members","text":"<p>SIG/Core is a mix of Release Engineering and Infrastructure members to ensure a high quality release of Rocky Linux as well as the uptime of the services provided to the community. The current members of this group are listed in the table below.</p> <p>| Role | Name | Email | Mattermost Name | IRC Name | |---------------------------------------------------|---------------------------------|------------------------ |-------------------|--------------------| | Identity Management & Release Engineering Co-Lead | Louis Abel | label@rockylinux.org | @nazunalika | Sokel/label/Sombra | | Release Engineering Co-Lead | Mustafa Gezen | mustafa@rockylinux.org | @mustafa | mstg | | Release Engineering and Development | Skip Grube | skip@rockylinux.org | @skip77 | | | Release Engineering and Development | Sherif Nagy | sherif@rockylinux.org | @sherif | | | Release Engineering and Development | Pablo Greco | pgreco@rockylinux.org | @pgreco | pgreco | | Infrastructure Lead | Neil Hanlon | neil@resf.org | @neil | neil | | Infrastructure Lead | Taylor Goodwill | tg@resf.org | @tgo | tg |</p>"},{"location":"documentation/","title":"Composing Releases","text":"<p>This section goes over at a high level how we compose releases for Rocky Linux. As most of our tools are home grown, we have made sure that the tools are open source and in our git services.</p> <p>This page should serve as an idea of the steps we generally take and we hope that other projects out there who wish to also use our tools can make sure they can use them in this same way, whether they want to be an Enterprise Linux derivative or another project entirely.</p>"},{"location":"documentation/#build-system-and-tools","title":"Build System and Tools","text":"<p>The tools in use for the distribution are in the table below.</p> Tool Maintainer Code Location srpmproc SIG/Core at RESF GitHub empanadas SIG/Core at RESF sig-core-toolkit Peridot SIG/Core at RESF GitHub MirrorManager 2 Fedora Project MirrorManager2 <p>For Rocky Linux to be build, we use <code>Peridot</code> as the build system and <code>empanadas</code> to \"compose\" the distribution. As we do not use Koji for Rocky Linux beyond version 9, pungi can no longer be used. Peridot instead takes pungi configuration data and comps and transforms them into a format it can understand. Empanadas then comes in to do the \"compose\" and sync all the repositories down.</p>"},{"location":"documentation/#full-compose-major-or-minor-releases","title":"Full Compose (major or minor releases)","text":"<p>Step by step, it looks like this:</p> <ul> <li>Distribution is built and maintained in Peridot</li> <li>Comps and pungi configuration is converted into the peridot format for the project</li> <li>Repositories are created in yumrepofs based on the configuration provided</li> <li>A repoclosure is ran against the repositories from empanadas to ensure there are no critical issues</li> <li> <p>In Parallel:</p> <ul> <li>Repositories are synced as a \"full run\" in empanadas</li> <li>Lorax is ran using empanadas in the peridot cluster</li> </ul> </li> <li> <p>Lorax results are pulled down from an S3 bucket</p> </li> <li>DVD images are built for each architecture</li> <li>Compose directory is synced to staging for verification</li> <li>Staging is synced to production to allow mirror syncing</li> <li>Bit flip on release day</li> </ul>"},{"location":"documentation/#general-updates","title":"General Updates","text":"<p>Step by step, it looks like this:</p> <ul> <li>Distribution is maintained in Peridot</li> <li>Updates are built, repos are then \"hashed\" in yumrepofs</li> <li>Empanadas syncs updates as needed, either per repo or all repos at once</li> <li>Updates are synced to staging to be verified</li> <li>Staging is synced to production to allow mirror syncing</li> </ul> Resources Account ServicesGit (RESF Git Service)Git (Rocky Linux GitHub)Git (Rocky Linux GitLab)Mail ListsContacts <p>URL: https://accounts.rockylinux.org</p> <p>Purpose: Account Services maintains the accounts for almost all components of the Rocky ecosystem</p> <p>Technology: Noggin used by Fedora Infrastructure</p> <p>Contact: <code>~Infrastructure</code> in Mattermost and <code>#rockylinux-infra</code> in Libera IRC</p> <p>URL: https://git.resf.org</p> <p>Purpose: General projects, code, and so on for the Rocky Enterprise Software Foundation.</p> <p>Technology: Gitea</p> <p>Contact: <code>~Infrastructure</code>, <code>~Development</code> in Mattermost and <code>#rockylinux-infra</code>, <code>#rockylinux-devel</code> in Libera IRC</p> <p>URL: https://github.com/rocky-linux</p> <p>Purpose: General purpose code, assets, and so on for Rocky Linux. Some content is mirrored to the RESF Git Service.</p> <p>Technology: GitHub</p> <p>Contact: <code>~Infrastructure</code>, <code>~Development</code> in Mattermost and <code>#rockylinux-infra</code>, <code>#rockylinux-devel</code> in Libera IRC</p> <p>URL: https://git.rockylinux.org</p> <p>Purpose: Packages and light code for the Rocky Linux distribution</p> <p>Technology: GitLab</p> <p>Contact: <code>~Infrastructure</code>, <code>~Development</code> in Mattermost and <code>#rockylinux-infra</code>, <code>#rockylinux-devel</code> in Libera IRC</p> <p>URL: https://lists.resf.org</p> <p>Purpose: Users can subscribe and interact with various mail lists for the Rocky ecosystem</p> <p>Technology: Mailman 3 + Hyper Kitty</p> <p>Contact: <code>~Infrastructure</code> in Mattermost and <code>#rockylinux-infra</code> in Libera IRC</p> Name Email Mattermost Name IRC Name Louis Abel label@rockylinux.org @nazunalika Sokel/label/Sombra Mustafa Gezen mustafa@rockylinux.org @mustafa mstg Skip Grube skip@rockylinux.org @skip77 Sherif Nagy sherif@rockylinux.org @sherif Pablo Greco pgreco@rockylinux.org @pgreco pgreco Neil Hanlon neil@resf.org @neil neil Taylor Goodwill tg@resf.org @tgo tg"},{"location":"documentation/empanadas/","title":"Empanadas","text":"<p>This page goes over <code>empanadas</code>, which is part of the SIG/Core toolkit. Empanadas assists SIG/Core is composing repositories, creating ISO's, creating images, and various other activities in Rocky Linux. It is also used for general testing and debugging of repositories and its metadata.</p>"},{"location":"documentation/empanadas/#contact-information","title":"Contact Information","text":"Owner SIG/Core (Release Engineering & Infrastructure) Email Contact releng@rockylinux.org Mattermost Contacts <code>@label</code> <code>@neil</code> Mattermost Channels <code>~Development</code>"},{"location":"documentation/empanadas/#general-information","title":"General Information","text":"<p><code>empanadas</code> is a python project using poetry, containing various built-in modules with the goal to try to emulate the Fedora Project's pungi to an extent. While it is not perfect, it achieves the very basic goals of creating repositories, images and ISO's for consumption by the end user. It also has interactions with peridot, the build system used by the RESF to build the Rocky Linux distribution.</p> <p>For performing syncs, it relies on the use of podman to perform syncing in a parallel fashion. This was done because it is not possible to run multiple dnf transactions at once on a single system and looping one repository at a time is not sustainable (nor fast).</p>"},{"location":"documentation/empanadas/#requirements","title":"Requirements","text":"<ul> <li>Poetry must be installed on the system</li> <li>Podman must be installed on the system</li> <li><code>fpart</code> must be installed on the system (available in EPEL on EL systems)</li> <li>Enough storage should be available if repositories are being synced</li> <li><code>mock</code> must be installed if building live images</li> <li>System must be an Enterprise Linux system or Fedora with the <code>%rhel</code> macro set</li> </ul>"},{"location":"documentation/empanadas/#features","title":"Features","text":"<p>As of this writing, <code>empanadas</code> has the following abilities:</p> <ul> <li>Repository syncing via dnf from a peridot instance or applicable repos</li> <li>Per profile dnf repoclosure checking for all applicable repos</li> <li>Per profile dnf repoclosure checking for peridot instance repositories</li> <li>Basic ISO Building via <code>lorax</code></li> <li>Extra ISO Building via <code>xorriso</code> for DVD and minimal images</li> <li>Live ISO Building using <code>livemedia-creator</code> and <code>mock</code></li> <li>Anaconda treeinfo builder</li> <li>Cloud Image builder</li> </ul>"},{"location":"documentation/empanadas/#installing-empanadas","title":"Installing Empanadas","text":"<p>The below is how to install empanadas from the development branch on a Fedora system.</p> <pre><code>% dnf install git podman fpart poetry mock -y\n% git clone https://git.resf.org/sig_core/toolkit.git -b devel\n% cd toolkit/iso/empanadas\n% poetry install\n</code></pre>"},{"location":"documentation/empanadas/#configuring-empanadas","title":"Configuring Empanadas","text":"<p>Depending on how you are using empanadas will depend on how your configurations will be setup.</p> <ul> <li><code>empanadas/common.py</code></li> <li><code>empanadas/config/*.yaml</code></li> <li><code>empanadas/sig/*.yaml</code></li> </ul> <p>These configuration files are delicate and can control a wide variety of the moving parts of empanadas. As these configurations are fairly massive, we recommend checking the reference guides for deeper details into configuring for base distribution or \"SIG\" content.</p>"},{"location":"documentation/empanadas/#using-empanadas","title":"Using Empanadas","text":"<p>The most common way to use empanadas is to sync repositories from a peridot instance. This is performed upon each release or on each set of updates as they come from upstream. Below lists how to use <code>empanadas</code>, as well as the common options.</p> <p>Note that for each of these commands, it is fully expected you are running <code>poetry run</code> in the root of empanadas.</p> Resources Account ServicesGit (RESF Git Service)Git (Rocky Linux GitHub)Git (Rocky Linux GitLab)Mail ListsContacts <p>URL: https://accounts.rockylinux.org</p> <p>Purpose: Account Services maintains the accounts for almost all components of the Rocky ecosystem</p> <p>Technology: Noggin used by Fedora Infrastructure</p> <p>Contact: <code>~Infrastructure</code> in Mattermost and <code>#rockylinux-infra</code> in Libera IRC</p> <p>URL: https://git.resf.org</p> <p>Purpose: General projects, code, and so on for the Rocky Enterprise Software Foundation.</p> <p>Technology: Gitea</p> <p>Contact: <code>~Infrastructure</code>, <code>~Development</code> in Mattermost and <code>#rockylinux-infra</code>, <code>#rockylinux-devel</code> in Libera IRC</p> <p>URL: https://github.com/rocky-linux</p> <p>Purpose: General purpose code, assets, and so on for Rocky Linux. Some content is mirrored to the RESF Git Service.</p> <p>Technology: GitHub</p> <p>Contact: <code>~Infrastructure</code>, <code>~Development</code> in Mattermost and <code>#rockylinux-infra</code>, <code>#rockylinux-devel</code> in Libera IRC</p> <p>URL: https://git.rockylinux.org</p> <p>Purpose: Packages and light code for the Rocky Linux distribution</p> <p>Technology: GitLab</p> <p>Contact: <code>~Infrastructure</code>, <code>~Development</code> in Mattermost and <code>#rockylinux-infra</code>, <code>#rockylinux-devel</code> in Libera IRC</p> <p>URL: https://lists.resf.org</p> <p>Purpose: Users can subscribe and interact with various mail lists for the Rocky ecosystem</p> <p>Technology: Mailman 3 + Hyper Kitty</p> <p>Contact: <code>~Infrastructure</code> in Mattermost and <code>#rockylinux-infra</code> in Libera IRC</p> Name Email Mattermost Name IRC Name Louis Abel label@rockylinux.org @nazunalika Sokel/label/Sombra Mustafa Gezen mustafa@rockylinux.org @mustafa mstg Skip Grube skip@rockylinux.org @skip77 Sherif Nagy sherif@rockylinux.org @sherif Pablo Greco pgreco@rockylinux.org @pgreco pgreco Neil Hanlon neil@resf.org @neil neil Taylor Goodwill tg@resf.org @tgo tg"},{"location":"documentation/peridot/","title":"Peridot Build System","text":"<p>This page goes over the Peridot Build System and how SIG/Core utilizes it.</p> <p>More to come.</p>"},{"location":"documentation/rebuild/","title":"Rebuild Version Bump","text":"<p>In some cases, a package has to be rebuilt. A package may be rebuilt for these reasons:</p> <ul> <li>Underlying libraries have been rebased</li> <li>ABI changes that require a rebuild (mass rebuilds, though they are rare)</li> <li>New architecture added to a project</li> </ul> <p>This typically applies to packages being built from a given <code>src</code> subgroup. Packages pulled from upstream don't fall into this category in normal circumstances. In those cases, they receive <code>.0.1</code> and so on as standalone rebuilds.</p>"},{"location":"documentation/compose/","title":"Composing Releases","text":"<p>This section goes over the process of composing a release.</p>"},{"location":"documentation/references/","title":"References","text":"<p>Use this section to locate reference configuration items for the toolkit.</p>"},{"location":"documentation/references/empanadas_common/","title":"Empanadas common.py Configuration","text":"<p>The <code>common.py</code> configuration contains dictionaries and classes that dictate most of the functionality of empanadas.</p>"},{"location":"documentation/references/empanadas_common/#config-items","title":"Config Items","text":"<p>type: Dictionary</p>"},{"location":"documentation/references/empanadas_common/#configrlmacro","title":"config.rlmacro","text":"<p>type: String</p> <p>required: True</p> <p>description: Empanadas expects to run on an EL system. This is part of the general check up. It should not be hardcoded and use the rpm python module.</p>"},{"location":"documentation/references/empanadas_common/#configdist","title":"config.dist","text":"<p>type: String</p> <p>required: False</p> <p>description: Was the original tag placed in mock configs. This combines <code>el</code> with the rpm python module expansion. This is no longer required. The option is still available for future use.</p>"},{"location":"documentation/references/empanadas_common/#configarch","title":"config.arch","text":"<p>type: String</p> <p>required: True</p> <p>description: The architecture of the current running system. This is checked against the supported architectures in general release configurations. This should not be hardcoded.</p>"},{"location":"documentation/references/empanadas_common/#configdate_stamp","title":"config.date_stamp","text":"<p>type: String</p> <p>required: True</p> <p>description: Date time stamp in the form of YYYYMMDD.HHMMSS. This should not be hardcoded.</p>"},{"location":"documentation/references/empanadas_common/#configcompose_root","title":"config.compose_root","text":"<p>type: String</p> <p>required: True</p> <p>description: Root path of composes on the system running empanadas.</p>"},{"location":"documentation/references/empanadas_common/#configstaging_root","title":"config.staging_root","text":"<p>type: String</p> <p>required: False</p> <p>description: For future use. Root path of staging repository location where content will be synced to.</p>"},{"location":"documentation/references/empanadas_common/#configproduction_root","title":"config.production_root","text":"<p>type: String</p> <p>required: False</p> <p>description: For future use. Root path of production repository location where content will be synced to from staging.</p>"},{"location":"documentation/references/empanadas_common/#configcategory_stub","title":"config.category_stub","text":"<p>type: String</p> <p>required: True</p> <p>description: For future use. Stub path that is appended to <code>staging_root</code> and <code>production_root</code>.</p> <p>example: <code>mirror/pub/rocky</code></p>"},{"location":"documentation/references/empanadas_common/#configsig_category_stub","title":"config.sig_category_stub","text":"<p>type: String</p> <p>required: True</p> <p>description: For future use. Stub path that is appended to <code>staging_root</code> and <code>production_root</code> for SIG content.</p> <p>example: <code>mirror/pub/sig</code></p>"},{"location":"documentation/references/empanadas_common/#configrepo_base_url","title":"config.repo_base_url","text":"<p>type: String</p> <p>required: True</p> <p>description: URL to the base url's where the repositories live. This is typically to a peridot instance. This is supplemented by the configuration <code>project_id</code> parameter.</p> <p>Note that this does not have to be a peridot instance. The combination of this value and <code>project_id</code> can be sufficient enough for empanadas to perform its work.</p>"},{"location":"documentation/references/empanadas_common/#configmock_work_root","title":"config.mock_work_root","text":"<p>type: String</p> <p>required: True</p> <p>description: Hardcoded path to where ISO work is performed within a mock chroot. This is the default path created by mock and it is recommended not to change this.</p> <p>example: <code>/builddir</code></p>"},{"location":"documentation/references/empanadas_common/#configcontainer","title":"config.container","text":"<p>type: String</p> <p>required: True</p> <p>description: This is the container used to perform all operations in podman.</p> <p>example: <code>centos:stream9</code></p>"},{"location":"documentation/references/empanadas_common/#configdistname","title":"config.distname","text":"<p>type: String</p> <p>required: True</p> <p>description: Name of the distribution you are building or building for.</p> <p>example: <code>Rocky Linux</code></p>"},{"location":"documentation/references/empanadas_common/#configshortname","title":"config.shortname","text":"<p>type: String</p> <p>required: True</p> <p>description: Short name of the distribution you are building or building for.</p> <p>example: <code>Rocky</code></p>"},{"location":"documentation/references/empanadas_common/#configtranslators","title":"config.translators","text":"<p>type: Dictionary</p> <p>required: True</p> <p>description: Translates Linux architectures to golang architectures. Reserved for future use.</p>"},{"location":"documentation/references/empanadas_common/#configaws_region","title":"config.aws_region","text":"<p>type: String</p> <p>required: False</p> <p>description: Region you are working in with AWS or onprem cloud that supports this variable.</p> <p>example: <code>us-east-2</code></p>"},{"location":"documentation/references/empanadas_common/#configbucket","title":"config.bucket","text":"<p>type: String</p> <p>required: False</p> <p>description: Name of the S3-compatible bucket that is used to pull images from. Requires <code>aws_region</code>.</p>"},{"location":"documentation/references/empanadas_common/#configbucket_url","title":"config.bucket_url","text":"<p>type: String</p> <p>required: False</p> <p>description: URL of the S3-compatible bucket that is used to pull images from.</p>"},{"location":"documentation/references/empanadas_common/#allowed_type_variants-items","title":"allowed_type_variants items","text":"<p>type: Dictionary</p> <p>description: Key value pairs of cloud or image variants. The value is either <code>None</code> or a list type.</p>"},{"location":"documentation/references/empanadas_common/#reference-example","title":"Reference Example","text":"<pre><code>config = {\n \"rlmacro\": rpm.expandMacro('%rhel'),\n \"dist\": 'el' + rpm.expandMacro('%rhel'),\n \"arch\": platform.machine(),\n \"date_stamp\": time.strftime(\"%Y%m%d.%H%M%S\", time.localtime()),\n \"compose_root\": \"/mnt/compose\",\n \"staging_root\": \"/mnt/repos-staging\",\n \"production_root\": \"/mnt/repos-production\",\n \"category_stub\": \"mirror/pub/rocky\",\n \"sig_category_stub\": \"mirror/pub/sig\",\n \"repo_base_url\": \"https://yumrepofs.build.resf.org/v1/projects\",\n \"mock_work_root\": \"/builddir\",\n \"container\": \"centos:stream9\",\n \"distname\": \"Rocky Linux\",\n \"shortname\": \"Rocky\",\n \"translators\": {\n \"x86_64\": \"amd64\",\n \"aarch64\": \"arm64\",\n \"ppc64le\": \"ppc64le\",\n \"s390x\": \"s390x\",\n \"i686\": \"386\"\n },\n \"aws_region\": \"us-east-2\",\n \"bucket\": \"resf-empanadas\",\n \"bucket_url\": \"https://resf-empanadas.s3.us-east-2.amazonaws.com\"\n}\n\nALLOWED_TYPE_VARIANTS = {\n \"Azure\": None,\n \"Container\": [\"Base\", \"Minimal\", \"UBI\"],\n \"EC2\": None,\n \"GenericCloud\": None,\n \"Vagrant\": [\"Libvirt\", \"Vbox\"],\n \"OCP\": None\n\n}\n</code></pre>"},{"location":"documentation/references/empanadas_config/","title":"Empanadas config yaml Configuration","text":"<p>Each file in <code>empanads/config/</code> is a yaml file that contains configuration items for the distribution release version. The configuration can heavily dictate the functionality and what features are directly supported by empanadas when ran.</p> <p>See the items below to see which options are mandatory and optional.</p>"},{"location":"documentation/references/empanadas_config/#config-items","title":"Config Items","text":""},{"location":"documentation/references/empanadas_config/#top-level","title":"Top Level","text":"<p>The Top Level is the name of the profile and starts the YAML dictionary for the release. It is alphanumeric and accepts punctuation within reason. Common examples:</p> <ul> <li><code>9</code></li> <li><code>9-beta</code></li> <li><code>8-lookahead</code></li> </ul>"},{"location":"documentation/references/empanadas_config/#fullname","title":"fullname","text":"<p>type: String</p> <p>required: True</p> <p>description: Needed for treeinfo and discinfo generation.</p>"},{"location":"documentation/references/empanadas_config/#revision","title":"revision","text":"<p>type: String</p> <p>required: True</p> <p>description: Full version of a release</p>"},{"location":"documentation/references/empanadas_config/#rclvl","title":"rclvl","text":"<p>type: String</p> <p>required: True</p> <p>description: Release Candidate or Beta descriptor. Sets names and versions with this descriptor if enabled.</p>"},{"location":"documentation/references/empanadas_config/#major","title":"major","text":"<p>type: String</p> <p>required: True</p> <p>description: Major version of a release</p>"},{"location":"documentation/references/empanadas_config/#minor","title":"minor","text":"<p>type: String</p> <p>required: True</p> <p>description: Minor version of a release</p>"},{"location":"documentation/references/empanadas_config/#profile","title":"profile","text":"<p>type: String</p> <p>required: True</p> <p>description: Matches the top level of the release. This should not differ from the top level assignment.</p>"},{"location":"documentation/references/empanadas_config/#disttag","title":"disttag","text":"<p>type: String</p> <p>required: True</p> <p>description: Sets the dist tag for mock configs.</p>"},{"location":"documentation/references/empanadas_config/#bugurl","title":"bugurl","text":"<p>type: String</p> <p>required: True</p> <p>description: A URL to the bug tracker for this release or distribution.</p>"},{"location":"documentation/references/empanadas_config/#checksum","title":"checksum","text":"<p>type: String</p> <p>required: True</p> <p>description: Checksum type. Used when generating checksum information for images.</p>"},{"location":"documentation/references/empanadas_config/#fedora_major","title":"fedora_major","text":"<p>type: String</p> <p>required: False</p> <p>description: For future use with icicle.</p>"},{"location":"documentation/references/empanadas_config/#allowed_arches","title":"allowed_arches","text":"<p>type: list</p> <p>required: True</p> <p>description: List of supported architectures for this release.</p>"},{"location":"documentation/references/empanadas_config/#provide_multilib","title":"provide_multilib","text":"<p>type: boolean</p> <p>required: True</p> <p>description: Sets if architecture x86_64 will be multilib. It is recommended that this is set to <code>True</code>.</p>"},{"location":"documentation/references/empanadas_config/#project_id","title":"project_id","text":"<p>type: String</p> <p>required: True</p> <p>description: Appended to the base repo URL in common.py. For peridot, it is the project id that is generated for the project you are pulling from. It can be set to anything else if need be for non-peridot use.</p>"},{"location":"documentation/references/empanadas_config/#repo_symlinks","title":"repo_symlinks","text":"<p>type: dict</p> <p>required: False</p> <p>description: For future use. Sets symlinks to repositories for backwards compatibility. Key value pairs only.</p>"},{"location":"documentation/references/empanadas_config/#renames","title":"renames","text":"<p>type: dict</p> <p>required: False</p> <p>description: Renames a repository to the value set. For example, renaming <code>all</code> to <code>devel</code>. Set to <code>{}</code> if no renames are goign to occur.</p>"},{"location":"documentation/references/empanadas_config/#all_repos","title":"all_repos","text":"<p>type: list</p> <p>required: True</p> <p>description: List of repositories that will be synced/managed by empanadas.</p>"},{"location":"documentation/references/empanadas_config/#structure","title":"structure","text":"<p>type: dict</p> <p>required: True</p> <p>description: Key value pairs of <code>packages</code> and <code>repodata</code>. These are appended appropriately during syncing and ISO actions. Setting these are mandatory.</p>"},{"location":"documentation/references/empanadas_config/#iso_map","title":"iso_map","text":"<p>type: dictionary</p> <p>required: True if building ISO's and operating with lorax.</p> <p>description: Controls how lorax and extra ISO's are built.</p> <p>If are you not building images, set to <code>{}</code></p>"},{"location":"documentation/references/empanadas_config/#xorrisofs","title":"xorrisofs","text":"<p>type: boolean</p> <p>required: True</p> <p>description: Dictates of xorrisofs is used to build images. Setting to false uses genisoimage. It is recommended that xorrisofs is used.</p>"},{"location":"documentation/references/empanadas_config/#iso_level","title":"iso_level","text":"<p>type: boolean</p> <p>required: True</p> <p>description: Set to false if you are using xorrisofs. Can be set to true when using genisoimage.</p>"},{"location":"documentation/references/empanadas_config/#images","title":"images","text":"<p>type: dict</p> <p>required: True</p> <p>description: Dictates the ISO images that will be made or the treeinfo that will be generated.</p> <p>Note: The primary repository (for example, BaseOS) will need to be listed to ensure the treeinfo data is correctly generated. <code>disc</code> should be set to <code>False</code> and <code>isoskip</code> should be set to <code>True</code>. See the example section for an example.</p>"},{"location":"documentation/references/empanadas_config/#namedisc","title":"name.disc","text":"<p>type: boolean</p> <p>required: True</p> <p>description: This tells the iso builder if this will be a generated ISO.</p>"},{"location":"documentation/references/empanadas_config/#nameisoskip","title":"name.isoskip","text":"<p>type: boolean</p> <p>required: False</p> <p>description: This tells the iso builder if this will be skipped, even if <code>disc</code> is set to <code>True</code>. Default is <code>False</code>.</p>"},{"location":"documentation/references/empanadas_config/#namevariant","title":"name.variant","text":"<p>type: string</p> <p>required: True</p> <p>description: Names the primary variant repository for the image. This is set in .treeinfo.</p>"},{"location":"documentation/references/empanadas_config/#namerepos","title":"name.repos","text":"<p>type: list</p> <p>required: True</p> <p>description: Names of the repositories included in the image. This is added to .treeinfo.</p>"},{"location":"documentation/references/empanadas_config/#namevolname","title":"name.volname","text":"<p>type: string</p> <p>required: True</p> <p>required value: <code>dvd</code></p> <p>description: This is required if building more than the DVD image. By default, the the name <code>dvd</code> is harcoded in the buildImage template.</p>"},{"location":"documentation/references/empanadas_config/#lorax","title":"lorax","text":"<p>type: dict</p> <p>required: True if building lorax images.</p> <p>description: Sets up lorax images and which repositories to use when building lorax images.</p>"},{"location":"documentation/references/empanadas_config/#loraxrepos","title":"lorax.repos","text":"<p>type: list</p> <p>required: True</p> <p>description: List of repos that are used to pull packages to build the lorax images.</p>"},{"location":"documentation/references/empanadas_config/#loraxvariant","title":"lorax.variant","text":"<p>type: string</p> <p>required: True</p> <p>description: Base repository for the release</p>"},{"location":"documentation/references/empanadas_config/#loraxlorax_removes","title":"lorax.lorax_removes","text":"<p>type: list</p> <p>required: False</p> <p>description: Excludes packages that are not needed when lorax is running.</p>"},{"location":"documentation/references/empanadas_config/#loraxrequired_pkgs","title":"lorax.required_pkgs","text":"<p>type: list</p> <p>required: True</p> <p>description: Required list of installed packages needed to build lorax images.</p>"},{"location":"documentation/references/empanadas_config/#livemap","title":"livemap","text":"<p>type: dict</p> <p>required: False</p> <p>description: Dictates what live images are built and how they are built.</p>"},{"location":"documentation/references/empanadas_config/#livemapgit_repo","title":"livemap.git_repo","text":"<p>type: string</p> <p>required: True</p> <p>description: The git repository URL where the kickstarts live</p>"},{"location":"documentation/references/empanadas_config/#livemapbranch","title":"livemap.branch","text":"<p>type: string</p> <p>required: True</p> <p>description: The branch being used for the kickstarts</p>"},{"location":"documentation/references/empanadas_config/#livemapksentry","title":"livemap.ksentry","text":"<p>type: dict</p> <p>required: True</p> <p>description: Key value pairs of the live images being created. Key being the name of the live image, value being the kickstart name/path.</p>"},{"location":"documentation/references/empanadas_config/#livemapallowed_arches","title":"livemap.allowed_arches","text":"<p>type: list</p> <p>required: True</p> <p>description: List of allowed architectures that will build for the live images.</p>"},{"location":"documentation/references/empanadas_config/#livemaprequired_pkgs","title":"livemap.required_pkgs","text":"<p>type: list</p> <p>required: True</p> <p>description: Required list of packages needed to build the live images.</p>"},{"location":"documentation/references/empanadas_config/#cloudimages","title":"cloudimages","text":"<p>type: dict</p> <p>required: False</p> <p>description: Cloud related settings.</p> <p>Set to <code>{}</code> if not needed.</p>"},{"location":"documentation/references/empanadas_config/#cloudimagesimages","title":"cloudimages.images","text":"<p>type: dict</p> <p>required: True</p> <p>description: Cloud images that will be generated and in a bucket to be pulled, and their format.</p>"},{"location":"documentation/references/empanadas_config/#cloudimagesimagesname","title":"cloudimages.images.name","text":"<p>type: dict</p> <p>required: True</p> <p>description: Name of the cloud image being pulled.</p> <p>Accepted key value options:</p> <ul> <li><code>format</code>, which is <code>raw</code>, <code>qcow2</code>, <code>vhd</code>, <code>tar.xz</code></li> <li><code>variants</code>, which is a list</li> <li><code>primary_variant</code>, which symlinks to the \"primary\" variant in the variant list</li> </ul>"},{"location":"documentation/references/empanadas_config/#repoclosure_map","title":"repoclosure_map","text":"<p>type: dict</p> <p>required: True</p> <p>description: Repoclosure settings. These settings are absolutely required when doing full syncs and need to check repositories for consistency.</p>"},{"location":"documentation/references/empanadas_config/#repoclosure_maparches","title":"repoclosure_map.arches","text":"<p>type: dict</p> <p>required: True</p> <p>description: For each architecture (key), dnf switches/settings that dictate how repoclosure will check for consistency (value, string).</p> <p>example: <code>x86_64: '--forcearch=x86_64 --arch=x86_64 --arch=athlon --arch=i686 --arch=i586 --arch=i486 --arch=i386 --arch=noarch'</code></p>"},{"location":"documentation/references/empanadas_config/#repoclosure_maprepos","title":"repoclosure_map.repos","text":"<p>type: dict</p> <p>required: True</p> <p>description: For each repository that is pulled for a given release(key), repositories that will be included in the repoclosure check. A repository that only checks against itself must have a value of <code>[]</code>.</p>"},{"location":"documentation/references/empanadas_config/#extra_files","title":"extra_files","text":"<p>type: dict</p> <p>required: True</p> <p>description: Extra files settings and where they come from. Git repositories are the only supported method.</p>"},{"location":"documentation/references/empanadas_config/#extra_filesgit_repo","title":"extra_files.git_repo","text":"<p>type: string</p> <p>required: True</p> <p>description: URL to the git repository with the extra files.</p>"},{"location":"documentation/references/empanadas_config/#extra_filesgit_raw_path","title":"extra_files.git_raw_path","text":"<p>type: string</p> <p>required: True</p> <p>description: URL to the git repository with the extra files, but the \"raw\" url form.</p> <p>example: <code>git_raw_path: 'https://git.rockylinux.org/staging/src/rocky-release/-/raw/r9/'</code></p>"},{"location":"documentation/references/empanadas_config/#extra_filesbranch","title":"extra_files.branch","text":"<p>type: string</p> <p>required: True</p> <p>description: Branch where the extra files are pulled from.</p>"},{"location":"documentation/references/empanadas_config/#extra_filesgpg","title":"extra_files.gpg","text":"<p>type: dict</p> <p>required: True</p> <p>description: For each gpg key type (key), the relative path to the key in the git repository (value).</p> <p>These keys help set up the repository configuration when doing syncs.</p> <p>By default, the RepoSync class sets <code>stable</code> as the gpgkey that is used.</p>"},{"location":"documentation/references/empanadas_config/#extra_fileslist","title":"extra_files.list","text":"<p>type: list</p> <p>required: True</p> <p>description: List of files from the git repository that will be used as \"extra\" files and placed in the repositories and available to mirrors and will appear on ISO images if applicable.</p>"},{"location":"documentation/references/empanadas_config/#reference-example","title":"Reference Example","text":"<pre><code>---\n'9':\n fullname: 'Rocky Linux 9.0'\n revision: '9.0'\n rclvl: 'RC2'\n major: '9'\n minor: '0'\n profile: '9'\n disttag: 'el9'\n bugurl: 'https://bugs.rockylinux.org'\n checksum: 'sha256'\n fedora_major: '20'\n allowed_arches:\n - x86_64\n - aarch64\n - ppc64le\n - s390x\n provide_multilib: True\n project_id: '55b17281-bc54-4929-8aca-a8a11d628738'\n repo_symlinks:\n NFV: 'nfv'\n renames:\n all: 'devel'\n all_repos:\n - 'all'\n - 'BaseOS'\n - 'AppStream'\n - 'CRB'\n - 'HighAvailability'\n - 'ResilientStorage'\n - 'RT'\n - 'NFV'\n - 'SAP'\n - 'SAPHANA'\n - 'extras'\n - 'plus'\n structure:\n packages: 'os/Packages'\n repodata: 'os/repodata'\n iso_map:\n xorrisofs: True\n iso_level: False\n images:\n dvd:\n disc: True\n variant: 'AppStream'\n repos:\n - 'BaseOS'\n - 'AppStream'\n minimal:\n disc: True\n isoskip: True\n repos:\n - 'minimal'\n - 'BaseOS'\n variant: 'minimal'\n volname: 'dvd'\n BaseOS:\n disc: False\n isoskip: True\n variant: 'BaseOS'\n repos:\n - 'BaseOS'\n - 'AppStream'\n lorax:\n repos:\n - 'BaseOS'\n - 'AppStream'\n variant: 'BaseOS'\n lorax_removes:\n - 'libreport-rhel-anaconda-bugzilla'\n required_pkgs:\n - 'lorax'\n - 'genisoimage'\n - 'isomd5sum'\n - 'lorax-templates-rhel'\n - 'lorax-templates-generic'\n - 'xorriso'\n cloudimages:\n images:\n EC2:\n format: raw\n GenericCloud:\n format: qcow2\n livemap:\n git_repo: 'https://git.resf.org/sig_core/kickstarts.git'\n branch: 'r9'\n ksentry:\n Workstation: rocky-live-workstation.ks\n Workstation-Lite: rocky-live-workstation-lite.ks\n XFCE: rocky-live-xfce.ks\n KDE: rocky-live-kde.ks\n MATE: rocky-live-mate.ks\n allowed_arches:\n - x86_64\n - aarch64\n required_pkgs:\n - 'lorax-lmc-novirt'\n - 'vim-minimal'\n - 'pykickstart'\n - 'git'\n variantmap:\n git_repo: 'https://git.rockylinux.org/rocky/pungi-rocky.git'\n branch: 'r9'\n git_raw_path: 'https://git.rockylinux.org/rocky/pungi-rocky/-/raw/r9/'\n repoclosure_map:\n arches:\n x86_64: '--forcearch=x86_64 --arch=x86_64 --arch=athlon --arch=i686 --arch=i586 --arch=i486 --arch=i386 --arch=noarch'\n aarch64: '--forcearch=aarch64 --arch=aarch64 --arch=noarch'\n ppc64le: '--forcearch=ppc64le --arch=ppc64le --arch=noarch'\n s390x: '--forcearch=s390x --arch=s390x --arch=noarch'\n repos:\n devel: []\n BaseOS: []\n AppStream:\n - BaseOS\n CRB:\n - BaseOS\n - AppStream\n HighAvailability:\n - BaseOS\n - AppStream\n ResilientStorage:\n - BaseOS\n - AppStream\n RT:\n - BaseOS\n - AppStream\n NFV:\n - BaseOS\n - AppStream\n SAP:\n - BaseOS\n - AppStream\n - HighAvailability\n SAPHANA:\n - BaseOS\n - AppStream\n - HighAvailability\n extra_files:\n git_repo: 'https://git.rockylinux.org/staging/src/rocky-release.git'\n git_raw_path: 'https://git.rockylinux.org/staging/src/rocky-release/-/raw/r9/'\n branch: 'r9'\n gpg:\n stable: 'SOURCES/RPM-GPG-KEY-Rocky-9'\n testing: 'SOURCES/RPM-GPG-KEY-Rocky-9-Testing'\n list:\n - 'SOURCES/Contributors'\n - 'SOURCES/COMMUNITY-CHARTER'\n - 'SOURCES/EULA'\n - 'SOURCES/LICENSE'\n - 'SOURCES/RPM-GPG-KEY-Rocky-9'\n - 'SOURCES/RPM-GPG-KEY-Rocky-9-Testing'\n...\n</code></pre>"},{"location":"documentation/references/empanadas_sig_config/","title":"Empanadas SIG yaml Configuration","text":"<p>Each file in <code>empanads/sig/</code> is a yaml file that contains configuration items for the distribution release version. The configuration determines the structure of the SIG repositories synced from Peridot or a given repo.</p> <p>Note that a release profile (for a major version) is still required for this sync to work.</p> <p>See the items below to see which options are mandatory and optional.</p>"},{"location":"documentation/references/empanadas_sig_config/#config-items","title":"Config Items","text":""},{"location":"documentation/references/empanadas_sig_config/#reference-example","title":"Reference Example","text":""},{"location":"include/resources_bottom/","title":"Resources bottom","text":"Resources Account ServicesGit (RESF Git Service)Git (Rocky Linux GitHub)Git (Rocky Linux GitLab)Mail ListsContacts <p>URL: https://accounts.rockylinux.org</p> <p>Purpose: Account Services maintains the accounts for almost all components of the Rocky ecosystem</p> <p>Technology: Noggin used by Fedora Infrastructure</p> <p>Contact: <code>~Infrastructure</code> in Mattermost and <code>#rockylinux-infra</code> in Libera IRC</p> <p>URL: https://git.resf.org</p> <p>Purpose: General projects, code, and so on for the Rocky Enterprise Software Foundation.</p> <p>Technology: Gitea</p> <p>Contact: <code>~Infrastructure</code>, <code>~Development</code> in Mattermost and <code>#rockylinux-infra</code>, <code>#rockylinux-devel</code> in Libera IRC</p> <p>URL: https://github.com/rocky-linux</p> <p>Purpose: General purpose code, assets, and so on for Rocky Linux. Some content is mirrored to the RESF Git Service.</p> <p>Technology: GitHub</p> <p>Contact: <code>~Infrastructure</code>, <code>~Development</code> in Mattermost and <code>#rockylinux-infra</code>, <code>#rockylinux-devel</code> in Libera IRC</p> <p>URL: https://git.rockylinux.org</p> <p>Purpose: Packages and light code for the Rocky Linux distribution</p> <p>Technology: GitLab</p> <p>Contact: <code>~Infrastructure</code>, <code>~Development</code> in Mattermost and <code>#rockylinux-infra</code>, <code>#rockylinux-devel</code> in Libera IRC</p> <p>URL: https://lists.resf.org</p> <p>Purpose: Users can subscribe and interact with various mail lists for the Rocky ecosystem</p> <p>Technology: Mailman 3 + Hyper Kitty</p> <p>Contact: <code>~Infrastructure</code> in Mattermost and <code>#rockylinux-infra</code> in Libera IRC</p> Name Email Mattermost Name IRC Name Louis Abel label@rockylinux.org @nazunalika Sokel/label/Sombra Mustafa Gezen mustafa@rockylinux.org @mustafa mstg Skip Grube skip@rockylinux.org @skip77 Sherif Nagy sherif@rockylinux.org @sherif Pablo Greco pgreco@rockylinux.org @pgreco pgreco Neil Hanlon neil@resf.org @neil neil Taylor Goodwill tg@resf.org @tgo tg"},{"location":"sop/","title":"SOP (Standard Operationg Procedures)","text":"<p>This section goes over the various SOP's for SIG/Core. Please use the menu items to find the various pages of interest.</p> Resources Account ServicesGit (RESF Git Service)Git (Rocky Linux GitHub)Git (Rocky Linux GitLab)Mail ListsContacts <p>URL: https://accounts.rockylinux.org</p> <p>Purpose: Account Services maintains the accounts for almost all components of the Rocky ecosystem</p> <p>Technology: Noggin used by Fedora Infrastructure</p> <p>Contact: <code>~Infrastructure</code> in Mattermost and <code>#rockylinux-infra</code> in Libera IRC</p> <p>URL: https://git.resf.org</p> <p>Purpose: General projects, code, and so on for the Rocky Enterprise Software Foundation.</p> <p>Technology: Gitea</p> <p>Contact: <code>~Infrastructure</code>, <code>~Development</code> in Mattermost and <code>#rockylinux-infra</code>, <code>#rockylinux-devel</code> in Libera IRC</p> <p>URL: https://github.com/rocky-linux</p> <p>Purpose: General purpose code, assets, and so on for Rocky Linux. Some content is mirrored to the RESF Git Service.</p> <p>Technology: GitHub</p> <p>Contact: <code>~Infrastructure</code>, <code>~Development</code> in Mattermost and <code>#rockylinux-infra</code>, <code>#rockylinux-devel</code> in Libera IRC</p> <p>URL: https://git.rockylinux.org</p> <p>Purpose: Packages and light code for the Rocky Linux distribution</p> <p>Technology: GitLab</p> <p>Contact: <code>~Infrastructure</code>, <code>~Development</code> in Mattermost and <code>#rockylinux-infra</code>, <code>#rockylinux-devel</code> in Libera IRC</p> <p>URL: https://lists.resf.org</p> <p>Purpose: Users can subscribe and interact with various mail lists for the Rocky ecosystem</p> <p>Technology: Mailman 3 + Hyper Kitty</p> <p>Contact: <code>~Infrastructure</code> in Mattermost and <code>#rockylinux-infra</code> in Libera IRC</p> Name Email Mattermost Name IRC Name Louis Abel label@rockylinux.org @nazunalika Sokel/label/Sombra Mustafa Gezen mustafa@rockylinux.org @mustafa mstg Skip Grube skip@rockylinux.org @skip77 Sherif Nagy sherif@rockylinux.org @sherif Pablo Greco pgreco@rockylinux.org @pgreco pgreco Neil Hanlon neil@resf.org @neil neil Taylor Goodwill tg@resf.org @tgo tg"},{"location":"sop/sop_mirrormanager2/","title":"Mirror Manager Maintenance","text":"<p>This SOP contains most if not all the information needed for SIG/Core to maintain and operate Mirror Manager for Rocky Linux.</p>"},{"location":"sop/sop_mirrormanager2/#contact-information","title":"Contact Information","text":"Owner SIG/Core (Release Engineering & Infrastructure) Email Contact infrastructure@rockylinux.org Email Contact releng@rockylinux.org Mattermost Contacts <code>@label</code> <code>@neil</code> <code>@tgo</code> Mattermost Channels <code>~Infrastructure</code>"},{"location":"sop/sop_mirrormanager2/#introduction","title":"Introduction","text":"<p>So you made a bad decision and now have to do things to Mirror Manager. Good luck.</p>"},{"location":"sop/sop_mirrormanager2/#pieces","title":"Pieces","text":"Item Runs on... Software Mirrorlist Server mirrormanager001 https://github.com/adrianreber/mirrorlist-server/ Mirror Manager 2 mirrormanager001 https://github.com/fedora-infra/mirrormanager2"},{"location":"sop/sop_mirrormanager2/#mirrorlist-server","title":"Mirrorlist Server","text":"<p>This runs two (2) instances. Apache/httpd is configured to send <code>/mirrorlist</code> to one and <code>/debuglist</code> to the other.</p> <ul> <li> <p>Every fifteen (15) minutes: Mirrorlist cache is regenerated</p> <ul> <li>This queries the database for active mirrors and other information and writes a protobuf. The mirrorlist-server reads the protobuf and responds accordingly.</li> </ul> </li> <li> <p>Every twenty (20) minutes: Service hosting <code>/mirrorlist</code> is restarted</p> </li> <li>Every twenty-one (21) minutes: Service hosting <code>/debuglist</code> is restarted</li> </ul> <p>Note that the timing for the restart of the mirror list instances are arbitrary.</p>"},{"location":"sop/sop_mirrormanager2/#mirror-manager-2","title":"Mirror Manager 2","text":"<p>This is a uwsgi service fronted by an apache/httpd instance. This is responsible for everything else that is not <code>/mirrorlist</code> or <code>/debuglist</code>. This allows the mirror managers to, well, manage their mirrors.</p>"},{"location":"sop/sop_mirrormanager2/#cdn","title":"CDN","text":"<p>Fastly sits in front of mirror manager. VPN is required to access the <code>/admin</code> endpoints.</p> <p>If the backend of the CDN is down, it will attempt to guess what the user wanted to access and spit out a result on the dl.rockylinux.org website. For example, a request for AppStream-8 and x86_64 will result in a <code>AppStream/x86_64/os</code> directory on dl.rockylinux.org. Note that this isn't perfect, but it helps in potential down time or patching.</p> <pre><code>Fastly -> www firewall -> mirrormanager server\n</code></pre> <p>In reality, the flow is a lot more complex, and a diagram should be created to map it out in a more user-friendly manner (@TODO)</p> <pre><code>User -> Fastly -> AWS NLB over TLS, passthru -> www firewall cluster (decrypt TLS) -> mirrormanager server (Rocky CA TLS)\n</code></pre>"},{"location":"sop/sop_mirrormanager2/#tasks","title":"Tasks","text":"<p>Below are a list of possible tasks to take with mirror manager, depending on the scenario.</p>"},{"location":"sop/sop_mirrormanager2/#new-release","title":"New Release","text":"<p>For the following steps, the following must be completed:</p> <ul> <li>Production rsync endpoints should have all brand new content</li> <li>New content root should be locked down to 750 (without this, mirror manager cannot view it)</li> <li> <p>Disable mirrormanager user cronjobs</p> </li> <li> <p>Update the database with the new content. This is run on a schedule normally (see previous section) but can be done manually.</p> <p>a. As the mirror manager user, run the following:</p> </li> </ul> <pre><code>/opt/mirrormanager/scan-primary-mirror-0.4.2/target/debug/scan-primary-mirror --debug --config $HOME/scan-primary-mirror.toml --category 'Rocky Linux'\n/opt/mirrormanager/scan-primary-mirror-0.4.2/target/debug/scan-primary-mirror --debug --config $HOME/scan-primary-mirror.toml --category 'Rocky Linux SIGs'\n</code></pre> <ol> <li> <p>Update the redirects for <code>$reponame-$releasever</code></p> <p>a. Use psql to mirrormanager server: <code>psql -U mirrormanager -W -h mirrormanager_db_host mirrormanager_db</code> b. Confirm that all three columns are filled and that the second and third columns are identical: <code>select rr.from_repo AS \"From Repo\", rr.to_repo AS \"To Repo\", r.prefix AS \"Target Repo\" FROM repository_redirect AS rr LEFT JOIN repository AS r ON rr.to_repo = r.prefix GROUP BY r.prefix, rr.to_repo, rr.from_repo ORDER BY r.prefix ASC;</code> c. Change the <code>majorversion</code> redirects to point to the new point release, for example: <code>update repository_redirect set to_repo = regexp_replace(to_repo, '9\\.0', '9.1') where from_repo ~ '(\\w+)-9';</code></p> </li> <li> <p>Generate the mirrorlist cache and restart the debuglist and verify.</p> </li> </ol> <p>Once the bitflip is initiated, restart mirrorlist and reenable all cronjobs.</p>"},{"location":"sop/sop_mirrormanager2/#out-of-date-mirrors","title":"Out-of-date Mirrors","text":"<ol> <li>Get current shasum of repomd.xml. For example: <code>shasum=$(curl https://dl.rockylinux.org/pub/rocky/9.0/BaseOS/x86_64/os/repodata/repomd.xml | sha256sum)</code></li> <li>Compare against latest propagation log:</li> </ol> <pre><code>tail -latr /var/log/mirrormanager/propagation/rocky-9.0-BaseOS-x86_64_propagation.log.*`\n\nexport VER=9.0\nawk -v shasum=$(curl -s https://dl.rockylinux.org/pub/rocky/$VER/BaseOS/x86_64/os/repodata/repomd.xml | sha256sum | awk '{print $1}') -F'::' '{split($0,data,\":\")} {if ($4 != shasum) {print data[5], data[6], $2, $7}}' < $(find /var/log/mirrormanager/propagation/ -name \"rocky-${VER}-BaseOS-x86_64_propagation.log*\" -mtime -1 | tail -1)'\n</code></pre> <p>This will generate a table. You can take the IDs in the first column and use the database to disable them by ID (table name: hosts) or go to https://mirrors.rockylinux.org/mirrormanager/host/ID and uncheck 'User active'.</p> <p>Users can change user active, but they cannot change admin active. It is better to flip user active in this case.</p> <p>Admins can also view https://mirrors.rockylinux.org/mirrormanager/admin/all_sites if necessary.</p> <p>Example of table columns:</p> <pre><code>[mirrormanager@ord1-prod-mirrormanager001 propagation]$ awk -v shasum=$(curl -s https://dl.rockylinux.org/pub/rocky/9.0/BaseOS/x86_64/os/repodata/repomd.xml | sha256sum | awk '{print $1}') -F'::' '{split($0,data,\":\")} {if ($4 != shasum) {print data[5], data[6], $2, $7}}' < rocky-9.0-BaseOS-x86_64_propagation.log.1660611632 | column -t\n164 mirror.host.ag http://mirror.host.ag/rocky/9.0/BaseOS/x86_64/os/repodata/repomd.xml 404\n173 rocky.centos-repo.net http://rocky.centos-repo.net/9.0/BaseOS/x86_64/os/repodata/repomd.xml 403\n92 rocky.mirror.co.ge http://rocky.mirror.co.ge/9.0/BaseOS/x86_64/os/repodata/repomd.xml 404\n289 mirror.vsys.host http://mirror.vsys.host/rockylinux/9.0/BaseOS/x86_64/os/repodata/repomd.xml 404\n269 mirrors.rackbud.com http://mirrors.rackbud.com/rocky/9.0/BaseOS/x86_64/os/repodata/repomd.xml 200\n295 mirror.ps.kz http://mirror.ps.kz/rocky/9.0/BaseOS/x86_64/os/repodata/repomd.xml 200\n114 mirror.liteserver.nl http://rockylinux.mirror.liteserver.nl/9.0/BaseOS/x86_64/os/repodata/repomd.xml 200\n275 mirror.upsi.edu.my http://mirror.upsi.edu.my/rocky/9.0/BaseOS/x86_64/os/repodata/repomd.xml 200\n190 mirror.kku.ac.th http://mirror.kku.ac.th/rocky-linux/9.0/BaseOS/x86_64/os/repodata/repomd.xml 404\n292 mirrors.cat.pdx.edu http://mirrors.cat.pdx.edu/rocky/9.0/BaseOS/x86_64/os/repodata/repomd.xml 200\n370 mirrors.gbnetwork.com http://mirrors.gbnetwork.com/rocky/9.0/BaseOS/x86_64/os/repodata/repomd.xml 404\n308 mirror.ihost.md http://mirror.ihost.md/rockylinux/9.0/BaseOS/x86_64/os/repodata/repomd.xml 404\n87 mirror.freedif.org http://mirror.freedif.org/Rocky/9.0/BaseOS/x86_64/os/repodata/repomd.xml 404\n194 mirrors.bestthaihost.com http://mirrors.bestthaihost.com/rocky/9.0/BaseOS/x86_64/os/repodata/repomd.xml 404\n30 mirror.admax.se http://mirror.admax.se/rocky/9.0/BaseOS/x86_64/os/repodata/repomd.xml 200\n195 mirror.uepg.br http://mirror.uepg.br/rocky/9.0/BaseOS/x86_64/os/repodata/repomd.xml 404\n247 mirrors.ipserverone.com http://mirrors.ipserverone.com/rocky/9.0/BaseOS/x86_64/os/repodata/repomd.xml 404'\n</code></pre>"},{"location":"sop/sop_release/","title":"Rocky Release Procedures for SIG/Core (RelEng/Infrastructure)","text":"<p>This SOP contains all the steps required by SIG/Core (a mix of Release Engineering and Infrastructure) to perform releases of all Rocky Linux versions. Work is in all collaboration within the entire group of engineerings.</p>"},{"location":"sop/sop_release/#contact-information","title":"Contact Information","text":"Owner SIG/Core (Release Engineering & Infrastructure) Email Contact infrastructure@rockylinux.org Email Contact releng@rockylinux.org Mattermost Contacts <code>@label</code> <code>@neil</code> <code>@tgo</code> <code>@skip77</code> <code>@mustafa</code> <code>@sherif</code> <code>@pgreco</code> Mattermost Channels <code>~Infrastructure</code>"},{"location":"sop/sop_release/#preparation","title":"Preparation","text":""},{"location":"sop/sop_release/#notes-about-release-day","title":"Notes about Release Day","text":"<p>Within a minimum of two (2) days, the following should be true:</p> <ol> <li> <p>Torrents should be setup. All files can be synced with the seed box(es) but not yet published. The data should be verified using sha256sum and compared to the CHECKSUM files provided with the files.</p> </li> <li> <p>Website should be ready (typically with an open PR in github). The content should be verified that the design and content are correct and finalized.</p> </li> <li> <p>Enough mirrors should be setup. This essentially means that all content for a release should be synced to our primary mirror with the executable bit turned off, and the content should also be hard linked. In theory, mirror manager can be queried to verify if mirrors are or appear to be in sync.</p> </li> </ol>"},{"location":"sop/sop_release/#notes-about-patch-days","title":"Notes about Patch Days","text":"<p>Within a minimum of one (1) to two (2) days, the following should be true:</p> <ol> <li> <p>Updates should be completed in the build system, and verified in staging.</p> </li> <li> <p>Updates should be sent to production and file lists updated to allow mirrors to sync.</p> </li> </ol>"},{"location":"sop/sop_release/#prior-to-release-day-notes","title":"Prior to Release Day notes","text":"<p>Ensure the SIG/Core Checklist is read thoroughly and executed as listed.</p>"},{"location":"sop/sop_release/#release-day","title":"Release Day","text":""},{"location":"sop/sop_release/#priorities","title":"Priorities","text":"<p>During release day, these should be verified/completed in order:</p> <ol> <li> <p>Website - The primary website and user landing at rockylinux.org should allow the user to efficiently click through to a download link of an ISO, image, or torrent. It must be kept up.</p> </li> <li> <p>Torrent - The seed box(es) should be primed and ready to go for users downloading via torrent.</p> </li> <li> <p>Release Notes & Documentation - The release notes are often on the same website as the documentation. The main website and where applicable in the docs should refer to the Release Notes of Rocky Linux.</p> </li> <li> <p>Wiki - If applicable, the necessary changes and resources should be available for a release. In particular, if a major release has new repos, changed repo names, this should be documented.</p> </li> <li> <p>Everything else!</p> </li> </ol>"},{"location":"sop/sop_release/#resources","title":"Resources","text":""},{"location":"sop/sop_release/#sigcore-checklist","title":"SIG/Core Checklist","text":""},{"location":"sop/sop_release/#beta","title":"Beta","text":"<ul> <li>Compose Completed</li> <li>Repoclosure must be checked and pass</li> <li>Lorax Run</li> <li>ISO's are built</li> <li>Cloud Images built</li> <li>Live Images built</li> <li>Compose Synced to Staging</li> <li>AWS/Azure Images in Marketplace</li> <li>Vagrant Images</li> <li>Container Images</li> <li> <p>Mirror Manager</p> <ul> <li>Ready to Migrate from previous beta release (rltype=beta)</li> <li>Boot image install migration from previous beta release</li> </ul> </li> <li> <p>Pass image to Testing Team for final validation</p> </li> </ul>"},{"location":"sop/sop_release/#release-candidate","title":"Release Candidate","text":"<ul> <li>Compose Completed</li> <li>Repoclosure must be checked and pass</li> <li>Lorax Run</li> <li>ISO's are built</li> <li>Cloud Images built</li> <li>Live Images built</li> <li>Compose Synced to Staging</li> <li>AWS/Azure Images in Marketplace</li> <li>Vagrant Images</li> <li>Container Images</li> <li> <p>Mirror Manager</p> <ul> <li>Ready to Migrate from previous release</li> <li>Boot image install migration from previous release</li> </ul> </li> <li> <p>Pass image to Testing Team for validation</p> </li> </ul>"},{"location":"sop/sop_release/#final","title":"Final","text":"<ul> <li>Compose Completed</li> <li>Repoclosure must be checked and pass</li> <li>Lorax Run</li> <li>ISO's are built</li> <li>Cloud Images built</li> <li>Live Images built</li> <li>Compose Synced to Staging</li> <li>AWS/Azure Images in Marketplace</li> <li>Vagrant Images</li> <li>Container Images</li> <li> <p>Mirror Manager</p> <ul> <li>Ready to Migrate from previous release</li> <li>Boot image install migration from previous release</li> </ul> </li> <li> <p>Pass image to Testing Team for final validation</p> </li> <li>Sync to Production</li> <li>Sync to Europe Mirror if applicable</li> <li>Hardlink Run</li> <li>Bitflip after 24-48 Hours</li> </ul> Resources Account ServicesGit (RESF Git Service)Git (Rocky Linux GitHub)Git (Rocky Linux GitLab)Mail ListsContacts <p>URL: https://accounts.rockylinux.org</p> <p>Purpose: Account Services maintains the accounts for almost all components of the Rocky ecosystem</p> <p>Technology: Noggin used by Fedora Infrastructure</p> <p>Contact: <code>~Infrastructure</code> in Mattermost and <code>#rockylinux-infra</code> in Libera IRC</p> <p>URL: https://git.resf.org</p> <p>Purpose: General projects, code, and so on for the Rocky Enterprise Software Foundation.</p> <p>Technology: Gitea</p> <p>Contact: <code>~Infrastructure</code>, <code>~Development</code> in Mattermost and <code>#rockylinux-infra</code>, <code>#rockylinux-devel</code> in Libera IRC</p> <p>URL: https://github.com/rocky-linux</p> <p>Purpose: General purpose code, assets, and so on for Rocky Linux. Some content is mirrored to the RESF Git Service.</p> <p>Technology: GitHub</p> <p>Contact: <code>~Infrastructure</code>, <code>~Development</code> in Mattermost and <code>#rockylinux-infra</code>, <code>#rockylinux-devel</code> in Libera IRC</p> <p>URL: https://git.rockylinux.org</p> <p>Purpose: Packages and light code for the Rocky Linux distribution</p> <p>Technology: GitLab</p> <p>Contact: <code>~Infrastructure</code>, <code>~Development</code> in Mattermost and <code>#rockylinux-infra</code>, <code>#rockylinux-devel</code> in Libera IRC</p> <p>URL: https://lists.resf.org</p> <p>Purpose: Users can subscribe and interact with various mail lists for the Rocky ecosystem</p> <p>Technology: Mailman 3 + Hyper Kitty</p> <p>Contact: <code>~Infrastructure</code> in Mattermost and <code>#rockylinux-infra</code> in Libera IRC</p> Name Email Mattermost Name IRC Name Louis Abel label@rockylinux.org @nazunalika Sokel/label/Sombra Mustafa Gezen mustafa@rockylinux.org @mustafa mstg Skip Grube skip@rockylinux.org @skip77 Sherif Nagy sherif@rockylinux.org @sherif Pablo Greco pgreco@rockylinux.org @pgreco pgreco Neil Hanlon neil@resf.org @neil neil Taylor Goodwill tg@resf.org @tgo tg"},{"location":"sop/sop_upstream_prep_checklist/","title":"Generalized Prep Checklist for Upcoming Releases","text":"<p>This SOP contains general checklists required by SIG/Core to prepare and plan for the upcoming release. This work, in general, is required to be done on a routine basis, even months out before the next major or minor release, as it requires monitoring of upstream's (CentOS Stream) work to ensure Rocky Linux will remain ready and compatible with Red Hat Enterprise Linux.</p>"},{"location":"sop/sop_upstream_prep_checklist/#contact-information","title":"Contact Information","text":"Owner SIG/Core (Release Engineering & Infrastructure) Email Contact infrastructure@rockylinux.org Email Contact releng@rockylinux.org Mattermost Contacts <code>@label</code> <code>@neil</code> <code>@tgo</code> <code>@skip77</code> <code>@mustafa</code> <code>@sherif</code> <code>@pgreco</code> Mattermost Channels <code>~Infrastructure</code>"},{"location":"sop/sop_upstream_prep_checklist/#general-upstream-monitoring","title":"General Upstream Monitoring","text":"<p>It is expected to monitor the following repositories upstream, as these will indicate what is coming up for a given major or point release. These repositories are found at the Red Hat gitlab.</p> <ul> <li>centos-release</li> <li>centos-logos</li> <li>pungi-centos</li> <li>comps</li> <li>module-defaults</li> </ul> <p>These repositories can be monitored by setting to \"all activity\" on the bell icon.</p> <p>Upon changes to the upstream repositories, SIG/Core member should analyze the changes and apply the same to the lookahead branches:</p> <ul> <li> <p>rocky-release</p> <ul> <li>Manual changes required</li> </ul> </li> <li> <p>rocky-logos</p> <ul> <li>Manual changes required</li> </ul> </li> <li> <p>pungi-rocky</p> <ul> <li>Run <code>sync-from-upstream</code></li> </ul> </li> <li> <p>peridot-rocky</p> <ul> <li>Configurations are generated using peridot tools</li> </ul> </li> <li> <p>comps</p> <ul> <li>Run <code>sync-from-upstream</code></li> </ul> </li> <li> <p>rocky-module-defaults</p> <ul> <li>Run <code>sync-from-upstream</code></li> </ul> </li> </ul>"},{"location":"sop/sop_upstream_prep_checklist/#general-downward-merging","title":"General Downward Merging","text":"<p>Repositories that generally track for LookAhead and Beta releases will flow downward to the stable branch. For example:</p> <pre><code>* rXs / rXlh\n |\n |----> rX-beta\n |\n |----> rX\n</code></pre> <p>This applies to any specific rocky repo, such as comps, pungi, peridot-config, and so on. As it is expected some repos will deviate in commit history, it is OK to force push, under the assumption that changes made in the lower branch exists in the upper branch. That way you can avoid changes/functionality being reverted on accident.</p>"},{"location":"sop/sop_upstream_prep_checklist/#general-package-patching","title":"General Package Patching","text":"<p>There are packages that are patched typically for the purpose of debranding. List of patched packages are typically maintained in a metadata repository. The obvious ones are listed below and should be monitored and maintained properly:</p> <ul> <li>abrt</li> <li>anaconda</li> <li>anaconda-user-help</li> <li>chrony</li> <li>cockpit</li> <li>dhcp</li> <li>dnf</li> <li>firefox</li> <li>fwupd</li> <li>gcc</li> <li>gnome-session</li> <li>gnome-settings-daemon</li> <li>grub2</li> <li>initial-setup</li> <li>kernel</li> <li>kernel-rt</li> <li>libdnf</li> <li>libreoffice</li> <li>libreport</li> <li>lorax-templates-rhel</li> <li>nginx</li> <li>opa-ff</li> <li>opa-fm</li> <li>openldap</li> <li>openscap</li> <li>osbuild</li> <li>osbuild-composer</li> <li>PackageKit</li> <li>pesign</li> <li>python-pip</li> <li>redhat-rpm-config</li> <li>scap-security-guide</li> <li>shim</li> <li>shim-unsigned-x64</li> <li>shim-unsigned-aarch64</li> <li>subscription-manager</li> <li>systemd</li> <li>thunderbird</li> </ul>"}]} |