Commit graph

7 commits

Author SHA1 Message Date
Ian Wienand
f6a02fbdb9 Install dracut-generic-config package
dracut has a "hostonly" mode where it builds an initramfs that is
suitable for booting the system it is building on.  This is on by
default, but obviously in our nested multi-platform chroot situation
this is fraught with danger.

As highlighted by [1] our builds were inadvertently turning off
"hostonly" mode when the mountpoints in the chroot were not found.
The CentOS 7.3 behaviour change broke this and we ended up with an
initramfs with no file-system modules.

Iaf2a1e8470f642bfaaaad3f9b7f26cfc8cc445c9 introduced a regeneration of
the initramfs, which I think does work as described because it runs in
the loopback device.

However, dracut includes a package that installs configuration
overrides to build a generic initramfs.  This is really what we want,
and should solve the problem no matter where the initramfs is created.

Add this package into yum-minimal and remove the extra re-create call
which should not be necessary.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1405238

Change-Id: I5d203f2abe743cb23a44d449850e692a948e7871
2016-12-17 16:37:55 +00:00
Ben Nemec
79c27199f2 Install lsb package by map name instead of package name
We have a pkg-map entry for lsb_release, but in package-installs.yaml
we refer to the actual package name instead.  This will happen to
work on Red Hat platforms, but it's actually wrong.

Change-Id: Idb248f96e75fa1090422fa08e5fbb2385cc1f517
2016-11-11 14:30:21 -06:00
Monty Taylor
fd18cb74b2
Add libselinux-python to yum-minimal
yum-minimal installs selinux but not libselinux-python, which makes
interacting with the node from ansible hard fail. Add it.

Change-Id: I403e7806ae10d5dd96d0727832f4da20e34b94c7
2016-09-17 01:25:31 +02:00
Ian Wienand
944b4fea0f Add "audit"package to yum-minimal
Kernels are built with auditing support, and without the audit deamon
logs bubble up to spam the console and /var/log/messages.  This
package contains the audit daemon that catches these messages.

Change-Id: Ie3e216bab33b27f2d67a9379ddc3e89d66449251
2016-08-08 17:54:20 +10:00
Ian Wienand
fd2f55ee41 yum-minimal : install selinux policy packages
Install selinux policy packages as part of the base-installs.  selinux
is part of the base-system and the kernel boots by default in selinux
mode.

Without both of these, we can get in a situation where later scripts
(particuarly, some of the infra scripts) might install systemd-policy
without a base policy (targeted), leading to a messed up situation
where systemd will halt during boot due to missing policy files.

Change-Id: I6bf156304d1134fb328fba9b12dc364701b13696
2015-12-22 08:45:20 +11:00
Ian Wienand
1d476dd994 Remove fedora-minimal/install.d/99-ramdisk
When the kernel gets installed on Fedora, the rpm post scripts call
"/bin/kernel-install" [1] to install it.  This is a script provided by
systemd.

However, in [2], Fedora ships a patch to kernel-install that makes a
call-out to /sbin/new-kernel-pkg -- the install script provided by
grubby [3]

Without grubby installed, systemd's kernel-install script goes off and
runs dracut plugins directly [4], which eventually creates the initrd.
For reasons that are not clearly explained, the initrd will end up in
a a "machine-id" sub-directory of /boot (possibly, so you can symlink
it?).  It is also called "initrd", even though it's an initramfs, for
historical reasons in dracut I think.

It is at this point that I think 99-ramdisk has been written to move
the generated initrd file back into /boot.  Later on, when we build
the image, we run grub-install and it picks up the kernel and the
initrd and installs everything.

grubby's new-kernel-pkg [6] it's very similar -- it uses dracut to
make the initramfs ... but in this case it is put in /boot and is
actually called initramfs.

The subtle change that led me down this path is that dracut has been
modified to have a "Recommends" for grubby for >F22 [7].  After
discussing this change with the author, it turns out it was *always*
intended to use the grubby-based kernel install scripts for Fedora --
our builds have been incorrect in not including the package.  The
author got sick of people removing the package and making unbootable
systems, hence the change.

Thus this removes the workarounds in 99-ramdisk and replace it with an
install of the grubby package.  grubby's kernel install script will
put the kernel & generated initramfs in /boot, and it will be
installed correctly via the usual grub install later when we build the
disk image.

I have built F22 & F23 fedora-minimal images with this and they boot.

[1] http://pkgs.fedoraproject.org/cgit/kernel.git/tree/kernel.spec#n1832
[2] http://pkgs.fedoraproject.org/cgit/systemd.git/tree/kernel-install-grubby.patch
[3] http://linux.die.net/man/8/new-kernel-pkg
[4] https://github.com/haraldh/dracut/blob/master/50-dracut.install
[5] 81516adcb7
[6] https://github.com/rhinstaller/grubby/blob/master/new-kernel-pkg
[7] 47ff68e78b

Change-Id: I1a6e45d04755515286b3d49f8280c16b527e2f48
2015-11-19 21:03:45 +11:00
Monty Taylor
b5bcb3b60e Add a yum-minimal element that just uses yum
The centos-minimal approach of using rinse does not, it turns out, work
on centos. That's a bummer. It's also rather heavyweight. Instead, with
minor machinations, we can just use yum itself pointed at a chroot.

Also adding fedora-minimal element which creates a fedora image using
the new yum-minimal approach.

Co-Authored-By: Gregory Haynes <greg@greghaynes.net>

Change-Id: I026fd9d323e786dae5bb67824c6501067e1ceaa3
2015-04-14 13:39:18 -04:00