Commit Graph

838 Commits

Author SHA1 Message Date
Danni Shi
18df5a59b5 Update keylime-agent and tpm-emulator elements
Story: #2002713
Task: #41304

Change-Id: I735db46a62edecc85457d4163963f558c9fe461d
2021-10-06 15:05:28 -04:00
Zuul
6e83df4d40 Merge "Fix cron not installed in debian" 2021-10-06 13:23:00 +00:00
Zuul
82aa8c516d Merge "Add DIB_YUM_REPO_PACKAGE as an alternative to DIB_YUM_REPO_CONF" 2021-10-04 06:51:31 +00:00
Zuul
70378de688 Merge "Add policycoreutils package mappings for RHEL/Centos 9" 2021-10-04 06:51:29 +00:00
Zuul
0e93b853bf Merge "RHEL/Centos 9 does not have package grub2-efi-x64-modules" 2021-10-04 06:51:27 +00:00
Zuul
0a9c0b6ab8 Merge "Support grubby and the Bootloader Spec" 2021-10-04 06:46:29 +00:00
Zuul
a4615a2977 Merge "Move grubenv to EFI dir" 2021-10-04 06:46:28 +00:00
Zuul
175c5c4da6 Merge "Allowing ubuntu element use local image" 2021-10-01 15:31:07 +00:00
Marco Vaschetto
1f4fb1d7a5 Allowing ubuntu element use local image
Patch allow to set path for local image source,
instead download latest or use the cached image.
This permit to build image also in environment without internet access.

Change-Id: I9422e21c5d0445e31d5a7258aa7310b20e39b929
2021-09-27 20:56:06 +02:00
Zuul
0aa6e24286 Merge "Fix debian-minimal security repos" 2021-09-14 23:16:28 +00:00
Steve Baker
296c81b9ca Add DIB_YUM_REPO_PACKAGE as an alternative to DIB_YUM_REPO_CONF
A custom yum repository can now be configured by defining
`DIB_YUM_REPO_PACKAGE` as a yum available package or a URL to an rpm file.
This package can install repo files with any associated keys and
certificates.

A good example of such a package upstream is rdo-release[1] which
includes multiple repo files, the repo keys, and a root certificate.
This makes these repos impractical to install via DIB_YUM_REPO_CONF.

Downstream, repo packages like this a frequently used to bootstrap
development builds of RHEL with development repos.

[1] https://www.rdoproject.org/repos/rdo-release.rpm

Change-Id: I2832e723998c9bd7635cdf7541a4c20eff6294d2
2021-09-13 09:32:53 +12:00
Steve Baker
017ba12eb0 Add policycoreutils package mappings for RHEL/Centos 9
Change-Id: I69f0bc39b3ff4759bb66cea76112901ea8afff68
2021-09-13 09:32:53 +12:00
Steve Baker
fd63fe6999 RHEL/Centos 9 does not have package grub2-efi-x64-modules
Change-Id: Ida37eb500b7f331fd35f1b76365940c3b95ec83e
2021-09-13 09:32:53 +12:00
Steve Baker
97f940ace5 Support grubby and the Bootloader Spec
Fedora 30 and RHEL-8.2 onwards support the Bootloader Spec and use grubby
to manage kernel menu entries and kernel arguments.
https://fedoraproject.org/wiki/Changes/BootLoaderSpecByDefault

This change detects if this is a BLS enabled environment, and uses
grubby to set kernel arguments on all kernel entries if it is.

Change-Id: I2701260d54cf6bc79f1ac765b512d99d799e8c43
2021-09-13 09:32:53 +12:00
Steve Baker
b01aac9715 Move grubenv to EFI dir
If the grubenv is regenerated, its changes won't be available to UEFI
boot systems unless the changed grubenv is copied to the EFI
directory.

This change copies the grubenv to the EFI directory when the grub.cfg
is copied.

Change-Id: I512502117a6bf1e6122fdfd8965ca488b4a5bae4
2021-09-13 09:32:29 +12:00
Zuul
3c3ef6e32b Merge "Check and remove existing image interface configurations" 2021-09-10 15:01:28 +00:00
Zuul
48ef1c4d96 Merge "simple-init: allow disabling DHCP fallback" 2021-09-10 14:54:03 +00:00
Zuul
3eae88795d Merge "simple-init: support installing Glean from packages" 2021-09-10 14:54:00 +00:00
Riccardo Pittau
6ed7f3b139 Fix debian-minimal security repos
Debian stable security repos is now stable-security, as well as other
versions.

Move the Debian bullseye job from experimental to non-voting check.

Change-Id: I451cacda6573727de9448b5857bed5181850b4ad
2021-09-10 11:40:48 +02:00
Zuul
f03c50b4a1 Merge "Fix doc typo" 2021-09-09 00:24:00 +00:00
Zuul
8250b33d68 Merge "yum-minimal: use DNF tools on host" 2021-09-09 00:09:56 +00:00
Michal Arbet
db1409f550 Fix cron not installed in debian
This patch adds cron to debian package-installs
as cron should be included in OS.

Change-Id: I50140dc98c240911e769acf2b3c11958ffad5494
2021-09-01 23:49:27 +02:00
Piotr Parczewski
169f755165 Fix doc typo
Change-Id: I5b2729fa874e8e19a9f0dc7b1aed2ce7f5090c97
2021-09-01 19:58:52 +02:00
Ian Wienand
5f47584196 yum-minimal: use DNF tools on host
The latest Debian bullseye release doesn't provide yum any more, only
DNF.  This breaks the minimal builds that are using on-host yum tools
to start the chroot.  Probe for yumdownloader, and if it's not there,
use DNF.

Note this requires "dnf download" which may not be packaged.  See
I21cfbd3935e48be4b92591ea36c7eed301230753 for a sample work-around
that installs this plugin in the nodepool-builder container.

Change-Id: Ia7f1e4d115cc67c378d865d91af94a07b8cdc6cc
2021-08-30 14:14:32 +10:00
Eduardo Santos
442d11b236 Bump Ubuntu release to focal
Change-Id: I01689cfb01b095ef69573a48be55353ea7aa2931
2021-08-26 23:28:33 -03:00
Steve Baker
59420be677 Use non-greedy modifier for SUBRELEASE grep
Some fedora mirrors are serving image icon html, and this grep is
over-matching on those mirrors.

Change-Id: Ibd737f44a8d2eee1902b6c5363c61d591feb75c9
2021-08-23 14:12:17 +12:00
Xinliang Liu
a6ee4d0c21 Introduce openEuler distro
Add openeuler-minimal element and add CI functional tests for both
x86_64 and arm64.

OpenEuler is an open source community driven YUM/DNF distro like
Fedora. It references Fedora and CentOS a lot for the rpm packages
building. So somewhat it can be treated as a redhat family distro
and reuse the YUM/DNF related elements to help build openEuler images.

For more info about openEuler, see: https://openeuler.org/en

Depends-On: https://review.opendev.org/c/zuul/zuul-jobs/+/803413
Change-Id: I3e06e49b524364c3a4edeba8bce7a8c06b9c7b76
2021-08-04 03:06:55 +00:00
Zuul
4f5689a409 Merge "Permit specification of extra bootstrap packages" 2021-08-03 23:13:04 +00:00
Gonéri Le Bouder
168bb25e69 Fedora: bump DIB_RELEASE to 34
Fedora 34 is the new stable release.

Change-Id: I2fba6935064823ace418b00f9735e52640c933f3
2021-08-03 16:37:16 +00:00
Jay Faulkner
91da6ab885 Permit specification of extra bootstrap packages
This change permits the yum-minimal element to be used in downstream
custom distributions, which may have additional packages containing repo
config or GPG keys needed.

This could also be utilized at a later time to move the
distribution-specific logic in this method to each distribution element
separately.

Change-Id: Ic1434bb2fe7301086cf11ba6bd7f2ee187c5e6c8
2021-08-02 11:57:11 -07:00
Zuul
0b14750e3f Merge "Update IRC networks" 2021-07-23 02:06:47 +00:00
Zuul
03275c2dd4 Merge "Add a keylime-agent element and a tpm-emulator element" 2021-07-22 10:34:31 +00:00
Takashi Kajinami
4107dc3bc4 Update IRC networks
The following two channels were migrated to OFTC.
 #tripleo
 #openstack-dib

Also, the following channel was migrated to Libera Chat[1].
 #opensuse-cloud

[1] https://en.opensuse.org/openSUSE:IRC_list

Change-Id: Ia4c729a8d284bbfcbdb3b8621ae29d9be57886f5
2021-07-22 19:17:51 +09:00
Zuul
02bda20dce Merge "Auto find greatest Fedora cloud image sub-release" 2021-07-22 07:53:44 +00:00
Danni Shi
05d8f3ae38 Add a keylime-agent element and a tpm-emulator element
Story: #2002713

Task: #41304
Change-Id: Ia5226faabae8accb03f401aa4de3c8311b583455
2021-07-20 10:05:41 -04:00
Zuul
ddd70501d4 Merge "Convert multi line if statement to case" 2021-07-19 23:31:06 +00:00
Zuul
556f4f6aa6 Merge "Add a growvols utility for growing LVM volumes" 2021-07-12 10:12:13 +00:00
Zuul
3f2feb6e3b Merge "cache-url : turn down verbose curl" 2021-07-12 09:55:28 +00:00
Zuul
d286f64a76 Merge "Add element block-device-efi-lvm" 2021-07-08 01:08:26 +00:00
Zuul
7831d71066 Merge "fedora-container: install dnf-plugins-core" 2021-07-07 06:51:05 +00:00
Zuul
d4f2d79f89 Merge "Do not uninstall non-installed packages" 2021-07-07 04:55:10 +00:00
Ian Wienand
bc39a5afe7 fedora-container: install dnf-plugins-core
Add dnf-plugins-core to the package-installs; this lets things like
"dnf copr" work automatically and is in-line with fedora-minimal base
packages.  While we're here, clean up some unneeded packages, and
remove the pkg-map that isn't relevant for Fedora builds.

Change-Id: Iad5a4717bcb55928377cc159b3360b0a70c5c5ac
2021-07-07 11:02:10 +10:00
Ian Wienand
12b60c4088 Mount /sys RO
As noted inline, this works around potential issues by being a strong
indication you are in a container (e.g. [1]).  Since nothing should be
changing anything on the host/build system, this is a generically
safer way to operate.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1975588

Change-Id: Ic6802c4ffc2e825f129af10717860a2d1770fe80
2021-07-05 11:45:02 +10:00
Steve Baker
a6e0bf83db Add a growvols utility for growing LVM volumes
There is currently no automated way of growing LVM volumes on boot
like single partition images do with their growroot mechanism. This
lack likely contributes to LVM not being widely used on VM and
baremetal workloads, since growing to the full disk requires workload
knowledge to determine which volumes to grow and by what amount.

The growvols element contributes a growvols python script which can be
run on firstboot (via systemd or cloud-init) or manually via
automation such as ansible. It is also an interactive script which
displays the full list of modifying commands before prompting for
confirmation to run them all.

By default the script will grow the root volume, but arguments allow
any volume to grow by a specified amount, or a percentage of the
available disk space.

Blueprint: whole-disk-default
Change-Id: Idcf774384e56cce03e56c0e19c7d08a768606399
2021-07-01 11:16:31 +12:00
Ian Wienand
ba5bcce036 cache-url : turn down verbose curl
curl's "-v" is a bit too verbose for "-x", especially when what you're
downloading bounces through a few redirects as is common.  Turn this
down and put it behind "-xx" or greater.

Change-Id: I6d91166bb237f2a1818cae7532e794ef0f01288b
2021-06-24 10:09:00 +10:00
Steve Baker
ab8d2910c4 Add element block-device-efi-lvm
Element block-device-efi-lvm has been added which is like
block-device-efi but defines an LVM logical group in the root
partition. Three logical volumes are defined in that group, mounted to
/, /var, and /home.

This volume layout will not meet all requirements, but this is more of
an example demonstrating the capability to encourage more usage of
this existing feature.

This is based on the overcloud-partition-uefi element in
tripleo-image-elements, and I believe this capability is too useful to
have the only working example buried in a related project repo.

This change also fixes the element string matching in
_arg_defaults_hack, the 'vm' test was also matching against 'lvm' and
'block-device-efi-lvm' elements. Also the 'block-device-' test now
properly tests for this being the prefix of the block-device element.

This change also makes block-device-efi fsck-passno compliant with the
documentation[1] so that / has value 1 and all other mounts are set to
2.

[1] https://www.man7.org/linux/man-pages/man5/fstab.5.html

Change-Id: If86a0e49186ce5a65cc0084101d31ce59a97b854
Blueprint: whole-disk-default
2021-06-01 17:27:28 +12:00
Zuul
75ee18b01b Merge "bootloader: remove extlinux/syslinux path" 2021-05-28 04:51:23 +00:00
Matthew Thode
2ff65d512e
Do not uninstall non-installed packages
The bootloader element uses the grub-efi-$arch package to remove already
installed packages (for redhat).  The uninstall of a non-installed
package fails with a non-zero exit code on gentoo.  The gentoo base
tarball does not include a bootloader and the grub-efi-$arch package is
only used for uninstalls, so zero out the variable to allow bootable
images to be generated.

Change-Id: If8572abd6e19a02f2f63b33d4f83a7054774d7e6
Signed-off-by: Matthew Thode <mthode@mthode.org>
2021-05-25 23:32:16 -05:00
Ian Wienand
3ccca50c14 Fix DISTRO_NAME in Fedora elements
Fix typo in documentation around name variables.

Change-Id: I88fd1dd828ce1b606398198dd0317096363480f1
2021-05-17 10:02:09 +10:00
Ian Wienand
80ff74ca4d Add fedora-containerfile element
This builds Fedora from the containerfile element.

Depends-On: https://review.opendev.org/c/zuul/nodepool/+/790531
Depends-On: https://review.opendev.org/c/opendev/glean/+/790368

Change-Id: I5cf9b0505f2d542b3611ebbf9494f9be11e61f34
2021-05-13 10:43:45 +10:00
Ian Wienand
f6748a4cd4 bootloader: remove extlinux/syslinux path
This is a first pass through the bootloader, that removes the extlinux
and syslinux install/cleanup path.

Change-Id: Ifb107796cdb6748430a124bf13ced93db9689bff
2021-05-13 10:33:06 +10:00
Ian Wienand
4d16ccdbef bootloader: disable BLS for Fedora
As noted inline, the switch to "boot loader spec" grub entries breaks
our setting of the root device.  This happened some time ago, and it's
not 100% clear to me why our existing Fedora builds haven't broken on
this.  However, the new containerfile based builds do seem to be
hitting this.

Disable it for now.

Change-Id: Ia3472947799bb35ffccfa92937cdd0d68b12a25c
2021-05-11 16:48:58 +10:00
Carlos Goncalves
72442ba656 Auto find greatest Fedora cloud image sub-release
Fedora cloud images have sub-releases in their filename. It is not
exacly clear how this is generated but we do know how we can determine
the greatest programatically.

Change-Id: I7fc56897c681fe037db211c290edcdd23cdd5d5b
2021-05-10 09:14:17 +00:00
Ian Wienand
2a14088eac containerfile: automatically search for distro docker files
This makes the container file element search the active element list
for `containerfiles/${DIB_RELEASE}` for building.  This makes it easy
to write wrappers for ubuntu/fedora/etc. containerfile elements.

Change-Id: I68f1d928e54a70bad76985ddd3e156bb5f978b0d
2021-05-10 15:36:28 +10:00
Zuul
b536dbba8e Merge "Add containerfile element" 2021-05-10 01:50:40 +00:00
Zuul
c3243be696 Merge "Install epel-release from URL" 2021-05-10 01:28:32 +00:00
James E. Blair
edff632186 Add containerfile element
This is a base element which uses a containerfile (Dockerfile) to
build a container image, then the filesystem is extracted from that
image and forms the root of the dib image.

You can add as little or as much to the dockerfile as desired.

Change-Id: I4e821aa2ce7feb8841ef31da56de1a31aa9218b5
2021-05-07 13:54:59 +10:00
Zuul
cb0c117659 Merge "debian-minimal: bullseye: /updates -> -security" 2021-04-30 09:25:35 +00:00
Zuul
231770434b Merge "debian-minimal: Set bullseye version" 2021-04-30 05:59:26 +00:00
Zuul
46fb885ed8 Merge "Fix centos stream set mirror" 2021-04-30 05:21:23 +00:00
Jeremy Stanley
50b1566fa4 debian-minimal: bullseye: /updates -> -security
With the release of Debian bullseye and later, security updates are
provided in the bullseye-security suite instead of bullseye/updates.

Change-Id: I63580ec96a53e5e8ef8d105e766d838029727917
2021-04-28 17:07:22 +00:00
Ian Wienand
3071457355 debian-minimal: Set bullseye version
Currently Debian sets /etc/debian_version to "bullseye/sid" and, due
to a series of issues explained in [1] more fully "lsb_release -c" in
the OpenDev environment doesn't return the distribution code name.
Overriding this to the final release version fixes this.

[1] http://lists.opendev.org/pipermail/service-discuss/2021-April/000222.html

Change-Id: I00c1741dac6ad5f2c4bf855a207f17d8985bc763
2021-04-28 09:48:22 -07:00
Zuul
d03e7f1327 Merge "Ensure redhat efi packages are reinstalled during finalise" 2021-04-26 01:08:04 +00:00
Clark Boylan
da674c4e5b Install pbr before glean to address SNI issues
Some older distros (like centos8 and xenial) don't support SNI in their
easy_install implementations which are used to install setup_requires
for python packages. PBR is a setup_requires for glean. We work around
this problem when installing glean by preinstalling PBR with pip.

Change-Id: Ie9f5c9ed06954cbe51f23fe8cca0655a931a5201
2021-04-23 15:04:26 -07:00
Steve Baker
5caeba0c68 Ensure redhat efi packages are reinstalled during finalise
The rhel-8.4 qcow2 base image already has the grub2-efi-x64 package
installed on its single partition which has files installed to
/boot/efi..., however a partitioned image will have an empty /boot/efi
partition when running 50-bootloader. This means dnf will not install
grub2-efi-x64 when requested and /boot/efi will remain empty.

This commit makes the following changes:
- Refactors redhat bootloader pkg-map for the following:
  - Make x86_64/amd64, arm64/aarch64 adjancent so they don't diverge
  - Map grub-efi to packages installed to /usr
  - Map grub-efi-{arch} to packages installed to /boot/efi
- Removes packages grub-efi-{arch} before installing grub-efi and
  grub-efi-{arch}

Change-Id: Ia197feea34f43bd870fed30829b740596e6b2f48
2021-04-21 10:56:37 +12:00
Zuul
d7becbeb2b Merge "Add Debian Bullseye Zuul job" 2021-04-12 13:16:23 +00:00
Dmitriy Rabotyagov
cb4e9fc072 Add Debian Bullseye Zuul job
Change-Id: I7d7994565ab7ed62e49efd80766fe19a906499db
2021-04-09 10:20:10 +03:00
Zuul
833d433e92 Merge "Improved the documentation for DIB_DNF_MODULE_STREAMS" 2021-04-08 10:34:30 +00:00
Zuul
ffe3aa1610 Merge "Properly set grub2 root device when using efi" 2021-04-08 07:05:17 +00:00
Chandan Kumar (raukadah)
21a752ee4d Improved the documentation for DIB_DNF_MODULE_STREAMS
https://review.opendev.org/c/openstack/diskimage-builder/+/785138
adds the support for DIB_DNF_MODULE_STREAMS which is now available
for all Yum based distros.

This patch enhances the docs for using it for all Yum
based distributions.

Signed-off-by: Chandan Kumar (raukadah) <chkumar@redhat.com>
Change-Id: I29e726679c2b675b3c0cd95a3ff48fdad7cd5431
2021-04-08 11:22:43 +05:30
Clark Boylan
3294aecca2 Properly set grub2 root device when using efi
We've noticed that centos8 arm64 images have a root devices of
/dev/mapper/loop7p3 which make sense within a dib image build context
but not at boot time. Dib intends to use labels to set the root device
but when efi is used we end up running grub2-mkconfig against the efi
grub config path before we configure grub to use labels.

Fix this by running grub2-mkconfig after its configuration is set.
This should avoid confusion and complicated paths through the scripts
that configure this for us. We then copy the resulting config to the efi
specific grub.cfg location for platforms that have it.

There is also a small refactoring that is done to try and make the ~3
boot variants more clear:

 1) Booting with legacy bios
 2) Booting with uefi without a signed shim that directly calls grub
 3) Booting with uefi and a signed shim that calls grub

Options 1 and 2 share the /boot/grub*/grub.cfg file. Option 3 needs its
grub.cfg to live alongside distro specific efi target.

Change-Id: Ie9790da9d1bbea58197b37b15a48e77f8a93c1ac
2021-04-07 15:46:10 -07:00
Chandan Kumar (raukadah)
ced54fea75 Make DIB_DNF_MODULE_STREAMS part of yum element
While building cloud images, it is common to set modules
for CentOS and RHEL images. Earlier it was part of rhel-common
which was specific to RHEL OS not for CentOS. Moving it
under yum element as module/stream can be enabled or disabled
via dnf itself.

Signed-off-by: Chandan Kumar (raukadah) <chkumar@redhat.com>
Change-Id: Idc0f277f97e92e4d003f059f01b59f1b5513da34
2021-04-07 16:06:09 +05:30
Riccardo Pittau
256c798bc4 Convert multi line if statement to case
Having multi-line if-elif statements is not ideal, case improves
readability clarifying the code.

Change-Id: I3383584e09763d4ae8eab2f36a93ee399dae8382
2021-04-07 07:17:19 +00:00
Xinliang Liu
8c86d876e3 Fix centos stream set mirror
This intents to fix job dib-functests-bionic-python3-image.
And no CentOS-Stream-centosplus.repo file[1].

[1]: http://rpm.pbone.net/info_idpl_72967298_distro_centosother_com_centos-stream-repos-8-2.el8.noarch.rpm.html

Change-Id: I9d69413f31d0a9d83e992d05d177f683b7361337
2021-04-02 06:56:45 +00:00
Dmitry Tantsur
4dd8982c53 simple-init: support installing Glean from packages
Such package is in progress for RDO:

Depends-On: https://review.rdoproject.org/r/c/openstack/glean-distgit/+/32656
Change-Id: I2655b6b9037477c26743d51b0c9a9e31a23707fb
2021-03-25 12:49:03 +01:00
Dmitry Tantsur
fe89856d7d simple-init: allow disabling DHCP fallback
In some cases this is not desired (see the dependecy for details).

Change-Id: Ie549d0c9769a2b6c58de9e61cb621ca96c1cd886
Depends-On: https://review.opendev.org/c/opendev/glean/+/781500
2021-03-19 12:57:50 +01:00
Matthew Thode
b4f768117f
update gentoo keywords to support gcc-10
open-iscsi and open-isns need keywording to support gcc-10, move it out
of being keyworded only for musl profiles.

remove unneeded keywords for python-exec and python-exec-conf (marked
stable)

use the full package name for the dev-lang/python-exec-conf package

Change-Id: I44eaf8c2230e9e2089a72fce46954f4336626843
Signed-off-by: Matthew Thode <mthode@mthode.org>
2021-03-18 23:24:31 -05:00
Zuul
4aae99e64e Merge "Change paths for bootloader files in iso element" 2021-03-16 09:56:07 +00:00
Zuul
0e5922c6b8 Merge "replace the link which is in the 06-hpdsa file" 2021-03-16 06:34:40 +00:00
RotanChen
a9386ba147 replace the link which is in the 06-hpdsa file
The old link does't work,this one does.

Change-Id: I128b5841b2bd4897e2b2c0e82ad31049ce7b0c29
2021-03-12 19:16:50 +08:00
Steve Baker
522113bc6c Only add rhel base repos when REG_REPOS is not set
For offline (satellite based) installs the base repos won't be
available and the base packages will come from a different named repo
in satellite which will be specified by REG_REPOS.

This change will ensure no base repos are added when REG_REPOS are
specified so offline image builds are possible. All required base
repos need to be added to REG_REPOS when it is used. Documentation[1]
already includes base repos, so this should not be disruptive.

[1] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.1/html/director_installation_and_usage/creating-whole-disk-images#disk-image-environment-variables

Change-Id: Iafb81d50dffdac40d3b011670200b8da4c3a58f0
2021-03-11 11:01:29 +13:00
Steve Baker
27a326dafb Support secure-boot bootloader where possible
As of grub2 >= 2.02-95 on redhat family distros, calling grub2-install
on an EFI partition will fail with: "this utility cannot be used for
EFI platforms because it does not support UEFI Secure Boot."

This version of grub is now in centos8-stream and non-eus repos of
RHEL-8. It is not currently possible to build whole-disk UEFI images
on these distros, and when this package is promoted this will also
affect centos8 and RHEL-8 eus. The grub maintainers made this change
because the grub2-install generated /boot/efi/EFI/BOOT/BOOTX64.EFI
will never be capable of booting with Secure Boot.

This change defines a $EFI_BOOT_DIR for every distro element. When
directory /boot/efi/$EFI_BOOT_DIR exists a grub.cfg file in will be
generated there. This change also installs the shim package on redhat
family distros, which installs a copy of the shim bootloader to
/boot/efi/EFI/BOOT/BOOTX64.EFI. Using centos as an example, this
allows UEFI to boot the shim /boot/efi/EFI/BOOT/BOOTX64.EFI which
then chains to /boot/efi/EFI/centos/grubx64.efi.

If /boot/efi/$EFI_BOOT_DIR doesn't exist (such as for Ubuntu,
/boot/efi/EFI/ubuntu) the current behaviour of running grub-install to
generate /boot/efi/EFI/BOOT/BOOTX64.EFI will continue. For distros
such as Ubutnu where packaging does not populate /boot/efi/EFI/ubuntu
with .efi files, secure boot can be added in the future by copying
.efi files to /boot/efi/EFI/ubuntu and copying the shim file to
/boot/efi/EFI/BOOT/BOOTX64.EFI.

Change-Id: I90925218ff2aa4c4daffcf86e686b6d98d6b0f21
2021-03-11 10:27:59 +13:00
Zuul
a0fd571a3c Merge "Add efibootmgr utility for UEFI boot menu management" 2021-03-09 02:11:10 +00:00
Zuul
6a99e314b4 Merge "Use the same bootloader pkg-map for all redhat family" 2021-03-09 02:00:11 +00:00
Zuul
739b529a33 Merge "Add aarch64 support for rhel" 2021-03-09 01:52:31 +00:00
Zuul
b91aae61f7 Merge "Don't use hardcode while override base image file" 2021-03-09 00:03:09 +00:00
Zuul
3b5f5b55b1 Merge "Fix hooks order for CentOS/Fedora when mirror used" 2021-03-08 23:51:12 +00:00
Zuul
4c5b1179f3 Merge "Fix installation of proliant tools" 2021-03-08 23:47:32 +00:00
Daniel Pawlik
8b0e2417a6 Change get-pip url
The path for get-pip.py script in version 3.5 has been changed
with this commit [1].

[1] 2360f025eb

Change-Id: Ifde16e40b4e241c6c4c93df44330c403ee903e6f
2021-03-08 09:19:28 +01:00
Xinliang Liu
0c51b49414 Add aarch64 support for rhel
Change-Id: I86ccc56e37b214a45ba620b731b51f58d73471f8
2021-03-08 07:00:15 +00:00
Steve Baker
69bf654eba Add efibootmgr utility for UEFI boot menu management
As of grub2 >= 2.02-95 calling grub2-install on an EFI partition will
fail with: "this utility cannot be used for EFI platforms because it
does not support UEFI Secure Boot." In the case of ironic deployments,
ironic-python-agent will call efibootmgr to set the local boot for
subsequent boots.

This change adds efibootmgr to the image as well so any other UEFI
menu changes can be made manually.

Change-Id: I765ded15da07d6227d1e337960e54ad0e0d6ca39
2021-03-05 10:00:49 +13:00
Maksim Malchuk
c4c21967d8 Fix hooks order for CentOS/Fedora when mirror used
The python3/python3-pyyaml packages both are never installed and dnf
itself never updated when $DIB_DISTRIBUTION_MIRROR set and used.

This change fix the order of the operations:
 1. yum/dnf configure.
 2. *.repo patching.
 3. yum/dnf update/install execution.

Change-Id: Ifbbf1f0190fe8c8a77fb3be820e8056447e755f6
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
2021-03-04 10:54:52 +00:00
Maksim Malchuk
ca83a4c3cb Don't use hardcode while override base image file
The trvial fix allow override to work in air-gapped envirments where
the command 'curl -s https://cloud.centos.org/...' would fail.

Change-Id: I84296d8816042e4cd4cb02f15746b86d600d13d6
Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com>
2021-03-04 10:54:32 +00:00
Francois RIGAULT
5efb11de0d Fix installation of proliant tools
Use the actual virtualenv to install proliant tools, and make sure the
dependencies needed for sum firmware upgrade are included.

Change-Id: Ie1dbb868450918567b2903cdeccda35af1904417
Closes-Bug: #1916346
2021-03-03 19:04:50 +01:00
Mateusz Kowalski
3b22ee8784
Change paths for bootloader files in iso element
This PR updates locations for files used by the bootloader depending on
the target operating system built. The current logic does not take into
account latest versions of operating systems and makes it impossible to
build ISOs against those.

With this change it is possible to correctly build CentOS 8, Ubuntu
18.04 and Ubuntu 20.04 images.

Closes-Bug: #1916913
Change-Id: I3ed0041640f539e82805d03ba26fe46217f3ac3c
2021-03-03 11:01:14 +01:00
Steve Baker
f7ba7ba1de Use the same bootloader pkg-map for all redhat family
The only difference between the rhel and redhat entries is rhel has
the extra grub-efi-x86_64 mapping. All redhat family releases would
benefit from having this too, so this change removes the whole rhel
entry and adds grub-efi-x86_64 to the redhat family.

The assumption is that anything which applies to rhel also applies to
centos-stream, and in this case doesn't harm centos or fedora either.

Change-Id: I0dc44c1f2b57516742f4c3e43cfc8874d6b90fa2
2021-03-03 13:24:15 +13:00
Steve Baker
5c1f9a3238 Don't install centos-linux-release on 8-stream
This package doesn't exist in the stream base repo, and neither does
centos-linux-repos.

These are presumably replaced by centos-stream-release and
centos-stream-repos. This change adds an else block to handle the
non-stream base packages.

Change-Id: I32249199c3dfa44fc24fba28d24f314112c2e200
2021-02-23 12:57:05 +13:00
Noam Angel
0e700b25dc Check and remove existing image interface configurations
This change will remove any existing interface configurations in the image. They are not necessary
and could interrupt with deployments. In any case they should not exist if we use 
dhcp-all-interfaces element.

Change-Id: I35a4b5ea6e2315de3b0d9f8353ac2b6f4b995697
2021-02-16 08:46:32 +00:00
Zuul
cbbcf377d8 Merge "Remove the deprecated ironic-agent element" 2021-02-03 08:45:43 +00:00
Zuul
6cfc94c8bf Merge "Install last stable version of get-pip.py script" 2021-02-03 01:16:13 +00:00