From 5424dc3ae81118334f7ae0e94b62b7a2c7b34e39 Mon Sep 17 00:00:00 2001 From: Simppa Akaslompolo Date: Mon, 27 Nov 2023 15:31:49 +0200 Subject: [PATCH 1/3] RHEL9 example container --- rhel-9/Containerfile | 78 ++++++++++++++++++++++++++++++++++++++++ rhel-9/container_exit.sh | 6 ++++ rhel-9/excludes | 2 ++ 3 files changed, 86 insertions(+) create mode 100644 rhel-9/Containerfile create mode 100755 rhel-9/container_exit.sh create mode 100644 rhel-9/excludes diff --git a/rhel-9/Containerfile b/rhel-9/Containerfile new file mode 100644 index 0000000..bf6c32e --- /dev/null +++ b/rhel-9/Containerfile @@ -0,0 +1,78 @@ +FROM registry.access.redhat.com/ubi9/ubi:9.3 + +# copy the build system's subscription +# https://access.redhat.com/solutions/5870841 +##COPY subscription/redhat.repo /etc/yum.repos.d/redhat.repo +##COPY subscription/rhsm/* /etc/rhsm +##COPY subscription/entitlement/* /etc/pki/entitlement +##RUN rm -f /etc/rhsm-host && rm -f /etc/pki/entitlement-host + + +#Versionlock the kernel: +RUN dnf install -y \ + kernel-0:5.14.0-362.24.1.el9_3 \ + kernel-core-0:5.14.0-362.24.1.el9_3 \ + kernel-headers-0:5.14.0-362.24.1.el9_3 \ + kernel-modules-core-0:5.14.0-362.24.1.el9_3 + +RUN dnf install -y \ + python3-dnf-plugin-versionlock +RUN dnf versionlock -y \ + kernel-0:5.14.0-362.24.1.el9_3.* \ + kernel-core-0:5.14.0-362.24.1.el9_3.* \ + kernel-headers-0:5.14.0-362.24.1.el9_3.* \ + kernel-modules-core-0:5.14.0-362.24.1.el9_3.* + + +# this imitates a server groupinstall +RUN dnf install -y --allowerasing \ + coreutils \ + cpio \ + dhclient \ + e2fsprogs \ + ethtool \ + findutils \ + initscripts \ + ipmitool \ + iproute \ + ncurses \ + net-tools \ + NetworkManager \ + nfs-utils \ + openssh-clients \ + openssh-server \ + pciutils \ + policycoreutils-python-utils \ + psmisc \ + rsync \ + rsyslog \ + strace \ + selinux-policy-targeted \ + wget \ + which \ + words \ + rdma-core \ + && dnf clean all + +# Unmask what RHEL masked in the ubi +# Needed to get an actual login tty +RUN rm -f /etc/systemd/system/systemd-logind.service && rm -f /etc/systemd/system/getty.target && rm -f /etc/systemd/system/console-getty.service && rm -f /etc/systemd/system/sys-fs-fuse-connections.mount && rm -f /etc/systemd/system/systemd-remount-fs.service && rm -f /etc/systemd/system/dev-hugepages.mount + +# For SELinux enabled nodes: + +# The wwclient service fails to start on boot if appropriate SELinux file +# context label is not set for /warewulf/wwclient. +# Permanently assign bin_t fcontent label for wwclient binary that is +# deployed by wwinit overlay because warewulf runs `restorecon -R /` on node +# boot, clobbering any existing labels set in the overlay itself. +# +# RUN semanage fcontext -N -a -t bin_t /warewulf/wwclient + +COPY excludes /etc/warewulf/ +COPY container_exit.sh /etc/warewulf/ + +CMD [ "/bin/echo", "-e", \ + "This image is intended to be used with the Warewulf cluster management and", \ + "\nprovisioning system.", \ + "\n", \ + "\nFor more information about Warewulf, visit https://warewulf.org" ] diff --git a/rhel-9/container_exit.sh b/rhel-9/container_exit.sh new file mode 100755 index 0000000..84993a5 --- /dev/null +++ b/rhel-9/container_exit.sh @@ -0,0 +1,6 @@ +#!/bin/sh +set -x +LANG=C +LC_CTYPE=C +export LANG LC_CTYPE +dnf clean all diff --git a/rhel-9/excludes b/rhel-9/excludes new file mode 100644 index 0000000..bf00703 --- /dev/null +++ b/rhel-9/excludes @@ -0,0 +1,2 @@ +/boot/ +/usr/share/GeoIP From 5596f8fcbe350e9b03b22f13396f639b3d5199be Mon Sep 17 00:00:00 2001 From: Jonathon Anderson Date: Thu, 7 Nov 2024 13:29:27 -0700 Subject: [PATCH 2/3] Move rhel-9 to examples/ examples/ contains image definitions that we don't build outselves automatically. Signed-off-by: Jonathon Anderson --- {rhel-9 => examples/rhel-9}/Containerfile | 0 {rhel-9 => examples/rhel-9}/container_exit.sh | 0 {rhel-9 => examples/rhel-9}/excludes | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename {rhel-9 => examples/rhel-9}/Containerfile (100%) rename {rhel-9 => examples/rhel-9}/container_exit.sh (100%) rename {rhel-9 => examples/rhel-9}/excludes (100%) diff --git a/rhel-9/Containerfile b/examples/rhel-9/Containerfile similarity index 100% rename from rhel-9/Containerfile rename to examples/rhel-9/Containerfile diff --git a/rhel-9/container_exit.sh b/examples/rhel-9/container_exit.sh similarity index 100% rename from rhel-9/container_exit.sh rename to examples/rhel-9/container_exit.sh diff --git a/rhel-9/excludes b/examples/rhel-9/excludes similarity index 100% rename from rhel-9/excludes rename to examples/rhel-9/excludes From 0f39074ff8d771c23a0d68c2f4f279ebd1ea2afe Mon Sep 17 00:00:00 2001 From: Jonathon Anderson Date: Thu, 7 Nov 2024 13:51:07 -0700 Subject: [PATCH 3/3] README for rhel-9 container example Signed-off-by: Jonathon Anderson --- examples/rhel-9/Containerfile | 43 ++++++++++++++--------------------- examples/rhel-9/README.md | 18 +++++++++++++++ 2 files changed, 35 insertions(+), 26 deletions(-) create mode 100644 examples/rhel-9/README.md diff --git a/examples/rhel-9/Containerfile b/examples/rhel-9/Containerfile index bf6c32e..766cb26 100644 --- a/examples/rhel-9/Containerfile +++ b/examples/rhel-9/Containerfile @@ -1,31 +1,12 @@ FROM registry.access.redhat.com/ubi9/ubi:9.3 -# copy the build system's subscription -# https://access.redhat.com/solutions/5870841 -##COPY subscription/redhat.repo /etc/yum.repos.d/redhat.repo -##COPY subscription/rhsm/* /etc/rhsm -##COPY subscription/entitlement/* /etc/pki/entitlement -##RUN rm -f /etc/rhsm-host && rm -f /etc/pki/entitlement-host - - -#Versionlock the kernel: -RUN dnf install -y \ - kernel-0:5.14.0-362.24.1.el9_3 \ - kernel-core-0:5.14.0-362.24.1.el9_3 \ - kernel-headers-0:5.14.0-362.24.1.el9_3 \ - kernel-modules-core-0:5.14.0-362.24.1.el9_3 - -RUN dnf install -y \ - python3-dnf-plugin-versionlock -RUN dnf versionlock -y \ - kernel-0:5.14.0-362.24.1.el9_3.* \ - kernel-core-0:5.14.0-362.24.1.el9_3.* \ - kernel-headers-0:5.14.0-362.24.1.el9_3.* \ - kernel-modules-core-0:5.14.0-362.24.1.el9_3.* - - # this imitates a server groupinstall RUN dnf install -y --allowerasing \ + kernel-0:5.14.0-362.24.1.el9_3 \ + kernel-core-0:5.14.0-362.24.1.el9_3 \ + kernel-headers-0:5.14.0-362.24.1.el9_3 \ + kernel-modules-core-0:5.14.0-362.24.1.el9_3 \ + python3-dnf-plugin-versionlock \ coreutils \ cpio \ dhclient \ @@ -52,11 +33,21 @@ RUN dnf install -y --allowerasing \ which \ words \ rdma-core \ - && dnf clean all + && dnf clean all \ + && dnf versionlock -y \ + kernel-0:5.14.0-362.24.1.el9_3.* \ + kernel-core-0:5.14.0-362.24.1.el9_3.* \ + kernel-headers-0:5.14.0-362.24.1.el9_3.* \ + kernel-modules-core-0:5.14.0-362.24.1.el9_3.* # Unmask what RHEL masked in the ubi # Needed to get an actual login tty -RUN rm -f /etc/systemd/system/systemd-logind.service && rm -f /etc/systemd/system/getty.target && rm -f /etc/systemd/system/console-getty.service && rm -f /etc/systemd/system/sys-fs-fuse-connections.mount && rm -f /etc/systemd/system/systemd-remount-fs.service && rm -f /etc/systemd/system/dev-hugepages.mount +RUN rm -f /etc/systemd/system/systemd-logind.service \ + && rm -f /etc/systemd/system/getty.target \ + && rm -f /etc/systemd/system/console-getty.service \ + && rm -f /etc/systemd/system/sys-fs-fuse-connections.mount \ + && rm -f /etc/systemd/system/systemd-remount-fs.service \ + && rm -f /etc/systemd/system/dev-hugepages.mount # For SELinux enabled nodes: diff --git a/examples/rhel-9/README.md b/examples/rhel-9/README.md new file mode 100644 index 0000000..2a41fd4 --- /dev/null +++ b/examples/rhel-9/README.md @@ -0,0 +1,18 @@ +# Red Hat Enterprise Linux 9 + +Warewulf can be used to boot a RHEL node, +but building such an image typically requires access to a Red Hat subscription. +This subscription can be accessed from the host environment +by mounting subscription files. + + +``` +podman build \ + --volume=/etc/pki/entitlement:/run/secrets/entitlement:ro \ + --volume=/etc/rhsm:/run/secrets/rhsm:ro \ + --volume=/etc/yum.repos.d/redhat.repo:/run/secrets/redhat.repo:ro \ + . --tag rhel:9 +``` + +For more information, +see https://access.redhat.com/solutions/5870841.