From 2dff593d5616f4eace449509a37cef406d798c7c Mon Sep 17 00:00:00 2001
From: Richard Arends <richard@unixguru.nl>
Date: Mon, 6 Jun 2022 12:11:51 +0200
Subject: [PATCH] First

---
 README.md                                     | 27 +++++++++-
 build.sh                                      | 12 +++++
 commands.txt                                  | 20 +++++++
 ostree-config/manifest.yaml                   | 16 ++++++
 ostree-config/manifests/group                 | 52 +++++++++++++++++++
 ostree-config/manifests/passwd                | 33 ++++++++++++
 .../manifests/rocky-coreos-base.yaml          | 33 ++++++++++++
 .../manifests/rocky-coreos-post.yaml          |  6 +++
 .../manifests/rocky-coreos-system_tools.yaml  | 14 +++++
 ostree-config/rocky-86-appstream.repo         |  8 +++
 ostree-config/rocky-86-baseos.repo            |  8 +++
 11 files changed, 228 insertions(+), 1 deletion(-)
 create mode 100755 build.sh
 create mode 100644 commands.txt
 create mode 100644 ostree-config/manifest.yaml
 create mode 100644 ostree-config/manifests/group
 create mode 100644 ostree-config/manifests/passwd
 create mode 100644 ostree-config/manifests/rocky-coreos-base.yaml
 create mode 100644 ostree-config/manifests/rocky-coreos-post.yaml
 create mode 100644 ostree-config/manifests/rocky-coreos-system_tools.yaml
 create mode 100644 ostree-config/rocky-86-appstream.repo
 create mode 100644 ostree-config/rocky-86-baseos.repo

diff --git a/README.md b/README.md
index 6872d74..b0197bd 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,26 @@
-# rockylinux-ostree
\ No newline at end of file
+# Rocky Linux Ostree
+This repository contains all the bits to get a working Ostree for Rocky Linux (8.6)
+
+## Dir: bootserver
+Contains an Ansible playbook to configure a PXE bootserver
+
+## Dir: ostree-config
+Contains the config files to build a basic Ostree for Rocky Linux
+
+# How to use
+From the root directory of this project:
+* Create a build directory with the repo and cache directory below it. The repo directory will have the final OStree repository where you could boot from.
+* Initialize the ./build/repo directory as a OStree repository
+* Build the OStree repo
+
+```
+mkdir -p ./build/{repo,cache}
+ostree --repo=./build/repo init --mode=archive
+sudo rpm-ostree --unified-core compose tree  --cachedir=./build/cache  --repo=./build/repo config/manifest.yaml
+```
+
+When the compose state is finished, rsync the repo to the bootserver and network boot from it.
+
+```
+sudo rsync -av --delete ./build/repo root@192.168.122.89:/var/www/html/ostree/
+```
\ No newline at end of file
diff --git a/build.sh b/build.sh
new file mode 100755
index 0000000..a944e2e
--- /dev/null
+++ b/build.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+Error () {
+	echo "Oops, something did not work"
+	exit 101
+}
+
+sudo rm -rf ./build || Error
+mkdir -p ./build/{repo,cache} || Error
+ostree --repo=build/repo init --mode=archive || Error
+sudo rpm-ostree --unified-core compose tree  --cachedir=./build/cache  --repo=./build/repo config/manifest.yaml || Error
+sudo rsync -av --delete ./build/repo root@192.168.122.89:/var/www/html/ostree/ || Error
diff --git a/commands.txt b/commands.txt
new file mode 100644
index 0000000..db68c36
--- /dev/null
+++ b/commands.txt
@@ -0,0 +1,20 @@
+mkdir -p build/repo
+cd build/
+ostree --repo=repo init --mode=archive
+sudo rpm-ostree compose tree  --cachedir=/home/richard/rocky-coreos/build/cache  --repo=/home/richard/rocky-coreos/build/repo config/manifest.yaml
+sudo tar cvzf repo.tar.gz build/repo
+scp repo.tar.gz root@192.168.122.89:
+
+
+# 2de keer
+mkdir -p build/{repo,cache}
+ostree --repo=build/repo init --mode=archive
+sudo rpm-ostree compose tree  --cachedir=/home/richard/rocky-coreos/build/cache  --repo=/home/richard/rocky-coreos/build/repo config/manifest.yaml
+
+
+####
+ostree --repo=./build/repo ls rocky/x86_64/coreos
+ostree --repo=./build/repo ls rocky/x86_64/coreos /etc
+ostree --repo=./build/repo cat rocky/x86_64/coreos /usr/etc/passwd
+ostree --repo=./build/repo ls rocky/x86_64/coreos /usr/lib/systemd/system/*get*
+sudo rsync -av --delete /home/richard/rocky-coreos/build/repo root@192.168.122.89:/var/www/html/ostree/
diff --git a/ostree-config/manifest.yaml b/ostree-config/manifest.yaml
new file mode 100644
index 0000000..b2814b4
--- /dev/null
+++ b/ostree-config/manifest.yaml
@@ -0,0 +1,16 @@
+ref: rocky/${basearch}/coreos
+rojig:
+  name: rocky-coreos
+  summary: "Rocky Linux CoreOS"
+  license: MIT
+packages:
+  - rocky-release
+
+repos:
+  - rocky-86-baseos
+  - rocky-86-appstream
+
+include:
+  - manifests/rocky-coreos-base.yaml
+  - manifests/rocky-coreos-system_tools.yaml
+  - manifests/rocky-coreos-post.yaml
diff --git a/ostree-config/manifests/group b/ostree-config/manifests/group
new file mode 100644
index 0000000..3ce8c35
--- /dev/null
+++ b/ostree-config/manifests/group
@@ -0,0 +1,52 @@
+root:x:0:
+bin:x:1:
+daemon:x:2:
+sys:x:3:
+adm:x:4:
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mem:x:8:
+kmem:x:9:
+wheel:x:10:
+cdrom:x:11:
+mail:x:12:
+man:x:15:
+sudo:x:16:
+dialout:x:18:
+floppy:x:19:
+games:x:20:
+tape:x:30:
+video:x:39:
+ftp:x:50:
+lock:x:54:
+audio:x:63:
+nobody:x:99:
+users:x:100:
+utmp:x:22:
+utempter:x:35:
+ssh_keys:x:999:
+systemd-journal:x:190:
+dbus:x:81:
+polkitd:x:998:
+etcd:x:997:
+dip:x:40:
+cgred:x:996:
+tss:x:59:
+avahi-autoipd:x:170:
+rpc:x:32:
+sssd:x:993:
+dockerroot:x:986:
+rpcuser:x:29:
+nfsnobody:x:65534:
+kube:x:994:
+sshd:x:74:
+chrony:x:992:
+tcpdump:x:72:
+ceph:x:167:
+input:x:995:
+systemd-timesync:x:991:
+systemd-network:x:990:
+systemd-resolve:x:989:
+systemd-bus-proxy:x:988:
+cockpit-ws:x:987:
diff --git a/ostree-config/manifests/passwd b/ostree-config/manifests/passwd
new file mode 100644
index 0000000..b05ebdb
--- /dev/null
+++ b/ostree-config/manifests/passwd
@@ -0,0 +1,33 @@
+root:x:0:0:root:/root:/bin/bash
+bin:x:1:1:bin:/bin:/sbin/nologin
+daemon:x:2:2:daemon:/sbin:/sbin/nologin
+adm:x:3:4:adm:/var/adm:/sbin/nologin
+lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
+sync:x:5:0:sync:/sbin:/bin/sync
+shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
+halt:x:7:0:halt:/sbin:/sbin/halt
+mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
+operator:x:11:0:operator:/root:/sbin/nologin
+games:x:12:100:games:/usr/games:/sbin/nologin
+ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
+nobody:x:99:99:Nobody:/:/sbin/nologin
+dbus:x:81:81:System message bus:/:/sbin/nologin
+polkitd:x:999:998:User for polkitd:/:/sbin/nologin
+etcd:x:998:997:etcd user:/var/lib/etcd:/sbin/nologin
+tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
+avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
+rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
+sssd:x:995:993:User for sssd:/:/sbin/nologin
+dockerroot:x:997:986:Docker User:/var/lib/docker:/sbin/nologin
+rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
+nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
+kube:x:996:994:Kubernetes user:/:/sbin/nologin
+sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
+chrony:x:994:992::/var/lib/chrony:/sbin/nologin
+tcpdump:x:72:72::/:/sbin/nologin
+ceph:x:167:167:Ceph daemons:/var/lib/ceph:/sbin/nologin
+systemd-timesync:x:993:991:systemd Time Synchronization:/:/sbin/nologin
+systemd-network:x:991:990:systemd Network Management:/:/sbin/nologin
+systemd-resolve:x:990:989:systemd Resolver:/:/sbin/nologin
+systemd-bus-proxy:x:989:988:systemd Bus Proxy:/:/sbin/nologin
+cockpit-ws:x:988:987:User for cockpit-ws:/:/sbin/nologin
diff --git a/ostree-config/manifests/rocky-coreos-base.yaml b/ostree-config/manifests/rocky-coreos-base.yaml
new file mode 100644
index 0000000..42c3071
--- /dev/null
+++ b/ostree-config/manifests/rocky-coreos-base.yaml
@@ -0,0 +1,33 @@
+packages:
+  - rpm
+  - policycoreutils
+  - kernel
+  - kernel-modules-extra
+  - rpm-ostree
+  - ostree-grub2
+  - selinux-policy-targeted
+  - lvm2
+  - biosdevname
+  - keyutils
+  - binutils
+  - nss-altfiles
+  - polkit
+
+ignore-removed-users:
+  - root
+ignore-removed-groups:
+  - root
+etc-group-members:
+  - wheel
+  - sudo
+  - systemd-journal
+  - adm
+
+
+check-passwd:
+  type: "file"
+  filename: "passwd"
+check-groups:
+  type: "file"
+  filename: "group"
+
diff --git a/ostree-config/manifests/rocky-coreos-post.yaml b/ostree-config/manifests/rocky-coreos-post.yaml
new file mode 100644
index 0000000..c565531
--- /dev/null
+++ b/ostree-config/manifests/rocky-coreos-post.yaml
@@ -0,0 +1,6 @@
+postprocess:
+  - |
+    #!/usr/bin/env bash
+    set -xeuo pipefail
+
+    # Placeholder for commands
diff --git a/ostree-config/manifests/rocky-coreos-system_tools.yaml b/ostree-config/manifests/rocky-coreos-system_tools.yaml
new file mode 100644
index 0000000..eead521
--- /dev/null
+++ b/ostree-config/manifests/rocky-coreos-system_tools.yaml
@@ -0,0 +1,14 @@
+# config/manifests/rocky-coreos-system_tools.yaml
+# 
+# Contains system (tools) packages which are often used on a regular
+# system, but not needed for the base system to work
+packages:
+  - NetworkManager
+  - iproute
+  - iputils
+  - openssh-clients
+  - openssh-server
+  - less
+  - vim
+  - strace
+  - lsof
diff --git a/ostree-config/rocky-86-appstream.repo b/ostree-config/rocky-86-appstream.repo
new file mode 100644
index 0000000..f77bbe5
--- /dev/null
+++ b/ostree-config/rocky-86-appstream.repo
@@ -0,0 +1,8 @@
+[rocky-86-appstream]
+name=Rocky Linux 8.6 - AppStream
+#baseurl=http://dl.rockylinux.org/pub/rocky/8.6/AppStream/x86_64/os/
+baseurl=http://192.168.122.89/repos/rocky86/AppStream/
+gpgcheck=1
+enabled=1
+countme=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
diff --git a/ostree-config/rocky-86-baseos.repo b/ostree-config/rocky-86-baseos.repo
new file mode 100644
index 0000000..527cb6a
--- /dev/null
+++ b/ostree-config/rocky-86-baseos.repo
@@ -0,0 +1,8 @@
+[rocky-86-baseos]
+name=Rocky Linux 8.6 - BaseOS
+#baseurl=http://dl.rockylinux.org/pub/rocky/8.6/BaseOS/x86_64/os/
+baseurl=http://192.168.122.89/repos/rocky86/BaseOS/
+gpgcheck=1
+enabled=1
+countme=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial