diff --git a/image-base.yaml b/image-base.yaml index ee36417..c91a639 100644 --- a/image-base.yaml +++ b/image-base.yaml @@ -15,7 +15,7 @@ extra-kargs: ignition-network-kcmdline: [] # Optional remote by which to prefix the deployed OSTree ref -ostree-remote: rockylinux +ostree-remote: rocky # opt in to using the `metadata_csum_seed` feature of the ext4 filesystem # for the /boot filesystem. Support for this was only recently added to grub @@ -31,7 +31,3 @@ vmware-os-type: fedora64Guest # We use the newest version allowed by the oldest non-EOL VMware # Workstation/Player/Fusion/ESXi release: https://lifecycle.vmware.com/ vmware-hw-version: 13 - -# After this, we plan to add support for the Ignition -# storage/filesystems sections. (Although one can do -# that on boot as well) diff --git a/manifest.yaml b/manifest.yaml index 37276e3..6d7de1c 100644 --- a/manifest.yaml +++ b/manifest.yaml @@ -1,19 +1,5 @@ -ref: rocky/${basearch}/ostree/${stream} -rojig: - name: rocky-ostree - summary: "Rocky Linux OSTree ${stream}" - license: MIT - -add-commit-metadata: - rocky-core.stream: ${stream} - -packages: - - rocky-release - releasever: 9 -recommends: false - variables: stream: testing prod: false @@ -22,49 +8,4 @@ repos: - appstream - baseos -include: - - manifests/rocky-ostree-base.yaml - - manifests/rocky-ostree-system_tools.yaml - - manifests/rocky-ostree-post.yaml - - -automatic-version-prefix: "${releasever}..dev" -mutate-os-release: "${releasever}" - -remove-from-packages: - # Drop NetworkManager support for ifcfg files, see also corresponding - # overlay.d/14NetworkManager-plugins - - [NetworkManager, /usr/lib64/NetworkManager/.*/libnm-settings-plugin-ifcfg-rh.so] - # Drop some buggy sysusers fragments which do not match static IDs allocation: - # https://bugzilla.redhat.com/show_bug.cgi?id=2105177 - - [dbus-common, /usr/lib/sysusers.d/dbus.conf] - -remove-files: - # We don't ship man(1) or info(1) - - usr/share/info - - usr/share/man - # Drop text docs too - - usr/share/doc - -# Things we don't expect to ship on the host. We currently -# have recommends: false so these could only come in via -# hard requirement, in which case the build will fail. -exclude-packages: - - python - - python2 - - python2-libs - # - python3 - # - python3-libs - - perl - - perl-interpreter - - nodejs - - dnf - - grubby - - cowsay # Just in case - # Let's make sure initscripts doesn't get pulled back in - # https://github.com/coreos/fedora-coreos-tracker/issues/220#issuecomment-611566254 - - initscripts - # For (datacenter/cloud oriented) servers, we want to see the details by default. - # https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/HSMISZ3ETWQ4ETVLWZQJ55ARZT27AAV3/ - - plymouth - +include: manifests/core-coreos.yaml diff --git a/manifests/rocky-ostree-base.yaml b/manifests/rocky-coreos-base.yaml similarity index 87% rename from manifests/rocky-ostree-base.yaml rename to manifests/rocky-coreos-base.yaml index 445ff66..f6a8b7c 100644 --- a/manifests/rocky-ostree-base.yaml +++ b/manifests/rocky-coreos-base.yaml @@ -1,24 +1,25 @@ +# Inherits from "Core" + + include: - ignition-and-ostree.yaml - shared-el9.yaml - shared-workarounds.yaml + - system-configuration.yaml - user-experience.yaml +conditional-include: + - if: releasever <= 8 + include: fallback-hostname.yaml + ostree-layers: - overlay/05core - overlay/08nouveau - overlay/09misc - - overlay/15fcos - overlay/20platform-chrony -conditional-include: - - if: releasever <= 8 - include: fallback-hostname.yaml - - if: basearch != "s390x" - # And remove some cruft from grub2 - include: grub2-removals.yaml - +recommends: false packages: - rpm - policycoreutils @@ -34,7 +35,6 @@ packages: - polkit - coreos-installer - ignore-removed-users: - root ignore-removed-groups: @@ -46,7 +46,6 @@ etc-group-members: - adm - docker - check-passwd: type: "file" filename: "passwd" @@ -58,3 +57,5 @@ check-groups: arch-include: x86_64: bootupd.yaml aarch64: bootupd.yaml + +default-target: multi-user.target diff --git a/manifests/rocky-coreos.yaml b/manifests/rocky-coreos.yaml new file mode 100644 index 0000000..3342d7c --- /dev/null +++ b/manifests/rocky-coreos.yaml @@ -0,0 +1,60 @@ +ref: rocky/${basearch}/ostree/${stream} +rojig: + name: rocky-ostree + summary: "Rocky Linux OSTree ${stream}" + license: MIT + +add-commit-metadata: + rocky-core.stream: ${stream} + +include: + - manifests/rocky-coreos-base.yaml + +conditional-include: + - if: basearch != "s390x" + # And remove some cruft from grub2 + include: grub2-removals.yaml + +ostree-layers: + - overlay/15fcos + +automatic-version-prefix: "${releasever}..dev" +mutate-os-release: "${releasever}" + +remove-from-packages: + # Drop NetworkManager support for ifcfg files, see also corresponding + # overlay.d/14NetworkManager-plugins + - [NetworkManager, /usr/lib64/NetworkManager/.*/libnm-settings-plugin-ifcfg-rh.so] + # Drop some buggy sysusers fragments which do not match static IDs allocation: + # https://bugzilla.redhat.com/show_bug.cgi?id=2105177 + - [dbus-common, /usr/lib/sysusers.d/dbus.conf] + +remove-files: + # We don't ship man(1) or info(1) + - usr/share/info + - usr/share/man + # Drop text docs too + - usr/share/doc + +# Things we don't expect to ship on the host. We currently +# have recommends: false so these could only come in via +# hard requirement, in which case the build will fail. +exclude-packages: + - python + - python2 + - python2-libs + # - python3 + # - python3-libs + - perl + - perl-interpreter + - nodejs + - dnf + - grubby + - cowsay # Just in case + # Let's make sure initscripts doesn't get pulled back in + # https://github.com/coreos/fedora-coreos-tracker/issues/220#issuecomment-611566254 + - initscripts + # For (datacenter/cloud oriented) servers, we want to see the details by default. + # https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/HSMISZ3ETWQ4ETVLWZQJ55ARZT27AAV3/ + - plymouth + diff --git a/manifests/rocky-ostree-post.yaml b/manifests/rocky-ostree-post.yaml deleted file mode 100644 index c565531..0000000 --- a/manifests/rocky-ostree-post.yaml +++ /dev/null @@ -1,6 +0,0 @@ -postprocess: - - | - #!/usr/bin/env bash - set -xeuo pipefail - - # Placeholder for commands diff --git a/manifests/rocky-ostree-system_tools.yaml b/manifests/rocky-ostree-system_tools.yaml deleted file mode 100644 index 725891f..0000000 --- a/manifests/rocky-ostree-system_tools.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# config/manifests/rocky-ostree-system_tools.yaml -# -# Contains system (tools) packages which are often used on a regular -# system, but not needed for the base system to work -packages: - - NetworkManager - - iproute - - iputils - - openssh-clients - - openssh-server - - less - - vim - - strace - - lsof diff --git a/manifests/system-configuration.yaml b/manifests/system-configuration.yaml new file mode 100644 index 0000000..e8f48d0 --- /dev/null +++ b/manifests/system-configuration.yaml @@ -0,0 +1,50 @@ +# These are packages that are related to configuring parts of the system. +# It is intended to be kept generic so that it may be shared downstream with +# RHCOS. + +packages: + # Configuring SSH keys, cloud provider check-in, etc + - afterburn afterburn-dracut + # NTP support + - chrony + # Installing CoreOS itself + - coreos-installer coreos-installer-bootinfra + # Storage configuration/management + ## cloud-utils-growpart - For growing root partition + - cifs-utils + - cloud-utils-growpart + - cryptsetup + - device-mapper-multipath + - e2fsprogs + - iscsi-initiator-utils + - lvm2 + - mdadm + - sg3_utils + - xfsprogs + # User configuration + - passwd + - shadow-utils + - acl + # SELinux policy + - selinux-policy-targeted + # There are things that write outside of the journal still (such as the + # classic wtmp, etc.). auditd also writes outside the journal but it has its + # own log rotation. + # Anything package layered will also tend to expect files dropped in + # /etc/logrotate.d to work. Really, this is a legacy thing, but if we don't + # have it then people's disks will slowly fill up with logs. + - logrotate + # Boost starving threads + # https://github.com/coreos/fedora-coreos-tracker/issues/753 + - stalld + +postprocess: + # Make kdump work on firstboot + - | + #!/usr/bin/env bash + # Make kdump ignore `ignition.firstboot` when copying kargs from + # the running kernel to the kdump kernel when passing to be kexec. + # This makes it so kdump can be set up on the very first boot. + # Upstream request to have this upstream so we can stop carrying it here: + # https://lists.fedoraproject.org/archives/list/kexec@lists.fedoraproject.org/thread/5P4WIJLW2TSGF4PZGRZGOXYML4RXZU23/ + sed -i -e 's/KDUMP_COMMANDLINE_REMOVE="/KDUMP_COMMANDLINE_REMOVE="ignition.firstboot /' /etc/sysconfig/kdump