-
Notifications
You must be signed in to change notification settings - Fork 50
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Feature: Allow running and testing the role with ostree managed nodes. Reason: We have users who want to use the role to manage ostree systems. Result: Users can use the role to manage ostree managed nodes. Signed-off-by: Rich Megginson <[email protected]>
- Loading branch information
Showing
33 changed files
with
327 additions
and
116 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
*NOTE*: The `*.txt` files are used by `get_ostree_data.sh` to create the lists | ||
of packages, and to find other system roles used by this role. DO NOT use them | ||
directly. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,113 @@ | ||
#!/bin/bash | ||
|
||
set -euo pipefail | ||
|
||
role_collection_dir="${ROLE_COLLECTION_DIR:-fedora/linux_system_roles}" | ||
ostree_dir="${OSTREE_DIR:-"$(dirname "$(realpath "$0")")"}" | ||
|
||
if [ -z "${4:-}" ] || [ "${1:-}" = help ] || [ "${1:-}" = -h ]; then | ||
cat <<EOF | ||
Usage: $0 packages [runtime|testing] DISTRO-MAJOR[.MINOR] [json|yaml|raw|toml] | ||
The script will use the packages and roles files in $ostree_dir to | ||
construct the list of packages needed to build the ostree image. The script | ||
will output the list of packages in the given format | ||
- json is a JSON list like ["pkg1","pkg2",....,"pkgN"] | ||
- yaml is the YAML list format | ||
- raw is the list of packages, one per line | ||
- toml is a list of [[packages]] elements as in https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/composing_installing_and_managing_rhel_for_edge_images/index#creating-an-image-builder-blueprint-for-a-rhel-for-edge-image-using-the-command-line-interface_composing-a-rhel-for-edge-image-using-image-builder-command-line | ||
The DISTRO-MAJOR.MINOR is the same format used by Ansible for distribution e.g. CentOS-8, RedHat-8.9, etc. | ||
EOF | ||
exit 1 | ||
fi | ||
category="$1" | ||
pkgtype="$2" | ||
distro_ver="$3" | ||
format="$4" | ||
pkgtypes=("$pkgtype") | ||
if [ "$pkgtype" = testing ]; then | ||
pkgtypes+=(runtime) | ||
fi | ||
|
||
get_rolepath() { | ||
local ostree_dir role rolesdir | ||
ostree_dir="$1" | ||
role="$2" | ||
rolesdir="$(dirname "$(dirname "$ostree_dir")")/$role/.ostree" | ||
if [ -d "$rolesdir" ]; then | ||
echo "$rolesdir" | ||
return 0 | ||
fi | ||
if [ -n "${ANSIBLE_COLLECTIONS_PATHS:-}" ]; then | ||
for pth in ${ANSIBLE_COLLECTIONS_PATHS//:/ }; do | ||
rolesdir="$pth/ansible_collections/$role_collection_dir/roles/$role/.ostree" | ||
if [ -d "$rolesdir" ]; then | ||
echo "$rolesdir" | ||
return 0 | ||
fi | ||
done | ||
fi | ||
return 1 | ||
} | ||
|
||
get_packages() { | ||
local ostree_dir pkgtype pkgfile rolefile | ||
ostree_dir="$1" | ||
for pkgtype in "${pkgtypes[@]}"; do | ||
for suff in "" "-$distro" "-${distro}-${major_ver}" "-${distro}-${ver}"; do | ||
pkgfile="$ostree_dir/packages-${pkgtype}${suff}.txt" | ||
if [ -f "$pkgfile" ]; then | ||
cat "$pkgfile" | ||
fi | ||
done | ||
rolefile="$ostree_dir/roles-${pkgtype}.txt" | ||
if [ -f "$rolefile" ]; then | ||
local roles role rolepath | ||
roles="$(cat "$rolefile")" | ||
for role in $roles; do | ||
rolepath="$(get_rolepath "$ostree_dir" "$role")" | ||
get_packages "$rolepath" | ||
done | ||
fi | ||
done | sort -u | ||
} | ||
|
||
format_packages_json() { | ||
local comma pkgs pkg | ||
comma="" | ||
pkgs="[" | ||
while read -r pkg; do | ||
pkgs="${pkgs}${comma}\"${pkg}\"" | ||
comma=, | ||
done | ||
pkgs="${pkgs}]" | ||
echo "$pkgs" | ||
} | ||
|
||
format_packages_raw() { | ||
cat | ||
} | ||
|
||
format_packages_yaml() { | ||
while read -r pkg; do | ||
echo "- $pkg" | ||
done | ||
} | ||
|
||
format_packages_toml() { | ||
while read -r pkg; do | ||
echo "[[packages]]" | ||
echo "name = \"$pkg\"" | ||
echo "version = \"*\"" | ||
done | ||
} | ||
|
||
distro="${distro_ver%%-*}" | ||
ver="${distro_ver##*-}" | ||
if [[ "$ver" =~ ^([0-9]*) ]]; then | ||
major_ver="${BASH_REMATCH[1]}" | ||
else | ||
echo ERROR: cannot parse major version number from version "$ver" | ||
exit 1 | ||
fi | ||
|
||
"get_$category" "$ostree_dir" | "format_${category}_$format" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
libselinux-python | ||
policycoreutils-python |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
policycoreutils-python-utils | ||
python3-libselinux | ||
python3-policycoreutils |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
policycoreutils-python-utils | ||
python3-libselinux | ||
python3-policycoreutils |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
policycoreutils-python-utils | ||
python3-libselinux | ||
python3-policycoreutils |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
libselinux-python | ||
policycoreutils-python |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
libselinux-python | ||
policycoreutils-python |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
policycoreutils-python-utils | ||
python3-libselinux | ||
python3-policycoreutils |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
policycoreutils-python-utils | ||
python3-libselinux | ||
python3-policycoreutils |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
policycoreutils-python |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
policycoreutils-python-utils |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
policycoreutils-python-utils |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
policycoreutils-python-utils |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
policycoreutils-python |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
policycoreutils-python-utils |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
policycoreutils-python-utils |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
roles/selinux/.ostree/get_ostree_data.sh shebang!skip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
roles/selinux/.ostree/get_ostree_data.sh shebang!skip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
roles/selinux/.ostree/get_ostree_data.sh shebang!skip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
roles/selinux/.ostree/get_ostree_data.sh shebang!skip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
roles/selinux/.ostree/get_ostree_data.sh shebang!skip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
# rpm-ostree | ||
|
||
The role supports running on [rpm-ostree](https://coreos.github.io/rpm-ostree/) | ||
systems. The primary issue is that the `/usr` filesystem is read-only, and the | ||
role cannot install packages. Instead, it will just verify that the necessary | ||
packages and any other `/usr` files are pre-installed. The role will change the | ||
package manager to one that is compatible with `rpm-ostree` systems. | ||
|
||
## Building | ||
|
||
To build an ostree image for a particular operating system distribution and | ||
version, use the script `.ostree/get_ostree_data.sh` to get the list of | ||
packages. If the role uses other system roles, then the script will include the | ||
packages for the other roles in the list it outputs. The list of packages will | ||
be sorted in alphanumeric order. | ||
|
||
Usage: | ||
|
||
```bash | ||
.ostree/get_ostree_data.sh packages runtime DISTRO-VERSION FORMAT | ||
``` | ||
|
||
`DISTRO-VERSION` is in the format that Ansible uses for `ansible_distribution` | ||
and `ansible_distribution_version` - for example, `Fedora-38`, `CentOS-8`, | ||
`RedHat-9.4` | ||
|
||
`FORMAT` is one of `toml`, `json`, `yaml`, `raw` | ||
|
||
* `toml` - each package in a TOML `[[packages]]` element | ||
|
||
```toml | ||
[[packages]] | ||
name = "package-a" | ||
version = "*" | ||
[[packages]] | ||
name = "package-b" | ||
version = "*" | ||
... | ||
``` | ||
|
||
* `yaml` - a YAML list of packages | ||
|
||
```yaml | ||
- package-a | ||
- package-b | ||
... | ||
``` | ||
|
||
* `json` - a JSON list of packages | ||
|
||
```json | ||
["package-a","package-b",...] | ||
``` | ||
|
||
* `raw` - a plain text list of packages, one per line | ||
|
||
```bash | ||
package-a | ||
package-b | ||
... | ||
``` | ||
|
||
What format you choose depends on which image builder you are using. For | ||
example, if you are using something based on | ||
[osbuild-composer](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html-single/composing_installing_and_managing_rhel_for_edge_images/index#creating-an-image-builder-blueprint-for-a-rhel-for-edge-image-using-the-command-line-interface_composing-a-rhel-for-edge-image-using-image-builder-command-line), | ||
you will probably want to use the `toml` output format. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,5 @@ | ||
--- | ||
collections: | ||
- name: ansible.posix | ||
- name: ansible.utils | ||
- name: community.general |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
--- | ||
- name: Ensure correct package manager for ostree systems | ||
vars: | ||
ostree_pkg_mgr: ansible.posix.rhel_rpm_ostree | ||
ostree_booted_file: /run/ostree-booted | ||
when: ansible_facts.pkg_mgr | d("") != ostree_pkg_mgr | ||
block: | ||
- name: Check if system is ostree | ||
stat: | ||
path: "{{ ostree_booted_file }}" | ||
register: __ostree_booted_stat | ||
|
||
- name: Set package manager to use for ostree | ||
ansible.utils.update_fact: | ||
updates: | ||
- path: ansible_facts.pkg_mgr | ||
value: "{{ ostree_pkg_mgr }}" | ||
when: __ostree_booted_stat.stat.exists | ||
|
||
- name: Install SELinux python2 tools | ||
package: | ||
name: | ||
- libselinux-python | ||
- policycoreutils-python | ||
state: present | ||
when: ansible_python_version is version('3', '<') | ||
|
||
- name: Install SELinux python3 tools | ||
package: | ||
name: | ||
- python3-libselinux | ||
- python3-policycoreutils | ||
state: present | ||
when: | ||
- ansible_python_version is version('3', '>=') | ||
- ansible_os_family == "RedHat" | ||
|
||
- name: Install SELinux python3 tools | ||
package: | ||
name: | ||
- python3-selinux | ||
- python3-policycoreutils | ||
state: present | ||
when: | ||
- ansible_python_version is version('3', '>=') | ||
- ansible_os_family == "Suse" | ||
|
||
- name: Install SELinux tool semanage | ||
package: | ||
name: | ||
- policycoreutils-python-utils | ||
state: present | ||
when: ansible_distribution == "Fedora" or | ||
(ansible_distribution_major_version | int > 7 and | ||
ansible_distribution in ["CentOS", "RedHat", "Rocky"]) | ||
|
||
- name: Refresh facts | ||
setup: | ||
filter: ansible_selinux | ||
when: not __selinux_setup_snapshot | d(false) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.