diff --git a/base_images/cloud-init/fedora/cloud.cfg.d/50_custom_disk_setup.cfg b/base_images/cloud-init/fedora/cloud.cfg.d/50_custom_disk_setup.cfg deleted file mode 100644 index c0fdf0e2..00000000 --- a/base_images/cloud-init/fedora/cloud.cfg.d/50_custom_disk_setup.cfg +++ /dev/null @@ -1,4 +0,0 @@ -#cloud-config -growpart: - mode: false -resize_rootfs: false diff --git a/base_images/fedora_base-setup.sh b/base_images/fedora_base-setup.sh index f30a23d3..e200d000 100644 --- a/base_images/fedora_base-setup.sh +++ b/base_images/fedora_base-setup.sh @@ -24,9 +24,16 @@ declare -a PKGS PKGS=(rng-tools git coreutils) XSELINUX= if ((CONTAINER)); then - XSELINUX="--exclude=selinux*" + if ((OS_RELEASE_VER<35)); then + XSELINUX="--exclude=selinux*" + fi else - PKGS+=(google-compute-engine-tools google-compute-engine-oslogin) + PKGS+=(google-compute-engine-oslogin) + if ((OS_RELEASE_VER<35)); then + PKGS+=(google-compute-engine-tools) + else + PKGS+=(google-compute-engine-guest-configs) + fi fi dnf -y update $XSELINUX @@ -41,6 +48,20 @@ install_automation_tooling if ! ((CONTAINER)); then custom_cloud_init + # Be kind to humans, indicate where generated files came from + sourcemsg="### File generated during VM Image build by $(basename $SCRIPT_FILEPATH)" + + if ((OS_RELEASE_VER<35)); then + echo "Overriding cloud-init service file" + # The packaged cloud-init.service unit has a dependency loop + # vs google-network-daemon.service. Fix this with a custom + # cloud-init service file. + CLOUD_SERVICE_PATH="systemd/system/cloud-init.service" + echo "$sourcemsg" > /etc/$CLOUD_SERVICE_PATH + cat $SCRIPT_DIRPATH/fedora-cloud-init.service >> /etc/$CLOUD_SERVICE_PATH + fi + + echo "Setting GCP startup service (for Cirrus-CI agent) SELinux unconfined" # ref: https://cloud.google.com/compute/docs/startupscript # The mechanism used by Cirrus-CI to execute tasks on the system is through an # "agent" process launched as a GCP startup-script (from the metadata service). @@ -50,9 +71,10 @@ if ! ((CONTAINER)); then # run with the proper contexts. METADATA_SERVICE_CTX=unconfined_u:unconfined_r:unconfined_t:s0 METADATA_SERVICE_PATH=systemd/system/google-startup-scripts.service + echo "$sourcemsg" > /etc/$METADATA_SERVICE_PATH sed -r -e \ "s/^Type=oneshot/Type=oneshot\nSELinuxContext=$METADATA_SERVICE_CTX/" \ - /lib/$METADATA_SERVICE_PATH > /etc/$METADATA_SERVICE_PATH + /lib/$METADATA_SERVICE_PATH >> /etc/$METADATA_SERVICE_PATH fi if [[ "$OS_RELEASE_ID" == "fedora" ]] && ((OS_RELEASE_VER>=33)); then diff --git a/base_images/gce.yml b/base_images/gce.yml index ea408386..7d9702af 100644 --- a/base_images/gce.yml +++ b/base_images/gce.yml @@ -25,13 +25,16 @@ variables: # Empty value means it must be passed in on command-line # Use the most recent image based on this family name. UBUNTU_BASE_FAMILY: 'ubuntu-2110' - # Latest Fedora release download URL - FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/34/Cloud/x86_64/images/Fedora-Cloud-Base-34-1.2.x86_64.qcow2" - FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/34/Cloud/x86_64/images/Fedora-Cloud-34-1.2-x86_64-CHECKSUM" + # Latest Fedora release (qcow and CHECKSUM) download URLs + # N/B: There are Fedora-Cloud...GCP.tar.gz images available, however + # as of this comment, they lack the cloud-init package which is + # required by GCP for startup resizing of the rootfs. + FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/35/Cloud/x86_64/images/Fedora-Cloud-35-1.2-x86_64-CHECKSUM" + FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/35/Cloud/x86_64/images/Fedora-Cloud-Base-35-1.2.x86_64.qcow2" # Prior Fedora release - PRIOR_FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/33/Cloud/x86_64/images/Fedora-Cloud-Base-33-1.2.x86_64.qcow2" - PRIOR_FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/33/Cloud/x86_64/images/Fedora-Cloud-33-1.2-x86_64-CHECKSUM" + PRIOR_FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/34/Cloud/x86_64/images/Fedora-Cloud-34-1.2-x86_64-CHECKSUM" + PRIOR_FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/34/Cloud/x86_64/images/Fedora-Cloud-Base-34-1.2.x86_64.qcow2" # Don't leak sensitive values in error messages / output @@ -143,13 +146,16 @@ post-processors: bucket: '{{user `XFERBUCKET`}}' gcs_object_name: '{{build_name}}-{{user `IMG_SFX`}}.tar.gz' image_name: "fedora-b{{user `IMG_SFX`}}" - image_description: 'Based on {{user `FEDORA_IMAGE_URL`}}' image_family: '{{build_name}}-base' + # Can't save the url in an image_label + image_description: '{{user `FEDORA_IMAGE_URL`}}' + image_labels: + sfx: '{{user `IMG_SFX`}}' - <<: *gcp_import only: ['prior-fedora'] image_name: "prior-fedora-b{{user `IMG_SFX`}}" - image_description: 'Based on {{user `PRIOR_FEDORA_IMAGE_URL`}}' image_family: '{{build_name}}-base' + image_description: '{{user `PRIOR_FEDORA_IMAGE_URL`}}' - type: 'manifest' output: 'base_images/manifest.json' # Collected by Cirrus-CI strip_path: true diff --git a/cache_images/fedora_packaging.sh b/cache_images/fedora_packaging.sh index a7cb4c7b..65651ce6 100644 --- a/cache_images/fedora_packaging.sh +++ b/cache_images/fedora_packaging.sh @@ -45,6 +45,7 @@ INSTALL_PACKAGES=(\ btrfs-progs-devel buildah bzip2 + catatonit conmon containernetworking-plugins containers-common @@ -153,7 +154,8 @@ INSTALL_PACKAGES=(\ case "$OS_RELEASE_VER" in 32) INSTALL_PACKAGES+=( python3-pytoml ) ;; 33) ;& - 34) INSTALL_PACKAGES+=( perl-FindBin python-toml ) ;; + 34) ;& + 35) INSTALL_PACKAGES+=( perl-FindBin python-toml ) ;; *) die "Unknown/Unsupported \$OS_REL_VER '$OS_REL_VER'" ;; esac @@ -167,7 +169,9 @@ if ! ((CONTAINER)); then policycoreutils ) else - EXARG="--exclude=selinux*" + if [[ "$OS_RELEASE_VER" -lt 35 ]]; then + EXARG="--exclude=selinux*" + fi fi @@ -177,7 +181,7 @@ DOWNLOAD_PACKAGES=(\ oci-umount parallel podman-docker - python3-pytest4 + python3-pytest python3-virtualenv ) diff --git a/cache_images/ubuntu_packaging.sh b/cache_images/ubuntu_packaging.sh index 9a57fc3a..093b388b 100644 --- a/cache_images/ubuntu_packaging.sh +++ b/cache_images/ubuntu_packaging.sh @@ -61,6 +61,7 @@ INSTALL_PACKAGES=(\ buildah bzip2 ca-certificates + catatonit conmon containernetworking-plugins containers-common diff --git a/ci/make_container_images.sh b/ci/make_container_images.sh index 8e4b40f6..f8b7624f 100755 --- a/ci/make_container_images.sh +++ b/ci/make_container_images.sh @@ -53,7 +53,7 @@ set +x # protect username/password values # These both come in from Cirrus-CI # shellcheck disable=SC2154 echo "$REG_PASSWORD" | \ - podman login --password-stdin --username "$REG_USERNAME" "$DEST_FQIN" + podman login --password-stdin --username "$REG_USERNAME" "${DEST_FQIN%%:*}" set -x # Easier than echo'ing out status for everything # DEST_FQIN comes in from Cirrus-CI diff --git a/podman/fedora_release b/podman/fedora_release index a7873645..8f92bfdd 100644 --- a/podman/fedora_release +++ b/podman/fedora_release @@ -1 +1 @@ -34 +35 diff --git a/podman/prior-fedora_release b/podman/prior-fedora_release index bb95160c..a7873645 100644 --- a/podman/prior-fedora_release +++ b/podman/prior-fedora_release @@ -1 +1 @@ -33 +34