From 70bfb11cfa20707c0f010b0ba1e4784d7f32e931 Mon Sep 17 00:00:00 2001 From: Jan Schintag Date: Wed, 28 Sep 2022 13:30:33 +0200 Subject: [PATCH] s390x: Add builder config for RHCOS Add the builder config for the s390x RHCOS builder. Add ignition files for both so that they can be fetched during installation. Signed-off-by: Jan Schintag --- ...uilder.bu => coreos-s390x-fcos-builder.bu} | 0 .../coreos-s390x-rhcos-builder.bu | 32 ++++ .../ignition-files/builder-common.ign | 146 ++++++++++++++++++ .../coreos-s390x-rhcos-builder.ign | 47 ++++++ 4 files changed, 225 insertions(+) rename multi-arch-builders/{coreos-s390x-builder.bu => coreos-s390x-fcos-builder.bu} (100%) create mode 100644 multi-arch-builders/coreos-s390x-rhcos-builder.bu create mode 100644 multi-arch-builders/ignition-files/builder-common.ign create mode 100644 multi-arch-builders/ignition-files/coreos-s390x-rhcos-builder.ign diff --git a/multi-arch-builders/coreos-s390x-builder.bu b/multi-arch-builders/coreos-s390x-fcos-builder.bu similarity index 100% rename from multi-arch-builders/coreos-s390x-builder.bu rename to multi-arch-builders/coreos-s390x-fcos-builder.bu diff --git a/multi-arch-builders/coreos-s390x-rhcos-builder.bu b/multi-arch-builders/coreos-s390x-rhcos-builder.bu new file mode 100644 index 000000000..28c0a749f --- /dev/null +++ b/multi-arch-builders/coreos-s390x-rhcos-builder.bu @@ -0,0 +1,32 @@ +# This butane config will do the following: +# +# - Merge in the builder-common.ign Ignition file +# - Allow the builder user to log in with the associated ssh key +# - Set a hostname +# +variant: fcos +version: 1.4.0 +ignition: + config: + merge: + - source: https://raw.githubusercontent.com/coreos/fedora-coreos-pipeline/main/multi-arch-builders/ignition-files/builder-common.ign +passwd: + users: + - name: builder + ssh_authorized_keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBYuN4Crt4kwszp25BPpNGc8xPiVyXwXAGILQmBOOvCq builder@fcos-pipeline-s390x + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEA9fEPuFwffqoqOFa9R0mIbUCaeHB03ql/QcTQ5Bqlx builder@rhcos-pipeline-s390x + - name: core + ssh_authorized_keys: + - ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAkNiuIximCsbukdOoG99V8dZB3FexJC6CHLuuRUT3xYYXqtcKQXcvb7Nj02zHOiHk34mFpAKNKISFV2pM9qd3TE1Iv7iFkfZanYf4USzHhb5Lm7ZU16H7RyPiCF/YkZ7obmIRb6MOqClGwPTqtYQtOuMR8d35/fJcOijXun1Mt07QG2AHrRVt3Z1gtyxaFz5hln9UUW1Wqby9FKANw3OIZ1xwn/qEZr5dKxGea0mE2PVC5hEerzrC5xIGO00zivKvwtyKnKB5dFCLtvQrPhaYAHKHJBTpMmzjQWgs4MdD6JwFrUSICuiiaVLd8bMGjJgSKsM0t3CJS7J2v9l0ZO0yRd1UdTau6JEbYOjMdE5MRutBUfCLhxkFIfOEQgLf0lE1UxU2XsJQ/zdnMXtExwhSMKfYlOyw1PgP7j8tUuEElY9Pr1pDEm0th4SAwq3+hnFGyP00gddhHY9qYUHi+lwj82lvjPQccSBso+nuJ8L2485e8WUultAUAYQ2MGscPYihkSJXxs0O17k7aLVzz+E8e1UgSuUAcQlrdxson6+P/O9qFnLAKQ+fYJHfoET+RVht4f94lbhr15M9IJGHZGQexwqshuABhsE2DKtT1/nizsl+85CpF1Esj3w1mEGhuDEiuCmC7wI0i12+YMuuYMdGcM75mhWFD0QjIjwcQjmmZyk= jan.schintag@de.ibm.com +kernel_arguments: + should_exist: + # enables Secure Execution Host + - prot_virt=1 +storage: + files: + - path: /etc/hostname + mode: 0644 + overwrite: true + contents: + inline: rdu-z15-l21 diff --git a/multi-arch-builders/ignition-files/builder-common.ign b/multi-arch-builders/ignition-files/builder-common.ign new file mode 100644 index 000000000..eed2ff493 --- /dev/null +++ b/multi-arch-builders/ignition-files/builder-common.ign @@ -0,0 +1,146 @@ +{ + "ignition": { + "version": "3.3.0" + }, + "kernelArguments": { + "shouldExist": [ + "mitigations=off" + ], + "shouldNotExist": [ + "mitigations=auto,nosmt" + ] + }, + "passwd": { + "users": [ + { + "name": "core", + "sshAuthorizedKeys": [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD2v0AVNJauAmerBvsbz/y2/lyTqkE0s71ZPd2MNRhYRlx7nn5fhIh7OptqUSbHUQXm+K2pBHWz5/cILGpcdWOpG97AwAsFvJP3EJqAMRLstLPuziBckkc6QV5ZSwfTW3fabKcU4gaF51LFQlDo/Fi2QfQ1O2lOCQDKWlHR5metN7iVdYzQGO9DWAYMX1RoRhdtVsrPU8+qLpx8zdBdeZDLXvou+gkrnI2taMptoi7afcfIR1KYNlYQGb1TlLG5reJPADHRqnjbpItbZ8IfWULedGjp7DhPYzCyv1g869XQerFRqR8T7WTppyfZLtrOUC2hB6pFtux8KdAVsIu0juWv dustymabe@fedoraproject.org", + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1IXvPWcfgEVhRCwZe5WZNemqsEL8zGUfKdoCA5ZSR557Oi/TnL/3v+oLvH1o2iKo69D/7nkSjP+PuHkjEBtyG7riIpTmsRsRNwJcMXS+wl3iWw855Bl97S1D9krY3D1szF0CI9E57EgDwccmAHixQMrFrzG3OBttzawhI2y74QdcGeJtIa/kENIziInM/sPwPL9M6eKeQjuMyb6ZyvkgaQlr7PJrHqs3Y0j6RFa/ns2ViOSZYIj0VxNy+hiTbCWnbE6qpzJJysB3YinwStmotrPk33XgBpDdEunhrEywk7eAc1ZoFvmVtYR/CcDktpAz9VhjQEz43nE6pZc0fjjGb jlebon@lux", + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7OMAAunnoSsakYuUqWGHutt9EyafHfbUrZzzHYLdksBdL2mbarnRVqc3yl0iHIPx1g2l8p68iJ3ESkQjpOESAv51hEUWun1+vdJnCI9c22G9M+3mhL3DoDvzgcTx6ayhBChhIMg1sIhmvUMx0ZNC1HPdpJIkUTWiICY3JYlcnkh+IHlmBbaq0b/Rtrufd/utJRITeWQlK74Y+n+VQms0eMjTi0djEA/4mdUbBgAEPWmCeqQEsd8oZiHsHSVxlZ8ymkRsHniIZTMqSUJzVr+PrsxP1E8B3ruUdRs9vBvYjt7PXiGLoStwrgK/sFAR+j8Aerz4sPD6MeNHRBPLOE4BtxVe59IKLY9+LS/+01FRkFkRhJ4IcRzajf8xJn/KoBPv+mj45AWcL5l2g8gu7sFNbBohXhLlSFXjb/5mGyTN7TH3qmNkq58raG4faTUUO8om0AdqfuBHiSMeLl4l5Mt0eFrPzTiDf6EYzy7BwSec63Z9+EwQL1wh8/+hpjHaxoBXhqdRns1XFe4xOhowoVRpyYzU0Cz+k6ZXzownUp68aziytibPMw5vsRcyCm12I+t9AI5wuG4Vl34l308Ufzh6YWd/TX9Kw3pC+Fe7RE+XvTwixVNPEJi6U8WgamtRTN62lP369lnimzpIRpum8UiLco/bjbHD7TnygLFb6hSI1tQ== kevins-yubikey@scrye.com", + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDgBv89yZuWD1AfOi+3CGI7FWawpwYQVrxLCjfxPnP7KjEGGAHGsorce5XGNu1W57ND8HrdLyQf4SLfHAwVyRvRfIf8NzakUuxR4khHCpxE+F8ByTyg23Y17DkfBM/RCXcdMU1vvDkfCdsVMOY8KKhLL412560KfxQhQBKsCmssMZQ4Ii5b18cJfbwk+JnNC0fRiV/h2qrOsRQ7XvJynHHxMfqfih3BLnVo83FSf3G7T9LwpS7BQK4BsO14ahztMXxkU7j+ZdRd3+gUK3L9E0Y/fdtrMXgnG6OphkFEGTY7hlpV9Ppr7t5mDDl6LPMDWpWaZ0xz61IqKbrjXVPv63xF ravanelli@renatas-air.br.ibm.com" + ] + } + ] + }, + "storage": { + "directories": [ + { + "group": { + "name": "builder" + }, + "path": "/home/builder/.config", + "user": { + "name": "builder" + } + }, + { + "group": { + "name": "builder" + }, + "path": "/home/builder/.config/systemd", + "user": { + "name": "builder" + } + }, + { + "group": { + "name": "builder" + }, + "path": "/home/builder/.config/systemd/user", + "user": { + "name": "builder" + } + }, + { + "group": { + "name": "builder" + }, + "path": "/home/builder/.config/systemd/user/timers.target.wants", + "user": { + "name": "builder" + } + }, + { + "group": { + "name": "builder" + }, + "path": "/home/builder/.config/systemd/user/sockets.target.wants", + "user": { + "name": "builder" + } + } + ], + "files": [ + { + "path": "/etc/systemd/zram-generator.conf", + "contents": { + "compression": "", + "source": "data:;base64,IyBUaGlzIGNvbmZpZyBmaWxlIGVuYWJsZXMgYSAvZGV2L3pyYW0wIGRldmljZSB3aXRoIHRoZSBkZWZhdWx0IHNldHRpbmdzClt6cmFtMF0K" + }, + "mode": 420 + }, + { + "path": "/etc/zincati/config.d/51-updates-early-monday-morning.toml", + "contents": { + "compression": "", + "source": "data:;base64,W3VwZGF0ZXNdCnN0cmF0ZWd5ID0gInBlcmlvZGljIgpbW3VwZGF0ZXMucGVyaW9kaWMud2luZG93XV0KZGF5cyA9IFsgIk1vbiIgXQpzdGFydF90aW1lID0gIjA3OjAwIgpsZW5ndGhfbWludXRlcyA9IDYwCg==" + } + }, + { + "path": "/var/lib/systemd/linger/builder", + "mode": 420 + }, + { + "group": { + "name": "builder" + }, + "path": "/home/builder/.config/systemd/user/prune-container-resources.service", + "user": { + "name": "builder" + }, + "contents": { + "compression": "gzip", + "source": "data:;base64,H4sIAAAAAAAC/4SOsY6DMBBEe3/F/gDdFde4OuhPIakQhWU2sJLZtdZrRP4+SqSkSAqqad7MvOHCZKNrsUSlbCTs/7UyQht4TsQzBJ6g2zMpTvAnbIEYFU5YpGrE4oYedaOIozvfMnphLIuY63aMvQU1n2VaAwOtYUbIz/GmuYpGPIJCSi/0kZQMFSobJf/zu3y341vv4GaTVNdPmXsAAAD//+IxfhcLAQAA" + }, + "mode": 420 + }, + { + "group": { + "name": "builder" + }, + "path": "/home/builder/.config/systemd/user/prune-container-resources.timer", + "user": { + "name": "builder" + }, + "contents": { + "compression": "", + "source": "data:,%5BTimer%5D%0AOnCalendar%3D*-*-*%2005%3A00%3A00%20UTC%0AAccuracySec%3D30m%0APersistent%3Dtrue%0A%5BInstall%5D%0AWantedBy%3Dtimers.target%0A" + }, + "mode": 420 + } + ], + "links": [ + { + "group": { + "name": "builder" + }, + "path": "/home/builder/.config/systemd/user/timers.target.wants/prune-container-resources.timer", + "user": { + "name": "builder" + }, + "target": "/home/builder/.config/systemd/user/prune-container-resources.timer" + }, + { + "group": { + "name": "builder" + }, + "path": "/home/builder/.config/systemd/user/sockets.target.wants/podman.socket", + "user": { + "name": "builder" + }, + "target": "/usr/lib/systemd/user/podman.socket" + } + ] + } +} diff --git a/multi-arch-builders/ignition-files/coreos-s390x-rhcos-builder.ign b/multi-arch-builders/ignition-files/coreos-s390x-rhcos-builder.ign new file mode 100644 index 000000000..b41189ee0 --- /dev/null +++ b/multi-arch-builders/ignition-files/coreos-s390x-rhcos-builder.ign @@ -0,0 +1,47 @@ +{ + "ignition": { + "config": { + "merge": [ + { + "source": "https://raw.githubusercontent.com/coreos/fedora-coreos-pipeline/main/multi-arch-builders/ignition-files/builder-common.ign" + } + ] + }, + "version": "3.3.0" + }, + "kernelArguments": { + "shouldExist": [ + "prot_virt=1" + ] + }, + "passwd": { + "users": [ + { + "name": "builder", + "sshAuthorizedKeys": [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBYuN4Crt4kwszp25BPpNGc8xPiVyXwXAGILQmBOOvCq builder@fcos-pipeline-s390x", + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEA9fEPuFwffqoqOFa9R0mIbUCaeHB03ql/QcTQ5Bqlx builder@rhcos-pipeline-s390x" + ] + }, + { + "name": "core", + "sshAuthorizedKeys": [ + "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAkNiuIximCsbukdOoG99V8dZB3FexJC6CHLuuRUT3xYYXqtcKQXcvb7Nj02zHOiHk34mFpAKNKISFV2pM9qd3TE1Iv7iFkfZanYf4USzHhb5Lm7ZU16H7RyPiCF/YkZ7obmIRb6MOqClGwPTqtYQtOuMR8d35/fJcOijXun1Mt07QG2AHrRVt3Z1gtyxaFz5hln9UUW1Wqby9FKANw3OIZ1xwn/qEZr5dKxGea0mE2PVC5hEerzrC5xIGO00zivKvwtyKnKB5dFCLtvQrPhaYAHKHJBTpMmzjQWgs4MdD6JwFrUSICuiiaVLd8bMGjJgSKsM0t3CJS7J2v9l0ZO0yRd1UdTau6JEbYOjMdE5MRutBUfCLhxkFIfOEQgLf0lE1UxU2XsJQ/zdnMXtExwhSMKfYlOyw1PgP7j8tUuEElY9Pr1pDEm0th4SAwq3+hnFGyP00gddhHY9qYUHi+lwj82lvjPQccSBso+nuJ8L2485e8WUultAUAYQ2MGscPYihkSJXxs0O17k7aLVzz+E8e1UgSuUAcQlrdxson6+P/O9qFnLAKQ+fYJHfoET+RVht4f94lbhr15M9IJGHZGQexwqshuABhsE2DKtT1/nizsl+85CpF1Esj3w1mEGhuDEiuCmC7wI0i12+YMuuYMdGcM75mhWFD0QjIjwcQjmmZyk= jan.schintag@de.ibm.com" + ] + } + ] + }, + "storage": { + "files": [ + { + "overwrite": true, + "path": "/etc/hostname", + "contents": { + "compression": "", + "source": "data:,rdu-z15-l21" + }, + "mode": 420 + } + ] + } +}