Skip to content

Commit

Permalink
Add files and services to initialize secex-data volume
Browse files Browse the repository at this point in the history 
Add a script to initialize secex-data volume during installation.
This is achieved by having the tarball stored on a second disk.

Also run a podman container that mounts the volume to keep it from beeing
pruned. See: containers/podman#17051

Signed-off-by: Jan Schintag <[email protected]>
  • Loading branch information
@jschintag
jschintag committed Jan 24, 2023
1 parent 7ac5aad commit 69ff4e7
Show file tree
Hide file tree
Showing 2 changed files with 166 additions and 0 deletions.
91 changes: 91 additions & 0 deletions multi-arch-builders/coreos-s390x-rhcos-builder.bu
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,100 @@ kernel_arguments:
# enables Secure Execution Host
- prot_virt=1
storage:
directories:
- path: /home/builder/.config/systemd/user/default.target.wants
user:
name: builder
group:
name: builder
files:
- path: /etc/hostname
mode: 0644
overwrite: true
contents:
inline: rdu-z15-l21
- path: /home/core/create-secex-data.sh
mode: 0744
user:
name: core
group:
name: core
contents:
inline: |
#!/bin/bash

set -e

DISK_PART="/dev/disk/by-partuuid/80442b5f-01"
DISK_FCP="0.0.a800"
DISK_WWWN="0x5005076810154e60"
DISK_LUN="0x0000000000000000"
MNTP="/mnt/secex-data"
TARBALL="secex.tar"

if ! $(whoami | grep -q "root"); then
echo "This script must be run as root"
exit 1
fi

if ! $(lszdev | grep -q "${DISK_LUN}"); then
echo "Adding LUN to system"
echo "${DISK_LUN}" > /sys/bus/ccw/drivers/zfcp/${DISK_FCP}/${DISK_WWWN}/unit_add
fi

if ! $(mountpoint -q "${MNTP}"); then
echo "Mounting disk"
mkdir -p "${MNTP}"
mount "${DISK_PART}" "${MNTP}"
fi

echo "Copying tarball from disk to builder"
cp "${MNTP}/${TARBALL}" "/var/home/builder/${TARBALL}"
chown builder:builder "/var/home/builder/${TARBALL}"

if ! $(sudo -u builder -H /bin/bash -c "cd /var/home/builder; podman volume list" | grep -q secex-data); then
echo "Creating volume secex-data"
sudo -u builder -H /bin/bash -c "cd /var/home/builder; podman volume create --label=persistent secex-data"
fi

echo "Importing tarball into volume"
sudo -u builder -H /bin/bash -c "cd /var/home/builder; podman volume import secex-data /var/home/builder/${TARBALL}"
- path: /etc/systemd/secex-data-volume.service
mode: 0644
user:
name: root
group:
name: root
contents:
inline: |
[Unit]
Description=Create secex-data volume
[Service]
Type=oneshot
ExecStart=/home/core/create-secex-data.sh
- path: /home/builder/.config/systemd/user/secex-data-keepalive.service
mode: 0644
user:
name: builder
group:
name: builder
contents:
inline: |
[Unit]
Description=Run keepalive container for secex-data volume. See: https://github.com/containers/podman/issues/17051
[Service]
Type=oneshot
ExecStart=podman run -d --replace --name secex-data-keepalive -v secex-data:/data.secex:ro registry.fedoraproject.org/fedora:36 sleep infinity
links:
- path: /etc/systemd/default.target.wants/secex-data-volume.service
target: /etc/systemd/secex-data-volume.service
user:
name: root
group:
name: root
- path: /home/builder/.config/systemd/user/default.target.wants/secex-data-keepalive.service
target: /home/builder/.config/systemd/user/secex-data-keepalive.service
user:
name: builder
group:
name: builder
75 changes: 75 additions & 0 deletions multi-arch-builders/ignition-files/coreos-s390x-rhcos-builder.ign
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,17 @@
]
},
"storage": {
"directories": [
{
"group": {
"name": "builder"
},
"path": "/home/builder/.config/systemd/user/default.target.wants",
"user": {
"name": "builder"
}
}
],
"files": [
{
"overwrite": true,
Expand All @@ -41,6 +52,70 @@
"source": "data:,rdu-z15-l21"
},
"mode": 420
},
{
"group": {
"name": "core"
},
"path": "/home/core/create-secex-data.sh",
"user": {
"name": "core"
},
"contents": {
"compression": "gzip",
"source": "data:;base64,H4sIAAAAAAAC/6xSzW7bPBC88yk2/HL4epBJF3ZqNFAB10XQoI5hpA58DCiRjoiIpMof/yT1uxeUJVttgvYSXSTszs6OZva/M5JJTTLmCoSc8JAIhL5cf/92Px/fLlJMuFgTLt0jyXZJxawPQXIyooPB+2y4SmgfH9BXk3mKaY/22IjSprZcLmcpptshpUP64WLUp/3hQFy07eld3aV/PBjdzBbzFBOlPXEiF9uEM88wWoxvP4+n0xTXxZ5nFiMkV3AG5/9vCsOUhJ/wYEUFyQ/A1hiP312CL4RGAAAiLwzgRSEduNzKyoMKzkMmwAYNzEE9cYBupYc+Wskjf+meuFh3+c+f25/Yv7JmzLnUDzC9m4E34HbOC4U7/e40fALido5kwZE83xBu5VpYR55WeUUa4NVkvm+/o617ErT094zzrkplgvaVkdo3EqOTr8m7icAoMCZ70KUeubSQVKexQzkij3rjTexxBxKXHygnptpFRs9sxsoSVtaomj4akAVZcmExyk/85Py5STQykjWzpDBKkAbbbaO8MBvdsnxs3v8aal1xgRtIQjsOyVc43jwkOeCcwwumS6gMV0zD2pRBCSil87iT/+kwX7o7sYLV7jaz3SOOqDcRlMclApKkZJko00pYJ50X2v+27pTPtaqM9d2EpPamYcPoTTTJekdHAPw9oV8BAAD//2Nft3V9BAAA"
},
"mode": 484
},
{
"group": {
"name": "root"
},
"path": "/etc/systemd/secex-data-volume.service",
"user": {
"name": "root"
},
"contents": {
"compression": "",
"source": "data:,%5BUnit%5D%0ADescription%3DCreate%20secex-data%20volume%0A%5BService%5D%0AType%3Doneshot%0AExecStart%3D%2Fhome%2Fcore%2Fcreate-secex-data.sh%0A"
},
"mode": 420
},
{
"group": {
"name": "builder"
},
"path": "/home/builder/.config/systemd/user/secex-data-keepalive.service",
"user": {
"name": "builder"
},
"contents": {
"compression": "gzip",
"source": "data:;base64,H4sIAAAAAAAC/0zOwUrDQBDG8XueYl5gsxZRIdCbvoDVU+lh3XxNRpOZZXYSmrcXLWgv3+EHH/yP78J+ap5Rs3FxVtm/LkJfQEkTr6Cs4okFRmc1qsi4hD55olWnZUZLB6Cj0b3ULsaBfVw+2qxz/DvWWLSfk0SudUGNu6e7h11zPMBWzjg1b1vBXgV1VG9eLsgHT+b764lsEQo9hWAoU8qgECTNuCkJ/7FhvfEu/mz7C50pGQaublt7Rq+WiuknsrdqQ7xKd/9IdQIKsZxZ2LfmOwAA///gz11NHwEAAA=="
},
"mode": 420
}
],
"links": [
{
"group": {
"name": "root"
},
"path": "/etc/systemd/default.target.wants/secex-data-volume.service",
"user": {
"name": "root"
},
"target": "/etc/systemd/secex-data-volume.service"
},
{
"group": {
"name": "builder"
},
"path": "/home/builder/.config/systemd/user/default.target.wants/secex-data-keepalive.service",
"user": {
"name": "builder"
},
"target": "/home/builder/.config/systemd/user/secex-data-keepalive.service"
}
]
}
Expand Down

0 comments on commit 69ff4e7

Please sign in to comment.