diff --git a/multi-arch-builders/coreos-s390x-rhcos-builder.bu b/multi-arch-builders/coreos-s390x-rhcos-builder.bu index 28c0a749f..274a60c82 100644 --- a/multi-arch-builders/coreos-s390x-rhcos-builder.bu +++ b/multi-arch-builders/coreos-s390x-rhcos-builder.bu @@ -24,9 +24,100 @@ kernel_arguments: # enables Secure Execution Host - prot_virt=1 storage: + directories: + - path: /home/builder/.config/systemd/user/default.target.wants + user: + name: builder + group: + name: builder files: - path: /etc/hostname mode: 0644 overwrite: true contents: inline: rdu-z15-l21 + - path: /home/core/create-secex-data.sh + mode: 0744 + user: + name: core + group: + name: core + contents: + inline: | + #!/bin/bash + + set -e + + DISK_PART="/dev/disk/by-partuuid/80442b5f-01" + DISK_FCP="0.0.a800" + DISK_WWWN="0x5005076810154e60" + DISK_LUN="0x0000000000000000" + MNTP="/mnt/secex-data" + TARBALL="secex.tar" + + if ! $(whoami | grep -q "root"); then + echo "This script must be run as root" + exit 1 + fi + + if ! $(lszdev | grep -q "${DISK_LUN}"); then + echo "Adding LUN to system" + echo "${DISK_LUN}" > /sys/bus/ccw/drivers/zfcp/${DISK_FCP}/${DISK_WWWN}/unit_add + fi + + if ! $(mountpoint -q "${MNTP}"); then + echo "Mounting disk" + mkdir -p "${MNTP}" + mount "${DISK_PART}" "${MNTP}" + fi + + echo "Copying tarball from disk to builder" + cp "${MNTP}/${TARBALL}" "/var/home/builder/${TARBALL}" + chown builder:builder "/var/home/builder/${TARBALL}" + + if ! $(sudo -u builder -H /bin/bash -c "cd /var/home/builder; podman volume list" | grep -q secex-data); then + echo "Creating volume secex-data" + sudo -u builder -H /bin/bash -c "cd /var/home/builder; podman volume create --label=persistent secex-data" + fi + + echo "Importing tarball into volume" + sudo -u builder -H /bin/bash -c "cd /var/home/builder; podman volume import secex-data /var/home/builder/${TARBALL}" + - path: /etc/systemd/secex-data-volume.service + mode: 0644 + user: + name: root + group: + name: root + contents: + inline: | + [Unit] + Description=Create secex-data volume + [Service] + Type=oneshot + ExecStart=/home/core/create-secex-data.sh + - path: /home/builder/.config/systemd/user/secex-data-keepalive.service + mode: 0644 + user: + name: builder + group: + name: builder + contents: + inline: | + [Unit] + Description=Run keepalive container for secex-data volume. See: https://github.com/containers/podman/issues/17051 + [Service] + Type=oneshot + ExecStart=podman run -d --replace --name secex-data-keepalive -v secex-data:/data.secex:ro registry.fedoraproject.org/fedora:36 sleep infinity + links: + - path: /etc/systemd/default.target.wants/secex-data-volume.service + target: /etc/systemd/secex-data-volume.service + user: + name: root + group: + name: root + - path: /home/builder/.config/systemd/user/default.target.wants/secex-data-keepalive.service + target: /home/builder/.config/systemd/user/secex-data-keepalive.service + user: + name: builder + group: + name: builder diff --git a/multi-arch-builders/ignition-files/coreos-s390x-rhcos-builder.ign b/multi-arch-builders/ignition-files/coreos-s390x-rhcos-builder.ign index b41189ee0..d8a2a546a 100644 --- a/multi-arch-builders/ignition-files/coreos-s390x-rhcos-builder.ign +++ b/multi-arch-builders/ignition-files/coreos-s390x-rhcos-builder.ign @@ -32,6 +32,17 @@ ] }, "storage": { + "directories": [ + { + "group": { + "name": "builder" + }, + "path": "/home/builder/.config/systemd/user/default.target.wants", + "user": { + "name": "builder" + } + } + ], "files": [ { "overwrite": true, @@ -41,6 +52,70 @@ "source": "data:,rdu-z15-l21" }, "mode": 420 + }, + { + "group": { + "name": "core" + }, + "path": "/home/core/create-secex-data.sh", + "user": { + "name": "core" + }, + "contents": { + "compression": "gzip", + "source": "data:;base64,H4sIAAAAAAAC/6xSzW7bPBC88yk2/HL4epBJF3ZqNFAB10XQoI5hpA58DCiRjoiIpMof/yT1uxeUJVttgvYSXSTszs6OZva/M5JJTTLmCoSc8JAIhL5cf/92Px/fLlJMuFgTLt0jyXZJxawPQXIyooPB+2y4SmgfH9BXk3mKaY/22IjSprZcLmcpptshpUP64WLUp/3hQFy07eld3aV/PBjdzBbzFBOlPXEiF9uEM88wWoxvP4+n0xTXxZ5nFiMkV3AG5/9vCsOUhJ/wYEUFyQ/A1hiP312CL4RGAAAiLwzgRSEduNzKyoMKzkMmwAYNzEE9cYBupYc+Wskjf+meuFh3+c+f25/Yv7JmzLnUDzC9m4E34HbOC4U7/e40fALido5kwZE83xBu5VpYR55WeUUa4NVkvm+/o617ErT094zzrkplgvaVkdo3EqOTr8m7icAoMCZ70KUeubSQVKexQzkij3rjTexxBxKXHygnptpFRs9sxsoSVtaomj4akAVZcmExyk/85Py5STQykjWzpDBKkAbbbaO8MBvdsnxs3v8aal1xgRtIQjsOyVc43jwkOeCcwwumS6gMV0zD2pRBCSil87iT/+kwX7o7sYLV7jaz3SOOqDcRlMclApKkZJko00pYJ50X2v+27pTPtaqM9d2EpPamYcPoTTTJekdHAPw9oV8BAAD//2Nft3V9BAAA" + }, + "mode": 484 + }, + { + "group": { + "name": "root" + }, + "path": "/etc/systemd/secex-data-volume.service", + "user": { + "name": "root" + }, + "contents": { + "compression": "", + "source": "data:,%5BUnit%5D%0ADescription%3DCreate%20secex-data%20volume%0A%5BService%5D%0AType%3Doneshot%0AExecStart%3D%2Fhome%2Fcore%2Fcreate-secex-data.sh%0A" + }, + "mode": 420 + }, + { + "group": { + "name": "builder" + }, + "path": "/home/builder/.config/systemd/user/secex-data-keepalive.service", + "user": { + "name": "builder" + }, + "contents": { + "compression": "gzip", + "source": "data:;base64,H4sIAAAAAAAC/0zOwUrDQBDG8XueYl5gsxZRIdCbvoDVU+lh3XxNRpOZZXYSmrcXLWgv3+EHH/yP78J+ap5Rs3FxVtm/LkJfQEkTr6Cs4okFRmc1qsi4hD55olWnZUZLB6Cj0b3ULsaBfVw+2qxz/DvWWLSfk0SudUGNu6e7h11zPMBWzjg1b1vBXgV1VG9eLsgHT+b764lsEQo9hWAoU8qgECTNuCkJ/7FhvfEu/mz7C50pGQaublt7Rq+WiuknsrdqQ7xKd/9IdQIKsZxZ2LfmOwAA///gz11NHwEAAA==" + }, + "mode": 420 + } + ], + "links": [ + { + "group": { + "name": "root" + }, + "path": "/etc/systemd/default.target.wants/secex-data-volume.service", + "user": { + "name": "root" + }, + "target": "/etc/systemd/secex-data-volume.service" + }, + { + "group": { + "name": "builder" + }, + "path": "/home/builder/.config/systemd/user/default.target.wants/secex-data-keepalive.service", + "user": { + "name": "builder" + }, + "target": "/home/builder/.config/systemd/user/secex-data-keepalive.service" } ] }