update to v2.4.3 framework images and add slem build script (#120)

spectrocloud · Dec 26, 2023 · f477dde · f477dde
1 parent dd1ffef
commit f477dde
Show file tree

Hide file tree

Showing 7 changed files with 98 additions and 30 deletions.
diff --git a/README.md b/README.md
@@ -107,7 +107,7 @@ cp .arg.template .arg
 6. To build RHEL core, RHEL FIPS or Ubuntu fips, sles base images switch to respective directories and build the base image.
 The base image built can be passed as argument to build the installer and provider images.
 Follow the instructions in the respective sub-folders (rhel-fips, ubuntu-fips) to create base images.
-For ubuntu-fips, this image can be used as base image - `gcr.io/spectro-images-public/ubuntu-focal-fips:v4.0_20230817`
+For ubuntu-fips, this image can be used as base image - `gcr.io/spectro-dev-public/ubuntu-focal-fips:v4.2_20231226`
 Skip this step if your base image is ubuntu or opensuse-leap. If you are building ubuntu or opensuse-leap installer images, do not pass the BASE_IMAGE attribute as an arg to build command.
 
 7. Modify the `.arg` file as needed. Primarily, you must define the tag you want to use for your images. For example, if the operating system is `ubuntu` and the tag is `demo`, the image artefact will name as `ttl.sh/ubuntu:k3s-1.25.2-v3.4.3-demo`. The **.arg** file defines the following variables:
@@ -153,7 +153,7 @@ To build the provider images
 
 To build the fips enabled ubuntu installer image
 ```shell
-./earthly.sh +iso --BASE_IMAGE=gcr.io/spectro-images-public/ubuntu-focal-fips:v4.0_20230817 --FIPS_ENABLED=true --ARCH=amd64 --PE_VERSION=v4.2.1
+./earthly.sh +iso --BASE_IMAGE=gcr.io/spectro-dev-public/ubuntu-focal-fips:v4.2_20231226 --FIPS_ENABLED=true --ARCH=amd64 --PE_VERSION=v4.2.1
 ```
 
 Output

diff --git a/rhel-core-images/Dockerfile.rhel8 b/rhel-core-images/Dockerfile.rhel8
@@ -56,7 +56,7 @@ RUN uuidgen > /etc/machine-id && dnf install -y \
     kernel kernel-modules kernel-modules-extra \
     rsync jq && dnf clean all
 
-COPY --from=quay.io/kairos/framework:v2.3.2_fedora / /
+COPY --from=quay.io/kairos/framework:v2.4.3_generic / /
 RUN mkdir -p /run/lock
 RUN touch /usr/libexec/.keep
 
@@ -72,13 +72,6 @@ RUN systemctl enable sshd
 RUN systemctl disable selinux-autorelabel-mark.service 
 #RUN systemctl enable tmp.mount
 
-
-RUN systemctl enable cos-setup-reconcile.timer && \
-    	    systemctl enable cos-setup-fs.service && \
-	    systemctl enable cos-setup-boot.service && \
-	    systemctl enable cos-setup-network.service
-
-
 COPY overlay/rhel8/ /
 
 RUN kernel=$(ls /boot/vmlinuz-* | head -n1) && \

diff --git a/rhel-fips/Dockerfile b/rhel-fips/Dockerfile
@@ -83,7 +83,7 @@ RUN mkdir -p /run/lock && \
 # Copy the os-release file to identify the OS
 COPY --from=osbuilder /workspace/os-release /etc/os-release
 
-COPY --from=quay.io/kairos/framework:v2.3.2_fips-systemd / /
+COPY --from=quay.io/kairos/framework:v2.4.3_fips / /
 
 COPY overlay/rhel8 /
 
@@ -98,11 +98,6 @@ RUN systemctl enable sshd
 RUN systemctl disable selinux-autorelabel-mark.service 
 #RUN systemctl enable tmp.mount
 
-RUN systemctl enable cos-setup-reconcile.timer && \
-    	    systemctl enable cos-setup-fs.service && \
-	    systemctl enable cos-setup-boot.service && \
-	    systemctl enable cos-setup-network.service
-
 # Copy the custom dracut config file
 COPY dracut.conf /etc/dracut.conf.d/kairos-fips.conf
 

diff --git a/slem/Dockerfile b/slem/Dockerfile
@@ -25,13 +25,63 @@ RUN mkdir -p /run/lock
 RUN mkdir -p /usr/libexec
 RUN touch /usr/libexec/.keep
 COPY --from=quay.io/kairos/framework:v2.4.3_opensuse-leap / /
-# Activate Kairos services
-RUN systemctl enable cos-setup-reconcile.timer && \
-          systemctl enable cos-setup-fs.service && \
-          systemctl enable cos-setup-boot.service && \
-          systemctl enable cos-setup-network.service
-# Remove /etc/dracut.conf.d/90-kairos-network-legacy.conf to allow dracut to build initrd without dhcp-client
-RUN rm -f /etc/dracut.conf.d/90-kairos-network-legacy.conf
+
+RUN mkdir -p /etc/dnf
+RUN echo "install_weak_deps=False" > /etc/dnf/dnf.conf
+
+RUN zypper in --force-resolution -y \
+    bash-completion \
+    conntrack-tools \
+    coreutils \
+    curl \
+    device-mapper \
+    dhcp-client \
+    dosfstools \
+    dracut \
+    e2fsprogs \
+    fail2ban \
+    findutils \
+    gawk \
+    growpart \
+    gptfdisk \
+    haveged \
+    htop \
+    iproute2 \
+    iptables \
+    iputils \
+    issue-generator \
+    jq \
+    less \
+    logrotate \
+    lsscsi \
+    lvm2 \
+    mdadm \
+    multipath-tools \
+    nano \
+#    nohang \
+    open-iscsi \
+    openssh \
+    open-vm-tools \
+    parted \
+    pigz \
+    policycoreutils \
+    polkit \
+    procps \
+    rng-tools \
+    rsync \
+    squashfs \
+    strace \
+    sudo \
+    systemd \
+    systemd-network \
+    tar \
+    timezone \
+    tmux \
+    vim \
+    which \
+    tpm2* \
+    && zypper cc \
+
 ## Generate initrd
 RUN kernel=$(ls /boot/vmlinuz-* | head -n1) && \
             ln -sf "${kernel#/boot/}" /boot/vmlinuz

diff --git a/slem/README.md b/slem/README.md
@@ -0,0 +1,6 @@
+# slem
+
+slem base image needs to built on the slem server.
+A registration code is need to build the slem base image.
+
+./build.sh <REGISTRATION_CODE>
diff --git a/slem/build.sh b/slem/build.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -ex
+
+REGISTRATION_CODE=$1
+mkdir /var/slem
+cd /var/slem
+mkdir repos
+mkdir services
+cd repos/
+mkdir SUSE
+mkdir opensuse
+cd SUSE
+cp /etc/zypp/repos.d/SUSE*.repo .
+cd ../../services/
+cp /etc/zypp/services.d/*.service .
+cd ../repos/opensuse/
+cat > opensuse-oss.repo <<EOF
+[opensuse-oss]
+enabled=1
+autorefresh=0
+baseurl=http://download.opensuse.org/distribution/leap/15.5/repo/oss/
+EOF
+cd ../..
+SUSEConnect -r $REGISTRATION_CODE
+systemctl restart docker
+transactional-update -n pkg install docker
+transactional-update -n register -p PackageHub/15.4/x86_64
+docker build -t slem-base-image:v243 .
+
diff --git a/ubuntu-fips/Dockerfile b/ubuntu-fips/Dockerfile
@@ -1,6 +1,6 @@
 
 # Kairos framework packages for ubuntu fips
-FROM quay.io/kairos/framework:v2.3.2_fips-systemd as kairos-fips
+FROM quay.io/kairos/framework:v2.4.3_fips as kairos-fips
 
 # Base ubuntu image (focal)
 FROM ubuntu:focal as base
@@ -122,12 +122,6 @@ COPY --from=kairos-fips / /
 # Copy the os-release file to identify the OS
 COPY --from=osbuilder /workspace/os-release /etc/os-release
 
-# Activate Kairos services
-RUN systemctl enable cos-setup-reconcile.timer && \
-          systemctl enable cos-setup-fs.service && \
-          systemctl enable cos-setup-boot.service && \
-          systemctl enable cos-setup-network.service
-
 ## Configuration
 ## Took from: https://github.com/kairos-io/kairos/blob/master/images/Dockerfile.ubuntu-20-lts
 # workaround https://github.com/kairos-io/kairos/issues/949