dprodanov/Factory
SHA256
1
0
Fork 0
forked from suse-edge/Factory
Code Pull Requests Activity

Compare commits

merge into: dprodanov:main
Branches Tags
dprodanov:main dprodanov:3.3 dprodanov:3.2 dprodanov:kube-rbac-proxy-bump dprodanov:kubectl-1.32.4 dprodanov:devel suse-edge:main suse-edge:3.4 suse-edge:3.3 suse-edge:3.2 suse-edge:devel
...
pull from: suse-edge:main
Branches Tags
suse-edge:main suse-edge:3.4 suse-edge:3.3 suse-edge:3.2 suse-edge:devel dprodanov:main dprodanov:3.3 dprodanov:3.2 dprodanov:kube-rbac-proxy-bump dprodanov:kubectl-1.32.4 dprodanov:devel

3 Commits
main ... main

Author SHA256 Message Date
Rhys Oxenham
a9079e0bfc Adding support for SL Micro 6.2 builds 2025-10-22 10:35:34 +02:00
Nicolas Belouin
69db0a0b16 Merge pull request 'metal3: Introduce TLS variables for ironic vmedia server' (#281) from nbelouin/Factory:ironic-tls-cipher into main 
Reviewed-on: suse-edge/Factory#281
Reviewed-by: Marco Chiappero <mchiappero@noreply.src.opensuse.org>
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>
 2025-10-14 15:04:32 +02:00
Nicolas Belouin
f60348562e metal3: Introduce TLS variables for ironic vmedia server 
port of https://github.com/metal3-io/ironic-image/pull/759

Expose it in chart with a new `ironic.ironicExtraEnv` value that allows
passing arbitrary extra environment variables to allow for advanced
configuration we may not want to keep as not for the faint of heart.

Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-10-03 10:04:48 +02:00
14 changed files with 470 additions and 188 deletions
Expand all files Collapse all files

8
ironic-image/Dockerfile
View File

@@ -1,6 +1,6 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.3
#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.3-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.4
#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.4-%RELEASE%
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -41,8 +41,8 @@ LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Ba
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opencontainers.image.version="29.0.4.3"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:29.0.4.3-%RELEASE%"
LABEL org.opencontainers.image.version="29.0.4.4"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:29.0.4.4-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"

13
ironic-image/ironic-config/apache2-vmedia.conf.j2
View File

@@ -11,6 +11,19 @@ Listen [::]:{{ env.VMEDIA_TLS_PORT }}
SSLCertificateFile {{ env.IRONIC_VMEDIA_CERT_FILE }}
SSLCertificateKeyFile {{ env.IRONIC_VMEDIA_KEY_FILE }}
{% if "IRONIC_VMEDIA_TLS_12_CIPHERS" in env and env.IRONIC_VMEDIA_TLS_12_CIPHERS %}
SSLCipherSuite {{ env.IRONIC_VMEDIA_TLS_12_CIPHERS }}
{% endif %}
{% if "IRONIC_VMEDIA_TLS_13_CIPHERS" in env and env.IRONIC_VMEDIA_TLS_13_CIPHERS %}
SSLCipherSuite TLSv1.3 {{ env.IRONIC_VMEDIA_TLS_13_CIPHERS }}
{% endif %}
{% if "IRONIC_VMEDIA_CURVES" in env and env.IRONIC_VMEDIA_CURVES %}
SSLOpenSSLConfCmd Curves {{ env.IRONIC_VMEDIA_CURVES }}
{% endif %}
{% if env.IRONIC_VMEDIA_TLS_ENFORCE_SERVER_CIPHER_ORDER | lower == "true" %}
SSLHonorCipherOrder on
{% endif %}
<Directory "/shared/html/">
Options Indexes FollowSymLinks
AllowOverride None

6
kiwi-builder-image/Dockerfile
View File

@@ -1,8 +1,8 @@
#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.2.12.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.2.12.0
#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.2.29.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.2.29.0
# Base image version, should match the tag above
ARG KIWIVERSION="10.2.12"
ARG KIWIVERSION="10.2.29"
FROM registry.suse.com/bci/kiwi:${KIWIVERSION}
ARG KIWIVERSION

287
kiwi-builder-image/SL-Micro.kiwi
View File

@@ -30,16 +30,13 @@
<profile name="x86-self_install" description="Raw disk for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64" description="Raw disk for aarch64 - uEFI" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt-rpi" description="Raw disk for aarch64 with RT kernel on Raspberry Pi" arch="aarch64">
<profile name="aarch64-rt-encrypted" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt-self_install" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
@@ -60,6 +57,15 @@
<profile name="rpi" description="Raw disk for Raspberry Pi" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="rpi-self_install" description="Raw disk for Raspberry Pi" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64" description="Raw disk for Raspberry Pi" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-encrypted" description="Raw disk for Raspberry Pi" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-qcow" description="qcow2 for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
@@ -90,6 +96,15 @@
<profile name="ppc64le-4096ss-self_install" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-64kb" description="Build 64K page size aarch64 images" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-64kb-encrypted" description="Build 64K page size aarch64 images" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-64kb-self_install" description="Build 64K page size aarch64 images" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<!-- Images (flavor + platform) -->
<profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
@@ -154,18 +169,10 @@
<requires profile="full"/>
<requires profile="aarch64"/>
</profile>
<profile name="Default-RPi" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
<requires profile="full"/>
<requires profile="rpi"/>
</profile>
<profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64"/>
</profile>
<profile name="Base-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="rpi"/>
</profile>
<profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-rt"/>
@@ -179,10 +186,6 @@
<requires profile="container-host"/>
<requires profile="aarch64-rt"/>
</profile>
<profile name="Base-RT-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-rt-rpi"/>
</profile>
<profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-rt-self_install"/>
@@ -277,10 +280,42 @@
<requires profile="ppc64le-4096ss-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-64kb-SelfInstall" description="SL Micro with 64K page size images" arch="aarch64">
<requires profile="full"/>
<requires profile="aarch64-64kb-self_install"/>
</profile>
<profile name="Base-64kb-SelfInstall" description="SL Micro with 64K page size images" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-64kb-self_install"/>
</profile>
<profile name="Default-64kb" description="SL Micro with 64K page size images" arch="aarch64">
<requires profile="full"/>
<requires profile="aarch64-64kb"/>
</profile>
<profile name="Base-64kb" description="SL Micro with 64K page size images" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-64kb"/>
</profile>
<profile name="Default-64kb-encrypted" description="SL Micro with 64K page size images" arch="aarch64">
<requires profile="full"/>
<requires profile="aarch64-64kb-encrypted"/>
</profile>
<profile name="Base-64kb-encrypted" description="SL Micro with 64K page size images" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-64kb-encrypted"/>
</profile>
<profile name="RaspberryPi-SelfInstall" description="SL Micro for Rapsberry Pi" arch="aarch64">
<requires profile="full"/>
<requires profile="rpi-self_install"/>
</profile>
<profile name="RaspberryPi" description="SL Micro for Raspberry Pi" arch="aarch64">
<requires profile="full"/>
<requires profile="rpi"/>
</profile>
</profiles>
<preferences profiles="x86-encrypted,x86-rt-encrypted">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -291,7 +326,8 @@
initrd_system="dracut"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
efipartsize="512"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 rd.kiwi.oem.luks.reencrypt rd.kiwi.oem.luks.reencrypt_randompass quiet systemd.show_status=1"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -323,7 +359,7 @@
</type>
</preferences>
<preferences profiles="x86,x86-rt">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -334,7 +370,8 @@
initrd_system="dracut"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
efipartsize="512"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -359,7 +396,7 @@
</preferences>
<preferences profiles="x86-self_install,x86-rt-self_install">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -374,7 +411,8 @@
installboot="install"
install_continue_on_timeout="false"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
efipartsize="512"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -397,9 +435,8 @@
</systemdisk>
</type>
</preferences>
<preferences profiles="rpi,aarch64-rt-rpi">
<version>6.1</version>
<preferences profiles="aarch64,aarch64-rt,aarch64-64kb">
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -414,11 +451,96 @@
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
efipartsize="512"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1"
bootpartition="false"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="false"
disk_start_sector="8192"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="aarch64-encrypted,aarch64-rt-encrypted,aarch64-64kb-encrypted">
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
installiso="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
efipartsize="512"
kernelcmdline="security=selinux selinux=1 rd.kiwi.oem.luks.reencrypt rd.kiwi.oem.luks.reencrypt_randompass quiet systemd.show_status=1"
bootpartition="false"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="false"
disk_start_sector="8192"
luks_version="luks2"
luks="1234"
luks_randomize="false"
luks_pbkdf="pbkdf2"
>
<luksformat>
<option name="--cipher" value="aes-xts-plain64"/>
</luksformat>
<bootloader name="grub2" console="gfxterm" use_disk_password="true" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="rpi">
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
installiso="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
efipartsize="512"
kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
bootpartition="false"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
efipartsize="128"
editbootinstall="editbootinstall_rpi.sh"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="false"
@@ -438,9 +560,8 @@
</systemdisk>
</type>
</preferences>
<preferences profiles="aarch64,aarch64-rt">
<version>6.1</version>
<preferences profiles="aarch64-self_install,aarch64-rt-self_install,aarch64-64kb-self_install">
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -450,19 +571,20 @@
image="oem"
initrd_system="dracut"
installiso="true"
installpxe="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
efipartsize="512"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
efipartsize="128"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="false"
disk_start_sector="4096"
btrfs_quota_groups="true"
disk_start_sector="8192"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
@@ -478,8 +600,8 @@
</systemdisk>
</type>
</preferences>
<preferences profiles="aarch64-self_install,aarch64-rt-self_install">
<version>6.1</version>
<preferences profiles="rpi-self_install">
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -494,13 +616,14 @@
installboot="install"
install_continue_on_timeout="false"
firmware="uefi"
efipartsize="128"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
efipartsize="512"
kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
editbootinstall="editbootinstall_rpi.sh"
btrfs_quota_groups="true"
disk_start_sector="4096"
>
@@ -520,7 +643,7 @@
</preferences>
<preferences profiles="s390-kvm">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -558,7 +681,7 @@
<preferences profiles="s390-dasd">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -596,7 +719,7 @@
<preferences profiles="s390-fba">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -631,7 +754,7 @@
</preferences>
<preferences profiles="s390-fcp">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -670,7 +793,7 @@
</preferences>
<preferences profiles="x86-vmware">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -681,6 +804,7 @@
filesystem="btrfs"
format="vmdk"
firmware="uefi"
efipartsize="512"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -701,11 +825,11 @@
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">24</size>
<machine memory="1024" HWversion="10" guestOS="suse-64"/>
<machine memory="1024" HWversion="17" guestOS="suse-64"/>
</type>
</preferences>
<preferences profiles="x86-qcow">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -716,7 +840,8 @@
format="qcow2"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
efipartsize="512"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=qemu"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -742,7 +867,7 @@
</preferences>
<preferences profiles="aarch64-qcow">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -753,8 +878,8 @@
format="qcow2"
filesystem="btrfs"
firmware="uefi"
efipartsize="128"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
efipartsize="512"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=qemu"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -777,7 +902,7 @@
</preferences>
<preferences profiles="ppc64le-512ss">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -788,7 +913,7 @@
image="oem"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -810,7 +935,7 @@
</type>
</preferences>
<preferences profiles="ppc64le-4096ss">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -824,7 +949,7 @@
target_blocksize="4096"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -847,7 +972,7 @@
</preferences>
<preferences profiles="ppc64le-512ss-self_install">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -860,7 +985,7 @@
installpxe="true"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=metal"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -887,7 +1012,7 @@
</type>
</preferences>
<preferences profiles="ppc64le-4096ss-self_install">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -903,7 +1028,7 @@
target_blocksize="4096"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -936,20 +1061,17 @@
</repository>
<packages type="image" profiles="full">
<namedCollection name="base_transactional"/>
<package name="patterns-base-transactional"/>
<namedCollection name="salt_minion"/>
<package name="patterns-base-salt_minion"/>
<namedCollection name="transactional_base"/>
<package name="patterns-base-transactional_base"/>
<namedCollection name="kvm_host"/>
<package name="patterns-base-kvm_host"/>
<package name="patterns-micro-kvm_host"/>
<package name="lzop"/>
<namedCollection name="container_runtime_podman"/>
<package name="patterns-container-runtime_podman"/>
<namedCollection name="cockpit"/>
<package name="patterns-base-cockpit"/>
<package name="patterns-cockpit"/>
<namedCollection name="selinux"/>
<package name="patterns-base-selinux"/>
<package name="policycoreutils-python-utils"/>
<package name="suseconnect-ng"/>
<package name="SL-Micro-release"/>
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -959,7 +1081,7 @@
<package name="libpwquality-tools"/>
</packages>
<packages type="image" profiles="x86-encrypted,x86-rt-encrypted">
<packages type="image" profiles="x86-encrypted,x86-rt-encrypted,aarch64-encrypted,aarch64-rt-encrypted,aarch64-64kb-encrypted">
<!-- full disk encryption stuff -->
<package name="device-mapper"/>
<package name="cryptsetup"/>
@@ -972,13 +1094,12 @@
</packages>
<packages type="image" profiles="container-host">
<namedCollection name="base_transactional"/>
<package name="patterns-base-transactional"/>
<namedCollection name="transactional_base"/>
<package name="patterns-base-transactional_base"/>
<namedCollection name="container_runtime_podman"/>
<package name="patterns-container-runtime_podman"/>
<namedCollection name="selinux"/>
<package name="patterns-base-selinux"/>
<package name="policycoreutils-python-utils"/>
<package name="suseconnect-ng"/>
<package name="SL-Micro-release"/>
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -1002,16 +1123,16 @@
<package name="jeos-firstboot"/>
</packages>
<packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow">
<packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow,ppc64le-512ss,ppc64le-4096ss,s390-dasd,s390-fcp">
<package name="cloud-init"/>
<package name="cloud-init-config-suse"/>
</packages>
<packages type="image">
<namedCollection name="base_transactional"/>
<package name="patterns-base-transactional"/>
<namedCollection name="transactional_base"/>
<package name="patterns-base-transactional_base"/>
<namedCollection name="hardware"/>
<package name="patterns-base-hardware"/>
<package name="patterns-micro-hardware"/>
<package name="grub2"/>
<package name="glibc-locale-base"/>
<package name="ca-certificates"/>
@@ -1033,6 +1154,7 @@
<!-- FIXME does not build without control file which is obsolete
<package name="live-add-yast-repos"/> -->
<package name="parted"/> <!-- seems missing to deploy the image -->
<package name="iptables"/> <!-- needed by RKE2 -->
</packages>
<packages type="image" profiles="bootloader">
@@ -1049,11 +1171,15 @@
<package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
</packages>
<!-- rpi kernel-default-base does not provide all necessary drivers -->
<packages type="image" profiles="rpi,aarch64-self_install,x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<packages type="image" profiles="aarch64,rpi,rpi-self_install,aarch64-self_install,x86,x86-encrypted,aarch64-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<package name="kernel-default"/>
<package name="kernel-firmware-all"/>
</packages>
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
<packages type="image" profiles="aarch64-64kb,aarch64-64kb-encrypted,aarch64-64kb-self_install">
<package name="kernel-64kb"/>
<package name="kernel-firmware-all"/>
</packages>
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-encrypted,aarch64-rt-self_install">
<package name="kernel-rt"/>
<package name="kernel-firmware-all"/>
<!-- FIXME intentionally removed from ALP code stream
@@ -1068,17 +1194,18 @@
<packages type="image" profiles="s390-fcp">
<package name="multipath-tools"/>
</packages>
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64,aarch64-qcow,rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<!-- "oem" images uses kiwi for partition/fs resize (-repart) and SelfInstall images in addition for deployment (-dump). -->
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,aarch64,aarch64-encrypted,aarch64-64kb-encrypted,rpi,rpi-self_install,aarch64-self_install,aarch64-64kb,aarch64-64kb-self_install,aarch64-rt,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<package name="dracut-kiwi-oem-repart"/>
<package name="dracut-kiwi-oem-dump"/>
</packages>
<packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
<packages type="image" profiles="rpi,rpi-self_install">
<package name="raspberrypi-firmware" arch="aarch64"/>
<package name="raspberrypi-firmware-config" arch="aarch64"/>
<package name="raspberrypi-firmware-dt" arch="aarch64"/>
<package name="u-boot-rpiarm64" arch="aarch64"/>
</packages>
<packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install">
<packages type="image" profiles="aarch64,rpi,rpi-self_install,aarch64-self_install,aarch64-rt,aarch64-64kb,aarch64-rt-self_install,aarch64-encrypted,aarch64-rt-encrypted,aarchte-64kb-encrypted">
<package name="dracut-kiwi-oem-repart"/>
<package name="bcm43xx-firmware"/>
<package name="wireless-regdb"/>
@@ -1104,12 +1231,12 @@
</packages>
<!-- jsc#PED-8599 -->
<packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096">
<packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096,Base-64kb-encrypted,Default-64kb-encrypted">
<package name="usbguard"/>
</packages>
<!-- jsc#PED-8788 -->
<packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-self_install">
<packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-encrypted,aarch64-rt-self_install">
<package name="stalld"/>
</packages>
</image>

292
kiwi-builder-image/SL-Micro.kiwi.4096
View File

@@ -30,16 +30,13 @@
<profile name="x86-self_install" description="Raw disk for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64" description="Raw disk for aarch64 - uEFI" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt-rpi" description="Raw disk for aarch64 with RT kernel on Raspberry Pi" arch="aarch64">
<profile name="aarch64-rt-encrypted" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt-self_install" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
@@ -60,6 +57,15 @@
<profile name="rpi" description="Raw disk for Raspberry Pi" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="rpi-self_install" description="Raw disk for Raspberry Pi" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64" description="Raw disk for Raspberry Pi" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-encrypted" description="Raw disk for Raspberry Pi" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-qcow" description="qcow2 for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
@@ -90,6 +96,15 @@
<profile name="ppc64le-4096ss-self_install" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-64kb" description="Build 64K page size aarch64 images" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-64kb-encrypted" description="Build 64K page size aarch64 images" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-64kb-self_install" description="Build 64K page size aarch64 images" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<!-- Images (flavor + platform) -->
<profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
@@ -154,18 +169,10 @@
<requires profile="full"/>
<requires profile="aarch64"/>
</profile>
<profile name="Default-RPi" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
<requires profile="full"/>
<requires profile="rpi"/>
</profile>
<profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64"/>
</profile>
<profile name="Base-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="rpi"/>
</profile>
<profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-rt"/>
@@ -179,10 +186,6 @@
<requires profile="container-host"/>
<requires profile="aarch64-rt"/>
</profile>
<profile name="Base-RT-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-rt-rpi"/>
</profile>
<profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-rt-self_install"/>
@@ -277,10 +280,42 @@
<requires profile="ppc64le-4096ss-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-64kb-SelfInstall" description="SL Micro with 64K page size images" arch="aarch64">
<requires profile="full"/>
<requires profile="aarch64-64kb-self_install"/>
</profile>
<profile name="Base-64kb-SelfInstall" description="SL Micro with 64K page size images" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-64kb-self_install"/>
</profile>
<profile name="Default-64kb" description="SL Micro with 64K page size images" arch="aarch64">
<requires profile="full"/>
<requires profile="aarch64-64kb"/>
</profile>
<profile name="Base-64kb" description="SL Micro with 64K page size images" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-64kb"/>
</profile>
<profile name="Default-64kb-encrypted" description="SL Micro with 64K page size images" arch="aarch64">
<requires profile="full"/>
<requires profile="aarch64-64kb-encrypted"/>
</profile>
<profile name="Base-64kb-encrypted" description="SL Micro with 64K page size images" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-64kb-encrypted"/>
</profile>
<profile name="RaspberryPi-SelfInstall" description="SL Micro for Rapsberry Pi" arch="aarch64">
<requires profile="full"/>
<requires profile="rpi-self_install"/>
</profile>
<profile name="RaspberryPi" description="SL Micro for Raspberry Pi" arch="aarch64">
<requires profile="full"/>
<requires profile="rpi"/>
</profile>
</profiles>
<preferences profiles="x86-encrypted,x86-rt-encrypted">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -291,7 +326,8 @@
initrd_system="dracut"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
efipartsize="512"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 rd.kiwi.oem.luks.reencrypt rd.kiwi.oem.luks.reencrypt_randompass quiet systemd.show_status=1"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -325,7 +361,7 @@
</type>
</preferences>
<preferences profiles="x86,x86-rt">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -336,7 +372,8 @@
initrd_system="dracut"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
efipartsize="512"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -363,7 +400,7 @@
</preferences>
<preferences profiles="x86-self_install,x86-rt-self_install">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -378,7 +415,8 @@
installboot="install"
install_continue_on_timeout="false"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
efipartsize="512"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -403,9 +441,8 @@
</systemdisk>
</type>
</preferences>
<preferences profiles="rpi,aarch64-rt-rpi">
<version>6.1</version>
<preferences profiles="aarch64,aarch64-rt,aarch64-64kb">
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -420,11 +457,98 @@
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
efipartsize="512"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1"
bootpartition="false"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="false"
disk_start_sector="8192"
target_blocksize="4096"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="aarch64-encrypted,aarch64-rt-encrypted,aarch64-64kb-encrypted">
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
installiso="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
efipartsize="512"
kernelcmdline="security=selinux selinux=1 rd.kiwi.oem.luks.reencrypt rd.kiwi.oem.luks.reencrypt_randompass quiet systemd.show_status=1"
bootpartition="false"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="false"
disk_start_sector="8192"
luks_version="luks2"
luks="1234"
luks_randomize="false"
luks_pbkdf="pbkdf2"
target_blocksize="4096"
>
<luksformat>
<option name="--cipher" value="aes-xts-plain64"/>
</luksformat>
<bootloader name="grub2" console="gfxterm" use_disk_password="true" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="rpi">
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
installiso="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
efipartsize="512"
kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
bootpartition="false"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
efipartsize="128"
editbootinstall="editbootinstall_rpi.sh"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="false"
@@ -444,9 +568,8 @@
</systemdisk>
</type>
</preferences>
<preferences profiles="aarch64,aarch64-rt">
<version>6.1</version>
<preferences profiles="aarch64-self_install,aarch64-rt-self_install,aarch64-64kb-self_install">
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -456,19 +579,21 @@
image="oem"
initrd_system="dracut"
installiso="true"
installpxe="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
efipartsize="512"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
efipartsize="128"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="false"
disk_start_sector="4096"
btrfs_quota_groups="true"
disk_start_sector="8192"
target_blocksize="4096"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
@@ -484,8 +609,8 @@
</systemdisk>
</type>
</preferences>
<preferences profiles="aarch64-self_install,aarch64-rt-self_install">
<version>6.1</version>
<preferences profiles="rpi-self_install">
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -500,13 +625,14 @@
installboot="install"
install_continue_on_timeout="false"
firmware="uefi"
efipartsize="128"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
efipartsize="512"
kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
editbootinstall="editbootinstall_rpi.sh"
btrfs_quota_groups="true"
disk_start_sector="4096"
>
@@ -526,7 +652,7 @@
</preferences>
<preferences profiles="s390-kvm">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -564,7 +690,7 @@
<preferences profiles="s390-dasd">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -602,7 +728,7 @@
<preferences profiles="s390-fba">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -637,7 +763,7 @@
</preferences>
<preferences profiles="s390-fcp">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -676,7 +802,7 @@
</preferences>
<preferences profiles="x86-vmware">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -687,6 +813,7 @@
filesystem="btrfs"
format="vmdk"
firmware="uefi"
efipartsize="512"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -707,11 +834,11 @@
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">24</size>
<machine memory="1024" HWversion="10" guestOS="suse-64"/>
<machine memory="1024" HWversion="17" guestOS="suse-64"/>
</type>
</preferences>
<preferences profiles="x86-qcow">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -722,15 +849,14 @@
format="qcow2"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
efipartsize="512"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=qemu"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
target_blocksize="4096"
efipartsize="200"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
@@ -750,7 +876,7 @@
</preferences>
<preferences profiles="aarch64-qcow">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -761,8 +887,8 @@
format="qcow2"
filesystem="btrfs"
firmware="uefi"
efipartsize="128"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
efipartsize="512"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=qemu"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -785,7 +911,7 @@
</preferences>
<preferences profiles="ppc64le-512ss">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -796,7 +922,7 @@
image="oem"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -818,7 +944,7 @@
</type>
</preferences>
<preferences profiles="ppc64le-4096ss">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -832,7 +958,7 @@
target_blocksize="4096"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -855,7 +981,7 @@
</preferences>
<preferences profiles="ppc64le-512ss-self_install">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -868,7 +994,7 @@
installpxe="true"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=metal"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -895,7 +1021,7 @@
</type>
</preferences>
<preferences profiles="ppc64le-4096ss-self_install">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -911,7 +1037,7 @@
target_blocksize="4096"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -944,20 +1070,17 @@
</repository>
<packages type="image" profiles="full">
<namedCollection name="base_transactional"/>
<package name="patterns-base-transactional"/>
<namedCollection name="salt_minion"/>
<package name="patterns-base-salt_minion"/>
<namedCollection name="transactional_base"/>
<package name="patterns-base-transactional_base"/>
<namedCollection name="kvm_host"/>
<package name="patterns-base-kvm_host"/>
<package name="patterns-micro-kvm_host"/>
<package name="lzop"/>
<namedCollection name="container_runtime_podman"/>
<package name="patterns-container-runtime_podman"/>
<namedCollection name="cockpit"/>
<package name="patterns-base-cockpit"/>
<package name="patterns-cockpit"/>
<namedCollection name="selinux"/>
<package name="patterns-base-selinux"/>
<package name="policycoreutils-python-utils"/>
<package name="suseconnect-ng"/>
<package name="SL-Micro-release"/>
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -967,7 +1090,7 @@
<package name="libpwquality-tools"/>
</packages>
<packages type="image" profiles="x86-encrypted,x86-rt-encrypted">
<packages type="image" profiles="x86-encrypted,x86-rt-encrypted,aarch64-encrypted,aarch64-rt-encrypted,aarch64-64kb-encrypted">
<!-- full disk encryption stuff -->
<package name="device-mapper"/>
<package name="cryptsetup"/>
@@ -980,13 +1103,12 @@
</packages>
<packages type="image" profiles="container-host">
<namedCollection name="base_transactional"/>
<package name="patterns-base-transactional"/>
<namedCollection name="transactional_base"/>
<package name="patterns-base-transactional_base"/>
<namedCollection name="container_runtime_podman"/>
<package name="patterns-container-runtime_podman"/>
<namedCollection name="selinux"/>
<package name="patterns-base-selinux"/>
<package name="policycoreutils-python-utils"/>
<package name="suseconnect-ng"/>
<package name="SL-Micro-release"/>
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -1010,16 +1132,16 @@
<package name="jeos-firstboot"/>
</packages>
<packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow">
<packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow,ppc64le-512ss,ppc64le-4096ss,s390-dasd,s390-fcp">
<package name="cloud-init"/>
<package name="cloud-init-config-suse"/>
</packages>
<packages type="image">
<namedCollection name="base_transactional"/>
<package name="patterns-base-transactional"/>
<namedCollection name="transactional_base"/>
<package name="patterns-base-transactional_base"/>
<namedCollection name="hardware"/>
<package name="patterns-base-hardware"/>
<package name="patterns-micro-hardware"/>
<package name="grub2"/>
<package name="glibc-locale-base"/>
<package name="ca-certificates"/>
@@ -1041,6 +1163,7 @@
<!-- FIXME does not build without control file which is obsolete
<package name="live-add-yast-repos"/> -->
<package name="parted"/> <!-- seems missing to deploy the image -->
<package name="iptables"/> <!-- needed by RKE2 -->
</packages>
<packages type="image" profiles="bootloader">
@@ -1057,11 +1180,15 @@
<package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
</packages>
<!-- rpi kernel-default-base does not provide all necessary drivers -->
<packages type="image" profiles="rpi,aarch64-self_install,x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<packages type="image" profiles="aarch64,rpi,rpi-self_install,aarch64-self_install,x86,x86-encrypted,aarch64-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<package name="kernel-default"/>
<package name="kernel-firmware-all"/>
</packages>
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
<packages type="image" profiles="aarch64-64kb,aarch64-64kb-encrypted,aarch64-64kb-self_install">
<package name="kernel-64kb"/>
<package name="kernel-firmware-all"/>
</packages>
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-encrypted,aarch64-rt-self_install">
<package name="kernel-rt"/>
<package name="kernel-firmware-all"/>
<!-- FIXME intentionally removed from ALP code stream
@@ -1076,17 +1203,18 @@
<packages type="image" profiles="s390-fcp">
<package name="multipath-tools"/>
</packages>
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64,aarch64-qcow,rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<!-- "oem" images uses kiwi for partition/fs resize (-repart) and SelfInstall images in addition for deployment (-dump). -->
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,aarch64,aarch64-encrypted,aarch64-64kb-encrypted,rpi,rpi-self_install,aarch64-self_install,aarch64-64kb,aarch64-64kb-self_install,aarch64-rt,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<package name="dracut-kiwi-oem-repart"/>
<package name="dracut-kiwi-oem-dump"/>
</packages>
<packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
<packages type="image" profiles="rpi,rpi-self_install">
<package name="raspberrypi-firmware" arch="aarch64"/>
<package name="raspberrypi-firmware-config" arch="aarch64"/>
<package name="raspberrypi-firmware-dt" arch="aarch64"/>
<package name="u-boot-rpiarm64" arch="aarch64"/>
</packages>
<packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install">
<packages type="image" profiles="aarch64,rpi,rpi-self_install,aarch64-self_install,aarch64-rt,aarch64-64kb,aarch64-rt-self_install,aarch64-encrypted,aarch64-rt-encrypted,aarchte-64kb-encrypted">
<package name="dracut-kiwi-oem-repart"/>
<package name="bcm43xx-firmware"/>
<package name="wireless-regdb"/>
@@ -1112,12 +1240,12 @@
</packages>
<!-- jsc#PED-8599 -->
<packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096">
<packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096,Base-64kb-encrypted,Default-64kb-encrypted">
<package name="usbguard"/>
</packages>
<!-- jsc#PED-8788 -->
<packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-self_install">
<packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-encrypted,aarch64-rt-self_install">
<package name="stalld"/>
</packages>
</image>

17
kiwi-builder-image/build-image.sh
View File

@@ -28,7 +28,7 @@ LARGEBLOCK=false
usage(){
cat <<-EOF
=====================================
SUSE Linux Micro 6.1 Kiwi SDK Builder
SUSE Linux Micro 6.2 Kiwi SDK Builder
=====================================
Usage: ${0} [-p <profile>] [-b]
@@ -36,13 +36,12 @@ usage(){
Profile Options (-p):
* Default: RAW Disk Image with default packages (incl. Podman & KVM)
* Default-SelfInstall: SelfInstall ISO with default packages
* Default-RPi: RAW Disk Image for Raspberry Pi (aarch64 only with MBR)
* Base: RAW Disk Image with reduced package set (no KVM)
* Base-SelfInstall: SelfInstall ISO with reduced packages
* Base-RT: RAW Disk Image with reduced packages and kernel-rt
* Base-RT-SelfInstall: SelfInstall ISO with reduced packages and kernel-rt
* Base-RT-RPi: RAW Disk image for Raspberry Pi with kernel-rt (aarch64 only with MBR)
* Base-RPi: RAW Disk Image for Raspberry Pi with reduced packages (aarch64 only with MBR)
* RaspberryPi: RAW Disk Image for Raspberry Pi with default packages (aarch64 only with MBR)
* RaspberryPi-SelfInstall: SelfInstall ISO for Raspberry Pi with default packages (aarch64 only with MBR)
4096 Blocksize (-b): If specified, use a 4096 blocksize (rather than 512) when generating the image.
@@ -83,9 +82,15 @@ if $LARGEBLOCK; then
mv /micro-sdk/defs/SL-Micro.kiwi.4096 /micro-sdk/defs/SL-Micro.kiwi
fi
# Create temporary directory that supports seclabel
dir=$(mktemp -d)
mkdir -p /tmp/output/tmp-dir
mount -t tmpfs $dir /tmp/output/tmp-dir
# Build the image
kiwi-ng --debug --profile $PROFILE system build \
--description /micro-sdk/defs --target-dir /tmp/output --ignore-repos-used-for-build $REPOS
kiwi-ng --temp-dir /tmp/output/tmp-dir --debug --profile $PROFILE \
system build --description /micro-sdk/defs --target-dir /tmp/output \
--ignore-repos-used-for-build $REPOS
# Print output
RESULT=$?

1
kiwi-builder-image/config.sh
View File

@@ -188,7 +188,6 @@ cat >/etc/fstab.script <<"EOF"
#!/bin/sh
set -eux
/usr/sbin/setup-fstab-for-overlayfs
# If /var is on a different partition than /...
if [ "$(findmnt -snT / -o SOURCE)" != "$(findmnt -snT /var -o SOURCE)" ]; then
# ... set options for autoexpanding /var

12
metal3-chart/Chart.yaml
View File

@@ -1,7 +1,7 @@
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.17_up0.12.7
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.17_up0.12.7-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.18_up0.12.8
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.18_up0.12.8-%RELEASE%
apiVersion: v2
appVersion: 0.12.6
appVersion: 0.12.8
dependencies:
- alias: metal3-baremetal-operator
name: baremetal-operator
@@ -10,7 +10,7 @@ dependencies:
- alias: metal3-ironic
name: ironic
repository: file://./charts/ironic
version: 0.11.4
version: 0.11.5
- alias: metal3-mariadb
condition: global.enable_mariadb
name: mariadb
@@ -20,9 +20,9 @@ dependencies:
condition: global.enable_metal3_media_server
name: media
repository: file://./charts/media
version: 0.7.0
version: 0.7.1
description: A Helm chart that installs all of the dependencies needed for Metal3
icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
name: metal3
type: application
version: "%%CHART_MAJOR%%.0.17+up0.12.7"
version: "%%CHART_MAJOR%%.0.18+up0.12.8"

2
metal3-chart/charts/ironic/Chart.yaml
View File

@@ -3,4 +3,4 @@ appVersion: 29.0.4
description: A Helm chart for Ironic, used by Metal3
name: ironic
type: application
version: 0.11.4
version: 0.11.5

3
metal3-chart/charts/ironic/templates/configmap.yaml
View File

@@ -52,3 +52,6 @@ data:
{{- else }}
IRONIC_USE_MARIADB: "false"
{{- end }}
{{- with .Values.ironicExtraEnv -}}
{{ toYaml . | nindent 2 }}
{{- end -}}

4
metal3-chart/charts/ironic/values.yaml
View File

@@ -64,7 +64,7 @@ images:
ironic:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
pullPolicy: IfNotPresent
tag: 29.0.4.3
tag: 29.0.4.4
ironicIPADownloader:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
pullPolicy: IfNotPresent
@@ -138,6 +138,8 @@ baremetaloperator:
debug:
ironicRamdiskSshKey: ""
ironicExtraEnv: {}
tlscerts:
cacert: ""
key: ""

2
metal3-chart/charts/media/Chart.yaml
View File

@@ -3,4 +3,4 @@ appVersion: 1.21.0
description: A Helm chart for Media, used by Metal3
name: media
type: application
version: 0.7.0
version: 0.7.1

9
metal3-chart/charts/media/values.yaml
View File

@@ -42,8 +42,8 @@ serviceAccount:
podAnnotations: {}
podSecurityContext:
runAsUser: 10475
fsGroup: 10475
runAsUser: 486
fsGroup: 499
securityContext:
allowPrivilegeEscalation: false
@@ -102,11 +102,16 @@ volumes:
- name: assets
persistentVolumeClaim:
claimName: media
- name: run
emptyDir:
sizeLimit: 10Mi
# volume mounts
volumeMounts:
- mountPath: /srv/www/htdocs
name: assets
- mountPath: /run
name: run
# media volume settings
mediaVolume:

2
release-manifest-image/release_manifest.yaml
View File

@@ -171,7 +171,7 @@ spec:
- prettyName: Metal3
releaseName: metal3
chart: '%%CHART_REPO%%/%%CHART_PREFIX%%metal3'
version: '%%CHART_MAJOR%%.0.17+up0.12.7'
version: '%%CHART_MAJOR%%.0.18+up0.12.8'
- prettyName: RancherTurtles
releaseName: rancher-turtles
chart: '%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles'