Accepting request 1248768 from network:cluster

- added WWWORKER-overwrites-runtime.NumCPU.patch for reproducible
  builds (forwarded request 1248764 from mslacken)

OBS-URL: https://build.opensuse.org/request/show/1248768
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/warewulf4?expand=0&rev=31

README.RKE2.md

@@ -0,0 +1,43 @@
+# RKE2 Cluster Configuration HOWTO
+
+The package warewulf4-overlay-rke2 provides a configuration template
+to share a connection token - a shared secret - and the hostname of
+the first server endpoint across an RKE2 cluster.  
+To use it,
+
+- create a profile `rke2-config-key`:
+
+    ```
+	wwctl profile add rke2-config-key
+	token="$(printf 'K'; \
+         for n in {1..20}; do printf %x $RANDOM; done; \
+         printf "::server:"; \
+         for n in {1..20}; do printf %x $RANDOM; done)"
+	 wwctl profile set --tagadd="connectiontoken=${token}" \
+              -O rke2-config rke2-config-key
+    ```
+- create a profile `rke2-config-first-server`:
+
+	```
+    server=<hostname_of_first_rke2_server>
+	wwctl profile add rke2-config-first-server
+	wwctl profile set --tagadd="server=${server}" -O rke2-config rke2-config-first-server
+
+	```
+- add the `rke2-config-key` profile to the server node:
+
+    ```
+	wwctl node set -P default,rke2-config-key $server
+
+	```
+- finally, add both profiles to the agent nodes:
+
+	```
+	agents="<agent_list>"
+	wwctl node set -P default,rke2-config-key,rke2-config-first-server $agents
+	```
+
+In case the RKE2 server node is not deployed by Warewulf, you will
+have to grab the connection token (see variable `token` above) from
+the file `/var/lib/rancher/rke2/server/node-token` on the running
+server.

WWWORKER-overwrites-runtime.NumCPU.patch

@@ -0,0 +1,75 @@
+From 53f6f72917211903d2f068b48ed552a6e0e98734 Mon Sep 17 00:00:00 2001
+From: Christian Goll <cgoll@suse.com>
+Date: Wed, 26 Feb 2025 17:07:31 +0100
+Subject: [PATCH] WWWORKER overwrites runtime.NumCPU
+
+runtime.NumCPU varies for different build hosts, so the
+environment variable WWWORKER can be set to keep this number
+constant as this number ends up in
+docs/man/man1/wwctl-overlay-build.1
+and so in the packages
+
+Signed-off-by: Christian Goll <cgoll@suse.com>
+---
+ CHANGELOG.md                             |  1 +
+ Makefile                                 |  2 +-
+ internal/app/wwctl/overlay/build/root.go | 10 +++++++++-
+ 3 files changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/CHANGELOG.md b/CHANGELOG.md
+index 93b7700a..3ea71b31 100644
+--- a/CHANGELOG.md
++++ b/CHANGELOG.md
+@@ -60,6 +60,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
+ - Fix timeout problem for wwclient. #1741
+ - Fixed default "true" state of NetDev.OnBoot. #1754
+ - Port NFS mounts during `wwctl upgrade nodes` before applying defaults. #1758
++- Set WWWORKER from commandline for reproducible builds
+ 
+ ### Removed
+ 
+diff --git a/Makefile b/Makefile
+index 245bdc64..88bc7921 100644
+--- a/Makefile
++++ b/Makefile
+@@ -73,7 +73,7 @@ wwapird: $(config) $(apiconfig) $(call godeps,internal/app/api/wwapird/wwapird.g
+ .PHONY: man_pages
+ man_pages: wwctl $(wildcard docs/man/man5/*.5)
+ 	mkdir -p docs/man/man1
+-	./wwctl --emptyconf genconfig man docs/man/man1
++	WWWORKER=8 ./wwctl --emptyconf genconfig man docs/man/man1
+ 	gzip --force docs/man/man1/*.1
+ 	for manpage in docs/man/man5/*.5; do gzip <$${manpage} >$${manpage}.gz; done
+ 
+diff --git a/internal/app/wwctl/overlay/build/root.go b/internal/app/wwctl/overlay/build/root.go
+index ba1fe163..f41e0132 100644
+--- a/internal/app/wwctl/overlay/build/root.go
++++ b/internal/app/wwctl/overlay/build/root.go
+@@ -1,7 +1,9 @@
+ package build
+ 
+ import (
++	"os"
+ 	"runtime"
++	"strconv"
+ 
+ 	"github.com/spf13/cobra"
+ 	"github.com/warewulf/warewulf/internal/app/wwctl/completions"
+@@ -29,7 +31,13 @@ func init() {
+ 	}
+ 	baseCmd.PersistentFlags().StringVarP(&OverlayDir, "output", "o", "", `Do not create an overlay image for distribution but write to
+ 	the given directory. An overlay must also be ge given to use this option.`)
+-	baseCmd.PersistentFlags().IntVar(&Workers, "workers", runtime.NumCPU(), "The number of parallel workers building overlays")
++	workers := runtime.NumCPU()
++	numCPU := os.Getenv("WWWORKER")
++	wwWorker, err := strconv.Atoi(numCPU)
++	if err == nil {
++		workers = wwWorker
++	}
++	baseCmd.PersistentFlags().IntVar(&Workers, "workers", workers, "The number of parallel workers building overlays")
+ }
+ 
+ // GetRootCommand returns the root cobra.Command for the application.
+-- 
+2.43.0
+

_service

@@ -2,7 +2,7 @@
   <service name="obs_scm" mode="manual">
     <param name="url">https://github.com/warewulf/warewulf.git</param>
     <param name="scm">git</param>
-    <param name="revision">v4.5.6</param>
+    <param name="revision">v4.6.0rc3</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="changesgenerate">enable</param>

added-cow-option-to-bind.patch

@@ -1,225 +0,0 @@
-diff --git a/internal/app/wwctl/container/exec/child/main.go b/internal/app/wwctl/container/exec/child/main.go
-index 253a6ad2..ba9ad9f7 100644
---- a/internal/app/wwctl/container/exec/child/main.go
-+++ b/internal/app/wwctl/container/exec/child/main.go
-@@ -92,7 +92,7 @@ func CobraRunE(cmd *cobra.Command, args []string) (err error) {
- 		wwlog.Debug("overlay options: %s", options)
- 		err = syscall.Mount("overlay", containerPath, "overlay", 0, options)
- 		if err != nil {
--			wwlog.Warn(fmt.Sprintf("Couldn't create overlay for ephermal mount points: %s", err))
-+			wwlog.Warn("Couldn't create overlay for ephermal mount points: %s", err)
- 		}
- 	} else if nodename != "" {
- 		nodeDB, err := node.New()
-@@ -142,6 +142,10 @@ func CobraRunE(cmd *cobra.Command, args []string) (err error) {
- 	}
- 
- 	for _, mntPnt := range mountPts {
-+		if mntPnt.Cow {
-+			continue
-+		}
-+		wwlog.Debug("bind mounting: %s -> %s", mntPnt.Source, path.Join(containerPath, mntPnt.Dest))
- 		err = syscall.Mount(mntPnt.Source, path.Join(containerPath, mntPnt.Dest), "", syscall.MS_BIND, "")
- 		if err != nil {
- 			wwlog.Warn("Couldn't mount %s to %s: %s", mntPnt.Source, mntPnt.Dest, err)
-@@ -195,6 +199,9 @@ the invalid mount points. Directories always have '/' as suffix
- func checkMountPoints(containerName string, binds []*warewulfconf.MountEntry) (overlayObjects []string) {
- 	overlayObjects = []string{}
- 	for _, b := range binds {
-+		if b.Cow {
-+			continue
-+		}
- 		_, err := os.Stat(b.Source)
- 		if err != nil {
- 			wwlog.Debug("Couldn't stat %s create no mount point in container", b.Source)
-diff --git a/internal/app/wwctl/container/exec/main.go b/internal/app/wwctl/container/exec/main.go
-index 60cf9d48..788adc86 100644
---- a/internal/app/wwctl/container/exec/main.go
-+++ b/internal/app/wwctl/container/exec/main.go
-@@ -54,7 +54,6 @@ func runContainedCmd(cmd *cobra.Command, containerName string, args []string) (e
- 	}()
- 
- 	logStr := fmt.Sprint(wwlog.GetLogLevel())
--
- 	childArgs := []string{"--warewulfconf", conf.GetWarewulfConf(), "--loglevel", logStr, "container", "exec", "__child"}
- 	childArgs = append(childArgs, containerName)
- 	for _, b := range binds {
-@@ -64,8 +63,40 @@ func runContainedCmd(cmd *cobra.Command, containerName string, args []string) (e
- 		childArgs = append(childArgs, "--node", nodeName)
- 	}
- 	childArgs = append(childArgs, args...)
-+	// copy the files into the container at this stage, es in __child the
-+	// command syscall.Exec which replaces the __child process with the
-+	// exec command in the container. All the mounts, have to be done in
-+	// __child so that the used mounts don't propagate outside on the host
-+	// (see the CLONE attributes), but as for the cow copy option we need
-+	// to see if a file was modified after it was copied into the container
-+	// so do this here.
-+	// At first read out conf, the parse commandline, as copy files has the
-+	// same synatx as mount points
-+	mountPts := conf.MountsContainer
-+	mountPts = append(container.InitMountPnts(binds), mountPts...)
-+	filesToCpy := getCopyFiles(containerName, mountPts)
-+	for i, cpyFile := range filesToCpy {
-+		if err = util.CopyFile(cpyFile.Src, path.Join(container.RootFsDir(containerName), cpyFile.FileName)); err != nil {
-+			return fmt.Errorf("couldn't copy files into container: %w", err)
-+		}
-+		// we can ignore error as the file was copied
-+		stat, _ := os.Stat(path.Join(container.RootFsDir(containerName), cpyFile.FileName))
-+		filesToCpy[i].ModTime = stat.ModTime()
-+	}
- 	wwlog.Verbose("Running contained command: %s", childArgs)
--	return childCommandFunc(cmd, childArgs)
-+	retVal := childCommandFunc(cmd, childArgs)
-+	for _, cpyFile := range filesToCpy {
-+		if modStat, err := os.Stat(path.Join(container.RootFsDir(containerName), cpyFile.FileName)); err != nil {
-+			wwlog.Warn("copied file was removed: %s", err)
-+		} else {
-+			if modStat.ModTime() == cpyFile.ModTime {
-+				if err := os.Remove(path.Join(container.RootFsDir(containerName), cpyFile.FileName)); err != nil {
-+					wwlog.Warn("couldn't remove copied file: %s", err)
-+				}
-+			}
-+		}
-+	}
-+	return retVal
- }
- 
- func CobraRunE(cmd *cobra.Command, args []string) error {
-@@ -154,3 +185,40 @@ func SetBinds(myBinds []string) {
- func SetNode(myNode string) {
- 	nodeName = myNode
- }
-+
-+// file name and last modification time so we can remove the file if it wasn't modified
-+type cowFile struct {
-+	FileName string
-+	Src      string
-+	ModTime  time.Time
-+	Cow      bool
-+}
-+
-+/*
-+Check the objects we want to copy in, instead of mounting
-+*/
-+func getCopyFiles(containerNamer string, binds []*warewulfconf.MountEntry) (copyObjects []cowFile) {
-+	for _, bind := range binds {
-+		if !bind.Cow || bind.ReadOnly {
-+			continue
-+		}
-+		if _, err := os.Stat(path.Join(container.RootFsDir(containerNamer), path.Dir(bind.Dest))); err != nil {
-+			wwlog.Warn("destination directory doesn't exist: %s", err)
-+			continue
-+		}
-+		if _, err := os.Stat(path.Join(container.RootFsDir(containerNamer), bind.Dest)); err == nil {
-+			wwlog.Verbose("file exists in container: %s", bind.Dest)
-+			continue
-+		}
-+		if _, err := os.Stat(bind.Source); err != nil {
-+			wwlog.Warn("source doesn't exist: %s", err)
-+			continue
-+		}
-+		copyObjects = append(copyObjects, cowFile{
-+			FileName: bind.Dest,
-+			Src:      bind.Source,
-+			Cow:      bind.Cow,
-+		})
-+	}
-+	return
-+}
-diff --git a/internal/app/wwctl/container/exec/root.go b/internal/app/wwctl/container/exec/root.go
-index 4b74c941..0b6aaf63 100644
---- a/internal/app/wwctl/container/exec/root.go
-+++ b/internal/app/wwctl/container/exec/root.go
-@@ -32,7 +32,11 @@ var (
- 
- func init() {
- 	baseCmd.AddCommand(child.GetCommand())
--	baseCmd.PersistentFlags().StringArrayVarP(&binds, "bind", "b", []string{}, "Bind a local path into the container (must exist)")
-+	baseCmd.PersistentFlags().StringArrayVarP(&binds, "bind", "b", []string{}, `Bind a local path which must exist into the container. Syntax is
-+source[:destination[:{ro|cow}]] If destination is not set, 
-+it will the same path as source.The additional parameter is 
-+ro for read only and cow, which means the file is copied into 
-+the container and removed if not modified.`)
- 	baseCmd.PersistentFlags().BoolVar(&SyncUser, "syncuser", false, "Synchronize UIDs/GIDs from host to container")
- 	baseCmd.PersistentFlags().StringVarP(&nodeName, "node", "n", "", "Create a read only view of the container for the given node")
- }
-diff --git a/internal/app/wwctl/container/shell/root.go b/internal/app/wwctl/container/shell/root.go
-index cceb7512..52d9825d 100644
---- a/internal/app/wwctl/container/shell/root.go
-+++ b/internal/app/wwctl/container/shell/root.go
-@@ -28,7 +28,11 @@ var (
- )
- 
- func init() {
--	baseCmd.PersistentFlags().StringArrayVarP(&binds, "bind", "b", []string{}, "Bind a local path into the container (must exist)")
-+	baseCmd.PersistentFlags().StringArrayVarP(&binds, "bind", "b", []string{}, `Bind a local path which must exist into the container. Syntax is
-+source[:destination[:{ro|cow}]] If destination is not set, 
-+it will the same path as source.The additional parameter is 
-+ro for read only and cow, which means the file is copied into 
-+the container and removed if not modified.`)
- 	baseCmd.PersistentFlags().StringVarP(&nodeName, "node", "n", "", "Create a read only view of the container for the given node")
- }
- 
-diff --git a/internal/pkg/config/mounts.go b/internal/pkg/config/mounts.go
-index 2eb5060b..35805202 100644
---- a/internal/pkg/config/mounts.go
-+++ b/internal/pkg/config/mounts.go
-@@ -7,4 +7,5 @@ type MountEntry struct {
- 	Dest     string `yaml:"dest,omitempty"`
- 	ReadOnly bool   `yaml:"readonly,omitempty"`
- 	Options  string `yaml:"options,omitempty"` // ignored at the moment
-+	Cow      bool   `yaml:"cow,omitempty"`     // copy the file into the container and don't remove if modified
- }
-diff --git a/internal/pkg/container/mountpoints.go b/internal/pkg/container/mountpoints.go
-index 5de00c75..7c16a0a9 100644
---- a/internal/pkg/container/mountpoints.go
-+++ b/internal/pkg/container/mountpoints.go
-@@ -21,13 +21,19 @@ func InitMountPnts(binds []string) (mounts []*warewulfconf.MountEntry) {
- 			dest = bind[1]
- 		}
- 		readonly := false
--		if len(bind) >= 3 && bind[2] == "ro" {
--			readonly = true
-+		cow := false
-+		if len(bind) >= 3 {
-+			if bind[2] == "ro" {
-+				readonly = true
-+			} else if bind[2] == "cow" {
-+				cow = true
-+			}
- 		}
- 		mntPnt := warewulfconf.MountEntry{
- 			Source:   bind[0],
- 			Dest:     dest,
- 			ReadOnly: readonly,
-+			Cow:      cow,
- 		}
- 		mounts = append(mounts, &mntPnt)
- 	}
-diff --git a/userdocs/contents/containers.rst b/userdocs/contents/containers.rst
-index aa8385eb..02e0fbc6 100644
---- a/userdocs/contents/containers.rst
-+++ b/userdocs/contents/containers.rst
-@@ -216,6 +216,21 @@ when using the exec command. This works as follows:
-    location, as it is almost always present and empty in every Linux
-    distribution (as prescribed by the LSB file hierarchy standard).
- 
-+Files which should always be present in a container image like ``resolv.conf``
-+can be specified in ``warewulf.conf`` with following container_exit
-+
-+.. code-block:: yaml
-+   container mounts:
-+   - source: /etc/resolv.conf
-+     dest: /etc/resolv.conf
-+     readonly: true
-+
-+.. note::
-+   Instead of the ``readonly`` setting you can set ``cow``, which 
-+   has the effect, that the source file is copied to the container
-+   and removed if it was modified. This useful for file used for
-+   registrations.
-+
- When the command completes, if anything within the container changed,
- the container will be rebuilt into a bootable static object
- automatically.

vendor.tar.xz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:5f8e5c963f2f3c8496b9946547403cfa67f1605a84852f5fc20d8237e295011a
+oid sha256:e5ae6fb19f23b3f4ad3f1c347a812ebaf49a774cc394ba5d6b063576b9923178
-size 5453108
+size 5306232

warewulf-4.5.6.obscpio

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e9eb2bf48a885a73e7bc34dbb803528ee8943346c28f5f946f1af3871734ef78
-size 3755020

warewulf-4.6.0rc3.obscpio

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:44ff3be23c6fcf3e4e7ce3e5b238e116f30c678a5f4336de479e5c2518be9dfe
+size 30093325

warewulf.obsinfo

@@ -1,4 +1,4 @@
 name: warewulf
-version: 4.5.6
+version: 4.6.0rc3
-mtime: 1722867783
+mtime: 1740311359
-commit: ad21463ac4c885e19818c131391a0fbf04053a89
+commit: 52f555034fd931a622cabc029cf8f410ae4fdb84

warewulf4.changes

@@ -1,3 +1,64 @@
+-------------------------------------------------------------------
+Wed Feb 26 16:26:11 UTC 2025 - Christian Goll <cgoll@suse.com>
+
+- added WWWORKER-overwrites-runtime.NumCPU.patch for reproducible
+  builds
+
+-------------------------------------------------------------------
+Tue Feb 25 14:13:23 UTC 2025 - Christian Goll <cgoll@suse.com>
+
+- Update to version 4.6.0rc3 what is a major upgrade with following
+  highlights:
+  * renamed container to images
+  * "sprig" functions in overlays
+  * support for yaml and json formatted output
+  * completely re-designed kernel selection support
+  * nested profiles
+  * arbitrary node and profile data in new "resources" structure
+  * moved NFS mount options to resources / fstab overlay
+  * split overlays by function
+  * split overlays, site vs distribution
+  * replaced defaults.conf with settings on default profile
+  * improved tabular output
+  * parallel overlay build
+  * improved networking functionality (static route, vlans, and bonds)
+  * kernel arguments as a list
+  * non-zero exit codes on wwctl errors
+  * fixed argument parsing for wwctl image exec
+  * Defined menu for ipxe boot
+  * Re-order SSH key types to make ed25519 default.
+- The configuation files nodes.conf and warewulf.conf will be updated
+  on upgrade and the unmodified configuration files will be saved 
+  as nodes.conf.4.5.x and warewulf.conf.4.5.x
+
+-------------------------------------------------------------------
+Fri Feb 21 08:17:53 UTC 2025 - Egbert Eich <eich@suse.com>
+
+- Provide an overlay package for the cluster-wide configuration
+  of an RKE2 cluster. This allows to share the connection token
+  across all node and sthe first server endpoint across all agents.
+
+-------------------------------------------------------------------
+Tue Oct 22 06:53:46 UTC 2024 - Christian Goll <cgoll@suse.com>
+
+- removing build rules for sle12 and fixing logrotate name
+
+-------------------------------------------------------------------
+Mon Oct 14 13:41:00 UTC 2024 - cgoll@suse.com
+
+- Update to version 4.5.8:
+- Warewulf v4.5.8 simplifies the `wwinit` boot process for SELinux
+  and configures tmpfs to spread the node image across all
+  available NUMA nodes. It also improves the detection of kernels
+  in the container image to more reliably detect the newest
+  available kernel and to avoid debug / rescue kernels.
+- Warewulf v4.5.7 fixes the ability to override overlay files
+  configured in profiles with overlays configured per-node; fixes
+  a template processing bug bug in development-time overlay
+  rendering; and improves the preview dracut-based boot process to
+  better support a "secure" boot process.
+- removed added-cow-option-to-bind.patch as now in upstream
+
 -------------------------------------------------------------------
 Thu Aug 22 12:56:41 UTC 2024 - Christian Goll <cgoll@suse.com>
 
@@ -10,15 +71,16 @@ Thu Aug 22 12:56:41 UTC 2024 - Christian Goll <cgoll@suse.com>
 Fri Aug 09 12:39:33 UTC 2024 - cgoll@suse.com
 
 - Update to version 4.5.6 with following changes:
-  * Show more information during wwctl container <shell|exec> about 
+  * Show more information during `wwctl container <shell|exec>`
-    when and if the container image will be rebuilt. 
+    about when and if the container image will be rebuilt.
-  * Command-line completion for wwctl overlay <edit|delete|chmod|chown>. 
+  * Command-line completion for `wwctl overlay <edit|delete|chmod|chown>`.
-  * Display an error during boot if no container is defined. 
+  * Display an error during boot if no container is defined.
-  * wwctl conaitner list --kernel shows the kernel detected for each container. 
+  * `wwctl container list --kernel` shows the kernel detected for
-  *  wwctl container list --size shows the uncompressed size of each container. 
+    each container.
-    --compressed shows the compressed size, and --chroot shows the size of the container i
+  *  `wwctl container list --size` shows the uncompressed size of
-    source on the server. 
+     each container. `--compressed` shows the compressed size, and
-  * Add a logrotate config for warewulfd.log.
+     `--chroot` shows the size of the container source on the server.
+  * Add a logrotate config for `warewulfd.log`.
 - removed following patches as accepted upstream:
   * empty-container.patch
   * enhanced-cont-list.patch

warewulf4.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package warewulf4
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,34 +18,40 @@
 
 %global tftpdir /srv/tftpboot
 %global srvdir %{_sharedstatedir}
-#%%global githash 5b0de8ea5397ca42584335517fd4959d7ffe3da5
+#%%global githash fd49254ac592d325056aa58a564933a008539607
+%if 0%{?githash}
+%define srcdir warewulf-%{githash}
+%else
+%define srcdir warewulf-%{version}
+%endif
 
 ExclusiveArch:  x86_64 aarch64
 
 Name:           warewulf4
-Version:        4.5.6
+Version:        4.6.0rc3
 Release:        0
 Summary:        A suite of tools for clustering
 License:        BSD-3-Clause
 Group:          Productivity/Clustering/Computing
 URL:            https://warewulf.org
 Source0:        warewulf-%{version}.tar
+#Source0:        https://github.com/mslacken/warewulf/archive/%{githash}.tar.gz#/warewulf-%{version}.tar.gz
 Source1:        vendor.tar.xz
 Source5:        warewulf4-rpmlintrc
 Source10:       config-ww4.sh
 Source11:       adjust_overlays.sh
 Source20:       README.dnsmasq
-Patch0:         added-cow-option-to-bind.patch
+Source21:       README.RKE2.md
+Patch0:         WWWORKER-overwrites-runtime.NumCPU.patch
 
-# no firewalld in sle12
-%if 0%{?sle_version} >= 150000 || 0%{?suse_version} > 1500
-BuildRequires:  firewalld
-%endif
 BuildRequires:  distribution-release
 BuildRequires:  dracut
+BuildRequires:  firewalld
 BuildRequires:  go >= 1.20
 BuildRequires:  golang-packaging
+BuildRequires:  iproute2
 BuildRequires:  libgpg-error-devel
+BuildRequires:  logrotate
 BuildRequires:  make
 BuildRequires:  munge
 BuildRequires:  sysuser-tools
@@ -55,7 +61,10 @@ BuildRequires:  pkgconfig(gpgme)
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %sysusers_requires
 Requires:       %{name}-overlay = %{version}
+Requires:       firewalld
+Requires:       iproute2
 Requires:       ipxe-bootimgs
+Requires:       logrotate
 Requires:       pigz
 Requires:       tftp
 Requires:       ( dhcp-server or dnsmasq )
@@ -99,9 +108,19 @@ Obsoletes:      warewulf4-slurm <= 4.4.0
 Provides:       warewulf4-slurm = %version
 
 %description overlay-slurm
-This package install the necessary configuration files in order to run a slurm
+This package installs the necessary configuration files in order to run a slurm
 cluster on the configured warewulf nodes.
 
+%package overlay-rke2
+Summary:        Configuration template for RKE2
+Requires:       %{name} = %{version}
+Requires:       slurm
+BuildArch:      noarch
+
+%description overlay-rke2
+This package provides a template that is used to share a connection token
+and server endpoint information across an RKE2 cluster.
+
 %package dracut
 Summary:        Dracut module for loading a Warewulf container image
 BuildArch:      noarch
@@ -114,7 +133,7 @@ an initramfs that can fetch and boot a Warewulf container image from a
 Warewulf server.
 
 %prep
-%autosetup -a1 -p1 -n warewulf-%{version}
+%autosetup -a1 -p1 -n %{srcdir}
 echo %{version} > VERSION
 
 %build
@@ -172,7 +191,7 @@ mv -v %{buildroot}%{_sysconfdir}/bash_completion.d/wwctl \
   %{buildroot}%{_datadir}/bash-completion/completions/wwctl
 # copy the LICESNSE.md via %%doc
 rm -f %{buildroot}/usr/share/doc/packages/warewulf/LICENSE.md
-cp %{S:20} .
+cp %{S:20} %{S:21} .
 
 # use ipxe-bootimgs images from distribution
 yq e '
@@ -184,14 +203,10 @@ yq e '
   .["container mounts"] += {"source": "/etc/SUSEConnect", "dest": "/etc/SUSEConnect", "readonly": true} |
   .["container mounts"] += {"source": "/etc/zypp/credentials.d/SCCcredentials", "dest": "/etc/zypp/credentials.d/SCCcredentials", "readonly": true}' \
   -i %{buildroot}%{_sysconfdir}/warewulf/warewulf.conf
-# disable suse net-naming
-#yq -e '
-#  .defaultnode.kernel.args="quiet crashkernel=no net.ifnames=1" |
-#  del(.defaultnode.["boot method"] )' \
-#  -i %{buildroot}%{_datadir}/warewulf/defaults.conf
 # SUSE starts user UIDs at 1000
-sed -i -e 's@\(.* \$_UID \(>\|-ge\) \)500\(.*\)@\11000\3@' %{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/profile.d/ssh_setup.*sh.ww
+#sed -i -e 's@\(.* \$_UID \(>\|-ge\) \)500\(.*\)@\11000\3@' %{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/profile.d/ssh_setup.*sh.ww
 # fix dhcp for SUSE
+mv %{buildroot}%{_prefix}/share/warewulf/overlays %{buildroot}%{_localstatedir}/lib/warewulf/
 mv %{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/dhcp/dhcpd.conf.ww %{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/dhcpd.conf.ww
 rmdir %{buildroot}%{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/dhcp
 
@@ -215,16 +230,36 @@ mkdir -p %{buildroot}%{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/
 cat >  %{buildroot}%{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/slurm/slurm.conf.ww <<EOF
 {{ Include "/etc/slurm/slurm.conf" }}
 EOF
+# prepare RKE2 configuration template
+mkdir -p %{buildroot}%{_localstatedir}/lib/warewulf/overlays/rke2-config/etc/rancher/rke2
+cat > %{buildroot}%{_localstatedir}/lib/warewulf/overlays/rke2-config/etc/rancher/rke2/config.yaml.ww <<EOF
+{{ if ne (index .Tags "server") "" -}}
+server: https://{{ index .Tags "server" }}:9345
+{{ end -}}
+{{ if ne (index .Tags "clienttoken") "" -}}
+token: {{ index .Tags "connectiontoken" }}
+{{ end -}}
+EOF
+chmod 600 %{buildroot}%{_localstatedir}/lib/warewulf/overlays/rke2-config/etc/rancher/rke2/config.yaml.ww
 # move the other example templates for client overlays to package documentation
 mkdir -p %{buildroot}/%{_defaultdocdir}/%{name}
 mv %{buildroot}/%{_sysconfdir}/warewulf/examples %{buildroot}%{_defaultdocdir}/%{name}/example-templates
+# fix logrotate name
+mv %{buildroot}/%{_sysconfdir}/logrotate.d/warewulfd.conf %{buildroot}/%{_sysconfdir}/logrotate.d/warewulf4
 
 %pre -f %{name}.pre
 %service_add_pre warewulfd.service
 
 %post
 %service_add_post warewulfd.service
+if [$1 -eq 1 ] ; then
+cp %{_sysconfdir}/warewulf/nodes.conf %{_sysconfdir}/warewulf/nodes.conf.4.5.x
+cp %{_sysconfdir}/warewulf/warewulf.conf %{_sysconfdir}/warewulf/warewulf.conf.4.5.x
+%{_bindir}/wwctl upgrade nodes --replace-overlay --add-defaults
+%{_bindir}/wwctl upgrade config
+else
 %{_datadir}/warewulf/scripts/config-warewulf.sh
+fi
 
 %preun
 %service_del_preun warewulfd.service
@@ -247,7 +282,7 @@ mv %{buildroot}/%{_sysconfdir}/warewulf/examples %{buildroot}%{_defaultdocdir}/%
 %config(noreplace) %{_sysconfdir}/warewulf/warewulf.conf
 %config(noreplace) %{_sysconfdir}/warewulf/grub
 %config(noreplace) %{_sysconfdir}/warewulf/ipxe
-%{_sysconfdir}/logrotate.d/warewulfd.conf
+%config %{_sysconfdir}/logrotate.d/warewulf4
 %{_defaultdocdir}/%{name}/example-templates
 %{_prefix}/lib/firewalld/services/warewulf.xml
 %exclude %{_datadir}/warewulf/overlays
@@ -275,6 +310,7 @@ mv %{buildroot}/%{_sysconfdir}/warewulf/examples %{buildroot}%{_defaultdocdir}/%
 %exclude %{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/slurm
 %exclude %{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/slurm
 %exclude %{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/munge
+%exclude %{_localstatedir}/lib/warewulf/overlays/rke2-config
 
 %files overlay-slurm
 %dir %{_localstatedir}/lib/warewulf/overlays/host/rootfs/etc/slurm
@@ -286,6 +322,14 @@ mv %{buildroot}/%{_sysconfdir}/warewulf/examples %{buildroot}%{_defaultdocdir}/%
 %dir %attr(0700,munge,munge) %{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/munge
 %attr(0600,munge,munge) %config(noreplace) %{_localstatedir}/lib/warewulf/overlays/generic/rootfs/etc/munge/munge.key.ww
 
+%files overlay-rke2
+%doc README.RKE2.md
+%dir %{_localstatedir}/lib/warewulf/overlays/rke2-config
+%dir %{_localstatedir}/lib/warewulf/overlays/rke2-config/etc
+%dir %{_localstatedir}/lib/warewulf/overlays/rke2-config/etc/rancher
+%dir %{_localstatedir}/lib/warewulf/overlays/rke2-config/etc/rancher/rke2
+%attr(0600,root,root) %{_localstatedir}/lib/warewulf/overlays/rke2-config/etc/rancher/rke2/config.yaml.ww
+
 %files dracut
 %defattr(-, root, root)
 %dir %{_prefix}/lib/dracut/modules.d/90wwinit