suse-edge/Factory
SHA256
14
0
Fork 15
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Install both ramdisks in the ipa downloader
All checks were successful
Build PR in OBS / Build PR in OBS (pull_request_target) Successful in 2h41m20s
Details

Browse Source 
- Make the different ipa-ramdisk packages installable side by side
- Clean the ipa-downloader Dockerfile from what seems to be unneeded
- Get both images in
- Use zstd instead of xz for better speed
- Check sums before redoing certs integration
- Add value to metal3 chart to select between architectures

Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
This commit is contained in:
Nicolas Belouin
2025-02-28 12:25:36 +01:00
parent c744e56218
commit 780d38b356
9 changed files with 63 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
_config
View File

@@ -113,6 +113,9 @@ BuildFlags: onlybuild:release-manifest-image
%if "%_repository" == "standard"
# for build openstack-ironic-image
BuildFlags: allowrootforbuild
# ironic-ipa-ramdisk are noarch packages that need to be availble to both archs
ExportFilter: ^ironic-ipa-ramdisk-.*\.noarch\.rpm$ aarch64 x86_64
%endif
# Enable reproducible builds

4
ironic-image/inspector.ipxe.j2
View File

@@ -5,6 +5,6 @@ echo In inspector.ipxe
imgfree
# NOTE(dtantsur): keep inspection kernel params in [mdns]params in
# ironic-inspector-image and configuration in configure-ironic.sh
kernel --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
initrd --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.initramfs || goto retry_boot
kernel --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent-${buildarch}.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
initrd --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent-${buildarch}.initramfs || goto retry_boot
boot

14
ironic-ipa-downloader-image/Dockerfile
View File

@@ -8,15 +8,8 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "x86_64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \
fi
#!ArchExclusiveLine: aarch64
RUN if [ "$(uname -m)" = "aarch64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-aarch64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \
fi
#RUN zypper --installroot /installroot --non-interactive install --no-recommends sles-release;
RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 ironic-ipa-ramdisk-aarch64 tar gawk curl xz zstd shadow cpio
RUN cp /usr/bin/getopt /installroot/
FROM micro AS final
@@ -41,8 +34,9 @@ LABEL com.suse.release-stage="released"
COPY --from=base /installroot /
RUN cp /getopt /usr/bin/
RUN cp /srv/tftpboot/openstack-ironic-image/initrd.xz /tmp
RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256sum
# configure non-root user
COPY configure-nonroot.sh /bin/
RUN set -euo pipefail; chmod +x /bin/configure-nonroot.sh

51
ironic-ipa-downloader-image/get-resource.sh
View File

@@ -6,12 +6,36 @@ export http_proxy=${http_proxy:-$HTTP_PROXY}
export https_proxy=${https_proxy:-$HTTPS_PROXY}
export no_proxy=${no_proxy:-$NO_PROXY}
if [ -d "/tmp/ironic-certificates" ]; then
sha256sum /tmp/ironic-certificates/* > /tmp/certificates.sha256
if cmp "/shared/certificates.sha256" "/tmp/certificates.sha256"; then
REFRESH_CERTS=1
else
REFRESH_CERTS=0
fi
# Which image should we use
if [ -z "${IPA_BASEURI}" ]; then
# SLES BASED IPA - ironic-ipa-ramdisk-x86_64 package
if cmp "/shared/images.sha256" "/tmp/images.sha256"; then
if [ "${REFRESH_CERTS:-1}" = "1" ]; then
# everything is the same exit early
exit 0
fi
else
if [ "${REFRESH_CERTS:-0}" = "1" ]; then
# Image has changed we need to refresh certs anyway
REFRESH_CERTS=0
fi
fi
# SLES BASED IPA - ironic-ipa-ramdisk-x86_64 and ironic-ipa-ramdisk-aarch64 packages
mkdir -p /shared/html/images
cp /tmp/initrd.xz /shared/html/images/ironic-python-agent.initramfs
cp /tmp/openstack-ironic-image*.kernel /shared/html/images/ironic-python-agent.kernel
cp /tmp/initrd-x86_64.zst /shared/html/images/ironic-python-agent-x86_64.initramfs
cp /tmp/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent-x86_64.kernel
# Use arm64 as destination for iPXE compatibility
cp /tmp/initrd-aarch64.zst /shared/html/images/ironic-python-agent-arm64.initramfs
cp /tmp/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent-arm64.kernel
cp /tmp/images.sha256 /shared/images/sha256
else
FILENAME=ironic-python-agent
FILENAME_EXT=.tar
@@ -49,23 +73,32 @@ else
if [ -s $FFILENAME ] ; then
tar -xf $FFILENAME
xz -d -c -k --fast $FILENAME.initramfs | zstd -c > $FILENAME.initramfs.zstd
mv $FILENAME.initramfs.zstd $FILENAME.initramfs
ARCH=$(file -b ${FILENAME}.kernel | cut -d ' ' -f 3)
if [ "$ARCH" = "x86" ]; then
ARCH="x86_64"
ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r")
cd -
chmod 755 $TMPDIR
mv $TMPDIR $FILENAME-$ETAG
ln -sf $FILENAME-$ETAG/$FFILENAME.headers $FFILENAME.headers
ln -sf $FILENAME-$ETAG/$FILENAME.initramfs $FILENAME.initramfs
ln -sf $FILENAME-$ETAG/$FILENAME.kernel $FILENAME.kernel
ln -sf $FILENAME-$ETAG/$FILENAME.initramfs $FILENAME-${ARCH,,}.initramfs
ln -sf $FILENAME-$ETAG/$FILENAME.kernel $FILENAME-${ARCH,,}.kernel
if [ "${REFRESH_CERTS:-0}" = "1" ]; then
# Image has changed we need to refresh certs anyway
REFRESH_CERTS=0
fi
else
rm -rf $TMPDIR
fi
fi
if [ -d "/tmp/ironic-certificates" ]; then
if [ "${REFRESH_CERTS:-1}" = "0" ]; then
mkdir -p /tmp/ca/tmp-initrd && cd /tmp/ca/tmp-initrd
xz -d -c -k --fast /shared/html/images/ironic-python-agent.initramfs | fakeroot -s ../initrd.fakeroot cpio -i
mkdir -p etc/ironic-python-agent.d/ca-certs
cp /tmp/ironic-certificates/* etc/ironic-python-agent.d/ca-certs/
find . | fakeroot -i ../initrd.fakeroot cpio -o -H newc | xz --check=crc32 --x86 --lzma2 --fast > /shared/html/images/ironic-python-agent.initramfs
find . | cpio -o -H newc --reproducible | zstd -c >> /shared/html/images/ironic-python-agent.initramfs
cp /tmp/certificates.sha256 /shared/certificates.sha256
fi

2
ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi
View File

@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<image schemaversion="7.4" name="openstack-ironic-image-301">
<image schemaversion="7.4" name="openstack-ironic-image">
<description type="system">
<author>Cloud developers</author>
<contact>cloud-devel@suse.de</contact>

6
ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec
View File

@@ -148,10 +148,8 @@ TDIR=`mktemp -d /tmp/openstack-ironic-image.XXXXX`
cd /tmp/openstack-ironic-image/img/build/image-root
find . | cpio --create --format=newc --quiet > $TDIR/initrdtmp
cd $TDIR
gzip -9 -f initrdtmp
INITRDGZ=`ls *.gz | head -1`
gzip -cd $INITRDGZ | xz --check=crc32 -c9 > initrd.xz
INITRD=`ls *.xz | head -1`
zstd initrdtmp -o initrd-%{_arch}.zst
INITRD=`ls *.zst | head -1`
ls /tmp/openstack-ironic-image/img/openstack-ironic-image*
KERNEL=`ls /tmp/openstack-ironic-image/img/openstack-ironic-image*default*kernel | head -1`

5
metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml
View File

@@ -5,6 +5,7 @@
{{- $ironicApiHost := print $ironicIP ":6385" }}
{{- $ironicBootHost := print $ironicIP ":6180" }}
{{- $ironicCacheHost := print $ironicIP ":6180" }}
{{- $ipaArch := .Values.global.ipaArchitecture }}
apiVersion: v1
data:
@@ -19,8 +20,8 @@ data:
{{- $protocol = "http" }}
{{- end }}
CACHEURL: "{{ $protocol }}://{{ $ironicCacheHost }}/images"
DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.kernel"
DEPLOY_RAMDISK_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.initramfs"
DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $ipaArch }}.kernel"
DEPLOY_RAMDISK_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $ipaArch }}.initramfs"
kind: ConfigMap
metadata:
name: baremetal-operator-ironic

5
metal3-chart/charts/ironic/templates/configmap.yaml
View File

@@ -12,6 +12,7 @@ data:
{{- $ironicApiHost := print $ironicIP ":6385" }}
{{- $ironicBootHost := print $ironicIP ":6180" }}
{{- $ironicCacheHost := print $ironicIP ":6180" }}
{{- $ipaArch := .Values.global.ipaArchitecture }}
{{- if ( .Values.global.enable_dnsmasq ) }}
DNSMASQ_BOOT_SERVER_ADDRESS: {{ $ironicBootHost }}
@@ -39,8 +40,8 @@ data:
{{- end }}
IRONIC_EXTERNAL_HTTP_URL: {{ $protocol }}://{{ $ironicCacheHost }}
CACHEURL: {{ $protocol }}://{{ $ironicCacheHost }}/images
DEPLOY_KERNEL_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.kernel
DEPLOY_RAMDISK_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.initramfs
DEPLOY_KERNEL_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $ipaArch }}.kernel
DEPLOY_RAMDISK_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $ipaArch }}.initramfs
IRONIC_BOOT_BASE_URL: {{ $protocol }}://{{ $ironicBootHost }}
IRONIC_VMEDIA_HTTPD_SERVER_NAME: {{ $ironicBootHost }}
ENABLE_PXE_BOOT: "{{ .Values.global.enable_pxe_boot }}"

3
metal3-chart/values.yaml
View File

@@ -63,6 +63,9 @@ global:
# Name for the MariaDB service
databaseServiceName: metal3-mariadb
# Architecture for IPA (either x86_64 or arm64)
ipaArchitecture: x86_64
# In a multi-node cluster use the node selector to ensure the pods
# all run on the same host where the dnsmasqDNSServer and provisioningIP
# and /opt/media exist. Uncomment the nodeSelector and update the