suse-edge/Factory
SHA256
14
0
Fork 14
Code Issues Pull Requests 5 Actions Packages Projects Releases Wiki Activity

Install both ramdisks in the ipa downloader #84

Merged
nbelouin merged 1 commits from nbelouin/Factory:multi-arch-ipa into main 2025-04-03 15:36:02 +02:00
Conversation 7 Commits 1 Files Changed 25 +1310 -108
25 changed files with 1310 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
_config
View File

@@ -86,6 +86,7 @@ BuildFlags: onlybuild:release-manifest-image
BuildFlags: onlybuild:metallb-controller-image BuildFlags: onlybuild:metallb-controller-image
BuildFlags: onlybuild:metallb-speaker-image BuildFlags: onlybuild:metallb-speaker-image
BuildFlags: onlybuild:nm-configurator BuildFlags: onlybuild:nm-configurator
BuildFlags: onlybuild:shim-noarch
%endif %endif
%endif %endif
@@ -112,6 +113,9 @@ BuildFlags: onlybuild:release-manifest-image
%if "%_repository" == "standard" %if "%_repository" == "standard"
# for build openstack-ironic-image # for build openstack-ironic-image
BuildFlags: allowrootforbuild BuildFlags: allowrootforbuild
# ironic-ipa-ramdisk are noarch packages that need to be availble to both archs
ExportFilter: ^ironic-ipa-ramdisk-.*\.noarch\.rpm$ aarch64 x86_64
%endif %endif
# Enable reproducible builds # Enable reproducible builds

2
baremetal-operator/_service
View File

@@ -2,7 +2,7 @@
<service name="obs_scm"> <service name="obs_scm">
<param name="url">https://github.com/metal3-io/baremetal-operator</param> <param name="url">https://github.com/metal3-io/baremetal-operator</param>
<param name="scm">git</param> <param name="scm">git</param>
<param name="revision">v0.9.0</param> <param name="revision">v0.9.1</param>
<param name="version">_auto_</param> <param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param> <param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param> <param name="changesgenerate">enable</param>

2
baremetal-operator/baremetal-operator.spec
View File

@@ -17,7 +17,7 @@
Name: baremetal-operator Name: baremetal-operator
Version: 0.9.0 Version: 0.9.1
Release: 0 Release: 0
Summary: Implements a Kubernetes API for managing bare metal hosts Summary: Implements a Kubernetes API for managing bare metal hosts
License: Apache-2.0 License: Apache-2.0

21
ironic-image/Dockerfile
View File

@@ -1,6 +1,6 @@
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.3 #!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.4
#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.3-%RELEASE% #!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.4-%RELEASE%
#!BuildVersion: 15.6 #!BuildVersion: 15.6
ARG SLE_VERSION ARG SLE_VERSION
@@ -8,14 +8,8 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
#!ArchExclusiveLine: x86_64 RUN zypper -n in --no-recommends shim-x86_64 shim-aarch64 grub2-x86_64-efi grub2-arm64-efi dosfstools mtools
RUN if [ "$(uname -m)" = "x86_64" ];then \
zypper -n in --no-recommends gcc git make xz-devel shim dosfstools mtools glibc-extra grub2-x86_64-efi grub2; zypper -n clean; rm -rf /var/log/*; \
fi
#!ArchExclusiveLine: aarch64
RUN if [ "$(uname -m)" = "aarch64" ];then \
zypper -n rm kubic-locale-archive-2.31-10.36.noarch openssl-1_1-1.1.1l-150500.17.37.1.aarch64; zypper -n in --no-recommends gcc git make xz-devel openssl-3 mokutil shim dosfstools mtools glibc glibc-extra grub2 grub2-arm64-efi; zypper -n clean; rm -rf /var/log/* ;\
fi
WORKDIR /tmp WORKDIR /tmp
COPY prepare-efi.sh /bin/ COPY prepare-efi.sh /bin/
RUN set -euo pipefail; chmod +x /bin/prepare-efi.sh RUN set -euo pipefail; chmod +x /bin/prepare-efi.sh
@@ -46,8 +40,8 @@ LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Ba
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/" LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC" LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opencontainers.image.version="26.1.2.3" LABEL org.opencontainers.image.version="26.1.2.4"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.3-%RELEASE%" LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.4-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%" LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024" LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -88,7 +82,8 @@ RUN if [ "$(uname -m)" = "aarch64" ]; then\
cp /usr/share/ipxe/snp-arm64.efi /tftpboot/ipxe.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp-arm64.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp.efi ;\ cp /usr/share/ipxe/snp-arm64.efi /tftpboot/ipxe.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp-arm64.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp.efi ;\
fi fi
COPY --from=base /tmp/esp.img /tmp/uefi_esp.img COPY --from=base /tmp/esp-x86_64.img /tmp/uefi_esp-x86_64.img
COPY --from=base /tmp/esp-aarch64.img /tmp/uefi_esp-arm64.img
COPY ironic.conf.j2 /etc/ironic/ COPY ironic.conf.j2 /etc/ironic/
COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 ipxe_config.template /tmp/ COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 ipxe_config.template /tmp/

2
ironic-image/configure-ironic.sh
View File

@@ -68,7 +68,7 @@ if [[ -n "$IRONIC_EXTERNAL_IP" ]]; then
fi fi
fi fi
IMAGE_CACHE_PREFIX=/shared/html/images/ironic-python-agent IMAGE_CACHE_PREFIX="/shared/html/images/ironic-python-agent-${DEPLOY_ARCHITECTURE}"
if [[ -f "${IMAGE_CACHE_PREFIX}.kernel" ]] && [[ -f "${IMAGE_CACHE_PREFIX}.initramfs" ]]; then if [[ -f "${IMAGE_CACHE_PREFIX}.kernel" ]] && [[ -f "${IMAGE_CACHE_PREFIX}.initramfs" ]]; then
export IRONIC_DEFAULT_KERNEL="${IMAGE_CACHE_PREFIX}.kernel" export IRONIC_DEFAULT_KERNEL="${IMAGE_CACHE_PREFIX}.kernel"
export IRONIC_DEFAULT_RAMDISK="${IMAGE_CACHE_PREFIX}.initramfs" export IRONIC_DEFAULT_RAMDISK="${IMAGE_CACHE_PREFIX}.initramfs"

4
ironic-image/inspector.ipxe.j2
View File

@@ -5,6 +5,6 @@ echo In inspector.ipxe
imgfree imgfree
# NOTE(dtantsur): keep inspection kernel params in [mdns]params in # NOTE(dtantsur): keep inspection kernel params in [mdns]params in
# ironic-inspector-image and configuration in configure-ironic.sh # ironic-inspector-image and configuration in configure-ironic.sh
kernel --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot kernel --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent-${buildarch}.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
initrd --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.initramfs || goto retry_boot initrd --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent-${buildarch}.initramfs || goto retry_boot
boot boot

2
ironic-image/ironic.conf.j2
View File

@@ -83,7 +83,7 @@ send_sensor_data = {{ env.SEND_SENSOR_DATA }}
# Power state is checked every 60 seconds and BMC activity should # Power state is checked every 60 seconds and BMC activity should
# be avoided more often than once every sixty seconds. # be avoided more often than once every sixty seconds.
send_sensor_data_interval = 160 send_sensor_data_interval = 160
bootloader = {{ env.IRONIC_BOOT_BASE_URL }}/uefi_esp.img bootloader = {{ env.IRONIC_BOOT_BASE_URL }}/uefi_esp-{{ env.DEPLOY_ARCHITECTURE }}.img
verify_step_priority_override = management.clear_job_queue:90 verify_step_priority_override = management.clear_job_queue:90
# We don't use this feature, and it creates an additional load on the database # We don't use this feature, and it creates an additional load on the database
node_history = False node_history = False

51
ironic-image/prepare-efi.sh
View File

@@ -2,41 +2,26 @@
set -euxo pipefail set -euxo pipefail
ARCH=$(uname -m) declare -A efi_arch=(
DEST=${2:-/tmp/esp.img} ["x86_64"]="X64"
OS=${1:-sles} ["aarch64"]="AA64"
)
if [ $ARCH = "aarch64" ]; then for arch in "${!efi_arch[@]}"; do
BOOTEFI=BOOTAA64.EFI
GRUBEFI=grubaa64.efi
else
BOOTEFI=BOOTX64.efi
GRUBEFI=grubx64.efi
fi
dd bs=1024 count=6400 if=/dev/zero of=$DEST DEST=/tmp/esp-${arch}.img
mkfs.msdos -F 12 -n 'ESP_IMAGE' $DEST
dd bs=1024 count=6400 if=/dev/zero of=$DEST
mkfs.msdos -F 12 -n 'ESP_IMAGE' $DEST
mmd -i $DEST EFI
mmd -i $DEST EFI/BOOT
mcopy -i $DEST -v /usr/share/efi/${arch}/shim.efi ::EFI/BOOT/BOOT${efi_arch[$arch]}.EFI
mcopy -i $DEST -v /usr/share/efi/${arch}/grub.efi ::EFI/BOOT/GRUB.EFI
mdir -i $DEST ::EFI/BOOT;
done
mkdir -p /boot/efi/EFI/BOOT
mkdir -p /boot/efi/EFI/$OS
if [ $ARCH = "aarch64" ]; then
cp -L /usr/share/efi/aarch64/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
cp -L /usr/share/efi/aarch64/grub.efi /boot/efi/EFI/BOOT/grub.efi
cp /usr/share/grub2/arm64-efi/grub.efi /boot/efi/EFI/$OS/grubaa64.efi
else
cp -L /usr/lib64/efi/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
#cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/$GRUBEFI
cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/grub.efi
fi
mmd -i $DEST EFI
mmd -i $DEST EFI/BOOT
mcopy -i $DEST -v /boot/efi/EFI/BOOT/$BOOTEFI ::EFI/BOOT
if [ $ARCH = "aarch64" ]; then
mcopy -i $DEST -v /boot/efi/EFI/BOOT/grub.efi ::EFI/BOOT
mcopy -i $DEST -v /boot/efi/EFI/$OS/$GRUBEFI ::EFI/BOOT
else
mcopy -i $DEST -v /boot/efi/EFI/$OS/grub.efi ::EFI/BOOT
fi
mdir -i $DEST ::EFI/BOOT;

2
ironic-image/runhttpd
View File

@@ -39,7 +39,7 @@ export INSPECTOR_EXTRA_ARGS
# Copy files to shared mount # Copy files to shared mount
render_j2_config /tmp/inspector.ipxe.j2 /shared/html/inspector.ipxe render_j2_config /tmp/inspector.ipxe.j2 /shared/html/inspector.ipxe
cp /tmp/uefi_esp.img /shared/html/uefi_esp.img cp /tmp/uefi_esp*.img /shared/html/
# Render the core httpd config # Render the core httpd config
render_j2_config /etc/httpd/conf/httpd.conf.j2 /etc/httpd/conf/httpd.conf render_j2_config /etc/httpd/conf/httpd.conf.j2 /etc/httpd/conf/httpd.conf

22
ironic-ipa-downloader-image/Dockerfile
View File

@@ -1,6 +1,6 @@
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.2 #!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.3
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.2-%RELEASE% #!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.3-%RELEASE%
#!BuildVersion: 15.6 #!BuildVersion: 15.6
ARG SLE_VERSION ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -8,15 +8,8 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/ COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
#!ArchExclusiveLine: x86_64 RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 ironic-ipa-ramdisk-aarch64 tar gawk curl xz zstd shadow cpio findutils
RUN if [ "$(uname -m)" = "x86_64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \
fi
#!ArchExclusiveLine: aarch64
RUN if [ "$(uname -m)" = "aarch64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-aarch64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \
fi
#RUN zypper --installroot /installroot --non-interactive install --no-recommends sles-release;
RUN cp /usr/bin/getopt /installroot/ RUN cp /usr/bin/getopt /installroot/
FROM micro AS final FROM micro AS final
@@ -26,11 +19,11 @@ FROM micro AS final
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)" LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image" LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image." LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="3.0.2" LABEL org.opencontainers.image.version="3.0.3"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/" LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC" LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.2-%RELEASE%" LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.3-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%" LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024" LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -41,8 +34,9 @@ LABEL com.suse.release-stage="released"
COPY --from=base /installroot / COPY --from=base /installroot /
RUN cp /getopt /usr/bin/ RUN cp /getopt /usr/bin/
RUN cp /srv/tftpboot/openstack-ironic-image/initrd.xz /tmp RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
# configure non-root user # configure non-root user
COPY configure-nonroot.sh /bin/ COPY configure-nonroot.sh /bin/
RUN set -euo pipefail; chmod +x /bin/configure-nonroot.sh RUN set -euo pipefail; chmod +x /bin/configure-nonroot.sh

68
ironic-ipa-downloader-image/get-resource.sh
View File

@@ -6,12 +6,33 @@ export http_proxy=${http_proxy:-$HTTP_PROXY}
export https_proxy=${https_proxy:-$HTTPS_PROXY} export https_proxy=${https_proxy:-$HTTPS_PROXY}
export no_proxy=${no_proxy:-$NO_PROXY} export no_proxy=${no_proxy:-$NO_PROXY}
if [ -d "/tmp/ironic-certificates" ]; then
sha256sum /tmp/ironic-certificates/* > /tmp/certificates.sha256
if cmp "/shared/certificates.sha256" "/tmp/certificates.sha256"; then
CERTS_CHANGED=0
else
CERTS_CHANGED=1
fi
fi
# Which image should we use # Which image should we use
if [ -z "${IPA_BASEURI}" ]; then if [ -z "${IPA_BASEURI}" ]; then
# SLES BASED IPA - ironic-ipa-ramdisk-x86_64 package if cmp "/shared/images.sha256" "/tmp/images.sha256"; then
if [ "${CERTS_CHANGED:-0}" = "0" ]; then
# everything is the same exit early
exit 0
fi
fi
IMAGE_CHANGED=1
# SLES BASED IPA - ironic-ipa-ramdisk-x86_64 and ironic-ipa-ramdisk-aarch64 packages
nbelouin marked this conversation as resolved Outdated
steven.hardy commented 2025-02-28 12:49:22 +01:00
Outdated
Review
Copy Link

IMO it would be easier to understand if we had two variables e.g CERT_CHANGED and IMAGE_CHANGED then rebuild if either one is non-zero below?

IMO it would be easier to understand if we had two variables e.g `CERT_CHANGED` and `IMAGE_CHANGED` then rebuild if either one is non-zero below?
mkdir -p /shared/html/images mkdir -p /shared/html/images
cp /tmp/initrd.xz /shared/html/images/ironic-python-agent.initramfs cp /tmp/initrd-x86_64.zst /shared/html/images/ironic-python-agent-x86_64.initramfs
cp /tmp/openstack-ironic-image*.kernel /shared/html/images/ironic-python-agent.kernel cp /tmp/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent-x86_64.kernel
# Use arm64 as destination for iPXE compatibility
cp /tmp/initrd-aarch64.zst /shared/html/images/ironic-python-agent-arm64.initramfs
cp /tmp/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent-arm64.kernel
cp /tmp/images.sha256 /shared/images.sha256
else else
FILENAME=ironic-python-agent FILENAME=ironic-python-agent
FILENAME_EXT=.tar FILENAME_EXT=.tar
@@ -25,47 +46,56 @@ else
# If we have a CACHEURL and nothing has yet been downloaded # If we have a CACHEURL and nothing has yet been downloaded
# get header info from the cache # get header info from the cache
ls -l ls -l
if [ -n "$CACHEURL" -a ! -e $FFILENAME.headers ] ; then if [ -n "$CACHEURL" ] && [ ! -e $FFILENAME.headers ] ; then
curl -g --verbose --fail -O "$CACHEURL/$FFILENAME.headers" || true curl -g --verbose --fail -O "$CACHEURL/$FFILENAME.headers" || true
fi fi
# Download the most recent version of IPA # Download the most recent version of IPA
if [ -e $FFILENAME.headers ] ; then if [ -e $FFILENAME.headers ] ; then
ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\r") ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\r")
cd $TMPDIR cd "$TMPDIR"
curl -g --verbose --dump-header $FFILENAME.headers -O $IPA_BASEURI/$FFILENAME --header "If-None-Match: $ETAG" || cp /shared/html/images/$FFILENAME.headers . curl -g --verbose --dump-header $FFILENAME.headers -O "$IPA_BASEURI/$FFILENAME" --header "If-None-Match: $ETAG" || cp /shared/html/images/$FFILENAME.headers .
# curl didn't download anything because we have the ETag already # curl didn't download anything because we have the ETag already
# but we don't have it in the images directory # but we don't have it in the images directory
# Its in the cache, go get it # Its in the cache, go get it
ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r") ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r")
if [ ! -s $FFILENAME -a ! -e /shared/html/images/$FILENAME-$ETAG/$FFILENAME ] ; then if [ ! -s $FFILENAME ] && [ ! -e "/shared/html/images/$FILENAME-$ETAG/$FFILENAME" ] ; then
mv /shared/html/images/$FFILENAME.headers . mv /shared/html/images/$FFILENAME.headers .
curl -g --verbose -O "$CACHEURL/$FILENAME-$ETAG/$FFILENAME" curl -g --verbose -O "$CACHEURL/$FILENAME-$ETAG/$FFILENAME"
fi fi
else else
cd $TMPDIR cd "$TMPDIR"
curl -g --verbose --dump-header $FFILENAME.headers -O $IPA_BASEURI/$FFILENAME curl -g --verbose --dump-header $FFILENAME.headers -O "$IPA_BASEURI/$FFILENAME"
fi fi
if [ -s $FFILENAME ] ; then if [ -s $FFILENAME ] ; then
tar -xf $FFILENAME tar -xf $FFILENAME
xz -d -c -k --fast $FILENAME.initramfs | zstd -c > $FILENAME.initramfs.zstd
mv $FILENAME.initramfs.zstd $FILENAME.initramfs
ARCH=$(file -b ${FILENAME}.kernel | cut -d ' ' -f 3)
if [ "$ARCH" = "x86" ]; then
ARCH="x86_64"
fi
ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r") ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r")
cd - cd -
chmod 755 $TMPDIR chmod 755 "$TMPDIR"
mv $TMPDIR $FILENAME-$ETAG mv "$TMPDIR" "$FILENAME-$ETAG"
ln -sf $FILENAME-$ETAG/$FFILENAME.headers $FFILENAME.headers ln -sf "$FILENAME-$ETAG/$FFILENAME.headers" "$FFILENAME.headers"
ln -sf $FILENAME-$ETAG/$FILENAME.initramfs $FILENAME.initramfs ln -sf "$FILENAME-$ETAG/$FILENAME.initramfs" "$FILENAME-${ARCH,,}.initramfs"
ln -sf $FILENAME-$ETAG/$FILENAME.kernel $FILENAME.kernel ln -sf "$FILENAME-$ETAG/$FILENAME.kernel" "$FILENAME-${ARCH,,}.kernel"
IMAGE_CHANGED=1
else else
rm -rf $TMPDIR rm -rf "$TMPDIR"
fi fi
fi fi
if [ -d "/tmp/ironic-certificates" ]; then if [ "${CERTS_CHANGED:-0}" = "1" ] || [ "${IMAGE_CHANGED:-0}" = "1" ]; then
mkdir -p /tmp/ca/tmp-initrd && cd /tmp/ca/tmp-initrd mkdir -p /tmp/ca/tmp-initrd && cd /tmp/ca/tmp-initrd
xz -d -c -k --fast /shared/html/images/ironic-python-agent.initramfs | fakeroot -s ../initrd.fakeroot cpio -i
mkdir -p etc/ironic-python-agent.d/ca-certs mkdir -p etc/ironic-python-agent.d/ca-certs
cp /tmp/ironic-certificates/* etc/ironic-python-agent.d/ca-certs/ cp /tmp/ironic-certificates/* etc/ironic-python-agent.d/ca-certs/
find . | fakeroot -i ../initrd.fakeroot cpio -o -H newc | xz --check=crc32 --x86 --lzma2 --fast > /shared/html/images/ironic-python-agent.initramfs for initramfs in /shared/html/images/ironic-python-agent-*.initramfs; do
find . | cpio -o -H newc --reproducible | zstd -c >> "${initramfs}"
done
cp /tmp/certificates.sha256 /shared/certificates.sha256
fi fi

2
ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi
View File

@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<image schemaversion="7.4" name="openstack-ironic-image-302"> <image schemaversion="7.4" name="openstack-ironic-image">
<description type="system"> <description type="system">
<author>Cloud developers</author> <author>Cloud developers</author>
<contact>cloud-devel@suse.de</contact> <contact>cloud-devel@suse.de</contact>

8
ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec
View File

@@ -19,7 +19,7 @@
Name: ironic-ipa-ramdisk Name: ironic-ipa-ramdisk
Version: 3.0.2 Version: 3.0.3
Release: 0 Release: 0
Summary: Kernel and ramdisk image for OpenStack Ironic Summary: Kernel and ramdisk image for OpenStack Ironic
License: SUSE-EULA License: SUSE-EULA
@@ -148,10 +148,8 @@ TDIR=`mktemp -d /tmp/openstack-ironic-image.XXXXX`
cd /tmp/openstack-ironic-image/img/build/image-root cd /tmp/openstack-ironic-image/img/build/image-root
find . | cpio --create --format=newc --quiet > $TDIR/initrdtmp find . | cpio --create --format=newc --quiet > $TDIR/initrdtmp
cd $TDIR cd $TDIR
gzip -9 -f initrdtmp zstd initrdtmp -o initrd-%{_arch}.zst
INITRDGZ=`ls *.gz | head -1` INITRD=`ls *.zst | head -1`
gzip -cd $INITRDGZ | xz --check=crc32 -c9 > initrd.xz
INITRD=`ls *.xz | head -1`
ls /tmp/openstack-ironic-image/img/openstack-ironic-image* ls /tmp/openstack-ironic-image/img/openstack-ironic-image*
KERNEL=`ls /tmp/openstack-ironic-image/img/openstack-ironic-image*default*kernel | head -1` KERNEL=`ls /tmp/openstack-ironic-image/img/openstack-ironic-image*default*kernel | head -1`

12
metal3-chart/Chart.yaml
View File

@@ -1,16 +1,16 @@
#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.10.1 #!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.2_up0.11.0
#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.10.1-%RELEASE% #!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.2_up0.11.0-%RELEASE%
apiVersion: v2 apiVersion: v2
appVersion: 0.10.1 appVersion: 0.11.0
dependencies: dependencies:
- alias: metal3-baremetal-operator - alias: metal3-baremetal-operator
name: baremetal-operator name: baremetal-operator
repository: file://./charts/baremetal-operator repository: file://./charts/baremetal-operator
version: 0.9.0 version: 0.9.1
- alias: metal3-ironic - alias: metal3-ironic
name: ironic name: ironic
repository: file://./charts/ironic repository: file://./charts/ironic
version: 0.9.4 version: 0.10.0
- alias: metal3-mariadb - alias: metal3-mariadb
condition: global.enable_mariadb condition: global.enable_mariadb
name: mariadb name: mariadb
@@ -25,4 +25,4 @@ description: A Helm chart that installs all of the dependencies needed for Metal
icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
name: metal3 name: metal3
type: application type: application
version: "%%CHART_MAJOR%%.0.0+up0.10.1" version: "%%CHART_MAJOR%%.0.2+up0.11.0"

4
metal3-chart/charts/baremetal-operator/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v2 apiVersion: v2
appVersion: 0.9.0 appVersion: 0.9.1
description: A Helm chart for baremetal-operator, used by Metal3 description: A Helm chart for baremetal-operator, used by Metal3
name: baremetal-operator name: baremetal-operator
type: application type: application
version: 0.9.0 version: 0.9.1

6
metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml
View File

@@ -5,6 +5,7 @@
{{- $ironicApiHost := print $ironicIP ":6385" }} {{- $ironicApiHost := print $ironicIP ":6385" }}
{{- $ironicBootHost := print $ironicIP ":6180" }} {{- $ironicBootHost := print $ironicIP ":6180" }}
{{- $ironicCacheHost := print $ironicIP ":6180" }} {{- $ironicCacheHost := print $ironicIP ":6180" }}
{{- $deployArch := .Values.global.deployArchitecture }}
apiVersion: v1 apiVersion: v1
data: data:
@@ -19,8 +20,9 @@ data:
{{- $protocol = "http" }} {{- $protocol = "http" }}
{{- end }} {{- end }}
CACHEURL: "{{ $protocol }}://{{ $ironicCacheHost }}/images" CACHEURL: "{{ $protocol }}://{{ $ironicCacheHost }}/images"
DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.kernel" DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.kernel"
DEPLOY_RAMDISK_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.initramfs" DEPLOY_RAMDISK_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.initramfs"
DEPLOY_ARCHITECTURE: "{{ $deployArch }}"
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: baremetal-operator-ironic name: baremetal-operator-ironic

2
metal3-chart/charts/baremetal-operator/values.yaml
View File

@@ -28,7 +28,7 @@ images:
baremetalOperator: baremetalOperator:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/baremetal-operator repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/baremetal-operator
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
tag: "0.9.0" tag: "0.9.1"
imagePullSecrets: [] imagePullSecrets: []
nameOverride: "manger" nameOverride: "manger"

2
metal3-chart/charts/ironic/Chart.yaml
View File

@@ -3,4 +3,4 @@ appVersion: 26.1.2
description: A Helm chart for Ironic, used by Metal3 description: A Helm chart for Ironic, used by Metal3
name: ironic name: ironic
type: application type: application
version: 0.9.4 version: 0.10.0

6
metal3-chart/charts/ironic/templates/configmap.yaml
View File

@@ -12,6 +12,7 @@ data:
{{- $ironicApiHost := print $ironicIP ":6385" }} {{- $ironicApiHost := print $ironicIP ":6385" }}
{{- $ironicBootHost := print $ironicIP ":6180" }} {{- $ironicBootHost := print $ironicIP ":6180" }}
{{- $ironicCacheHost := print $ironicIP ":6180" }} {{- $ironicCacheHost := print $ironicIP ":6180" }}
{{- $deployArch := .Values.global.deployArchitecture }}
{{- if ( .Values.global.enable_dnsmasq ) }} {{- if ( .Values.global.enable_dnsmasq ) }}
DNSMASQ_BOOT_SERVER_ADDRESS: {{ $ironicBootHost }} DNSMASQ_BOOT_SERVER_ADDRESS: {{ $ironicBootHost }}
@@ -39,8 +40,9 @@ data:
{{- end }} {{- end }}
IRONIC_EXTERNAL_HTTP_URL: {{ $protocol }}://{{ $ironicCacheHost }} IRONIC_EXTERNAL_HTTP_URL: {{ $protocol }}://{{ $ironicCacheHost }}
CACHEURL: {{ $protocol }}://{{ $ironicCacheHost }}/images CACHEURL: {{ $protocol }}://{{ $ironicCacheHost }}/images
DEPLOY_KERNEL_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.kernel DEPLOY_KERNEL_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.kernel
DEPLOY_RAMDISK_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.initramfs DEPLOY_RAMDISK_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.initramfs
DEPLOY_ARCHITECTURE: {{ $deployArch }}
IRONIC_BOOT_BASE_URL: {{ $protocol }}://{{ $ironicBootHost }} IRONIC_BOOT_BASE_URL: {{ $protocol }}://{{ $ironicBootHost }}
IRONIC_VMEDIA_HTTPD_SERVER_NAME: {{ $ironicBootHost }} IRONIC_VMEDIA_HTTPD_SERVER_NAME: {{ $ironicBootHost }}
ENABLE_PXE_BOOT: "{{ .Values.global.enable_pxe_boot }}" ENABLE_PXE_BOOT: "{{ .Values.global.enable_pxe_boot }}"

4
metal3-chart/charts/ironic/values.yaml
View File

@@ -56,11 +56,11 @@ images:
ironic: ironic:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
tag: 26.1.2.3 tag: 26.1.2.4
ironicIPADownloader: ironicIPADownloader:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
tag: 3.0.2 tag: 3.0.3
nameOverride: "" nameOverride: ""
fullnameOverride: "" fullnameOverride: ""

3
metal3-chart/values.yaml
View File

@@ -63,6 +63,9 @@ global:
# Name for the MariaDB service # Name for the MariaDB service
databaseServiceName: metal3-mariadb databaseServiceName: metal3-mariadb
# Architecture for deployed nodes (either x86_64 or arm64)
amorgante commented 2025-03-19 16:59:19 +01:00
Outdated
Review
Copy Link

I'd say to rename arm64 to aarch64 to be more specific

I'd say to rename arm64 to aarch64 to be more specific
deployArchitecture: x86_64
steven.hardy commented 2025-02-28 13:00:42 +01:00
Outdated
Review
Copy Link

I think there are some arch specific things also in ironic-image:

https://build.opensuse.org/projects/isv:SUSE:Edge:Metal3:Ironic:2024.2/packages/ironic-image/files/prepare-efi.sh?expand=1

So we may need to give this a different name perhaps - I guess the most intuitive behavior would be by default we deploy downstream clusters with the same arch as the management cluster, with the ability to override it with some architectureOverride variable or similar?

Note that in future we expect to wire this is via the BaremetalHost resource which does contain an Architecture field, but that will need some adjustments upstream e.g see here - we'd have to enable some additional variables e.g DEPLOY_RAMDISK_URL_AARCH64 etc, and adjust so when available these are used depending on the BMH spec.architecture

I think there are some arch specific things also in ironic-image: https://build.opensuse.org/projects/isv:SUSE:Edge:Metal3:Ironic:2024.2/packages/ironic-image/files/prepare-efi.sh?expand=1 So we may need to give this a different name perhaps - I guess the most intuitive behavior would be by default we deploy downstream clusters with the same arch as the management cluster, with the ability to override it with some `architectureOverride` variable or similar? Note that in future we expect to wire this is via the BaremetalHost resource which does contain an [Architecture field](https://github.com/metal3-io/baremetal-operator/blob/main/apis/metal3.io/v1alpha1/baremetalhost_types.go#L479), but that will need some adjustments upstream e.g see [here](https://github.com/metal3-io/baremetal-operator/blob/main/pkg/provisioner/ironic/factory.go#L114) - we'd have to enable some additional variables e.g `DEPLOY_RAMDISK_URL_AARCH64` etc, and adjust so when available these are used depending on the BMH `spec.architecture`
nbelouin commented 2025-03-04 14:54:05 +01:00
Outdated
Review
Copy Link

Well I missed the prepare-efi stuff, and I got bad news here, with our current (provided by SLES) shim, we cannot have an ESP file that works for both x86 and arm (as it blindly loads grub.efi that is not an arch specific name), I think I may be able to come with a workaround for this iteration, but for the future it will be near impossible without a change here (the other way would be a change in Ironic itself to introduce a bootloader_by_arch parameter).

About the name, I'll go for deployArchitecture, since there is more than just the IPA things.

Regarding the explicit arch rather than arch override, well the chart has no knowledge of what is the current arch, hence I went for this, we can go for an override if we get some additional symlinks/files without a suffix for "current architecture", but it feels a bit wrong to me.

For the future, I guess the Architecture field gets forwarded to Ironic by the BMO, thus we should just change it from using the deploy_ramdisk parameter to the deploy_ramdisk_by_arch one.

Well I missed the `prepare-efi` stuff, and I got bad news here, with our current (provided by SLES) `shim`, we cannot have an ESP file that works for both x86 and arm (as it blindly loads `grub.efi` that is not an arch specific name), I think I may be able to come with a workaround for this iteration, but for the future it will be near impossible without a change here (the other way would be a change in Ironic itself to introduce a `bootloader_by_arch` parameter). About the name, I'll go for `deployArchitecture`, since there is more than just the IPA things. Regarding the explicit arch rather than arch override, well the chart has no knowledge of what is the current arch, hence I went for this, we can go for an override if we get some additional symlinks/files without a suffix for "current architecture", but it feels a bit wrong to me. For the future, I guess the Architecture field gets forwarded to Ironic by the BMO, thus we should just change it from using the `deploy_ramdisk` parameter to the `deploy_ramdisk_by_arch` one.
# In a multi-node cluster use the node selector to ensure the pods # In a multi-node cluster use the node selector to ensure the pods
# all run on the same host where the dnsmasqDNSServer and provisioningIP # all run on the same host where the dnsmasqDNSServer and provisioningIP
# and /opt/media exist. Uncomment the nodeSelector and update the # and /opt/media exist. Uncomment the nodeSelector and update the

BIN
shim-noarch/shim-15.7-150300.4.16.1.aarch64.rpm Normal file
View File

Binary file not shown.

BIN
shim-noarch/shim-15.7-150300.4.16.1.x86_64.rpm Normal file
View File

Binary file not shown.

1099
shim-noarch/shim.changes Normal file
View File

File diff suppressed because it is too large Load Diff

90
shim-noarch/shim.spec Normal file
View File

@@ -0,0 +1,90 @@
#
# spec file for package shim
#
# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%undefine _debuginfo_subpackages
%undefine _build_create_debug
# Move 'efi'-executables to '/usr/share/efi' (FATE#326960, bsc#1166523)
%define sysefibasedir %{_datadir}/efi
Name: shim
Version: 15.7
Release: 0
Summary: UEFI shim loader
License: BSD-2-Clause
Group: System/Boot
URL: https://github.com/rhboot/shim
Source: shim-15.7-150300.4.16.1.x86_64.rpm
Source1: shim-15.7-150300.4.16.1.aarch64.rpm
Requires: perl-Bootloader
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
%description
shim is a trivial EFI application that, when run, attempts to open and
execute another application.
%package aarch64
Provides: shim(aarch64)
Group: System/Boot
Summary: UEFI shim loader
%package x86_64
Provides: shim(x86_64)
Group: System/Boot
Summary: UEFI shim loader
%description aarch64
shim is a trivial EFI application that, when run, attempts to open and
execute another application.
%description x86_64
shim is a trivial EFI application that, when run, attempts to open and
execute another application.
%prep
rpm2cpio %{SOURCE0} | cpio --extract --unconditional --preserve-modification-time --make-directories
rpm2cpio %{SOURCE1} | cpio --extract --unconditional --preserve-modification-time --make-directories
%build
%install
# purely repackaged
cp -a * %{buildroot}
rm -rf %{buildroot}/usr/lib64/efi
rm %{buildroot}/etc/uefi/certs/BCA4E38E-shim.crt %{buildroot}/usr/sbin/shim-install %{buildroot}/usr/share/doc/packages/shim/COPYRIGHT
%files aarch64
%defattr(-,root,root)
%dir %{?sysefibasedir}
%dir %{sysefibasedir}/aarch64
%{sysefibasedir}/aarch64/shim.efi
%{sysefibasedir}/aarch64/shim-*.efi
%{sysefibasedir}/aarch64/shim-*.der
%{sysefibasedir}/aarch64/MokManager.efi
%{sysefibasedir}/aarch64/fallback.efi
%files x86_64
%defattr(-,root,root)
%dir %{?sysefibasedir}
%dir %{sysefibasedir}/x86_64
%{sysefibasedir}/x86_64/shim.efi
%{sysefibasedir}/x86_64/shim-*.efi
%{sysefibasedir}/x86_64/shim-*.der
%{sysefibasedir}/x86_64/MokManager.efi
%{sysefibasedir}/x86_64/fallback.efi
%changelog