initial support for fedora

6 files changed, 25 insertions, 20 deletions

diff --git a/README.md b/README.md
index adf79b4..72ada18 100644
--- a/README.md
+++ b/README.md
@@ -1,13 +1,13 @@
 # BootcBlade
 
-Ansible automation for deploying a KVM hypervisor using bootc on CentOS Stream.
+Ansible automation for deploying a KVM hypervisor using bootc and Fedora Server.
 
 ![BootcBlade](docs/images/logo.png)
 
 This Ansible automation uses bootc to create "the perfect" KVM hypervisor with ZFS, NFS + Samba, Cockpit, and Sanoid + Syncoid.
 
 ## Usage - deploy on top of existing system
-1. Install a fresh CentOS Stream 9 to the desired host - use a minimal install to save disk space on the resulting deployed machine
+1. Install a fresh Fedora Server or CentOS Stream to the desired host - use the latest minimal install to save disk space on the resulting deployed machine
 2. Install ```podman``` on the host
 3. Generate an SSH key
 4. Create inventory using the example in the ```docs``` folder
@@ -59,9 +59,9 @@ will need to be run, either remotely or as localhost, and the required variables
 You can use ```update.yml``` to recreate this, assuming you have the correct inventory.
 
 ### BootcBlade will no longer build
-It is possible that the upstream ```centos-bootc``` project will change something (the kernel perhaps) that makes ZFS building no longer possible. You can go to [https://quay.io/repository/centos-bootc/centos-bootc?tab=tags](https://quay.io/repository/centos-bootc/centos-bootc?tab=tags) and try specifing an older tag using ```centos_bootc_tag```.
+By default the ```latest``` tag is used for ```fedora-bootc``` - its possible that there was a kernel update, or a release update, that breaks ZFS. Usually these issues are transient and resolve on their own. If you need a build now (perhaps for a fresh system) you can try and see if there is an older release (tag) from the upstream repo, and adjust it using the ```bootc_image_tag``` variable.
 
-Another possibility is to just wait, ususally these repo related problems work themselves out and the image will build again within a week.
+[https://quay.io/repository/fedora/fedora-bootc?tab=tags](https://quay.io/repository/fedora/fedora-bootc?tab=tags)
 
 ## Variable Usage
 This is a description of each variable, what it does, and a table to determine when it is needed.
@@ -70,7 +70,7 @@ This is a description of each variable, what it does, and a table to determine w
 - ```create_user_password```: This password will be used for the created user
 - ```create_user_ssh_pub```: This is a SSH pubkey that will be added to the created user during ```deploy.yml``` and ```iso.yml```, also it is applied to the root user in ```deploy.yml```
 - ```create_user_shell```: This shell setting will be used for the created user only during ```deploy.yml```
-- ```centos_bootc_tag```: Override the tag for centos-bootc source image for ```deploy.yml```, ```iso.yml```, and ```update.yml```
+- ```bootc_image_tag```: Override the source image tag for ```deploy.yml```, ```iso.yml```, and ```update.yml```
 - ```bootc_acknowledge```: This setting is only effective when setting it to ```false```, newer versions of ```bootc``` require an acknowledgment during ```deploy.yml``` but older versions break
 if this is defined - so this can override the default and remove that
 - ```ansible_user``` - This is an Ansible variable, useful for connecting to the initial machine with a different user during ```deploy.yml```
@@ -83,7 +83,7 @@ if this is defined - so this can override the default and remove that
 | create_user_password | X | - |
 | create_user_ssh_pub  | X | X |
 | create_user_shell    | X | - |
-| centos_bootc_tag     | X | - |
+| bootc_image_tag     | X | - |
 | bootc_acknowledge    | X | - |
 
 ### iso.yml
@@ -93,7 +93,7 @@ if this is defined - so this can override the default and remove that
 | create_user_password | X | - |
 | create_user_ssh_pub  | X | X |
 | create_user_shell    | - | - |
-| centos_bootc_tag     | X | - |
+| bootc_image_tag     | X | - |
 | bootc_acknowledge    | - | - |
 
 ### update.yml
@@ -103,6 +103,6 @@ if this is defined - so this can override the default and remove that
 | create_user_password | - | - |
 | create_user_ssh_pub  | - | - |
 | create_user_shell    | - | - |
-| centos_bootc_tag     | X | - |
+| bootc_image_tag     | X | - |
 | bootc_acknowledge    | - | - |
 
diff --git a/docs/sample-environment.yml b/docs/sample-environment.yml
index 18e65b0..8903957 100644
--- a/docs/sample-environment.yml
+++ b/docs/sample-environment.yml
@@ -19,7 +19,7 @@ all:
       ansible_connection: local
       create_user: "spmfox"
       create_user_ssh_pub: "ssh-rsa <ssh key>"
-      centos_bootc_tag: "stream9-1714747911"
+      bootc_image_tag: "40"
       bootc_acknowledge: false
-# This is a local run only, useful for creating ISOs and perhaps running update.yml. The centos-bootc:tag can be specified here, using an earlier version.
+# This is a local run only, useful for creating ISOs and perhaps running update.yml. The fedora-bootc:tag can be specified here, using an earlier version.
 # Because this version is before the need for an acknowledgement during bootc deployment, we can override and remove that from the command.
diff --git a/iso.yml b/iso.yml
index 52b49e7..d3cc90e 100644
--- a/iso.yml
+++ b/iso.yml
@@ -38,5 +38,5 @@
       tags: cleanup
 
     - name: Cleanup images
-      ansible.builtin.shell: "podman image rm localhost/bootcblade ; podman image rm quay.io/centos-bootc/bootc-image-builder ; podman image rm quay.io/centos-bootc/centos-bootc:{{ centos_bootc_tag if centos_bootc_tag is defined else 'stream9' }} ; podman image prune -f"
+      ansible.builtin.shell: "podman image rm localhost/bootcblade ; podman image rm quay.io/centos-bootc/bootc-image-builder ; podman image rm quay.io/fedora/fedora-bootc:{{ bootc_image_tag if bootc_image_tag is defined else 'latest' }} ; podman image prune -f"
       tags: cleanup
diff --git a/templates/bootcblade-rebuild.service.j2 b/templates/bootcblade-rebuild.service.j2
index 1cf4547..25001bf 100644
--- a/templates/bootcblade-rebuild.service.j2
+++ b/templates/bootcblade-rebuild.service.j2
@@ -4,5 +4,5 @@ Description=BootcBlade rebuild service
 [Service]
 Type=oneshot
 TimeoutStartSec=30m
-ExecStart=/usr/bin/bash -c "podman build -t localhost/bootcblade -f /root/bootcblade.containerfile --pull=always"
-ExecStartPost=/usr/bin/bash -c "/usr/bin/sleep 10 ; /usr/bin/bootc update && /usr/bin/podman image prune -f"
+ExecStart=/usr/bin/bash -c "podman build -t localhost/bootcblade -f /root/bootcblade.containerfile --pull=always && sleep 10 && podman image prune -f"
+ExecStartPost=/usr/bin/bootc update
diff --git a/templates/bootcblade-rebuild.timer.j2 b/templates/bootcblade-rebuild.timer.j2
index 8dc2159..ba644ee 100644
--- a/templates/bootcblade-rebuild.timer.j2
+++ b/templates/bootcblade-rebuild.timer.j2
@@ -2,8 +2,7 @@
 Description=bootcblade-rebuild timer
 
 [Timer]
-OnCalendar=weekly
-Persistent=true
+OnCalendar=daily
 
 [Install]
 WantedBy=timers.target
diff --git a/templates/bootcblade.containerfile.j2 b/templates/bootcblade.containerfile.j2
index d8c56a4..c63b76a 100644
--- a/templates/bootcblade.containerfile.j2
+++ b/templates/bootcblade.containerfile.j2
@@ -1,11 +1,11 @@
-FROM quay.io/centos-bootc/centos-bootc:{{ centos_bootc_tag if centos_bootc_tag is defined else 'stream9' }}
+FROM quay.io/fedora/fedora-bootc:{{ bootc_image_tag if bootc_image_tag is defined else 'latest' }}
 
 # Create root homedir
 RUN mkdir /var/roothome
 
 # ZFS
-RUN dnf -y install epel-release git && \
-    dnf -y install https://zfsonlinux.org/epel/zfs-release-2-3$(rpm --eval "%{dist}").noarch.rpm && \
+RUN dnf -y install git && \
+    dnf -y install https://zfsonlinux.org/fedora/zfs-release-2-5$(rpm --eval "%{dist}").noarch.rpm && \
     dnf -y install kernel-devel-$(ls /usr/lib/modules) && \
     dnf -y install zfs && \
     dkms build zfs/$(rpm -q --qf '%{VERSION}' zfs) -k $(ls /usr/lib/modules) && \
@@ -14,13 +14,18 @@ RUN dnf -y install epel-release git && \
 # KVM & Cockpit
 RUN echo "qemu:x:107:107:qemu user:/:/sbin/nologin" >> /etc/passwd && \
     dnf -y install qemu-kvm libvirt virt-install virt-viewer && \
-    dnf -y install cockpit cockpit-bridge cockpit-file-sharing cockpit-machines cockpit-pcp cockpit-podman cockpit-storaged cockpit-system
+    dnf -y install cockpit cockpit-bridge cockpit-machines cockpit-pcp cockpit-podman cockpit-storaged cockpit-system cockpit-navigator cockpit-selinux && \
+    systemctl enable cockpit.socket
 
 # Cockpit ZFS Manager
 RUN git clone https://github.com/45drives/cockpit-zfs-manager.git /root/cockpit-zfs-manager && \
     cp -r /root/cockpit-zfs-manager/zfs /usr/share/cockpit && \
     rm -r /root/cockpit-zfs-manager
 
+# Cockpit file sharing, and Samba users
+RUN dnf -y install https://github.com/45Drives/cockpit-identities/releases/download/v0.1.12/cockpit-identities-0.1.12-1.el8.noarch.rpm \
+    https://github.com/45Drives/cockpit-file-sharing/releases/download/v3.3.7/cockpit-file-sharing-3.3.7-1.el8.noarch.rpm
+
 # Sanoid & Syncoid
 RUN git clone https://github.com/jimsalterjrs/sanoid.git /root/sanoid && \
     cd /root/sanoid && git checkout $(git tag | grep "^v" | tail -n 1) && cp sanoid syncoid findoid sleepymutex /usr/local/sbin && \
@@ -31,7 +36,8 @@ RUN dnf -y install perl-Data-Dumper perl-Getopt-Long lzop mbuffer mhash pv && \
 
 # Firewall
 RUN dnf -y install firewalld && \
-    systemctl enable firewalld
+    systemctl enable firewalld && \
+    firewall-offline-cmd --add-service cockpit
 
 # Allow sudo without password
 RUN echo "%wheel ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/wheel-passwordless-sudo