using containerized cockpit-ws to resolve the cockpit not installing on bootc

3 files changed, 39 insertions, 12 deletions

diff --git a/README.md b/README.md
index 57adbfc..537c0e4 100644
--- a/README.md
+++ b/README.md
@@ -58,10 +58,6 @@ will need to be run, either remotely or as localhost, and the required variables
 ### ```/root/bootcblade.containerfile``` is gone:
 You can use ```update.yml``` to recreate this, assuming you have the correct inventory.
 
-### Cockpit wont work
-Currently there is a known issue, ```cockpit-ws``` is having issues installing properly inside the container during the build. On a reboot, you will have to do the following commands as sudo:
-```$ bootc usr-overlay ; dnf -y reinstall cockpit-ws ; systemctl restart cockpit.socket```
-
 ### BootcBlade will no longer build
 The default tag used for ```centos-bootc``` is referenced in ```templates/bootcblade.containerfile.j2``` - its possible that there was a kernel update, or a release update, that breaks ZFS. Usually these issues are transient and resolve on their own. If you need a build now (perhaps for a fresh system) you can try and see if there is an older release (tag) from the upstream repo, and adjust it using the ```bootc_image_tag``` variable.
 
@@ -87,7 +83,7 @@ if this is defined - so this can override the default and remove that
 | create_user_password | X | - |
 | create_user_ssh_pub  | X | X |
 | create_user_shell    | X | - |
-| bootc_image_tag     | X | - |
+| bootc_image_tag      | X | - |
 | bootc_acknowledge    | X | - |
 
 ### iso.yml
@@ -97,7 +93,7 @@ if this is defined - so this can override the default and remove that
 | create_user_password | X | - |
 | create_user_ssh_pub  | X | X |
 | create_user_shell    | - | - |
-| bootc_image_tag     | X | - |
+| bootc_image_tag      | X | - |
 | bootc_acknowledge    | - | - |
 
 ### update.yml
@@ -107,6 +103,22 @@ if this is defined - so this can override the default and remove that
 | create_user_password | - | - |
 | create_user_ssh_pub  | - | - |
 | create_user_shell    | - | - |
-| bootc_image_tag     | X | - |
+| bootc_image_tag      | X | - |
 | bootc_acknowledge    | - | - |
 
+## Hacks / Workarounds
+### ZFS
+I ran into a few problems with ZFS - the ZFS on Linux packages for CentOS didn't quite work for CentOS Stream.
+Yes the older kernel was still in use and didn't change major versions however sometimes Red Hat backported changes from newer kernels.
+I considered using Fedora Server (instead of CentOS Stream) however the problem was reverse then, sometimes Fedora changes major kernel versions mid-release.
+So I settled with using CentOS Stream for the base and the Fedora ZoL release packages. I may tweak the code or the exact release being used but this seems
+to be the most stable so far.
+
+### Cockpit
+I ran into a problem where the ```cockpit-ws``` package would not install onto the base image [https://github.com/containers/bootc/issues/571](https://github.com/containers/bootc/issues/571).
+There was some advice in that thread about using the containerized version of ```cockpit-ws``` so that is what I am doing, however this is being applied after deployment via Ansible
+and not baked into the image.
+[https://quay.io/repository/cockpit/ws](https://quay.io/repository/cockpit/ws)
+
+This also explains why I'm using rpm vs dnf to install the 45Drives Cockpit packages - they have a dependency on ```cockpit-ws``` that I need to override.
+Once the official ```cockpit-files``` package is released I will be using that instead of ```cockpit-navigator```.
diff --git a/deploy.yml b/deploy.yml
index 5e04f7e..30ceccf 100644
--- a/deploy.yml
+++ b/deploy.yml
@@ -102,6 +102,15 @@
           loop:
             - "bootc-fetch-apply-updates.timer"
             - "bootc-fetch-apply-updates.service"
+
+        - name: Enable install container-based cockpit-ws
+          ansible.builtin.shell: "podman container runlabel INSTALL quay.io/cockpit/ws systemctl enable cockpit.service"
+
+        - name: Start container-based Cockpit
+          ansible.builtin.systemd:
+            name: "cockpit.service"
+            state: "started"
+            enabled: true
       vars:
         ansible_user: "root"
       tags: configure
diff --git a/templates/bootcblade.containerfile.j2 b/templates/bootcblade.containerfile.j2
index 98fc3c8..637c62d 100644
--- a/templates/bootcblade.containerfile.j2
+++ b/templates/bootcblade.containerfile.j2
@@ -9,14 +9,15 @@ RUN dnf -y install epel-release git && \
     sed -i s/\$releasever/38/g /etc/yum.repos.d/zfs.repo && \
     dnf -y install kernel-devel-$(ls /usr/lib/modules) && \
     dnf -y install zfs && \
+    dnf clean all && \
     dkms build zfs/$(rpm -q --qf '%{VERSION}' zfs) -k $(ls /usr/lib/modules) && \
     dkms install zfs/$(rpm -q --qf '%{VERSION}' zfs) -k $(ls /usr/lib/modules)
 
 # KVM & Cockpit
 RUN echo "qemu:x:107:107:qemu user:/:/sbin/nologin" >> /etc/passwd && \
     dnf -y install qemu-kvm libvirt virt-install virt-viewer && \
-    dnf -y install cockpit cockpit-bridge cockpit-machines cockpit-pcp cockpit-podman cockpit-storaged cockpit-system cockpit-navigator cockpit-selinux cockpit-ostree && \
-    systemctl enable cockpit.socket
+    dnf -y install cockpit-bridge cockpit-machines cockpit-pcp cockpit-podman cockpit-storaged cockpit-system cockpit-navigator cockpit-selinux cockpit-ostree && \
+    dnf clean all
 
 # Cockpit ZFS Manager
 RUN git clone https://github.com/45drives/cockpit-zfs-manager.git /root/cockpit-zfs-manager && \
@@ -31,8 +32,10 @@ RUN git clone https://github.com/45drives/cockpit-zfs-manager.git /root/cockpit-
     curl -sSL https://scripts.45drives.com/cockpit_font_fix/fonts/OpenSans-Semibold-webfont.woff -o /usr/share/cockpit/static/fonts/OpenSans-Semibold-webfont.woff
 
 # Cockpit file sharing, and Samba users
-RUN dnf -y install https://github.com/45Drives/cockpit-identities/releases/download/v0.1.12/cockpit-identities-0.1.12-1.el8.noarch.rpm \
-    https://github.com/45Drives/cockpit-file-sharing/releases/download/v3.3.7/cockpit-file-sharing-3.3.7-1.el8.noarch.rpm
+RUN dnf -y install perl samba-common-tools nfs-utils samba-winbind-clients && \
+    dnf clean all && \
+    rpm --nodeps -i https://github.com/45Drives/cockpit-identities/releases/download/v0.1.12/cockpit-identities-0.1.12-1.el8.noarch.rpm && \
+    rpm --nodeps -i https://github.com/45Drives/cockpit-file-sharing/releases/download/v3.3.7/cockpit-file-sharing-3.3.7-1.el8.noarch.rpm
 
 # Sanoid & Syncoid
 RUN git clone https://github.com/jimsalterjrs/sanoid.git /root/sanoid && \
@@ -40,10 +43,12 @@ RUN git clone https://github.com/jimsalterjrs/sanoid.git /root/sanoid && \
     mkdir /etc/sanoid && cp sanoid.defaults.conf /etc/sanoid && touch /etc/sanoid/sanoid.conf && cp sanoid.conf /etc/sanoid/sanoid.example.conf && \
     rm -r /root/sanoid
 RUN dnf -y install perl-Data-Dumper perl-Getopt-Long lzop mbuffer mhash pv && \
+    dnf clean all && \
     PERL_MM_USE_DEFAULT=1 cpan install Capture::Tiny && PERL_MM_USE_DEFAULT=1 cpan install Config::IniFiles
 
 # Firewall
 RUN dnf -y install firewalld && \
+    dnf clean all && \
     systemctl enable firewalld && \
     firewall-offline-cmd --add-service cockpit && \
     firewall-offline-cmd --add-service ssh
@@ -52,4 +57,5 @@ RUN dnf -y install firewalld && \
 RUN echo "%wheel ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/wheel-passwordless-sudo
 
 # Other tools
-RUN dnf -y install vim podman fish ansible wget dstat byobu smartmontools
+RUN dnf -y install vim podman fish ansible wget dstat byobu smartmontools && \
+    dnf clean all