From 7be8247d9238dd02f1925a483c7dac98f1288c32 Mon Sep 17 00:00:00 2001 From: spmfox Date: Fri, 14 Jun 2024 18:06:41 -0400 Subject: initial support for fedora --- README.md | 16 ++++++++-------- docs/sample-environment.yml | 4 ++-- iso.yml | 2 +- templates/bootcblade-rebuild.service.j2 | 4 ++-- templates/bootcblade-rebuild.timer.j2 | 3 +-- templates/bootcblade.containerfile.j2 | 16 +++++++++++----- 6 files changed, 25 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index adf79b4..72ada18 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,13 @@ # BootcBlade -Ansible automation for deploying a KVM hypervisor using bootc on CentOS Stream. +Ansible automation for deploying a KVM hypervisor using bootc and Fedora Server. ![BootcBlade](docs/images/logo.png) This Ansible automation uses bootc to create "the perfect" KVM hypervisor with ZFS, NFS + Samba, Cockpit, and Sanoid + Syncoid. ## Usage - deploy on top of existing system -1. Install a fresh CentOS Stream 9 to the desired host - use a minimal install to save disk space on the resulting deployed machine +1. Install a fresh Fedora Server or CentOS Stream to the desired host - use the latest minimal install to save disk space on the resulting deployed machine 2. Install ```podman``` on the host 3. Generate an SSH key 4. Create inventory using the example in the ```docs``` folder @@ -59,9 +59,9 @@ will need to be run, either remotely or as localhost, and the required variables You can use ```update.yml``` to recreate this, assuming you have the correct inventory. ### BootcBlade will no longer build -It is possible that the upstream ```centos-bootc``` project will change something (the kernel perhaps) that makes ZFS building no longer possible. You can go to [https://quay.io/repository/centos-bootc/centos-bootc?tab=tags](https://quay.io/repository/centos-bootc/centos-bootc?tab=tags) and try specifing an older tag using ```centos_bootc_tag```. +By default the ```latest``` tag is used for ```fedora-bootc``` - its possible that there was a kernel update, or a release update, that breaks ZFS. Usually these issues are transient and resolve on their own. If you need a build now (perhaps for a fresh system) you can try and see if there is an older release (tag) from the upstream repo, and adjust it using the ```bootc_image_tag``` variable. -Another possibility is to just wait, ususally these repo related problems work themselves out and the image will build again within a week. +[https://quay.io/repository/fedora/fedora-bootc?tab=tags](https://quay.io/repository/fedora/fedora-bootc?tab=tags) ## Variable Usage This is a description of each variable, what it does, and a table to determine when it is needed. @@ -70,7 +70,7 @@ This is a description of each variable, what it does, and a table to determine w - ```create_user_password```: This password will be used for the created user - ```create_user_ssh_pub```: This is a SSH pubkey that will be added to the created user during ```deploy.yml``` and ```iso.yml```, also it is applied to the root user in ```deploy.yml``` - ```create_user_shell```: This shell setting will be used for the created user only during ```deploy.yml``` -- ```centos_bootc_tag```: Override the tag for centos-bootc source image for ```deploy.yml```, ```iso.yml```, and ```update.yml``` +- ```bootc_image_tag```: Override the source image tag for ```deploy.yml```, ```iso.yml```, and ```update.yml``` - ```bootc_acknowledge```: This setting is only effective when setting it to ```false```, newer versions of ```bootc``` require an acknowledgment during ```deploy.yml``` but older versions break if this is defined - so this can override the default and remove that - ```ansible_user``` - This is an Ansible variable, useful for connecting to the initial machine with a different user during ```deploy.yml``` @@ -83,7 +83,7 @@ if this is defined - so this can override the default and remove that | create_user_password | X | - | | create_user_ssh_pub | X | X | | create_user_shell | X | - | -| centos_bootc_tag | X | - | +| bootc_image_tag | X | - | | bootc_acknowledge | X | - | ### iso.yml @@ -93,7 +93,7 @@ if this is defined - so this can override the default and remove that | create_user_password | X | - | | create_user_ssh_pub | X | X | | create_user_shell | - | - | -| centos_bootc_tag | X | - | +| bootc_image_tag | X | - | | bootc_acknowledge | - | - | ### update.yml @@ -103,6 +103,6 @@ if this is defined - so this can override the default and remove that | create_user_password | - | - | | create_user_ssh_pub | - | - | | create_user_shell | - | - | -| centos_bootc_tag | X | - | +| bootc_image_tag | X | - | | bootc_acknowledge | - | - | diff --git a/docs/sample-environment.yml b/docs/sample-environment.yml index 18e65b0..8903957 100644 --- a/docs/sample-environment.yml +++ b/docs/sample-environment.yml @@ -19,7 +19,7 @@ all: ansible_connection: local create_user: "spmfox" create_user_ssh_pub: "ssh-rsa " - centos_bootc_tag: "stream9-1714747911" + bootc_image_tag: "40" bootc_acknowledge: false -# This is a local run only, useful for creating ISOs and perhaps running update.yml. The centos-bootc:tag can be specified here, using an earlier version. +# This is a local run only, useful for creating ISOs and perhaps running update.yml. The fedora-bootc:tag can be specified here, using an earlier version. # Because this version is before the need for an acknowledgement during bootc deployment, we can override and remove that from the command. diff --git a/iso.yml b/iso.yml index 52b49e7..d3cc90e 100644 --- a/iso.yml +++ b/iso.yml @@ -38,5 +38,5 @@ tags: cleanup - name: Cleanup images - ansible.builtin.shell: "podman image rm localhost/bootcblade ; podman image rm quay.io/centos-bootc/bootc-image-builder ; podman image rm quay.io/centos-bootc/centos-bootc:{{ centos_bootc_tag if centos_bootc_tag is defined else 'stream9' }} ; podman image prune -f" + ansible.builtin.shell: "podman image rm localhost/bootcblade ; podman image rm quay.io/centos-bootc/bootc-image-builder ; podman image rm quay.io/fedora/fedora-bootc:{{ bootc_image_tag if bootc_image_tag is defined else 'latest' }} ; podman image prune -f" tags: cleanup diff --git a/templates/bootcblade-rebuild.service.j2 b/templates/bootcblade-rebuild.service.j2 index 1cf4547..25001bf 100644 --- a/templates/bootcblade-rebuild.service.j2 +++ b/templates/bootcblade-rebuild.service.j2 @@ -4,5 +4,5 @@ Description=BootcBlade rebuild service [Service] Type=oneshot TimeoutStartSec=30m -ExecStart=/usr/bin/bash -c "podman build -t localhost/bootcblade -f /root/bootcblade.containerfile --pull=always" -ExecStartPost=/usr/bin/bash -c "/usr/bin/sleep 10 ; /usr/bin/bootc update && /usr/bin/podman image prune -f" +ExecStart=/usr/bin/bash -c "podman build -t localhost/bootcblade -f /root/bootcblade.containerfile --pull=always && sleep 10 && podman image prune -f" +ExecStartPost=/usr/bin/bootc update diff --git a/templates/bootcblade-rebuild.timer.j2 b/templates/bootcblade-rebuild.timer.j2 index 8dc2159..ba644ee 100644 --- a/templates/bootcblade-rebuild.timer.j2 +++ b/templates/bootcblade-rebuild.timer.j2 @@ -2,8 +2,7 @@ Description=bootcblade-rebuild timer [Timer] -OnCalendar=weekly -Persistent=true +OnCalendar=daily [Install] WantedBy=timers.target diff --git a/templates/bootcblade.containerfile.j2 b/templates/bootcblade.containerfile.j2 index d8c56a4..c63b76a 100644 --- a/templates/bootcblade.containerfile.j2 +++ b/templates/bootcblade.containerfile.j2 @@ -1,11 +1,11 @@ -FROM quay.io/centos-bootc/centos-bootc:{{ centos_bootc_tag if centos_bootc_tag is defined else 'stream9' }} +FROM quay.io/fedora/fedora-bootc:{{ bootc_image_tag if bootc_image_tag is defined else 'latest' }} # Create root homedir RUN mkdir /var/roothome # ZFS -RUN dnf -y install epel-release git && \ - dnf -y install https://zfsonlinux.org/epel/zfs-release-2-3$(rpm --eval "%{dist}").noarch.rpm && \ +RUN dnf -y install git && \ + dnf -y install https://zfsonlinux.org/fedora/zfs-release-2-5$(rpm --eval "%{dist}").noarch.rpm && \ dnf -y install kernel-devel-$(ls /usr/lib/modules) && \ dnf -y install zfs && \ dkms build zfs/$(rpm -q --qf '%{VERSION}' zfs) -k $(ls /usr/lib/modules) && \ @@ -14,13 +14,18 @@ RUN dnf -y install epel-release git && \ # KVM & Cockpit RUN echo "qemu:x:107:107:qemu user:/:/sbin/nologin" >> /etc/passwd && \ dnf -y install qemu-kvm libvirt virt-install virt-viewer && \ - dnf -y install cockpit cockpit-bridge cockpit-file-sharing cockpit-machines cockpit-pcp cockpit-podman cockpit-storaged cockpit-system + dnf -y install cockpit cockpit-bridge cockpit-machines cockpit-pcp cockpit-podman cockpit-storaged cockpit-system cockpit-navigator cockpit-selinux && \ + systemctl enable cockpit.socket # Cockpit ZFS Manager RUN git clone https://github.com/45drives/cockpit-zfs-manager.git /root/cockpit-zfs-manager && \ cp -r /root/cockpit-zfs-manager/zfs /usr/share/cockpit && \ rm -r /root/cockpit-zfs-manager +# Cockpit file sharing, and Samba users +RUN dnf -y install https://github.com/45Drives/cockpit-identities/releases/download/v0.1.12/cockpit-identities-0.1.12-1.el8.noarch.rpm \ + https://github.com/45Drives/cockpit-file-sharing/releases/download/v3.3.7/cockpit-file-sharing-3.3.7-1.el8.noarch.rpm + # Sanoid & Syncoid RUN git clone https://github.com/jimsalterjrs/sanoid.git /root/sanoid && \ cd /root/sanoid && git checkout $(git tag | grep "^v" | tail -n 1) && cp sanoid syncoid findoid sleepymutex /usr/local/sbin && \ @@ -31,7 +36,8 @@ RUN dnf -y install perl-Data-Dumper perl-Getopt-Long lzop mbuffer mhash pv && \ # Firewall RUN dnf -y install firewalld && \ - systemctl enable firewalld + systemctl enable firewalld && \ + firewall-offline-cmd --add-service cockpit # Allow sudo without password RUN echo "%wheel ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/wheel-passwordless-sudo -- cgit