Ubuntu 24.04 ships podman v4 which fixes a v3 issue
on loading images. With v4 loaded images keep the
image name if present.
Signed-off-by: David Cassany <dcassany@suse.com>
Ubuntu 24.04 is about to the version deployed with ubuntu-latest.
This commit is to start using it and validating it before the actual
change happens.
Signed-off-by: David Cassany <dcassany@suse.com>
* Expand downgrade test by upgrading back to origin after downgrading
Signed-off-by: David Cassany <dcassany@suse.com>
* Adapt github worflow to handle cache for downgrade tests and import the container images
Signed-off-by: David Cassany <dcassany@suse.com>
---------
Signed-off-by: David Cassany <dcassany@suse.com>
* Refactor CI to use a local registry
* Cache image and fetch image tarballs
* Composite fetch images
* Push to insecure registry with podman
* Simplify workflow runs
* Improve cache cleanup
* Improve ip detection
Signed-off-by: David Cassany <dcassany@suse.com>
* make configurable boot-assessment checks
Signed-off-by: David Cassany <dcassany@suse.com>
* Improve EventuallyConnects in tests
Signed-off-by: David Cassany <dcassany@suse.com>
* Fix fallback test
Signed-off-by: David Cassany <dcassany@suse.com>
* Store boot assessment variables in grubenv
This commit refactors the boot-assessment logic to run checks
with a customizable service and to store grub variables in
already existing files in EFI partition and OEM.
Also the EFI partition is made accessible in after-*-chroot
hooks. This makes easier to write and manage files in EFI
partition if needed (e.g. grub_oem_env variable file), without
having to relay on mounts or remounts.
Signed-off-by: David Cassany <dcassany@suse.com>
---------
Signed-off-by: David Cassany <dcassany@suse.com>
Add qemu settings for secure boot and add test in smoke suite to
actually test that secure boot is enabled.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Add mount command
The mount command mounts the system and is meant to run in an initrd to
actually mount the root filesystem and use systemd to switch-root into
it.
It also optionally writes an /etc/fstab file to the newly mounted
system so that systemd will mount the system after switching root.
The command is used in the new dracut module elemental-rootfs, which
will coexist with immutable-rootfs (they are functionally the same)
until immutable-rootfs can be deprecated.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Add tmpfs overlay mount
Mounts a tmpfs to /run/elemental/overlay with size= flag set
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Examples use the new elemental-rootfs
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Add persistent overlay mounts
Persistent mounts use the /run/elemental/persistent/.state directory to
store upper and work dirs.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Add sentinel files
Write sentinel file (active_mode, passive_mode, recovery_mode) to
/run/cos or /run/elemental based on which kernel cmdline is used
(cos-img/filename or elemental.image)
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Read kernel cmdline for mount
This commit adds capabilities to the mount command to read configuration
from the kernel cmdline. The supported parameters are:
* elemental.disable + rd.cos.disable
* elemental.image + cos-img/filename
* elemental.oemlabel + rd.cos.oemlabel
In the new elemental.image parameter we can specify
active|passive|recovery instead of the path to the image.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Enable recovery booting and reset
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Load env vars
Currently supported:
* OVERLAY
* RW_PATHS
* PERSISTENT_STATE_PATHS
* PERSISTENT_STATE_BIND
Loaded from files (if they exist):
* /run/elemental/layout.env
* /run/cos/cos-layout.env
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Run rootfs stage inside mount command
Since the rootfs stage should be run between mounting the image and
mounting the rest of the system I added a call to RunStage that takes
care of this and then uses godotenv dependency to actually load
/run/elemental/layout.env and /run/cos/cos-layout.env.
This means the old way of generating layout files will still work with
the new mount-command.
The caveat here is that in the current implementation the rootfs stage
will run twice, once from the elemental-setup-rootfs service and once
from this command. I would say the easiest way forward is to remove the
elemental-setup-rootfs when switching to elemental-rootfs as the default
mounting module.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Add persistent bind mounts
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Add block overlay
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Use registry.opensuse.org for example images
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Minor changes to get tests working
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Fsck partitions before mounting
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Fix for fsck
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
More mount tests
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Comment mount example configuration
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Add elemental-setup services to elemental-rootfs
The elemental-setup and rootfs features are heavily dependent on each
other.
This commit copies the elemental-setup feature into elemental-rootfs,
and changes the mount-command to actually start the
elemental-setup-rootfs service during mount to not run the yip rootfs
stage twice.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Fix lint goconst
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Add elemental-sysroot feature
The features elemental-sysroot, elemental-rootfs and elemental-setup are
used for mounting the root filesystem and all overlays.
elemental-sysroot is used for mounting state/recovery partition to
/run/elemental/state, and then mounting the image from the partition
based on kernel parameters.
elemental-setup actually runs the different stages of boot using
elemental run-stage command.
elemental-rootfs runs the 'elemental mount' command to mount tmpfs
overlays, persistent overlays and then writes the /etc/fstab to actually
mount when pivoting to the new root.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Update sysroot, setup and rootfs dracut modules
This commit goes through the early systemd services run in dracut and
adds Wants,Before,Requires to each step to make them run during the
correct stage of the bootup (man dracut.bootup).
We also change all the /run/cos and /run/initramfs/cos-state to the new
/run/elemental and /run/initramfs/elemental-state directories.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Test compatibility
Tests still use /run/cos, this commit adds back
/run/cos/active|passive|recovery_mode files
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Update to latest ele-testhelpers
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Forwards compatibility for immutable-rootfs feat
This commit makes the immutable-rootfs module forwards compatible with
the other changes in mount, elemental-sysroot and elemental-setup.
It uses the new elemental.image and elemental.oemlabel cmdline paramters
if found, otherwise falls back to the old parameters and also sets the
/run/elemental/active|passive|recovery_mode files.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Update init features for green and tumbleweed
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
* Remove oem mounts from elemental-setup-initramfs
This should fix installer-tests in CI since the /oem might not exist
when booting from ISO.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
---------
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
Adds several improvements:
* Check VM pid on 'EventuallyConnects'. So it does not wait for a
command to succeed if the underlaying VM crashed and it is not
running.
* Does not use '-daemonize' flag of qemu, now it simply runs on the
background and the stdout and stderr are redirected to vmstdout file.
* Does not install QEMU, the runner already has a recent QEMU version
installed. This saves several minutes on each macos job.
* Fixes some of the stability issues on macOS by disabling hugepages on
the kernel. This is not supported on macOS.
Signed-off-by: David Cassany <dcassany@suse.com>
This commit adds an installer test and moves the smoke
test to be executed on the installed system rather than the
disk build.
Signed-off-by: David Cassany <dcassany@suse.com>
* Add arm64 workflow
This commit adds arm64 to the build-matrix for PRs and checks if the PR
is labeled with arm64 before running.
ARM64 tests are run on self-hosted runners while x86_64 tests are still
run on github macos-latest runners.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
This commit makes the `make build-docs` work without errors again.
The docsy submodule was updated and added an npm-install step to
download dependencies used by docsy.
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>
This commit makes use of caches for qcow2 and ISO disks to speed up
CI tests and allow reuse if changes are not affecting them. Specially
interesting to iterate on tests without having to rebuild everything
when the changes are on the actual test.
Signed-off-by: David Cassany <dcassany@suse.com>
* Change green for teal as the default base
Signed-off-by: Itxaka <igarcia@suse.com>
* Revert auto bumped go.mod/sum
Signed-off-by: Itxaka <igarcia@suse.com>
* Rememeber that pr-docker jobs are deactivated
Signed-off-by: Itxaka <igarcia@suse.com>
* revert standard dockerfile for now
Signed-off-by: Itxaka <igarcia@suse.com>
* go.mod shenanigans
Signed-off-by: Itxaka <igarcia@suse.com>
* debuig: Add final repo to build iso for now
Signed-off-by: Itxaka <igarcia@suse.com>
* Add final repo to manifest when building local iso
So any missing packages on local build are obtained from the repo of our
flavor, instead of relyaing in the green repo
Signed-off-by: Itxaka <igarcia@suse.com>
* debug
Signed-off-by: Itxaka <igarcia@suse.com>
* bump cos & luet-mtree
Signed-off-by: Itxaka <igarcia@suse.com>
* Remove final repo on build images
We now use the manifest to add the proper repo with the proper priority
Signed-off-by: Itxaka <igarcia@suse.com>
* Fix repo url on iso build
Signed-off-by: Itxaka <igarcia@suse.com>
* Fix standard example
Signed-off-by: Itxaka <igarcia@suse.com>
* update docs
Signed-off-by: Itxaka <igarcia@suse.com>
* Bump version for tests
Signed-off-by: Itxaka <igarcia@suse.com>
* Debug
Signed-off-by: Itxaka <igarcia@suse.com>
* Fix tests to use the new --system-uri from elemental
Signed-off-by: Itxaka <igarcia@suse.com>
* Use hugo from toolchain
Signed-off-by: Ettore Di Giacinto <edigiacinto@suse.com>
* Bump bootstrap luet version
Signed-off-by: Ettore Di Giacinto <edigiacinto@suse.com>
* ci: remove dangling container after bootstrap
Signed-off-by: Ettore Di Giacinto <edigiacinto@suse.com>
* ci: correctly skip EFI section
Replace with a smaller test and mark to pending the remaining
Signed-off-by: Ettore Di Giacinto <edigiacinto@suse.com>
* ci: Disable flaky EFI tests
See #1202
Signed-off-by: Ettore Di Giacinto <edigiacinto@suse.com>
* ci: Split up installer tests
Signed-off-by: Ettore Di Giacinto <edigiacinto@suse.com>
* ci: trigger on test changes
Signed-off-by: Ettore Di Giacinto <edigiacinto@suse.com>
* ci: Add docker install in bootstrap script
Also add checksum verification when downloading the blob with curl
Signed-off-by: Ettore Di Giacinto <edigiacinto@suse.com>
* ci: Force docker install in our pipeline
Signed-off-by: Ettore Di Giacinto <edigiacinto@suse.com>
* ci: Add arch to CI builds
This adds an arch value to the ci templates in order to differentiate
between the current amd64 and future arches that we may add.
On top of that it expands the ci templates with the labels value which
would add an extra step to the workflow in order to check for the given
labels in the PR and fail the workflow otherwise (Useful for arches,
do-not-test, etc...)
It also adds an arm64 workflow that runs on self runners for PRs labeled
with the arm64 label. Currently a separated one as its experimental..and
we dont have arm54 runners yet :D
Signed-off-by: Itxaka <igarcia@suse.com>
* ghrunner: missing deps
Add missing deps to runner image (sudo, git) and fix the labels option
for the runner
Signed-off-by: Itxaka <igarcia@suse.com>
* ghrunner: bump runner version
Signed-off-by: Itxaka <igarcia@suse.com>
* ci: introduce skip_docker_build
In case we want to skip the docker builds
Signed-off-by: Itxaka <igarcia@suse.com>
* ci: disable iso/tests for arm64
Currently experimental so we better dont spend cycles on that
Signed-off-by: Itxaka <igarcia@suse.com>
* ci: Set different repos if arch is not amd64
We agreed that the current amd64 repo will kep its name as its the
"default" or what we expect most users to use and for the rest of arches
we would use the suffix $arch on them
Signed-off-by: Itxaka <igarcia@suse.com>
* ci: Small fix to skip images in github-release
if the images are skipped we need also to not have them as need in the
release-github job
Signed-off-by: Itxaka <igarcia@suse.com>
* ci: add release for arm64
Signed-off-by: Itxaka <igarcia@suse.com>
* ci: Fix image link to use the arch in the file name
Also fixes a small issue with github-release which was downloading all
files without checking if they were requested
Signed-off-by: Itxaka <igarcia@suse.com>
* ci: rename arm files to arm64
Signed-off-by: Itxaka <igarcia@suse.com>
* ci: add master for arm64
Adds master workflow for arm64 which will build and push all flavors on
arm64 branches
Signed-off-by: Itxaka <igarcia@suse.com>
* ci: Allow not installing luet from cos repo
Currently we use the cos repo to install or "upgrade" luet but for newly
arches we may not have pushed the required artifacts yet. This allows a
different path by just copying the downloaded luet into its proper dir
Signed-off-by: Itxaka <igarcia@suse.com>
* ci: dont install luet from repo for arm64
At least we need this to pass 1 master run to have the proper artifacts
in place
Signed-off-by: Itxaka <igarcia@suse.com>
* ci: clean luet binaries and paths on local runners
Otherwise the install script will fail and we want a clean start
Signed-off-by: Itxaka <igarcia@suse.com>
* fixup: I dont know how to write the mv command
Signed-off-by: Itxaka <igarcia@suse.com>
* ci: Fix wrong repo for luet
Signed-off-by: Itxaka <igarcia@suse.com>
* ci: separate arch values and change amd64 name
Separate the values files into archs so it build the correct packages
(golang)
Also change from amd64 to x86_64
Signed-off-by: Itxaka <igarcia@suse.com>
* templates: introduce do_checksum template
Useful to auto check if we want the checksum or not
Signed-off-by: Itxaka <igarcia@suse.com>
* build.go: Allow for skipping packages to build
The automatic checker tries to get all missing packages but does not
accep a skip packages var in order to be able to skip some packages.
This introduces a new var SKIP_PACKAGES in the same format as the
PACKAGES var for building that accepts a space separated list of
packages in the format category/name and will skip those packages from
the automated build (which is the only thing using the build.go stuff I
think)
Signed-off-by: Itxaka <igarcia@suse.com>
* ci: skip fips related packages in arm64
There is no arm64 (or other arches than x86_64) golang-fips available
Signed-off-by: Itxaka <igarcia@suse.com>
* ci: disable building live/grub* packages
currently failing as they depend on the proper arch
Signed-off-by: Itxaka <igarcia@suse.com>
* ci: drop more live-* packages from arm64 builds
Signed-off-by: Itxaka <igarcia@suse.com>
* arm64: fix grub2-efi-image package
Now it supports the arm64 path to generate a valid package
Signed-off-by: Itxaka <igarcia@suse.com>
* fix get_luet script
Signed-off-by: Itxaka <igarcia@suse.com>
* k9s: add binutils to prelude
Seems like on arm64 binutils is not installed
Signed-off-by: Itxaka <igarcia@suse.com>
* makefile: Fix cache for luet based off the current arch
Signed-off-by: Itxaka <igarcia@suse.com>
* k9s: add binutils-gold package install
Looks like compiling k9s in arm64 requires the gold linker
Signed-off-by: Itxaka <igarcia@suse.com>
* values: drop i386 package from arm64 build
Signed-off-by: Itxaka <igarcia@suse.com>
* Consume toolchain from our repository. Add jq
Also add envrc helper to expose raw img disk creation.
Signed-off-by: Ettore Di Giacinto <edigiacinto@suse.com>
* Build nerdctl and k9s from source
Co-authored-by: Darren Shepherd <darren@rancher.com>
Signed-off-by: Ettore Di Giacinto <edigiacinto@suse.com>
Co-authored-by: Darren Shepherd <darren@rancher.com>
David Cassany