COS-2692: Add new variants to enable pure CentOS Stream/RHEL CoreOS builds, add Containerfile for layered OKD/OCP builds

Containerfile

@@ -0,0 +1,33 @@
+# This builds the final OCP node image on top of the base RHCOS image. The
+# latter may be RHEL or CentOS Stream-based. This is currently only buildable
+# using podman/buildah as it uses some mounting options only available there.
+#
+# To build this, you will want to pass `--security-opt=label=disable` to avoid
+# having to relabel the context directory. Any repos found in `/run/yum.repos.d`
+# will be imported into `/etc/yum.repos.d/` and then removed in the same step (so
+# as to not end up in the final image).
+#
+# Use `--from` to override the base RHCOS image. E.g.:
+#
+# podman build --from quay.io/openshift-release-dev/ocp-v4.0-art-dev:rhel-coreos-base-9.4 ...
+#
+# Or to use a locally built OCI archive:
+#
+# podman build --from oci-archive:builds/latest/x86_64/scos-9-20240416.dev.0-ostree.x86_64.ociarchive ...
+
+# If consuming from repos hosted within the RH network, you'll want to mount in
+# certs too:
+#
+# podman build -v /etc/pki/ca-trust:/etc/pki-ca-trust:ro ...
+#
+# Example invocation:
+#
+# podman build --from oci-archive:$(ls builds/latest/x86_64/*.ociarchive) \
+#   -v rhel-9.4.repo:/run/yum.repos.d/rhel-9.4.repo:ro \
+#   -v /etc/pki/ca-trust:/etc/pki/ca-trust:ro \
+#   --security-opt label=disable -t localhost/openshift-node-c9s \
+#   src/config
+
+FROM quay.io/openshift-release-dev/ocp-v4.0-art-dev:rhel-coreos-base-c9s
+RUN --mount=type=bind,target=/run/src /run/src/scripts/apply-manifest /run/src/packages-openshift.yaml && \
+  ostree container commit

README.md

@@ -13,12 +13,17 @@ To support building both a RHEL-based and a CentOS Stream-based CoreOS, the
 coreos-assembler concept of [variants] is used. The following variants are
 supported:
 
-- `rhel-9.4`: RHEL 9.4-based CoreOS; including OpenShift components.
-- `c9s`: CentOS Stream-based CoreOS, including OpenShift components. This
+- `rhel-9.4`: RHEL 9.4-based CoreOS; without OpenShift components.
+- `ocp-rhel-9.4`: RHEL 9.4-based CoreOS; including OpenShift components.
+- `c9s`: CentOS Stream-based CoreOS, without OKD components.
+- `okd-c9s`: CentOS Stream-based CoreOS, including OpenShift components. This
   currently includes some packages from RHEL because not all packages required
   by OpenShift are provided in CentOS Stream.
 
-The default variant is `rhel-9.4`.
+In the future, the `ocp-*` variants will be removed. Instead, OpenShift
+components will be layered by deriving from the `rhel-9.4`/`c9s` images.
+
+The default variant is `ocp-rhel-9.4`.
 
 ## Reporting issues
 

ci/prow-entrypoint.sh

@@ -305,36 +305,36 @@ main() {
             prepare_repos
             ;;
         "build" | "init-and-build-default")  # TODO: change prow job to use init-and-build-default
-            cosa_init "rhel-9.4"
+            cosa_init "ocp-rhel-9.4"
             cosa_build
             ;;
         "rhcos-cosa-prow-pr-ci")
             setup_user
-            cosa_init "rhel-9.4"
+            cosa_init "ocp-rhel-9.4"
             cosa_build
             kola_test_qemu
             ;;
         "rhcos-9-build-test-qemu")
             setup_user
-            cosa_init "rhel-9.4"
+            cosa_init "ocp-rhel-9.4"
             cosa_build
             kola_test_qemu
             ;;
         "rhcos-9-build-test-metal")
             setup_user
-            cosa_init "rhel-9.4"
+            cosa_init "ocp-rhel-9.4"
             cosa_build
             kola_test_metal
             ;;
         "scos-9-build-test-qemu")
             setup_user
-            cosa_init "c9s"
+            cosa_init "okd-c9s"
             cosa_build
             kola_test_qemu
             ;;
         "scos-9-build-test-metal")
             setup_user
-            cosa_init "c9s"
+            cosa_init "okd-c9s"
             cosa_build
             kola_test_metal
             ;;

common.yaml

@@ -43,6 +43,21 @@ conditional-include:
 documentation: false
 
 postprocess:
+  # Mark the OS as of the CoreOS variant.
+  # XXX: should be part of a centos/redhat-release subpackage instead
+  - |
+     #!/usr/bin/bash
+     set -euo pipefail
+     cat >> /usr/lib/os-release <<EOF
+     VARIANT=CoreOS
+     VARIANT_ID=coreos
+     EOF
+
+     # And put "CoreOS" in NAME and PRETTY_NAME
+     sed -i -e 's/^NAME="\(.*\)"/NAME="\1 CoreOS"/' /usr/lib/os-release
+     . /usr/lib/os-release
+     sed -i -e "s/^PRETTY_NAME=.*/PRETTY_NAME=\"$NAME $VERSION\"/" /usr/lib/os-release
+
   # TEMPORARY: Create /etc/vmware-tools/tools.conf to ensure RHCOS shows up properly in VMWare
   # See https://jira.coreos.com/browse/RHCOS-258
   - |

extensions-ocp-rhel-9.4.yaml

@@ -0,0 +1 @@
+extensions-rhel-9.4.yaml

extensions-okd-c9s.yaml

@@ -0,0 +1 @@
+extensions-c9s.yaml

extensions.yaml

@@ -1 +1 @@
-extensions-rhel-9.4.yaml
+extensions-ocp-rhel-9.4.yaml

image-ocp-rhel-9.4.yaml

@@ -0,0 +1 @@
+image-rhel-9.4.yaml

image-okd-c9s.yaml

@@ -0,0 +1 @@
+image-c9s.yaml

image.yaml

@@ -1 +1 @@
-image-rhel-9.4.yaml
+image-ocp-rhel-9.4.yaml

manifest-c9s.yaml

@@ -1,123 +1,28 @@
-# Manifest for CentOS Stream CoreOS (SCOS)
+# Manifest for CentOS Stream CoreOS 9
 
 rojig:
   license: MIT
   name: scos
-  summary: OKD 4
+  summary: CentOS Stream CoreOS 9
 
 variables:
   osversion: "c9s"
 
-# Include manifests common to all RHEL and CentOS Stream versions and manifest
-# common to RHEL 9 & C9S variants
+# Include manifests common to all RHEL and CentOS Stream versions
 include:
   - common.yaml
-  - packages-openshift.yaml
   - overrides-c9s.yaml
 
-# Starting from here, everything should be specific to SCOS
-
-# CentOS Stream 9 repos + internal repos for now
 repos:
   - c9s-baseos
   - c9s-appstream
-  # CentOS Extras Common repo for SIG RPM GPG keys
-  - c9s-extras-common
-  # CentOS NFV SIG repo for openvswitch
-  - c9s-sig-nfv
-  # CentOS Cloud SIG repo for cri-o, cri-tools and conmon-rs
-  - c9s-sig-cloud-okd
-  # Include RHCOS 9 repo for oc, hyperkube
-  - rhel-9.4-server-ose-4.17
-
-# We include hours/minutes to avoid version number reuse
-automatic-version-prefix: "417.9.<date:%Y%m%d%H%M>"
-# This ensures we're semver-compatible which OpenShift wants
-automatic-version-suffix: "-"
-# Keep this is sync with the version in postprocess
-mutate-os-release: "4.17"
-
-postprocess:
-  - |
-     #!/usr/bin/env bash
-     set -xeo pipefail
 
-     # Tweak /usr/lib/os-release
-     grep -v -e "OSTREE_VERSION" -e "OPENSHIFT_VERSION" /etc/os-release > /usr/lib/os-release.stream
-     (
-     . /etc/os-release
-     cat > /usr/lib/os-release <<EOF
-     NAME="${NAME} CoreOS"
-     ID="scos"
-     ID_LIKE="rhel fedora"
-     VERSION="${OSTREE_VERSION}"
-     VERSION_ID="${OPENSHIFT_VERSION}"
-     VARIANT="CoreOS"
-     VARIANT_ID=coreos
-     PLATFORM_ID="${PLATFORM_ID}"
-     PRETTY_NAME="${NAME} CoreOS ${OSTREE_VERSION}"
-     ANSI_COLOR="${ANSI_COLOR}"
-     CPE_NAME="${CPE_NAME}::coreos"
-     HOME_URL="${HOME_URL}"
-     DOCUMENTATION_URL="https://docs.okd.io/latest/welcome/index.html"
-     BUG_REPORT_URL="https://access.redhat.com/labs/rhir/"
-     REDHAT_BUGZILLA_PRODUCT="OpenShift Container Platform"
-     REDHAT_BUGZILLA_PRODUCT_VERSION="${OPENSHIFT_VERSION}"
-     REDHAT_SUPPORT_PRODUCT="OpenShift Container Platform"
-     REDHAT_SUPPORT_PRODUCT_VERSION="${OPENSHIFT_VERSION}"
-     OPENSHIFT_VERSION="${OPENSHIFT_VERSION}"
-     OSTREE_VERSION="${OSTREE_VERSION}"
-     EOF
-     )
-     rm -f /etc/os-release
-     ln -s ../usr/lib/os-release /etc/os-release
+# Eventually we should try to build these images as part of the c9s composes.
+# In that case, the versioning should instead be exactly the same as the pungi
+# compose ID.
+automatic-version-prefix: "9.<date:%Y%m%d%H%M>"
 
-     # Tweak /etc/system-release, /etc/system-release-cpe & /etc/redhat-release
-     (
-     . /etc/os-release
-     cat > /usr/lib/system-release-cpe <<EOF
-     ${CPE_NAME}
-     EOF
-     cat > /usr/lib/system-release <<EOF
-     ${NAME} release ${VERSION_ID}
-     EOF
-     rm -f /etc/system-release-cpe /etc/system-release /etc/redhat-release
-     ln -s /usr/lib/system-release-cpe /etc/system-release-cpe
-     ln -s /usr/lib/system-release /etc/system-release
-     ln -s /usr/lib/system-release /etc/redhat-release
-     )
+mutate-os-release: "9"
 
-     # Tweak /usr/lib/issue
-     cat > /usr/lib/issue <<EOF
-     \S \S{VERSION_ID}
-     EOF
-     rm -f /etc/issue /etc/issue.net
-     ln -s /usr/lib/issue /etc/issue
-     ln -s /usr/lib/issue /etc/issue.net
-
-# Packages that are only in SCOS and not in RHCOS or that have special
-# constraints that do not apply to RHCOS
 packages:
- # We include the generic release package and tweak the os-release info in a
- # post-proces script
  - centos-stream-release
- # RPM GPG keys for CentOS SIG repos
- - centos-release-cloud-common
- - centos-release-nfv-common
- - centos-release-virt-common
-
-# Packages pinned to specific repos in SCOS 9
-repo-packages:
-  # We always want the kernel from BaseOS
-  - repo: c9s-baseos
-    packages:
-      - kernel
-  - repo: c9s-appstream
-    packages:
-      # We want the one shipping in C9S, not the equivalently versioned one in RHAOS
-      - nss-altfiles
-      # Use the new containers/toolbox
-      - toolbox
-      # The one shipping in C9S is temporarily lower versioned, so be explicit
-      # https://github.com/openshift/os/issues/1505
-      - containers-common

manifest-ocp-rhel-9.4.yaml

@@ -0,0 +1,100 @@
+# Manifest for OCP node based on RHEL 9.4
+# Note: this manifest is temporary; in the future, OCP components will be layered instead.
+
+rojig:
+  license: MIT
+  name: rhcos
+  summary: OpenShift 4.17
+
+variables:
+  osversion: "rhel-9.4"
+
+# Include manifests common to all RHEL and CentOS Stream versions and manifest
+# common to RHEL 9 & C9S variants
+include:
+  - manifest-rhel-9.4.yaml
+  - packages-openshift.yaml
+
+# Additional repos we need for OCP components
+repos:
+  - rhel-9.4-fast-datapath
+  - rhel-9.4-server-ose-4.17
+
+# We include hours/minutes to avoid version number reuse
+automatic-version-prefix: "417.94.<date:%Y%m%d%H%M>"
+# This ensures we're semver-compatible which OpenShift wants
+automatic-version-suffix: "-"
+# Keep this is sync with the version in postprocess
+mutate-os-release: "4.17"
+
+postprocess:
+  - |
+     #!/usr/bin/env bash
+     set -xeo pipefail
+
+     # Tweak /usr/lib/os-release
+     grep -v -e "OSTREE_VERSION" -e "OPENSHIFT_VERSION" /etc/os-release > /usr/lib/os-release.rhel
+     (
+     . /etc/os-release
+     cat > /usr/lib/os-release <<EOF
+     NAME="${NAME}"
+     ID="rhcos"
+     ID_LIKE="rhel fedora"
+     VERSION="${OSTREE_VERSION}"
+     VERSION_ID="${OPENSHIFT_VERSION}"
+     VARIANT="${VARIANT}"
+     VARIANT_ID=${VARIANT_ID}
+     PLATFORM_ID="${PLATFORM_ID}"
+     PRETTY_NAME="${NAME} ${OSTREE_VERSION}"
+     ANSI_COLOR="${ANSI_COLOR}"
+     CPE_NAME="${CPE_NAME}::coreos"
+     HOME_URL="${HOME_URL}"
+     DOCUMENTATION_URL="https://docs.okd.io/latest/welcome/index.html"
+     BUG_REPORT_URL="https://access.redhat.com/labs/rhir/"
+     REDHAT_BUGZILLA_PRODUCT="OpenShift Container Platform"
+     REDHAT_BUGZILLA_PRODUCT_VERSION="${OPENSHIFT_VERSION}"
+     REDHAT_SUPPORT_PRODUCT="OpenShift Container Platform"
+     REDHAT_SUPPORT_PRODUCT_VERSION="${OPENSHIFT_VERSION}"
+     OPENSHIFT_VERSION="${OPENSHIFT_VERSION}"
+     RHEL_VERSION=9.4
+     OSTREE_VERSION="${OSTREE_VERSION}"
+     EOF
+     )
+     rm -f /etc/os-release
+     ln -s ../usr/lib/os-release /etc/os-release
+
+     # Tweak /etc/system-release, /etc/system-release-cpe & /etc/redhat-release
+     (
+     . /etc/os-release
+     cat > /usr/lib/system-release-cpe <<EOF
+     ${CPE_NAME}
+     EOF
+     cat > /usr/lib/system-release <<EOF
+     ${NAME} release ${VERSION_ID}
+     EOF
+     rm -f /etc/system-release-cpe /etc/system-release /etc/redhat-release
+     ln -s /usr/lib/system-release-cpe /etc/system-release-cpe
+     ln -s /usr/lib/system-release /etc/system-release
+     ln -s /usr/lib/system-release /etc/redhat-release
+     )
+
+     # Tweak /usr/lib/issue
+     cat > /usr/lib/issue <<EOF
+     \S \S{VERSION_ID}
+     EOF
+     rm -f /etc/issue /etc/issue.net
+     ln -s /usr/lib/issue /etc/issue
+     ln -s /usr/lib/issue /etc/issue.net
+
+# Packages pinned to specific repos in RHCOS 9
+repo-packages:
+  - repo: rhel-9.4-appstream
+    packages:
+      - nss-altfiles
+  - repo: rhel-9.4-server-ose-4.17
+    packages:
+      - conmon-rs
+      - cri-o
+      - cri-tools
+      - openshift-clients
+      - openshift-kubelet