From ad0fd81bd8ae0ff6b62bebbabb8cb811da15ed8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= Date: Tue, 20 Feb 2024 12:42:10 +0100 Subject: [PATCH] docs: Move s390x boot_devices sugar to ocp 4.16.0-experimental It depends on fcos 1.6.0-experimental See: https://github.com/coreos/butane/pull/484 See: https://github.com/coreos/butane/pull/514 Fixes: https://github.com/coreos/butane/pull/517 --- docs/config-openshift-v4_15.md | 2 +- docs/release-notes.md | 3 ++- internal/doc/butane.yaml | 13 ++++++++++++- 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/docs/config-openshift-v4_15.md b/docs/config-openshift-v4_15.md index 4ca3be1f..5dd4e431 100644 --- a/docs/config-openshift-v4_15.md +++ b/docs/config-openshift-v4_15.md @@ -156,7 +156,7 @@ The OpenShift configuration is a YAML document conforming to the following speci * **_ssh_authorized_keys_** (list of strings): a list of SSH keys to be added as an SSH key fragment at `.ssh/authorized_keys.d/ignition` in the user's home directory. All SSH keys must be unique. * **_ssh_authorized_keys_local_** (list of strings): a list of local paths to SSH key files, relative to the directory specified by the `--files-dir` command-line argument, to be added as SSH key fragments at `.ssh/authorized_keys.d/ignition` in the user's home directory. All SSH keys must be unique. Each file may contain multiple SSH keys, one per line. * **_boot_device_** (object): describes the desired boot device configuration. At least one of `luks` or `mirror` must be specified. - * **_layout_** (string): the disk layout of the target OS image. Supported values are `aarch64`, `ppc64le`, `s390x-eckd`, `s390x-virt`, `s390x-zfcp`, and `x86_64`. Defaults to `x86_64`. + * **_layout_** (string): the disk layout of the target OS image. Supported values are `aarch64`, `ppc64le`, and `x86_64`. Defaults to `x86_64`. * **_luks_** (object): describes the clevis configuration for encrypting the root filesystem. * **_tang_** (list of objects): describes a tang server. Every server must have a unique `url`. * **url** (string): url of the tang server. diff --git a/docs/release-notes.md b/docs/release-notes.md index e6804eb2..54f516e4 100644 --- a/docs/release-notes.md +++ b/docs/release-notes.md @@ -12,6 +12,7 @@ nav_order: 9 ### Features +- Add SElinux sugar to butane which will allow users import costum SElinux modules. ### Bug fixes @@ -33,7 +34,7 @@ key](https://getfedora.org/security/). ### Features -- Support s390x layouts in `boot_device` section (fcos 1.6.0-exp, openshift 4.15.0-exp) +- Support s390x layouts in `boot_device` section (fcos 1.6.0-exp, openshift 4.16.0-exp) - Stabilize OpenShift spec 4.15.0, targeting Ignition spec 3.4.0 - Add OpenShift spec 4.16.0-experimental, targeting Ignition spec 3.5.0-experimental diff --git a/internal/doc/butane.yaml b/internal/doc/butane.yaml index bd92b4b7..f40b5e15 100644 --- a/internal/doc/butane.yaml +++ b/internal/doc/butane.yaml @@ -330,7 +330,7 @@ root: - variant: fcos min: 1.6.0-experimental - variant: openshift - min: 4.15.0-experimental + min: 4.16.0-experimental - name: luks desc: describes the clevis configuration for encrypting the root filesystem. children: @@ -386,6 +386,17 @@ root: if: - variant: openshift max: 4.15.0 + - name: selinux + after: $ + desc: simplifies security policy configuration through direct integration with Ignition, facilitating the generation of SELinux modules. + children: + - name: modules + desc: a module retains the data necessary for generating SELinux files. + children: + - name: name + desc: module name + - name: contents + desc: all the information provided that will be the configuration of the SELinux module - name: openshift after: $ desc: describes miscellaneous OpenShift configuration. Respected when rendering to a MachineConfig, ignored when rendering directly to an Ignition config.