search

osbuild / bootc-image-builder

A container for deploying bootable container images.
https://osbuild.org
Apache License 2.0
143 stars 58 forks source link

kickstart users and/or groups are not compatible with user-supplied kickstart content when build iso after # 438 mereged #528

Closed chunfuwen closed 4 months ago

chunfuwen commented 4 months ago

Steps : 1) After https://github.com/osbuild/bootc-image-builder/pull/438/files merged, build out one local boot-image-builder 2) Prepare one config.json with kickstart contents

cat config.json 
{"blueprint": {"customizations": {"user": [{"name": "alice", "password": "bob", "groups": ["wheel"], "key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCa26Mh2J+PAxTVSxnBqqYNTsjwJZf7C2b/xzU6VMj5jUb2FOK6fjXI7qXc9CjHINIh++zHEe1/Z4KRHfcnfzdAsfPGUw/stSQEb+9sbziyRJWY/DvDEW5NKQPuBGDY6Pu20aJLLpS8e1Ed2QyPQXxr5eh81gbVACV3VJ+fVTaWS/0W4/CxeJk73o2kNPiqoT6Hs/h3Shs9OpbPiSOayjEoKJ194uYGO5hPF/N4sWt4eH1UQk/ZmWSWBSo1hVV1QIasWHlwjviJFrgcEof6Spng/WFXIbJzIzgnPIUjJ6NZmjvkXeop4IJ1FUQa+nqru+wd5RwE9OaVgUsmBSVDkL52nb6wy7htO+JZmWdXS1xjcHdU/5lHvmSIT6sfRXesNeqpd6HpTphtOnRN2uQ2vsIBYZn8EYx9Xf1G+nAu9V+OyxQCZM/ZrNV6Dwc9+Xda8QVskbzQtBPuGEaoEtB2jkWntjsvibcD0G3RCk= root@dxx.pek2.redhat.com"}], "kernel": {"append": "mitigations=auto,nosmt"}, "installer": {"kickstart": {"contents": "text --non-interactive\nzerombr\nclearpart --all --initlabel --disklabel=gpt\nautopart --noswap --type=lvm\nnetwork --bootproto=dhcp --device=link --activate --onboot=on"}}}}}

3) Execute boot-image-builder command as below

sudo podman run --rm -it --privileged --pull=newer --security-opt label=type:unconfined_t -v /var/lib/libvirt/images/output:/output -v /var/lib/libvirt/images/config.json:/config.json   localhost/bootc-image-builder:latest  --type anaconda-iso --tls-verify=true  --config /config.json  quay.io/centos-bootc/centos-bootc:stream9  --chown 107:107 
Generating manifest manifest-anaconda-iso.json
Trying to pull quay.io/centos-bootc/centos-bootc:stream9...
Getting image source signatures
Copying blob e1fc4a4ee448 done   | 
...

Writing manifest to image destination
2024/07/05 08:20:07 error: cannot build manifest: cannot get manifest: kickstart users and/or groups are not compatible with user-supplied kickstart content
mvo5 commented 4 months ago

Thanks for reporting this issue.

This is currently intentional, when using custom kickstart scripts the customization needs to be done via the custom kickstart script too. So in your case the user alice would have to be added to the custom kickstart (@achilleas-k please correct me here if I misremember this).

We may reconsider/rethink this if it's too burdensome on the users. Our rational is that custom kickstarts are very much a poweruser feature and because they are so open-ended merging them and our own kickstart generated from customizations is hard in the general case.

achilleas-k commented 4 months ago

We may reconsider/rethink this if it's too burdensome on the users. Our rational is that custom kickstarts are very much a poweruser feature and because they are so open-ended merging them and our own kickstart generated from customizations is hard in the general case.

Yup, this pretty much sums it up. Merging a custom, open-ended kickstart file from the user with bits that we generate from the blueprint would be quite difficult and probably very error prone. We consider that if users are writing a kickstart file, they're in "expert mode" and will write everything they need themselves.

chunfuwen commented 4 months ago

this is expected behavior