search

redhat-manufacturing / device-edge-workshops

GNU General Public License v2.0
22 stars 17 forks source link

Microshift offline images #97

Closed luisarizmendi closed 4 months ago

luisarizmendi commented 5 months ago

I had to include a block in the Image Builder playbook to configure the Microshift repositories and the required files to be able to use Microshift offline container images as part of the generated RHDE image.

In the PR you will find many other changes but those are only related to the gitops-demo, the main block in compose-images.yaml is:

    - name: Add Microshift repositories and offline image assets
      when: microshift_release is defined
      block: 
        - name: Create rhocp-{{ microshift_release }}.toml configuration file
          copy:
            dest: "/tmp/rhocp-{{ microshift_release }}.toml"
            content: |
              id = "rhocp-{{ microshift_release }}"
              name = "Red Hat OpenShift Container Platform {{ microshift_release }} for RHEL 9"
              type = "yum-baseurl"
              url = "https://cdn.redhat.com/content/dist/layered/rhel9/{{ ansible_architecture }}/rhocp/{{ microshift_release }}/os"
              check_gpg = true
              check_ssl = true
              system = false
              rhsm = true

        - name: Create fast-datapath.toml configuration file
          copy:
            dest: "/tmp/fast-datapath.toml"
            content: |
              id = "fast-datapath"
              name = "Fast Datapath for RHEL 9"
              type = "yum-baseurl"
              url = "https://cdn.redhat.com/content/dist/layered/rhel9/{{ ansible_architecture }}/fast-datapath/os"
              check_gpg = true
              check_ssl = true
              system = false
              rhsm = true

        - name: Add sources to Image Builder
          command: "sudo composer-cli sources add {{ item }}"
          loop:
            - "/tmp/rhocp-{{ microshift_release }}.toml"
            - "/tmp/fast-datapath.toml"

        - name: Enable OCP repo on the host for Microshift
          community.general.rhsm_repository:
            state: enabled
            name: "rhocp-{{ microshift_release }}-for-rhel-9-{{ ansible_architecture }}-rpms"

        - name: Getting microshift-release-info package
          ansible.builtin.shell:
            cmd: dnf download microshift-release-info
          register: _dnf_output

        - name: Display captured _dnf_output string
          debug:
            var: _dnf_output

        - name: Capture filename from the output
          set_fact:
            _microshift_release_info_string: >-
              {{
                _dnf_output.stdout
                | regex_search('microshift-release-info-[^\n:]*')
                | default('')
                | regex_replace(':$', '')
              }}

        - name: Display captured microshift-release-info string
          debug:
            var: _microshift_release_info_string

        - name: Running rpm2cpio for the microshift-release-info package
          ansible.builtin.shell:
            cmd: rpm2cpio {{ _microshift_release_info_string }} | cpio -idmv

        - name: Extracting the Microshift images to a file in the HTTP server
          ansible.builtin.shell:
            cmd: jq -r '.images | .[] | ("[[containers]]\nsource = \"" + . + "\"\n")' "./usr/share/microshift/release/release-{{ ansible_architecture }}.json" >> "/var/www/html/microshift-offline-images"

        - name: Set permissions on the /var/www/html/microshift-offline-images directory
          file:
            path: "/var/www/html/microshift-offline-images"
            mode: "0755"

        - name: Create /etc/osbuild-worker/ directory
          file:
            path: /etc/osbuild-worker/
            state: directory
          when: pull_secret is defined

        - name: Put pull_secret into /etc/osbuild-worker/pull-secret.json
          copy:
            content: "{{ pull_secret }}"
            dest: /etc/osbuild-worker/pull-secret.json
          when: pull_secret is defined

        - name: Create /etc/osbuild-worker/osbuild-worker.toml
          copy:
            content: |
              [containers]
              auth_file_path = "/etc/osbuild-worker/pull-secret.json"
            dest: /etc/osbuild-worker/osbuild-worker.toml
          when: pull_secret is defined

        - name: Restart osbuild-worker@1.service
          systemd:
            name: osbuild-worker@1
            state: restarted
          when: pull_secret is defined
jjaswanson4 commented 5 months ago

Couple of things:

  1. This needs to be 2 PRs - One for changes specific to the gitops demo, the other for the microshift stuff
  2. The microshift piece does not need to be done at a "global" level, the individual demos/workshops determine if microshift if desired.
  3. There are already demos/workshops with microshift, the enabling/disabling of repos/etc is handled by infra.osbuild, not by the playbooks or roles in this repo - we simply pass the additional information off
jjaswanson4 commented 5 months ago

Example: the summit_connect_2023 demo actually has both non-microshift and microshift images composed:

https://github.com/redhat-manufacturing/device-edge-workshops/blob/main/provisioner/demo_vars/summit_connect_2023.yml#L190

images_to_compose contains all the images that will be composed. Versions 1-4 do not have microshift, while version 5 does.

The vaeiable rhsm_repos is passed on to infra.osbuild, which enables the repos and runs the compose.

jjaswanson4 commented 5 months ago

I do like the offline images for microshift piece, but can we toss that in its own playbook? "microshift-offline" or something like that, then individual demos/workshops can call on it when they want a totally offline microshift image.

luisarizmendi commented 5 months ago

Josh, thanks for the comments, here some clarifications to them:

This needs to be 2 PRs - One for changes specific to the gitops demo, the other for the microshift stuff

OK!

The microshift piece does not need to be done at a "global" level, the individual demos/workshops determine if microshift if desired.

That block is only executed if microshift_release is defined, so it already is in the individual demo/workshops where you determine if those steps will be done (in workshop extra-vars.yaml ). That's the same approach as when we use extra-vars.yaml to select the steps done from the "global" level playbook depending with workshop or a demo is (with variables workshop_or_demo and workshop_type). Maybe instead of using microshift_release we can add an additional variable such as enable_microshift: true but I didn't include that one in order to minimize the number of variables (we still need to know the microshift release)

There are already demos/workshops with microshift, the enabling/disabling of repos/etc is handled by infra.osbuild, not by the playbooks or roles in this repo - we simply pass the additional information off

Yes, that's true but the thing with offline images is that you need to enable the OCP repos (to install an additional RPM package that is only there) in the host besides adding the external sources when building the image: https://access.redhat.com/documentation/en-us/red_hat_build_of_microshift/4.14/html/installing/microshift-embed-in-rpm-ostree-for-offline-use#microshift-embed-microshift-image-offline-deployment_microshift-embed-rpm-ostree-offline-use