Skip to content

Commit

Permalink
Update examples and use local ipxe script (#3097)
Browse files Browse the repository at this point in the history
Signed-off-by: Itxaka <[email protected]>
  • Loading branch information
Itxaka authored Dec 24, 2024
1 parent 4740ada commit 6bb41bc
Show file tree
Hide file tree
Showing 6 changed files with 136 additions and 140 deletions.
7 changes: 6 additions & 1 deletion Earthfile
Original file line number Diff line number Diff line change
Expand Up @@ -613,7 +613,12 @@ netboot:
RUN isoinfo -x /rootfs.squashfs -R -i kairos.iso > ${ISO_NAME}.squashfs
RUN isoinfo -x /boot/kernel -R -i kairos.iso > ${ISO_NAME}-kernel
RUN isoinfo -x /boot/initrd -R -i kairos.iso > ${ISO_NAME}-initrd
RUN envsubst >> ${ISO_NAME}.ipxe < /ipxe.tmpl
RUN printf "#!ipxe\n" > ${ISO_NAME}.ipxe
RUN printf "set dns 8.8.8.8\n" >> ${ISO_NAME}.ipxe
RUN printf "ifconf\n" >> ${ISO_NAME}.ipxe
RUN printf "kernel ${RELEASE_URL}/${VERSION}/${ISO_NAME}-kernel root=live:${RELEASE_URL}/${VERSION}/${ISO_NAME}.squashfs initrd=${ISO_NAME}-initrd rd.neednet=1 ip=dhcp rd.cos.disable netboot install-mode config_url=${config} console=tty1 console=ttyS0 rd.live.overlay.overlayfs\n" >> ${ISO_NAME}.ipxe
RUN printf "initrd ${RELEASE_URL}/${VERSION}/${ISO_NAME}-initrd\n" >> ${ISO_NAME}.ipxe
RUN printf "boot\n" >> ${ISO_NAME}.ipxe

SAVE ARTIFACT /build/$ISO_NAME.squashfs squashfs AS LOCAL build/$ISO_NAME.squashfs
SAVE ARTIFACT /build/$ISO_NAME-kernel kernel AS LOCAL build/$ISO_NAME-kernel
Expand Down
78 changes: 40 additions & 38 deletions examples/byoi/fedora-fips/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,35 +1,17 @@
ARG BASE_IMAGE=fedora:36
FROM $BASE_IMAGE as base

# Generate os-release file
FROM quay.io/kairos/osbuilder-tools:latest as osbuilder
RUN zypper install -y gettext && zypper clean
RUN mkdir /workspace
COPY --from=base /etc/os-release /workspace/os-release
# You should change the following values according to your own versioning and other details
RUN OS_NAME=kairos-core-fedora-fips \
OS_VERSION=v9.9.9 \
OS_ID="kairos" \
OS_NAME=kairos-fedora-fips \
BUG_REPORT_URL="https://github.com/YOUR_ORG/YOUR_PROJECT/issues" \
HOME_URL="https://github.com/YOUR_ORG/YOUR_PROJECT" \
OS_REPO="quay.io/YOUR_ORG/fedora-fips" \
OS_LABEL="latest" \
GITHUB_REPO="YOUR_ORG/YOUR_PROJECT" \
VARIANT="fips" \
FLAVOR="fedora" \
/update-os-release.sh

FROM base

FROM $BASE_IMAGE AS base
ARG TARGETARCH
RUN echo "install_weak_deps=False" >> /etc/dnf/dnf.conf

RUN dnf install -y \
audit \
coreutils \
cloud-utils-growpart \
curl \
device-mapper \
dosfstools \
dhcp-client \
dracut \
dracut-live \
dracut-network \
Expand Down Expand Up @@ -64,28 +46,45 @@ RUN dnf install -y \
which \
&& dnf clean all

RUN mkdir -p /run/lock && \
touch /usr/libexec/.keep && \
systemctl enable [email protected] && \
systemctl enable [email protected] && \
systemctl enable [email protected] && \
systemctl enable systemd-networkd && \
systemctl enable systemd-resolved && \
systemctl enable sshd
RUN mkdir -p /run/lock
RUN touch /usr/libexec/.keep
RUN systemctl enable [email protected]
RUN systemctl enable [email protected]
RUN systemctl enable [email protected]
RUN systemctl enable systemd-networkd
RUN systemctl enable systemd-resolved
RUN systemctl disable dnf-makecache.service
RUN systemctl disable dnf-makecache.timer
RUN systemctl enable sshd


COPY --from=quay.io/kairos/framework:latest-fips / /

# Copy the os-release file to identify the OS
COPY --from=osbuilder /workspace/os-release /etc/os-release
# This is the version of your image
ENV RELEASE=v9.9.9
# This is the version of the upstream image
ENV FLAVOR_RELEASE=36
# This is the remote repository where you push your images to. It will be used for upgrades and such to search for latest releases
ENV REGISTRY_AND_ORG="quay.io/YOUR_ORG/fedora-fips"
# This is the model for which the os was built, i.e. rpi4, rpi3 or generic for x86/arm64
ENV MODEL="generic"
# This is the variant of the image, i.e. fips, core, standard
ENV VARIANT="fips"
# Flavor being used, i.e. fedora, ubuntu, alpine
ENV FLAVOR="fedora"
# Family being used, i.e. debian, rhel, arch, suse
ENV FAMILY="rhel"
# This is the architecture of the image, i.e. x86_64, arm64. Gets autofilled by docker
ENV TARGETARCH=$TARGETARCH

COPY --from=quay.io/kairos/framework:master_fips-systemd / /
# Create the kairos-release file to identify the OS
RUN kairos-agent --debug versioneer os-release-variables > /etc/kairos-release

# Copy the custom dracut config file
COPY dracut.conf /etc/dracut.conf.d/kairos-fips.conf

# Activate Kairos services
RUN systemctl enable cos-setup-reconcile.timer && \
systemctl enable cos-setup-fs.service && \
systemctl enable cos-setup-boot.service && \
systemctl enable cos-setup-network.service
# Empty the /etc/machine-id file
RUN printf "" > /etc/machine-id || true

## Generate initrd
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
Expand All @@ -98,4 +97,7 @@ RUN kernel=$(ls /lib/modules | head -n1) && \
# Symlink kernel HMAC
RUN kernel=$(ls /boot/vmlinuz-* | head -n1) && ln -sf ."${kernel#/boot/}".hmac /boot/.vmlinuz.hmac

# Cleanup
RUN rm -rf /boot/initramfs-*
RUN rm /var/lib/dbus/machine-id || true
RUN rm /etc/hostname || true
31 changes: 29 additions & 2 deletions examples/byoi/fedora/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,19 +1,21 @@
ARG BASE_IMAGE=fedora:36

FROM $BASE_IMAGE

ARG TARGETARCH
RUN echo "install_weak_deps=False" >> /etc/dnf/dnf.conf

RUN dnf install -y \
audit \
coreutils \
curl \
cloud-utils-growpart \
device-mapper \
dosfstools \
dracut \
dracut-live \
dracut-network \
dracut-squash \
dhcp-client \
e2fsprogs \
efibootmgr \
gawk \
Expand Down Expand Up @@ -46,7 +48,28 @@ RUN dnf install -y \
RUN mkdir -p /run/lock
RUN touch /usr/libexec/.keep

COPY --from=quay.io/kairos/framework:master_fedora / /
COPY --from=quay.io/kairos/framework:latest / /
# This is the version of your image
ENV RELEASE=v9.9.9
# This is the version of the upstream image
ENV FLAVOR_RELEASE=focal
# This is the remote repository where you push your images to. It will be used for upgrades and such to search for latest releases
ENV REGISTRY_AND_ORG="quay.io/YOUR_ORG/ubuntu-fips"
# This is the model for which the os was built, i.e. rpi4, rpi3 or generic for x86/arm64
ENV MODEL="generic"
# This is the variant of the image, i.e. fips, core, standard
ENV VARIANT="fips"
# Flavor being used, i.e. fedora, ubuntu, alpine
ENV FLAVOR="ubuntu"
# Family being used, i.e. debian, rhel, arch, suse
ENV FAMILY="debian"
# This is the architecture of the image, i.e. x86_64, arm64. Gets autofilled by docker
ENV TARGETARCH=$TARGETARCH

# Create the kairos-release file to identify the OS
RUN kairos-agent --debug versioneer os-release-variables > /etc/kairos-release
# Empty the /etc/machine-id file
RUN printf "" > /etc/machine-id || true

# Activate Kairos services
RUN systemctl enable cos-setup-reconcile.timer && \
Expand All @@ -61,4 +84,8 @@ RUN kernel=$(ls /boot/vmlinuz-* | head -n1) && \
RUN kernel=$(ls /lib/modules | head -n1) && \
dracut -v -N -f "/boot/initrd-${kernel}" "${kernel}" && \
ln -sf "initrd-${kernel}" /boot/initrd && depmod -a "${kernel}"

# Cleanup
RUN rm -rf /boot/initramfs-*
RUN rm /var/lib/dbus/machine-id || true
RUN rm /etc/hostname || true
61 changes: 32 additions & 29 deletions examples/byoi/rockylinux-fips/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,39 +1,22 @@
ARG BASE_IMAGE=rockylinux:9
FROM $BASE_IMAGE as base

# Generate os-release file
FROM quay.io/kairos/osbuilder-tools:latest as osbuilder
RUN zypper install -y gettext && zypper clean
RUN mkdir /workspace
COPY --from=base /etc/os-release /workspace/os-release
# You should change the following values according to your own versioning and other details
RUN OS_NAME=kairos-core-rockylinux-fips \
OS_VERSION=v9.9.9 \
OS_ID="kairos" \
OS_NAME=kairos-rockylinux-fips \
BUG_REPORT_URL="https://github.com/YOUR_ORG/YOUR_PROJECT/issues" \
HOME_URL="https://github.com/YOUR_ORG/YOUR_PROJECT" \
OS_REPO="quay.io/YOUR_ORG/rockylinux-fips" \
OS_LABEL="latest" \
GITHUB_REPO="YOUR_ORG/YOUR_PROJECT" \
VARIANT="fips" \
FLAVOR="rockylinux" \
/update-os-release.sh

FROM base
FROM $BASE_IMAGE AS base
ARG TARGETARCH
RUN echo "install_weak_deps=False" >> /etc/dnf/dnf.conf

RUN dnf install -y epel-release && dnf clean all
RUN dnf update -y
RUN dnf makecache
RUN dnf install -y \
audit \
cloud-utils-growpart \
device-mapper \
dosfstools \
dracut \
dracut-live \
dracut-network \
dracut-squash \
dhcp-client \
e2fsprogs \
efibootmgr \
epel-release \
Expand All @@ -42,6 +25,7 @@ RUN dnf install -y \
grub2-efi-x64 \
grub2-efi-x64-modules \
grub2-pc \
gdisk \
kernel \
kernel-modules \
kernel-modules-extra \
Expand Down Expand Up @@ -75,19 +59,34 @@ RUN systemctl enable systemd-resolved
RUN systemctl disable dnf-makecache.service
RUN systemctl enable sshd

# Copy the os-release file to identify the OS
COPY --from=osbuilder /workspace/os-release /etc/os-release
COPY --from=quay.io/kairos/framework:latest-fips / /

# This is the version of your image
ENV RELEASE=v9.9.9
# This is the version of the upstream image
ENV FLAVOR_RELEASE=9
# This is the remote repository where you push your images to. It will be used for upgrades and such to search for latest releases
ENV REGISTRY_AND_ORG="quay.io/YOUR_ORG/rockylinux-fips"
# This is the model for which the os was built, i.e. rpi4, rpi3 or generic for x86/arm64
ENV MODEL="generic"
# This is the variant of the image, i.e. fips, core, standard
ENV VARIANT="fips"
# Flavor being used, i.e. fedora, ubuntu, alpine
ENV FLAVOR="rockylinux"
# Family being used, i.e. debian, rhel, arch, suse
ENV FAMILY="rhel"
# This is the architecture of the image, i.e. x86_64, arm64. Gets autofilled by docker
ENV TARGETARCH=$TARGETARCH

COPY --from=quay.io/kairos/framework:master_fips-systemd / /
# Create the kairos-release file to identify the OS
RUN kairos-agent --debug versioneer os-release-variables > /etc/kairos-release

# Copy the custom dracut config file
COPY dracut.conf /etc/dracut.conf.d/kairos-fips.conf

# Activate Kairos services
RUN systemctl enable cos-setup-reconcile.timer && \
systemctl enable cos-setup-fs.service && \
systemctl enable cos-setup-boot.service && \
systemctl enable cos-setup-network.service
# Empty the /etc/machine-id file
RUN printf "" > /etc/machine-id || true


## Generate initrd
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
Expand All @@ -100,4 +99,8 @@ RUN kernel=$(ls /lib/modules | head -n1) && \
# Symlink kernel HMAC
RUN kernel=$(ls /boot/vmlinuz-* | head -n1) && ln -sf ."${kernel#/boot/}".hmac /boot/.vmlinuz.hmac

# Cleanup
RUN rm -rf /boot/initramfs-*
RUN rm /var/lib/dbus/machine-id || true
RUN rm /etc/hostname || true

71 changes: 29 additions & 42 deletions examples/byoi/ubuntu-fips/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,32 +1,6 @@

# Kairos framework packages for ubuntu fips
FROM quay.io/kairos/framework:master_fips-systemd as kairos-fips

# Base ubuntu image (focal)
FROM ubuntu:focal as base

# Generate os-release file
FROM quay.io/kairos/osbuilder-tools:latest as osbuilder
RUN zypper install -y gettext && zypper clean
RUN mkdir /workspace
COPY --from=base /etc/os-release /workspace/os-release
# You should change the following values according to your own versioning and other details
RUN OS_NAME=kairos-core-ubuntu-fips \
OS_VERSION=v9.9.9 \
OS_ID="kairos" \
OS_NAME=kairos-ubuntu-fips \
BUG_REPORT_URL="https://github.com/YOUR_ORG/YOUR_PROJECT/issues" \
HOME_URL="https://github.com/YOUR_ORG/YOUR_PROJECT" \
OS_REPO="quay.io/YOUR_ORG/ubuntu-fips" \
OS_LABEL="latest" \
GITHUB_REPO="YOUR_ORG/YOUR_PROJECT" \
VARIANT="fips" \
FLAVOR="ubuntu" \
/update-os-release.sh

# Build the custom ubuntu image
FROM base

FROM ubuntu:24.04 AS base
ARG TARGETARCH
# Don't get asked while running apt commands
ENV DEBIAN_FRONTEND=noninteractive

Expand Down Expand Up @@ -118,21 +92,31 @@ RUN apt-get install -y --no-install-recommends \
&& rm -rf /var/lib/apt/lists/*

# Copy the Kairos framework files. We use master builds here for fedora. See https://quay.io/repository/kairos/framework?tab=tags for a list
COPY --from=kairos-fips / /
# Copy the os-release file to identify the OS
COPY --from=osbuilder /workspace/os-release /etc/os-release

# Activate Kairos services
RUN systemctl enable cos-setup-reconcile.timer && \
systemctl enable cos-setup-fs.service && \
systemctl enable cos-setup-boot.service && \
systemctl enable cos-setup-network.service
COPY --from=quay.io/kairos/framework:latest-fips / /

# This is the version of your image
ENV RELEASE=v9.9.9
# This is the version of the upstream image
ENV FLAVOR_RELEASE=24.04
# This is the remote repository where you push your images to. It will be used for upgrades and such to search for latest releases
ENV REGISTRY_AND_ORG="quay.io/YOUR_ORG/ubuntu-fips"
# This is the model for which the os was built, i.e. rpi4, rpi3 or generic for x86/arm64
ENV MODEL="generic"
# This is the variant of the image, i.e. fips, core, standard
ENV VARIANT="fips"
# Flavor being used, i.e. fedora, ubuntu, alpine
ENV FLAVOR="ubuntu"
# Family being used, i.e. debian, rhel, arch, suse
ENV FAMILY="debian"
# This is the architecture of the image, i.e. x86_64, arm64. Gets autofilled by docker
ENV TARGETARCH=$TARGETARCH

# Create the kairos-release file to identify the OS
RUN kairos-agent --debug versioneer os-release-variables > /etc/kairos-release
# Empty the /etc/machine-id file
RUN printf "" > /etc/machine-id || true

## Configuration
## Took from: https://github.com/kairos-io/kairos/blob/master/images/Dockerfile.ubuntu-20-lts
# workaround https://github.com/kairos-io/kairos/issues/949
COPY dracut-broken-iscsi-ubuntu-20.patch /
RUN cd /usr/lib/dracut/modules.d/95iscsi && patch < /dracut-broken-iscsi-ubuntu-20.patch && rm -rf /dracut-broken-iscsi-ubuntu-20.patch

COPY dracut.conf /etc/dracut.conf.d/kairos-fips.conf
# CLEANUP
Expand All @@ -158,5 +142,8 @@ RUN chown root:root /usr/bin/sudo && chmod 4755 /usr/bin/sudo
# Symlink kernel HMAC
RUN kernel=$(ls /boot/vmlinuz-* | head -n1) && ln -sf ."${kernel#/boot/}".hmac /boot/.vmlinuz.hmac

# Clear cache
# Cleanup
RUN rm -rf /var/cache/* && journalctl --vacuum-size=1K && rm /etc/machine-id && rm /var/lib/dbus/machine-id && rm /etc/hostname
RUN rm -rf /boot/initramfs-*
RUN rm /var/lib/dbus/machine-id || true
RUN rm /etc/hostname || true
Loading

0 comments on commit 6bb41bc

Please sign in to comment.