-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: osbuild: add support for qemu-secex localbuild #3764
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't feel qualified to comment on the osbuild part, though i looked over it and i did not find anything that looked wrong to me.
One question, how is the naming scheme of the patch files, since normally i would expect the numbers to show the order they need to be applied in and for them to unique? But here is see 0001
is used twice?
src/cmd-buildextend-metal
Outdated
elif [[ -f "${hostkey}" ]]; then | ||
OSBUILD_SUPPORTED=1 | ||
osbuild_mpp_config="coreos.osbuild.s390x.secex.mpp.yaml" | ||
osbuild_extra_args+=("--pubkey" "${ignition_pubkey}") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not that knowledgeable about how osbuild works and is implemented, but shouldn't the hostkey also be added here somewhere? Otherwise how does it know where the hostkey is for signing later?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you're right. It looks like the template is assuming it's at /srv/secex-hostkey
?
they are written to stdout using |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Before going further, should we think about how we'll tackle the prod case since it's very different from the local build case?
@@ -0,0 +1,115 @@ | |||
# This file defines the artifact to be used for the qemu platform. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs updating.
src/runvm-osbuild
Outdated
@@ -11,6 +11,7 @@ Options: | |||
--help: show this help | |||
--mpp: the path to the OSBuild mpp.yaml file | |||
--filepath: where to write the created image file | |||
--pubkey: where to write the created Ignition GPG public key |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Feels like this should be more specific, e.g. --secex-ign-pubkey
.
src/cmd-buildextend-metal
Outdated
elif [[ -f "${hostkey}" ]]; then | ||
OSBUILD_SUPPORTED=1 | ||
osbuild_mpp_config="coreos.osbuild.s390x.secex.mpp.yaml" | ||
osbuild_extra_args+=("--pubkey" "${ignition_pubkey}") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you're right. It looks like the template is assuming it's at /srv/secex-hostkey
?
cloud_image_size_mb: $cloud_image_size_mb | ||
bios_boot_size_mb: 1 | ||
ppc_prep_size_mb: 4 | ||
reserved_part_size_mb: 1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not used.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yep, i tried to make secex.mpp
and s390x.mpp
similar. But can drop those vars
…ion GPG public key
@nikita-dubrovskii: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Discussion also goes in: dustymabe/osbuild#22