feat: allows setting EUS repos with a flag (#1133)

* feat: allows setting EUS repos with a flag * fix: linting * fix: sets permissions for generated files * fix: remove kernel heades pinning * fix: sets permissions in the right place * fix: adds correct kernel headers and devel packages * fix: sets EUS_REPOS to an empty string if not set by env * fix: disable baseos repos when EUS is set * fix: adds comment explaining disable lines * fix: suggestions from code review * ci: fetch kernel headers only for GPU tests (#1136) * ci: fetch kernel headers only for GPU tests * fix: adds no lint
mesosphere · Aug 6, 2024 · a54f9a0 · a54f9a0
1 parent 823a1c6
commit a54f9a0
Show file tree

Hide file tree

Showing 6 changed files with 113 additions and 38 deletions.
diff --git a/bundles/redhat8.6/bundle.sh.gotmpl b/bundles/redhat8.6/bundle.sh.gotmpl
@@ -45,25 +45,42 @@ subscription::defer_unregister() {
 subscription-manager release --set=8.6
 subscription-manager refresh
 subscription::defer_unregister
-subscription-manager repos --enable rhel-8-for-x86_64-baseos-eus-rpms
-subscription-manager repos --enable codeready-builder-for-rhel-8-x86_64-rpms
-subscription-manager repos --enable rhel-8-for-x86_64-appstream-rpms
+
+ENABLED_REPOS="kubernetes,codeready-builder-for-rhel-8-x86_64-rpms,rhel-8-for-x86_64-appstream-rpms,rhel-8-for-x86_64-baseos-rpms"
+EUS_REPOS=${EUS_REPOS:-""}
+if [[ -n "${EUS_REPOS}" ]]; then
+  #disables the standard repositories which should not be enabled when using EUS
+  subscription-manager repos --disable=rhel-8-for-x86_64-baseos-rpms --disable=rhel-8-for-x86_64-appstream-rpms
+  subscription-manager repos --enable rhel-8-for-x86_64-baseos-eus-rpms
+  subscription-manager repos --enable rhel-8-for-x86_64-appstream-eus-rpms
+  subscription-manager repos --enable codeready-builder-for-rhel-8-x86_64-eus-rpms
+  ENABLED_REPOS="kubernetes,codeready-builder-for-rhel-8-x86_64-eus-rpms,rhel-8-for-x86_64-appstream-eus-rpms,rhel-8-for-x86_64-baseos-eus-rpms"
+else
+  subscription-manager repos --enable codeready-builder-for-rhel-8-x86_64-rpms
+  subscription-manager repos --enable rhel-8-for-x86_64-appstream-rpms
+  subscription-manager repos --enable rhel-8-for-x86_64-baseos-rpms
+fi
+
 yum -y install gettext yum-utils createrepo dnf-utils modulemd-tools
 yum clean all
 TMP_DIR="$(mktemp -d repodata-XXXX)"
+chmod 777 -R "${TMP_DIR}"
 cp packages.txt "${TMP_DIR}"
 pushd "${TMP_DIR}"
 #shellcheck disable=SC2046,SC2062,SC2063,SC2035
 repoquery --archlist=x86_64,noarch --resolve --requires --recursive  $(< packages.txt) | grep -v *.i686  >> reqs.txt
 sed -i 1d reqs.txt # we need to get rid of the first line
 #shellcheck disable=SC2046
-yumdownloader --archlist=x86_64,noarch --setopt=skip_missing_names_on_install=False -x \*i686 $(< reqs.txt)
+yumdownloader --archlist=x86_64,noarch \
+  --setopt=skip_missing_names_on_install=False -x \*i686 $(< reqs.txt)
 #shellcheck disable=SC2046
-yumdownloader --setopt=skip_missing_names_on_install=False -x \*i686 --archlist=x86_64,noarch --resolve --disablerepo=*  --enablerepo=kubernetes,rhel-8-for-x86_64-baseos-eus-rpms,codeready-builder-for-rhel-8-x86_64-rpms,rhel-8-for-x86_64-appstream-rpms $(< packages.txt)
+yumdownloader --setopt=skip_missing_names_on_install=False -x \*i686 --archlist=x86_64,noarch \
+  --resolve --disablerepo=* --enablerepo="${ENABLED_REPOS}" \
+  $(< packages.txt)
+
 rm packages.txt reqs.txt
 curl https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm -o amazon-ssm-agent.rpm
 createrepo -v .
-chown -R 1000:1000 repodata/
 repo2module . --module-name offline
 createrepo_mod .
 #shellcheck disable=SC1083,SC2035

diff --git a/bundles/redhat8.6/packages.txt.gotmpl b/bundles/redhat8.6/packages.txt.gotmpl
@@ -31,7 +31,9 @@ elfutils-libelf-devel
 libseccomp
 nfs-utils
 iproute-tc
-kernel-headers-4.18.0-372.103.1.el8_6
-kernel-devel-4.18.0-372.103.1.el8_6
 glibc-all-langpacks-2.28
 glibc-devel-2.28
+{{ if .FetchKernelHeaders -}}
+kernel-headers-4.18.0-372.103.1.el8_6
+kernel-devel-4.18.0-372.103.1.el8_6
+{{- end }}
diff --git a/bundles/redhat8.8/bundle.sh.gotmpl b/bundles/redhat8.8/bundle.sh.gotmpl
@@ -45,18 +45,26 @@ subscription::defer_unregister() {
 subscription-manager release --set=8.8
 subscription-manager refresh
 subscription::defer_unregister
-subscription-manager repos --enable codeready-builder-for-rhel-8-x86_64-rpms
-subscription-manager repos --enable rhel-8-for-x86_64-appstream-rpms
-subscription-manager repos --enable rhel-8-for-x86_64-baseos-rpms
 
-# EUS rpms used to fetch kernel-headers for redhat 8.8
-# if you don't need kernel headers package for NVIDIA Gpu support, remove this line.
-# and remove kernel-headers-4.18.0-477.58.1.el8_8 from packages.txt.gotmpl
-subscription-manager repos --enable rhel-8-for-x86_64-baseos-eus-rpms
+ENABLED_REPOS="kubernetes,codeready-builder-for-rhel-8-x86_64-rpms,rhel-8-for-x86_64-appstream-rpms,rhel-8-for-x86_64-baseos-rpms"
+EUS_REPOS=${EUS_REPOS:-""}
+if [[ -n "${EUS_REPOS}" ]]; then
+  #disables the standard repositories which should not be enabled when using EUS
+  subscription-manager repos --disable=rhel-8-for-x86_64-baseos-rpms --disable=rhel-8-for-x86_64-appstream-rpms
+  subscription-manager repos --enable rhel-8-for-x86_64-baseos-eus-rpms
+  subscription-manager repos --enable rhel-8-for-x86_64-appstream-eus-rpms
+  subscription-manager repos --enable codeready-builder-for-rhel-8-x86_64-eus-rpms
+  ENABLED_REPOS="kubernetes,codeready-builder-for-rhel-8-x86_64-eus-rpms,rhel-8-for-x86_64-appstream-eus-rpms,rhel-8-for-x86_64-baseos-eus-rpms"
+else
+  subscription-manager repos --enable codeready-builder-for-rhel-8-x86_64-rpms
+  subscription-manager repos --enable rhel-8-for-x86_64-appstream-rpms
+  subscription-manager repos --enable rhel-8-for-x86_64-baseos-rpms
+fi
 
 yum -y install gettext yum-utils createrepo dnf-utils modulemd-tools
 yum clean all
 TMP_DIR="$(mktemp -d repodata-XXXX)"
+chmod 777 -R "${TMP_DIR}"
 cp packages.txt "${TMP_DIR}"
 pushd "${TMP_DIR}"
 #shellcheck disable=SC2046,SC2062,SC2063,SC2035
@@ -67,13 +75,12 @@ yumdownloader --archlist=x86_64,noarch \
   --setopt=skip_missing_names_on_install=False -x \*i686 $(< reqs.txt)
 #shellcheck disable=SC2046
 yumdownloader --setopt=skip_missing_names_on_install=False -x \*i686 --archlist=x86_64,noarch \
-  --resolve --disablerepo=* --enablerepo="kubernetes,codeready-builder-for-rhel-8-x86_64-rpms,rhel-8-for-x86_64-appstream-rpms,rhel-8-for-x86_64-baseos-rpms,rhel-8-for-x86_64-baseos-eus-rpms" \
+  --resolve --disablerepo=* --enablerepo="${ENABLED_REPOS}" \
   $(< packages.txt)
 
 rm packages.txt reqs.txt
 curl https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm -o amazon-ssm-agent.rpm
 createrepo -v .
-chown -R 1000:1000 repodata/
 repo2module . --module-name offline
 createrepo_mod .
 #shellcheck disable=SC1083,SC2035

diff --git a/bundles/redhat8.8/packages.txt.gotmpl b/bundles/redhat8.8/packages.txt.gotmpl
@@ -31,8 +31,10 @@ make
 libseccomp
 nfs-utils
 iproute-tc
-kernel-headers-4.18.0-477.58.1.el8_8
-kernel-devel-4.18.0-477.58.1.el8_8
 gssproxy
 libverto-module-base
 libverto
+{{ if .FetchKernelHeaders -}}
+kernel-headers-4.18.0-477.58.1.el8_8
+kernel-devel-4.18.0-477.58.1.el8_8
+{{- end }}
diff --git a/cmd/konvoy-image-wrapper/cmd/create-package-bundle.go b/cmd/konvoy-image-wrapper/cmd/create-package-bundle.go
@@ -79,18 +79,55 @@ func (r *Runner) CreatePackageBundle(args []string) error {
 		osFlag                string
 		kubernetesVersionFlag string
 		fipsFlag              bool
+		eusReposFlag          bool
 		outputDirectoy        string
 		containerImage        string
+		fetchKernelHeaders    bool
 	)
 	flagSet := flag.NewFlagSet(createPackageBundleCmd, flag.ExitOnError)
-	flagSet.StringVar(&osFlag, "os", "",
-		fmt.Sprintf("The target OS you wish to create a package bundle for. Must be one of %v", getKeys(osToConfig)))
-	flagSet.StringVar(&kubernetesVersionFlag, "kubernetes-version", "",
-		"The version of kubernetes to download packages for.")
-	flagSet.BoolVar(&fipsFlag, "fips", false, "If the package bundle should include fips packages.")
-	flagSet.StringVar(&outputDirectoy, "output-directory", "artifacts",
-		"The directory to place the bundle in.")
-	flagSet.StringVar(&containerImage, "container-image", "", "A container image to use for building the package bundles")
+	flagSet.StringVar(
+		&osFlag,
+		"os",
+		"",
+		fmt.Sprintf("The target OS you wish to create a package bundle for. Must be one of %v", getKeys(osToConfig)),
+	)
+	flagSet.StringVar(
+		&kubernetesVersionFlag,
+		"kubernetes-version",
+		"",
+		"The version of kubernetes to download packages for.",
+	)
+	flagSet.BoolVar(
+		&fipsFlag,
+		"fips",
+		false,
+		"If the package bundle should include fips packages.",
+	)
+	flagSet.BoolVar(
+		&eusReposFlag,
+		"enable-eus-repos",
+		false,
+		"If enabled fetches packages from EUS repositories when creating RHEL package bundles. Disabled by default.",
+	)
+	flagSet.StringVar(
+		&outputDirectoy,
+		"output-directory",
+		"artifacts",
+		"The directory to place the bundle in.",
+	)
+	flagSet.StringVar(
+		&containerImage,
+		"container-image",
+		"",
+		"A container image to use for building the package bundles",
+	)
+	flagSet.BoolVar(
+		&fetchKernelHeaders,
+		"fetch-kernel-headers",
+		false,
+		//nolint:lll // its ok to have long help texts
+		"If enabled fetches kernel headers for the target operating system. To modify the version, edit the file at bundles/{OS_NAME}{VERSION}/packages.txt.gotmpl directly eg: bundles/redhat8.8/packages.txt.gotmpl. This is required for operating systems that will use NVIDIA GPU drivers.",
+	)
 	err := flagSet.Parse(args)
 	if err != nil {
 		return err
@@ -112,13 +149,16 @@ func (r *Runner) CreatePackageBundle(args []string) error {
 			return err
 		}
 	}
+	if eusReposFlag {
+		r.env["EUS_REPOS"] = "true"
+	}
 	bundleCmd := "./bundle.sh"
 	absPathToOutput := outputDirectoy
 	if !path.IsAbs(outputDirectoy) {
 		dir := r.workingDir
 		absPathToOutput = path.Join(dir, outputDirectoy)
 	}
-	reposList, err := templateObjects(osFlag, kubernetesVersion, absPathToOutput, fipsFlag)
+	reposList, err := templateObjects(osFlag, kubernetesVersion, absPathToOutput, fipsFlag, fetchKernelHeaders)
 	if err != nil {
 		return err
 	}
@@ -133,7 +173,7 @@ func (r *Runner) CreatePackageBundle(args []string) error {
 }
 
 //nolint:gocyclo,funlen // the function is relatively clear
-func templateObjects(targetOS, kubernetesVersion, outputDir string, fips bool) ([]string, error) {
+func templateObjects(targetOS, kubernetesVersion, outputDir string, fips, fetchKernelHeaders bool) ([]string, error) {
 	config, found := osToConfig[targetOS]
 	if !found {
 		return nil, fmt.Errorf("buildOS %s is invalid must be one of %v", targetOS, getKeys(osToConfig))
@@ -147,7 +187,7 @@ func templateObjects(targetOS, kubernetesVersion, outputDir string, fips bool) (
 	configDirFS := os.DirFS(base)
 	l := make([]string, 0)
 	generated := path.Join(base, generatedDirName)
-	if err = os.MkdirAll(generated, 0o755); err != nil {
+	if err = os.MkdirAll(generated, 0o777); err != nil {
 		return l, err
 	}
 
@@ -228,9 +268,11 @@ func templateObjects(targetOS, kubernetesVersion, outputDir string, fips bool) (
 				return fmt.Errorf("failed to create file: %w", err)
 			}
 			templateInput := struct {
-				KubernetesVersion string
+				KubernetesVersion  string
+				FetchKernelHeaders bool
 			}{
-				KubernetesVersion: kubernetesVersion,
+				KubernetesVersion:  kubernetesVersion,
+				FetchKernelHeaders: fetchKernelHeaders,
 			}
 			err = t.Execute(out, templateInput)
 			if err != nil {

diff --git a/magefile.go b/magefile.go
@@ -43,9 +43,6 @@ var (
 	rhck          = "rhck"
 
 	validOS = []string{
-		"centos 7.9",
-		"redhat 7.9",
-		"redhat 8.4",
 		"redhat 8.6",
 		"redhat 8.8",
 		"sles 15",
@@ -391,18 +388,19 @@ func downloadAirgappedArtifacts(buildOS, buildConfig string) error {
 	if err := fetchPipPackages(artifactsDir); err != nil {
 		return fmt.Errorf("failed to fetch pip packages %w", err)
 	}
-	if buildConfig == offlineNvidia {
+	isGPU := buildConfig == offlineNvidia
+	if isGPU {
 		if err := fetchNvidiaRunFile(); err != nil {
 			return fmt.Errorf("failed to fetch nvidiaRunFile %w", err)
 		}
 	}
-	if err := createOSBundle(buildOS, kubeVersion, artifactsDir, isFips); err != nil {
+	if err := createOSBundle(buildOS, kubeVersion, artifactsDir, isFips, isGPU); err != nil {
 		return fmt.Errorf("failed to fetch OS bundle %w", err)
 	}
 	return nil
 }
 
-func createOSBundle(osName, kubernetesVersion, downloadDir string, fips bool) error {
+func createOSBundle(osName, kubernetesVersion, downloadDir string, fips, gpu bool) error {
 	osInfo := strings.Replace(osName, " ", "-", 1)
 	args := []string{
 		"create-package-bundle", fmt.Sprintf("--os=%s", osInfo),
@@ -411,6 +409,13 @@ func createOSBundle(osName, kubernetesVersion, downloadDir string, fips bool) er
 	if fips {
 		args = append(args, "--fips=true")
 	}
+	if osName == "redhat 8.8" || osName == "redhat 8.6" {
+		args = append(args, "--enable-eus-repos=true")
+
+	}
+	if gpu {
+		args = append(args, "--fetch-kernel-headers=true")
+	}
 	return sh.RunV(wrapperCmd, args...)
 }