Merge pull request #4156 from ggiguash/add_sample_kickstart_files

openshift-merge-bot[bot] · web-flow · commit 2c18bc660dd9 · 2024-11-13T11:15:45.000Z
OCPBUGS-42864: Add sample kickstart files to microshift-release-info RPM and document usage
diff --git a/packaging/kickstart/README.md b/packaging/kickstart/README.md
@@ -0,0 +1,172 @@
+The kickstart template files in this directory can be used for installing
+a host running MicroShift.
+
+## Procedure Overview
+
+* Start by configuring the [Prerequisites](#prerequisites).
+* Depending on the desired installation type, follow the instructions from one of
+  the [RPM](#RPM), [Image Mode](#image-mode) or [OSTree](#OSTree) sections to
+  create a working kickstart file from a template.
+* Create a virtual machine using the kickstart file from the previous step as
+  described in [Create Virtual Machine](#create-virtual-machine)
+
+
+## Prepare Kickstart File
+
+### Prerequisites
+
+Install the `microshift-release-info` RPM package containing the sample kickstart
+files that are copied to the `/usr/share/microshift/kickstart` directory.
+
+```bash
+sudo dnf install -y microshift-release-info
+```
+
+Install the utilities used during the kickstart file creation.
+
+```bash
+sudo dnf install -y openssl gettext
+```
+
+Set variables pointing to secrets included in `kickstart.ks`.
+
+* `PULL_SECRET` file contents are copied to `/etc/crio/openshift-pull-secret`
+  at the post-install stage to authenticate OpenShift container registry access.
+* `USER_PASSWD` setting is used as an encrypted password for the `redhat` user
+  for logging into the host.
+
+Example commands setting the variables.
+
+```bash
+export PULL_SECRET="$(cat ~/.pull-secret.json)"
+# Only the encrypted password will be included in kickstart
+PASSWD_TEXT=<my_redhat_user_plain_text_password>
+export USER_PASSWD="$(openssl passwd -6 "${PASSWD_TEXT}")"
+```
+
+### RPM
+
+The following variables need to be added for creating an RPM kickstart file.
+The activation keys and organization ID can be obtained at the [Activation Keys](https://console.redhat.com/insights/connector/activation-keys) site.
+They will be used for activating the Red Hat subscription during the installation.
+
+> The subscription must include access to the `rhocp-4.x-for-rhel-9-$(uname -m)-rpms`
+> and `fast-datapath-for-rhel-9-$(uname -m)-rpms` RPM repositories.
+
+* `RHSM_ORG` contains an RHSM organization ID for the subscription registration
+  command in kickstart.
+* `RHSM_KEY` contains an RHSM activation key for the subscription registration
+  command in kickstart.
+* `MICROSHIFT_VER` references the MicroShift version to install using the `4.y`
+  format. Note that the latest available `.z` version will be installed.
+
+Example commands setting the variables.
+
+```bash
+export RHSM_ORG="$(cat ~/.rhsm-activation-org)"
+export RHSM_KEY="$(cat ~/.rhsm-activation-key)"
+export MICROSHIFT_VER=4.17
+```
+
+Run the following command to create the `kickstart.ks` file to be used during
+the virtual machine installation.
+
+```bash
+envsubst < \
+    /usr/share/microshift/kickstart/kickstart-rpm.ks.template > \
+    "${HOME}/kickstart.ks"
+```
+
+### Image Mode
+
+The following variables need to be added for creating an Image Mode kickstart file.
+
+* `BOOTC_IMAGE_URL` contains a reference to the image to be installed using the
+  [ostreecontainer](https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#ostreecontainer) kickstart command.
+* `AUTH_CONFIG` contents are copied to `/etc/ostree/auth.json` to authenticate
+  access to the `BOOTC_IMAGE_URL` image. If no registry authentication is required,
+  skip this setting.
+* `REGISTRY_CONFIG` contents are copied to `/etc/containers/registries.conf.d/999-microshift-registry.conf`
+  to configure access to the registry containing the `BOOTC_IMAGE_URL` image.
+  If no registry configuration is required, skip this setting.
+
+Example commands setting the variables.
+
+```bash
+export BOOTC_IMAGE_URL=quay.io/myorg/mypath/microshift-image:tag
+export AUTH_CONFIG="$(cat ~/.quay-auth.json)"
+export REGISTRY_CONFIG="$(cat ~/.quay-config.conf)"
+```
+
+Run the following command to create the `kickstart.ks` file to be used during
+the virtual machine installation.
+
+```bash
+envsubst < \
+    /usr/share/microshift/kickstart/kickstart-bootc.ks.template > \
+    "${HOME}/kickstart.ks"
+```
+
+### OSTree
+
+The following variables need to be added for creating an OSTree kickstart file.
+
+* `OSTREE_SERVER_URL` contains an OSTree server URL passed to the
+  [ostreesetup](https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#ostreesetup) kickstart command.
+* `OSTREE_COMMIT_REF` contains an OSTree commit reference to be installed from
+  the server.
+* `AUTH_CONFIG` contents are copied to `/etc/ostree/auth.json` at the pre-install
+  stage to authenticate access to the `OSTREE_SERVER_URL` server. If no server
+  authentication is required, skip this setting.
+
+Example commands setting the variables.
+
+```bash
+export OSTREE_SERVER_URL="<http://my_ostree_server_url>"
+export OSTREE_COMMIT_REF="myostree_commit_reference"
+export AUTH_CONFIG="$(cat ~/.ostree-auth.json)"
+```
+
+Run the following command to create the `kickstart.ks` file to be used during
+the virtual machine installation.
+
+```bash
+envsubst < \
+    /usr/share/microshift/kickstart/kickstart-ostree.ks.template > \
+    "${HOME}/kickstart.ks"
+```
+
+## Create Virtual Machine
+
+Download a RHEL boot ISO image from https://developers.redhat.com/products/rhel/download.
+Copy the downloaded file to the `/var/lib/libvirt/images` directory.
+
+Run the following commands to create a RHEL virtual machine with 2 cores, 2GB of
+RAM and 20GB of storage. The command uses the kickstart file prepared in the
+previous steps to install the RHEL operating system and MicroShift.
+
+```bash
+VMNAME=microshift-host
+NETNAME=default
+
+sudo virt-install \
+    --name ${VMNAME} \
+    --vcpus 2 \
+    --memory 2048 \
+    --disk path=/var/lib/libvirt/images/${VMNAME}.qcow2,size=20 \
+    --network network=${NETNAME},model=virtio \
+    --events on_reboot=restart \
+    --location /var/lib/libvirt/images/rhel-9.4-$(uname -m)-boot.iso \
+    --initrd-inject "${HOME}/kickstart.ks" \
+    --extra-args "inst.ks=file://kickstart.ks" \
+    --wait
+```
+
+Log into the virtual machine using the `redhat:<password>` credentials.
+Run the following command to verify that all the MicroShift pods are up and running
+without errors.
+
+```bash
+watch sudo oc get pods -A \
+    --kubeconfig /var/lib/microshift/resources/kubeadmin/kubeconfig
+```
diff --git a/packaging/kickstart/kickstart-bootc.ks.template b/packaging/kickstart/kickstart-bootc.ks.template
@@ -0,0 +1,71 @@
+lang en_US.UTF-8
+keyboard us
+timezone UTC
+text
+reboot
+
+# Partition the disk with hardware-specific boot and swap partitions, adding an
+# LVM volume that contains a 10GB+ system root. The remainder of the volume will
+# be used by the CSI driver for storing data.
+zerombr
+clearpart --all --initlabel
+
+# Create boot and swap partitions as required by the current hardware platform
+reqpart --add-boot
+
+# Add an LVM volume group and allocate a system root logical volume
+part pv.01 --grow
+volgroup rhel pv.01
+logvol / --vgname=rhel --fstype=xfs --size=10240 --name=root
+
+# Lock root user account
+rootpw --lock
+
+# Configure network to use DHCP and activate on boot
+network --bootproto=dhcp --device=link --activate --onboot=on
+
+%pre-install --log=/dev/console --erroronfail
+
+# Create a container registry authentication file
+mkdir -p /etc/ostree/
+cat > /etc/ostree/auth.json <<'EOF'
+${AUTH_CONFIG}
+EOF
+
+# Delete an empty file or set permissions
+if [ "$(wc -w < /etc/ostree/auth.json)" -eq 0 ] ; then
+    rm -f /etc/ostree/auth.json
+else
+    chmod 600 /etc/ostree/auth.json
+fi
+
+# Create a container registry configuration file
+mkdir -p /etc/containers/registries.conf.d/
+cat > /etc/containers/registries.conf.d/999-microshift-registry.conf <<'EOF'
+${REGISTRY_CONFIG}
+EOF
+
+# Delete an empty file or set permissions
+if [ "$(wc -w < /etc/containers/registries.conf.d/999-microshift-registry.conf)" -eq 0 ] ; then
+    rm -f /etc/containers/registries.conf.d/999-microshift-registry.conf
+else
+    chmod 644 /etc/containers/registries.conf.d/999-microshift-registry.conf
+fi
+
+%end
+
+# Pull a bootc image from a remote registry
+ostreecontainer --url ${BOOTC_IMAGE_URL}
+
+%post --log=/dev/console --erroronfail
+
+# Create 'redhat' user account
+useradd --password '${USER_PASSWD}' --groups wheel redhat
+
+# Create an OpenShift pull secret file
+cat > /etc/crio/openshift-pull-secret <<'EOF'
+${PULL_SECRET}
+EOF
+chmod 600 /etc/crio/openshift-pull-secret
+
+%end
diff --git a/packaging/kickstart/kickstart-ostree.ks.template b/packaging/kickstart/kickstart-ostree.ks.template
@@ -0,0 +1,58 @@
+lang en_US.UTF-8
+keyboard us
+timezone UTC
+text
+reboot
+
+# Partition the disk with hardware-specific boot and swap partitions, adding an
+# LVM volume that contains a 10GB+ system root. The remainder of the volume will
+# be used by the CSI driver for storing data.
+zerombr
+clearpart --all --initlabel
+
+# Create boot and swap partitions as required by the current hardware platform
+reqpart --add-boot
+
+# Add an LVM volume group and allocate a system root logical volume
+part pv.01 --grow
+volgroup rhel pv.01
+logvol / --vgname=rhel --fstype=xfs --size=10240 --name=root
+
+# Lock root user account
+rootpw --lock
+
+# Configure network to use DHCP and activate on boot
+network --bootproto=dhcp --device=link --activate --onboot=on
+
+%pre-install --log=/dev/console --erroronfail
+
+# Create an rpm-ostree authentication file
+mkdir -p /etc/ostree/
+cat > /etc/ostree/auth.json <<'EOF'
+${AUTH_CONFIG}
+EOF
+
+# Delete an empty file or set permissions
+if [ "$(wc -w < /etc/ostree/auth.json)" -eq 0 ] ; then
+    rm -f /etc/ostree/auth.json
+else
+    chmod 600 /etc/ostree/auth.json
+fi
+
+%end
+
+# Pull an rpm-ostree image from a remote server
+ostreesetup --osname=rhel --url=${OSTREE_SERVER_URL} --ref=${OSTREE_COMMIT_REF} --nogpg
+
+%post --log=/dev/console --erroronfail
+
+# Create 'redhat' user account
+useradd --password '${USER_PASSWD}' --groups wheel redhat
+
+# Create an OpenShift pull secret file
+cat > /etc/crio/openshift-pull-secret <<'EOF'
+${PULL_SECRET}
+EOF
+chmod 600 /etc/crio/openshift-pull-secret
+
+%end
diff --git a/packaging/kickstart/kickstart-rpm.ks.template b/packaging/kickstart/kickstart-rpm.ks.template
@@ -0,0 +1,56 @@
+lang en_US.UTF-8
+keyboard us
+timezone UTC
+text
+reboot
+
+# Partition the disk with hardware-specific boot and swap partitions, adding an
+# LVM volume that contains a 10GB+ system root. The remainder of the volume will
+# be used by the CSI driver for storing data.
+zerombr
+clearpart --all --initlabel
+
+# Create boot and swap partitions as required by the current hardware platform
+reqpart --add-boot
+
+# Add an LVM volume group and allocate a system root logical volume
+part pv.01 --grow
+volgroup rhel pv.01
+logvol / --vgname=rhel --fstype=xfs --size=10240 --name=root
+
+# Lock root user account
+rootpw --lock
+
+# Configure network to use DHCP and activate on boot
+network --bootproto=dhcp --device=link --activate --onboot=on
+
+# Register the host with RHSM
+rhsm --organization "${RHSM_ORG}" --activation-key "${RHSM_KEY}"
+
+# Minimal package setup
+%packages
+@^minimal-environment
+%end
+
+%post --log=/dev/console --erroronfail
+
+# Create 'redhat' user account
+useradd --password '${USER_PASSWD}' --groups wheel redhat
+
+# Install and configure MicroShift
+dnf install -y \
+    --enablerepo rhocp-${MICROSHIFT_VER}-for-rhel-9-$(uname -m)-rpms \
+    --enablerepo fast-datapath-for-rhel-9-$(uname -m)-rpms \
+    microshift-${MICROSHIFT_VER}\*
+
+systemctl enable microshift
+firewall-offline-cmd --zone=trusted --add-source=10.42.0.0/16
+firewall-offline-cmd --zone=trusted --add-source=169.254.169.1
+
+# Create an OpenShift pull secret file
+cat > /etc/crio/openshift-pull-secret <<'EOF'
+${PULL_SECRET}
+EOF
+chmod 600 /etc/crio/openshift-pull-secret
+
+%end
diff --git a/packaging/rpm/microshift.spec b/packaging/rpm/microshift.spec
@@ -322,6 +322,8 @@ mkdir -p -m755 %{buildroot}%{_datadir}/microshift/release
 install -p -m644 assets/release/release-{x86_64,aarch64}.json %{buildroot}%{_datadir}/microshift/release
 mkdir -p -m755 %{buildroot}%{_datadir}/microshift/blueprint
 install -p -m644 packaging/blueprint/blueprint*.toml %{buildroot}%{_datadir}/microshift/blueprint
+mkdir -p -m755 %{buildroot}%{_datadir}/microshift/kickstart
+install -p -m644 packaging/kickstart/kickstart*.ks.template %{buildroot}%{_datadir}/microshift/kickstart
 
 # spec validation files
 mkdir -p -m755 %{buildroot}%{_datadir}/microshift/spec
@@ -566,9 +568,11 @@ fi
 %dir %{_datadir}/microshift
 %dir %{_datadir}/microshift/release
 %dir %{_datadir}/microshift/blueprint
+%dir %{_datadir}/microshift/kickstart
 
 %{_datadir}/microshift/release/release-{x86_64,aarch64}.json
 %{_datadir}/microshift/blueprint/blueprint*.toml
+%{_datadir}/microshift/kickstart/kickstart*.ks.template
 
 %files selinux
 /var/lib/kubelet/pods
@@ -645,6 +649,9 @@ fi
 # Use Git command to generate the log and replace the VERSION string
 # LANG=C git log --date="format:%a %b %d %Y" --pretty="tformat:* %cd %an <%ae> VERSION%n- %s%n" packaging/rpm/microshift.spec
 %changelog
+* Sun Nov 10 2024 Gregory Giguashvili <ggiguash@redhat.com> 4.18.0
+- Add sample kickstart files to microshift-release-info RPM
+
 * Fri Oct 25 2024 Pablo Acevedo Montserrat <pacevedo@redhat.com> 4.18.0
 - USHIFT-4715: Add gateway-api-release-info rpm
 
