forked from openshift/okd-machine-os
-
Notifications
You must be signed in to change notification settings - Fork 0
/
entrypoint.sh
executable file
·163 lines (145 loc) · 4.16 KB
/
entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
#!/bin/sh
set -exuo pipefail
REPOS=()
STREAM="next-devel"
REF="fedora/x86_64/coreos/${STREAM}"
# additional RPMs to install via os-extensions
EXTENSION_RPMS=(
NetworkManager-ovs
checkpolicy
dpdk
gdbm-libs
glusterfs
glusterfs-client-xlators
glusterfs-fuse
kernel-devel
kernel-headers
libdrm
libgfrpc0
libgfxdr0
libglusterfs0
libmspack
libpciaccess
libqb
libtool-ltdl
libxcrypt-compat
libxslt
open-vm-tools
openvswitch
perl-Carp
perl-Errno
perl-Exporter
perl-NDBM_File
perl-PathTools
perl-Scalar-List-Utils
perl-constant
perl-interpreter
perl-libs
perl-macros
policycoreutils-python-utils
protobuf
python-pip-wheel
python-setuptools-wheel
python-unversioned-command
python3
python3-audit
python3-libs
python3-libselinux
python3-libsemanage
python3-pip
python3-policycoreutils
python3-setools
python3-setuptools
qemu-guest-agent
unbound-libs
usbguard
usbguard-selinux
xmlsec1
xmlsec1-openssl
)
BOOTSTRAP_RPMS=(
libdrm
libmspack
libpciaccess
libtool-ltdl
libxslt
open-vm-tools
xmlsec1
xmlsec1-openssl
)
CRIO_RPMS=(
cri-o
cri-tools
)
CRIO_VERSION="1.20"
# fetch binaries and configure working env, prow doesn't allow init containers or a second container
dir=/tmp/ostree
mkdir -p "${dir}"
export PATH=$PATH:/tmp/bin
export HOME=/tmp
# fetch jq binary
mkdir $HOME/bin
curl -L https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 2>/dev/null >/tmp/bin/jq
chmod ug+x $HOME/bin/jq
# fetch fcos release info and check whether we've already built this image
build_url="https://builds.coreos.fedoraproject.org/prod/streams/${STREAM}/builds"
curl "${build_url}/builds.json" 2>/dev/null >${dir}/builds.json
build_id="$( <"${dir}/builds.json" jq -r '.builds[0].id' )"
# build_id="33.20201209.10.0"
base_url="${build_url}/${build_id}/x86_64"
curl "${base_url}/meta.json" 2>/dev/null >${dir}/meta.json
tar_url="${base_url}/$( <${dir}/meta.json jq -r .images.ostree.path )"
commit_id="$( <${dir}/meta.json jq -r '."ostree-commit"' )"
# fetch existing machine-os-content
mkdir /srv/repo
curl -L "${tar_url}" | tar xf - -C /srv/repo/ --no-same-owner
# Remove all refs except ${REF} so that bootstrap pivot would not be confused
ostree --repo=/srv/repo refs | grep -v "${REF}" | xargs -n1 ostree --repo=/srv/repo refs --delete
# use repos from FCOS
rm -rf /etc/yum.repos.d
ostree --repo=/srv/repo checkout "${REF}" --subpath /usr/etc/yum.repos.d --user-mode /etc/yum.repos.d
dnf clean all
ostree --repo=/srv/repo cat "${REF}" /usr/lib/os-release > /tmp/os-release
source /tmp/os-release
# prepare a list of repos to download packages from
REPOLIST="--enablerepo=fedora --enablerepo=updates"
for i in "${!REPOS[@]}"; do
REPOLIST="${REPOLIST} --repofrompath=repo${i},${REPOS[$i]}"
done
# yumdownloader params
YUMD_PARAMS="--archlist=x86_64 --archlist=noarch --releasever=${VERSION_ID} ${REPOLIST}"
# build extension repo
mkdir /extensions
pushd /extensions
mkdir okd
yumdownloader ${YUMD_PARAMS} --destdir=/extensions/okd ${EXTENSION_RPMS[*]}
createrepo_c --no-database .
popd
# download RPMs required on bootstrap node
yumdownloader ${YUMD_PARAMS} --destdir=/tmp/rpms ${BOOTSTRAP_RPMS[*]}
# download CRI-O RPMs
dnf module enable -y --enablerepo=updates-testing-modular cri-o:${CRIO_VERSION}
yumdownloader ${YUMD_PARAMS} --destdir=/tmp/rpms --enablerepo=updates-testing-modular cri-o cri-tools
# inject MCD binary and cri-o, hyperkube, and bootstrap RPMs in the ostree commit
mkdir /tmp/working
pushd /tmp/working
for i in $(find /tmp/rpms/ -iname *.rpm); do
echo "Extracting $i ..."
rpm2cpio $i | cpio -div
done
# append additional configuration
cp -rvf /srv/overlay/* .
# move etc configuration to /usr/etc so that it would be merged by rpm-ostree
mv etc usr/
# add binaries (MCD) from /srv/addons
mkdir -p usr/bin usr/libexec
cp -rvf /srv/addons/* .
popd
# build new commit
coreos-assembler dev-overlay --repo /srv/repo --rev "${REF}" --add-tree /tmp/working --output-ref "${REF}"
ostree --repo=/srv/repo ls -X "${REF}" /usr/bin/kubelet > /tmp/working/label.txt
if ! grep -q ':bin_t:' /tmp/working/label.txt; then
echo "error: Invalid label on kubelet"
cat /tmp/working/label.txt
exit 1
fi