Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for arbitrary kickstart file injection into ISOs (HMS-3879) #631

Merged
merged 19 commits into from
May 16, 2024

Commits on May 13, 2024

  1. customizations: new subpackage: kickstart

    New package for internal kickstart customizations.
    Adds support for user kickstart file contents.  We will also use it to
    move other kickstart related options as a single struct across pipeline
    generation code.
    achilleas-k committed May 13, 2024
    Configuration menu
    Copy the full SHA
    92a6bab View commit details
    Browse the repository at this point in the history
  2. image: drop osname from the live installer

    The osname property is only relevant for ostree installers.
    achilleas-k committed May 13, 2024
    Configuration menu
    Copy the full SHA
    253e80c View commit details
    Browse the repository at this point in the history
  3. manifest: use kickstart.Options on AnacondaInstallerISOTree

    Remove all the kickstart-related properties from
    AnacondaInstallerISOTree and add the new kickstart.Options struct.
    Panic if it's not set and any of the stages require it, for example to
    set the path of the file when a kickstart file is required for the
    specific payload.
    
    This commit has no effect on generated manifests.
    achilleas-k committed May 13, 2024
    Configuration menu
    Copy the full SHA
    4b6b255 View commit details
    Browse the repository at this point in the history
  4. manifest: use kickstart.Options on AnacondaInstaller

    Remove the Users and Groups properties from AnacondaInstaller and add
    the new kickstart.Options struct. Name it InteractiveDefaultsKickstart
    to make it clear that it's not the same kind of kickstart file that we
    create in the AnacondaInstallerISOTree but it only serves to set options
    in the interactive default kickstart file. It currently only supports
    Users and Groups.
    
    This commit has no effect on generated manifests.
    achilleas-k committed May 13, 2024
    Configuration menu
    Copy the full SHA
    2690871 View commit details
    Browse the repository at this point in the history
  5. blueprint: support user kickstart injection

    Adds a new blueprint customization [installer.kickstart.contents] that
    will allow users to inject their own kickstart file into the ISO.
    achilleas-k committed May 13, 2024
    Configuration menu
    Copy the full SHA
    2926433 View commit details
    Browse the repository at this point in the history
  6. distro: wire up the user kickstart customization

    Pass the user kickstart customization from the blueprint options into
    the pipeline generators and append it to any hardcoded kickstart bits
    that we might be including ourselves.  Just like with other injected
    kickstart parts, like the %post section we add for sudoers, the user's
    kickstart file, when specified, will be added to an iso as osbuild.ks
    and the kickstart file created by osbuild will be renamed to
    osbuilld-base.ks and run using an %include added to the top of the
    osbuild.ks file.
    achilleas-k committed May 13, 2024
    Configuration menu
    Copy the full SHA
    e4b362f View commit details
    Browse the repository at this point in the history
  7. manifest: calculate raw kickstart test file content hash in test

    Instead of a static content hash for the raw kickstart file when
    testing, calculate it on the fly using a hardcoded blob for the sudobits
    and add any extra content that the user might have supplied so we can
    test the user injected content as well.
    achilleas-k committed May 13, 2024
    Configuration menu
    Copy the full SHA
    c4a4df0 View commit details
    Browse the repository at this point in the history
  8. manifest: check len(SudoNopasswd) in test instead of true/false

    Check the input instead of passing true/false for every test.
    achilleas-k committed May 13, 2024
    Configuration menu
    Copy the full SHA
    2063ca6 View commit details
    Browse the repository at this point in the history
  9. test: add a config that uses a user kickstart file

    The user kickstart contents is identical to the contents added when the
    sudo-nopasswd options are enabled, so this configuration produces the
    same manifest as the unattended-iso configuration.
    achilleas-k committed May 13, 2024
    Configuration menu
    Copy the full SHA
    9c4407d View commit details
    Browse the repository at this point in the history
  10. blueprint: custom kickstart incompatible with installer customizations

    Error out at the blueprint processing if the user includes a custom
    kickstart and also includes installer customizations.
    achilleas-k committed May 13, 2024
    Configuration menu
    Copy the full SHA
    0f9092d View commit details
    Browse the repository at this point in the history
  11. distro: ostree users and groups incompatible with kickstart contents

    User and Group customizations are incompatible with kickstart contents
    for ostree Anaconda installers only.
    When building an ostree Anaconda installer (edge-installer or
    iot-installer), users and groups are created using kickstart commands.
    When the user adds their own kickstart file contents, we want to remove
    any ambiguity or confusion by not allowing any other customization that
    would affect the kickstart file.
    achilleas-k committed May 13, 2024
    Configuration menu
    Copy the full SHA
    755d379 View commit details
    Browse the repository at this point in the history
  12. Configuration menu
    Copy the full SHA
    1df77c8 View commit details
    Browse the repository at this point in the history
  13. manifest: restrict kickstart options for bootc container installer

    Do not allow or add any kickstart options to the bootc container
    installer ISO when a user kickstart is included.
    The only line that we add is the ostree container installation line in
    its own kickstart.  The user kickstart file is then added separately and
    it %includes our own.
    achilleas-k committed May 13, 2024
    Configuration menu
    Copy the full SHA
    4efb219 View commit details
    Browse the repository at this point in the history
  14. manifest: restrict kickstart options for anaconda installers

    Do not allow or add any kickstart options to the tar payload installer
    (image-installer) or the ostree installer (edge/iot-installer).
    The only line that we add is the installation line in its own kickstart.
    The user kickstart file is then added separately and it %includes our
    own.
    achilleas-k committed May 13, 2024
    Configuration menu
    Copy the full SHA
    23211db View commit details
    Browse the repository at this point in the history
  15. manifest: update kickstart tests

    1. Kickstart tests now check if the pipeline serialization panic()s when
       unsupported options are combined.
    2. When "extra" kickstart content is defined (user kickstart file), the
       pre-defined hardcoded kickstart bits aren't added to the checksum
       calculation.
    achilleas-k committed May 13, 2024
    Configuration menu
    Copy the full SHA
    35d623e View commit details
    Browse the repository at this point in the history
  16. test: update config to match new rules

    Unattended + kickstart.contents is no longer allowed, so set unattended
    to false.
    achilleas-k committed May 13, 2024
    Configuration menu
    Copy the full SHA
    c10a539 View commit details
    Browse the repository at this point in the history

Commits on May 14, 2024

  1. customizations: function for kickstart customization initialisation

    Initialise kickstart customizations for an image with the common options
    from the blueprint customizations.  The kickstart options are
    initialised with Users, Groups, the Unattended and SudoNopasswd
    installer options, and the custom kickstart content.  Other options
    (Language, Keyboard, Timezone, and payload options) must be set
    separately, since they aren't based solely on the blueprint
    customizations and interact with other configs, like image config or the
    ostree payload options.
    
    Co-authored-by: Michael Vogt <[email protected]>
    achilleas-k and mvo5 committed May 14, 2024
    Configuration menu
    Copy the full SHA
    4d64e67 View commit details
    Browse the repository at this point in the history
  2. distro: flip the installer customization check order

    Co-authored-by: Michael Vogt <[email protected]>
    achilleas-k and mvo5 committed May 14, 2024
    Configuration menu
    Copy the full SHA
    3beb9c9 View commit details
    Browse the repository at this point in the history
  3. customizations/kickstart: unify option validation

    Validate kickstart options in a Validate() function so unify option
    compatibility handling.  The function is called from the kickstart.New()
    initialiser, but we also call it before stage creation to make sure
    everything is valid right before stage creation.
    
    Co-authored-by: Michael Vogt <[email protected]>
    achilleas-k and mvo5 committed May 14, 2024
    Configuration menu
    Copy the full SHA
    df3bdb4 View commit details
    Browse the repository at this point in the history