Merge pull request #2592 from OSInside/agama_integration_test

Added integration test for SUSE agama installer

build-tests/x86/tumbleweed/test-image-agama/appliance.kiwi

@@ -0,0 +1,125 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<image schemaversion="7.5" name="test-image-agama">
+    <description type="system">
+        <author>YaST Team</author>
+        <contact>[email protected]</contact>
+        <specification>Agama RamDisk Installer ISO</specification>
+    </description>
+    <preferences>
+        <version>1.0.1</version>
+        <packagemanager>zypper</packagemanager>
+        <locale>en_US</locale>
+        <keytable>us</keytable>
+        <timezone>Europe/Berlin</timezone>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <rpm-check-signatures>false</rpm-check-signatures>
+        <bootsplash-theme>bgrt</bootsplash-theme>
+        <bootloader-theme>openSUSE</bootloader-theme>
+        <type image="oem" filesystem="btrfs" fsmountoptions="compress=zstd:15" firmware="uefi" installiso="true" installpxe="true" installboot="install" kernelcmdline="rd.kiwi.ramdisk ramdisk_size=2097152" volid="agama">
+            <bootloader name="grub2" timeout="1"/>
+            <oemconfig>
+                <oem-skip-verify>true</oem-skip-verify>
+                <oem-unattended>true</oem-unattended>
+                <oem-unattended-id>/dev/ram1</oem-unattended-id>
+                <oem-swap>false</oem-swap>
+                <oem-multipath-scan>false</oem-multipath-scan>
+            </oemconfig>
+            <size unit="M">1900</size>
+        </type>
+    </preferences>
+    <users>
+        <!-- the password is configured during boot -->
+        <user password="!*" home="/root" name="root" groups="root"/>
+    </users>
+    <repository type="rpm-md">
+        <source path="obsrepositories:/"/>
+    </repository>
+    <packages type="image">
+        <namedCollection name="x11"/>
+        <package name="avahi"/>
+        <package name="bind-utils"/>
+        <package name="patterns-openSUSE-base"/>
+        <package name="systemd"/>
+        <package name="grub2-branding-openSUSE" arch="aarch64,x86_64"/>
+        <package name="iputils"/>
+        <package name="vim"/>
+        <package name="vim-data"/>
+        <package name="grub2"/>
+        <package name="grub2-arm64-efi" arch="aarch64"/>
+        <package name="grub2-x86_64-efi" arch="x86_64"/>
+        <package name="grub2-i386-pc" arch="x86_64"/>
+        <package name="syslinux" arch="x86_64"/>
+        <package name="fontconfig"/>
+        <package name="fonts-config"/>
+        <package name="adobe-sourcecodepro-fonts"/>
+        <package name="adobe-sourcehansans-jp-fonts"/>
+        <package name="openssh"/>
+        <package name="iproute2"/>
+        <package name="less"/>
+        <package name="bash-completion"/>
+        <package name="dhcp-client"/>
+        <package name="which"/>
+        <package name="kernel-default"/>
+        <!-- the firmware files not referenced by any kernel driver are removed from the image -->
+        <package name="kernel-firmware"/>
+        <package name="adaptec-firmware"/>
+        <package name="atmel-firmware"/>
+        <package name="bluez-firmware"/>
+        <package name="ipw-firmware"/>
+        <package name="mpt-firmware"/>
+        <package name="zd1211-firmware"/>
+        <package name="systemd-zram-service"/> <!--- needed for zram -->
+        <package name="shim" arch="aarch64,x86_64"/>
+        <package name="timezone"/>
+        <package name="dracut-kiwi-live"/>
+        <package name="blog" arch="s390x" />
+        <package name="libblogger2" arch="s390x" />
+        <package name="xauth"/>
+        <package name="patterns-base-x11"/>
+        <package name="patterns-yast-yast2_basis"/>
+        <package name="MozillaFirefox" arch="aarch64,x86_64"/>
+        <package name="MozillaFirefox-branding-openSUSE" arch="aarch64,x86_64"/>
+        <package name="libpwquality-tools"/>
+        <package name="NetworkManager"/>
+        <package name="ruby3.3-rubygem-byebug"/>
+        <package name="ruby3.3-rubygem-agama-yast"/>
+        <package name="agama"/>
+        <package name="agama-web-ui"/>
+        <package name="agama-cli"/>
+        <package name="agama-auto"/>
+        <package name="microos-tools"/>
+        <package name="staging-build-key"/>
+        <package name="icewm-lite"/>
+        <package name="xinit"/>
+        <package name="psmisc"/>
+        <package name="joe"/>
+        <package name="checkmedia"/>
+        <package name="spice-vdagent"/>
+        <package name="libtss2-tcti-device0"/>
+        <package name="jq"/>
+        <package name="dracut-kiwi-oem-repart"/>
+        <package name="dracut-kiwi-oem-dump"/>
+    </packages>
+    <packages type="delete">
+        <package name="vim-data"/>
+        <package name="alsa"/>
+        <package name="alsa-utils"/>
+        <package name="alsa-ucm-conf"/>
+        <package name="Mesa-gallium"/>
+    </packages>
+    <packages type="bootstrap">
+        <package name="procps4"/>
+        <package name="coreutils"/>
+        <package name="shadow"/>
+        <package name="gzip"/>
+        <package name="gawk"/>
+        <package name="openssl"/>
+        <package name="filesystem"/>
+        <package name="glibc-locale-base"/>
+        <package name="ca-certificates-mozilla"/>
+        <package name="agama-products-opensuse"/>
+        <package name="openSUSE-release"/>
+        <package name="diffutils"/>
+    </packages>
+</image>

build-tests/x86/tumbleweed/test-image-agama/config.sh

@@ -0,0 +1,78 @@
+#!/bin/bash
+
+set -ex
+
+label=${kiwi_install_volid:-$kiwi_iname}
+
+#======================================
+# Import repo keys
+#--------------------------------------
+rpm --import /tmp/systemsmanagement_key.gpg
+rpm --import /usr/lib/rpm/gnupg/keys/*.asc
+rm /tmp/systemsmanagement_key.gpg
+
+#======================================
+# Enable services
+#--------------------------------------
+systemctl enable sshd.service
+systemctl enable NetworkManager.service
+systemctl enable avahi-daemon.service
+systemctl enable agama.service
+systemctl enable agama-web-server.service
+systemctl enable agama-auto.service
+systemctl enable agama-hostname.service
+systemctl enable agama-proxy-setup.service
+systemctl enable agama-certificate-issue.path
+systemctl enable agama-certificate-wait.service
+systemctl enable agama-welcome-issue.service
+systemctl enable agama-avahi-issue.service
+systemctl enable agama-ssh-issue.service
+systemctl enable agama-self-update.service
+systemctl enable live-password-cmdline.service
+systemctl enable live-password-dialog.service
+systemctl enable live-password-iso.service
+systemctl enable live-password-random.service
+systemctl enable live-password-systemd.service
+systemctl enable setup-systemd-proxy-env.path
+systemctl enable x11-autologin.service
+systemctl enable spice-vdagentd.service
+systemctl enable zramswap
+
+#======================================
+# Default target
+#--------------------------------------
+systemctl set-default graphical.target
+
+#======================================
+# disable snapshot cleanup
+#--------------------------------------
+systemctl disable snapper-cleanup.timer
+systemctl disable snapper-timeline.timer
+
+#======================================
+# disable unused services
+#--------------------------------------
+systemctl disable YaST2-Firstboot.service
+systemctl disable YaST2-Second-Stage.service
+systemctl -f disable purge-kernels
+
+#======================================
+# setup dracut for live system
+#--------------------------------------
+echo "Setting default live root: live:LABEL=$label"
+mkdir -p /etc/cmdline.d
+echo "root=live:LABEL=$label" > \
+    /etc/cmdline.d/10-liveroot.conf
+echo "root_disk=live:LABEL=$label" >> \
+    /etc/cmdline.d/10-liveroot.conf
+echo 'install_items+=" /etc/cmdline.d/10-liveroot.conf "' > \
+    /etc/dracut.conf.d/10-liveroot-file.conf
+echo 'add_dracutmodules+=" dracut-menu "' >> \
+    /etc/dracut.conf.d/10-liveroot-file.conf
+echo 'add_drivers+=" brd "' >> \
+    /etc/dracut.conf.d/10-liveroot-file.conf
+
+#======================================
+# replace the @@LIVE_MEDIUM_LABEL@@
+#--------------------------------------
+sed -i -e "s/@@LIVE_MEDIUM_LABEL@@/$label/g" /usr/bin/live-password

build-tests/x86/tumbleweed/test-image-agama/root/.mozilla/firefox/profile/user.js.template

@@ -0,0 +1,10 @@
+// Mozilla User Preferences
+
+// do not remember or generate passwords
+user_pref("signon.management.page.breach-alerts.enabled", false);
+user_pref("signon.rememberSignons", false);
+user_pref("signon.generation.enabled", false);
+// start always in the custom homepage
+user_pref("browser.startup.page", 1);
+// custom homepage: the value is expected to be replaced with the login URL by the startup script
+user_pref("browser.startup.homepage", "__HOMEPAGE__");

build-tests/x86/tumbleweed/test-image-agama/root/.xinitrc

@@ -0,0 +1 @@
+icewm-session -c /etc/icewm/preferences.yast2

build-tests/x86/tumbleweed/test-image-agama/root/etc/avahi/services/agama.service

@@ -0,0 +1,11 @@
+<?xml version="1.0" standalone='no'?>
+<!-- see "man avahi.service" for details -->
+<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
+<service-group>
+  <name replace-wildcards="yes">Agama Installer (https://%h.local)</name>
+  <service>
+    <type>_https._tcp</type>
+    <subtype>_agama._sub._https._tcp</subtype>
+    <port>433</port>
+  </service>
+</service-group>

build-tests/x86/tumbleweed/test-image-agama/root/etc/modules-load.d/10-multipath.conf

@@ -0,0 +1 @@
+dm_multipath

build-tests/x86/tumbleweed/test-image-agama/root/etc/multipath.conf

@@ -0,0 +1,3 @@
+defaults {
+  find_multipaths smart
+}

build-tests/x86/tumbleweed/test-image-agama/root/etc/ssh/sshd_config.d/10_root_login.conf

@@ -0,0 +1 @@
+PermitRootLogin yes

build-tests/x86/tumbleweed/test-image-agama/root/etc/systemd/system/agama-avahi-issue.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=Generate issue file for Agama URL from Avahi
+
+After=avahi-daemon.service
+
+[Service]
+ExecStart=agama-issue-generator --watch-avahi
+Type=simple
+
+[Install]
+WantedBy=default.target

build-tests/x86/tumbleweed/test-image-agama/root/etc/systemd/system/agama-certificate-issue.path

@@ -0,0 +1,10 @@
+[Unit]
+Description=Watch the Agama SSL certificate for changes
+Before=systemd-user-sessions.service
+
+[Path]
+Unit=agama-certificate-issue.service
+PathChanged=/etc/agama.d/ssl/cert.pem
+
+[Install]
+WantedBy=default.target

build-tests/x86/tumbleweed/test-image-agama/root/etc/systemd/system/agama-certificate-issue.service

@@ -0,0 +1,9 @@
+[Unit]
+Description=Generate issue file for Agama SSL certificate
+
+[Service]
+Type=oneshot
+ExecStart=agama-issue-generator --ssl
+
+[Install]
+WantedBy=default.target

build-tests/x86/tumbleweed/test-image-agama/root/etc/systemd/system/agama-certificate-wait.service

@@ -0,0 +1,27 @@
+[Unit]
+Description=Postpone login prompt after the SSL fingerprint issue is generated
+
+After=agama-web-server.service
+
+# copied from YaST2-Second-Stage.service
+Before[email protected]
+Before[email protected]
+Before[email protected]
+Before[email protected]
+Before[email protected]
+Before[email protected]
+Before[email protected]
+Before=serial-getty@sclp_line0.service
+Before[email protected]
+Before[email protected]
+Before[email protected]
+Before[email protected]
+Before[email protected]
+
+[Service]
+Type=oneshot
+# wait at most 15 seconds to not block
+ExecStart=agama-issue-generator --wait-for-ssl 15
+
+[Install]
+WantedBy=default.target

build-tests/x86/tumbleweed/test-image-agama/root/etc/systemd/system/agama-hostname.service

@@ -0,0 +1,17 @@
+[Unit]
+Description=Set Agama hostname
+# after running the default hostname systemd service
+After=systemd-hostnamed.target
+# but before starting the mDNS server
+Before=avahi-daemon.service
+# run only if the hostname has the default value, if it has been changed
+# by the hernel command line or systemd then keep it
+ConditionHost=localhost
+
+[Service]
+ExecStart=hostnamectl hostname --transient agama
+Type=oneshot
+User=root
+
+[Install]
+WantedBy=default.target

build-tests/x86/tumbleweed/test-image-agama/root/etc/systemd/system/agama-self-update.service

@@ -0,0 +1,31 @@
+[Unit]
+Description=Agama self-update
+
+After=network-online.target
+
+# before starting the Agama servers so they use the new packages
+Before=agama-web-server.service
+Before=agama.service
+Before=x11-autologin.service
+# before interactive password services
+Before=live-password-dialog.service
+Before=live-password-systemd.service
+
+# kernel command line option
+ConditionKernelCommandLine=|agama.self_update
+# linuxrc/YaST backward compatibility
+ConditionKernelCommandLine=|agama.selfupdate
+
+[Service]
+Type=oneshot
+Environment=TERM=linux
+ExecStartPre=dmesg --console-off
+ExecStart=agama-self-update
+ExecStartPost=dmesg --console-on
+TTYReset=yes
+TTYVHangup=yes
+StandardInput=tty
+TimeoutSec=0
+
+[Install]
+WantedBy=default.target

build-tests/x86/tumbleweed/test-image-agama/root/etc/systemd/system/agama-ssh-issue.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=Generate issue file for SSH host keys
+Before=systemd-user-sessions.service
+After=sshd.service
+
+[Service]
+Type=oneshot
+ExecStart=agama-issue-generator --ssh
+
+[Install]
+WantedBy=default.target

build-tests/x86/tumbleweed/test-image-agama/root/etc/systemd/system/agama-welcome-issue.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=Generate Agama welcome message
+Before=systemd-user-sessions.service
+
+[Service]
+Type=oneshot
+ExecStart=agama-issue-generator --welcome
+
+[Install]
+WantedBy=default.target

build-tests/x86/tumbleweed/test-image-agama/root/etc/systemd/system/live-password-cmdline.service

@@ -0,0 +1,21 @@
+[Unit]
+Description=Set the root password from kernel command line
+
+# before starting the SSH and Agama server so they use the new password
+Before=sshd.service
+Before=agama-web-server.service
+
+# before the interactive setting methods so they can override it
+Before=live-password-dialog.service
+Before=live-password-systemd.service
+
+# plain text password or encrypted password passed via kernel command line
+ConditionKernelCommandLine=|live.password
+ConditionKernelCommandLine=|live.password_hash
+
+[Service]
+ExecStart=live-password --kernel
+Type=oneshot
+
+[Install]
+WantedBy=default.target