Add initial C10S variant

.gitmodules

@@ -1,4 +1,4 @@
 [submodule "fedora-coreos-config"]
 	path = fedora-coreos-config
-	url = https://github.com/coreos/fedora-coreos-config
-	branch = testing-devel
+	url = https://github.com/travier/fedora-coreos-config
+	branch = testing-devel-c10s

README.md

@@ -15,8 +15,8 @@ supported:
 
 - `rhel-9.4`: RHEL 9.4-based CoreOS; without OpenShift components.
 - `ocp-rhel-9.4`: RHEL 9.4-based CoreOS; including OpenShift components.
-- `c9s`: CentOS Stream-based CoreOS, without OKD components.
-- `okd-c9s`: CentOS Stream-based CoreOS, including OpenShift components. This
+- `c9s`/`c10s`: CentOS Stream-based CoreOS, without OKD components.
+- `okd-c9s`/`okd-c10s`: CentOS Stream-based CoreOS, including OpenShift components. This
   currently includes some packages from RHEL because not all packages required
   by OpenShift are provided in CentOS Stream.
 

c10s.repo

@@ -0,0 +1,63 @@
+[c10s-baseos]
+name=CentOS Stream 10 - BaseOS
+baseurl=https://composes.stream.centos.org/stream-10/production/latest-CentOS-Stream/compose/BaseOS/$basearch/os
+gpgcheck=0
+repo_gpgcheck=0
+enabled=1
+gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
+
+[c10s-appstream]
+name=CentOS Stream 10 - AppStream
+baseurl=https://composes.stream.centos.org/stream-10/production/latest-CentOS-Stream/compose/AppStream/$basearch/os
+gpgcheck=0
+repo_gpgcheck=0
+enabled=1
+gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
+
+# [c10s-extras-common]
+# name=CentOS Stream 10 - Extras packages
+# baseurl=https://mirror.stream.centos.org/SIGs/10-stream/extras/$basearch/extras-common
+# gpgcheck=1
+# repo_gpgcheck=0
+# enabled=1
+# gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-SIG-Extras-SHA512
+
+[c10s-nfv]
+name=CentOS Stream 10 - NFV
+baseurl=https://composes.stream.centos.org/stream-10/production/latest-CentOS-Stream/compose/NFV/$basearch/os
+gpgcheck=0
+repo_gpgcheck=0
+enabled=1
+gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
+
+[c10s-rt]
+name=CentOS Stream 10 - RT
+baseurl=https://composes.stream.centos.org/stream-10/production/latest-CentOS-Stream/compose/RT/$basearch/os
+gpgcheck=0
+repo_gpgcheck=0
+enabled=1
+gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
+
+# [c10s-sig-nfv]
+# name=CentOS Stream 10 - SIG NFV
+# baseurl=https://mirror.stream.centos.org/SIGs/10-stream/nfv/$basearch/openvswitch-2/
+# gpgcheck=1
+# repo_gpgcheck=0
+# enabled=1
+# gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-SIG-NFV
+
+# [c10s-sig-virtualization]
+# name=CentOS Stream 10 - SIG Virtualization
+# baseurl=https://mirror.stream.centos.org/SIGs/10-stream/virt/$basearch/kata-containers/
+# gpgcheck=1
+# repo_gpgcheck=0
+# enabled=1
+# gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-SIG-Virtualization
+
+# [c10s-sig-cloud-okd]
+# name=CentOS Stream 10 - SIG Cloud OKD 4.15
+# baseurl=https://mirror.stream.centos.org/SIGs/10-stream/cloud/$basearch/okd-4.15/
+# gpgcheck=1
+# repo_gpgcheck=0
+# enabled=1
+# gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-SIG-Cloud

ci/prow-entrypoint.sh

@@ -82,18 +82,35 @@ prepare_repos() {
 
     # Fetch the repos corresponding to the release we are building
     case "${rhelver}" in
-        92|94)
+        94)
+            # RHCOS based on a specific version of RHEL
             curl --fail -L "http://base-${ocpver_mut}-rhel${rhelver}.ocp.svc.cluster.local" -o "src/config/ocp.repo"
             cat src/config/ocp.repo
             ;;
-        *)
-            # Assume C9S/SCOS if the version does not match known values for RHEL
+        9)
+            # CentOS Stream 9
             # Temporary workaround until we have all packages for SCOS
+            # Keep this updated to the latest stable RHEL
             curl --fail -L "http://base-${ocpver_mut}-rhel94.ocp.svc.cluster.local" -o "src/config/tmp.repo"
             awk '/rhel-9.4-server-ose-4.18/,/^$/' "src/config/tmp.repo" > "src/config/ocp.repo"
             cat src/config/ocp.repo
             rm "src/config/tmp.repo"
             ;;
+        10)
+            # CentOS Stream 10
+            # Temporary workaround until we have all packages for SCOS
+            # Keep this updated to the latest stable RHEL
+            curl --fail -L "http://base-${ocpver_mut}-rhel94.ocp.svc.cluster.local" -o "src/config/tmp.repo"
+            awk '/rhel-9.4-appstream/,/^$/' "src/config/tmp.repo" > "src/config/ocp.repo"
+            awk '/rhel-9.4-fast-datapath/,/^$/' "src/config/tmp.repo" >> "src/config/ocp.repo"
+            awk '/rhel-9.4-server-ose-4.17/,/^$/' "src/config/tmp.repo" >> "src/config/ocp.repo"
+            cat src/config/ocp.repo
+            rm "src/config/tmp.repo"
+            ;;
+        *)
+            echo "Unknown RHEL / CentOS Stream release"
+            exit 1
+            ;;
     esac
 }
 
@@ -326,15 +343,27 @@ main() {
             cosa_build
             kola_test_metal
             ;;
-        "scos-9-build-test-qemu")
+        "c9s-build-test-qemu"|"scos-9-build-test-qemu")
+            setup_user
+            cosa_init "okd-c10s"
+            cosa_build
+            kola_test_qemu
+            ;;
+        "c9s-build-test-metal"|"scos-9-build-test-metal")
+            setup_user
+            cosa_init "okd-c10s"
+            cosa_build
+            kola_test_metal
+            ;;
+        "c10s-build-test-qemu")
             setup_user
-            cosa_init "okd-c9s"
+            cosa_init "okd-c10s"
             cosa_build
             kola_test_qemu
             ;;
-        "scos-9-build-test-metal")
+        "c10s-build-test-metal")
             setup_user
-            cosa_init "okd-c9s"
+            cosa_init "okd-c10s"
             cosa_build
             kola_test_metal
             ;;
@@ -350,4 +379,5 @@ main() {
     esac
 }
 
+export TAIL_SLEEP=3
 main "${@}"

common-el10.yaml

@@ -0,0 +1,3 @@
+# Includes and packages only common to EL 10 (RHEL 10 & C10S)
+include:
+  - fedora-coreos-config/manifests/shared-el10.yaml

common-el9.yaml

@@ -0,0 +1,20 @@
+# Includes and packages only common to EL 9 (RHEL 9 & C9S)
+include:
+  - fedora-coreos-config/manifests/shared-el9.yaml
+
+packages:
+ - containernetworking-plugins
+ # Gluster - Used for Openshift e2e gluster testcases
+ # Reverts https://gitlab.cee.redhat.com/coreos/redhat-coreos/merge_requests/367 and add it for all arches
+ - glusterfs-fuse
+
+postprocess:
+  - |
+    #!/usr/bin/env bash
+    set -xeuo pipefail
+    # Enable tmp-on-tmpfs by default because we don't want to have things leak
+    # across reboots, it increases alignment with FCOS, and also fixes the
+    # Live ISO. First, verify that RHEL is still disabling.
+    grep -q '# RHEL-only: Disable /tmp on tmpfs' /usr/lib/systemd/system/basic.target
+    echo '# RHCOS-only: we follow the Fedora/upstream default' >> /usr/lib/systemd/system/basic.target
+    echo 'Wants=tmp.mount' >> /usr/lib/systemd/system/basic.target

common.yaml

@@ -146,16 +146,6 @@ postprocess:
     # FIXME: Why is this only broken here?  NM isn't removing the link?
     sed -i '/etc.resolv/d' /usr/lib/tmpfiles.d/etc.conf
 
-  - |
-    #!/usr/bin/env bash
-    set -xeuo pipefail
-    # Enable tmp-on-tmpfs by default because we don't want to have things leak
-    # across reboots, it increases alignment with FCOS, and also fixes the
-    # Live ISO. First, verify that RHEL is still disabling.
-    grep -q '# RHEL-only: Disable /tmp on tmpfs' /usr/lib/systemd/system/basic.target
-    echo '# RHCOS-only: we follow the Fedora/upstream default' >> /usr/lib/systemd/system/basic.target
-    echo 'Wants=tmp.mount' >> /usr/lib/systemd/system/basic.target
-
   - |
     #!/usr/bin/env bash
     set -xeo pipefail
@@ -214,7 +204,6 @@ packages:
  # Bootloader updater
  - bootupd
  # Containers
- - containernetworking-plugins
  - container-selinux
  # Needed for newer rpm-ostree
  - "'skopeo >= 2:1.7.0'"
@@ -245,9 +234,6 @@ packages:
  - qemu-guest-agent
  # passwd was obsoleted by shadow-utils in F40+, but still needed here
  - passwd
- # Gluster - Used for Openshift e2e gluster testcases
- # Reverts https://gitlab.cee.redhat.com/coreos/redhat-coreos/merge_requests/367 and add it for all arches
- - glusterfs-fuse
  # Needed for kernel-devel extension: https://bugzilla.redhat.com/show_bug.cgi?id=1885408
  # x86_64 and s390x have these packages installed as dependencies of other packages, ppc64le does not
  # FIXME: once the below BZs have been resolved to remove perl dependencies, this can be done in the extensions script

extensions-c10s.yaml

@@ -0,0 +1,85 @@
+# RPMs as operating system extensions, distinct from the base ostree commit/image
+# https://github.com/openshift/enhancements/blob/master/enhancements/rhcos/extensions.md
+# and https://github.com/coreos/fedora-coreos-tracker/issues/401
+
+# repos:
+#   - sig-virtualization
+
+extensions:
+  # https://issues.redhat.com/browse/RFE-4177
+  # wasm:
+  #   architectures:
+  #     - x86_64
+  #     - aarch64
+  #   repos:
+  #     - appstream
+  #   packages:
+  #     - crun-wasm
+  # https://github.com/coreos/fedora-coreos-tracker/issues/1504
+  ipsec:
+    packages:
+      - libreswan
+      - NetworkManager-libreswan
+  # https://github.com/coreos/fedora-coreos-tracker/issues/326
+  usbguard:
+    packages:
+      - usbguard
+  kerberos:
+    packages:
+      - krb5-workstation
+      - libkadm5
+  # https://github.com/kmods-via-containers/kmods-via-containers/issues/3
+  # https://gitlab.cee.redhat.com/coreos/redhat-coreos/merge_requests/866
+  # These are currently overlaid onto the host so that they can be bind-mounted
+  # into build containers... in the future they should be a `development`
+  # extension: https://github.com/openshift/machine-config-operator/pull/2143.
+  kernel-devel:
+    packages:
+      - kernel-devel
+      - kernel-headers
+    match-base-evr: kernel
+  # These are already in the base, so they're not OS extensions, but they're
+  # useful to have in RPM form to install in kmod build containers.
+  kernel:
+    kind: development
+    packages:
+      - kernel
+      - kernel-core
+      - kernel-modules
+      - kernel-modules-extra
+    match-base-evr: kernel
+  # GRPA-2822
+  # https://github.com/openshift/machine-config-operator/pull/1330
+  # https://github.com/openshift/enhancements/blob/master/enhancements/support-for-realtime-kernel.md
+  kernel-rt:
+    architectures:
+      - x86_64
+    repos:
+      - c10s-nfv
+    packages:
+      - kernel-rt-core
+      - kernel-rt-kvm
+      - kernel-rt-modules
+      - kernel-rt-modules-extra
+      - kernel-rt-devel
+    match-base-evr: kernel
+  # https://github.com/openshift/machine-config-operator/pull/2456
+  # https://github.com/openshift/enhancements/blob/master/enhancements/sandboxed-containers/sandboxed-containers-tech-preview.md
+  # GRPA-3123
+  # - kata-containers
+  # sandboxed-containers:
+  #   architectures:
+  #     - x86_64
+  #   repos:
+  #     - sig-virtualization10
+  #   packages:
+  #     - kata-containers
+  # https://issues.redhat.com/browse/COS-2402
+  kernel-64k:
+    architectures:
+      - aarch64
+    packages:
+      - kernel-64k-core
+      - kernel-64k-modules
+      - kernel-64k-modules-core
+      - kernel-64k-modules-extra

extensions-okd-c10s.yaml

@@ -0,0 +1 @@
+extensions-c10s.yaml

extensions/Dockerfile

@@ -9,15 +9,28 @@ ADD . .
 ARG COSA
 ARG VARIANT
 RUN if [[ -z "$COSA" ]] ; then ci/get-ocp-repo.sh ; fi
-# on SCOS, we need to add the GPG keys of the various SIGs we need
-RUN if rpm -q centos-stream-release && ! rpm -q centos-release-cloud; then dnf install -y centos-release-{cloud,nfv,virt}-common; fi
-RUN mkdir -p /usr/share/distribution-gpg-keys/centos
-RUN ln -s /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial /usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
-RUN ln -s {/etc/pki/rpm-gpg,/usr/share/distribution-gpg-keys/centos}/RPM-GPG-KEY-CentOS-SIG-Cloud
-RUN ln -s {/etc/pki/rpm-gpg,/usr/share/distribution-gpg-keys/centos}/RPM-GPG-KEY-CentOS-SIG-Extras-SHA512
-RUN ln -s {/etc/pki/rpm-gpg,/usr/share/distribution-gpg-keys/centos}/RPM-GPG-KEY-CentOS-SIG-NFV
-RUN ln -s {/etc/pki/rpm-gpg,/usr/share/distribution-gpg-keys/centos}/RPM-GPG-KEY-CentOS-SIG-Virtualization
-RUN if [[ -n "${VARIANT}" ]]; then MANIFEST="manifest-${VARIANT}.yaml"; EXTENSIONS="extensions-${VARIANT}.yaml"; else MANIFEST="manifest.yaml"; EXTENSIONS="extensions.yaml"; fi && rpm-ostree compose extensions --rootfs=/ --output-dir=/usr/share/rpm-ostree/extensions/ ./"${MANIFEST}" ./"${EXTENSIONS}"
+# On SCOS, we need to add the GPG keys of the various SIGs we need
+RUN if rpm -q centos-stream-release; then \
+        if [[ $(rpm -q --qf "%{VERSION}" centos-stream-release) == "9.0" ]]; then \
+            if ! rpm -q centos-release-cloud; then \
+                dnf install -y centos-release-{cloud,nfv,virt}-common; \
+            fi && \
+            mkdir -p /usr/share/distribution-gpg-keys/centos && \
+            ln -s /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial /usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official && \
+            ln -s {/etc/pki/rpm-gpg,/usr/share/distribution-gpg-keys/centos}/RPM-GPG-KEY-CentOS-SIG-Cloud && \
+            ln -s {/etc/pki/rpm-gpg,/usr/share/distribution-gpg-keys/centos}/RPM-GPG-KEY-CentOS-SIG-Extras-SHA512 && \
+            ln -s {/etc/pki/rpm-gpg,/usr/share/distribution-gpg-keys/centos}/RPM-GPG-KEY-CentOS-SIG-NFV && \
+            ln -s {/etc/pki/rpm-gpg,/usr/share/distribution-gpg-keys/centos}/RPM-GPG-KEY-CentOS-SIG-Virtualization ; \
+        fi ; \
+    fi
+RUN if [[ -n "${VARIANT}" ]]; then \
+        MANIFEST="manifest-${VARIANT}.yaml"; \
+        EXTENSIONS="extensions-${VARIANT}.yaml"; \
+    else \
+        MANIFEST="manifest.yaml"; \
+        EXTENSIONS="extensions.yaml"; \
+    fi && \
+    rpm-ostree compose extensions --rootfs=/ --output-dir=/usr/share/rpm-ostree/extensions/ ./"${MANIFEST}" ./"${EXTENSIONS}"
 
 ## Creates the repo metadata for the extensions.
 ## This uses Fedora as a lowest-common-denominator because it will work on

image-c10s.yaml

@@ -0,0 +1 @@
+image-rhel-9.4.yaml

image-okd-c10s.yaml

@@ -0,0 +1 @@
+image-c10s.yaml