#502 WIP: Add fedora-atomic-ws config
Closed 3 years ago by humaton. Opened 6 years ago by walters.
walters/pungi-fedora f27-faw-respins  into  f27

Add fedora-atomic-ws config
Colin Walters • 6 years ago  
file added
+246
@@ -0,0 +1,246 @@ 

+ # PRODUCT INFO

+ release_name = 'Fedora-AtomicWS'

+ release_short = 'Fedora-AtomicWS'

+ release_version = '27'

+ release_is_layered = False

+ # GENERAL SETTINGS

+ bootable = True

+ buildinstall_method = 'lorax'

+ lorax_options = [

+   ('^.*$', {

+      'x86_64': {

+          'nomacboot': False,

+      }

+      '*': {

+          'noupgrade': True

+      }

+   })

+ ]

+ comps_file = 'comps-f27.xml' #{

+ #    'scm': 'git',

+ #    'repo': 'git://git.fedorahosted.org/git/comps.git',

+ #    'branch': None, # defaults to cvs/HEAD or git/master

+ #    'file': 'comps-f23.xml',

+ #}

+ variants_file='variants-fedora.xml'

+ sigkeys = ['F5282EE4'] # None = unsigned

+ # limit tree architectures

+ # if undefined, all architectures from variants.xml will be included

+ tree_arches = ['x86_64']

+ # limit tree variants

+ # if undefined, all variants from variants.xml will be included

+ tree_variants = ['AtomicWorkstation']

+ hashed_directories = True

+ # RUNROOT settings

+ runroot = True

+ #runroot_channel = 'fedora_compose'

+ runroot_channel = 'compose'

+ runroot_tag = 'f27-build'

+ # PKGSET

+ pkgset_source = 'koji' # koji, repos

+ pkgset_koji_tag = 'f27-atomic-host-installer'

+ pkgset_koji_inherit = True

+ filter_system_release_packages = False

+ # GATHER

+ gather_source = 'comps'

+ gather_method = 'deps'

+ gather_profiler = True

+ check_deps = False

+ greedy_method = 'build'

+ # fomat: [(variant_uid_regex, {arch|*: [repos]})]

+ # gather_lookaside_repos = []

+ # GATHER - JSON

+ # format: {variant_uid: {arch: package: [arch1, arch2, None (for any arch)]}}

+ #gather_source_mapping = '/path/to/mapping.json'

+ # CREATEREPO

+ createrepo_c = True

+ createrepo_checksum = 'sha256'

+ # CHECKSUMS

+ media_checksums = ['sha256']

+ media_checksum_one_file = True

+ media_checksum_base_filename = 'Fedora-%(variant)s-%(version)s-%(date)s.%(respin)s-%(arch)s'

+ #jigdo

+ create_jigdo = False

+ #extra_packages = [

+ #    '/mnt/packages/foo*',

+ #]

+ # fomat: [(variant_uid_regex, {arch|*: [packages]})]

+ additional_packages = [

+     ('.*', {

+         '*': [

+             'kernel.*',

+             'dracut.*',

+             'autocorr-.*',

+             'eclipse-nls-.*',

+             'hunspell-.*',

+             'hyphen-.*',

+             'calligra-l10n-.*',

+             'kde-l10n-.*',

+             'libreoffice-langpack-.*',

+             'man-pages-.*',

+             'mythes-.*',

+         ],

+     }),

+     ('^Everything$', {

+         '*': [

+             '*',

+         ],

+     }),

+     ('^Server$', {

+         '*': [

+         ],

+     }),

+     ('^AtomicWorkstation$', {

+         '*': [

+         ],

+     }),

+     ('^Cloud$', {

+         '*': [

+         ],

+     }),

+ ]

+ multilib = [

+     ('^Everything$', {

+         'x86_64': ['devel', 'runtime'],

+          's390x': ['devel', 'runtime']

+     })

+ ]

+ filter_packages = [

+     ('(Workstation|Server|Cloud)$', {

+         '*': [

+         '^kernel.*debug.*',

+         '^kernel-kdump.*',

+         '^kernel-tools.*',

+         '^syslog-ng.*',

+         '^astronomy-bookmarks',

+         '^generic.*',

+         '^GConf2-dbus.*',

+         '^bluez-gnome',

+         #Periods cause problems in paterns, so replace with *s

+         '^java-1.8.0-openjdk',

+         '^community-mysql.*',

+         '^jruby.*',

+         '^gimp-help-.*',

+         ]

+     }),

+ ]

+ # format: {arch|*: [packages]}

+ multilib_blacklist = {

+     '*': ['kernel*', 'kernel-PAE*', 'kernel*debug*',

+         'dmraid-devel', 'kdeutils-devel', 'mkinitrd-devel',

+         'java-1.5.0-gcj-devel', 'java-1.7.0-icedtea-devel',

+         'php-devel', 'java-1.6.0-openjdk-devel',

+         'java-1.7.0-openjdk-devel', 'java-1.8.0-openjdk-devel',

+         'httpd-devel', 'tomcat-native', 'php*', 'httpd',

+         'krb5-server', 'krb5-server-ldap', 'mod_*', 'ghc-*'

+     ],

+ }

+ # format: {arch|*: [packages]}

+ multilib_whitelist = {

+     '*': ['libgnat', 'wine*', 'lmms-vst', 'nspluginwrapper',

+         'libflashsupport', 'valgrind', 'perl-libs', 'redhat-lsb',

+         'yaboot', 'syslinux-extlinux-nonlinux', 'syslinux-nonlinux',

+         'syslinux-tftpboot', 'nosync', '*-static'

+     ],

+ }

+ createiso_skip = [

+         ('^Workstation$', {

+             '*': True,

+             'src': True

+         }),

+         ('^Server$', {

+             'src': True

+         }),

+         ('^Cloud$', {

+             '*': True,

+             'src': True

+         }),

+         ('^Everything$', {

+             '*': True,

+             'src': True

+         }),

+     ]

+ # fomat: [(variant_uid_regex, {arch|*: [scm_dicts]})]

+ #extra_files = [

+ #    ('^(Server|Workstation|Cloud)$', {

+ #        '*': [

+ #            {

+ #                'scm': 'rpm',

+ #                'repo': 'fedora-release-%(variant_id_lower)s',

+ #                'branch': None,

+ #                'file': [

+ #                    '/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-release',

+ #                ],

+ #                'target': '',

+ #            },

+ #        ],

+ #    }),

+ #]

+ # Image name respecting Fedora's image naming policy

+ image_name_format = 'Fedora-%(variant)s-%(disc_type)s-%(arch)s-%(version)s-%(date)s.%(respin)s.iso'

+ # # Use the same format for volume id

+ image_volid_formats = [

+      'Fedora-%(variant)s-%(disc_type)s-%(arch)s-%(version)s'

+      ]

+ # No special handling for layered products, use same format as for regular images

+ image_volid_layered_product_formats = []

+ # Replace 'Cloud' with 'C' in volume id etc.

+ volume_id_substitutions = {

+          'Atomic': 'AH',

+ 'AtomicWorkstation': 'AW',

+         'Rawhide': 'rawh',

+          'Images': 'img',

+     'MATE_Compiz': 'MATE',

+        'Security': 'Sec',

+  'Electronic_Lab': 'Elec',

+        'Robotics': 'Robo',

+  'Scientific_KDE': 'SciK',

+   'Astronomy_KDE': 'AstK',

+    'Design_suite': 'Dsgn',

+           'Games': 'Game',

+         'Jam_KDE': 'Jam',

+     'Workstation': 'WS',

+      'Everything': 'E',

+          'Server': 'S',

+           'Cloud': 'C',

+           'Alpha': 'A',

+            'Beta': 'B',

+              'TC': 'T',

+ }

+ disc_types = {

+     'boot': 'netinst',

+     'live': 'Live',

+ }

+ translate_paths = [

+    ('/mnt/koji/compose/', 'http://kojipkgs.fedoraproject.org/compose/'),

+ ]

+ 

+ # These will be inherited by live_media, live_images and image_build

+ global_ksurl = 'git+https://pagure.io/fedora-kickstarts.git?#origin/f27'

+ global_release = '!RELEASE_FROM_LABEL_DATE_TYPE_RESPIN'

+ global_version = '27'

+ # live_images ignores this in favor of live_target

+ global_target = 'f27'

+ ostree_installer = [

+     ("^AtomicWorkstation$", {

+         "x86_64": {

+             "repo": [ "Everything",

+                       "https://kojipkgs.fedoraproject.org/pub/fedora/linux/development/27/Everything/$arch/os/"],

+             "release": None,

+             "installpkgs": ["fedora-productimg-workstation"],

+             "rootfs_size": "8",

+             "add_template": ["ostree-based-installer/lorax-configure-repo.tmpl",

+                              "ostree-based-installer/lorax-embed-repo.tmpl"],

+             "add_template_var": [

+                 "ostree_install_repo=https://dl.fedoraproject.org/ostree/27/",

+                 "ostree_update_repo=https://dl.fedoraproject.org/ostree/27/",

+                 "ostree_osname=fedora-workstation",

+                 "ostree_install_ref=fedora/27/x86_64/workstation",

+                 "ostree_update_ref=fedora/27/x86_64/workstation",

+             ],

+             'template_repo': 'https://pagure.io/fedora-lorax-templates.git',

+             'template_branch': 'f27',

+         }

+     })

+ ]

+ koji_profile = 'compose_koji'

file modified
+5
@@ -8,6 +8,11 @@ 

              <arch>ppc64le</arch>

          </arches>

      </variant>

+     <variant id="AtomicWorkstation" name="AtomicWorkstation" type="variant" is_empty="true">

+         <arches>

+             <arch>x86_64</arch>

+         </arches>

+     </variant>

      <variant id="CloudImages" name="CloudImages" type="variant" is_empty="true">

          <arches>

              <arch>aarch64</arch>

This came up in the context of the libostree/HTTP2 issue:
https://pagure.io/atomic-wg/issue/405

However, we really want to be providing updated ISOs; we don't
want people to install desktops known to be chock full of CVEs.

Note that I know historically Fedora hasn't done this, but the fact that we're
building the installer from a stable tag makes this a lot easier to maintain
(we're just updating the cached OS content inside the installer).

(Not tested locally but hopefully someone can try this in stage or so?)

hmm - so I'm not 100% sure on this. I think if we deliver new ISOs we need to qualify them in some way more than what we are doing for atomic workstation now.

one thing I think would actually be better... is for us to offer an option inside the interactive anaconda install to install from repo (i.e. grab latest), which would essentially do the same thing as providing a new ISO

We can pretty easily hook things up in OpenQA right? I'm not really concerned about the risk here - the target audience is small and technically inclined. If we have the previous ISO to point at temporarily and in-place updates work, that's OK.

As far as updating inside the installer; yes, I agree that's a useful feature but it's not quite the same thing; among other issues you have to pay an increasingly large network cost as the delta between the ISO cache and tip grows. A lot of people actually put the ISOs on USB sticks intending to do offline installs.

I guess the other option here is to roll this into the existing Atomic Host configs. That has some benefits (FA{H,W} are built in the same run) and some downsides (we probably don't want people looking for AH to find this in the same dir, at least not initially).

I lean towards having a separate config myself; among other things as far as I'm concerned it doesn't even need to run every day (maybe every week by default, plus on-demand).

lets point ar the released location not development

rebased onto 6f4de73

6 years ago

lets point ar the released location not development

I just copied the existing atomic.conf one, but yep, fixed this one. I also fixed the disk size to be 8 and dropped WIP from the title.

There is some duplication here: we already have a 'variant' for this, called WorkstationOstree.

This should probably be compared/contrasted/reconciled with @dustymabe 's https://pagure.io/pungi-fedora/pull-request/498

There is some duplication here: we already have a 'variant' for this, called WorkstationOstree.
This should probably be compared/contrasted/reconciled with @dustymabe 's https://pagure.io/pungi-fedora/pull-request/498

yeah. i'm planning to revive that PR here soon.

It doesn't seem to me this needs to block on 498 but I have no opposition to doing that first either.

It doesn't seem to me this needs to block on 498 but I have no opposition to doing that first either.

I'm hoping the 2nd f29 run from today gives us good results. Then I'll carry forward with #498.

@walters the main thing I'd like to avoid is having two variants defined that are basically the same thing.

So, a couple of things. I think it would be best for this to rename the 'Workstation Ostree' variant to 'AtomicWorkstation', just as #498 did on master branch. Otherwise we have two variants that are basically the same thing.

Second, this commit doesn't add anything that actually runs the new compose. We'd need a new nightly script (like the ones for Atomic, Docker, Cloud). Or, I guess, if you only wanted to run the compose weekly, call it a 'weekly' script :)

I'd really, really like to have respins of the released ISO. What needs to happen for that?

Here are some questions/comments:

  • Do you just want respins (easy), or do you want them officially released (hard ENOTIME)?
  • Do you need it for f27 or can we concentrate on f28?
  • I'd really like to include these respin runs for FAH AND FAW in the bodhi runs; see releng issue and taiga card. I'd prefer to add FAW to the respins when we make that change.

I don't know what the difference between a "respin" and "official release" is exactly. Basically something like https://kojipkgs.fedoraproject.org/compose/twoweek/ ?

Yes, f27 since f28 is broken. Even after f28 is out, then we'll have the exact same problem with f28.

I don't know what the difference between a "respin" and "official release" is exactly.

a "respin" is just a daily run of pungi to create new media. an official release would involve taken the "respin" and signing a checksum of the artifacts, getting it on mirrors, website updated, etc. Basically we can't really promote it without doing that 2nd part, which I've identified as the part that actually requires work.

Basically something like https://kojipkgs.fedoraproject.org/compose/twoweek/ ?

That's easy, but see above where I identify the problem.

Yes, f27 since f28 is broken.

Hoping to get that fixed soon.

Even after f28 is out, then we'll have the exact same problem with f28.

Agree. One thing that is nice about starting with f28, though, is that we've already done the variant name change from WorkstationOstree to AtomicWorkstation there. I don't really want to go back to do that for f27.

an official release would involve taken the "respin" and signing a checksum of the artifacts, getting it on mirrors, website updated,

I think all I'd like is the signing of the checksums. The only website (AFAIK) that even talks about this is workstation-ostree-config which is just a git push to update the link to the current ISO.

So, where are we here? I think we are making isos now on every updates push, so this is solved? Or is there still something to do here?

Hi, this PR was opened for an old fedora-release that is EOL now. If it is still relevant could you please reopen it to the current release?

Pull-Request has been closed by humaton

3 years ago
Metadata