Fixes #27604 - added Fedora|Redhat CoreOS and IM

[lzap]

This patch adds two new OSes:

• Fedora CoreOS
• RedHat CoreOS

Fedora CoreOS uses quite lengthy version 32.20200907.3.0 which
unfortunately cannot be stored into major or minor version field which
is by default validated to be numeric. Thing is, after validation both
major and minor are converted to strings and stored in database as
strings. Operating system versions are never compared as numbers (they
are fetched back as strings), therefore those numric validations were
removed - there is no reason to enforce them to be numbers.

We are not doing a good job explaining to our users what exactly should
be entered into major, minor and release_name fields. As part of the
patch, three new *_help methods are added to the operating system
where a user-facing help string can be displayed for major, minor and
release_name fields with closer explanation.

Warning: This is not end-to-end FedoraCoreOS provisioning, but it's probably the first in the series to enable the workflow.

[theforeman-bot]

Issues: #27604

[houndci-bot]

Style/TrailingCommaInHashLiteral: Put a comma after the last item of a multiline hash.

[ezr-ondrej]

This is not resolved. We are enforcing comma here.

[Elyytscha]

Hi,

just wanted to let you know that i'm testing this patch actually

our ci builds actually our foreman container image in version 2.1.3 on top this pull request gets patched into the image (slighty modificated [commented some apipie stuff out because foreman 2.1.3 does not seem to support it so it breaks while it starts]

but i need still some time and on the weekend i mostly enjoy my weekend so mostly there i do no computer relevant stuff :)

best regards

[Elyytscha]

the deployment on our testsystem, was successfull

(maybe to mention our testsystem provisions vm's for our testing, ci and development zones so its basically also a prodsystem)

i did no heavy testing yet, but i can say our foreman and foremanproxy are using the same patched code

everything what worked before this patch is still operational, so i can still provision vm's the same way we did before

also the options for RHCOS // FHCOS are looking good for me, also the descriptions it does look like your screenshots

but when i try now to provision a rhcos vm witih this patch i get the following:

maybe i missed a file to patch? but i seached through my patched filed and the pullrequest and wasn't able to find this function

edit : the error as text:

Unable to render PXELinux template 'RHCOS PXE': undefined method `rhcos_attributes' for #<Foreman::Renderer::Scope::Provisioning:0x00007febc04bf060> Did you mean? coreos_attributes

edit2: this is the used pxe template:

DEFAULT pxeboot
TIMEOUT 20
PROMPT 0
LABEL pxeboot
    KERNEL <%= @kernel %>
    APPEND ip=dhcp rd.neednet=1 initrd=<%= @initrd %> coreos.autologin=yes coreos.first_boot=1 coreos.inst=yes coreos.inst.callhome_url=<%= foreman_url('provision')%> coreos.inst.install_dev=sda coreos.inst.image_url=http://foreman.domain.com:8089/pxeboot/rhcos/rhcos-4.5.6-x86_64-metal.x86_64.raw.gz coreos.inst.ignition_url=http://foreman.domain.com:8089/pxeboot/rhcos/<%= @host.params['role'] %>.ign

what i can confirm is that the initramfs and the kernel for rhcos was downloaded successfully with this to the tftp boot folder:

[ekohl]

For completeness, this came from https://community.theforeman.org/t/rhcos-fhcos-provisioned-for-openshift/20704. https://community.theforeman.org/t/rhcos-installation-with-foreman/18702 is another user who asked for this support.

[lzap]

I've fixed the rendering problem and tests. The diff is small:

diff --git a/lib/foreman/renderer/scope/variables/base.rb b/lib/foreman/renderer/scope/variables/base.rb
index 25e7ab9e9..c2342f975 100644
--- a/lib/foreman/renderer/scope/variables/base.rb
+++ b/lib/foreman/renderer/scope/variables/base.rb
@@ -36,7 +36,7 @@ module Foreman
             @template_url = params['url']
           end
 
-          %w(coreos aif memdisk ZTP).each do |name|
+          %w(coreos fcos rhcos aif memdisk ZTP).each do |name|
             define_method("#{name}_attributes") do
               @mediapath = mediumpath(@medium_provider) if medium
             end

That will fix it.

[Elyytscha]

i tested it with this change now i was able to create a rhcos vm in foreman but it was not able to find its kernel

[Elyytscha]

do i have to set the arch in a special way?

i was able to create a rhcos vm in foreman but it hangs at finding the kernel:

my OS does look like this:

or is it possible that the var here is not working correctly?

[lzap]

It's a bug! I am rebasing this PR to fix this, good catch. Here is the diff:

diff --git a/app/models/operatingsystems/fcos.rb b/app/models/operatingsystems/fcos.rb
index 1d894c54d..8286f1b34 100644
--- a/app/models/operatingsystems/fcos.rb
+++ b/app/models/operatingsystems/fcos.rb
@@ -13,6 +13,10 @@ class Fcos < Operatingsystem
     'fcos'
   end
 
+  def bootfile(medium_provider, type)
+    medium_provider.interpolate_vars(super).to_s
+  end
+
   def pxedir(medium_provider = nil)
     medium_provider.interpolate_vars('prod/streams/$release/builds/$major.$minor/$arch').to_s
   end
diff --git a/app/models/operatingsystems/rhcos.rb b/app/models/operatingsystems/rhcos.rb
index 7a2ceefaf..7fa7c7aab 100644
--- a/app/models/operatingsystems/rhcos.rb
+++ b/app/models/operatingsystems/rhcos.rb
@@ -13,6 +13,10 @@ class Rhcos < Operatingsystem
     'rhcos'
   end
 
+  def bootfile(medium_provider, type)
+    medium_provider.interpolate_vars(super).to_s
+  end
+
   def pxedir(medium_provider = nil)
     medium_provider.interpolate_vars('pub/openshift-v$major/$arch/dependencies/rhcos/$major.$minor/$major.$minor.$release').to_s
   end

Thanks for testing!

[Elyytscha]

i tested it for rhcos 4.5.6 and it is working now as far as i can see :)

I will test it for fcos too and then I report the result here in the comment as edit

[lzap]

Great, next up is adding the 3rd boot file for download (the image). But let's wait until this is merged.

[lzap]

@ezr-ondrej I see you assigned yourself, if you don't mind reviewing all three PRs I am planning in this regard. If @Elyytscha can help with testing that would be fantastic! The other one is #8059 and I am planning one more once these are merged. Also quite small.

[Elyytscha]

https://builds.coreos.fedoraproject.org
instead of

http://builds.coreos.fedoraproject.org

and also the fcos mirror will work:

• i noticed this:
  

the icon problem seems to be existent for rhcos/fcos the url it wants to get the icon from is:

/images/icons16x16/rhcos.png
/images/icons16x16/fcos.png

maybe could be changed to the normal rhel // fedora icons?

[Elyytscha]

should be also https

[Elyytscha]

should be also https

[Elyytscha]

should be https instead, with https i got it working, with http not

[Elyytscha]

broken with openshift 4.6.. because of a rename..

https://mirror.openshift.com/pub/openshift-v4/x86_64/dependencies/rhcos/4.6/4.6.1/rhcos-live-initramfs.x86_64.img

i think its good that it was not merged yet!

[lzap]

Fixed https, icons and also renamed installer to live for 4.6 release. Thanks for testing! @ezr-ondrej

[lzap]

Retriggering tests, 3 failed.

[Elyytscha]

for sure i can, its just not perfect and not usable for a general fcos/rhcos provisioning i think, but maybe it helps

<%#
name: RHCOS PXE
%>

DEFAULT pxeboot
TIMEOUT 20
PROMPT 0
LABEL pxeboot
    KERNEL <%= @kernel %>
    APPEND initrd=<%= @initrd %> ignition.platform.id=vmware coreos.inst.insecure=true console=tty0 console=ttyS0 coreos.live.rootfs_url=http://foreman.example.com/pxeboot/rhcos/rhcos-live-rootfs-<%= @host.params['version'] %>.x86_64.img <% @host.managed_interfaces.each do |interface| -%> <% next if !interface.managed? || interface.primary? -%> ip=<%= interface.ip %>::<%= interface.subnet.gateway %>:<%= interface.subnet.mask %>:<%= @host.name %>:ens224:none <% end -%> ip=<%= @host.ip %>::<%= @host.subnet.gateway %>:<%= @host.subnet.mask %>:<%= @host.name %>:ens192:none rd.neednet=1 nameserver=<%= @host.subnet.dns_primary %> nameserver=<%= @host.subnet.dns_secondary %> coreos.autologin=yes coreos.first_boot=1 coreos.inst=yes coreos.inst.callhome_url=<%= foreman_url('provision')%> coreos.inst.install_dev=sda coreos.inst.image_url=http://foreman.example.com/pxeboot/rhcos/rhcos-<%= @host.params['version'] %>-x86_64-metal.x86_64.raw.gz coreos.inst.ignition_url=http://foreman.example.com/pxeboot/rhcos/<%= @host.params['clustername'] %>/<%= @host.params['role'] %>.ign

ignition.platform.id=vmware
dont know how to generalize this.. maybe platform (bare)metal/none for everything?

coreos.live.rootfs_url=http://foreman.example.com/pxeboot/rhcos/rhcos-live-rootfs-<%= @host.params['version'] %>.x86_64.img
this supplies the rhcos live rootfs (which was downloaded in a first step by our openshift4 ansible deployment into the foreman http server, so a vm/baremetal host can access it from there. Also our ansible creates the VM's on foreman via hammer cli, due to this our ansible knows that it has to set the host parameter 'version' to something like 4.6.8, so the vm knows which rhcos/openshift version it should pick up

<% @host.managed_interfaces.each do |interface| -%> <% next if !interface.managed? || interface.primary? -%> ip=<%= interface.ip %>::<%= interface.subnet.gateway %>:<%= interface.subnet.mask %>:<%= @host.name %>:ens224:none <% end -%> ip=<%= @host.ip %>::<%= @host.subnet.gateway %>:<%= @host.subnet.mask %>:<%= @host.name %>:ens192:none
this does our two network interfaces, one for the normal network, the second for the storage network, (a possible pitfall is, the network without the default gateway (storage net) has to be the first in the list, why this, i forgot, but i could look through our redhat tickets if someone wants to know why. The Interface identifiers are hardcoded, could come also from foreman, but we don't set those.

coreos.inst.callhome_url=<%= foreman_url('provision')%>
actually this is without functionality, a relation could be found over here: coreos/coreos-installer#21

coreos.inst.install_dev=sda
again a possible pitfall, I searched ~2 hours to find out that our baremetal server had no sda, they started with sdb, but our vm's are all starting with sda

coreos.inst.image_url=http://foreman.example.com/pxeboot/rhcos/rhcos-<%= @host.params['version'] %>-x86_64-metal.x86_64.raw.gz
same like the rootfs, just for the metal image

coreos.inst.ignition_url=http://foreman.example.com/pxeboot/rhcos/<%= @host.params['clustername'] %>/<%= @host.params['role'] %>.ign
yeah, finally our ansible also created an openshift install via the openshift installer and uploaded boostrap/master/worker.ign into the foreman http server. When our ansible then creates the vm's it sets a host param role=boostrap/master/worker, so the vm knows which cluster component it is, to dont get mixed up with our different clusters, we also have the host param clustername, so the *.ign files can reside in a dir named same like the openshift cluster

ah, and i forgot, the last ugly thing is our openshift ansible has to cancel the foreman host build after the pxe boot happend, because i never found out how to do a working provisioning callback to foreman after the openshift host was installed

why we did it this way: when you want to install openshift via the general UPI method, you will notice that you need a tftp, http server, foreman had all this already up and working so we just used foremans infrastructure for this and integrated the hosts as much as possible into our foreman

i hope this makes sense somehow and i hope it will help a little bit

[lzap]

I amended test fixes both for core and katello.

@Elyytscha can you take your last comment and convert it into a PR? We will appreciate the contribution, let's discuss the details there. Parametrization is wanted, but you do not need to parametrize everything - just enough so others can use it too.

[ezr-ondrej]

Parametrization is wanted, but you do not need to parametrize everything

I believe we would need to download the rootfs ourselves with the pxe files and change the initrd to include it, instead host params for the version, but apart of that I think it would be nice contribution already.

[ezr-ondrej]

[test katello]

[ezr-ondrej]

[test katello] not sure what's wrong with katello

[lzap]

Aaron Patterson released new version of Psych YAML parser 4.0 which is a major change - by default it safe-loads all YAML. It's good for all of us: ruby/psych#487 anyway Katello codebase has an open ended depednency and that's why it fails:

Psych::DisallowedClass: Tried to load unspecified class: Symbol
/usr/local/rvm/gems/ruby-2.5.1@test_develop_pr_katello-1/gems/psych-4.0.0/lib/psych/class_loader.rb:99:in `find'
/usr/local/rvm/gems/ruby-2.5.1@test_develop_pr_katello-1/gems/psych-4.0.0/lib/psych/class_loader.rb:28:in `load'
(eval):2:in `symbol'
/usr/local/rvm/gems/ruby-2.5.1@test_develop_pr_katello-1/gems/psych-4.0.0/lib/psych/class_loader.rb:32:in `symbolize'
/usr/local/rvm/gems/ruby-2.5.1@test_develop_pr_katello-1/gems/psych-4.0.0/lib/psych/class_loader.rb:84:in `symbolize'
/usr/local/rvm/gems/ruby-2.5.1@test_develop_pr_katello-1/gems/psych-4.0.0/lib/psych/scalar_scanner.rb:74:in `tokenize'
/usr/local/rvm/gems/ruby-2.5.1@test_develop_pr_katello-1/gems/psych-4.0.0/lib/psych/visitors/to_ruby.rb:65:in `deserialize'
/usr/local/rvm/gems/ruby-2.5.1@test_develop_pr_katello-1/gems/psych-4.0.0/lib/psych/visitors/to_ruby.rb:128:in `visit_Psych_Nodes_Scalar'
/usr/local/rvm/gems/ruby-2.5.1@test_develop_pr_katello-1/gems/psych-4.0.0/lib/psych/visitors/visitor.rb:30:in `visit'

I am writing a PSA to the community and I will file a PR for Katello team to unblock the CI: https://community.theforeman.org/t/psa-rubygem-psych-4-0-is-out-and-its-a-breaking-change/23604

[lzap]

Here is a patch for Katello plugin: Katello/katello#9365

[lzap]

Okay solved the problem with psych 4.0 YAML parser in Katello, rebasing.

[ezr-ondrej]

It still doesn't work... different reason now though.

[ezr-ondrej]

[test katello]

[ezr-ondrej]

[test katello] it is still pulling in psych 4.0 :(

[lzap]

[test katello] one more time

to a random reader: if you are reading this and considering getting into software engineering for having fun, lemme tell you: ITS NOT FUN!

[ezr-ondrej]

[test katello]

[ezr-ondrej]

[test katello]

[ezr-ondrej]

Nice addition! Thanks @lzap ! 👍
I'd love to see follow-ups so we can provision CoreOSes, so I hope you won't follow on your own advice and become carpenter xD

[lzap]

Thanks, @Elyytscha can you submit template changes? What else is left to get this working then? I would love to demo this if we got it working.

[Elyytscha]

@lzap i think whats needed now is:

1. decision how to download the rootfs (coreos.live.rootfs_url=http://foreman.example.com/pxeboot/rhcos/rhcos-live-rootfs-<%= @host.params['version'] %>.x86_64.img) and the metal image into foremans http server (coreos.inst.image_url=http://foreman.example.com/pxeboot/rhcos/rhcos-<%= @host.params['version'] %>-x86_64-metal.x86_64.raw.gz) and code for this
2. method for provisioning callback, so foreman knows when a node has successfully installed (for now a manual build cancel is needed after the host pxe booted successfully
3. generic pxe template for rhcos (i will try to create a pullrequest, but im really lacking free time at the moment, i bought a house which im renovating in my freetime and i have to work 40 hours every week)
4. maybe a new foreman template group (e.g openshift install template) which takes an openshift install.yaml as input and is able to run this https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.7.13/openshift-install-linux.tar.gz binary to produce openshift install files (master,bootstrap,worker.ign) which are then put into the foreman http server
   a positive side effect of this would be we would not need those uncool hostvariables which i used in the pxe template like openshift version and cluster name. the only complicated thing would be to detect/define somehow which host will be a master/worker/boostrap node
5. all the same for fedora coreos and openshift origin (its basically exact the same, just fedora instead of redhat coreos and other openshift install binarys)

with this 4 points, foreman would be able to install openshift container platform and openshift origin completly native

i wrote you an email so you can reach me faster for details if you need help or if i need help with the pullrequest for the pxe template.

[lzap]

Thanks for the writeup. I am currently busy with other things so this is not on my short-term agenda, feel free to file PRs. I did not receive any email tho, its lzap_at_redhat_com if you meant me. I am here to help with reviews.

[sasskinn12]

Hi guys, trying implement something similar as @Elyytscha. Could you suggest or reccomend how to do "step 2" after FCOS successful install. I would like to have it dynamically, not manual cancel.
Eg.

2. method for provisioning callback, so foreman knows when a node has successfully installed (for now a manual build cancel is needed after the host pxe booted successfully.

Thanks in advice. :)