uploading local chicken scratch

README.md

@@ -0,0 +1 @@
+These are my quick & dirty demos for bootc on rhel. Sorry it's a mess!

bootvm.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+#
+sudo virsh destroy bootc
+sudo virsh undefine bootc --remove-all-storage --keep-nvram
+
+sudo qemu-img create -f qcow2 /var/home/bbreard/data/images/bootc.qcow2 20G
+sudo virt-install \
+  --name bootc \
+  --memory 4096 \
+  --vcpus 4 \
+  --disk=path=/var/home/bbreard/data/images/bootc.qcow2 \
+  --location https://dl.fedoraproject.org/pub/fedora/linux/releases/38/Everything/x86_64/os/ \
+  --os-variant rhel9.0 \
+  --boot loader=/usr/share/edk2/ovmf/OVMF_CODE.fd,loader.readonly=yes,loader.secure=no,loader.type=pflash,nvram=/var/lib/libvirt/qemu/nvram/bootc.fd \
+  --initrd-inject /var/home/bbreard/src/rhel9-bootc/example.ks \
+  --extra-args="inst.profile=rhel inst.ks=file:/example.ks" 
+  #--extra-args="inst.profile=rhel inst.ks=file:/example.ks console=tty0 console=ttyS0,115200n8" 
+#  --boot uefi,loader.secure=false \
+
+#exec virt-install --connect qemu:///system --name sagano-demo --memory 2048 --vcpus 4 --disk size=40 \
+#          --os-variant rhel9.0 --location https://dl.fedoraproject.org/pub/fedora/linux/releases/38/Everything/x86_64/os/ \
+#          --noautoconsole --initrd-inject $(pwd)/basic.ks --extra-args="inst.ks=file:/basic.ks console=ttyS0"
+
+#sudo virt-install \
+#  --name=bootc \
+#  --ram=4096 \
+#  --vcpus=2 \
+#  --os-variant=rhel9.2 \
+#  --graphics=vnc \
+#  --pxe \
+#  --disk=path=/var/home/bbreard/data/images/node0.qcow2 \
+#  --check path_in_use=off \
+#  --network=network=default,model=virtio,mac=52:54:00:9e:5d:d4 \
+#  --boot loader=/usr/share/OVMF/OVMF_CODE.secboot.fd,loader.readonly=yes,loader.type=pflash,nvram.template=/usr/share/OVMF/OVMF_VARS.secboot.fd,loader_secure=yes \
+#  --features smm.state=on

example.ks

@@ -0,0 +1,37 @@
+text
+
+# Basic partitioning
+clearpart --all --initlabel --disklabel=gpt
+part prepboot  --size=4    --fstype=prepboot
+part biosboot  --size=1    --fstype=biosboot
+part /boot/efi --size=100  --fstype=efi
+part /boot     --size=1000  --fstype=ext4 --label=boot
+part / --grow --fstype xfs
+
+#ostreecontainer --url quay.io/centos-boot/fedora-tier-1:eln	--no-signature-verification
+#ostreecontainer --url quay.io/centos-boot/centos-tier-1-dev:stream9	--no-signature-verification
+ostreecontainer --url quay.io/mrguitar/rhel-94-wp-bootc:latest	--no-signature-verification
+#ostreecontainer --url quay.io/centos-boot/fedora-tier-1:eln	--no-signature-verification
+
+firewall --disabled
+services --enabled=sshd
+user --name=core --groups=wheel --iscrypted --password=$6$3OrUXJfD.64WiZl2$4/oBFyFgIyPI6LdLCbE.h99YBrFa..pC3x3WlHNH8mUf4ssZmhlhy17CHc0n3kAvHvWecpqunVOd/4kOGB7Ms.
+# Only inject a SSH key for root
+rootpw --iscrypted locked
+# Add your example SSH key here!
+#sshkey --username root "ssh-ed25519 <key> [email protected]"
+sshkey --username core "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6M7NmgtRZkn08Dkyu8xMP0mYDSzmN1qeMoWp43Sv8fmASjLUj8XE+cC3hyvUmzqJwEv0OPWqq9a8nYdye1wMBk0xRTE9lVlAUF4FZwHw1yBXYMb6h/oTQ69eF2YxnVsrk6W6ggMfxHnLa6LHCHzPQrp9SyhVg/jQAdnF+qoQdS2ZynRWY/fnQg05obMff0+gQwolbrTUF3a9JDbwUkrFXwSGVvC2kMEgAhcd9Ii1iPw186A8XUXQS1bDXo+QjdCk4Gtm0CwMCkVdhJImNqXV6/Es3znXFEUaw1VPWx9Vhx3Q/BM3wmDEXQiXHppJ4zT+BzKXuCH+LB3bbXrR+oqAmvSdG4uu7vcMdy/9bEtOd90uv9xs51CLFEzMPTN6zz8V/7nZLvrRWjL5k1F3cSxKvCirdb26uSDLSHqu7qCKXVdn0LShgHA0FSzifyA14w5WR9/GG09DQYiVPaYUwNPk2u9tYPPJsgbJFMyCbttoTcshKkgEXIZesxIZwL5UgYS8= bbreard@comacho"
+sshkey --username root "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6M7NmgtRZkn08Dkyu8xMP0mYDSzmN1qeMoWp43Sv8fmASjLUj8XE+cC3hyvUmzqJwEv0OPWqq9a8nYdye1wMBk0xRTE9lVlAUF4FZwHw1yBXYMb6h/oTQ69eF2YxnVsrk6W6ggMfxHnLa6LHCHzPQrp9SyhVg/jQAdnF+qoQdS2ZynRWY/fnQg05obMff0+gQwolbrTUF3a9JDbwUkrFXwSGVvC2kMEgAhcd9Ii1iPw186A8XUXQS1bDXo+QjdCk4Gtm0CwMCkVdhJImNqXV6/Es3znXFEUaw1VPWx9Vhx3Q/BM3wmDEXQiXHppJ4zT+BzKXuCH+LB3bbXrR+oqAmvSdG4uu7vcMdy/9bEtOd90uv9xs51CLFEzMPTN6zz8V/7nZLvrRWjL5k1F3cSxKvCirdb26uSDLSHqu7qCKXVdn0LShgHA0FSzifyA14w5WR9/GG09DQYiVPaYUwNPk2u9tYPPJsgbJFMyCbttoTcshKkgEXIZesxIZwL5UgYS8= bbreard@comacho"
+
+reboot
+
+# Workarounds until https://github.com/rhinstaller/anaconda/pull/5298/ lands
+bootloader --location=none --disabled
+%post --erroronfail
+set -euo pipefail
+# Work around anaconda wanting a root password
+passwd -l root
+rootdevice=$(findmnt -nv -o SOURCE /)
+device=$(lsblk -n -o PKNAME ${rootdevice})
+/usr/bin/bootupctl backend install --auto --with-static-configs --device /dev/${device} /
+%end

nvidia/c9s.repo

@@ -0,0 +1,35 @@
+[baseos]
+name=CentOS Stream 9 - BaseOS
+#baseurl=https://download.eng.rdu.redhat.com/rhel-9/nightly/RHEL-9/latest-RHEL-9/compose/BaseOS/x86_64/os/
+#baseurl=https://download.eng.rdu.redhat.com/rhel-9/rel-eng/RHEL-9/RHEL-9.3.0-20231025.65/compose/BaseOS/x86_64/os/
+baseurl=http://mirror.stream.centos.org/9-stream/BaseOS/$basearch/os
+gpgcheck=0
+repo_gpgcheck=0
+enabled=1
+gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
+
+[appstream]
+name=CentOS Stream 9 - AppStream
+#baseurl=https://download.eng.rdu.redhat.com/rhel-9/rel-eng/RHEL-9/RHEL-9.3.0-20231025.65/compose/AppStream/x86_64/os/
+#baseurl=https://download.eng.rdu.redhat.com/rhel-9/nightly/RHEL-9/latest-RHEL-9/compose/AppStream/x86_64/os/
+baseurl=http://mirror.stream.centos.org/9-stream/AppStream/$basearch/os
+gpgcheck=1
+repo_gpgcheck=0
+enabled=1
+gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
+
+[nfv]
+name=CentOS Stream 9 - NFV
+baseurl=http://mirror.stream.centos.org/9-stream/NFV/$basearch/os
+gpgcheck=1
+repo_gpgcheck=0
+enabled=1
+gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
+
+[rt]
+name=CentOS Stream 9 - RT
+baseurl=http://mirror.stream.centos.org/9-stream/RT/$basearch/os
+gpgcheck=1
+repo_gpgcheck=0
+enabled=1
+gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official

nvidia/cuda-containerfile

@@ -0,0 +1,19 @@
+#FROM ubi9/ubi-init
+#FROM quay.io/mrguitar/rhel-94-soe-bootc
+FROM localhost/rhel-93-bootc
+#FROM quay.io/centos-boot/centos-tier-1-dev:stream9
+
+
+#rpm-ostree workaround
+RUN rm /usr/local && mkdir /usr/local
+
+
+ADD cuda-rhel9.repo /etc/yum.repos.d/cuda-rhel9.repo
+ADD rhel9.repo /etc/yum.repos.d/rhel9.repo
+
+#add nvidia drivers (requires either a released rhel kernel in the base image or dkms) and cuda toolkit
+RUN dnf install -y nvidia-driver nvidia-gds cuda-toolkit && rm /var/log/*.log /var/lib/dnf -rf 
+
+#rpm-ostree workaround
+#RUN rm -rf var/lib/xkb/README.compiled
+RUN ostree container commit

nvidia/cuda-rhel9.repo

@@ -0,0 +1,12 @@
+[cuda-rhel9-x86_64]
+name=cuda-rhel9-x86_64
+baseurl=https://developer.download.nvidia.com/compute/cuda/repos/rhel9/x86_64
+enabled=1
+gpgcheck=1
+gpgkey=https://developer.download.nvidia.com/compute/cuda/repos/rhel9/x86_64/D42D0685.pub
+
+[epel]
+name=epel 9
+baseurl=https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/
+enabled=1
+gpgcheck=0

nvidia/nv-containerfile

@@ -0,0 +1,33 @@
+#FROM ubi9/ubi-init
+#FROM quay.io/mrguitar/rhel-94-soe-bootc
+#FROM localhost/rhel-93-bootc
+FROM quay.io/centos-boot/centos-tier-1-dev:stream9
+
+
+#Likely won't need in the future
+#RUN rm /usr/local && mkdir /usr/local
+#Add nvidia repos and 93 repos to pull the matching kernel & kmods
+ADD cuda-rhel9.repo /etc/yum.repos.d/cuda-rhel9.repo
+ADD rhel93.repo /etc/yum.repos.d/rhel9.repo
+
+#commenting this as the release automation at NV doesn't support CS9
+#ADD c9s.repo /etc/yum.repos.d/c9s.repo
+
+
+#download kernel rpms and add dnf plugins to do so
+RUN rm -f /etc/yum.repos.d/centos.repo && dnf -y install dnf-plugins-core && dnf -y download kernel-modules-core-5.14.0-362.8.1.el9_3.x86_64 kernel-core-5.14.0-362.8.1.el9_3.x86_64 kernel-modules-5.14.0-362.8.1.el9_3.x86_64 kernel-5.14.0-362.8.1.el9_3.x86_64 && ls *.rpm
+
+#swap the kernel
+RUN rpm-ostree override replace kernel{,-core,-modules-core,-modules}-5.14.0-362.8.1.el9_3.x86_64.rpm
+
+#installing the nvidia rpms gives an error around modularity and not finding the appropriate kmods. I'm guessing maybe the override/replace requires an intermediate container build for the new kernel to be "seen"
+
+#failed attempt to stop from doing an intermediate container build/commit. :)
+#RUN dnf -y install kernel-modules-core-5.14.0-362.8.1.el9_3.x86_64 kernel-core-5.14.0-362.8.1.el9_3.x86_64 kernel-modules-5.14.0-362.8.1.el9_3.x86_64 kernel-5.14.0-362.8.1.el9_3.x86_64
+#RUN dnf install -y nvidia-driver-545.23.08-1.el9.x86_64 && rm /var/log/*.log /var/lib/dnf -rf 
+RUN dnf install -y nvidia-driver && rm /var/log/*.log /var/lib/dnf -rf 
+
+
+#another workaround that likely isn't needed.
+#RUN rm -rf var/lib/xkb/README.compiled
+RUN ostree container commit

nvidia/rhel93.repo

@@ -0,0 +1,14 @@
+[rhel-9-baseos-rpms]
+name = Red Hat Enterprise Linux 9 - BaseOS
+#baseurl = http://download.devel.redhat.com/rhel-9/nightly/RHEL-9/latest-RHEL-9/compose/BaseOS/x86_64/os/ 
+baseurl = http://download.eng.rdu.redhat.com/rhel-9/rel-eng/RHEL-9/RHEL-9.3.0-20231025.65/compose/BaseOS/x86_64/os/
+enabled = 1
+gpgcheck = 0
+
+[rhel-9-appstream-rpms]
+name = Red Hat Enterprise Linux 9 Application Stream
+#baseurl = http://download.devel.redhat.com/rhel-9/nightly/RHEL-9/latest-RHEL-9/compose/AppStream/x86_64/os/ 
+baseurl = http://download.eng.rdu.redhat.com/rhel-9/rel-eng/RHEL-9/RHEL-9.3.0-20231025.65/compose/AppStream/x86_64/os/
+enabled = 1
+gpgcheck = 0
+

oscap/oscap-containerfile

@@ -0,0 +1,13 @@
+#FROM ubi9/ubi-init
+#FROM quay.io/mrguitar/rhel-94-soe-bootc
+FROM quay.io/centos-boot/centos-tier-1-dev:stream9
+
+#ADD rhel9.repo /etc/yum.repos.d/rhel9.repo
+RUN dnf install -y httpd mariadb mariadb-server php-fpm php-mysqlnd vim-enhanced && rm /var/log/*.log /var/lib/dnf -rf 
+ADD lamp.local-2023-03-09-0123.sql /etc
+ADD wp.tgz /etc/www
+ADD wp-setup.service dir-setup.service /etc/systemd/system/
+ADD --chmod=755 wp-setup.sh dir-setup.sh /etc
+RUN systemctl enable httpd mariadb wp-setup php-fpm dir-setup
+#CMD /usr/sbin/init
+RUN ostree container commit

repos/c9s.repo

@@ -0,0 +1,35 @@
+[baseos]
+name=CentOS Stream 9 - BaseOS
+#baseurl=https://download.eng.rdu.redhat.com/rhel-9/nightly/RHEL-9/latest-RHEL-9/compose/BaseOS/x86_64/os/
+#baseurl=https://download.eng.rdu.redhat.com/rhel-9/rel-eng/RHEL-9/RHEL-9.3.0-20231025.65/compose/BaseOS/x86_64/os/
+baseurl=http://mirror.stream.centos.org/9-stream/BaseOS/$basearch/os
+gpgcheck=0
+repo_gpgcheck=0
+enabled=1
+gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
+
+[appstream]
+name=CentOS Stream 9 - AppStream
+#baseurl=https://download.eng.rdu.redhat.com/rhel-9/rel-eng/RHEL-9/RHEL-9.3.0-20231025.65/compose/AppStream/x86_64/os/
+#baseurl=https://download.eng.rdu.redhat.com/rhel-9/nightly/RHEL-9/latest-RHEL-9/compose/AppStream/x86_64/os/
+baseurl=http://mirror.stream.centos.org/9-stream/AppStream/$basearch/os
+gpgcheck=1
+repo_gpgcheck=0
+enabled=1
+gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
+
+[nfv]
+name=CentOS Stream 9 - NFV
+baseurl=http://mirror.stream.centos.org/9-stream/NFV/$basearch/os
+gpgcheck=1
+repo_gpgcheck=0
+enabled=1
+gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official
+
+[rt]
+name=CentOS Stream 9 - RT
+baseurl=http://mirror.stream.centos.org/9-stream/RT/$basearch/os
+gpgcheck=1
+repo_gpgcheck=0
+enabled=1
+gpgkey=file:///usr/share/distribution-gpg-keys/centos/RPM-GPG-KEY-CentOS-Official

repos/rhel9.repo

@@ -0,0 +1,12 @@
+[rhel-9-baseos-rpms]
+name = Red Hat Enterprise Linux 9 - BaseOS
+baseurl = http://download.devel.redhat.com/rhel-9/nightly/RHEL-9/latest-RHEL-9/compose/BaseOS/x86_64/os/ 
+enabled = 1
+gpgcheck = 0
+
+[rhel-9-appstream-rpms]
+name = Red Hat Enterprise Linux 9 Application Stream
+baseurl = http://download.devel.redhat.com/rhel-9/nightly/RHEL-9/latest-RHEL-9/compose/AppStream/x86_64/os/ 
+enabled = 1
+gpgcheck = 0
+

wordpress/containerfile

@@ -0,0 +1,13 @@
+#FROM ubi9/ubi-init
+#FROM quay.io/mrguitar/rhel-94-soe-bootc
+FROM quay.io/centos-boot/centos-tier-1-dev:stream9
+
+#ADD rhel9.repo /etc/yum.repos.d/rhel9.repo
+RUN dnf install -y httpd mariadb mariadb-server php-fpm php-mysqlnd vim-enhanced && rm /var/log/*.log /var/lib/dnf -rf 
+ADD lamp.local-2023-03-09-0123.sql /etc
+ADD wp.tgz /etc/www
+ADD wp-setup.service dir-setup.service /etc/systemd/system/
+ADD --chmod=755 wp-setup.sh dir-setup.sh /etc
+RUN systemctl enable httpd mariadb wp-setup php-fpm dir-setup
+#CMD /usr/sbin/init
+RUN ostree container commit

wordpress/dir-setup.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=populate /var contents
+ConditionPathExists=!/var/www/html
+Before=mariadb
+
+[Service]
+#I know, I know ....just need to get back to the family
+ExecStartPre=
+ExecStart=/etc/dir-setup.sh
+
+[Install]
+WantedBy=multi-user.target
+

wordpress/dir-setup.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+mkdir -p /var/www/html /var/log/httpd/ /var/log/mariadb /var/lib/mysql /var/log/php-fpm/
+chown -R mysql.mysql /var/lib/mysql
+#setenforce 0
+

wordpress/example.ks

@@ -0,0 +1,37 @@
+text
+
+# Basic partitioning
+clearpart --all --initlabel --disklabel=gpt
+part prepboot  --size=4    --fstype=prepboot
+part biosboot  --size=1    --fstype=biosboot
+part /boot/efi --size=100  --fstype=efi
+part /boot     --size=1000  --fstype=ext4 --label=boot
+part / --grow --fstype xfs
+
+#ostreecontainer --url quay.io/centos-boot/fedora-tier-1:eln	--no-signature-verification
+#ostreecontainer --url quay.io/centos-boot/centos-tier-1-dev:stream9	--no-signature-verification
+ostreecontainer --url quay.io/mrguitar/rhel-94-wp-bootc:latest	--no-signature-verification
+#ostreecontainer --url quay.io/centos-boot/fedora-tier-1:eln	--no-signature-verification
+
+firewall --disabled
+services --enabled=sshd
+user --name=core --groups=wheel --iscrypted --password=$6$3OrUXJfD.64WiZl2$4/oBFyFgIyPI6LdLCbE.h99YBrFa..pC3x3WlHNH8mUf4ssZmhlhy17CHc0n3kAvHvWecpqunVOd/4kOGB7Ms.
+# Only inject a SSH key for root
+rootpw --iscrypted locked
+# Add your example SSH key here!
+#sshkey --username root "ssh-ed25519 <key> [email protected]"
+sshkey --username core "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6M7NmgtRZkn08Dkyu8xMP0mYDSzmN1qeMoWp43Sv8fmASjLUj8XE+cC3hyvUmzqJwEv0OPWqq9a8nYdye1wMBk0xRTE9lVlAUF4FZwHw1yBXYMb6h/oTQ69eF2YxnVsrk6W6ggMfxHnLa6LHCHzPQrp9SyhVg/jQAdnF+qoQdS2ZynRWY/fnQg05obMff0+gQwolbrTUF3a9JDbwUkrFXwSGVvC2kMEgAhcd9Ii1iPw186A8XUXQS1bDXo+QjdCk4Gtm0CwMCkVdhJImNqXV6/Es3znXFEUaw1VPWx9Vhx3Q/BM3wmDEXQiXHppJ4zT+BzKXuCH+LB3bbXrR+oqAmvSdG4uu7vcMdy/9bEtOd90uv9xs51CLFEzMPTN6zz8V/7nZLvrRWjL5k1F3cSxKvCirdb26uSDLSHqu7qCKXVdn0LShgHA0FSzifyA14w5WR9/GG09DQYiVPaYUwNPk2u9tYPPJsgbJFMyCbttoTcshKkgEXIZesxIZwL5UgYS8= bbreard@comacho"
+sshkey --username root "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6M7NmgtRZkn08Dkyu8xMP0mYDSzmN1qeMoWp43Sv8fmASjLUj8XE+cC3hyvUmzqJwEv0OPWqq9a8nYdye1wMBk0xRTE9lVlAUF4FZwHw1yBXYMb6h/oTQ69eF2YxnVsrk6W6ggMfxHnLa6LHCHzPQrp9SyhVg/jQAdnF+qoQdS2ZynRWY/fnQg05obMff0+gQwolbrTUF3a9JDbwUkrFXwSGVvC2kMEgAhcd9Ii1iPw186A8XUXQS1bDXo+QjdCk4Gtm0CwMCkVdhJImNqXV6/Es3znXFEUaw1VPWx9Vhx3Q/BM3wmDEXQiXHppJ4zT+BzKXuCH+LB3bbXrR+oqAmvSdG4uu7vcMdy/9bEtOd90uv9xs51CLFEzMPTN6zz8V/7nZLvrRWjL5k1F3cSxKvCirdb26uSDLSHqu7qCKXVdn0LShgHA0FSzifyA14w5WR9/GG09DQYiVPaYUwNPk2u9tYPPJsgbJFMyCbttoTcshKkgEXIZesxIZwL5UgYS8= bbreard@comacho"
+
+reboot
+
+# Workarounds until https://github.com/rhinstaller/anaconda/pull/5298/ lands
+bootloader --location=none --disabled
+%post --erroronfail
+set -euo pipefail
+# Work around anaconda wanting a root password
+passwd -l root
+rootdevice=$(findmnt -nv -o SOURCE /)
+device=$(lsblk -n -o PKNAME ${rootdevice})
+/usr/bin/bootupctl backend install --auto --with-static-configs --device /dev/${device} /
+%end