Bootstrap without docker v2

barney.yaml

@@ -5,43 +5,42 @@ generators:
 
 images:
 
-  internal/alma-9.1-bootstrap:
+  internal/bootstrap/iso-extraction-floor:
+    entry:
+      mutables:
+        - /var/work
     units:
-      - image: barney.ci/docker%image/quay.io/almalinuxorg/9-minimal//9.4-20240506
-      - sources: []
-        build: |
-          mkdir -p /dest/etc
-          touch /dest/etc/resolv.conf
-    finalizers:
-      - |
-          export DNF_HOST="https://artifactory.infra.corp.arista.io/artifactory"
-          export DNF_ARCH="$(arch)"
-          export DNF_DISTRO_REPO="alma-vault/9.1"
-          export DNF_EPEL9_REPO_VERSION="v20240127-1"
-          export DNF_EPEL9_REPO="eext-snapshots-local/epel9/${DNF_EPEL9_REPO_VERSION}/9/Everything"
-          echo '#!/bin/sh
-          microdnf --assumeyes --installroot=/dest --noplugins --config=/etc/dnf/dnf.conf \
-                   --setopt=cachedir=/var/cache/microdnf --setopt=reposdir=/etc/yum.repos.d \
-                   --setopt=varsdir=/etc/dnf --releasever=9.1 install "$@"
-          ' > /usr/bin/install-rpms
-          chmod 755 /usr/bin/install-rpms
-          rm -rf /etc/yum.repos.d
-          mkdir -p /etc/yum.repos.d
-          echo "[epel9-subset]
-          baseurl=${DNF_HOST}/${DNF_EPEL9_REPO}/${DNF_ARCH}/
-          enabled=1
-          gpgcheck=0
-          " > /etc/yum.repos.d/eext-externaldeps.repo
-          echo "[BaseOS]
-          baseurl=${DNF_HOST}/${DNF_DISTRO_REPO}/BaseOS/${DNF_ARCH}/os/
-          enabled=1
-          " > /etc/yum.repos.d/BaseOS.repo
-          echo "[AppStream]
-          baseurl=${DNF_HOST}/${DNF_DISTRO_REPO}/AppStream/${DNF_ARCH}/os/
-          exclude=podman
-          enabled=1
-          " > /etc/yum.repos.d/AppStream.repo
+      - image: barney.ci/alpine%pkg/alpine-base
+      - image: barney.ci/alpine%pkg/gettext
+      - image: barney.ci/alpine%pkg/wget
+      - image: barney.ci/alpine%network
+      - image: barney.ci/alpine%apk-finalizers
+      - build: |
+          mkdir -p /dest/var/work
+
+  internal/bootstrap/src-deps:
+    no-create-mountpoints: true
+    units:
+      - build: |
+          cp -a bootstrap/* /dest/
+          cp -a pki/rpmkeys/alma9-b86b3716-gpg-pubkey.pem /dest/
+          cp -a pki/rpmkeys/epel9-3228467c-gpg-pubkey.pem /dest/
+          rm -f /dest/README*
+
+  internal/bootstrap:
+    description: |
+      Minimal bootstrapping environment used to bootstrap almalinux.
+
+      This needs to be based off of an rpm-based distro,
+      we're using CentOS-stream as a suitable tarball and CHECKSUM file
+      is readily available on the mirror. This is seldom changed and
+      any change here will update all eext snapshots.
 
+      We wipe out the dnf/yum repo configuration in the tarball,
+      and setup our own curated set of frozen almalinux repos.
+
+      We also include an install-rpms script which is used to bootstrap
+      the almalinux image.
     entry:
       share-net: true
       mounts:
@@ -51,10 +50,64 @@ images:
       mutables:
         - /var/cache
         - /var/lib/dnf
+    units:
+      - floor: .%internal/bootstrap/iso-extraction-floor
+        entry:
+          env:
+            DNF_HOST: ${eext-dnf-host.url:-https://artifactory.infra.corp.arista.io/artifactory}
+            BOOTSTRAP_PATH: eext-sources/bootstrap/CentOS-Stream
+            BOOTSTRAP_FILE: CentOS-Stream-Container-Base-9-20240715.0
+            BOOTSTRAP_EXTENSION: tar.xz
+            DNF_DISTRO_REPO: alma-vault
+            DNF_DISTRO_REPO_VERSION: "9.3"
+            DNF_EPEL_REPO: eext-snapshots-local/epel9
+            DNF_EPEL_REPO_SNAPSHOT_VERSION: v20240127-1
+            DNF_EPEL_REPO_DISTRO_VERSION: "9"
+        sources: []
+        mappings:
+          /src/bootstrap: .%internal/bootstrap/src-deps
+        build: |
+          # URL of tarball with OS image
+          export ARCH=$(uname -m)
+          bootstrap_filename="${BOOTSTRAP_FILE}.${ARCH}.${BOOTSTRAP_EXTENSION}"
+          bootstrap_url="${DNF_HOST}/${BOOTSTRAP_PATH}/${bootstrap_filename}"
+
+          # Download the tarball into the mutable working dir
+          cd /var/work
+          wget ${bootstrap_url}
+
+          # Validate downloaded tarball
+          grep "${bootstrap_filename}" /src/bootstrap/CHECKSUM | sha256sum -wc
+
+          # Extract tarball and setup rootfs
+          # This is a nested tarball, the real rootfs is in layer.tar
+          # Extract the firt level tarball inside the extr subdirectory
+          # within the working directory and and then extract the
+          # second level layer.tar directly to /dest
+          mkdir extr
+          tar --strip-components=1 -C ./extr -xf ./${bootstrap_filename}
+          tar -xf ./extr/layer.tar -C /dest
+
+          # Now modify the extracted file system to remove unwanted
+          # stuff and add extra stuff.
+
+          # Remove any pre-configured yum repos
+          rm /dest/etc/yum.repos.d/*
+          # Setup install-rpms shell script
+          mkdir -p /dest/usr/bin
+          chmod 555 /dest/usr/bin
+          cp -a /src/bootstrap/install-rpms /dest/usr/bin/
+          chmod 0755 /dest/usr/bin/install-rpms
+          # Setup gpg keys
+          mkdir -p /dest/usr/share/distribution-gpg-keys
+          chmod 555 /dest/usr/share/distribution-gpg-keys
+          cp -a /src/bootstrap/*.pem /dest/usr/share/distribution-gpg-keys/
+          # Setup curated frozen dnf repo list for build reproducibility
+          envsubst < /src/bootstrap/eext-repos-build.repo.template > /dest/etc/yum.repos.d/eext-repos-build.repo
 
   base-image:
     units:
-      - floor: .%internal/alma-9.1-bootstrap
+      - floor: .%internal/bootstrap
         sources: []
         build: install-rpms autoconf automake coreutils git rpm rpmdevtools rpm-build make mock python3-devel quilt
 
@@ -103,7 +156,7 @@ images:
       - build: |
           mkdir -p /dest/var/cache/go
           mkdir -p /dest/var/ext
-      - floor: .%internal/alma-9.1-bootstrap
+      - floor: .%internal/bootstrap
         sources: []
         build: |
           install-rpms autoconf automake coreutils golang git rpm rpmdevtools rpm-build make mock python3-devel quilt

bootstrap/CHECKSUM

@@ -0,0 +1,2 @@
+c2a4f505ffa543fa46f9a077d201d54d8d94f431079b5e776c15cb200c03bb73 CentOS-Stream-Container-Base-9-20240715.0.x86_64.tar.xz
+af064c53839e2b54c7a42f7c6d1f4c4ed597e4ba6981ea90a1e6914278dfe855 CentOS-Stream-Container-Base-9-20240715.0.aarch64.tar.xz

bootstrap/README.md

@@ -0,0 +1,13 @@
+# Uploading Bootstrap Tarball
+
+1. Download a CentOS-Stream-Container-Base tarball with a timestamp in its name, like `20230704`, from:
+   - [https://cloud.centos.org/centos/9-stream/x86_64/images/](https://cloud.centos.org/centos/9-stream/x86_64/images/)
+   - [https://cloud.centos.org/centos/9-stream/aarch64/images/](https://cloud.centos.org/centos/9-stream/aarch64/images/)
+2. Upload them to artifactory in the subpath `eext-sources/bootstrap/CentOS-Stream/`
+```
+  curl -H "Authorization: Bearer ${ARTIFACTORY_TOKEN}" -X PUT https://artifactory.infra.corp.arista.io/artifactory/eext-sources/bootstrap/CentOS-Stream/ -T <TARBALL_PATH>
+```
+3. Update the `CHECKSUM` file in the local repo for the new entries from the `CHECKSUM` files:
+   - [https://cloud.centos.org/centos/9-stream/x86_64/images/CHECKSUM](https://cloud.centos.org/centos/9-stream/x86_64/images/CHECKSUM)
+   - [https://cloud.centos.org/centos/9-stream/aarch64/images/CHECKSUM](https://cloud.centos.org/centos/9-stream/aarch64/images/CHECKSUM)
+4. Update the `EEXT_BOOTSTRAP_VERSION` environment variable in `barney.yaml`.

bootstrap/eext-repos-build.repo.template

@@ -0,0 +1,16 @@
+[BaseOS]
+baseurl=${DNF_HOST}/${DNF_DISTRO_REPO}/${DNF_DISTRO_REPO_VERSION}/BaseOS/${ARCH}/os/
+enabled=1
+gpgkey=file:///usr/share/distribution-gpg-keys/alma9-b86b3716-gpg-pubkey.pem
+
+[AppStream]
+baseurl=${DNF_HOST}/${DNF_DISTRO_REPO}/${DNF_DISTRO_REPO_VERSION}/AppStream/${ARCH}/os/
+exclude=podman
+enabled=1
+gpgkey=file:///usr/share/distribution-gpg-keys/alma9-b86b3716-gpg-pubkey.pem
+
+[epel9-snapshot]
+baseurl=${DNF_HOST}/${DNF_EPEL_REPO}/${DNF_EPEL_REPO_SNAPSHOT_VERSION}/${DNF_EPEL_REPO_DISTRO_VERSION}/Everything/${ARCH}/
+enabled=1
+gpgkey=file:///usr/share/distribution-gpg-keys/epel9-3228467c-gpg-pubkey.pem
+

bootstrap/install-rpms

@@ -0,0 +1,7 @@
+#!/bin/sh
+dnf --assumeyes --installroot=/dest --noplugins \
+    --config=/etc/dnf/dnf.conf \
+    --setopt=cachedir=/var/cache/dnf \
+    --setopt=reposdir=/etc/yum.repos.d \
+    --setopt=varsdir=/etc/dnf \
+    install "$@"