rpm: Switch to CentOS Stream 8

Currently we're taking upcoming RHEL AV contents and semi-manually rebuilding them inside special COPRs so that they can be used on Fedora: this process requires additional work, introduces delays and results in a mix of components that are otherwise not tested together. Using CentOS Stream 8 instead of Fedora eliminates all of these issues: shortly after a new version of QEMU or libvirt is tagged, the corresponding build will automatically show up in CentOS Stream 8 and we will be able to consume it; the selection of packages will also be a lot closer to what Red Hat tests internally, which should result in an overall more solid base to build KubeVirt upon. Using bazeldnf's --nobest option is necessary because CentOS Stream 8 repositories might contain more than one version of each package, and we are not necessarily pinning the very latest one. Note that the image used for some of the tests is still based on Fedora, at least for now: scsi-target-utils is not available in CentOS Stream 8, so we'd have to rewrite the corresponding tests to use an alternative tool such as targetcli. Since this image is used only for tests, I've decided to leave that challenge for another day. Somewhat non-obvious changes: * the test image is now using the Fedora version of qemu-img instead of the same one as the virt-launcher image, which makes things simpler and should still be perfectly fine for our needs; * we no longer need to create some symlinks (namely for iptables and qemu-kvm); * we do, however, need to bring in a slightly custom nsswitch.conf file to disable sssd integration and thus avoid having to include the corresponding packages in the container. Signed-off-by: Andrea Bolognani <[email protected]>
kaloom · Oct 4, 2021 · a57ade4 · a57ade4
1 parent 674ca6e
commit a57ade4
Show file tree

Hide file tree

Showing 6 changed files with 140 additions and 67 deletions.
diff --git a/cmd/virt-handler/BUILD.bazel b/cmd/virt-handler/BUILD.bazel
@@ -131,6 +131,15 @@ pkg_tar(
     visibility = ["//visibility:public"],
 )
 
+pkg_tar(
+    name = "nsswitch-tar",
+    srcs = [
+        ":nsswitch.conf",
+    ],
+    mode = "0644",
+    package_dir = "/etc",
+)
+
 container_image(
     name = "version-container",
     directory = "/",
@@ -141,10 +150,12 @@ container_image(
     tars = select({
         "@io_bazel_rules_go//go/platform:linux_arm64": [
             ":passwd-tar",
+            ":nsswitch-tar",
             "//rpm:handlerbase_aarch64",
         ],
         "//conditions:default": [
             ":passwd-tar",
+            ":nsswitch-tar",
             "//rpm:handlerbase_x86_64",
         ],
     }),

diff --git a/cmd/virt-handler/nsswitch.conf b/cmd/virt-handler/nsswitch.conf
@@ -0,0 +1,14 @@
+passwd:     files
+shadow:     files
+group:      files
+hosts:      files dns myhostname
+services:   files
+netgroup:
+automount:  files
+aliases:    files
+ethers:     files
+gshadow:    files
+networks:   files dns
+protocols:  files
+publickey:  files
+rpc:        files
diff --git a/cmd/virt-launcher/BUILD.bazel b/cmd/virt-launcher/BUILD.bazel
@@ -129,6 +129,15 @@ pkg_tar(
     visibility = ["//visibility:public"],
 )
 
+pkg_tar(
+    name = "nsswitch-tar",
+    srcs = [
+        ":nsswitch.conf",
+    ],
+    mode = "0644",
+    package_dir = "/etc",
+)
+
 container_image(
     name = "version-container",
     directory = "/",
@@ -137,11 +146,13 @@ container_image(
         "@io_bazel_rules_go//go/platform:linux_arm64": [
             ":libvirt-config",
             ":passwd-tar",
+            ":nsswitch-tar",
             "//rpm:launcherbase_aarch64",
         ],
         "//conditions:default": [
             ":libvirt-config",
             ":passwd-tar",
+            ":nsswitch-tar",
             "//rpm:launcherbase_x86_64",
         ],
     }),

diff --git a/cmd/virt-launcher/nsswitch.conf b/cmd/virt-launcher/nsswitch.conf
@@ -0,0 +1,14 @@
+passwd:     files
+shadow:     files
+group:      files
+hosts:      files dns myhostname
+services:   files
+netgroup:
+automount:  files
+aliases:    files
+ethers:     files
+gshadow:    files
+networks:   files dns
+protocols:  files
+publickey:  files
+rpc:        files
diff --git a/hack/rpm-deps.sh b/hack/rpm-deps.sh
@@ -5,10 +5,11 @@ set -ex
 source hack/common.sh
 source hack/config.sh
 
-LIBVIRT_VERSION=0:7.0.0-12.fc32
-QEMU_VERSION=15:5.2.0-15.fc32
-SEABIOS_VERSION=0:1.14.0-1.fc32
-EDK2_VERSION=0:20200801stable-1.fc32
+LIBVIRT_VERSION=0:7.0.0-14.el8s
+QEMU_VERSION=15:5.2.0-16.el8s
+SEABIOS_VERSION=0:1.14.0-1.el8s
+EDK2_VERSION=0:20200602gitca407c7246bf-4.el8
+LIBGUESTFS_VERSION=1:1.44.0-3.el8s
 
 # Packages that we want to be included in all container images.
 #
@@ -18,14 +19,13 @@ EDK2_VERSION=0:20200801stable-1.fc32
 # have more than one way of being resolved. Listing the latter
 # explicitly ensures that bazeldnf always reaches the same solution
 # and thus keeps things reproducible
-fedora_base="
-  curl-minimal
+centos_base="
+  curl
   vim-minimal
 "
-fedora_extra="
+centos_extra="
   coreutils-single
-  fedora-logos-httpd
-  glibc-langpack-en
+  glibc-minimal-langpack
   libcurl-minimal
 "
 
@@ -48,16 +48,22 @@ testimage_base="
 
 bazel run \
     --config=${ARCHITECTURE} \
-    //:bazeldnf -- rpmtree --public --name testimage_x86_64 \
-    $fedora_base \
-    $fedora_extra \
+    //:bazeldnf -- rpmtree \
+    --public \
+    --name testimage_x86_64 \
+    --basesystem centos-stream-release \
+    $centos_base \
+    $centos_extra \
     $testimage_base
 
 bazel run \
     --config=${ARCHITECTURE} \
-    //:bazeldnf -- rpmtree --public --arch=aarch64 --name testimage_aarch64 \
-    $fedora_base \
-    $fedora_extra \
+    //:bazeldnf -- rpmtree \
+    --public \
+    --name testimage_aarch64 --arch aarch64 \
+    --basesystem centos-stream-release \
+    $centos_base \
+    $centos_extra \
     $testimage_base
 
 # create a rpmtree for libvirt-devel. libvirt-devel is needed for compilation and unit-testing.
@@ -73,17 +79,23 @@ libvirtdevel_extra="
 
 bazel run \
     --config=${ARCHITECTURE} \
-    //:bazeldnf -- rpmtree --public --name libvirt-devel_x86_64 \
-    $fedora_base \
-    $fedora_extra \
+    //:bazeldnf -- rpmtree \
+    --public --nobest \
+    --name libvirt-devel_x86_64 \
+    --basesystem centos-stream-release \
+    $centos_base \
+    $centos_extra \
     $libvirtdevel_base \
     $libvirtdevel_extra
 
 bazel run \
     --config=${ARCHITECTURE} \
-    //:bazeldnf -- rpmtree --public --arch=aarch64 --name libvirt-devel_aarch64 \
-    $fedora_base \
-    $fedora_extra \
+    //:bazeldnf -- rpmtree \
+    --public --nobest \
+    --name libvirt-devel_aarch64 --arch aarch64 \
+    --basesystem centos-stream-release \
+    $centos_base \
+    $centos_extra \
     $libvirtdevel_base \
     $libvirtdevel_extra
 
@@ -113,20 +125,26 @@ launcherbase_extra="
 
 bazel run \
     --config=${ARCHITECTURE} \
-    //:bazeldnf -- rpmtree --public --name launcherbase_x86_64 \
+    //:bazeldnf -- rpmtree \
+    --public --nobest \
+    --name launcherbase_x86_64 \
+    --basesystem centos-stream-release \
     --force-ignore-with-dependencies '^mozjs60' \
-    $fedora_base \
-    $fedora_extra \
+    $centos_base \
+    $centos_extra \
     $launcherbase_base \
     $launcherbase_x86_64 \
     $launcherbase_extra
 
 bazel run \
     --config=${ARCHITECTURE} \
-    //:bazeldnf -- rpmtree --public --arch=aarch64 --name launcherbase_aarch64 \
+    //:bazeldnf -- rpmtree \
+    --public --nobest \
+    --name launcherbase_aarch64 --arch aarch64 \
+    --basesystem centos-stream-release \
     --force-ignore-with-dependencies '^mozjs60' \
-    $fedora_base \
-    $fedora_extra \
+    $centos_base \
+    $centos_extra \
     $launcherbase_base \
     $launcherbase_aarch64 \
     $launcherbase_extra
@@ -152,27 +170,40 @@ handlerbase_extra="
 bazel run \
     --config=${ARCHITECTURE} \
     //:bazeldnf -- rpmtree --public --arch=aarch64 --name handlerbase_aarch64 \
-    $basesystem \
+    --basesystem centos-stream-release \
+    $centos_base \
+    $centos_extra \
     $handler_base \
     $handlerbase_extra
 
 bazel run \
     --config=${ARCHITECTURE} \
     //:bazeldnf -- rpmtree --public --name handlerbase_x86_64 \
-    $basesystem \
+    --basesystem centos-stream-release \
+    $centos_base \
+    $centos_extra \
     $handler_base \
     $handlerbase_extra
 
 libguestfstools_base="
-  libguestfs
-  libguestfs-tools
+  libguestfs-tools-${LIBGUESTFS_VERSION}
+  libvirt-daemon-driver-qemu-${LIBVIRT_VERSION}
+  qemu-kvm-core-${QEMU_VERSION}
+  seabios-${SEABIOS_VERSION}
+"
+libguestfstools_x86_64="
+  edk2-ovmf-${EDK2_VERSION}
 "
 
 bazel run \
-    //:bazeldnf -- rpmtree --public --name libguestfs-tools \
-    $fedora_base \
-    $fedora_extra \
+    //:bazeldnf -- rpmtree \
+    --public --nobest \
+    --name libguestfs-tools \
+    --basesystem centos-stream-release \
+    $centos_base \
+    $centos_extra \
     $libguestfstools_base \
+    $libguestfstools_x86_64 \
     --force-ignore-with-dependencies '^(kernel-|linux-firmware)' \
     --force-ignore-with-dependencies '^(python[3]{0,1}-|perl[3]{0,1}-)' \
     --force-ignore-with-dependencies '^(mesa-|libwayland-|selinux-policy|mozjs60)' \

diff --git a/repo.yaml b/repo.yaml
@@ -1,41 +1,33 @@
 repositories:
 - arch: x86_64
-  metalink: https://mirrors.fedoraproject.org/metalink?repo=fedora-32&arch=x86_64
-  name: 32-x86_64-primary-repo
-  gpgkey: https://src.fedoraproject.org/rpms/fedora-repos/raw/main/f/RPM-GPG-KEY-fedora-32-primary
+  baseurl: http://mirror.centos.org/centos/8-stream/BaseOS/x86_64/os/
+  name: centos/stream8-baseos-x86_64
+  gpgkey: https://www.centos.org/keys/RPM-GPG-KEY-CentOS-Official
 - arch: x86_64
-  metalink: https://mirrors.fedoraproject.org/metalink?repo=updates-released-f32&arch=x86_64
-  name: 32-x86_64-update-repo
-  gpgkey: https://src.fedoraproject.org/rpms/fedora-repos/raw/main/f/RPM-GPG-KEY-fedora-32-primary
-- arch: aarch64
-  metalink: https://mirrors.fedoraproject.org/metalink?repo=fedora-32&arch=aarch64
-  name: 32-aarch64-primary-repo
-  gpgkey: https://src.fedoraproject.org/rpms/fedora-repos/raw/main/f/RPM-GPG-KEY-fedora-32-primary
-- arch: aarch64
-  metalink: https://mirrors.fedoraproject.org/metalink?repo=updates-released-f32&arch=aarch64
-  name: 32-aarch64-update-repo
-  gpgkey: https://src.fedoraproject.org/rpms/fedora-repos/raw/main/f/RPM-GPG-KEY-fedora-32-primary
+  baseurl: http://mirror.centos.org/centos/8-stream/AppStream/x86_64/os/
+  name: centos/stream8-appstream-x86_64
+  gpgkey: https://www.centos.org/keys/RPM-GPG-KEY-CentOS-Official
 - arch: x86_64
-  baseurl: https://download.copr.fedorainfracloud.org/results/@kubevirt/libvirt-7.0.0-12.el8/fedora-32-x86_64/
-  name: kubevirt/libvirt-copr-x86_64
-  gpgkey: https://download.copr.fedorainfracloud.org/results/@kubevirt/libvirt-7.0.0-12.el8/pubkey.gpg
+  baseurl: http://mirror.centos.org/centos/8-stream/virt/x86_64/advancedvirt-common/
+  name: centos/stream8-advancedvirt-x86_64
+  gpgkey: https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Virtualization
 - arch: x86_64
-  baseurl: https://download.copr.fedorainfracloud.org/results/@kubevirt/qemu-5.2.0-15.el8/fedora-32-x86_64/
-  name: kubevirt/qemu-copr-x86_64
-  gpgkey: https://download.copr.fedorainfracloud.org/results/@kubevirt/qemu-5.2.0-15.el8/pubkey.gpg
-- arch: x86_64
-  baseurl: https://download.copr.fedorainfracloud.org/results/@kubevirt/seabios-1.14.0-1.el8/fedora-32-x86_64/
-  name: kubevirt/seabios-copr-x86_64
-  gpgkey: https://download.copr.fedorainfracloud.org/results/@kubevirt/seabios-1.14.0-1.el8/pubkey.gpg
+  baseurl: http://mirror.centos.org/centos/8-stream/PowerTools/x86_64/os/
+  name: centos/stream8-powertools-x86_64
+  gpgkey: https://www.centos.org/keys/RPM-GPG-KEY-CentOS-Official
+- arch: aarch64
+  baseurl: http://mirror.centos.org/centos/8-stream/BaseOS/aarch64/os/
+  name: centos/stream8-baseos-aarch64
+  gpgkey: https://www.centos.org/keys/RPM-GPG-KEY-CentOS-Official
 - arch: aarch64
-  baseurl: https://download.copr.fedorainfracloud.org/results/@kubevirt/libvirt-7.0.0-12.el8/fedora-32-aarch64/
-  name: kubevirt/libvirt-copr-aarch64
-  gpgkey: https://download.copr.fedorainfracloud.org/results/@kubevirt/libvirt-7.0.0-12.el8/pubkey.gpg
+  baseurl: http://mirror.centos.org/centos/8-stream/AppStream/aarch64/os/
+  name: centos/stream8-appstream-aarch64
+  gpgkey: https://www.centos.org/keys/RPM-GPG-KEY-CentOS-Official
 - arch: aarch64
-  baseurl: https://download.copr.fedorainfracloud.org/results/@kubevirt/qemu-5.2.0-15.el8/fedora-32-aarch64/
-  name: kubevirt/qemu-copr-aarch64
-  gpgkey: https://download.copr.fedorainfracloud.org/results/@kubevirt/qemu-5.2.0-15.el8/pubkey.gpg
+  baseurl: http://mirror.centos.org/centos/8-stream/virt/aarch64/advancedvirt-common/
+  name: centos/stream8-advancedvirt-aarch64
+  gpgkey: https://www.centos.org/keys/RPM-GPG-KEY-CentOS-SIG-Virtualization
 - arch: aarch64
-  baseurl: https://download.copr.fedorainfracloud.org/results/@kubevirt/seabios-1.14.0-1.el8/fedora-32-aarch64/
-  name: kubevirt/seabios-copr-aarch64
-  gpgkey: https://download.copr.fedorainfracloud.org/results/@kubevirt/seabios-1.14.0-1.el8/pubkey.gpg
+  baseurl: http://mirror.centos.org/centos/8-stream/PowerTools/aarch64/os/
+  name: centos/stream8-powertools-aarch64
+  gpgkey: https://www.centos.org/keys/RPM-GPG-KEY-CentOS-Official