Skip to content

Commit 07677d5

Browse files
committed
add how to for creating rpm lockfile
1 parent 2bccd63 commit 07677d5

File tree

4 files changed

+159
-0
lines changed

4 files changed

+159
-0
lines changed
Loading
Loading

docs/modules/ROOT/pages/how-tos/_nav.adoc

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
*** xref:how-tos/configuring/creating-secrets.adoc[Creating secrets for your builds]
66
*** xref:how-tos/configuring/configuration-as-code.adoc[Configuration as code]
77
*** xref:how-tos/configuring/hermetic-builds.adoc[Enabling hermetic builds]
8+
*** xref:how-tos/configuring/configuring-rpm-prefetch.adoc[Configuring rpm lockfile for hermetic builds]
89
*** xref:how-tos/configuring/prefetching-dependencies.adoc[Prefetching package manager dependencies]
910
*** xref:how-tos/configuring/component-nudges.adoc[Defining component relationships]
1011
*** xref:how-tos/configuring/rerunning.adoc[Retriggering build pipelines]
Lines changed: 158 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,158 @@
1+
= Creating repo files for use with hermetic prefetch
2+
3+
The rpm-lockfile-prototype tool uses live dnf metadata to resolve a given rpms.in.yaml file into an rpms.lock.yaml file in which every rpm is exactly specified by location and version. Because if uses live metadata, the configuration of dnf repositories on the system will influence the results.
4+
5+
Let's explore a simple scenario that should illustrate all pertinent parts of the process.
6+
7+
We will createa a lockfile that includes the OpenShift clients rpm `+openshift-clients+` which:
8+
9+
* requires a subscription to the OpenShift product
10+
* is not locataed in the default Red Hat Enterprise Linux repositories
11+
* is available for multiple architectures
12+
13+
14+
This RPM is available in the following repositories:
15+
16+
[cols="2,1"]
17+
|===
18+
|*architecture* |*repository*
19+
|x86_64 |rhocp-4.17-for-rhel-9-x86_64-rpms
20+
|aarch64 |rhocp-4.17-for-rhel-9-aarch64-rpms
21+
|===
22+
23+
24+
== Create the activation key
25+
26+
=== Create a new key.
27+
Navigate to https://console.redhat.com/insights/connector/activation-keys and create a new activation key. Follow the instructions in the wizard.
28+
29+
Refer to the https://docs.redhat.com/en/documentation/subscription_central/1-latest/html/getting_started_with_activation_keys_on_the_hybrid_cloud_console/index[Red Hat documentation] for additional information.
30+
31+
32+
=== Add additional repositories to the key
33+
Once the key is created, click "add repositories". Add all the applicable repositories for all architectures. If you want to build source containers include the corresponding source repositories as well.
34+
35+
.Selecting additional repositories for an actviation keys
36+
image::activation-key-choose-repos.png[redhat-activation-key-configuration]
37+
38+
When saved, your key should look something like this:
39+
40+
.Activation Key with additoinal repositories configured
41+
image::activation-key-additional-repos-view.png[redhat-activation-key-additional-respositories]
42+
43+
IMPORTANT: Note the *name* of the activation key and the *org ID* which can be found in the dropdown under your name in the top right corner of the screen. You will need both in a subsequent step.
44+
45+
== Configure rpm-lockfile-prototype
46+
47+
NOTE: For this step we willl assume that you have source code in your current working directory `+$(pwd)+`.
48+
49+
50+
1. Start a new container using the right version of Red Hat Enterprise Linux (the one you will eventually be building on) and mounting your source code directory:
51+
52+
----
53+
podman run --rm -it -v $(pwd):/source registry.access.redhat.com/ubi9
54+
----
55+
56+
[start=2]
57+
. Register with your activation key:
58+
----
59+
subscription-manager register --activationkey="$KEY_NAME" --org="$ORG_ID"
60+
----
61+
62+
63+
[start=3]
64+
. Verify that you have the correct repositories and enable missing source repositories.
65+
NOTE: It is normal to only see the repositories for your current architecture at this stagitge.
66+
----
67+
[root@ yum.repos.d]# dnf repolist --enabled
68+
Updating Subscription Management repositories.
69+
repo id repo name
70+
rhel-9-for-aarch64-appstream-rpms Red Hat Enterprise Linux 9 for ARM 64 - AppStream (RPMs)
71+
rhel-9-for-aarch64-baseos-rpms Red Hat Enterprise Linux 9 for ARM 64 - BaseOS (RPMs)
72+
rhocp-4.17-for-rhel-9-aarch64-rpms Red Hat OpenShift Container Platform 4.17 for RHEL 9 ARM 64 (RPMs)
73+
rhocp-4.17-for-rhel-9-aarch64-source-rpms Red Hat OpenShift Container Platform 4.17 for RHEL 9 ARM 64 (Source RPMs)
74+
ubi-9-appstream-rpms Red Hat Universal Base Image 9 (RPMs) - AppStream
75+
ubi-9-baseos-rpms Red Hat Universal Base Image 9 (RPMs) - BaseOS
76+
ubi-9-codeready-builder Red Hat Universal Base Image 9 (RPMs) - CodeReady Builder`
77+
----
78+
79+
In the example above, the source RPM repositories are not enabled for
80+
----
81+
ubi-9-appstream-rpms
82+
ubi-9-baseos-rpms
83+
ubi-9-codeready-builder
84+
----
85+
86+
You must locate the source repos in redhat.repo and change `+ENABLED = 0+` to `+ENABLED = 1+`.
87+
88+
89+
[start=4]
90+
. Install pip, skopeo and rpm-lockfile-prototype
91+
----
92+
dnf install -y pip skopeo
93+
pip install --user https://github.com/konflux-ci/rpm-lockfile-prototype/archive/refs/tags/v0.13.1.tar.gz
94+
----
95+
96+
[start=5]
97+
. add repo file configured by subscription manager to source directory
98+
----
99+
cp /etc/yum.repos.d/redhat.repo /source/redhat.repo
100+
----
101+
102+
[start=6]
103+
. substitute the current arch with `$basearch` in redhat.repo to facilitate fetching for multiple architectures.
104+
----
105+
sed -i "s/$(uname -m)/\$basearch/g" redhat.repo
106+
----
107+
108+
109+
110+
[start=8]
111+
. configure rpms.in.yaml
112+
There are three things to configure:
113+
.. Add `./redhat.repo` under `contentOrigin.repofiles` in rpms.in.yaml and added
114+
.. Add the rpm we want (openshift-clients)
115+
.. Configure the enabled architectures
116+
117+
Example `+rpms.in.yaml+` file:
118+
----
119+
contentOrigin:
120+
# Define at least one source of packages, but you can have as many as you want.
121+
repofiles:
122+
- ./redhat.repo
123+
124+
packages:
125+
# list of rpm names to resolve
126+
- ocp-clients
127+
128+
#reinstallPackages: []
129+
# list of rpms already provided in the base image, but which should be
130+
# reinstalled
131+
132+
arches:
133+
# The list of architectures can be set in the config file. Any `--arch` option set
134+
# on the command line will override this list.
135+
- aarch64
136+
- x86_64
137+
# - s390x
138+
# - ppc64le
139+
140+
context:
141+
# Alternative to setting command line options. Usually you will only want
142+
# to include one of these options, with the exception of `flatpak` that
143+
# can be combined with `image` and `containerfile`
144+
containerfile: Containerfile
145+
----
146+
147+
NOTE: In the source directory for this example there is a Containerfile named `+Containerfile+` which starts with the line `FROM regostry.access.redhat.com/ubi9/ubi`
148+
149+
[start=9]
150+
Create the lockfile
151+
----
152+
cd /source rpm-lockfile-prototype -f Containerfile rpms.in.yaml
153+
----
154+
155+
TIP: if you see output like `+WARNING:root:No sources found for...+` then there is a source repository that still needs to be enabled in your repository configuraiton.
156+
157+
[start=10]
158+
Finally, commit both the rpms.in.yaml and rpms.lock.yaml to source control for use with the rpm prefetch task.

0 commit comments

Comments
 (0)