|
| 1 | += Creating repo files for use with hermetic prefetch |
| 2 | + |
| 3 | +The rpm-lockfile-prototype tool uses live dnf metadata to resolve a given rpms.in.yaml file into an rpms.lock.yaml file in which every rpm is exactly specified by location and version. Because if uses live metadata, the configuration of dnf repositories on the system will influence the results. |
| 4 | + |
| 5 | +Let's explore a simple scenario that should illustrate all pertinent parts of the process. |
| 6 | + |
| 7 | +We will createa a lockfile that includes the OpenShift clients rpm`+openshift-clients+`, which: |
| 8 | + |
| 9 | +* requires a subscription to the OpenShift product |
| 10 | +* is not locataed in the default Red Hat Enterprise Linux repositories |
| 11 | +* is available for multiple architectures |
| 12 | +
|
| 13 | +
|
| 14 | +This RPM is available in the following repositories: |
| 15 | +satellite-6.16-for-rhel-9-x86_64-rpms |
| 16 | + |
| 17 | +[cols="2,1"] |
| 18 | +|=== |
| 19 | +|*architecture* |*repository* |
| 20 | +|x86_64 |rhocp-4.17-for-rhel-9-x86_64-rpms |
| 21 | +|aarch64 |rhocp-4.17-for-rhel-9-aarch64-rpms |
| 22 | +|=== |
| 23 | + |
| 24 | + |
| 25 | +== Create the activation key |
| 26 | + |
| 27 | +=== Create a new key. |
| 28 | +Navigate to https://console.redhat.com/insights/connector/activation-keys and create a new activation key. Follow the instructions in the wizard. |
| 29 | + |
| 30 | +Refer to the https://docs.redhat.com/en/documentation/subscription_central/1-latest/html/getting_started_with_activation_keys_on_the_hybrid_cloud_console/index[Red Hat documentation] for additional information. |
| 31 | + |
| 32 | + |
| 33 | +=== Add additional repositories to the key |
| 34 | +Once the key is created, click "add repositories". Add all the applicable repositories for all architectures. If you want to build source containers include the corresponding source repositories as well. |
| 35 | + |
| 36 | +.Selecting additional repositories for an actviation keys |
| 37 | +image::../../../activation-key-choose-repos.png[redhat-activation-key-configuration] |
| 38 | + |
| 39 | +When saved, your key should look something like this: |
| 40 | + |
| 41 | +.Activation Key with additoinal repositories configured |
| 42 | +image::../../../images/activation-key-additional-repos-view.png[redhat-activation-key-additional-respositories] |
| 43 | + |
| 44 | +IMPORTANT: Note the *name* of the activation key and the *org ID* which can be found in the dropdown under your name in the top right corner of the screen. You will need both in a subsequent step. |
| 45 | + |
| 46 | +== Configure rpm-lockfile-prototype |
| 47 | + |
| 48 | +NOTE: For this step we willl assume that you have source code in your current working directory `+$(pwd)`+` |
| 49 | + |
| 50 | + |
| 51 | +1. Start a new container using the right version of RHEL (the one you will eventually be building on) and mounting your source code directory |
| 52 | + |
| 53 | +---- |
| 54 | +podman run --rm -it -v $(pwd):/source registry.access.redhat.com/ubi9 |
| 55 | +---- |
| 56 | + |
| 57 | +[start=2] |
| 58 | +. Register with your activation key |
| 59 | +---- |
| 60 | +subscription-manager register --activationkey="$KEY_NAME" --org="$ORG_ID" |
| 61 | +---- |
| 62 | + |
| 63 | + |
| 64 | +[start=3] |
| 65 | +. Verify that you have the correct repositories and enable missing source repositories. |
| 66 | +NOTE: It is normal to only see the repositories for your current architecture at this statge. |
| 67 | +---- |
| 68 | +[root@ yum.repos.d]# dnf repolist --enabled |
| 69 | +Updating Subscription Management repositories. |
| 70 | +repo id repo name |
| 71 | +rhel-9-for-aarch64-appstream-rpms Red Hat Enterprise Linux 9 for ARM 64 - AppStream (RPMs) |
| 72 | +rhel-9-for-aarch64-baseos-rpms Red Hat Enterprise Linux 9 for ARM 64 - BaseOS (RPMs) |
| 73 | +rhocp-4.17-for-rhel-9-aarch64-rpms Red Hat OpenShift Container Platform 4.17 for RHEL 9 ARM 64 (RPMs) |
| 74 | +rhocp-4.17-for-rhel-9-aarch64-source-rpms Red Hat OpenShift Container Platform 4.17 for RHEL 9 ARM 64 (Source RPMs) |
| 75 | +ubi-9-appstream-rpms Red Hat Universal Base Image 9 (RPMs) - AppStream |
| 76 | +ubi-9-baseos-rpms Red Hat Universal Base Image 9 (RPMs) - BaseOS |
| 77 | +ubi-9-codeready-builder Red Hat Universal Base Image 9 (RPMs) - CodeReady Builder` |
| 78 | +---- |
| 79 | + |
| 80 | +In the example above, the source RPM repositories are not enabled for |
| 81 | +---- |
| 82 | +ubi-9-appstream-rpms |
| 83 | +ubi-9-baseos-rpms |
| 84 | +ubi-9-codeready-builder |
| 85 | +---- |
| 86 | + |
| 87 | +You must locate the source repos in redhat.repo and change `+ENABLED = 0+` to `+ENABLED = 1+`. |
| 88 | + |
| 89 | + |
| 90 | +[start=4] |
| 91 | +. Install pip, skopeo and rpm-lockfile-prototype |
| 92 | +---- |
| 93 | +dnf install -y pip skopeo |
| 94 | +pip install --user https://github.com/konflux-ci/rpm-lockfile-prototype/archive/refs/tags/v0.13.1.tar.gz |
| 95 | +---- |
| 96 | + |
| 97 | +[start=5] |
| 98 | +. add repo file configured by subscription manager to source directory |
| 99 | +---- |
| 100 | +cp /etc/yum.repos.d/redhat.repo /source/redhat.repo |
| 101 | +---- |
| 102 | + |
| 103 | +[start=6] |
| 104 | +. substitute the current arch with `$basearch` in redhat.repo to facilitate fetching for multiple architectures. |
| 105 | +---- |
| 106 | +sed -i "s/$(uname -m)/\$basearch/g" redhat.repo |
| 107 | +---- |
| 108 | + |
| 109 | + |
| 110 | + |
| 111 | +[start=8] |
| 112 | +. configure rpms.in.yaml |
| 113 | +There are three things to configure: |
| 114 | +.. Add `./redhat.repo` under `contentOrigin.repofiles` in rpms.in.yaml and added |
| 115 | +.. Add the rpm we want (openshift-clients) |
| 116 | +.. Configure the enabled architectures |
| 117 | + |
| 118 | +Example `+rpms.in.yaml+` file: |
| 119 | +---- |
| 120 | +contentOrigin: |
| 121 | + # Define at least one source of packages, but you can have as many as you want. |
| 122 | + repofiles: |
| 123 | + - ./redhat.repo |
| 124 | +
|
| 125 | +packages: |
| 126 | + # list of rpm names to resolve |
| 127 | + - ocp-clients |
| 128 | +
|
| 129 | +#reinstallPackages: [] |
| 130 | + # list of rpms already provided in the base image, but which should be |
| 131 | + # reinstalled |
| 132 | +
|
| 133 | +arches: |
| 134 | + # The list of architectures can be set in the config file. Any `--arch` option set |
| 135 | + # on the command line will override this list. |
| 136 | + - aarch64 |
| 137 | + - x86_64 |
| 138 | + # - s390x |
| 139 | + # - ppc64le |
| 140 | +
|
| 141 | +context: |
| 142 | + # Alternative to setting command line options. Usually you will only want |
| 143 | + # to include one of these options, with the exception of `flatpak` that |
| 144 | + # can be combined with `image` and `containerfile` |
| 145 | + containerfile: Containerfile |
| 146 | +---- |
| 147 | + |
| 148 | +NOTE: In the source directory for this example there is a Containerfile named `+Containerfile+` which starts with the line `FROM regostry.access.redhat.com/ubi9/ubi` |
| 149 | + |
| 150 | +[start=9] |
| 151 | +Create the lockfile |
| 152 | +---- |
| 153 | +cd /source rpm-lockfile-prototype -f Containerfile rpms.in.yaml |
| 154 | +---- |
| 155 | + |
| 156 | +TIP: if you see output like `+WARNING:root:No sources found for...+` then there is a source repository that still needs to be enabled in your repository configuraiton. |
| 157 | + |
| 158 | +[start=10] |
| 159 | +Finally, commit both the rpms.in.yaml and rpms.lock.yaml to source control for use with the rpm prefetch task. |
0 commit comments