This container aggregates various tools used to build Fedora CoreOS style systems.
It reuses various upstream tools, such as:
A high level goal of this tool is to support two highly related use cases, and to keep them as similar as possible:
- Local development ("test a kernel change")
- Be a production build system orchestrated by an external tool (e.g. Jenkins)
See fedora-coreos-ci as an example pipeline.
You can use podman
or docker
. These examples use podman
. Note the
container must be privileged, as the build process uses container functionality
itself - we're using recursive containers.
Secondly, in order to build VM images, the container must have access to
/dev/kvm
. If you're running this in a VM, you must enable
nested virt.
See also GCE nested virt.
Here we store data in /srv/coreos
on our host system. You can choose
any directory you like. You should run these commands as root
.
$ mkdir /srv/coreos
$ cd /srv/coreos
$ alias coreos-assembler='podman run --rm --net=host -ti --privileged --userns=host -v $(pwd):/srv --workdir /srv quay.io/cgwalters/coreos-assembler'
If you need access to CA certificates on your host (for example, when you need to access a git repo that is not on the public Internet), you can mount in the host certificates as read-only. For example, on a Fedora host the alias would change to:
$ alias coreos-assembler='podman run --rm --net=host -ti --privileged --userns=host -v /etc/pki:/etc/pki:ro -v $(pwd):/srv --workdir /srv quay.io/cgwalters/coreos-assembler'
See this Stack Overflow question for additional discussion.
You only need to do this once; it will clone the specified configuration repo, create various directories and also download an installer image (used to make VMs).
$ coreos-assembler init https://github.com/coreos/fedora-coreos-config
The specified git repository will be cloned into /srv/coreos/src/config
.
If you're doing something custom, you likely want to fork that upstream repository.
$ coreos-assembler build
Each build will write an OSTree commit into /srv/coreos/repo
as well
as generate VM images in /srv/coreos/builds/
.
Next, rerun coreos-assembler build
and notice the system correctly
deduces that nothing changed. You can run coreos-assembler fetch
to check for updated RPMs.
$ coreos-assembler run
This invokes QEMU on the image in builds/latest
. It uses -snapshot
,
so any changes are thrown away after you exit qemu. To exit, type
Ctrl-a x
. For more options, type Ctrl-a ?
.
Currently, the assembler only takes two input files that are from src/config
:
manifest.yaml
: An rpm-ostree "manifest" or "treefile", which mostly boils down to a list of RPMs and a set of rpm-md repositories they come from. It also supportspostprocess
to make arbitrary changes. See the upstream docs.image.ks
: An Anaconda Kickstart file. Use this to define the base disk image output.
Let's try editing the file src/config/image.ks
. Change the root
storage line logvol /
for example. Rerun coreos-assembler build
, and notice
that the OSTree commit didn't change, but a new image is generated in builds
.
When you coreos-assembler run
, you'll get it.
Another thing to try is editing src/config/manifest.yaml
- add or
remove entries from packages
. You can also add local rpm-md file:///
repositories.
The container image is built in OpenShift CI.