Building Discovery Image on EL8

Hello,

foreman discovery image is still based on EL7, but if you want to try to build it on EL8 feel free to do so and give us a feedback. Here is a tutorial:

Checkout the repository and run ./build-livecd fdi-centos7.ks. Then edit the generated fdi-image.ks as follows.

Change the following lines:

network  --bootproto=dhcp
url --mirrorlist=http://mirrorlist.centos.org/?release=8&arch=$basearch&repo=baseos
repo --name="AppStream" --mirrorlist=http://mirrorlist.centos.org/?release=8&arch=$basearch&repo=appstream
repo --name="epel8" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=epel-8&arch=x86_64
repo --name="foreman-el8" --baseurl=http://yum.theforeman.org/releases/nightly/el8/$basearch/
repo --name="foreman-plugins-el8" --baseurl=http://yum.theforeman.org/plugins/nightly/el8/$basearch/
module --name=ruby --stream=2.7
clearpart --all --initlabel
part / --fstype="ext4" --size=4000
shutdown

Remove the following lines:

#auth --useshadow --enablemd5
#rm -rf /boot*

Add the following packages to the %packages section:

syslinux-nonlinux
dracut-live
centos-logos # or fedora-logos
memtest86+
rubygem-facter

Remove the following lines in the same section:

#-fedora-logos
#-centos-logos
OpenIPMI-tools
acpid
bind-utils
isomd5sum
tcpdump
tfm-rubygem-facter
tftp
uuid

Remove tfm- prefix from the following files:

root/usr/bin/discovery-menu
1:#!/usr/bin/tfm-ruby

root/usr/bin/discovery-register
1:#!/usr/bin/tfm-ruby

root/usr/share/fdi/facts/ethtool.rb
7:# $ FACTERLIB=/usr/share/fdi/facts tfm-ruby /opt/theforeman/tfm/root/usr/bin/facter

Install lorax, download a CentOS DVD installation ISO and generate the FDI ISO:

livemedia-creator --ks fdi-image.ks --make-iso --nomacboot --iso CentOS-8.3.2011-x86_64-dvd1.iso

A new directory will be created:

# find /var/tmp/lmc-work-nirl6e1u
/var/tmp/lmc-work-nirl6e1u
/var/tmp/lmc-work-nirl6e1u/images
/var/tmp/lmc-work-nirl6e1u/images/install.img
/var/tmp/lmc-work-nirl6e1u/images/pxeboot
/var/tmp/lmc-work-nirl6e1u/images/pxeboot/vmlinuz
/var/tmp/lmc-work-nirl6e1u/images/pxeboot/initrd.img
/var/tmp/lmc-work-nirl6e1u/images/efiboot.img
/var/tmp/lmc-work-nirl6e1u/images/boot.iso
/var/tmp/lmc-work-nirl6e1u/LiveOS
/var/tmp/lmc-work-nirl6e1u/LiveOS/squashfs.img
/var/tmp/lmc-work-nirl6e1u/isolinux
/var/tmp/lmc-work-nirl6e1u/isolinux/isolinux.bin
/var/tmp/lmc-work-nirl6e1u/isolinux/vesamenu.c32
/var/tmp/lmc-work-nirl6e1u/isolinux/ldlinux.c32
/var/tmp/lmc-work-nirl6e1u/isolinux/libcom32.c32
/var/tmp/lmc-work-nirl6e1u/isolinux/libutil.c32
/var/tmp/lmc-work-nirl6e1u/isolinux/splash.png
/var/tmp/lmc-work-nirl6e1u/isolinux/memtest
/var/tmp/lmc-work-nirl6e1u/isolinux/grub.conf
/var/tmp/lmc-work-nirl6e1u/isolinux/boot.msg
/var/tmp/lmc-work-nirl6e1u/isolinux/isolinux.cfg
/var/tmp/lmc-work-nirl6e1u/isolinux/vmlinuz
/var/tmp/lmc-work-nirl6e1u/isolinux/initrd.img
/var/tmp/lmc-work-nirl6e1u/EFI
/var/tmp/lmc-work-nirl6e1u/EFI/BOOT
/var/tmp/lmc-work-nirl6e1u/EFI/BOOT/fonts
/var/tmp/lmc-work-nirl6e1u/EFI/BOOT/fonts/unicode.pf2
/var/tmp/lmc-work-nirl6e1u/EFI/BOOT/BOOTX64.EFI
/var/tmp/lmc-work-nirl6e1u/EFI/BOOT/mmx64.efi
/var/tmp/lmc-work-nirl6e1u/EFI/BOOT/grubx64.efi
/var/tmp/lmc-work-nirl6e1u/EFI/BOOT/grub.cfg
/var/tmp/lmc-work-nirl6e1u/LICENSE

The FDI is named boot.iso.

Before upgrading the official build process, I’d like to explore building discovery as a dracut module, I already have a prototype and I think it could be the same amount of work to do this instead if we simply drop the TUI and rewrite proxy API and discovery script from Ruby to something light.

Please share your experience with FDI on EL8. Thanks.

Just for the record, I’ve stumbled upon extremely interesting project that builds on top of systemd’s mkosi tool to create a similar discovery image than ours: GitHub - ubccr/grendel-images: Bare-metal OS Images for Grendel and I am exploring what could we learn from this.

Looks like mkosi is not in EL8 so we will be sticking with livemedia-creator or maybe dracut if I can figure out how to do it.

Hello @lzap

Thanks for the tutorial!

I’m missing some information about how to install the new FDI and get it up and running. I have run livecd-iso-to-pxeboot on the newly generated boot.iso and moved the output to the fdi-image location, but I can’t get it to work. All configuration seems correct, as discussed in this topic:

Can you maybe elaborate on steps to take after the new boot.iso FDI image is created?

Thanks!

Oh right, good point.

In that case, things are gonna be easier with Lorax. Just call livemedia-creator with --make-pxe-live instead of --make-iso. That should create the necessary files.

Hi @lzap,

I successfully built an EL8 FDI following your tutorial. This is very cool and much needed because our new workstations have the newer Intel NICs that the EL7 FDI does not recognize. So thank you for this!

However, I am running into an issue when trying to PXE boot the new FDI.

The initial error is the following:
Waiting for IP address to generate SSL cert.

Further in the startup process, I see the following:

foreman-proxy: Unable to load private SSL key…
foreman-proxy: Error during startup, terminating.
systemd: Failed to start Foreman Proxy
systemd: Starting Script PXE…
discovery-script: /usr/share/fdi/commonfunc.sh: line 18: cannot create temp file for here-document: No space left on device.

You are likely having full disk, what does df say? What number do you have in your partition table? For my test builds, I had to increase partition to 3GB.

Out of curiosity - haven’t anyone run into this bug?

https://bugzilla.redhat.com/show_bug.cgi?id=1955836

I am building against CentOS 8 Stream and I am hitting this one.

df reports this:

Size Used Avail Use%
1.6 1.6 0 100% /

How were you able to increase the size of the partition? I tried putting the following in fdi-image.ks:

part / --fstype=“ext4” --size=4000

It does not seem to make any difference. The / filesystem is still only 1.6 GB.

This works fine here:

part / --size 3000 --fstype ext4

Are you sure you are modifying the correct KS file? There is plenty room for errors

Yes, I definitely modified the correct KS file. I figured out why it was not keeping the correct size. I had to add this option to the livemedia-creator command:

--live-rootfs-keep-size

Weird, my command is (this is still work in progress):

livemedia-creator --ks fdi-image.ks \
        --make-iso \
        --no-virt \
        --nomacboot \
        --extra-boot-args "$kernelcmd" \
        --project "FDI" \
        --releasever "$last_tag/$last_sha" \
        --dracut-arg="--xz" \
        --dracut-arg="--no-hostonly" \
        --dracut-arg="--debug" \
        --dracut-arg="--no-early-microcode" \
        --dracut-arg="--omit plymouth" \
        --dracut-arg="--add livenet dmsquash-live convertfs pollcdrom qemu qemu-net" \
        --dracut-arg="--add-drivers mptbase mptscsih mptspi hv_storvsc hid_hyperv hv_netvsc hv_vmbus" \
        --tmp "$tmpdir"

Some findings, I am not yet done, but it looks like:

• Building in container is no longer supported in lorax.
• Build host MUST be CentOS 8 too (Fedora will fail to build).
• There is a bug in Anaconda when building without VM that only appears on CentOS and not RHEL,
  I am asking Anaconda team to backport a patch into EL8 so we can keep using CentOS8 2034601 – RHSM DBus API is not available via lorax (in the meantime I created a patch that can be used). Alternatively, we could use a VM to build from ISO.

I will keep you up to date once I have usable workflow that is easy to reproduce for others and can work in our CI too. So far it is quite a mess, but I am getting there.

Thanks for sharing your latest livemedia-creator command. I will try using some of the new options that you are using. I am still building with the VM method, so that explains why I have not run into the RHSM DBus API bug.

I start from a fresh CentOS 8.5 VM running on an RHV cluster, and then I follow your tutorial. Then, when I run the livemedia-creator with the VM method, it starts up another CentOS 8.5 VM. So, I’m essentially running a VM within a VM to complete the build. That seems to work ok so far. It might be a slower method, but it works for me.

Thank you so much for all your work on this. We use the FDI heavily in our environment. In combination with Satellite and Discovery Rules, we rely on it to build and rebuild all of our systems.

Actually, I hit it also in a VM yesterday, looks like the only resolution is to apply a patch. Anaconda guys are telling me to try --anaconda-arg="--product CentOS Linux" but I killed my CentOS VM and I am trying with RHEL for now.

Yeah, I want to avoid this, building is already quite slow in a VM compared to bare-metal or container.

Glad to hear that, discovery is really powerful with rules, on other other hand, it is quite hacky when using it via GUI (Customize Host button). We need to work on that.

For the record, I filed additional bugs on lorax, these are non-blockers but I wish we tested this earlier. Problem is, FDI cannot be built before we have both Foreman and Satellite running on the target platform (EL8 in this case) as FDI uses smart-proxy and few its modules to do some things. Also it uses Facter from Puppet so that also needs a EL8 build.

One day I will get rid of all of these dependencies.

• https://bugzilla.redhat.com/show_bug.cgi?id=2034806
• 2034803 – Kernel and initramdisk is stored twice on livecd

Another observation: EL8-based FDI is much bigger than EL7 one. 460MB so far it used to be as small as 210MB on RHEL 7.0.

Working well implemented with penmypaper. Thanks for the tutorial.

For the record, EL8 support has been merged into master. You can just follow the README to build EL8-based FDI.