Patch main

fedora-coreos/provisioning/fcos-lab-tutorial.bu

@@ -1,5 +1,5 @@
 variant: fcos
-version: 1.4.0
+version: 1.5.0
 passwd:
   users:
     - name: core
@@ -43,6 +43,16 @@ passwd:
       password_hash: ${student_password_hash}
     - name: labuser19
       password_hash: ${student_password_hash}
+    - name: labuser20
+      password_hash: ${student_password_hash}
+    - name: labuser21
+      password_hash: ${student_password_hash}
+    - name: labuser22
+      password_hash: ${student_password_hash}
+    - name: labuser23
+      password_hash: ${student_password_hash}
+    - name: labuser24
+      password_hash: ${student_password_hash}
 storage:
   files:
     - path: /etc/ssh/sshd_config.d/20-enable-passwords.conf
@@ -58,28 +68,36 @@ storage:
       contents:
         inline: |
           [Service]
-          Environment=RPMS="virt-install libvirt-daemon-kvm libvirt-daemon-config-network"
+          Environment=RPMS="virt-install libvirt-daemon-kvm libvirt-daemon-config-network vim"
     - path: /usr/local/bin/butane
       mode: 0755
       contents:
-        source: https://github.com/coreos/butane/releases/download/v0.18.0/butane-x86_64-unknown-linux-gnu
+        source: https://github.com/coreos/butane/releases/download/v0.20.0/butane-x86_64-unknown-linux-gnu
     - path: /usr/local/bin/ignition-validate
       mode: 0755
       contents:
-        source: https://github.com/coreos/ignition/releases/download/v2.16.2/ignition-validate-x86_64-linux
+        source: https://github.com/coreos/ignition/releases/download/v2.18.0/ignition-validate-x86_64-linux
+    - path: /usr/local/bin/launch_coreos_vm
+      mode: 0755
+      contents:
+        source: https://raw.githubusercontent.com/coreos/coreos-tutorials/Patch_main/fedora-coreos/provisioning/launch_coreos_vm
+    - path: /srv/dummy.ign
+      mode: 0755
+      contents:
+        inline: '{"ignition":{"version":"3.4.0"}}'
     - path: /srv/fedora-coreos.qcow2.xz
       mode: 0644
       contents:
-        source: https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/38.20230709.3.0/x86_64/fedora-coreos-38.20230709.3.0-qemu.x86_64.qcow2.xz
+        source: https://builds.coreos.fedoraproject.org/prod/streams/stable/builds/40.20240519.3.0/x86_64/fedora-coreos-40.20240519.3.0-qemu.x86_64.qcow2.xz
         verification:
-          hash: sha256-89cd1b9b236d6b6e1a4b8886810323f6c376f29923fbfb99ec31024919dd3d69
+          hash: sha512-7bc2f327f5d29f26ebf6aaa6983d28946feed3ad1c062751ea3f7f9cee065e7822301c070031015ce4a181fd301783035d7ea953113fb6956ea04a541cf39c85
     - path: /usr/local/bin/setup-users.sh
       mode: 0755
       contents:
         inline: |
           #!/bin/bash
           set -eux -o pipefail
-          for x in {1..19}; do
+          for x in {1..24}; do
               install --group="labuser$${x}" --owner="labuser$${x}" -d /home/labuser$${x}/coreos
               ln /srv/fedora-coreos.qcow2 /home/labuser$${x}/coreos/fedora-coreos.qcow2
               sudo -u "labuser$${x}" ssh-keygen -f "/var/home/labuser$${x}/.ssh/id_rsa" -N ""

fedora-coreos/provisioning/launch_coreos_vm

@@ -0,0 +1,89 @@
+#!/bin/bash
+set -euo pipefail
+
+print_help() {
+    cat 1>&2 <<'EOF'
+Usage: $0 [OPTIONS]
+
+  Launch a coreOS VM instance, optionnally attaching an ignition config. 
+
+  The following options are available:
+
+  -b /path/to/butane      Path to a butane file, to transpile to ignition then pass to the VM
+  -i /path/to/ignition    Path to an ingition file to pass to the VM
+  -d SERIAL               Attach a 1G disk to the VM with a custom serial number
+  -h                      Print this help
+
+
+  The following environnement variables are aslo supported:
+
+  BACKING_STORE_PATH      Set a custom path for the boot backing store
+  VIRT_INSTALL_EXTRA_ARGS Adds extra arguments to the virt-install command
+
+EOF
+}
+
+
+# Allow overriding the coreos QCOW file
+BACKING_STORE_PATH="${COREOS_BACKING_STORE_PATH:-/srv/fedora-coreos.qcow2}"
+
+
+IGNITION_CONFIG=
+BUTANE_CONFIG=
+IGN_CMDLINE=""
+DISK_OPT=""
+while getopts 'hi:b:d:' FLAG; do
+  case "$FLAG" in
+    i)
+      IGNITION_CONFIG=${OPTARG}
+      ;;
+    b)
+      BUTANE_CONFIG=${OPTARG}
+      ;;
+    d)
+      DISK_OPT="--disk size=1,serial=${OPTARG}"
+      ;;
+    h)
+      print_help
+      exit 0
+      ;;
+    ?)
+      echo "error: unrecognized option: $FLAG"
+      ;;
+    esac
+done    
+shift "$((OPTIND -1))"
+
+if test -n "${IGNITION_CONFIG}" && test -n "${BUTANE_CONFIG}"; then
+  echo "conflicting args: -b and -i. the butane config will be transpiled to ignition"
+  exit 1
+fi
+
+if test -n "${BUTANE_CONFIG}"; then
+  IGNITION_CONFIG=$(mktemp --suffix=.ign)
+  butane --pretty --strict "${BUTANE_CONFIG}" --output "${IGNITION_CONFIG}" --files-dir .
+fi
+
+
+
+# Setup the correct SELinux label to allow access to the config
+if test -n "${IGNITION_CONFIG}"; then 
+  chcon --verbose --type svirt_home_t "${IGNITION_CONFIG}"
+  IGNITION_CONFIG=$(realpath ${IGNITION_CONFIG})
+else 
+  IGNITION_CONFIG="/srv/dummy.ign" 
+fi
+
+
+IGN_CMDLINE=(--qemu-commandline="-fw_cfg name=opt/com.coreos/config,file=${IGNITION_CONFIG}")
+
+# Start a Fedora CoreOS virtual machine
+virt-install --transient --name=fcos-"${USER}" --vcpus=2 --ram=1024 --os-variant=fedora-coreos-stable \
+    --import --network=bridge=virbr0 --graphics=none \
+    "${IGN_CMDLINE}" \
+    --disk=size=20,backing_store="${BACKING_STORE_PATH}" ${DISK_OPT:-} \
+    ${VIRT_INSTALL_EXTRA_ARGS:-}
+
+
+
+virsh destroy fcos-"${USER}"

fedora-coreos/provisioning/main.tf

@@ -8,11 +8,15 @@ terraform {
       source  = "hashicorp/aws"
       version = "~> 3.0"
     }
+    http = {
+      source  = "hashicorp/http"
+      version = "2.1.0"
+    }
   }
 }
 
-provider "aws" {}
 provider "ct" {}
+provider "http" {}
 
 variable "student_password_hash" {
  type        = string
@@ -22,6 +26,8 @@ variable "core_user_ssh_pubkey_string" {
  type        = string
 }
 
+data "aws_region" "aws_region" {}
+
 data "ct_config" "butane" {
   content = templatefile("fcos-lab-tutorial.bu", {
     student_password_hash = bcrypt(var.student_password_hash)
@@ -30,19 +36,32 @@ data "ct_config" "butane" {
   strict = true
 }
 
+# Gather information about the AWS image for the current region
+data "http" "stream_metadata" {
+  url = "https://builds.coreos.fedoraproject.org/streams/stable.json"
+
+  request_headers = {
+    Accept = "application/json"
+  }
+}
+# Lookup the x86 AWS image for the current AWS region
+locals {
+  ami = lookup(jsondecode(data.http.stream_metadata.body).architectures.x86_64.images.aws.regions, data.aws_region.aws_region.name).image
+}
+
 resource "aws_instance" "fcos-lab-instance" {
   tags = {
     Name = "fcos-lab"
   }
-  ami           = "ami-0ea3c2efdcead938c"
+  ami           = local.ami
   instance_type = "c5n.metal"
   user_data     = data.ct_config.butane.rendered
   associate_public_ip_address = "true"
   vpc_security_group_ids = [aws_security_group.sg.id]
   subnet_id              = aws_subnet.private_subnets[0].id
   root_block_device {
       volume_size = "100"
-      volume_type = "gp3"
+      volume_type = "gp2"
   }
 }