bootc icon indicating copy to clipboard operation
bootc copied to clipboard
verified publisher icon containers

donotmerge: IBX changes

Open omertuc opened this issue 1 year ago • 6 comments

Some (trash, temporary) changes I had to perform on bootc to get IBX to work

  • ./Containerfile builds a bootable image from an existing normal IBX seed
  • ./build_seed.sh is just a helper script

To install on recipient:

sudo podman run --privileged -v $PWD/authkeys:/authkeys --env RUST_LOG=trace -v /var/tmp:/var/tmp -v /var/lib/containers/storage:/var/lib/containers/storage --pid=host -it quay.io/otuchfel/bootc:seed bootc install to-existing-root --acknowledge-destructive --stateroot omeroot --root-ssh-authorized-keys /authkeys --bound-images pull

This PR only exists to start discussions around concrete issues, it's not meant to be merged.

Current state:

  • Installation of the seed image on new stateroot completes successfully
  • Host reboots successfully and connects to the network

But...

  • bootc only allows us to set authorized keys for the root user, not the core user as we would expect from OCP
  • For some reason, I can't SSH even to the root user? sshd is running, /root/.authorized_keys is populated with the key I expect... yet:

image

Even though I'm using ssh-ed25519, so it's rather strange... Will look into it once I come back from vacation

Future work:

  • Fix SSH bug
  • Integrate a PoC that uses lifecycle-agent and actually does a proper upgrade

omertuc avatar Dec 10 '24 23:12 omertuc

While the install completes "successfully", SSHing after rebooting doesn't work

ssh -o IdentityFile=./bip-orchestrate-vm/ssh-key/key -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no [email protected]
ssh: connect to host 192.168.126.10 port 22: Connection refused
make: *** [Makefile:425: ssh] Error 255

omertuc avatar Dec 11 '24 00:12 omertuc

image

omertuc avatar Dec 11 '24 00:12 omertuc

Host SSH keys were not created... Suspecting selinux?

EDIT: neither did the key I added with --root-ssh-authorized-keys

omertuc avatar Dec 11 '24 00:12 omertuc

Force push because of rebase

omertuc avatar Jan 15 '25 12:01 omertuc

Host SSH keys were not created... Suspecting selinux?

EDIT: neither did the key I added with --root-ssh-authorized-keys

OK figured out it was because of /etc/ssh/sshd_config.d/40-rhcos-defaults.conf disabling root login completely, not just with password

omertuc avatar Jan 16 '25 16:01 omertuc

OK figured out it was because of /etc/ssh/sshd_config.d/40-rhcos-defaults.conf disabling root login completely, not just with password

Ouch...maybe we should revisit that.

cgwalters avatar Jan 16 '25 17:01 cgwalters