Lab: Prepare a Test Environment for Red Hat Device Edge

Estimated reading time: 9 minutes.

Objective

Prepare a test environment for building RHEL for Edge images and managing OSTree repositories.

Before you Begin

You need a few machines to perform the hands-on activities in this course.

  • A development machine with RHEL and unrestricted sudo, where you will install Image Builder and RPM-OSTree tools, create test VMs using Libvirt, and also run the OpenShift client to access your MicroShift instances in other machines.

  • A test machine with RHEL and unrestricted sudo, where you will install MicroShift on package-based RHEL.

  • A package server machine already configured to serve DNF repositories for RHEL, Fast Datapath for RHEL, and Red Hat OpenShift Container Platform.

  • A web server machine with RHEL and unrestricted sudo, to host OSTree repositories

  • A mirror registry machine with RHEL and unrestricted sudo, to host a mirror registry for Red Hat OpenShift.

These instructions were tested on RHEL 9.5 but should work with minimal or no change on newer and older RHEL 9.x releases.

If you are using the course environment, you will log in to the workstation VM as the user student with password student. The workstation VM is your development machine. You will start SSH sessions from the workstation VM to the servera VM, which is your web server machine and also your mirror registry machine, using the same user.

Be sure you execute each step on the correct machine. If a step is not explicit about the machine it should be performed, it is using the same machine as its previous step.

In the course environment, the classroom VM, with the materials alias, is your package server machine but you are not expected to start SSH sessions nor perform any activity on it.

If you are using the same course environment where you performed the activities from the Building Red Hat Device Edge Images quick course, you should have some requirements already set up. They are listed here anyway, for learners that are starting this course in a new course environment.

It should be possible to perform all activities in this course using a free Red Hat Developers free subscription, which gives you access to installation media, RPM packages, and container images for RHEL and Red Hat OpenShift. If you ignore the requirements for air-gaped installation of MicroShift, you could use a single RHEL VM and adapt the steps to your own environment.

Instructions

  1. Configure your development machine with the RHEL for Edge tools. It should be ready if you already performed the activities from the first course in the same course environment.

    If something goes wrong while performing these steps and you need troubleshooting aid, please refer to the activities from the first course which focus on deploying Image Builder and RPM-OSTree.

    1. Install the RPM packages for the Image Builder service and its CLI. Notice that RPM-OSTree packages are also installed, as dependencies.

      $ sudo dnf install osbuild-composer composer-cli
...
Complete!

    2. Optionally, install the RPM packages for the Cockpit service and its Composer module.

      $ sudo dnf install cockpit cockpit-composer
...
Complete!

    3. Enable and activate the Image Builder socket.

      $ sudo systemctl enable osbuild-composer.socket --now
Created symlink /etc/systemd/system/sockets.target.wants/osbuild-composer.socket → /usr/lib/systemd/system/osbuild-composer.socket.

    4. Optionally, enable and activate the Cockpit socket and enable remote access to Cockpit.

      $ sudo systemctl enable cockpit.socket --now
Created symlink /etc/systemd/system/sockets.target.wants/cockpit.socket → /usr/lib/systemd/system/cockpit.socket.
$ sudo firewall-cmd --add-service=cockpit --permanent
success
$ sudo firewall-cmd --reload
success

    5. Grant your unprivileged user (the student user) with access to the Image Builder service.

      $ sudo usermod -a -G weldr student

    6. Configure your unprivileged user with Bash command autocompletion for the Image Builder CLI.

      $ echo 'source /etc/bash_completion.d/composer-cli' >> $HOME/.bashrc

    7. Log out and log in again, then verify that autocompletion works for the Image Builder CLI

      $ composer-cli TabTab
blueprints  compose     distros     help        modules     projects    sources     upload

    8. To check that you have access to the Image Builder service, list its supported image types.

      $ composer-cli compose types
ami
edge-commit
edge-container
edge-installer
edge-raw-image
edge-simplified-installer
gce
...

    9. Install the JQ command-line JSON processor, because it’s useful for scripting Image Builder tasks.

      $ sudo dnf install jq
...
Complete!

  2. Configure package sources for Image Builder.

    Your development machine should be already configured with access to RHEL and MicroShift package repositories, but Image Builder does not use the configurations from DNF and YUM, and, if you do not configure image sources, Image Builder will try to download packages from Red Hat repositories over the Internet.

    If something goes wrong while performing these steps and you need troubleshooting aid, please refer to the activities from the first course which focus on deploying Image Builder and RPM-OSTree.

    1. Create a directory to store your repository overrides.

      $ sudo mkdir -p /etc/osbuild-composer/repositories

    2. Copy the example configuration file for your distribution from the /usr/share/osbuild-composer/ directory.

      $ sudo cp /usr/share/osbuild-composer/repositories/rhel-9.5.json /etc/osbuild-composer/repositories/

    3. Modify the configuration file to match your local DNF repository. Pay attention to attributes such as baseurl, rhsm, and check_gpg.

      In the course environment, you should make the following edits:

      ...
  "x86_64": [
    {
      "name": "baseos",
      "baseurl": "http://content.example.com/rhel9.5/x86_64/dvd/BaseOS",
...
      "rhsm": false,
      "check_gpg": true
...
    {
      "name": "appstream",
      "baseurl": "http://content.example.com/rhel9.5/x86_64/dvd/AppStream",
...
      "rhsm": false,
      "check_gpg": true
...

      You can download a configuration file with all changes done from the sample applications repository in GitHub.

    4. Restart the Image Builder service. Be patient, it’s may not be quick.

      $ sudo systemctl restart osbuild-composer
      Restarting the obuild-composer service only works here because we assume you didn’t start any compose, so there are no osbuild-worker@<number> services active. If there are, you must stop all of them or simply reboot the machine running Image Builder.

    5. Verify that the repository overrides are in effect.

      $ composer-cli sources list
appstream
baseos
$ composer-cli sources info baseos
check_gpg = false
check_repogpg = false
...
rhsm = false
system = true
type = "yum-baseurl"
url = "http://content.example.com/rhel9.5/x86_64/dvd/BaseOS"
$ composer-cli sources info appstream
check_gpg = false
check_repogpg = false
...
rhsm = false
system = true
type = "yum-baseurl"
url = "http://content.example.com/rhel9.5/x86_64/dvd/ApStream"
      Later in this course, you will configure additional package sources for packages required by MicroShift. For now, it is just ensuring you have all the changes that would have been made in the first Red Hat Device Edge course.

  3. Configure your development machine with the Libvirt tools. It should be ready if you already performed the activities from the first course in the same course environment.

    If something goes wrong while performing these steps and you need troubleshooting aid, please refer to the activities from the first course which focus on deploying Libvirt and using KVM virtualization.

    1. Install the Libvirt tools and enable the Libvirt socket.

      $ sudo dnf install qemu-kvm libvirt virt-install virt-viewer
...
Complete!
$ sudo systemctl enable virtqemud.socket --now
Created symlink /etc/systemd/system/multi-user.target.wants/virtqemud.socket → /usr/lib/systemd/system/virtqemud.socket.

    2. Optionally, install the virtual machines module for Cockpit

      $ sudo dnf install cockpit-machines
...
Complete!

    3. Check that your unprivileged user can connect to Libvirt’s session interface.

      $ virsh uri
qemu:///session
$ virsh nodeinfo
CPU model:           x86_64
...

  4. Configure unprivileged user access to Libvirt’s default network. This enables inbound network connections to session VMs.

    This was not configured in the first course about Red Hat Device Edge, and it will be necessary to test edge images and bootc images with MicroShift.

    1. Check that IP forwarding is enabled, which is the default for RHEL installations.

      $ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1

    2. Install Libvirt’s NSS module.

      $ sudo dnf install libvirt-nss
...
Complete!

    3. Create the /etc/qemu/bridge.conf configuration file and make it world-readable.

      $ sudo mkdir /etc/qemu
$ sudo bash -c 'echo "allow virbr0" > /etc/qemu/bridge.conf'
$ sudo chmod a+r /etc/qemu/bridge.conf

    4. Enable and start the Libvirt network daemon.

      $ sudo systemctl enable virtnetworkd --now
Created symlink /etc/systemd/system/multi-user.target.wants/virtnetworkd.service → /usr/lib/systemd/system/virtnetworkd.service.

    5. Check that Libvirt initialized its default network and the virb0 bridge device.

      $ sudo virsh net-list
 Name      State    Autostart   Persistent
--------------------------------------------
default   active   yes         yes
$ ip -br addr show virbr0
virbr0           DOWN           192.168.122.1/24

    6. Edit your the /etc/nsswitch.conf configuration file, as root, by adding the Libvirt NSS modules right before the myhostname module. This enables resolving hostnames of session VMs to their IP addresses.

      hosts:      files dns libvirt libvirt_guest myhostname
      in production systems, it is recommended that you use the authselect utility instead of making edits to the /etc/nsswtich.conf file.

  5. Configure your web server machine to host OSTree repositories. It should be ready if you already performed the activities from the first course in the same course environment.

    If something goes wrong while performing these steps and you need troubleshooting aid, please refer to the activities from the first course which focus on configuring an Apache Web Server for OSTree repository management.

    1. Install the Apache Web Server packages from RHEL.

      $ sudo dnf install httpd
...
Complete!

    2. Enable and start the Apache Web Server system service.

      $ sudo systemctl enable httpd --now
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.

    3. Allow remote access to the Apache Web Server on the system’s firewall.

      $ sudo firewall-cmd --add-service=http --permanent
success
$ sudo firewall-cmd --reload
success

    4. Install the RPM-OSTree and the lower level OSTree tooling on the web server machine, because you will need to perform maintenance on the OSTree repositories you store on it.

      $ sudo dnf install rpm-ostree ostree
...
Complete!

You now have your development machine ready to build and test RHEL for Edge system images, and your web server machine ready to store and distribute OSTree repositories for edge devices.

What’s Next

The next lab configures the requirements for air-gapped deployments of MicroShift.