okd-project · dsevost · Apr 25, 2023 · Jun 5, 2023 · Jun 5, 2023 · Jun 5, 2023
diff --git a/buildconfigs/20-ovn-kubernetes-base.yaml b/buildconfigs/20-ovn-kubernetes-base.yaml
@@ -14,7 +14,8 @@ spec:
     type: Docker
     dockerStrategy:
       imageOptimizationPolicy: SkipLayers
-      dockerfilePath: Dockerfile.base.rhel9
+      # Dockerfile.rhel9 is suitable for 4.13 only
+      dockerfilePath: Dockerfile.base
       from:
         kind: "ImageStreamTag"
         name: "release:base"

diff --git a/buildconfigs/30-network-tools.yaml b/buildconfigs/30-network-tools.yaml
@@ -15,6 +15,8 @@ spec:
           name: 'release:ovn-kubernetes'
         as:
           - registry.ci.openshift.org/ocp/4.13:ovn-kubernetes-rhel-9
+          # still needed by 4.12 branch
+          - registry.ci.openshift.org/ocp/4.12:ovn-kubernetes
   strategy:
     type: Docker
     dockerStrategy:

diff --git a/buildconfigs/30-ovn-kubernetes.yaml b/buildconfigs/30-ovn-kubernetes.yaml
@@ -14,7 +14,8 @@ spec:
     type: Docker
     dockerStrategy:
       imageOptimizationPolicy: SkipLayers
-      dockerfilePath: Dockerfile.rhel9
+      # Dockerfile.rhel9 is suitable for 4.13 only
+      dockerfilePath: Dockerfile
       from:
         kind: "ImageStreamTag"
         name: "release:ovn-kubernetes-base"

diff --git a/pipelines/build-from-scratch.yaml b/pipelines/build-from-scratch.yaml
@@ -212,6 +212,7 @@ spec:
           - installer-artifacts
           - installer
           - hyperkube
+          - ovn-kubernetes-base
     - name: batch-02
       timeout: "2h0m0s"
       runAfter:
@@ -227,7 +228,6 @@ spec:
           - tools
           - haproxy-router
           - ovn-kubernetes
-          - ovn-kubernetes-base
           - machine-os-images
           - deployer
     - name: batch-03

diff --git a/variants/fcos/40-okd-rpms.yaml b/variants/fcos/40-okd-rpms.yaml
@@ -0,0 +1,37 @@
+apiVersion: build.openshift.io/v1
+kind: BuildConfig
+metadata:
+  name: okd-rpms
+  labels:
+    builder-replacement: skip
+spec:
+  source:
+    type: Git
+    git:
+      uri: 'https://github.com/okd-project/okd-payload-pipeline.git'
+      ref: main
+    contextDir: variants/fcos/okd-rpms
+    images:
+    - as:
+      - release:artifacts
+      from:
+        kind: ImageStreamTag
+        name: release:artifacts
+    - as:
+      - release:machine-config-operator
+      from:
+        kind: ImageStreamTag
+        name: release:machine-config-operator
+  strategy:
+    type: Docker
+    dockerStrategy:
+      from:
+        kind: ImageStreamTag
+        name: tools:fedora37
+      buildArgs:
+        - name: CRIO_VERSION
+          value: "1.25"
+  output:
+    to:
+      kind: ImageStreamTag
+      name: 'release:okd-rpms'
diff --git a/variants/fcos/kustomization.yaml b/variants/fcos/kustomization.yaml
@@ -6,7 +6,7 @@ namespace: okd-fcos
 resources:
   - ../../buildconfigs
   - ../../pipelines
-
+  - 40-okd-rpms.yaml
 patches:
   - patch: |-
       apiVersion: build.openshift.io/v1
@@ -25,6 +25,13 @@ patches:
       labelSelector: "change-build-arg-tags==true"
       kind: BuildConfig
   - patch: |-
+      - op: add
+        path: /spec/tags/-
+        value:
+          from:
+            kind: DockerImage
+            name: registry.fedoraproject.org/fedora:37
+          name: fedora37
       - op: add
         path: "/spec/tags/-"
         value:
@@ -37,6 +44,13 @@ patches:
     target:
       kind: ImageStream
       name: tools
+  - patch: |-
+      - op: replace
+        path: "/spec/source/git/ref"
+        value: release-4.12
+    target:
+      kind: BuildConfig
+      name: fedora-coreos
   - patch: |-
       - op: add
         path: "/spec/tags/-"
@@ -50,10 +64,25 @@ patches:
       name: release
   - patch: |-
       - op: add
-        path: "/spec/tasks/3/params/0/value/-"
+        path: "/spec/tasks/3/params/0/value"
         value:
-          fedora-coreos
+          - tests
+          - network-tools
+          - ovn-kubernetes-microshift
+          - fedora-coreos
+          - okd-rpms
     target:
       kind: Pipeline
       name: build-from-scratch
-
+  - patch: |-
+      - op: replace
+        path: "/spec/tasks/20/params/0/value"
+        value:
+          - artifacts
+          - tests
+          - network-tools
+          - machine-os-content
+          - odk-rpms
+    target:
+      kind: Pipeline
+      name: full-rebuild
diff --git a/variants/fcos/okd-rpms/Dockerfile b/variants/fcos/okd-rpms/Dockerfile
@@ -0,0 +1,21 @@
+FROM release:artifacts as artifacts
+FROM release:machine-config-operator as mcd
+
+FROM fedora:37
+ARG CRIO_VERSION=1.25
+
+WORKDIR /rpms
+
+COPY --from=artifacts /srv/repo/* /tmp/rpms
+COPY manifests /
+
+# TODO: check: is it really needed
+COPY --from=mcd /usr/bin/machine-config-daemon /binaries/machine-config-daemon
+
+RUN \
+    mkdir -p /rpms && \
+    mv -v /tmp/rpms/$([ -d /tmp/rpms/$(uname -m) ] && echo $(uname -m)/)*.rpm /rpms/ && \
+    dnf install -y dnf-plugins-core && \
+    dnf module enable -y cri-o:${CRIO_VERSION} && \
+    dnf download -y cri-o cri-tools --destdir /rpms && \
+    dnf clean all
diff --git a/variants/fcos/okd-rpms/manifests/99-okd-master-disable-mitigations.yaml b/variants/fcos/okd-rpms/manifests/99-okd-master-disable-mitigations.yaml
@@ -0,0 +1,18 @@
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  annotations:
+    include.release.openshift.io/ibm-cloud-managed: "true"
+    include.release.openshift.io/self-managed-high-availability: "true"
+    include.release.openshift.io/single-node-developer: "true"
+    release.openshift.io/create-only: "true"
+  labels:
+    machineconfiguration.openshift.io/role: master
+  name: 99-okd-master-disable-mitigations
+spec:
+  config:
+    ignition:
+      version: 3.2.0
+  kernelArguments:
+    - mitigations=off
+    - intel_pstate=disable
diff --git a/variants/fcos/okd-rpms/manifests/99-okd-worker-disable-mitigations.yaml b/variants/fcos/okd-rpms/manifests/99-okd-worker-disable-mitigations.yaml
@@ -0,0 +1,18 @@
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  annotations:
+    include.release.openshift.io/ibm-cloud-managed: "true"
+    include.release.openshift.io/self-managed-high-availability: "true"
+    include.release.openshift.io/single-node-developer: "true"
+    release.openshift.io/create-only: "true"
+  labels:
+    machineconfiguration.openshift.io/role: worker
+  name: 99-okd-worker-disable-mitigations
+spec:
+  config:
+    ignition:
+      version: 3.2.0
+  kernelArguments:
+    - mitigations=off
+    - intel_pstate=disable
diff --git a/variants/fcos/okd-rpms/manifests/99-sca-disable.yaml b/variants/fcos/okd-rpms/manifests/99-sca-disable.yaml
@@ -0,0 +1,8 @@
+kind: Secret
+apiVersion: v1
+metadata:
+  name: support
+  namespace: openshift-config
+stringData:
+  scaPullDisabled: "true"
+type: Opaque