From a7d6fe21bbbfa096f1605e6f64269f3608ce1fb8 Mon Sep 17 00:00:00 2001
From: Igal Tsoiref <itsoiref@redhat.com>
Date: Tue, 25 Jun 2024 18:27:21 +0300
Subject: [PATCH] RHELAI-429: Adding upgrade informer service Upgrade informer
 will run every couple of our and will be triggered by systemd timer.

In order to start it on boot and run once i enabled it and timer.
Disabling auto upgrade service in order to remove unexpected reboots.

Service will run "bootc upgrade --check" and in case new version exists
it will create motd file with upgrade info.

Signed-off-by: Igal Tsoiref <itsoiref@redhat.com>
Signed-off-by: Javi Polo <jpolo@redhat.com>
---
 training/common/Makefile.common               |  7 +++-
 .../systemd/system/upgrade-informer.service   | 12 ++++++
 .../lib/systemd/system/upgrade-informer.timer | 11 ++++++
 training/common/usr/libexec/upgrade-informer  | 37 +++++++++++++++++++
 training/nvidia-bootc/Containerfile           | 10 ++++-
 5 files changed, 75 insertions(+), 2 deletions(-)
 create mode 100644 training/common/usr/lib/systemd/system/upgrade-informer.service
 create mode 100644 training/common/usr/lib/systemd/system/upgrade-informer.timer
 create mode 100755 training/common/usr/libexec/upgrade-informer

diff --git a/training/common/Makefile.common b/training/common/Makefile.common
index b88a60bb..8db177ed 100644
--- a/training/common/Makefile.common
+++ b/training/common/Makefile.common
@@ -52,7 +52,7 @@ ENABLE_RT ?=
 SSH_PUBKEY ?= $(shell cat ${HOME}/.ssh/id_rsa.pub 2> /dev/null)
 
 .PHONY: prepare-files
-prepare-files: $(OUTDIR)/$(WRAPPER) $(OUTDIR)/$(QLORA_WRAPPER) $(OUTDIR)/$(TRAIN_WRAPPER) $(OUTDIR)
+prepare-files: $(OUTDIR)/$(WRAPPER) $(OUTDIR)/$(QLORA_WRAPPER) $(OUTDIR)/$(TRAIN_WRAPPER) $(OUTDIR) common-services
 
 $(OUTDIR):
 	mkdir -p $(OUTDIR)
@@ -63,6 +63,11 @@ $(OUTDIR)/$(QLORA_WRAPPER): $(OUTDIR)
 $(OUTDIR)/$(TRAIN_WRAPPER): $(OUTDIR)
 	cp -pf $(TRAIN_WRAPPER) $(OUTDIR)
 
+.PHONY: common-services
+common-services:
+	mkdir -p build; cp -pR ../common/usr build
+
+
 .PHONY: check-sshkey
 check-sshkey:
 	@test -n "$(SSH_PUBKEY)" || \
diff --git a/training/common/usr/lib/systemd/system/upgrade-informer.service b/training/common/usr/lib/systemd/system/upgrade-informer.service
new file mode 100644
index 00000000..1e479959
--- /dev/null
+++ b/training/common/usr/lib/systemd/system/upgrade-informer.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Check for available RHEL AI upgrade
+ConditionPathExists=/run/ostree-booted
+After=network-online.target
+StartLimitIntervalSec=400
+StartLimitBurst=3
+
+[Service]
+Type=oneshot
+ExecStart=/usr/libexec/upgrade-informer
+Restart=on-failure
+RestartSec=90
diff --git a/training/common/usr/lib/systemd/system/upgrade-informer.timer b/training/common/usr/lib/systemd/system/upgrade-informer.timer
new file mode 100644
index 00000000..1ac82e93
--- /dev/null
+++ b/training/common/usr/lib/systemd/system/upgrade-informer.timer
@@ -0,0 +1,11 @@
+[Unit]
+Description=Runs upgrade informer periodically
+ConditionPathExists=/run/ostree-booted
+
+[Timer]
+OnBootSec=1h
+OnUnitInactiveSec=8h
+RandomizedDelaySec=2h
+
+[Install]
+WantedBy=timers.target
diff --git a/training/common/usr/libexec/upgrade-informer b/training/common/usr/libexec/upgrade-informer
new file mode 100755
index 00000000..5f8979c7
--- /dev/null
+++ b/training/common/usr/libexec/upgrade-informer
@@ -0,0 +1,37 @@
+#!/bin/bash
+
+# Run the command and capture its output
+output=$(bootc upgrade --check | sed -e 1q)
+message_file="/etc/motd.d/upgrade-message"
+bootc_auth="/etc/ostree/auth.json"
+
+if [[ $output == Update\ available* ]]; then
+    if [[ ! -f $message_file ]]; then
+        echo "New version was found"
+        bootc_image=$(awk '{print $4}' <<< "$output")
+        # If auth file exists we should use it
+        auth_params=""
+        if [[ -f $bootc_auth ]]; then
+            auth_params="--authfile $bootc_auth"
+        fi
+
+        # Get image version
+        # shellcheck disable=SC2086
+        image_version_id=$(skopeo inspect --format json $auth_params "$bootc_image" | jq -r '.Labels | .["image_version_id"] // empty')
+
+        # If upgrade available, write the output to the file
+        cat > $message_file << EOF
+
+**   Attention!   **
+** A new $image_version_id version is available **
+** In order to apply it run: bootc upgrade --apply
+** Please note that the system will reboot after the upgrade **
+
+EOF
+    fi
+else
+    echo "No upgrade was found"
+    rm $message_file 2> /dev/null
+fi
+
+echo "Finished running upgrade informer"
diff --git a/training/nvidia-bootc/Containerfile b/training/nvidia-bootc/Containerfile
index d5dc77fe..16f6a769 100644
--- a/training/nvidia-bootc/Containerfile
+++ b/training/nvidia-bootc/Containerfile
@@ -98,6 +98,8 @@ COPY --from=builder /home/builder/yum-packaging-precompiled-kmod/RPMS/*/*.rpm /r
 COPY --from=builder --chmod=444 /home/builder/yum-packaging-precompiled-kmod/tmp/firmware/*.bin /lib/firmware/nvidia/${DRIVER_VERSION}/
 # Temporary workaround until the permanent fix for libdnf is merged
 COPY nvidia-toolkit-firstboot.service /usr/lib/systemd/system/nvidia-toolkit-firstboot.service
+# Enable common services
+COPY build/usr /usr
 
 ARG IMAGE_VERSION_ID
 
@@ -145,12 +147,17 @@ RUN mv /etc/selinux /etc/selinux.tmp \
         dnf module enable -y nvidia-driver:${DRIVER_BRANCH} && \
         dnf install -y nvidia-fabric-manager-${DRIVER_VERSION} libnvidia-nscq-${DRIVER_BRANCH}-${DRIVER_VERSION} ; \
     fi \
-    # Install rhc connect for insights telemetry gathering
     && . /etc/os-release && if [ "${ID}" == "rhel" ]; then \
+        # Install rhc connect for insights telemetry gathering
         dnf install -y rhc rhc-worker-playbook; \
+        # Adding rhel ai identity to os-release file for insights usage
         sed -i -e "/^VARIANT=/ {s/^VARIANT=.*/VARIANT=\"RHEL AI\"/; t}" -e "\$aVARIANT=\"RHEL AI\"" /usr/lib/os-release; \
         sed -i -e "/^VARIANT_ID=/ {s/^VARIANT_ID=.*/VARIANT_ID=rhel_ai/; t}" -e "\$aVARIANT_ID=rhel_ai" /usr/lib/os-release; \
         sed -i -e "/^RHEL_AI_VERSION_ID=/ {s/^RHEL_AI_VERSION_ID=.*/RHEL_AI_VERSION_ID='${IMAGE_VERSION_ID}'/; t}" -e "\$aRHEL_AI_VERSION_ID='${IMAGE_VERSION_ID}'" /usr/lib/os-release; \
+        # enable upgrade informer timer
+        ln -s /usr/lib/systemd/system/upgrade-informer.timer /usr/lib/systemd/system/timers.target.wants/upgrade-informer.timer; \
+        # enable upgrade informer service, added as we need it to start on boot
+        ln -s /usr/lib/systemd/system/upgrade-informer.service /usr/lib/systemd/system/basic.target.wants/upgrade-informer.service; \
         # disable auto upgrade service
         rm -f /usr/lib/systemd/system/default.target.wants/bootc-fetch-apply-updates.timer; \
         fi \
@@ -163,6 +170,7 @@ RUN mv /etc/selinux /etc/selinux.tmp \
     && ln -s /usr/lib/systemd/system/nvidia-fabricmanager.service /etc/systemd/system/multi-user.target.wants/nvidia-fabricmanager.service \
     && ln -s /usr/lib/systemd/system/nvidia-persistenced.service /etc/systemd/system/multi-user.target.wants/nvidia-persistenced.service
 
+
 ARG SSHPUBKEY
 
 # The --build-arg "SSHPUBKEY=$(cat ~/.ssh/id_rsa.pub)" option inserts your