Add high-level subcommands for customizing live ISO images and PXE initrds

.cci.jenkinsfile

@@ -54,7 +54,8 @@ cosaPod(buildroot: true, runAsUser: 0) {
         shwrap("tests/iso-kargs.sh /srv/fcos/builds/latest/x86_64/*.iso")
         shwrap("tests/iso-kargs.sh fixtures/iso/embed-areas-2021-09.iso.xz")
         shwrap("tests/iso-inspect.sh /srv/fcos/builds/latest/x86_64/*.iso")
-        // just pass the build dir; this test also uses the other live artifacts
+        // just pass the build dir; these tests use multiple live artifacts
         shwrap("tests/iso-extract-pxe.sh /srv/fcos/builds/latest/x86_64")
+        shwrap("tests/customize.sh /srv/fcos/builds/latest/x86_64")
     }
 }

Cargo.toml

@@ -40,6 +40,7 @@ debug = true
 
 [dependencies]
 anyhow = ">= 1.0.38, < 2"
+base64 = "0.13"
 bincode = "^1.3"
 bytes = ">= 1.0.1, < 1.2.0"
 byte-unit = ">= 3.1.0, < 5.0.0"
@@ -48,6 +49,7 @@ flate2 = "^1.0"
 glob = "^0.3"
 gptman = { version = ">= 0.7, < 0.9", default-features = false }
 hex = "^0.4"
+ignition-config = "0.2"
 lazy_static = "^1.4"
 libc = "^0.2"
 nix = ">= 0.22, < 0.24"

docs/cmd/iso.md

@@ -9,6 +9,97 @@ nav_order: 4
 1. TOC
 {:toc}
 
+# coreos-installer iso customize
+
+```
+Customize a CoreOS live ISO image
+
+USAGE:
+    coreos-installer iso customize [OPTIONS] <ISO>
+
+OPTIONS:
+        --dest-ignition <path>...
+            Ignition config fragment for dest sys
+
+            Automatically run installer and merge the specified Ignition config into the config
+            for the destination system.
+        --dest-device <path>
+            Install destination device
+
+            Automatically run installer, installing to the specified destination device.  The
+            resulting boot media will overwrite the destination device without confirmation.
+        --dest-karg-append <arg>...
+            Destination kernel argument to append
+
+            Automatically run installer, adding the specified kernel argument for every boot of
+            the destination system.
+        --dest-karg-delete <arg>...
+            Destination kernel argument to delete
+
+            Automatically run installer, deleting the specified kernel argument for every boot
+            of the destination system.
+        --network-keyfile <path>...
+            NetworkManager keyfile for live & dest
+
+            Configure networking using the specified NetworkManager keyfile. Network settings
+            will be applied in the live environment, including when Ignition is run.  If
+            installer is enabled via additional options, network settings will also be applied
+            in the destination system, including when Ignition is run.
+        --ignition-ca <path>...
+            Ignition PEM CA bundle for live & dest
+
+            Specify additional TLS certificate authorities to be trusted by Ignition, in PEM
+            format.  Authorities will be trusted by Ignition in the live environment and, if
+            installer is enabled via additional options, in the destination system.
+        --pre-install <path>...
+            Script to run before installation
+
+            If installer is run at boot, run this script before installation. If the script
+            fails, the live environment will stop at an emergency shell.
+        --post-install <path>...
+            Script to run after installation
+
+            If installer is run at boot, run this script after installation. If the script
+            fails, the live environment will stop at an emergency shell.
+        --installer-config <path>...
+            Installer config file
+
+            Automatically run coreos-installer and apply the specified installer config file.
+            Config files are applied in the order that they are specified.
+        --live-ignition <path>...
+            Ignition config fragment for live env
+
+            Merge the specified Ignition config into the config for the live environment.
+        --live-karg-append <arg>...
+            Live kernel argument to append
+
+            Kernel argument to append to boots of the live environment.
+        --live-karg-delete <arg>...
+            Live kernel argument to delete
+
+            Kernel argument to delete from boots of the live environment.
+        --live-karg-replace <k=o=n>...
+            Live kernel argument to replace
+
+            Kernel argument to replace for boots of the live environment, in the form
+            key=old=new.  For a default argument "a=b", specifying "--live-karg-replace a=b=c"
+            will produce the argument "a=c".
+    -f, --force
+            Overwrite existing customizations
+
+    -o, --output <path>
+            Write ISO to a new output file
+
+    -h, --help
+            Prints help information
+
+
+ARGS:
+    <ISO>
+            ISO image
+
+```
+
 # coreos-installer iso ignition embed
 
 ```
@@ -192,3 +283,19 @@ ARGS:
     <ISO>           ISO image
     <OUTPUT_ISO>    Minimal ISO output file [default: -]
 ```
+
+# coreos-installer iso reset
+
+```
+Restore a CoreOS live ISO image to default settings
+
+USAGE:
+    coreos-installer iso reset <ISO>
+
+OPTIONS:
+    -o, --output <path>    Write ISO to a new output file
+    -h, --help             Prints help information
+
+ARGS:
+    <ISO>    ISO image
+```

docs/cmd/pxe.md

@@ -9,6 +9,80 @@ nav_order: 5
 1. TOC
 {:toc}
 
+# coreos-installer pxe customize
+
+```
+Create a custom live PXE boot config
+
+USAGE:
+    coreos-installer pxe customize <path> --output <path>
+
+OPTIONS:
+        --dest-ignition <path>...
+            Ignition config fragment for dest sys
+
+            Automatically run installer and merge the specified Ignition config into the config
+            for the destination system.
+        --dest-device <path>
+            Install destination device
+
+            Automatically run installer, installing to the specified destination device.  The
+            resulting boot media will overwrite the destination device without confirmation.
+        --dest-karg-append <arg>...
+            Destination kernel argument to append
+
+            Automatically run installer, adding the specified kernel argument for every boot of
+            the destination system.
+        --dest-karg-delete <arg>...
+            Destination kernel argument to delete
+
+            Automatically run installer, deleting the specified kernel argument for every boot
+            of the destination system.
+        --network-keyfile <path>...
+            NetworkManager keyfile for live & dest
+
+            Configure networking using the specified NetworkManager keyfile. Network settings
+            will be applied in the live environment, including when Ignition is run.  If
+            installer is enabled via additional options, network settings will also be applied
+            in the destination system, including when Ignition is run.
+        --ignition-ca <path>...
+            Ignition PEM CA bundle for live & dest
+
+            Specify additional TLS certificate authorities to be trusted by Ignition, in PEM
+            format.  Authorities will be trusted by Ignition in the live environment and, if
+            installer is enabled via additional options, in the destination system.
+        --pre-install <path>...
+            Script to run before installation
+
+            If installer is run at boot, run this script before installation. If the script
+            fails, the live environment will stop at an emergency shell.
+        --post-install <path>...
+            Script to run after installation
+
+            If installer is run at boot, run this script after installation. If the script
+            fails, the live environment will stop at an emergency shell.
+        --installer-config <path>...
+            Installer config file
+
+            Automatically run coreos-installer and apply the specified installer config file.
+            Config files are applied in the order that they are specified.
+        --live-ignition <path>...
+            Ignition config fragment for live env
+
+            Merge the specified Ignition config into the config for the live environment.
+    -o, --output <path>
+            Output file
+
+    -h, --help
+            Prints help information
+
+
+ARGS:
+    <path>
+            CoreOS live initramfs image
+
+```
+
 # coreos-installer pxe ignition wrap
 
 ```

fixtures/customize/Makefile

@@ -0,0 +1,5 @@
+.PHONY: all
+all: $(patsubst %.bu,%.ign,$(wildcard *.bu))
+
+%.ign: %.bu
+	butane -p $< -o $@

fixtures/customize/cert.pem

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDzTCCArWgAwIBAgIUbBRTrhrOot7UlWeXLP2Fp1iwUdAwDQYJKoZIhvcNAQEL
+BQAwdjELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAwDgYD
+VQQHDAdSYWxlaWdoMRAwDgYDVQQKDAdSZWQgSGF0MSowKAYDVQQDDCFjb3Jlb3Mt
+aW5zdGFsbGVyIHRlc3QgY2VydGlmaWNhdGUwHhcNMjExMjE2MDIzMTM5WhcNNDkw
+NTAzMDIzMTM5WjB2MQswCQYDVQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xp
+bmExEDAOBgNVBAcMB1JhbGVpZ2gxEDAOBgNVBAoMB1JlZCBIYXQxKjAoBgNVBAMM
+IWNvcmVvcy1pbnN0YWxsZXIgdGVzdCBjZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALzSyiYtZ4RC7zvKWFvEoLcL5zbM4t5oiQGX2JCl
+VNCy887yAtVvUK44qx4v6dwa57VopmsCaqLIj7ArdwXFzt7PRnz6FRWpW9TyTvnn
+IRQJAySdUmubK7h7Y5ZUvmeA6DelUALEAuaHzHSjA7X3J4jvqtYJ/rnQy2VQ/At2
+LWyJkFjCXgVDq2tkOxG4GsGENDPtUT6/yzG4qQSN3HZBsfkAZZG36dgRO6JLbX63
+6JyRNNmTjMpTIM/Wb6QhG+Fh/nGzCMl7g/m3mILxnr6y3ayprilUjULtV6aY3A/Z
+xClFaHDlOwv6fOnzLLeLIqOZsyJkUJrosC2TUZuoA9Vd4e0CAwEAAaNTMFEwHQYD
+VR0OBBYEFBTINlRix874xSIEIawMLxgLPT0VMB8GA1UdIwQYMBaAFBTINlRix874
+xSIEIawMLxgLPT0VMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
+AGBEpaFbpbaCw2QURMd/g3PlgqvPvZgf3liRVJki9KRElJRwlO0GigqKbiliS6U+
+2/xYIctXK6t6r8qBygMtsG+ceqebWPdiQqsAnP3FYV6qiPiJbpnRWeh+qm7m9Kci
+XGoRRJjzmnJ+ta1PZgiQwx62pkYB7m/ZARUhwo9mXZypQWl8PUip2m5PKVQ7Xm4s
+c/HF0Vf19ENu3Y4W8d5I6DtcEvGHOMMUwiPNFKcDdodRdBnB337pOfbBLGq+vOKC
+iSMUXT5exQmmZ6O8dj8kfoSgrEeHlvdj78dHQUQ+q9m8DS1PV8eVe+Z0SvA0akqK
+PjPZdFfbQVyy8IqY02vopIs=
+-----END CERTIFICATE-----

fixtures/customize/dest-2.bu

@@ -0,0 +1,33 @@
+variant: fcos
+version: 1.4.0
+systemd:
+  units:
+    - name: dest-2-ignition-applied.service
+      enabled: true
+      contents: |
+        [Unit]
+        Description=Dest-2 Ignition Applied
+        Before=multi-user.target
+
+        [Service]
+        Type=oneshot
+        RemainAfterExit=true
+        ExecStart=/bin/echo @applied-dest-2-ign@
+        StandardOutput=tty
+
+        [Install]
+        RequiredBy=multi-user.target
+    - name: terminate-multi-user.service
+      enabled: true
+      contents: |
+        [Unit]
+        Description=Shut Down Dest System
+        After=multi-user.target
+
+        [Service]
+        Type=oneshot
+        RemainAfterExit=true
+        ExecStart=/usr/bin/systemctl poweroff
+
+        [Install]
+        RequiredBy=multi-user.target

fixtures/customize/dest-2.ign

@@ -0,0 +1,19 @@
+{
+  "ignition": {
+    "version": "3.3.0"
+  },
+  "systemd": {
+    "units": [
+      {
+        "contents": "[Unit]\nDescription=Dest-2 Ignition Applied\nBefore=multi-user.target\n\n[Service]\nType=oneshot\nRemainAfterExit=true\nExecStart=/bin/echo @applied-dest-2-ign@\nStandardOutput=tty\n\n[Install]\nRequiredBy=multi-user.target\n",
+        "enabled": true,
+        "name": "dest-2-ignition-applied.service"
+      },
+      {
+        "contents": "[Unit]\nDescription=Shut Down Dest System\nAfter=multi-user.target\n\n[Service]\nType=oneshot\nRemainAfterExit=true\nExecStart=/usr/bin/systemctl poweroff\n\n[Install]\nRequiredBy=multi-user.target\n",
+        "enabled": true,
+        "name": "terminate-multi-user.service"
+      }
+    ]
+  }
+}