COS-2692: Add new variants to enable pure CentOS Stream/RHEL CoreOS builds, add Containerfile for layered OKD/OCP builds

[jlebon]

Add new okd-c9s and ocp-rhel-9.4 variants

To make introducing the base RHCOS/SCOS images safer, let's create two
new variants: okd-c9s and ocp-rhel-9.4. These variants are cloned
from the existing c9s and rhel-9.4 variants to start.

The new variants will track the status quo: building SCOS/RHCOS with the
OpenShift components baked in (hence the okd/ocp prefixes). This is
what the pipeline will keep building.

Meanwhile, what is currently the c9s and rhel-9.4` variants will
become the new base SCOS/RHCOS streams containing purely CentOS
Stream/RHEL content.

The default variant is still ocp-rhel-9.4 for now.

---

Make c9s and rhel-9.4 variants be pure C9S/RHEL 9.4 content

This is the second step now in this switcheroo dance (see previous
commit). We make the c9s and rhel-9.4 variants contain only C9S/
RHEL 9.4 content and then make the okd-c9s and ocp-rhel-9.4 variants
inherit from those and add the OCP-specific stuff.

---

Containerfile: new file

This Containerfile allows us to build the OpenShift node image on top
of the base RHCOS/SCOS image (i.e. built from the c9s or rhel-9.4
image).

Currently, the resulting image is at parity with the base image you'd
get from building the okd-c9s or ocp-rhel-9.4 variant. In the
future, those variants will go away and this will become the only way to
build the node image.

Part of: #799

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[jlebon]

Test-related dependencies:

• tests/var-mount/scsi-id: simplify bootloader entry finding coreos/fedora-coreos-config#2868
• kola/tests: add openshift tag to OCP tests coreos/coreos-assembler#3741

[jlebon]

The major gap left for this is adapting the pipeline to build the layered OCP image.

[LorbusChris]

/cc @lmzuccarelli @aguidirh @sherine-k
we'll have make sure okd-coreos-pipeline is adapted accordingly

[cgwalters]

Just skimming, LGTM at a high level

[openshift-ci-robot]

@jlebon: This pull request references COS-2692 which is a valid jira issue.

Details

In response to this:

This is a first stab at #799, aimed at the c9s variant to start.

In this model, the base (container and disk) images we build in the
pipeline do not contain any OCP-specific details. The compose is made up
purely of RPMs coming out directly from the c9s pungi composes.

Let's go over details of this in bullet form:

1. To emphasize the binding to c9s composes, we change the versioning
   scheme: the version string is now exactly the same version as the
   pungi compose from which we've built (well, we do add a .N field
   because we want to be able to rebuild multiple times on top of the
   same base pungi compose). It's almost like if our builds are part of
   the c9s pungi composes directly. (And maybe one day they will be...)
   This is implemented using a versionary script that queries compose
   info.
2. We no longer include packages-openshift.yaml: this has all the OCP
   stuff that we want to do in a layered build instead.
3. We no longer completely rewrite /etc/os-release. The host is
   image-mode CentOS Stream and e.g. ID will now say centos.
   However, we do still inject VARIANT and VARIANT_ID fields to
   note that it's of the CoreOS kind. We should probably actually match
   FCOS here and properly add a CoreOS variant in the centos-release
   package.
4. Tests which have to do with the OpenShift layer now have the required
   tag openshift. This means that it'll no longer run in the default
   set of kola tests. When building the derived image, we will run just
   those tests using kola run --tag openshift --oscontainer ....

Note that to make this work, OCP itself still needs to actually have
that derived image containing the OCP bits. For now, we will build this
in the pipelines (as a separate artifact that we push to the repos) but
the eventual goal is that we'd split that out of the pipeline and have
it be more like how the rest of OCP is built (using Prow/OSBS/Konflux).

Note also we don't currently build the c9s variant in the pipelines but
this is a long time overdue IMO.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[jlebon]

/refresh

[travier]

Nit: Red Hat Enterprise Linux CoreOS 9.4

[travier]

can stay as is as I don't think that's used anywhere.

[travier]

Only have one note:

• We will have to remove all the extensions for the non OCP variants.

[travier]

So one obvious thing we notice here totally unrelated to this is that we're currently baking some NVMe-related UUID things that should probably instead be generated on first boot.

I though that this had been fixed already. This is weird but it's not due to this change so let's not hold it.

/lgtm
/hold

[travier]

Feel free to unhold when you think it's ready to go / when we've completed the 4.16 branching.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cgwalters, jlebon, travier

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [cgwalters,jlebon,travier]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[jlebon]

Thanks for the review!
/hold cancel

[travier]

I've filed #1519

[openshift-ci]

@jlebon: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.