Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add redhat 9 build and package #515

Merged
merged 5 commits into from
Jul 19, 2023
Merged

add redhat 9 build and package #515

merged 5 commits into from
Jul 19, 2023

Conversation

qrkourier
Copy link
Member

No description provided.

@qrkourier qrkourier self-assigned this Oct 13, 2022
@qrkourier qrkourier linked an issue Oct 13, 2022 that may be closed by this pull request
build and package ziti-edge-tunnel for Red Hat 9 #514
Closed
scareything
scareything previously approved these changes Oct 18, 2022
View reviewed changes
Copy link
Member

@scareything scareything left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see this is a draft... I'm not sure if that's intentional but fyi it lgtm.

.github/actions/openziti-tunnel-build-action/redhat-9/entrypoint.sh Outdated Show resolved Hide resolved
@qrkourier qrkourier force-pushed the issue-514-package-for-redhat9 branch 3 times, most recently from 21e40b6 to 90b0a63 Compare October 20, 2022 15:32
@qrkourier
Copy link
Member Author

Draft pending resolution of related issue

@qrkourier qrkourier removed their assignment Feb 2, 2023
@qrkourier qrkourier force-pushed the issue-514-package-for-redhat9 branch from 04fa443 to 055339d Compare March 28, 2023 18:53
@qrkourier qrkourier mentioned this pull request Jun 8, 2023
Open
@qrkourier qrkourier force-pushed the issue-514-package-for-redhat9 branch from 055339d to 7ca2671 Compare June 8, 2023 20:46
@qrkourier qrkourier mentioned this pull request Jun 8, 2023
Closed
@qrkourier
Copy link
Member Author

@scareything Got a good CPack run and successful test enrollment!

@qrkourier qrkourier marked this pull request as ready for review June 8, 2023 20:58
@qrkourier qrkourier requested a review from a team as a code owner June 8, 2023 20:58
@scareything
Copy link
Member

scareything commented Jun 9, 2023
edited
Loading

Nice!

fyi you can link to an issue in a PR just by typing "fixes" and then the issue number preceded by a pound sign. Actually there are lots of ways to do this. When thusly linked, the issue is automatically closed when the PR is merged.

@scareything
Copy link
Member

Can you verify that we're dynamically linking with the ssl libraries from the system?

@sabedevops
Copy link
Contributor

On RHEL9, which resolver works currently on the default OS config? Does RHEL9 enable systemd-resolved by default?

@qrkourier
Copy link
Member Author

qrkourier commented Jun 9, 2023
edited
Loading

Can you verify that we're dynamically linking with the ssl libraries from the system?

Here are the dynamic links for ziti-edge-tunnel I installed in a Rocky Linux 9 LXD container with the RPM I built with the RH9 builder container from this branch.

[root@rocky9 ~]# ldd /opt/openziti/bin/ziti-edge-tunnel
        linux-vdso.so.1 (0x00007fff83f75000)
        libz.so.1 => /lib64/libz.so.1 (0x00007f15fd370000)
        libatomic.so.1 => /lib64/libatomic.so.1 (0x00007f15fd367000)
        libm.so.6 => /lib64/libm.so.6 (0x00007f15fd28c000)
        libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f15fd278000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f15fd000000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f15fd38f000)

@scareything
Copy link
Member

Is that image used by the cpack workflow?

@qrkourier
Copy link
Member Author

On RHEL9, which resolver works currently on the default OS config? Does RHEL9 enable systemd-resolved by default?

The rocky9 LXD container and generic/rocky9 Vagrant Box for libvirt use Network Manager and are not auto-configured by the RPM.

A step is required after installing the RPM to configure Ziti DNS, e.g., running nmcli connection modify eth0 or an Ansible task:

    - name: Add two IPv4 DNS server addresses
      community.general.nmcli:
        conn_name: eth0
        type: ethernet
        dns4_ignore_auto: true
        dns4:
          - 100.64.0.2
          - 1.1.1.1
        state: present

@qrkourier
Copy link
Member Author

Is that image used by the cpack workflow?

This branch is up to date with brain main and adds a builder image Dockerfile for building the RPM on RedHat9. The ldd output I posted is showing the links for the ziti-edge-tunnel binary that was included in the RPM built on RedHat9.

@scareything
Copy link
Member

Ok. We need to figure out why the build isn’t using the system ssl and z libraries. The port overlay cmake variable should cause the builds to link wilt system libraries.

@scareything
Copy link
Member

ok, I see why the dynamic ssl libraries aren't being linked... duh... it's because we (actually I) switched the default back to mbedtls in #663 when we saw the chain verification surprises with openssl recently. Also the cmake variable that controls the crypto libs have changed, and USE_OPENSSL no longer gets it done.

so the build for rh9 lgtm.

@qrkourier qrkourier dismissed scareything’s stale review June 22, 2023 14:58

significant differences after review

@qrkourier qrkourier merged commit 83a0e73 into main Jul 19, 2023
1 check passed
@qrkourier qrkourier deleted the issue-514-package-for-redhat9 branch July 19, 2023 15:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@scareything scareything scareything approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

build and package ziti-edge-tunnel for Red Hat 9
3 participants
@qrkourier @scareything @sabedevops