Skip to content

j1mc/ansible-silverblue-oci

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

200 Commits
.github/workflows
.github/workflows
 
 
ansible-silverblue
ansible-silverblue
 
 
.gitignore
.gitignore
 
 
Containerfile
Containerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
cosign.pub
cosign.pub
 
 

Repository files navigation

Ansible Silverblue OCI

build-ansible-silverblue-oci

This repository uses ostree native container tooling + Ansible to create a customized, bootable version of Fedora Silverblue. The customizations are handled within the ansible-silverblue directory, and you're encouraged to read the README there to see exactly what this project does.

For now this project uses the Ansible version packaged by Fedora. You can view the current supported Ansible version here.

What does all this mean, exactly?

  • We start with a base Fedora Silverblue image (the specific Fedora version is set in the Containerfile and in the .github/workflows/build.yml file).
  • We customize the OS via an included set of Ansible roles.
  • We use Github Actions to build and sign a container image based on these customizations
  • Enable you to then rebase your current Silverblue installation to use these customizations.

See the README inside of the 'ansible-silverblue' directory for the specific changes.

What's important is that you can do this, too! All of the Ansible changes are configured via the group_vars/all file in the ansible portions of the project. Completely forking the project will require that you modify a few things, but I can assist if you'd like to give this a try. Feel free to leave a comment or inquiry as an 'Issue', and I'll be in touch with you.

Usage

To rebase an fresh or existing Silverblue installation to use these customizations, run this command:

sudo rpm-ostree rebase --experimental ostree-unverified-registry:ghcr.io/j1mc/ansible-silverblue-oci:latest

If you want to rebase to a particular day's release:

sudo rpm-ostree rebase  --experimental ostree-unverified-registry:ghcr.io/j1mc/ansible-silverblue-oci:20221227

The latest tag will automatically point to the latest build.

Verification

These images are signed with sisgstore's cosign. You can verify the signature by downloading the cosign.pub key from this repo and running the following command:

cosign verify --key cosign.pub ghcr.io/j1mc/ansible-silverblue-oci

Credits

This project got its start around the same time that the Universal Blue team were starting their efforts. We've taken some different approaches, and they're doing some great work. Check them out!

About

Provisioning Fedora Silverblue with Containerfile & Ansible.

Topics

ansible fedora oci ostree bootc silverblue containerfile rpmostree libostree

Resources

Readme

License

Apache-2.0 license
Activity

Stars

16 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 2

  •  
  •  

Languages