# Disable debug information package creation %define debug_package %{nil} # Define the Go Import Path %global goipath github.com/flightctl/flightctl # SELinux specifics %global selinuxtype targeted %define selinux_policyver 3.14.3-67 %define agent_relabel_files() \ semanage fcontext -a -t flightctl_agent_exec_t "/usr/bin/flightctl-agent" ; \ restorecon -v /usr/bin/flightctl-agent Name: flightctl Version: latest~139~g0c9e51a6 Release: 1.20250710110010745919.pr1323.139.g0c9e51a6%{?dist} Summary: Flight Control service %gometa License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT URL: %{gourl} Source0: flightctl-latest~139~g0c9e51a6.tar.gz BuildRequires: golang BuildRequires: make BuildRequires: git BuildRequires: openssl-devel Requires: openssl # Skip description for the main package since it won't be created %description # Main package is empty and not created. # cli sub-package %package cli Summary: Flight Control CLI %description cli flightctl is the CLI for controlling the Flight Control service. # agent sub-package %package agent Summary: Flight Control management agent Requires: flightctl-selinux = %{version} %description agent The flightctl-agent package provides the management agent for the Flight Control fleet management service. # selinux sub-package %package selinux Summary: SELinux policies for the Flight Control management agent BuildRequires: selinux-policy >= %{selinux_policyver} BuildRequires: selinux-policy-devel >= %{selinux_policyver} BuildArch: noarch Requires: selinux-policy >= %{selinux_policyver} %description selinux The flightctl-selinux package provides the SELinux policy modules required by the Flight Control management agent. # services sub-package %package services Summary: Flight Control services Requires: bash Requires: podman %description services The flightctl-services package provides installation and setup of files for running containerized Flight Control services %package otel-collector Summary: OpenTelemetry Collector for FlightCtl Requires: podman Requires: systemd Requires: yq Requires(post): systemd, yq, gettext Requires(preun):systemd Requires(postun):systemd Requires: selinux-policy-targeted %description otel-collector This package provides the OpenTelemetry Collector for FlightCtl metric collection. The collector runs in a Podman container managed by systemd and can be used independently or as part of the full observability stack. %package observability Summary: Complete FlightCtl observability stack Requires: flightctl-otel-collector = %{version}-%{release} Requires: /usr/sbin/semanage Requires: /usr/sbin/restorecon Requires: podman Requires: systemd Requires(post): systemd, yq, gettext Requires(preun):systemd Requires(postun):systemd Requires: selinux-policy-targeted %description observability This package provides the complete FlightCtl Observability Stack, including Prometheus for metric storage, Grafana for visualization, and OpenTelemetry Collector for metric collection. All components run in Podman containers managed by systemd. This package automatically includes the flightctl-otel-collector package. %files otel-collector # OpenTelemetry Collector specific files /etc/otelcol/otelcol-config.yaml /opt/flightctl-observability/templates/flightctl-otel-collector.container.template # Shared rendering infrastructure for otel-collector /etc/flightctl/scripts/render-templates.sh /etc/flightctl/definitions/otel-collector.defs /usr/local/bin/flightctl-otel-collector-config-reloader.sh # Directories owned by the otel-collector RPM %dir /etc/otelcol %dir /var/lib/otelcol %dir /opt/flightctl-observability/templates %dir /etc/flightctl %dir /etc/flightctl/scripts %dir /etc/flightctl/definitions # Ghost file for generated container file %ghost /etc/containers/systemd/flightctl-otel-collector.container %files observability # Static configuration files (Prometheus and Grafana only) /etc/prometheus/prometheus.yml /etc/flightctl/scripts/render-templates.sh /etc/flightctl/definitions/observability.defs # Template source files (Prometheus, Grafana, and UserInfo Proxy) /opt/flightctl-observability/templates/grafana.ini.template /opt/flightctl-observability/templates/flightctl-grafana.container.template /opt/flightctl-observability/templates/flightctl-prometheus.container.template /opt/flightctl-observability/templates/flightctl-userinfo-proxy.container.template /etc/grafana/provisioning/datasources/prometheus.yaml /etc/grafana/provisioning/dashboards/flightctl.yaml # The files that will be generated in %post must be listed as %ghost files. %ghost /etc/grafana/grafana.ini %ghost /etc/containers/systemd/flightctl-grafana.container %ghost /etc/containers/systemd/flightctl-prometheus.container %ghost /etc/containers/systemd/flightctl-userinfo-proxy.container # New reloader scripts /usr/local/bin/flightctl-observability-config-reloader.sh /usr/local/bin/flightctl-observability-reload.sh /usr/local/bin/flightctl-reload-observability # Directories owned by the observability RPM (Prometheus and Grafana only) %dir /etc/prometheus %dir /etc/grafana %dir /etc/grafana/provisioning %dir /etc/grafana/provisioning/datasources %dir /etc/grafana/provisioning/dashboards %dir /etc/grafana/provisioning/dashboards/flightctl %dir /etc/grafana/certs %dir /var/lib/prometheus %dir /var/lib/grafana %dir /etc/flightctl %dir /etc/flightctl/scripts %dir /etc/flightctl/definitions %pre otel-collector # This script runs BEFORE the files are installed onto the system. echo "Checking FlightCtl service prerequisites for OpenTelemetry collector..." # Check if FlightCtl services from 'make deploy-quadlets' are running echo "Verifying that FlightCtl services are deployed and running..." REQUIRED_SERVICES=( "flightctl-api.service" "flightctl-worker.service" "flightctl-db.service" "flightctl-kv.service" ) MISSING_SERVICES=() for service in "${REQUIRED_SERVICES[@]}"; do if ! /usr/bin/systemctl is-active --quiet "$service"; then MISSING_SERVICES+=("$service") fi done if [ ${#MISSING_SERVICES[@]} -gt 0 ]; then echo "ERROR: FlightCtl OpenTelemetry collector requires the following services to be running:" for service in "${MISSING_SERVICES[@]}"; do echo " - $service" done echo "" echo "Please deploy the FlightCtl services first by running:" echo " make deploy-quadlets" echo "" echo "Then try installing the OpenTelemetry collector package again." exit 1 fi echo "✓ All required FlightCtl services are running. Proceeding with OpenTelemetry collector installation..." %post otel-collector # This script runs AFTER the files have been installed onto the system. echo "Running post-install actions for FlightCtl OpenTelemetry Collector..." # Create necessary directories on the host if they don't already exist. /usr/bin/mkdir -p /etc/otelcol /var/lib/otelcol /usr/bin/mkdir -p /opt/flightctl-observability/templates /usr/bin/mkdir -p /etc/flightctl /etc/flightctl/scripts /etc/flightctl/definitions # Apply persistent SELinux contexts for volumes and configuration files. /usr/sbin/semanage fcontext -a -t container_file_t "/etc/otelcol/otelcol-config.yaml" >/dev/null 2>&1 || : /usr/sbin/semanage fcontext -a -t container_file_t "/var/lib/otelcol(/.*)?" >/dev/null 2>&1 || : /usr/sbin/semanage fcontext -a -t container_file_t "/opt/flightctl-observability/templates(/.*)?" >/dev/null 2>&1 || : /usr/sbin/semanage fcontext -a -t container_file_t "/usr/local/bin/flightctl-otel-collector-config-reloader.sh" >/dev/null 2>&1 || : # Restore file contexts based on the new rules (and default rules) /usr/sbin/restorecon -RvF /etc/otelcol >/dev/null 2>&1 || : /usr/sbin/restorecon -RvF /var/lib/otelcol >/dev/null 2>&1 || : /usr/sbin/restorecon -RvF /opt/flightctl-observability/templates >/dev/null 2>&1 || : /usr/sbin/restorecon -RvF /usr/local/bin/flightctl-otel-collector-config-reloader.sh >/dev/null 2>&1 || : # Enable specific SELinux boolean if needed /usr/sbin/setsebool -P container_manage_cgroup on >/dev/null 2>&1 || : # Generate OpenTelemetry collector container file from template echo "Generating OpenTelemetry collector container configuration..." /usr/local/bin/flightctl-otel-collector-config-reloader.sh || { echo "ERROR: OpenTelemetry collector config generation failed!"; exit 1; } # Final service management echo "Reloading systemd daemon..." /usr/bin/systemctl daemon-reload echo "Starting OpenTelemetry collector service..." /usr/bin/systemctl start flightctl-otel-collector.service echo "FlightCtl OpenTelemetry Collector installed and started." %preun otel-collector echo "Running pre-uninstall actions for FlightCtl OpenTelemetry Collector..." # Stop and disable the service /usr/bin/systemctl stop flightctl-otel-collector.service >/dev/null 2>&1 || : /usr/bin/systemctl disable flightctl-otel-collector.service >/dev/null 2>&1 || : %postun otel-collector echo "Running post-uninstall actions for FlightCtl OpenTelemetry Collector..." # Clean up Podman container /usr/bin/podman rm -f flightctl-otel-collector >/dev/null 2>&1 || : # Remove SELinux fcontext rules added by this package /usr/sbin/semanage fcontext -d -t container_file_t "/etc/otelcol/otelcol-config.yaml" >/dev/null 2>&1 || : /usr/sbin/semanage fcontext -d -t container_file_t "/var/lib/otelcol(/.*)?" >/dev/null 2>&1 || : /usr/sbin/semanage fcontext -d -t container_file_t "/opt/flightctl-observability/templates(/.*)?" >/dev/null 2>&1 || : /usr/sbin/semanage fcontext -d -t container_file_t "/usr/local/bin/flightctl-otel-collector-config-reloader.sh" >/dev/null 2>&1 || : # Restore default SELinux contexts for affected directories /usr/sbin/restorecon -RvF /etc/otelcol >/dev/null 2>&1 || : /usr/sbin/restorecon -RvF /var/lib/otelcol >/dev/null 2>&1 || : /usr/sbin/restorecon -RvF /opt/flightctl-observability/templates >/dev/null 2>&1 || : /usr/sbin/restorecon -RvF /usr/local/bin/flightctl-otel-collector-config-reloader.sh >/dev/null 2>&1 || : /usr/bin/systemctl daemon-reload echo "FlightCtl OpenTelemetry Collector uninstalled." %pre observability # This script runs BEFORE the files are installed onto the system. echo "Checking FlightCtl service prerequisites for observability stack..." # Check if FlightCtl base quadlet services are running echo "Verifying that FlightCtl services are deployed and running..." REQUIRED_SERVICES=( "flightctl-api.service" "flightctl-worker.service" "flightctl-db.service" "flightctl-kv.service" ) MISSING_SERVICES=() for service in "${REQUIRED_SERVICES[@]}"; do if ! /usr/bin/systemctl is-active --quiet "$service"; then MISSING_SERVICES+=("$service") fi done if [ ${#MISSING_SERVICES[@]} -gt 0 ]; then echo "ERROR: FlightCtl observability stack requires the following services to be running:" for service in "${MISSING_SERVICES[@]}"; do echo " - $service" done echo "" echo "Please deploy the FlightCtl services first by running:" echo " make deploy-quadlets" echo "" echo "Then try installing the observability package again." exit 1 fi echo "✓ All required FlightCtl services are running. Proceeding with installation..." %post observability # This script runs AFTER the files have been installed onto the system. echo "Running post-install actions for Flightctl Observability Stack..." # Create necessary directories on the host if they don't already exist. /usr/bin/mkdir -p /etc/prometheus /var/lib/prometheus /usr/bin/mkdir -p /etc/grafana /etc/grafana/provisioning /etc/grafana/provisioning/datasources /var/lib/grafana /usr/bin/mkdir -p /etc/grafana/provisioning/dashboards /etc/grafana/provisioning/dashboards/flightctl /usr/bin/mkdir -p /etc/grafana/certs /usr/bin/mkdir -p /etc/flightctl /opt/flightctl-observability/templates /usr/bin/mkdir -p /usr/local/bin /usr/lib/systemd/system /usr/bin/mkdir -p /etc/flightctl/scripts /usr/bin/mkdir -p /etc/flightctl/definitions chown 65534:65534 /var/lib/prometheus chown 472:472 /var/lib/grafana # Apply persistent SELinux contexts for volumes and configuration files. /usr/sbin/semanage fcontext -a -t container_file_t "/etc/prometheus/prometheus.yml" >/dev/null 2>&1 || : /usr/sbin/semanage fcontext -a -t container_file_t "/var/lib/prometheus(/.*)?" >/dev/null 2>&1 || : /usr/sbin/semanage fcontext -a -t container_file_t "/etc/grafana(/.*)?" >/dev/null 2>&1 || : /usr/sbin/semanage fcontext -a -t container_file_t "/var/lib/grafana(/.*)?" >/dev/null 2>&1 || : /usr/sbin/semanage fcontext -a -t container_file_t "/etc/grafana/certs(/.*)?" >/dev/null 2>&1 || : /usr/sbin/semanage fcontext -a -t container_file_t "/opt/flightctl-observability/templates(/.*)?" >/dev/null 2>&1 || : /usr/sbin/semanage fcontext -a -t container_file_t "/usr/local/bin/flightctl-observability-config-reloader.sh" >/dev/null 2>&1 || : /usr/sbin/semanage fcontext -a -t container_file_t "/usr/local/bin/flightctl-observability-reload.sh" >/dev/null 2>&1 || : /usr/sbin/semanage fcontext -a -t container_file_t "/usr/local/bin/flightctl-reload-observability" >/dev/null 2>&1 || : # Restore file contexts based on the new rules (and default rules) /usr/sbin/restorecon -RvF /etc/prometheus >/dev/null 2>&1 || : /usr/sbin/restorecon -RvF /var/lib/prometheus >/dev/null 2>&1 || : /usr/sbin/restorecon -RvF /etc/grafana >/dev/null 2>&1 || : /usr/sbin/restorecon -RvF /var/lib/grafana >/dev/null 2>&1 || : /usr/sbin/restorecon -RvF /etc/grafana/certs >/dev/null 2>&1 || : /usr/sbin/restorecon -RvF /opt/flightctl-observability/templates >/dev/null 2>&1 || : /usr/sbin/restorecon -RvF /usr/local/bin/flightctl-observability-config-reloader.sh >/dev/null 2>&1 || : /usr/sbin/restorecon -RvF /usr/local/bin/flightctl-observability-reload.sh >/dev/null 2>&1 || : /usr/sbin/restorecon -RvF /usr/local/bin/flightctl-reload-observability >/dev/null 2>&1 || : # Enable specific SELinux boolean if needed /usr/sbin/setsebool -P container_manage_cgroup on >/dev/null 2>&1 || : # --- Process Configuration Templates (Initial Generation) --- # Call the basic config reloader script once during installation to generate initial config files. # Note: We use the basic reloader here because FlightCtl services aren't running yet during installation. echo "Generating initial configuration files using the config reloader script..." /usr/local/bin/flightctl-observability-config-reloader.sh || { echo "ERROR: Initial config generation failed!"; exit 1; } # --- Final service management --- echo "Reloading systemd daemon..." /usr/bin/systemctl daemon-reload echo "Enabling and starting core services..." /usr/bin/systemctl start flightctl-prometheus.service # Start UserInfo proxy (if configured and service exists) if systemctl list-unit-files flightctl-userinfo-proxy.service >/dev/null 2>&1; then echo "Starting UserInfo proxy service..." /usr/bin/systemctl start flightctl-userinfo-proxy.service || echo "UserInfo proxy service failed to start (check configuration)" else echo "UserInfo proxy service not configured or not found" fi # Start Grafana after initial templating (it will be restarted by reloader if config changes) /usr/bin/systemctl start flightctl-grafana.service # Enable and start the config reloader path unit. # This makes Grafana's config dynamically update on config file changes. echo "Flightctl Observability Stack services installed and started." %preun observability echo "Running pre-uninstall actions for Flightctl Observability Stack..." # Stop and disable all services in reverse order of startup /usr/bin/systemctl stop flightctl-grafana.service >/dev/null 2>&1 || : /usr/bin/systemctl disable flightctl-grafana.service >/dev/null 2>&1 || : /usr/bin/systemctl stop flightctl-userinfo-proxy.service >/dev/null 2>&1 || : /usr/bin/systemctl disable flightctl-userinfo-proxy.service >/dev/null 2>&1 || : /usr/bin/systemctl stop flightctl-prometheus.service >/dev/null 2>&1 || : /usr/bin/systemctl disable flightctl-prometheus.service >/dev/null 2>&1 || : %postun observability echo "Running post-uninstall actions for Flightctl Observability Stack..." # Clean up Podman containers associated with the services /usr/bin/podman rm -f flightctl-grafana >/dev/null 2>&1 || : /usr/bin/podman rm -f flightctl-userinfo-proxy >/dev/null 2>&1 || : /usr/bin/podman rm -f flightctl-prometheus >/dev/null 2>&1 || : # Remove SELinux fcontext rules added by this package /usr/sbin/semanage fcontext -d -t container_file_t "/etc/grafana(/.*)?" >/dev/null 2>&1 || : /usr/sbin/semanage fcontext -d -t container_file_t "/var/lib/grafana(/.*)?" >/dev/null 2>&1 || : /usr/sbin/semanage fcontext -d -t container_file_t "/etc/grafana/certs(/.*)?" >/dev/null 2>&1 || : /usr/sbin/semanage fcontext -d -t container_file_t "/etc/prometheus/prometheus.yml" >/dev/null 2>&1 || : /usr/sbin/semanage fcontext -d -t container_file_t "/var/lib/prometheus(/.*)?" >/dev/null 2>&1 || : /usr/sbin/semanage fcontext -d -t container_file_t "/opt/flightctl-observability/templates(/.*)?" >/dev/null 2>&1 || : /usr/sbin/semanage fcontext -d -t container_file_t "/usr/local/bin/flightctl-observability-config-reloader.sh" >/dev/null 2>&1 || : /usr/sbin/semanage fcontext -d -t container_file_t "/usr/local/bin/flightctl-observability-reload.sh" >/dev/null 2>&1 || : /usr/sbin/semanage fcontext -d -t container_file_t "/usr/local/bin/flightctl-reload-observability" >/dev/null 2>&1 || : # Restore default SELinux contexts for affected directories /usr/sbin/restorecon -RvF /etc/grafana >/dev/null 2>&1 || : /usr/sbin/restorecon -RvF /var/lib/grafana >/dev/null 2>&1 || : /usr/sbin/restorecon -RvF /etc/grafana/certs >/dev/null 2>&1 || : /usr/sbin/restorecon -RvF /etc/prometheus >/dev/null 2>&1 || : /usr/sbin/restorecon -RvF /var/lib/prometheus >/dev/null 2>&1 || : /usr/sbin/restorecon -RvF /opt/flightctl-observability/templates >/dev/null 2>&1 || : /usr/sbin/restorecon -RvF /usr/local/bin/flightctl-observability-config-reloader.sh >/dev/null 2>&1 || : /usr/sbin/restorecon -RvF /usr/local/bin/flightctl-observability-reload.sh >/dev/null 2>&1 || : /usr/sbin/restorecon -RvF /usr/local/bin/flightctl-reload-observability >/dev/null 2>&1 || : /usr/bin/systemctl daemon-reload echo "Flightctl Observability Stack uninstalled." %prep %goprep -A %setup -q %{forgesetupargs} -n flightctl-latest~139~g0c9e51a6 %build # if this is a buggy version of go we need to set GOPROXY as workaround # see https://github.com/golang/go/issues/61928 GOENVFILE=$(go env GOROOT)/go.env if [[ ! -f "${GOENVFILE}" ]]; then export GOPROXY='https://proxy.golang.org,direct' fi SOURCE_GIT_TAG=$(echo %{version} | tr '~' '-') \ SOURCE_GIT_TREE_STATE=clean \ SOURCE_GIT_COMMIT=$(echo %{version} | awk -F'[-~]g' '{print $2}') \ SOURCE_GIT_TAG_NO_V=%{version} \ make build-cli build-agent # SELinux modules build make --directory packaging/selinux %install mkdir -p %{buildroot}/usr/bin mkdir -p %{buildroot}/etc/flightctl cp bin/flightctl %{buildroot}/usr/bin mkdir -p %{buildroot}/usr/lib/systemd/system mkdir -p %{buildroot}/%{_sharedstatedir}/flightctl mkdir -p %{buildroot}/usr/lib/flightctl/custom-info.d mkdir -p %{buildroot}/usr/lib/flightctl/hooks.d/{afterupdating,beforeupdating,afterrebooting,beforerebooting} mkdir -p %{buildroot}/usr/lib/greenboot/check/required.d install -m 0755 packaging/greenboot/flightctl-agent-running-check.sh %{buildroot}/usr/lib/greenboot/check/required.d/20_check_flightctl_agent.sh cp bin/flightctl-agent %{buildroot}/usr/bin cp packaging/must-gather/flightctl-must-gather %{buildroot}/usr/bin cp packaging/hooks.d/afterupdating/00-default.yaml %{buildroot}/usr/lib/flightctl/hooks.d/afterupdating cp packaging/systemd/flightctl-agent.service %{buildroot}/usr/lib/systemd/system bin/flightctl completion bash > flightctl-completion.bash install -Dpm 0644 flightctl-completion.bash -t %{buildroot}/%{_datadir}/bash-completion/completions bin/flightctl completion fish > flightctl-completion.fish install -Dpm 0644 flightctl-completion.fish -t %{buildroot}/%{_datadir}/fish/vendor_completions.d/ bin/flightctl completion zsh > _flightctl-completion install -Dpm 0644 _flightctl-completion -t %{buildroot}/%{_datadir}/zsh/site-functions/ install -d %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype} install -m644 packaging/selinux/*.bz2 %{buildroot}%{_datadir}/selinux/packages/%{selinuxtype} rm -f licenses.list find . -type f -name LICENSE -or -name License | while read LICENSE_FILE; do echo "%{_datadir}/licenses/%{NAME}/${LICENSE_FILE}" >> licenses.list done mkdir -vp "%{buildroot}%{_datadir}/licenses/%{NAME}" cp LICENSE "%{buildroot}%{_datadir}/licenses/%{NAME}" mkdir -vp "%{buildroot}%{_docdir}/%{NAME}" for DOC in docs examples .markdownlint-cli2.yaml README.md; do cp -vr "${DOC}" "%{buildroot}%{_docdir}/%{NAME}/${DOC}" done # flightctl-services sub-package steps # Run the install script to move the quadlet files. # # The IMAGE_TAG is derived from the RPM version, which may include tildes (~) # for proper version sorting (e.g., 0.5.1~rc1-1). However, the tagged images # always use hyphens (-) instead of tildes (~). To ensure valid image tags we need # to transform the version string by replacing tildes with hyphens. CONFIG_READONLY_DIR="%{buildroot}%{_datadir}/flightctl" \ CONFIG_WRITEABLE_DIR="%{buildroot}%{_sysconfdir}/flightctl" \ QUADLET_FILES_OUTPUT_DIR="%{buildroot}%{_datadir}/containers/systemd" \ SYSTEMD_UNIT_OUTPUT_DIR="%{buildroot}/usr/lib/systemd/system" \ IMAGE_TAG=$(echo %{version} | tr '~' '-') \ deploy/scripts/install.sh # Copy sos report flightctl plugin mkdir -p %{buildroot}/usr/share/sosreport cp packaging/sosreport/sos/report/plugins/flightctl.py %{buildroot}/usr/share/sosreport # install observability # Create target directories within the build root (where files are staged for RPM) mkdir -p %{buildroot}/etc/flightctl/scripts mkdir -p %{buildroot}/etc/flightctl/definitions mkdir -p %{buildroot}/etc/containers/systemd mkdir -p %{buildroot}/etc/prometheus mkdir -p %{buildroot}/etc/otelcol mkdir -p %{buildroot}/etc/grafana/provisioning/datasources mkdir -p %{buildroot}/etc/grafana/provisioning/dashboards/flightctl mkdir -p %{buildroot}/etc/grafana/certs mkdir -p %{buildroot}/var/lib/prometheus mkdir -p %{buildroot}/var/lib/grafana # For Grafana's data mkdir -p %{buildroot}/var/lib/otelcol mkdir -p %{buildroot}/opt/flightctl-observability/templates # Staging for template files processed in %post mkdir -p %{buildroot}/usr/local/bin # For the reloader script mkdir -p %{buildroot}/usr/lib/systemd/system # For systemd units # Copy static configuration files (those not templated) install -m 0644 packaging/observability/prometheus.yml %{buildroot}/etc/prometheus/ install -m 0644 packaging/observability/otelcol-config.yaml %{buildroot}/etc/otelcol/ # Copy template source files to a temporary staging area for processing in %post install -m 0644 packaging/observability/grafana.ini.template %{buildroot}/opt/flightctl-observability/templates/ install -m 0644 packaging/observability/flightctl-grafana.container.template %{buildroot}/opt/flightctl-observability/templates/ install -m 0644 packaging/observability/flightctl-prometheus.container.template %{buildroot}/opt/flightctl-observability/templates/ install -m 0644 packaging/observability/flightctl-otel-collector.container.template %{buildroot}/opt/flightctl-observability/templates/ install -m 0644 packaging/observability/flightctl-userinfo-proxy.container.template %{buildroot}/opt/flightctl-observability/templates/ # Copy non-templated Grafana datasource provisioning file install -m 0644 packaging/observability/grafana-datasources.yaml %{buildroot}/etc/grafana/provisioning/datasources/prometheus.yaml install -m 0644 packaging/observability/grafana-dashboards.yaml %{buildroot}/etc/grafana/provisioning/dashboards/flightctl.yaml # Copy the reloader script and its systemd units install -m 0755 packaging/observability/render-templates.sh %{buildroot}/etc/flightctl/scripts install -m 0755 packaging/observability/flightctl-observability-config-reloader.sh %{buildroot}/usr/local/bin/ install -m 0755 packaging/observability/flightctl-observability-reload.sh %{buildroot}/usr/local/bin/ install -m 0755 packaging/observability/flightctl-reload-observability %{buildroot}/usr/local/bin/ install -m 0755 packaging/observability/flightctl-otel-collector-config-reloader.sh %{buildroot}/usr/local/bin/ install -m 0644 packaging/observability/observability.defs %{buildroot}/etc/flightctl/definitions/ install -m 0644 packaging/observability/otel-collector.defs %{buildroot}/etc/flightctl/definitions/ %check %{buildroot}%{_bindir}/flightctl-agent version %pre selinux %selinux_relabel_pre -s %{selinuxtype} %post selinux %selinux_modules_install -s %{selinuxtype} %{_datadir}/selinux/packages/%{selinuxtype}/flightctl_agent.pp.bz2 %agent_relabel_files %postun selinux if [ $1 -eq 0 ]; then %selinux_modules_uninstall -s %{selinuxtype} flightctl_agent fi %posttrans selinux %selinux_relabel_post -s %{selinuxtype} # File listings # No %files section for the main package, so it won't be built %files cli -f licenses.list %{_bindir}/flightctl %license LICENSE %{_datadir}/bash-completion/completions/flightctl-completion.bash %{_datadir}/fish/vendor_completions.d/flightctl-completion.fish %{_datadir}/zsh/site-functions/_flightctl-completion %files agent -f licenses.list %license LICENSE %dir /etc/flightctl %{_bindir}/flightctl-agent %{_bindir}/flightctl-must-gather /usr/lib/flightctl/hooks.d/afterupdating/00-default.yaml /usr/lib/systemd/system/flightctl-agent.service %{_sharedstatedir}/flightctl /usr/lib/greenboot/check/required.d/20_check_flightctl_agent.sh %{_docdir}/%{NAME}/* %{_docdir}/%{NAME}/.markdownlint-cli2.yaml /usr/share/sosreport/flightctl.py %post agent INSTALL_DIR="/usr/lib/python$(python3 --version | sed 's/^.* \(3[.][0-9]*\).*$/\1/')/site-packages/sos/report/plugins" mkdir -p $INSTALL_DIR cp /usr/share/sosreport/flightctl.py $INSTALL_DIR chmod 0644 $INSTALL_DIR/flightctl.py rm -rf /usr/share/sosreport %files selinux %{_datadir}/selinux/packages/%{selinuxtype}/flightctl_agent.pp.bz2 %files services %defattr(0644,root,root,-) # Files mounted to system config %dir %{_sysconfdir}/flightctl %dir %{_sysconfdir}/flightctl/pki %dir %{_sysconfdir}/flightctl/flightctl-api %dir %{_sysconfdir}/flightctl/flightctl-ui %dir %{_sysconfdir}/flightctl/flightctl-cli-artifacts %dir %{_sysconfdir}/flightctl/flightctl-alertmanager-proxy %config(noreplace) %{_sysconfdir}/flightctl/service-config.yaml # Files mounted to data dir %dir %attr(0444,root,root) %{_datadir}/flightctl %dir %attr(0444,root,root) %{_datadir}/flightctl/flightctl-api %dir %attr(0444,root,root) %{_datadir}/flightctl/flightctl-alert-exporter %dir %attr(0444,root,root) %{_datadir}/flightctl/flightctl-db %dir %attr(0444,root,root) %{_datadir}/flightctl/flightctl-kv %dir %attr(0444,root,root) %{_datadir}/flightctl/flightctl-ui %dir %attr(0444,root,root) %{_datadir}/flightctl/flightctl-cli-artifacts %{_datadir}/flightctl/flightctl-api/config.yaml.template %{_datadir}/flightctl/flightctl-api/env.template %attr(0755,root,root) %{_datadir}/flightctl/flightctl-api/init.sh %attr(0755,root,root) %{_datadir}/flightctl/flightctl-api/create_aap_application.sh %{_datadir}/flightctl/flightctl-alert-exporter/config.yaml %attr(0755,root,root) %{_datadir}/flightctl/flightctl-db/enable-superuser.sh %{_datadir}/flightctl/flightctl-kv/redis.conf %{_datadir}/flightctl/flightctl-ui/env.template %attr(0755,root,root) %{_datadir}/flightctl/flightctl-ui/init.sh %attr(0755,root,root) %{_datadir}/flightctl/init_utils.sh %{_datadir}/flightctl/flightctl-cli-artifacts/env.template %{_datadir}/flightctl/flightctl-cli-artifacts/nginx.conf %attr(0755,root,root) %{_datadir}/flightctl/flightctl-cli-artifacts/init.sh %{_datadir}/containers/systemd/flightctl* %{_datadir}/flightctl/flightctl-alertmanager/alertmanager.yml %{_datadir}/flightctl/flightctl-alertmanager-proxy/env.template %attr(0755,root,root) %{_datadir}/flightctl/flightctl-alertmanager-proxy/init.sh # Handle permissions for scripts setting host config %attr(0755,root,root) %{_datadir}/flightctl/init_host.sh %attr(0755,root,root) %{_datadir}/flightctl/secrets.sh # Files mounted to lib dir /usr/lib/systemd/system/flightctl.target %changelog * Thu Jul 10 2025 Packit - latest~139~g0c9e51a6-1.20250710110010745919.pr1323.139.g0c9e51a6 - EDM-1675: Create observability backend stanalone quadlets (Ori Amizur) - NO-ISSUE: stop building centos9, rhel, fedora-eln (#1354) (Gregory Shilin) - EDM-1816: Address config mismatches for alert-exporter and alertmanager-proxy quadlet services (Dakota Crowder) - EDM-1811: Fix server certificate name mismatch for api in quadlets deployment (Dakota Crowder) - EDM-1809: making sure infinite key exists (Asaf Ben Natan) - EDM-1809: using WaitForBootstrapAndUpdateToVersion to set image version (Asaf Ben Natan) - EDM-465: handling no such file or directory error while running devicesimulator (noga-magen) - EDM-1810: introduce centralized signer mechanism with dedicated signer types (#1322) (Assaf Albo) - NO-ISSUE: add claude.yaml workflow (Asaf Ben Natan) - EDM-1760: Emit events for invalid device specs (Avishay Traeger) - NO-ISSUE: Emit InternalTaskFailed events for all tasks (Avishay Traeger) - NO-ISSUE: Remove DeviceOwnershipChanged event reason (Avishay Traeger) - NO-ISSUE: Emit MultipleOwners events to service layer (Avishay Traeger) - NO-ISSUE: Optionally deploy Jaeger with helm (Avishay Traeger) - EDM-1792: agent: implement prefetch manager (Sam Batschelet) - EDM-1792: pkg/poll: remove timeout (Sam Batschelet) - EDM-1792: agent: add prefetch manager (Sam Batschelet) - NO-ISSUE: add resources cleaning after cli tests (sserafin) - EDM-1809: fixed infinite.sh (Asaf Ben Natan) - EDM-1793: Ensure event names conform to k8s standards (Avishay Traeger) - EDM-1809: small text fixes (Asaf Ben Natan) - NO-ISSUE: Optimize DeviceDisconnected task (Avishay Traeger) - EDM-1809: fixed linting error (Asaf Ben Natan) - EDM-1813: Publish containers for new microservices (Avishay Traeger) - EDM-1809: added more 'By' blocks (Asaf Ben Natan) - EDM-1809: e2e for testing system-info-timeout (Asaf Ben Natan) - EDM-1809: e2e for testing system-info-timeout (Asaf Ben Natan) - EDM-1747: Fix policy syncing (#1336) (kkyrazis) - EDM-1205: Podman monitor runs only if necessary (#1299) (kkyrazis) - EDM-1204: Support for printing unlimited number of resources in table mode by fetching in batches (#1319) (Ilya) - EDM-1533: Clarify event output headers in CLI (Avishay Traeger) - NO-ISSUE: fix and remove redundant part in resourcesync (noga-magen) - NO-ISSUE: Add context flag in periodic server to indicate that it represents internal call. (Ori Amizur) - EDM-1656: Add user and arch documentation for alerts (Avishay Traeger) - EDM-1704: Add alertmanager proxy service (Avishay Traeger) - EDM-1703: alert-exporter integration tests (Avishay Traeger) - EDM-1653: Deploy alert-exporter and alertmanager via Quadlets and Helm (Avishay Traeger) - EDM-1652: Add flightctl-alert-exporter microservice (Avishay Traeger) - NO-ISSUE: Create gin index for device service conditions (Avishay Traeger) - NO-ISSUE: Standardize event messages (Avishay Traeger) - EDM-1271: refactor fleet selector task and remove overlapping selectors (Avishay Traeger) - EDM-1567: Prevent multiple resourceSyncs to fleets with identical names (noga-magen) - EDM-1807: Enable OIDC option for quadlets deployment (rawagner) - NO-ISSUE: Add 'ev' alias for Events in CLI commands (Celia Amador) - EDM-1800: agent: implement new poll backoff for podman and queue (Sam Batschelet) - EDM-1800: agent: implement new poll backoff for podman and queue (Sam Batschelet) - EDM-1800: pkg: add poll backoff functionality (Sam Batschelet) - EDM-1179: Prevent ER application when device exists (noga-magen) - EDM-1445: Private GIT repo doesn’t allow authentication with a token (Ori Amizur) - EDM-1553: The owner is not set in a fleet added by a resource sync (Ori Amizur) - NO-ISSUE: Add link to demo in README (Avishay Traeger) - EDM-342: Implement Helm post-delete cleanup job (Avishay Traeger) - EDM-1659: Minimize the e2e test set executed under the sanity label (sserafin) - EDM-1762: ensure pullspec auth if passed via config (Sam Batschelet) - EDM-1783: Keep rpms on github, because corp removes them after 14 days (#1308) (Gregory Shilin) - EDM-1783: Keep rpms on github, because corp removes them after 14 days (#1306) (Gregory Shilin) - NO-ISSUE: Clean up tasks after bulk delete removal (Avishay Traeger) - EDM-1271: Add comments documenting idempotency of tasks (Avishay Traeger) - EDM-1271: Make fleet_validate task idempotent (Avishay Traeger) - EDM-1659: improve e2e duration part 1 (sserafin) - EDM-1204: pre-implementation preparation: reorganize display code for better modularity (#1304) (Ilya) - EDM-1681 and EDM-1682: Add Validation and Allow for templated for systemd services (#1261) (Siddarth Royapally) - EDM-1746: optimize spec comparison (Avishay Traeger) - EDM-1775: fixing CI failure (Eldar Weiss) - EDM-1512: [QE] Automation of Reorganize console Api (#1281) (Ilya) - NO-ISSUE: Clean up OpenAPI specs (Avishay Traeger) - EDM-1481: Emit all business-critical events from service layer -- enrollments (#1288) (Gregory Shilin) - EDM-1776: agent/console: fix bubblewrap config (Sam Batschelet) - EDM-1743: docs/dev: add bubblewrap as a dependency (Sam Batschelet) - EDM-1743: agent/console: add bubblewrap based sandbox for console sessions (Sam Batschelet) - NO-ISSUE: stop rollout in case a device has multiple owners (Gregory Shilin) - EDM-1774: Bind kv to IPv6 too (rawagner) * Sun Jul 6 2025 Ori Amizur - 0.9.0-1 - Add support for Flight Control standalone observability stack * Tue Apr 15 2025 Dakota Crowder - 0.6.0-4 - Add ability to create an AAP Oauth Application within flightctl-services sub-package * Fri Apr 11 2025 Dakota Crowder - 0.6.0-3 - Add versioning to container images within flightctl-services sub-package * Thu Apr 3 2025 Ori Amizur - 0.6.0-2 - Add sos report plugin support * Mon Mar 31 2025 Dakota Crowder - 0.6.0-1 - Add services sub-package for installation of containerized flightctl services * Fri Feb 7 2025 Miguel Angel Ajo - 0.4.0-1 - Add selinux support for console pty access * Mon Nov 4 2024 Miguel Angel Ajo - 0.3.0-1 - Move the Release field to -1 so we avoid auto generating packages with -5 all the time. * Wed Aug 21 2024 Sam Batschelet - 0.0.1-5 - Add must-gather script to provide a simple mechanism to collect agent debug * Wed Aug 7 2024 Sam Batschelet - 0.0.1-4 - Add basic greenboot support for failed flightctl-agent service * Wed Mar 13 2024 Ricardo Noriega - 0.0.1-3 - New specfile for both CLI and agent packages