RHELAI-429: Adding upgrade informer service

Upgrade informer will run every couple of our and will be triggered by
systemd timer.
In order to start it on boot and run once i enabled it and timer.
Disabling auto upgrade service in order to remove unexpected reboots.
Service will run "bootc upgrade --check" and in case new version exists
it will create motd file with upgrade info.
Removed unused grow-part services

Author: tsorya

training/common/Makefile.common

@@ -16,6 +16,7 @@ CONTAINER_TOOL_EXTRA_ARGS ?=
 EXTRA_RPM_PACKAGES ?=
 GRAPH_ROOT=$(shell podman info --format '{{ .Store.GraphRoot }}')
 UMASK=$(shell umask)
+IMAGE_VERSION := $(or ${IMAGE_VERSION},$(shell git rev-parse --short HEAD))
 
 AUTH_JSON ?=
 
@@ -50,7 +51,7 @@ ENABLE_RT ?=
 SSH_PUBKEY ?= $(shell cat ${HOME}/.ssh/id_rsa.pub 2> /dev/null)
 
 .PHONY: prepare-files
-prepare-files: $(OUTDIR)/$(WRAPPER) $(OUTDIR)/$(QLORA_WRAPPER) $(OUTDIR)/$(TRAIN_WRAPPER) $(OUTDIR)
+prepare-files: $(OUTDIR)/$(WRAPPER) $(OUTDIR)/$(QLORA_WRAPPER) $(OUTDIR)/$(TRAIN_WRAPPER) $(OUTDIR) common-services
 
 $(OUTDIR):
 	mkdir -p $(OUTDIR)
@@ -61,6 +62,11 @@ $(OUTDIR)/$(QLORA_WRAPPER): $(OUTDIR)
 $(OUTDIR)/$(TRAIN_WRAPPER): $(OUTDIR)
 	cp -pf $(TRAIN_WRAPPER) $(OUTDIR)
 
+.PHONY: common-services
+common-services:
+	mkdir -p build; cp -pR ../common/usr build
+
+
 .PHONY: check-sshkey
 check-sshkey:
 	@test -n "$(SSH_PUBKEY)" || \

training/common/usr/lib/systemd/system/bootc-generic-growpart.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Check for available bootc updates
+ConditionPathExists=/run/ostree-booted
+After=network-online.target
+StartLimitIntervalSec=400
+StartLimitBurst=3
+
+[Service]
+Type=oneshot
+ExecStart=/usr/libexec/upgrade-informer
+Restart=on-failure
+RestartSec=90

training/common/usr/lib/systemd/system/local-fs.target.wants/bootc-generic-growpart.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=Runs upgrade informer periodically
+ConditionPathExists=/run/ostree-booted
+
+[Timer]
+OnBootSec=1h
+# This time is relatively arbitrary and obviously expected to be overridden/changed
+OnUnitInactiveSec=8h
+# When deploying a large number of systems, it may be beneficial to increase this value to help with load on the registry.
+RandomizedDelaySec=2h
+
+[Install]
+WantedBy=timers.target

training/common/usr/lib/systemd/system/upgrade-informer.service

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# Run the command and capture its output
+output=$(bootc upgrade --check | sed -e 1q)
+message_file="/etc/motd.d/upgrade-message"
+bootc_auth="/etc/ostree/auth.json"
+
+if [[ $output == Update\ available* ]]; then
+  if [[ ! -f $message_file ]]; then
+    echo "New version was found"
+    bootc_image=$(echo "$output" | awk '{print $4}')
+    # If auth file exists we should use it
+    auth_params=""
+    if [[ -f $bootc_auth ]]; then
+      auth_params="--authfile $bootc_auth"
+    fi
+
+    # Get image version
+    # shellcheck disable=SC2086
+    image_version=$(skopeo inspect --format json $auth_params "$bootc_image" | jq '.Labels | .["image_version"] // empty' | tr -d '"')
+
+    # If upgrade available, write the output to the file
+    echo -e "\n\n   **   Attention!   ** \n** A new $image_version version is available **\n\
+** In order to apply it run: bootc upgrade --apply \n\
+** Please note that the system will reboot after the upgrade ** \n\n"  > $message_file
+  fi
+else
+  echo "No upgrade was found"
+  rm $message_file 2> /dev/null
+fi
+
+echo "Finished running upgrade informer"

training/common/usr/lib/systemd/system/upgrade-informer.timer

@@ -98,6 +98,10 @@ COPY --from=builder /home/builder/yum-packaging-precompiled-kmod/RPMS/*/*.rpm /r
 COPY --from=builder --chmod=444 /home/builder/yum-packaging-precompiled-kmod/tmp/firmware/*.bin /lib/firmware/nvidia/${DRIVER_VERSION}/
 # Temporary workaround until the permanent fix for libdnf is merged
 COPY nvidia-toolkit-firstboot.service /usr/lib/systemd/system/nvidia-toolkit-firstboot.service
+# Enable common services
+COPY build/usr /usr
+
+ARG IMAGE_VERSION
 
 # TODO: rework this monstrosity into a build.sh (or even not shell script)
 # The need for the `cp /etc/dnf/dnf.conf` is a workaround for https://github.com/containers/bootc/issues/637
@@ -146,6 +150,14 @@ RUN mv /etc/selinux /etc/selinux.tmp \
     && ln -s ../cloud-init.target /usr/lib/systemd/system/default.target.wants \
     && mv /etc/selinux.tmp /etc/selinux \
     && ln -s /usr/lib/systemd/system/nvidia-toolkit-firstboot.service /usr/lib/systemd/system/basic.target.wants/nvidia-toolkit-firstboot.service \
+    # enable upgrade informer timer
+    && ln -s /usr/lib/systemd/system/upgrade-informer.timer /usr/lib/systemd/system/timers.target.wants/upgrade-informer.timer \
+    # enable upgrade informer service, added as we need it to start on boot
+    && ln -s /usr/lib/systemd/system/upgrade-informer.service /usr/lib/systemd/system/basic.target.wants/upgrade-informer.service \
+    # remove auto upgrade service
+    && rm -f /usr/lib/systemd/system/default.target.wants/bootc-fetch-apply-updates.timer \
+    # save version into file
+    && echo ${IMAGE_VERSION} > /usr/lib/ai-release \
     && echo "blacklist nouveau" > /etc/modprobe.d/blacklist_nouveau.conf
 
 ARG SSHPUBKEY

training/common/usr/libexec/bootc-generic-growpart

@@ -16,6 +16,8 @@ bootc: driver-toolkit check-sshkey prepare-files
 		$(DRIVER_TOOLKIT_IMAGE:%=--build-arg DRIVER_TOOLKIT_IMAGE=%) \
 		$(DRIVER_VERSION:%=--build-arg DRIVER_VERSION=%) \
 		$(DRIVER_VERSION:%=--label driver-version=%) \
+		$(IMAGE_VERSION:%=--label image_version=%) \
+		$(IMAGE_VERSION:%=--build-arg IMAGE_VERSION=%) \
 		$(EXTRA_RPM_PACKAGES:%=--build-arg EXTRA_RPM_PACKAGES=%) \
 		$(FROM:%=--build-arg BASEIMAGE=%) \
 		$(INSTRUCTLAB_IMAGE:%=--build-arg INSTRUCTLAB_IMAGE=%) \