diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 49e72f3..2f5e498 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -1355,322 +1355,3 @@ jobs: - name: Image Digest ๐Ÿ”– run: echo ${{ steps.image_build.outputs.digest }} - -## CENTOS ## - - ####################### - # ploigos-base_centos # - ####################### - ploigos-base_centos: - needs: - - cancel-previous - - runs-on: ubuntu-latest - - env: - IMAGE_CONTEXT: ./ploigos-base - IMAGE_FILE: Containerfile.centos - IMAGE_NAME: ploigos-base - IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-base:latest.centos - IMAGE_TAG_FLAVOR: .centos - IMAGE_IS_DEFAULT_FLAVOR: false - - services: - registry: - image: registry:2 - ports: - - 5000:5000 - - steps: - - name: Checkout ๐Ÿ›Ž๏ธ - uses: actions/checkout@v2 - - - name: Determine Image Version and Tags โš™๏ธ - id: prep - run: ${GITHUB_WORKSPACE}/.github/scripts/determine-image-version.sh - - - name: Version ๐Ÿ“Œ - run: echo ${{ steps.prep.outputs.version }} - - - name: Image Tags ๐Ÿท - run: echo ${{ steps.prep.outputs.tags }} - - - name: Set up QEMU ๐Ÿงฐ - uses: docker/setup-qemu-action@v1.0.1 - - - name: Set up Docker Buildx ๐Ÿงฐ - uses: docker/setup-buildx-action@v1.0.4 - with: - driver-opts: network=host - - - name: Cache Docker layers ๐Ÿ—ƒ - uses: actions/cache@v2.1.3 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx- - - - name: Build Image ๐Ÿ›  - id: image_build - uses: docker/build-push-action@v2.2.1 - env: - IMAGE_BUILD_ARGS: - with: - context: ${{ env.IMAGE_CONTEXT }} - file: ${{ env.IMAGE_CONTEXT }}/${{ env.IMAGE_FILE }} - build-args: ${{ env.IMAGE_BUILD_ARGS }} - push: true - tags: ${{ env.IMAGE_TAG_LOCAL }} - labels: | - org.opencontainers.image.created=${{ steps.prep.outputs.created }} - org.opencontainers.image.source=${{ github.repositoryUrl }} - org.opencontainers.image.version=${{ steps.prep.outputs.version }} - org.opencontainers.image.revision=${{ github.sha }} - org.opencontainers.image.licenses=${{ github.event.repository.license.name }} - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache - - - name: Test Image ๐Ÿงช - run: | - echo "Test python3 installed" - docker run ${{ env.IMAGE_TAG_LOCAL }} python3 --version - echo "Test pip3 installed" - docker run ${{ env.IMAGE_TAG_LOCAL }} pip3 --version - echo "Test ploigos-step-runner is installed" - docker run ${{ env.IMAGE_TAG_LOCAL }} pip show ploigos-step-runner - echo "Test psr CLI works" - docker run ${{ env.IMAGE_TAG_LOCAL }} psr --help - echo "Test oc installed" - docker run ${{ env.IMAGE_TAG_LOCAL }} oc version - echo "Test git installed" - docker run ${{ env.IMAGE_TAG_LOCAL }} git version - echo "Test yq installed" - docker run ${{ env.IMAGE_TAG_LOCAL }} yq --version - - - name: Login to External Registry ๐Ÿ”‘ - uses: docker/login-action@v1 - with: - registry: ${{ secrets.REGISTRY_URI }} - username: ${{ secrets.REGISTRY_USERNAME }} - password: ${{ secrets.REGISTRY_PASSWORD }} - - - name: Push to External Registry ๐Ÿ”บ - id: push - run: | - docker pull ${{ env.IMAGE_TAG_LOCAL }} - - TAGS=${{ steps.prep.outputs.tags }} - for TAG in ${TAGS//,/ }; do - docker tag ${{ env.IMAGE_TAG_LOCAL }} ${TAG} - docker push ${TAG} - done - - - name: Image Digest ๐Ÿ”– - run: echo ${{ steps.image_build.outputs.digest }} - - ################################## - # ploigos-tool-containers_centos # - ################################## - ploigos-tool-containers_centos: - needs: - - ploigos-base_centos - - runs-on: ubuntu-latest - - env: - IMAGE_CONTEXT: ./ploigos-tool-containers - IMAGE_FILE: Containerfile.centos - IMAGE_NAME: ploigos-tool-containers - IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-tool-containers:latest.centos - IMAGE_TAG_FLAVOR: .centos - IMAGE_IS_DEFAULT_FLAVOR: false - BASE_IMAGE_NAME: ploigos-base - - services: - registry: - image: registry:2 - ports: - - 5000:5000 - - steps: - - name: Checkout ๐Ÿ›Ž๏ธ - uses: actions/checkout@v2 - - - name: Determine Image Version and Tags โš™๏ธ - id: prep - run: ${GITHUB_WORKSPACE}/.github/scripts/determine-image-version.sh - - - name: Version ๐Ÿ“Œ - run: echo ${{ steps.prep.outputs.version }} - - - name: Image Tags ๐Ÿท - run: echo ${{ steps.prep.outputs.tags }} - - - name: Set up QEMU ๐Ÿงฐ - uses: docker/setup-qemu-action@v1.0.1 - - - name: Set up Docker Buildx ๐Ÿงฐ - uses: docker/setup-buildx-action@v1.0.4 - with: - driver-opts: network=host - - - name: Cache Docker layers ๐Ÿ—ƒ - uses: actions/cache@v2.1.3 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx- - - - name: Build Image ๐Ÿ›  - id: image_build - uses: docker/build-push-action@v2.2.1 - env: - IMAGE_BUILD_ARGS: BASE_IMAGE=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.BASE_IMAGE_NAME }}:${{ steps.prep.outputs.version }} - with: - context: ${{ env.IMAGE_CONTEXT }} - file: ${{ env.IMAGE_CONTEXT }}/${{ env.IMAGE_FILE }} - build-args: ${{ env.IMAGE_BUILD_ARGS }} - push: true - tags: ${{ env.IMAGE_TAG_LOCAL }} - labels: | - org.opencontainers.image.created=${{ steps.prep.outputs.created }} - org.opencontainers.image.source=${{ github.repositoryUrl }} - org.opencontainers.image.version=${{ steps.prep.outputs.version }} - org.opencontainers.image.revision=${{ github.sha }} - org.opencontainers.image.licenses=${{ github.event.repository.license.name }} - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache - - - name: Test Image ๐Ÿงช - run: | - echo "test skopeo" - docker run -u 1001 ${{ env.IMAGE_TAG_LOCAL }} skopeo --version - - echo "test podman" - docker run -u 1001 ${{ env.IMAGE_TAG_LOCAL }} podman --version - - echo "test buildah" - docker run -u 1001 ${{ env.IMAGE_TAG_LOCAL }} buildah --version - - - name: Login to External Registry ๐Ÿ”‘ - uses: docker/login-action@v1 - with: - registry: ${{ secrets.REGISTRY_URI }} - username: ${{ secrets.REGISTRY_USERNAME }} - password: ${{ secrets.REGISTRY_PASSWORD }} - - - name: Push to External Registry ๐Ÿ”บ - id: push - run: | - docker pull ${{ env.IMAGE_TAG_LOCAL }} - - TAGS=${{ steps.prep.outputs.tags }} - for TAG in ${TAGS//,/ }; do - docker tag ${{ env.IMAGE_TAG_LOCAL }} ${TAG} - docker push ${TAG} - done - - - name: Image Digest ๐Ÿ”– - run: echo ${{ steps.image_build.outputs.digest }} - - ################################ - # ploigos-tool-openscap_centos # - ################################ - ploigos-tool-openscap_centos: - needs: - - ploigos-tool-containers_centos - - runs-on: ubuntu-latest - - env: - IMAGE_CONTEXT: ./ploigos-tool-openscap - IMAGE_FILE: Containerfile.centos - IMAGE_NAME: ploigos-tool-openscap - IMAGE_TAG_LOCAL: localhost:5000/${{ secrets.REGISTRY_REPOSITORY }}/ploigos-tool-openscap:latest.centos - IMAGE_TAG_FLAVOR: .centos - IMAGE_IS_DEFAULT_FLAVOR: false - BASE_IMAGE_NAME: ploigos-tool-containers - - services: - registry: - image: registry:2 - ports: - - 5000:5000 - - steps: - - name: Checkout ๐Ÿ›Ž๏ธ - uses: actions/checkout@v2 - - - name: Determine Image Version and Tags โš™๏ธ - id: prep - run: ${GITHUB_WORKSPACE}/.github/scripts/determine-image-version.sh - - - name: Version ๐Ÿ“Œ - run: echo ${{ steps.prep.outputs.version }} - - - name: Image Tags ๐Ÿท - run: echo ${{ steps.prep.outputs.tags }} - - - name: Set up QEMU ๐Ÿงฐ - uses: docker/setup-qemu-action@v1.0.1 - - - name: Set up Docker Buildx ๐Ÿงฐ - uses: docker/setup-buildx-action@v1.0.4 - with: - driver-opts: network=host - - - name: Cache Docker layers ๐Ÿ—ƒ - uses: actions/cache@v2.1.3 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx- - - - name: Build Image ๐Ÿ›  - id: image_build - uses: docker/build-push-action@v2.2.1 - env: - IMAGE_BUILD_ARGS: BASE_IMAGE=${{ secrets.REGISTRY_URI }}/${{ secrets.REGISTRY_REPOSITORY }}/${{ env.BASE_IMAGE_NAME }}:${{ steps.prep.outputs.version }} - with: - context: ${{ env.IMAGE_CONTEXT }} - file: ${{ env.IMAGE_CONTEXT }}/${{ env.IMAGE_FILE }} - build-args: ${{ env.IMAGE_BUILD_ARGS }} - push: true - tags: ${{ env.IMAGE_TAG_LOCAL }} - labels: | - org.opencontainers.image.created=${{ steps.prep.outputs.created }} - org.opencontainers.image.source=${{ github.repositoryUrl }} - org.opencontainers.image.version=${{ steps.prep.outputs.version }} - org.opencontainers.image.revision=${{ github.sha }} - org.opencontainers.image.licenses=${{ github.event.repository.license.name }} - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache - - - name: Test Image ๐Ÿงช - run: | - echo "test oscap" - docker run -u 1001 ${{ env.IMAGE_TAG_LOCAL }} oscap --version - - - name: Login to External Registry ๐Ÿ”‘ - uses: docker/login-action@v1 - with: - registry: ${{ secrets.REGISTRY_URI }} - username: ${{ secrets.REGISTRY_USERNAME }} - password: ${{ secrets.REGISTRY_PASSWORD }} - - - name: Push to External Registry ๐Ÿ”บ - id: push - run: | - docker pull ${{ env.IMAGE_TAG_LOCAL }} - - TAGS=${{ steps.prep.outputs.tags }} - for TAG in ${TAGS//,/ }; do - docker tag ${{ env.IMAGE_TAG_LOCAL }} ${TAG} - docker push ${TAG} - done - - - name: Image Digest ๐Ÿ”– - run: echo ${{ steps.image_build.outputs.digest }} diff --git a/README.md b/README.md index afc9a2d..7f9a7fb 100644 --- a/README.md +++ b/README.md @@ -77,7 +77,6 @@ to kick off which will build, test, publish the images (that can) to [quay.io/pl * ploigos-base * ubi8 - * centos * ploigos-base-java-8 * ubi8 * ploigos-ci-agent-jenkins @@ -92,13 +91,12 @@ to kick off which will build, test, publish the images (that can) to [quay.io/pl * ubi8 * ploigos-tool-containers * ubi8 - * centos * ploigos-tool-helm * ubi8 * ploigos-tool-maven * ubi8 * ploigos-tool-openscap - * centos + * ubi8 * ploigos-tool-reokor * ubi8 * ploigos-tool-sonar @@ -107,12 +105,7 @@ to kick off which will build, test, publish the images (that can) to [quay.io/pl ## Build -The following commands can be used for building these images locally - -### With Red Hat Subscription -The `openscap-scanner` RPM for RHEL is currently only available to those with a Red Hat -subscription, so to build the `ploigos-tools-openscap` image on ubi8 these commands must be run -from a RHEL 8 system with valid Red Hat subscriptions. +The following commands can be used for building these images locally. ``` podman build --tag ploigos-base ploigos-base @@ -130,29 +123,6 @@ podman build --tag ploigos-tool-rekor --build-arg BASE_IMAGE=ploigos-base podman build --tag ploigos-tool-sonar --build-arg BASE_IMAGE=ploigos-base ploigos-tool-sonar ``` -### No Red Hat Subscription -The `openscap-scanner` RPM for RHEL is currently only available to those with a Red Hat -subscription, so to build the `ploigos-tools-openscap` image without a Red Hat subscription -centos must be used rather then ubi8 for the base image. - -``` -podman build --tag ploigos-base ploigos-base -podman build --tag ploigos-base-java-8 --build-arg BASE_IMAGE=ploigos-base ploigos-base-java-8 -podman build --tag ploigos-ci-agent-jenkins --build-arg BASE_IMAGE=ploigos-base-java-8 ploigos-ci-agent-jenkins -podman build --tag ploigos-jenkins ploigos-jenkins -podman build --tag ploigos-jenkins-init ploigos-jenkins-init -podman build --tag ploigos-tool-argocd --build-arg BASE_IMAGE=ploigos-base ploigos-tool-argocd -podman build --tag ploigos-tool-config-lint --build-arg BASE_IMAGE=ploigos-base ploigos-tool-config-lint -podman build --tag ploigos-tool-containers --build-arg BASE_IMAGE=ploigos-base ploigos-tool-containers -podman build --tag ploigos-tool-helm --build-arg BASE_IMAGE=ploigos-base ploigos-tool-helm -podman build --tag ploigos-tool-maven --build-arg BASE_IMAGE=ploigos-base-java-8 ploigos-tool-maven -podman build --tag ploigos-tool-rekor --build-arg BASE_IMAGE=ploigos-base ploigos-tool-rekor -podman build --tag ploigos-tool-sonar --build-arg BASE_IMAGE=ploigos-base ploigos-tool-sonar - -podman build -f Containerfile.centos --tag ploigos-base:latest.centos ploigos-base -podman build -f Containerfile.centos --tag ploigos-tool-containers:latest.centos --build-arg BASE_IMAGE=ploigos-base:latest.centos ploigos-tool-containers -podman build -f Containerfile.centos --tag ploigos-tool-openscap --build-arg BASE_IMAGE=ploigos-tool-containers:latest.centos ploigos-tool-openscap -``` ## Test > **TODO** diff --git a/ploigos-base/Containerfile.centos b/ploigos-base/Containerfile.centos deleted file mode 100644 index d589237..0000000 --- a/ploigos-base/Containerfile.centos +++ /dev/null @@ -1,83 +0,0 @@ -ARG BASE_IMAGE=quay.io/centos/centos:8 -ARG PLOIGOS_USER_NAME=ploigos -ARG PLOIGOS_USER_UID=1001 -ARG PLOIGOS_USER_GID=0 -ARG PLOIGOS_HOME_DIR=/home/ploigos -ARG PLOIGOS_SOURCE=ploigos-step-runner==0.16.0 -ARG OPENSHIFT_CLI_VERSION=4.6 -ARG YQ_VERSION=3.4.1 - -############################################## -# Stage 1 : Retrieive oc cli -############################################## -FROM quay.io/openshift/origin-cli:$OPENSHIFT_CLI_VERSION as origin-cli - -############################################## -# Stage 2 : Build ploigos-base -############################################## -FROM $BASE_IMAGE -ARG PLOIGOS_USER_NAME -ARG PLOIGOS_USER_UID -ARG PLOIGOS_USER_GID -ARG PLOIGOS_HOME_DIR -ARG PLOIGOS_SOURCE -ARG YQ_VERSION -COPY --from=origin-cli /usr/bin/oc /usr/bin/oc -COPY --from=origin-cli /usr/bin/kubectl /usr/bin/kubectl - -# arguments -# NOTE: arguments used in sub stage have to be in that stage (at least when building with docker, buildah doesn't seem to have a problem either way) -ARG SOPS_RPM="https://github.com/mozilla/sops/releases/download/v3.6.1/sops-3.6.1-1.x86_64.rpm" - -# labels -ENV DESCRIPTION="Ploigos base container." -LABEL \ - maintainer="Ploigos " \ - name="ploigos/ploigos-base" \ - summary="$DESCRIPTION" \ - description="$DESCRIPTION" \ - License="GPLv2+" \ - architecture="x86_64" \ - io.k8s.display-name="Ploigos - Base" \ - io.k8s.description="$DESCRIPTION" \ - io.openshift.expose-services="" \ - io.openshift.tags="ploigos" \ - com.redhat.component="ploigos-base-container" - -ENV HOME=/home/ploigos \ - LANG=en_US.UTF-8 \ - LC_ALL=en_US.UTF-8 - -USER root - -# Install JQ -RUN curl -L https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 -o /usr/bin/jq && \ - chmod +x /usr/bin/jq - -# Install YQ -RUN curl -L https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 -o /usr/bin/yq &&\ - chmod +x /usr/bin/yq - -# Install packages -RUN INSTALL_PKGS="gettext git rsync tar unzip which zip bzip2 python36 python3-pip python3-pip-wheel python3-setuptools python36-devel ${SOPS_RPM} gnupg2" && \ - dnf update -y --allowerasing --nobest && \ - dnf install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \ - dnf clean all && \ - rm -rf /var/cache /var/log/dnf* /var/log/yum.* - -# Configure Python -RUN alternatives --set python /usr/bin/python3 && \ - python -m pip install --no-cache-dir --upgrade pip - -# Install Ploigos step runner python library -RUN python -m pip install --no-cache-dir --upgrade ${PLOIGOS_SOURCE} - -# Configure ploigos user -RUN useradd ploigos --uid $PLOIGOS_USER_UID --gid $PLOIGOS_USER_GID --home-dir ${PLOIGOS_HOME_DIR} --create-home --shell /sbin/nologin && \ - chown -R $PLOIGOS_USER_UID:${PLOIGOS_USER_GID} ${PLOIGOS_HOME_DIR} && \ - chmod -R g+w ${PLOIGOS_HOME_DIR} - -# Allow root(0) group to run update-ca-trust extract -RUN chmod -R g+w /etc/pki/ca-trust/extracted - -USER $PLOIGOS_USER_UID diff --git a/ploigos-tool-containers/Containerfile.centos b/ploigos-tool-containers/Containerfile.centos deleted file mode 100644 index 14fb403..0000000 --- a/ploigos-tool-containers/Containerfile.centos +++ /dev/null @@ -1,44 +0,0 @@ -# This image is based on the following Dockerfiles: -# https://catalog.redhat.com/software/containers/rhel8/buildah/5dca3d76dd19c71643b226d5?container-tabs=dockerfile -# https://github.com/containers/buildah/blob/master/contrib/buildahimage/stable/Dockerfile -ARG BASE_IMAGE=quay.io/ploigos/ploigos-base:latest.centos -ARG GO_VERSION=1.12.17 - -FROM $BASE_IMAGE -ARG PLOIGOS_USER_UID -ARG GO_VERSION - -# labels -ENV DESCRIPTION="Ploigos tool container with container tools, skopeo, buildah, and podman." -LABEL \ - maintainer="Ploigos " \ - name="ploigos/ploigos-tool-containers" \ - summary="$DESCRIPTION" \ - description="$DESCRIPTION" \ - License="GPLv2+" \ - architecture="x86_64" \ - io.k8s.display-name="Ploigos - Tool - containers" \ - io.k8s.description="$DESCRIPTION" \ - io.openshift.expose-services="" \ - io.openshift.tags="ploigos,podman,skopeo,buildah" \ - com.redhat.component="ploigos-tool-containers-container" - -USER root - -# update and install packages -RUN INSTALL_PKGS="buildah podman skopeo" && \ - dnf update -y --allowerasing --nobest && \ - dnf install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \ - dnf clean all && \ - rm -rf /var/cache /var/log/dnf* /var/log/yum.* - -# Adjust storage.conf to enable Fuse storage. -RUN sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' /etc/containers/storage.conf -RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers; touch /var/lib/shared/overlay-images/images.lock; touch /var/lib/shared/overlay-layers/layers.lock - -USER $PLOIGOS_USER_UID - -# Set up environment variables to note that this is -# not starting with usernamespace and default to -# isolate the filesystem with chroot. -ENV _BUILDAH_STARTED_IN_USERNS="" BUILDAH_ISOLATION=chroot diff --git a/ploigos-tool-containers/README.md b/ploigos-tool-containers/README.md index e842040..d1b4bbf 100644 --- a/ploigos-tool-containers/README.md +++ b/ploigos-tool-containers/README.md @@ -10,9 +10,6 @@ Included CLI tools: * `buildah` * `podman` * `skopeo` - -**NOTE: Currently this image must be built on a RHEL 8 host that is properly subscribed in order to install its dependencies. For this reason, GitHub Actions are not yet defined to build this image.** - ## Local Build To build and push this image perform the following on a properly subscribed RHEL 8 host: diff --git a/ploigos-tool-openscap/Containerfile.centos b/ploigos-tool-openscap/Containerfile.centos deleted file mode 100644 index ca24a05..0000000 --- a/ploigos-tool-openscap/Containerfile.centos +++ /dev/null @@ -1,25 +0,0 @@ -ARG BASE_IMAGE=quay.io/ploigos/ploigos-tool-containers:latest.centos - -FROM $BASE_IMAGE -ARG PLOIGOS_USER_UID - -# labels -ENV DESCRIPTION="Ploigos tool container with OpenSCAP." -LABEL \ - maintainer="Ploigos " \ - name="ploigos/ploigos-tool-openscap" \ - summary="$DESCRIPTION" \ - description="$DESCRIPTION" \ - License="GPLv2+" \ - architecture="x86_64" \ - io.k8s.display-name="Ploigos - Tool - OpenSCAP" \ - io.k8s.description="$DESCRIPTION" \ - io.openshift.expose-services="" \ - io.openshift.tags="ploigos,oscap,openscap" \ - com.redhat.component="ploigos-tool-openscap-container" - -RUN INSTALL_PKGS="openscap-scanner" && \ - dnf update -y --allowerasing --nobest && \ - dnf install -y --setopt=tsflags=nodocs $INSTALL_PKGS && \ - dnf clean all && \ - rm -rf /var/cache /var/log/dnf* /var/log/yum.* diff --git a/ploigos-tool-openscap/README.md b/ploigos-tool-openscap/README.md index a8fe11c..5aa018d 100644 --- a/ploigos-tool-openscap/README.md +++ b/ploigos-tool-openscap/README.md @@ -6,8 +6,6 @@ This repository contains the container definition for creating the Ploigos workf This container image is intended to be used as the container image to run Ploigos workflow steps in that require access to the [OpenSCAP](https://www.open-scap.org/tools/openscap-base/) CLI tool. -**NOTE: Currently this image must be built on a RHEL 8 host that is properly subscribed in order to install its dependencies. For this reason, GitHub Actions are not yet defined to build this image.** - ## Local Build To build and push this image perform the following on a properly subscribed RHEL 8 host: