From 444d9395ed513c9bbc53f922e926a38a07829a99 Mon Sep 17 00:00:00 2001
From: Hussam Qasem <hqasem@tyeb.com>
Date: Sun, 30 Apr 2023 17:40:18 +0300
Subject: [PATCH 1/7] feat(ocne): Upgrade to OCNE 1.6

Signed-off-by: Hussam Qasem <hqasem@tyeb.com>
---
 OCNE/.env                 |  21 +++++--
 OCNE/README.md            |  34 +++++-----
 OCNE/Vagrantfile          |  38 +++++++----
 OCNE/scripts/provision.sh | 128 +++++++++++++++++++++++++++++++++-----
 4 files changed, 176 insertions(+), 45 deletions(-)

diff --git a/OCNE/.env b/OCNE/.env
index 0e82eb5b..a6537ca5 100644
--- a/OCNE/.env
+++ b/OCNE/.env
@@ -65,19 +65,30 @@
 # OCNE_ENV_NAME="ocne-env"
 # OCNE_CLUSTER_NAME="ocne-cluster"
 
-# Deploy the Helm module?
+# Pod networking technology: flannel, calico, none. Note: flannel is deprecated.
+# POD_NETWORK=calico
+
+# Deploy Calico networking module? Sets POD_NETWORK=none. Place your config file in the current directory named: calico-config.yaml
+# DEPLOY_CALICO=false
+# CALICO_MODULE_NAME="ocne-calico"
+
+# Deploy Multus networking module? Place your config file in the current directory named: multus-config.conf
+# DEPLOY_MULTUS=false
+# MULTUS_MODULE_NAME="ocne-multus"
+
+# Deploy the Helm module? (deprecated)
 # DEPLOY_HELM=false
 # HELM_MODULE_NAME="ocne-helm"
 
-# Deploy the Istio module? Requires the Helm module and will set DEPLOY_HELM to 1 if not set.
+# Deploy the Istio module?
 # DEPLOY_ISTIO=false
 # ISTIO_MODULE_NAME="ocne-istio"
 
-# Deploy the Gluster module? Requires the Helm module and will set DEPLOY_HELM to 1 if not set.
+# Deploy the Gluster module? (deprecated)
 # DEPLOY_GLUSTER=false
 # GLUSTER_MODULE_NAME="ocne-gluster"
 
-# Deploy the MetalLB module? Requires the Helm module and will set DEPLOY_HELM to 1 if not set.
+# Deploy the MetalLB module?
 # DEPLOY_METALLB=false
 # METALLB_MODULE_NAME="ocne-metallb"
 
@@ -85,5 +96,5 @@
 # This should not be changed -- for development purpose
 # NB_MASTERS=1
 
-# Update Base OS
+# Update Base OS (experimental)
 # UPDATE_OS=false
diff --git a/OCNE/README.md b/OCNE/README.md
index 6727f4bc..8cb196b1 100644
--- a/OCNE/README.md
+++ b/OCNE/README.md
@@ -16,15 +16,17 @@ Environment Platform Agent installed and configured to communicate with the
 Platform API Server on the operator node.
 
 The installation includes the Kubernetes module for Oracle Cloud
-Native Environment which deploys Kubernetes [1.24.8](https://docs.oracle.com/en/operating-systems/olcne/1.5/relnotes/components.html#d672e108) configured to use
-the CRI-O runtime interface. Two runtime engines are installed, runc and
-Kata Containers.
+Native Environment which deploys Kubernetes [1.25.7](https://docs.oracle.com/en/operating-systems/olcne/1.6/relnotes/components.html#components)
+configured to use the CRI-O runtime interface. Two runtime engines are installed,
+[runC](https://docs.oracle.com/en/operating-systems/olcne/1.6/runtimes/runc.html#runc)
+and (now deprecated) [Kata](https://docs.oracle.com/en/operating-systems/olcne/1.6/runtimes/kata.html#kata) Containers.
 
-You may optionally enable the deployment of the Helm, Istio, MetalLB or Gluster
-modules. Note that enabling the Istio, MetalLB or Gluster modules will
-automatically enable the Helm module.
+You may set your cluster networking to Calico (default), Flannel (deprecated) or Multus on top of either Calico or Flannel.
 
-_Note:_ Kata Containers requires Intel hardware virtualization support and
+You may optionally enable the deployment of Istio, MetalLB or Gluster (deprecated)
+modules. Note that Helm is now installed automatically.
+
+_Note:_ Kata Containers (now deprecated) require Intel hardware virtualization support and
 will not work in a VirtualBox guest until nested virtualization support is
 released for Intel CPUs.
 
@@ -126,10 +128,13 @@ At least one worker node is required.
 Kubernetes Dashboard from a browser on your host.
 __Note__: you only need this if you want to expose the kubectl proxy to other
 hosts in your network.
-- `DEPLOY_HELM` (default: `false`): deploys the Helm module.
-- `DEPLOY_ISTIO` (default: `false`): deploys the Istio and Helm modules.
-- `DEPLOY_METALLB` (default: `false`): deploys the MetalLB and Helm modules.
-- `DEPLOY_GLUSTER` (default: `false`): deploys the Gluster and Helm modules.
+- `POD_NETWORK` (default: `calico`): deploys the Calico networking module with default configuration. Can be set to [`calico`, `flannel`, `none`].
+- `DEPLOY_CALICO` (default: `false`): deploys the Calico networking module with custom configuration `calico-config.yaml`.
+- `DEPLOY_MULTUS` (default: `false`): deploys the Multus networking module with custom configuration `multus-config.yaml`.
+- `DEPLOY_HELM` (default: `false`): deploys the Helm module (deprecated).
+- `DEPLOY_ISTIO` (default: `false`): deploys the Istio modules.
+- `DEPLOY_METALLB` (default: `false`): deploys the MetalLB module.
+- `DEPLOY_GLUSTER` (default: `false`): deploys the Gluster module (deprecated).
 __Note__: if `NB_WORKERS` is less than `3`, the `hyperconverged` `storageclass`
 is patched to adjust the number of Gluster replicas accordingly.
 __Note__: This provisioning script also installs Heketi on the operator node.
@@ -186,9 +191,10 @@ vagrant plugin install <name>...
 
 ## Product Documentation
 
-- [Oracle Cloud Native Environment: Getting Started](https://docs.oracle.com/en/operating-systems/olcne/start/index.html)
-- [Oracle Cloud Native Environment: Using Container Orchestration](https://docs.oracle.com/en/operating-systems/olcne/orchestration/index.html)
-- [Oracle Cloud Native Environment: Using Container Runtimes](https://docs.oracle.com/en/operating-systems/olcne/runtimes/index.html)
+- [Oracle Cloud Native Environment: Getting Started](https://docs.oracle.com/en/operating-systems/olcne/1.6/start/)
+- [Oracle Cloud Native Environment: Container Orchestration](https://docs.oracle.com/en/operating-systems/olcne/1.6/orchestration/)
+- [Oracle Cloud Native Environment: Container Runtimes](https://docs.oracle.com/en/operating-systems/olcne/1.6/runtimes/)
+- [Oracle Cloud Native Environment: Platform CLI](https://docs.oracle.com/en/operating-systems/olcne/1.6/olcnectl/)
 
 ## Feedback
 
diff --git a/OCNE/Vagrantfile b/OCNE/Vagrantfile
index 3a56ec80..11e9ae89 100644
--- a/OCNE/Vagrantfile
+++ b/OCNE/Vagrantfile
@@ -53,14 +53,14 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
   
   # vCPUS and Memory for the VMs
   OPERATOR_CPUS = default_i('OPERATOR_CPUS', 1)
-  OPERATOR_MEMORY = default_i("OPERATOR_MEMORY", 1024)
+  OPERATOR_MEMORY = default_i('OPERATOR_MEMORY', 1024)
   MASTER_CPUS = default_i('MASTER_CPUS', 2)
-  MASTER_MEMORY = default_i("MASTER_MEMORY", 2048)
+  MASTER_MEMORY = default_i('MASTER_MEMORY', 2048)
   WORKER_CPUS = default_i('WORKER_CPUS', 1)
-  WORKER_MEMORY = default_i("WORKER_MEMORY", 1024)
+  WORKER_MEMORY = default_i('WORKER_MEMORY', 1024)
 
   # Group VirtualBox containers
-  VB_GROUP = default_s("VB_GROUP", "OCNE")
+  VB_GROUP = default_s('VB_GROUP', 'OCNE')
 
   # Multi-master setup. Deploy 3 masters in HA mode.
   MULTI_MASTER = default_b('MULTI_MASTER', false)
@@ -106,22 +106,33 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
   # Check the README.md file for more details.
   REGISTRY_OCNE = default_s('REGISTRY_OCNE', 'container-registry.oracle.com/olcne')
 
+  # Deploy Calico networking module?
+  DEPLOY_CALICO = default_b('DEPLOY_CALICO', false)
+  
+  # Deploy Multus networking module?
+  DEPLOY_MULTUS = default_b('DEPLOY_MULTUS', false)
+  
+  # Pod networking technology: flannel, calico, none. Note: flannel is deprecated.
+  if DEPLOY_CALICO
+    POD_NETWORK = 'none'
+  else
+    POD_NETWORK = default_s('POD_NETWORK', 'calico')
+  end
+  
   # Deploy Istio?
   DEPLOY_ISTIO = default_b('DEPLOY_ISTIO', false)
 
   # Deploy MetalLB?
   DEPLOY_METALLB = default_b('DEPLOY_METALLB', false)
 
-  # Deploy Gluster?
+  # Deploy Gluster? (deprecated)
   DEPLOY_GLUSTER = default_b('DEPLOY_GLUSTER', false)
 
-  # Helm is required to deploy Istio, MetalLB or Gluster. Otherwise it's optional
-  if DEPLOY_ISTIO or DEPLOY_METALLB or DEPLOY_GLUSTER
-    DEPLOY_HELM = true
-  else
-    DEPLOY_HELM = default_b('DEPLOY_HELM', false)
-  end
+  # Deploy Helm? (deprecated)
+  DEPLOY_HELM = default_b('DEPLOY_HELM', false)
 
+  CALICO_MODULE_NAME = default_s('CALICO_MODULE_NAME', 'ocne-calico')
+  MULTUS_MODULE_NAME = default_s('MULTUS_MODULE_NAME', 'ocne-multus') 
   HELM_MODULE_NAME = default_s('HELM_MODULE_NAME', 'ocne-helm')
   ISTIO_MODULE_NAME = default_s('ISTIO_MODULE_NAME', 'ocne-istio')
   METALLB_MODULE_NAME = default_s('METALLB_MODULE_NAME', 'ocne-metallb')
@@ -170,6 +181,11 @@ def provision_vm(vm, vm_args)
   args.push("--multi-master") if MULTI_MASTER
   args.push("--repo", YUM_REPO) unless YUM_REPO == ""
   args.push("--ocne-dev") if OCNE_DEV
+  args.push("--pod-network", POD_NETWORK) if POD_NETWORK
+  args.push("--with-calico") if DEPLOY_CALICO
+  args.push("--calico-module-name", CALICO_MODULE_NAME) if DEPLOY_CALICO
+  args.push("--with-multus") if DEPLOY_MULTUS
+  args.push("--multus-module-name", MULTUS_MODULE_NAME) if DEPLOY_MULTUS
   args.push("--with-helm") if DEPLOY_HELM
   args.push("--helm-module-name", HELM_MODULE_NAME) if DEPLOY_HELM
   args.push("--with-istio") if DEPLOY_ISTIO
diff --git a/OCNE/scripts/provision.sh b/OCNE/scripts/provision.sh
index 8f925fd3..e4bf4177 100755
--- a/OCNE/scripts/provision.sh
+++ b/OCNE/scripts/provision.sh
@@ -80,6 +80,7 @@ parse_args() {
   OCNE_CLUSTER_NAME='' OCNE_ENV_NAME='' OCNE_DEV=0 OCNE_VERSION='' REGISTRY_OCNE=''
   OPERATOR=0 MULTI_MASTER=0 MASTER=0 MASTERS='' WORKER=0 WORKERS=''
   VERBOSE=0 SUBNET='' EXTRA_REPO='' NGINX_IMAGE=''
+  POD_NETWORK=calico DEPLOY_CALICO=0 CALICO_MODULE_NAME='' DEPLOY_MULTUS=0 MULTUS_MODULE_NAME=''
   DEPLOY_HELM=0 HELM_MODULE_NAME='' DEPLOY_ISTIO=0 ISTIO_MODULE_NAME=''
   DEPLOY_METALLB=0 METALLB_MODULE_NAME='' DEPLOY_GLUSTER=0 GLUSTER_MODULE_NAME=''
 
@@ -161,6 +162,39 @@ parse_args() {
         WORKERS="$2"
         shift; shift
         ;;
+      "--pod-network")
+        if [[ $# -lt 2 ]]; then
+          echo "Missing parameter for --pod-network" >&2
+	        exit 1
+        fi
+        POD_NETWORK="$2"
+        shift; shift
+        ;;
+
+      "--with-calico")
+        DEPLOY_CALICO=1
+        shift
+        ;;
+      "--calico-module-name")
+        if [[ $# -lt 2 ]]; then
+          echo "Missing parameter for --calico-module-name" >&2
+	        exit 1
+        fi
+        CALICO_MODULE_NAME="$2"
+        shift; shift
+        ;;
+      "--with-multus")
+        DEPLOY_MULTUS=1
+        shift
+        ;;
+      "--multus-module-name")
+        if [[ $# -lt 2 ]]; then
+          echo "Missing parameter for --multus-module-name" >&2
+	        exit 1
+        fi
+        MULTUS_MODULE_NAME="$2"
+        shift; shift
+        ;;
       "--with-helm")
         DEPLOY_HELM=1
         shift
@@ -234,6 +268,9 @@ parse_args() {
   readonly OCNE_CLUSTER_NAME OCNE_ENV_NAME OCNE_DEV REGISTRY_OCNE
   readonly OPERATOR MULTI_MASTER MASTER MASTERS WORKER WORKERS
   readonly VERBOSE EXTRA_REPO NGINX_IMAGE
+  readonly POD_NETWORK
+  readonly DEPLOY_CALICO CALICO_MODULE_NAME
+  readonly DEPLOY_MULTUS MULTUS_MODULE_NAME
   readonly DEPLOY_HELM HELM_MODULE_NAME
   readonly DEPLOY_ISTIO ISTIO_MODULE_NAME
   readonly DEPLOY_METALLB METALLB_MODULE_NAME
@@ -255,8 +292,8 @@ setup_repos() {
 
   # Add OCNE release package
   echo_do sudo dnf install -y oracle-olcne-release-el8
-  echo_do sudo dnf config-manager --enable ol8_olcne15 ol8_baseos_latest ol8_appstream ol8_addons ol8_kvm_appstream ol8_UEKR7
-  echo_do sudo dnf config-manager --disable ol8_olcne12 ol8_olcne13 ol8_olcne14
+  echo_do sudo dnf config-manager --enable ol8_olcne16 ol8_addons ol8_baseos_latest ol8_appstream ol8_kvm_appstream ol8_UEKR7
+  echo_do sudo dnf config-manager --disable ol8_olcne15 ol8_olcne14 ol8_olcne13 ol8_olcne12
 
   # Optional extra repo
   if [[ -n ${EXTRA_REPO} ]]; then echo_do sudo dnf config-manager --add-repo "${EXTRA_REPO}"; fi
@@ -307,7 +344,7 @@ requirements() {
   echo_do sudo /sbin/sysctl -p /etc/sysctl.d/k8s.conf
   
   # Enable & start firewalld; add eth1 (nat) to the public zone
-  echo_do sudo systemctl enable --now firewalld
+  echo_do sudo systemctl enable --now firewalld.service
   echo_do sudo firewall-cmd --zone=public --add-interface=eth1 --permanent
 }
 
@@ -328,8 +365,10 @@ install_packages() {
 
   ### `nft_masq` is not part of kernel-uek-core since OL8U7. To enable masquerading, we must install kernel-uek-modules
   ### https://docs.oracle.com/en/operating-systems/uek/7/relnotes7.0/uek7.0-NewFeaturesandChanges.html
-  msg "Installing kernel-uek-modules"
-  echo_do sudo dnf install -y kernel-uek-modules-$(uname -r)
+  if ! [[ ${POD_NETWORK} == "calico" || ${DEPLOY_CALICO} == 1 ]]; then
+    msg "Installing kernel-uek-modules"
+    echo_do sudo dnf install -y kernel-uek-modules-$(uname -r)
+  fi
   msg "Installing the OpenSSL toolkit"
   echo_do sudo dnf install -y openssl
   ###
@@ -339,7 +378,9 @@ install_packages() {
     echo_do sudo dnf install -y olcnectl"${OCNE_VERSION}" olcne-api-server"${OCNE_VERSION}" olcne-utils"${OCNE_VERSION}"
     echo_do sudo systemctl enable olcne-api-server.service
     echo_do sudo firewall-cmd --add-port=8091/tcp --permanent
-    echo_do sudo firewall-cmd --add-masquerade --permanent
+    if ! [[ ${POD_NETWORK} == "calico" || ${DEPLOY_CALICO} == 1 ]]; then
+      echo_do sudo firewall-cmd --add-masquerade --permanent
+    fi
   fi
   if [[ ${MASTER} == 1 || ${WORKER} == 1 ]]; then
     msg "Installing the Oracle Cloud Native Environment Platform Agent"
@@ -450,9 +491,14 @@ install_packages() {
       echo_do rm -f /vagrant/topology-ocne.json
     fi
   fi
-  
-  # Reload firewalld
-  echo_do sudo firewall-cmd --reload
+
+  if ! [[ ${POD_NETWORK} == "calico" || ${DEPLOY_CALICO} == 1 ]]; then
+    # Reload firewalld
+    echo_do sudo firewall-cmd --reload
+  else
+    msg "Disable firewalld.service as required by Calico networking"
+    echo_do sudo systemctl disable --now firewalld.service
+  fi
 }
 
 #######################################
@@ -599,8 +645,9 @@ deploy_kubernetes() {
       --module kubernetes --name "${OCNE_CLUSTER_NAME}" \
       --container-registry "${REGISTRY_OCNE}" \
       --nginx-image "${REGISTRY_OCNE}/${NGINX_IMAGE}" \
+      --pod-network "${POD_NETWORK}" \
       --pod-network-iface eth1 \
-      --master-nodes "${master_nodes}" \
+      --control-plane-nodes "${master_nodes}" \
       --worker-nodes "${worker_nodes}" \
       --restrict-service-externalip true \
       --restrict-service-externalip-ca-cert=${EXTERNALIP_VALIDATION_CERT_DIR}/production/ca.cert \
@@ -614,9 +661,10 @@ deploy_kubernetes() {
       --module kubernetes --name "${OCNE_CLUSTER_NAME}" \
       --container-registry "${REGISTRY_OCNE}" \
       --nginx-image "${REGISTRY_OCNE}/${NGINX_IMAGE}" \
+      --pod-network "${POD_NETWORK}" \
       --pod-network-iface eth1 \
       --virtual-ip "${SUBNET}.99" \
-      --master-nodes "${master_nodes}" \
+      --control-plane-nodes "${master_nodes}" \
       --worker-nodes "${worker_nodes}" \
       --restrict-service-externalip true \
       --restrict-service-externalip-ca-cert=${EXTERNALIP_VALIDATION_CERT_DIR}/production/ca.cert \
@@ -654,11 +702,61 @@ deploy_modules() {
 
   msg "Deploying additional modules"
 
-  # Helm module
+  # Calico networking module
+  if [[ ${DEPLOY_CALICO} == 1 ]]; then
+
+    # Create the Calico networking module
+    msg "Creating the Calico networking module: ${CALICO_MODULE_NAME}"
+    echo_do olcnectl module create \
+      --environment-name "${OCNE_ENV_NAME}" \
+      --module calico \
+      --name "${CALICO_MODULE_NAME}" \
+      --calico-kubernetes-module "${OCNE_CLUSTER_NAME}" \
+      --calico-installation-config /vagrant/calico-config.yaml
+
+    # Validate the Calico networking module
+    msg "Validating the Calico networking module: ${CALICO_MODULE_NAME}"
+    echo_do olcnectl module validate \
+      --environment-name "${OCNE_ENV_NAME}" \
+      --name "${CALICO_MODULE_NAME}"
+
+    # Deploy the Calico networking module
+    msg "Deploying the Calico module: ${CALICO_MODULE_NAME} into ${OCNE_CLUSTER_NAME}"
+    echo_do olcnectl module install \
+      --environment-name "${OCNE_ENV_NAME}" \
+      --name "${CALICO_MODULE_NAME}"
+  fi
+
+  # Multus networking module
+  if [[ ${DEPLOY_MULTUS} == 1 ]]; then
+
+    # Create the Multus networking module
+    msg "Creating the Multus networking module: ${MULTUS_MODULE_NAME}"
+    echo_do olcnectl module create \
+      --environment-name "${OCNE_ENV_NAME}" \
+      --module multus \
+      --name "${MULTUS_MODULE_NAME}" \
+      --multus-kubernetes-module "${OCNE_CLUSTER_NAME}" \
+      --multus-installation-config /vagrant/multus-config.yaml
+
+    # Validate the Multus networking module
+    msg "Validating the Multus networking module: ${MULTUS_MODULE_NAME}"
+    echo_do olcnectl module validate \
+      --environment-name "${OCNE_ENV_NAME}" \
+      --name "${MULTUS_MODULE_NAME}"
+
+    # Deploy the Multus networking module
+    msg "Deploying the Multus module: ${MULTUS_MODULE_NAME} into ${OCNE_CLUSTER_NAME}"
+    echo_do olcnectl module install \
+      --environment-name "${OCNE_ENV_NAME}" \
+      --name "${MULTUS_MODULE_NAME}"
+  fi
+
+  # Helm module (deprecated)
   if [[ ${DEPLOY_HELM} == 1 ]]; then
 
     # Create the Helm module
-    msg "Creating the Helm module: ${HELM_MODULE_NAME}"
+    msg "Creating the Helm module (deprecated): ${HELM_MODULE_NAME}"
     echo_do olcnectl module create \
       --environment-name "${OCNE_ENV_NAME}" \
       --module helm \
@@ -746,7 +844,7 @@ deploy_modules() {
 
     # Create the Gluster module
     # using defaults url/user/secret-key: olcnectl module create --module gluster --help
-    msg "Creating the Gluster module: ${GLUSTER_MODULE_NAME}"
+    msg "Creating the Gluster module (deprecated): ${GLUSTER_MODULE_NAME}"
     HEKETI_CLI_SERVER="http://127.0.0.1:8080"
     if [[ ${MASTER} == 0 ]]; then
       # Standalone operator
@@ -925,7 +1023,7 @@ fixups() {
   for node in ${nodes//,/ }; do
     echo_do ssh "${node}" "\"\
       sudo sed -i 's/AllowZoneDrifting=yes/AllowZoneDrifting=no/' /etc/firewalld/firewalld.conf \
-      && sudo systemctl reload firewalld.service \
+      && (sudo systemctl reload firewalld.service; true) \
       \""
   done
   

From f467b0676085870bf63aacb1a7a14353c03327c7 Mon Sep 17 00:00:00 2001
From: Hussam Qasem <hqasem@tyeb.com>
Date: Sun, 30 Apr 2023 19:50:31 +0300
Subject: [PATCH 2/7] Remove Helm dependency

Signed-off-by: Hussam Qasem <hqasem@tyeb.com>
---
 OCNE/scripts/provision.sh | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/OCNE/scripts/provision.sh b/OCNE/scripts/provision.sh
index e4bf4177..c424509b 100755
--- a/OCNE/scripts/provision.sh
+++ b/OCNE/scripts/provision.sh
@@ -208,7 +208,6 @@ parse_args() {
         shift; shift
         ;;
       "--with-istio")
-        DEPLOY_HELM=1
         DEPLOY_ISTIO=1
         shift
         ;;
@@ -221,7 +220,6 @@ parse_args() {
         shift; shift
         ;;
       "--with-metallb")
-        DEPLOY_HELM=1
         DEPLOY_METALLB=1
         shift
         ;;
@@ -234,7 +232,6 @@ parse_args() {
         shift; shift
         ;;
       "--with-gluster")
-        DEPLOY_HELM=1
         DEPLOY_GLUSTER=1
         shift
         ;;

From 7666d31ceec6c5b209caacde0788d15df780ca39 Mon Sep 17 00:00:00 2001
From: Hussam Qasem <hqasem@tyeb.com>
Date: Mon, 1 May 2023 07:57:50 +0300
Subject: [PATCH 3/7] feat(ocne): Upgrade to OCNE 1.6

Signed-off-by: Hussam Qasem <hqasem@tyeb.com>
---
 Ocr-Yum-Mirror/scripts/yum-mirror.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Ocr-Yum-Mirror/scripts/yum-mirror.sh b/Ocr-Yum-Mirror/scripts/yum-mirror.sh
index 486787b7..09319ae2 100644
--- a/Ocr-Yum-Mirror/scripts/yum-mirror.sh
+++ b/Ocr-Yum-Mirror/scripts/yum-mirror.sh
@@ -21,8 +21,8 @@ dnf install -y httpd
 dnf install -y oracle-olcne-release-el8
 dnf install net-tools -y
 dnf install mlocate -y
-dnf config-manager --enable ol8_olcne15 ol8_baseos_latest ol8_appstream ol8_addons ol8_UEKR6
-dnf config-manager --disable ol8_olcne12 ol8_olcne13 ol8_olcne14
+dnf config-manager --enable ol8_olcne16 ol8_addons ol8_baseos_latest ol8_appstream ol8_UEKR7
+dnf config-manager --disable ol8_olcne15 ol8_olcne14 ol8_olcne13 ol8_olcne12
 systemctl enable --now httpd.service
 systemctl enable --now firewalld.service
 firewall-cmd --permanent --add-service=http

From 8824fc728f3d7ec17357c8f1a5ac13fb7f041952 Mon Sep 17 00:00:00 2001
From: Hussam Qasem <hqasem@tyeb.com>
Date: Mon, 1 May 2023 08:13:18 +0300
Subject: [PATCH 4/7] feat(ocne): Upgrade to OCNE 1.6

Signed-off-by: Hussam Qasem <hqasem@tyeb.com>
---
 Ocr-Yum-Mirror/scripts/yum-mirror.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Ocr-Yum-Mirror/scripts/yum-mirror.sh b/Ocr-Yum-Mirror/scripts/yum-mirror.sh
index 09319ae2..4e28e5a1 100644
--- a/Ocr-Yum-Mirror/scripts/yum-mirror.sh
+++ b/Ocr-Yum-Mirror/scripts/yum-mirror.sh
@@ -45,7 +45,7 @@ dnf install -y policycoreutils-python-utils
 restorecon -F -R -v /var/yum
 sudo /usr/bin/reposync --delete --newest-only --repoid ol8_baseos_latest --download-metadata --exclude='*.src,*.nosrc' -p /var/yum
 sudo /usr/bin/reposync --delete --newest-only --repoid ol8_appstream --download-metadata --exclude='*.src,*.nosrc' -p /var/yum
-sudo /usr/bin/reposync --delete --newest-only --repoid ol8_olcne15 --download-metadata --exclude='*.src,*.nosrc' -p /var/yum
+sudo /usr/bin/reposync --delete --newest-only --repoid ol8_olcne16 --download-metadata --exclude='*.src,*.nosrc' -p /var/yum
 sudo /usr/bin/reposync --delete --newest-only --repoid ol8_addons --download-metadata --exclude='*.src,*.nosrc' -p /var/yum
 sudo /usr/bin/reposync --delete --newest-only --repoid ol8_UEKR6 --download-metadata --exclude='*.src,*.nosrc' -p /var/yum
 sudo /usr/bin/reposync --delete --newest-only --repoid ol8_UEKR7 --download-metadata --exclude='*.src,*.nosrc' -p /var/yum
@@ -53,7 +53,7 @@ sudo /usr/bin/reposync --delete --newest-only --repoid ol8_UEKR7 --download-meta
 # add sync script for yum mirror
 echo "sudo /usr/bin/reposync --delete --newest-only --repoid ol8_baseos_latest --download-metadata --exclude='*.src,*.nosrc' -p /var/yum" > /home/vagrant/sync-yum.sh
 echo "sudo /usr/bin/reposync --delete --newest-only --repoid ol8_appstream --download-metadata --exclude='*.src,*.nosrc' -p /var/yum" >> /home/vagrant/sync-yum.sh
-echo "sudo /usr/bin/reposync --delete --newest-only --repoid ol8_olcne15 --download-metadata --exclude='*.src,*.nosrc' -p /var/yum" >> /home/vagrant/sync-yum.sh
+echo "sudo /usr/bin/reposync --delete --newest-only --repoid ol8_olcne16 --download-metadata --exclude='*.src,*.nosrc' -p /var/yum" >> /home/vagrant/sync-yum.sh
 echo "sudo /usr/bin/reposync --delete --newest-only --repoid ol8_addons --download-metadata --exclude='*.src,*.nosrc' -p /var/yum" >> /home/vagrant/sync-yum.sh
 echo "sudo /usr/bin/reposync --delete --newest-only --repoid ol8_UEKR6 --download-metadata --exclude='*.src,*.nosrc' -p /var/yum" >> /home/vagrant/sync-yum.sh
 echo "sudo /usr/bin/reposync --delete --newest-only --repoid ol8_UEKR7 --download-metadata --exclude='*.src,*.nosrc' -p /var/yum" >> /home/vagrant/sync-yum.sh

From 5178e55a7e929f118c5626b4d82a0e80646f5363 Mon Sep 17 00:00:00 2001
From: Hussam Qasem <hqasem@tyeb.com>
Date: Mon, 1 May 2023 10:02:36 +0300
Subject: [PATCH 5/7] Enable SELinux. Run-as vagrant

Signed-off-by: Hussam Qasem <hqasem@tyeb.com>
---
 Ocr-Yum-Mirror/README.md             |  2 +-
 Ocr-Yum-Mirror/Vagrantfile           | 12 +++---
 Ocr-Yum-Mirror/scripts/install.sh    | 33 ++++++++++++++--
 Ocr-Yum-Mirror/scripts/ocr-mirror.sh | 46 +++++++++++-----------
 Ocr-Yum-Mirror/scripts/yum-mirror.sh | 57 +++++++++-------------------
 5 files changed, 76 insertions(+), 74 deletions(-)

diff --git a/Ocr-Yum-Mirror/README.md b/Ocr-Yum-Mirror/README.md
index 50cb8c76..f8b7ec92 100644
--- a/Ocr-Yum-Mirror/README.md
+++ b/Ocr-Yum-Mirror/README.md
@@ -6,7 +6,7 @@ This projects collects all the software (RPMs and container images) required to
 
 - ol8_baseos_latest
 - ol8_appstream
-- ol8_olcne15
+- ol8_olcne16
 - ol8_addons
 - ol8_UEKR6
 - ol8_UEKR7
diff --git a/Ocr-Yum-Mirror/Vagrantfile b/Ocr-Yum-Mirror/Vagrantfile
index e9427516..4697a706 100644
--- a/Ocr-Yum-Mirror/Vagrantfile
+++ b/Ocr-Yum-Mirror/Vagrantfile
@@ -117,17 +117,17 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
   config.vm.hostname = NAME
 
   # Provision everything on the first run
-  config.vm.provision "shell", path: "scripts/install.sh"
+  config.vm.provision "shell", path: "scripts/install.sh", privileged: false
   
   # Provision everything for OCNE yum-mirror
-  config.vm.provision "shell", path: "scripts/yum-mirror.sh"
+  config.vm.provision "shell", path: "scripts/yum-mirror.sh", privileged: false
   
   # Provision everything for OCNE ocr-mirror 
-  config.vm.provision "shell", path: "scripts/ocr-mirror.sh"
+  config.vm.provision "shell", path: "scripts/ocr-mirror.sh", privileged: false
 
   # Share Yum mirror and OCNE mirror access
-  config.vm.provision "shell", inline: "echo 'INSTALLER: Oracle Linux Yum Mirror is available at http://<host-machine>:8080/yum/'"
-  config.vm.provision "shell", inline: "echo 'INSTALLER: Oracle Container Registry Mirror is available at https://<host-machine>:5000/olcne/'"
-  config.vm.provision "shell", inline: "echo 'INSTALLER: Installation complete, Oracle Linux 8 ready to use!'"
+  config.vm.provision "shell", inline: "echo 'INSTALLER: Oracle Linux Yum Mirror is available at http://<host-machine>:8080/yum/'", privileged: false
+  config.vm.provision "shell", inline: "echo 'INSTALLER: Oracle Container Registry Mirror is available at https://<host-machine>:5000/olcne/'", privileged: false
+  config.vm.provision "shell", inline: "echo 'INSTALLER: Installation complete, Oracle Linux 8 ready to use!'", privileged: false
 
 end
diff --git a/Ocr-Yum-Mirror/scripts/install.sh b/Ocr-Yum-Mirror/scripts/install.sh
index 660e8c83..004b3479 100644
--- a/Ocr-Yum-Mirror/scripts/install.sh
+++ b/Ocr-Yum-Mirror/scripts/install.sh
@@ -14,15 +14,40 @@
 echo 'INSTALLER: Started up'
 
 # get up to date
-dnf upgrade -y
+sudo dnf upgrade -y
 
 echo 'INSTALLER: System updated'
 
 echo 'INSTALLER: allow ssh access by password'
-sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
+sudo sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
+sudo systemctl reload sshd.service
 
 # fix locale warning
-echo LANG=en_US.utf-8 >> /etc/environment
-echo LC_ALL=en_US.utf-8 >> /etc/environment
+cat <<EOF | sudo tee -a /etc/environment
+LANG=en_US.utf-8
+LC_ALL=en_US.utf-8
+EOF
 
 echo 'INSTALLER: Locale set'
+
+echo 'INSTALLER: Creating persistent virtual-disk /dev/sdb1'
+# persistent disk
+printf "o\nn\np\n1\n\n\nw\n" |sudo fdisk /dev/sdb
+sudo mkfs.xfs /dev/sdb1
+sudo mkdir -p /var/yum
+sudo mount /dev/sdb1 /var/yum
+sudo chown vagrant: /var/yum
+
+echo 'INSTALLER: Add entry for the 2nd virtual-disk into /etc/fstab'
+cat /etc/mtab |grep sdb1 |sudo tee -a /etc/fstab
+
+echo 'INSTALLER: Installing prerequisite packages'
+sudo dnf install -y httpd
+sudo dnf install -y oracle-olcne-release-el8
+sudo dnf config-manager --enable ol8_olcne16 ol8_addons ol8_baseos_latest ol8_appstream ol8_UEKR7
+sudo dnf config-manager --disable ol8_olcne15 ol8_olcne14 ol8_olcne13 ol8_olcne12
+sudo systemctl enable --now firewalld.service
+sudo firewall-cmd --add-service=http --permanent
+# sudo firewall-cmd --add-service=https --permanent
+sudo systemctl reload firewalld.service
+sudo systemctl enable --now httpd.service
diff --git a/Ocr-Yum-Mirror/scripts/ocr-mirror.sh b/Ocr-Yum-Mirror/scripts/ocr-mirror.sh
index db8bae6c..88f496f9 100644
--- a/Ocr-Yum-Mirror/scripts/ocr-mirror.sh
+++ b/Ocr-Yum-Mirror/scripts/ocr-mirror.sh
@@ -15,42 +15,42 @@
 echo 'OCR MIRROR SETUP: Started up'
 
 # Software Install & system configuration
-dnf install podman -y
-dnf install openssl -y
-firewall-cmd --zone=public --permanent --add-port=5000/tcp
-systemctl restart firewalld
-dnf install olcne-utils -y
+# sudo dnf install -y podman
+sudo dnf install -y openssl
+sudo firewall-cmd --zone=public --add-port=5000/tcp --permanent 
+sudo systemctl reload firewalld.service
+sudo dnf install -y olcne-utils
 
 # disable SELINUX
-setenforce 0
-sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
+# sudo setenforce 0
+# sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
 
 # system configuration - ocr mirror
-openssl req -x509 -newkey rsa:4096 -keyout /tmp/ocr-yum-mirror.key -nodes -out /tmp/ocr-yum-mirror.crt -sha256 -subj '/CN=ocr-yum-mirror' -addext "subjectAltName = DNS:ocr-yum-mirror" -days 3650
-mkdir -p /var/yum/registry
-ln -s /var/yum/registry /var/lib/registry
-mkdir -p /var/lib/registry/conf.d
-cp /tmp/ocr-yum-mirror.crt /var/lib/registry/conf.d/
-cp /tmp/ocr-yum-mirror.key /var/lib/registry/conf.d/
-cp /tmp/ocr-yum-mirror.crt /etc/pki/ca-trust/source/anchors/
-update-ca-trust
-chmod 600 /var/lib/registry/conf.d/ocr-yum-mirror.key
+openssl req -x509 -newkey rsa:4096 -keyout /vagrant/ocr-yum-mirror.key -nodes -out /vagrant/ocr-yum-mirror.crt -sha256 -subj '/CN=ocr-yum-mirror' -addext "subjectAltName = DNS:ocr-yum-mirror" -days 3650
+mkdir /var/yum/registry
+sudo /usr/sbin/semanage fcontext -a -t user_home_t "/var/yum/registry(/.*)?"
+mkdir /var/yum/registry/conf.d
+cp /vagrant/ocr-yum-mirror.crt /var/yum/registry/conf.d/
+cp /vagrant/ocr-yum-mirror.key /var/yum/registry/conf.d/
+sudo cp /vagrant/ocr-yum-mirror.crt /etc/pki/ca-trust/source/anchors/
+sudo update-ca-trust
 
 # start container-registry mirror container
 podman run -d -p 5000:5000 --name ocr-yum-mirror --restart=always \
-    -v /var/lib/registry:/registry_data \
+    -v /var/yum/registry:/registry_data:Z \
     -e REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/registry_data \
     -e REGISTRY_HTTP_TLS_KEY=/registry_data/conf.d/ocr-yum-mirror.key \
     -e REGISTRY_HTTP_TLS_CERTIFICATE=/registry_data/conf.d/ocr-yum-mirror.crt \
     -e REGISTRY_AUTH="" \
     container-registry.oracle.com/os/registry:v2.7.1.1
 
-# collect OCNE container images
-registry-image-helper.sh --to ocr-yum-mirror:5000/olcne
-
 # add sync script for OCR mirror
-echo "sudo registry-image-helper.sh --to ocr-yum-mirror:5000/olcne" > /home/vagrant/sync-ocr.sh
-chown vagrant:vagrant /home/vagrant/sync-ocr.sh
-chmod 755 /home/vagrant/sync-ocr.sh
+cat <<EOF | tee /home/vagrant/sync-ocr.sh
+/usr/bin/registry-image-helper.sh --to ocr-yum-mirror:5000/olcne $*
+EOF
+chmod 700 /home/vagrant/sync-ocr.sh
+
+# collect OCNE container images
+/home/vagrant/sync-ocr.sh --version 1.25.7
 
 echo 'OCR MIRROR SETUP: Completed'
diff --git a/Ocr-Yum-Mirror/scripts/yum-mirror.sh b/Ocr-Yum-Mirror/scripts/yum-mirror.sh
index 4e28e5a1..00b6a0ea 100644
--- a/Ocr-Yum-Mirror/scripts/yum-mirror.sh
+++ b/Ocr-Yum-Mirror/scripts/yum-mirror.sh
@@ -15,49 +15,26 @@
 echo 'YUM MIRROR SETUP: Started up'
 
 # Software Install
-
-dnf install -y yum-utils
-dnf install -y httpd
-dnf install -y oracle-olcne-release-el8
-dnf install net-tools -y
-dnf install mlocate -y
-dnf config-manager --enable ol8_olcne16 ol8_addons ol8_baseos_latest ol8_appstream ol8_UEKR7
-dnf config-manager --disable ol8_olcne15 ol8_olcne14 ol8_olcne13 ol8_olcne12
-systemctl enable --now httpd.service
-systemctl enable --now firewalld.service
-firewall-cmd --permanent --add-service=http
-firewall-cmd --permanent --add-service=https
-firewall-cmd --reload
+sudo dnf install -y yum-utils
+sudo dnf install -y net-tools mlocate
+sudo firewall-cmd --reload
 
 # system configuration - yum mirror
-
-printf "o\nn\np\n1\n\n\nw\n" |fdisk /dev/sdb
-mkfs.xfs /dev/sdb1
-mkdir -p /var/yum
-mount /dev/sdb1 /var/yum
-
-echo 'INSTALLER: Add entry for the 2nd virtual-disk into /etc/fstab'
-cat /etc/mtab |grep sdb1 >> /etc/fstab
-
-ln -s /var/yum /var/www/html/yum
-dnf install -y policycoreutils-python-utils
-#/usr/sbin/semanage fcontext -a -t httpd_sys_content_t "/var/yum(/.*)?"
-restorecon -F -R -v /var/yum
-sudo /usr/bin/reposync --delete --newest-only --repoid ol8_baseos_latest --download-metadata --exclude='*.src,*.nosrc' -p /var/yum
-sudo /usr/bin/reposync --delete --newest-only --repoid ol8_appstream --download-metadata --exclude='*.src,*.nosrc' -p /var/yum
-sudo /usr/bin/reposync --delete --newest-only --repoid ol8_olcne16 --download-metadata --exclude='*.src,*.nosrc' -p /var/yum
-sudo /usr/bin/reposync --delete --newest-only --repoid ol8_addons --download-metadata --exclude='*.src,*.nosrc' -p /var/yum
-sudo /usr/bin/reposync --delete --newest-only --repoid ol8_UEKR6 --download-metadata --exclude='*.src,*.nosrc' -p /var/yum
-sudo /usr/bin/reposync --delete --newest-only --repoid ol8_UEKR7 --download-metadata --exclude='*.src,*.nosrc' -p /var/yum
+sudo ln -s /var/yum /var/www/html/yum
+sudo /usr/sbin/semanage fcontext -a -t httpd_sys_content_t "/var/yum(/.*)?"
+sudo restorecon -F -R -v /var/yum
 
 # add sync script for yum mirror
-echo "sudo /usr/bin/reposync --delete --newest-only --repoid ol8_baseos_latest --download-metadata --exclude='*.src,*.nosrc' -p /var/yum" > /home/vagrant/sync-yum.sh
-echo "sudo /usr/bin/reposync --delete --newest-only --repoid ol8_appstream --download-metadata --exclude='*.src,*.nosrc' -p /var/yum" >> /home/vagrant/sync-yum.sh
-echo "sudo /usr/bin/reposync --delete --newest-only --repoid ol8_olcne16 --download-metadata --exclude='*.src,*.nosrc' -p /var/yum" >> /home/vagrant/sync-yum.sh
-echo "sudo /usr/bin/reposync --delete --newest-only --repoid ol8_addons --download-metadata --exclude='*.src,*.nosrc' -p /var/yum" >> /home/vagrant/sync-yum.sh
-echo "sudo /usr/bin/reposync --delete --newest-only --repoid ol8_UEKR6 --download-metadata --exclude='*.src,*.nosrc' -p /var/yum" >> /home/vagrant/sync-yum.sh
-echo "sudo /usr/bin/reposync --delete --newest-only --repoid ol8_UEKR7 --download-metadata --exclude='*.src,*.nosrc' -p /var/yum" >> /home/vagrant/sync-yum.sh
-chown vagrant:vagrant /home/vagrant/sync-yum.sh
-chmod 755 /home/vagrant/sync-yum.sh
+cat <<EOF | tee /home/vagrant/sync-yum.sh
+/usr/bin/reposync --delete --newest-only --repoid ol8_baseos_latest --download-metadata --exclude='*.src,*.nosrc' -p /var/yum
+/usr/bin/reposync --delete --newest-only --repoid ol8_appstream --download-metadata --exclude='*.src,*.nosrc' -p /var/yum
+/usr/bin/reposync --delete --newest-only --repoid ol8_olcne16 --download-metadata --exclude='*.src,*.nosrc' -p /var/yum
+/usr/bin/reposync --delete --newest-only --repoid ol8_addons --download-metadata --exclude='*.src,*.nosrc' -p /var/yum
+/usr/bin/reposync --delete --newest-only --repoid ol8_UEKR6 --download-metadata --exclude='*.src,*.nosrc' -p /var/yum
+/usr/bin/reposync --delete --newest-only --repoid ol8_UEKR7 --download-metadata --exclude='*.src,*.nosrc' -p /var/yum
+EOF
+chmod 700 /home/vagrant/sync-yum.sh
+
+/home/vagrant/sync-yum.sh
 
 echo 'YUM MIRROR SETUP: Completed'

From 3a2c92717dbc6e779d6f1872b681b15379a12a77 Mon Sep 17 00:00:00 2001
From: Hussam Qasem <hqasem@tyeb.com>
Date: Mon, 1 May 2023 10:21:19 +0300
Subject: [PATCH 6/7] Added --remote-time

Signed-off-by: Hussam Qasem <hqasem@tyeb.com>
---
 Ocr-Yum-Mirror/scripts/yum-mirror.sh | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/Ocr-Yum-Mirror/scripts/yum-mirror.sh b/Ocr-Yum-Mirror/scripts/yum-mirror.sh
index 00b6a0ea..cf2e5f21 100644
--- a/Ocr-Yum-Mirror/scripts/yum-mirror.sh
+++ b/Ocr-Yum-Mirror/scripts/yum-mirror.sh
@@ -22,16 +22,16 @@ sudo firewall-cmd --reload
 # system configuration - yum mirror
 sudo ln -s /var/yum /var/www/html/yum
 sudo /usr/sbin/semanage fcontext -a -t httpd_sys_content_t "/var/yum(/.*)?"
-sudo restorecon -F -R -v /var/yum
+sudo restorecon -RFv /var/yum
 
 # add sync script for yum mirror
 cat <<EOF | tee /home/vagrant/sync-yum.sh
-/usr/bin/reposync --delete --newest-only --repoid ol8_baseos_latest --download-metadata --exclude='*.src,*.nosrc' -p /var/yum
-/usr/bin/reposync --delete --newest-only --repoid ol8_appstream --download-metadata --exclude='*.src,*.nosrc' -p /var/yum
-/usr/bin/reposync --delete --newest-only --repoid ol8_olcne16 --download-metadata --exclude='*.src,*.nosrc' -p /var/yum
-/usr/bin/reposync --delete --newest-only --repoid ol8_addons --download-metadata --exclude='*.src,*.nosrc' -p /var/yum
-/usr/bin/reposync --delete --newest-only --repoid ol8_UEKR6 --download-metadata --exclude='*.src,*.nosrc' -p /var/yum
-/usr/bin/reposync --delete --newest-only --repoid ol8_UEKR7 --download-metadata --exclude='*.src,*.nosrc' -p /var/yum
+/usr/bin/reposync --newest-only --delete --download-metadata --exclude='*.src,*.nosrc' -p /var/yum --remote-time --repoid ol8_baseos_latest
+/usr/bin/reposync --newest-only --delete --download-metadata --exclude='*.src,*.nosrc' -p /var/yum --remote-time --repoid ol8_appstream
+/usr/bin/reposync --newest-only --delete --download-metadata --exclude='*.src,*.nosrc' -p /var/yum --remote-time --repoid ol8_olcne16
+/usr/bin/reposync --newest-only --delete --download-metadata --exclude='*.src,*.nosrc' -p /var/yum --remote-time --repoid ol8_addons
+/usr/bin/reposync --newest-only --delete --download-metadata --exclude='*.src,*.nosrc' -p /var/yum --remote-time --repoid ol8_UEKR6
+/usr/bin/reposync --newest-only --delete --download-metadata --exclude='*.src,*.nosrc' -p /var/yum --remote-time --repoid ol8_UEKR7
 EOF
 chmod 700 /home/vagrant/sync-yum.sh
 

From bc5d0a35efccda5f0c768bc5376549b33e0d4424 Mon Sep 17 00:00:00 2001
From: Hussam Qasem <hqasem@tyeb.com>
Date: Tue, 2 May 2023 17:57:16 +0300
Subject: [PATCH 7/7] allow podman in detached mode to run beyond logout

Signed-off-by: Hussam Qasem <hqasem@tyeb.com>
---
 Ocr-Yum-Mirror/scripts/ocr-mirror.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Ocr-Yum-Mirror/scripts/ocr-mirror.sh b/Ocr-Yum-Mirror/scripts/ocr-mirror.sh
index 88f496f9..3ee7b667 100644
--- a/Ocr-Yum-Mirror/scripts/ocr-mirror.sh
+++ b/Ocr-Yum-Mirror/scripts/ocr-mirror.sh
@@ -26,7 +26,7 @@ sudo dnf install -y olcne-utils
 # sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
 
 # system configuration - ocr mirror
-openssl req -x509 -newkey rsa:4096 -keyout /vagrant/ocr-yum-mirror.key -nodes -out /vagrant/ocr-yum-mirror.crt -sha256 -subj '/CN=ocr-yum-mirror' -addext "subjectAltName = DNS:ocr-yum-mirror" -days 3650
+openssl req -x509 -newkey rsa:4096 -keyout /vagrant/ocr-yum-mirror.key -nodes -out /vagrant/ocr-yum-mirror.crt -sha256 -subj '/CN=ocr-yum-mirror' -addext "subjectAltName = DNS:ocr-yum-mirror,IP:10.0.2.2" -days 3650
 mkdir /var/yum/registry
 sudo /usr/sbin/semanage fcontext -a -t user_home_t "/var/yum/registry(/.*)?"
 mkdir /var/yum/registry/conf.d
@@ -35,6 +35,9 @@ cp /vagrant/ocr-yum-mirror.key /var/yum/registry/conf.d/
 sudo cp /vagrant/ocr-yum-mirror.crt /etc/pki/ca-trust/source/anchors/
 sudo update-ca-trust
 
+# Allow podman rootless container in detached mode to run beyond logout
+sudo loginctl enable-linger
+
 # start container-registry mirror container
 podman run -d -p 5000:5000 --name ocr-yum-mirror --restart=always \
     -v /var/yum/registry:/registry_data:Z \