OpenCHAMI Quadlet Deployment (Release RPM)

This repository provides an RPM package for deploying OpenCHAMI services as Podman Quadlets. It is one of several valid deployment methods and is the companion to the OpenCHAMI Tutorial.

Note: OpenCHAMI is a collection of independently released microservices. This repository packages a tested combination of those microservices into a single RPM for convenience in quadlet-based deployments. It is not the official "release" of OpenCHAMI, as no single release exists—each microservice is released independently.

For a standardized way to deploy OpenCHAMI, follow the OpenCHAMI Tutorial, which uses this RPM to set up a functional cluster.

Building Locally

Requirements:

• rpmdevtools
• make

Generate openchami-<version>-1.noarch.rpm in this repo:

make

Increase the release version (openchami-<version>-2.noarch.rpm):

make RELEASE=2

Clean built RPMs in repo directory:

make clean

Automated RPM Signing

The GitHub release workflow signs built RPMs with the repository signing subkey stored in the GPG_SUBKEY_B64 repository secret. The workflow also exports the matching ASCII-armored public key as a release asset so downstream consumers can verify the published RPM signature.

OpenCHAMI Deployment Methods

OpenCHAMI is flexible and can be deployed in multiple ways. Here are the recommended options:

Method	Description	Recommended For
Tutorial	Step-by-step guide using Podman Quadlets	New users, learning OpenCHAMI
This RPM	Unified RPM for quadlet-based deployments	Red Hat-based systems, production use
kube-deploy	Helm charts for Kubernetes	Kubernetes users
openchami-operator	Kubernetes operator	Advanced Kubernetes orchestration
integration-sandbox	Testing environment	Development and testing
deployment-recipes	Organization-specific patterns	Legacy or custom deployments (not recommended for new users)

We recommend starting with the Tutorial before exploring other methods.

Feature Map

• Redfish-based automatic node discovery with firmware updates
• Inventory-driven DHCP
• Inventory-driven DNS
• Ansible Inventory Provider
• Post-Boot configuration through customizable cloud-init
• Customizable API-driven iPXE scripts
• OIDC and JWT-based authentication/authorization with short-lived, narrowly scoped tokens
• Podman Quadlet deployment with SystemD integration
• Docker Compose deployment option
• Kubernetes deployment option
• Optional Image Builder for RHEL-based Operating Systems
• OS Agnostic Boot Chain
• Persistent State for cloud-init services
• Backup and Recovery Process
• Sysadmin documentation and runbooks
• Standardized Logging
• Secure Machine Identity

Latest Microservice Releases

Repository	Release	Container	Attestations
OpenCHAMI/BSS		ghcr.io/openchami/bss	Attestations
OpenCHAMI/SMD		ghcr.io/openchami/smd	Attestations
OpenCHAMI/cloud-init		ghcr.io/openchami/cloud-init	Attestations
OpenCHAMI/coresmd		ghcr.io/openchami/coresmd	Attestations
OpenCHAMI/magellan		ghcr.io/openchami/magellan	Attestations
OpenCHAMI/image-builder		ghcr.io/openchami/image-builder	Attestations