Commit | Line | Data |
---|---|---|
a2e5135c KS |
1 | --- |
2 | # based on https://github.com/lxc/lxc-ci/blob/main/images/opensuse.yaml | |
3 | image: | |
4 | distribution: 'sles' | |
5 | release: '12.5' | |
6 | architecture: 'x86_64' | |
7 | variant: cloud | |
8 | ||
9 | environment: | |
10 | variables: | |
11 | - key: SLES_REGISTRATION_CODE | |
12 | value: XXSLES_REGISTRATION_CODE_amd64XX | |
13 | ||
14 | # This rootfs requires some preparation | |
15 | # 1. Download the SLES qemu-kvm minimal image | |
16 | # 2. Use qemu-nbd to map the image to a device | |
17 | # `qemu-nbd -c /dev/nbd0 /path/to/SLES-qemu-kvm.img` | |
18 | # 3. Mount the principal btrfs partition on /mnt | |
19 | # * Note: the SLES images make extensive use of btrfs subvols | |
20 | # for /home, /opt, /root/, /srv, various direcotries inside /var, | |
21 | # /boot/grub2/*, /usr/local/, and more. The mappings can be found | |
22 | # in /etc/fstab. | |
23 | # * For lxd/incus, the rootfs will be ext4; however, to prepare the | |
24 | # initial archive many of the subvols will need to mounted. | |
25 | # 4. Bind mount /dev/ to /mnt/dev | |
26 | # `for i in dev proc sys ; do mount -o bind /$i /mnt/$i ; done` | |
27 | # 5. ***Using chroot in /mnt*** mount the subvols | |
28 | # `chroot /mnt mount -a` | |
29 | # | |
30 | # @TODO: Register and install more or the packages (eg., kernel) to avoid | |
31 | # redoing the work each time an image is built from the rootfs. | |
32 | # | |
33 | # 6. Outside the chroot, prepare the archive file | |
34 | # `tar -czf /path/to/rootfs.tgz -C /mnt --exclude './.snapshots/*' \ | |
35 | # --exclude './dev/*' --exclude './proc/*' --exclude './sys/*' ./` | |
36 | # 7. Unmount bind mounts | |
37 | # `for i in $(findmnt -R -l -k -n -o TARGET /mnt) ; do umount $i; done; umount /mnt` | |
38 | # 8. Disconnect the nbd device | |
39 | # `qemu-nbd -d /dev/nbd0` | |
40 | # | |
41 | source: | |
42 | downloader: rootfs-http | |
43 | url: https://obj.internal.efficios.com/jenkins/rootfs_amd64_sles12sp5.tar.gz | |
44 | ||
45 | targets: | |
46 | lxc: | |
47 | create_message: | | |
48 | You just created an {{ image.description }} container. | |
49 | config: | |
50 | - type: all | |
51 | before: 5 | |
52 | content: |- | |
53 | lxc.include = LXC_TEMPLATE_CONFIG/opensuse.common.conf | |
54 | ||
55 | - type: user | |
56 | before: 5 | |
57 | content: |- | |
58 | lxc.include = LXC_TEMPLATE_CONFIG/opensuse.userns.conf | |
59 | ||
60 | - type: all | |
61 | after: 4 | |
62 | content: |- | |
63 | lxc.include = LXC_TEMPLATE_CONFIG/common.conf | |
64 | ||
65 | - type: user | |
66 | after: 4 | |
67 | content: |- | |
68 | lxc.include = LXC_TEMPLATE_CONFIG/userns.conf | |
69 | ||
70 | - type: all | |
71 | content: |- | |
72 | lxc.arch = {{ image.architecture_kernel }} | |
73 | ||
74 | files: | |
75 | - name: hostname | |
76 | path: /etc/hostname | |
77 | generator: hostname | |
78 | ||
79 | - name: hosts | |
80 | path: /etc/hosts | |
81 | generator: hosts | |
82 | ||
83 | - path: /etc/machine-id | |
84 | generator: dump | |
85 | ||
86 | - path: /var/lib/dbus/machine-id | |
87 | generator: remove | |
88 | ||
89 | - name: ifcfg-eth0 | |
90 | path: /etc/sysconfig/network/ifcfg-eth0 | |
91 | generator: dump | |
92 | content: |- | |
93 | STARTMODE='auto' | |
94 | BOOTPROTO='dhcp' | |
95 | ||
96 | - name: user-data | |
97 | generator: cloud-init | |
98 | variants: | |
99 | - cloud | |
100 | ||
101 | - name: vendor-data | |
102 | generator: cloud-init | |
103 | variants: | |
104 | - cloud | |
105 | ||
106 | - generator: fstab | |
107 | types: | |
108 | - vm | |
109 | ||
110 | - generator: incus-agent | |
111 | types: | |
112 | - vm | |
113 | ||
114 | - path: /etc/dracut.conf.d/incus.conf | |
115 | generator: dump | |
116 | content: |- | |
117 | add_drivers+=" virtio_scsi virtio_pci sd_mod " | |
118 | types: | |
119 | - vm | |
120 | ||
121 | - path: /etc/fstab | |
122 | generator: dump | |
123 | content: "# empty fstab to silence cloud-init warnings" | |
124 | types: | |
125 | - container | |
126 | variants: | |
127 | - cloud | |
128 | ||
129 | packages: | |
130 | manager: zypper | |
131 | update: false | |
132 | cleanup: false | |
133 | sets: | |
134 | - packages: | |
135 | - jeos-firstboot | |
136 | - jeos-licenses | |
137 | action: remove | |
138 | ||
139 | actions: | |
140 | - trigger: post-unpack | |
141 | action: |- | |
142 | #!/bin/sh | |
143 | set -eux | |
144 | ||
145 | systemd-machine-id-setup | |
146 | mount -t tmpfs tmpfs /sys/firmware | |
147 | types: | |
148 | - vm | |
149 | ||
150 | - trigger: post-unpack | |
151 | action: |- | |
152 | #!/bin/sh | |
153 | set -eu | |
154 | set +x | |
155 | SUSEConnect -r $SLES_REGISTRATION_CODE | |
156 | set -x | |
157 | ||
158 | - trigger: post-packages | |
159 | action: |- | |
160 | #!/bin/sh | |
161 | # Fails during the packages step due to not supporting `--allow-downgrades` | |
162 | zypper --non-interactive --gpg-auto-import-keys install elfutils \ | |
163 | glib2-tools gzip iproute2 iputils openssh pigz rsync sudo which xz | |
164 | ||
165 | - trigger: post-packages | |
166 | action: |- | |
167 | #!/bin/sh | |
168 | # Fails during the packages step due to not supporting `--allow-downgrades` | |
169 | zypper --non-interactive --gpg-auto-import-keys install shim | |
170 | types: | |
171 | - vm | |
172 | architectures: | |
173 | - amd64 | |
174 | ||
175 | - trigger: post-packages | |
176 | action: |- | |
177 | #!/bin/sh | |
178 | # Fails during the packages step due to not supporting `--allow-downgrades` | |
179 | zypper --non-interactive --gpg-auto-import-keys install e2fsprogs | |
180 | types: | |
181 | - vm | |
182 | ||
183 | - trigger: post-packages | |
184 | action: |- | |
185 | #!/bin/sh | |
186 | set -eux | |
187 | ||
188 | # Install cloud-init from a separate product | |
189 | SUSEConnect --product sle-module-public-cloud/12/x86_64 | |
190 | zypper --non-interactive --gpg-auto-import-keys install cloud-init-config-suse cloud-init | |
191 | ||
192 | # Enable the cloud-init systemd service | |
193 | systemctl enable cloud-init.service cloud-config.service cloud-final.service | |
194 | variants: | |
195 | - cloud | |
196 | ||
197 | - trigger: post-files | |
198 | action: |- | |
199 | #!/bin/sh | |
200 | set -eux | |
201 | ||
202 | for mod in virtio_scsi virtio_pci sd_mod ; do | |
203 | echo "install $mod /bin/true" >> /etc/modprobe.d/99-local.conf | |
204 | done | |
205 | ||
206 | # This gets around the kernel-default installation failing | |
207 | dracut --regenerate-all --force | |
208 | mount -t tmpfs tmpfs /sys/firmware | |
209 | mkdir /sys/firmware/efi | |
210 | grub2-mkconfig -o /boot/grub2/grub.cfg | |
211 | ||
212 | if which shim-install; then | |
213 | shim-install --no-nvram --removable | |
214 | shim-install --no-nvram | |
215 | else | |
216 | grub2-install --no-nvram --removable | |
217 | grub2-install --no-nvram | |
218 | fi | |
219 | ||
220 | grub2-mkconfig -o /boot/grub2/grub.cfg | |
221 | sed -i "s#root=[^ ]*#root=/dev/sda2#g" /boot/grub2/grub.cfg | |
222 | zypper --non-interactive install kernel-default | |
223 | ||
224 | # If this isn't re-done, the VM won't boot | |
225 | dracut --regenerate-all --force --add-drivers 'virtio_scsi virtio_pci sd_mod' | |
226 | grub2-mkconfig -o /boot/grub2/grub.cfg | |
227 | ||
228 | if which shim-install; then | |
229 | shim-install --no-nvram --removable | |
230 | shim-install --no-nvram | |
231 | else | |
232 | grub2-install --no-nvram --removable | |
233 | grub2-install --no-nvram | |
234 | fi | |
235 | ||
236 | grub2-mkconfig -o /boot/grub2/grub.cfg | |
237 | sed -i "s#root=[^ ]*#root=/dev/sda2#g" /boot/grub2/grub.cfg | |
238 | ||
239 | umount /sys/firmware | |
240 | types: | |
241 | - vm | |
242 | ||
243 | - trigger: post-files | |
244 | action: |- | |
245 | #!/bin/sh | |
246 | set -eux | |
247 | SUSEConnect -d | |
248 | umount -l /etc/resolv.conf || true | |
249 | rm /etc/resolv.conf | |
250 | ln -sf /var/run/netconfig/resolv.conf /etc/resolv.conf | |
251 | ||
252 | - trigger: post-files | |
253 | action: |- | |
254 | #!/bin/sh | |
255 | set -eux | |
256 | ||
257 | # Automatic disk resize | |
258 | cat << EOF > /etc/systemd/system/incus-growpart.service | |
259 | [Unit] | |
260 | Description=Incus - grow root partition | |
261 | ||
262 | [Service] | |
263 | Type=oneshot | |
264 | ExecStartPre=-/usr/sbin/growpart /dev/sda 2 | |
265 | ExecStart=/usr/sbin/resize2fs /dev/sda2 | |
266 | ||
267 | [Install] | |
268 | WantedBy=default.target | |
269 | EOF | |
270 | systemctl enable incus-growpart | |
271 | types: | |
272 | - vm | |
273 | ||
274 | - trigger: post-files | |
275 | action: |- | |
276 | #!/bin/sh | |
277 | set -eux | |
278 | ||
279 | # By default, sles systems don't check authorized_keys2, | |
280 | # renable it. | |
281 | sed -E -i 's/^AuthorizedKeysFile[\t ]+.ssh\/authorized_keys$/AuthorizedKeysFile .ssh\/authorized_keys .ssh\/authorized_keys2/g' /etc/ssh/sshd_config |