Commit | Line | Data |
---|---|---|
a2e5135c KS |
1 | --- |
2 | # based on https://github.com/lxc/lxc-ci/blob/main/images/opensuse.yaml | |
3 | image: | |
4 | distribution: 'sles' | |
5 | release: '15.4' | |
6 | architecture: 'amd64' | |
7 | variant: cloud | |
8 | ||
9 | environment: | |
10 | variables: | |
11 | - key: SLES_REGISTRATION_CODE | |
12 | value: XXSLES_REGISTRATION_CODE_amd64XX | |
13 | ||
14 | # This rootfs requires some preparation | |
15 | # 1. Download the SLES qemu-kvm minimal image | |
16 | # 2. Use qemu-nbd to map the image to a device | |
17 | # `qemu-nbd -c /dev/nbd0 /path/to/SLES-qemu-kvm.img` | |
18 | # 3. Mount the principal btrfs partition on /mnt | |
19 | # * Note: the SLES images make extensive use of btrfs subvols | |
20 | # for /home, /opt, /root/, /srv, various direcotries inside /var, | |
21 | # /boot/grub2/*, /usr/local/, and more. The mappings can be found | |
22 | # in /etc/fstab. | |
23 | # * For lxd/incus, the rootfs will be ext4; however, to prepare the | |
24 | # initial archive many of the subvols will need to mounted. | |
25 | # 4. Bind mount /dev/ to /mnt/dev | |
26 | # `for i in dev proc sys ; do mount -o bind /$i /mnt/$i ; done` | |
27 | # 5. ***Using chroot in /mnt*** mount the subvols | |
28 | # `chroot /mnt mount -a` | |
29 | # | |
30 | # @TODO: Register and install more or the packages (eg., kernel) to avoid | |
31 | # redoing the work each time an image is built from the rootfs. | |
32 | # | |
33 | # 6. Outside the chroot, prepare the archive file | |
34 | # `tar -czf /path/to/rootfs.tgz -C /mnt --exclude './.snapshots/*' \ | |
35 | # --exclude './dev/*' --exclude './proc/*' --exclude './sys/*' ./` | |
36 | # 7. Unmount bind mounts | |
37 | # `for i in $(findmnt -R -l -k -n -o TARGET /mnt) ; do umount $i; done; umount /mnt` | |
38 | # 8. Disconnect the nbd device | |
39 | # `qemu-nbd -d /dev/nbd0` | |
40 | # | |
41 | source: | |
42 | downloader: rootfs-http | |
43 | url: https://obj.internal.efficios.com/jenkins/rootfs_amd64_sles15sp4.tar.gz | |
44 | ||
45 | targets: | |
46 | lxc: | |
47 | create_message: | | |
48 | You just created an {{ image.description }} container. | |
49 | config: | |
50 | - type: all | |
51 | before: 5 | |
52 | content: |- | |
53 | lxc.include = LXC_TEMPLATE_CONFIG/opensuse.common.conf | |
54 | ||
55 | - type: user | |
56 | before: 5 | |
57 | content: |- | |
58 | lxc.include = LXC_TEMPLATE_CONFIG/opensuse.userns.conf | |
59 | ||
60 | - type: all | |
61 | after: 4 | |
62 | content: |- | |
63 | lxc.include = LXC_TEMPLATE_CONFIG/common.conf | |
64 | ||
65 | - type: user | |
66 | after: 4 | |
67 | content: |- | |
68 | lxc.include = LXC_TEMPLATE_CONFIG/userns.conf | |
69 | ||
70 | - type: all | |
71 | content: |- | |
72 | lxc.arch = {{ image.architecture_kernel }} | |
73 | ||
74 | files: | |
75 | - name: hostname | |
76 | path: /etc/hostname | |
77 | generator: hostname | |
78 | ||
79 | - name: hosts | |
80 | path: /etc/hosts | |
81 | generator: hosts | |
82 | ||
83 | - path: /etc/machine-id | |
84 | generator: dump | |
85 | ||
86 | - path: /var/lib/dbus/machine-id | |
87 | generator: remove | |
88 | ||
89 | - name: ifcfg-eth0 | |
90 | path: /etc/sysconfig/network/ifcfg-eth0 | |
91 | generator: dump | |
92 | content: |- | |
93 | STARTMODE='auto' | |
94 | BOOTPROTO='dhcp' | |
95 | ||
96 | - name: user-data | |
97 | generator: cloud-init | |
98 | variants: | |
99 | - cloud | |
100 | ||
101 | - name: vendor-data | |
102 | generator: cloud-init | |
103 | variants: | |
104 | - cloud | |
105 | ||
106 | - generator: fstab | |
107 | types: | |
108 | - vm | |
109 | ||
110 | - generator: incus-agent | |
111 | types: | |
112 | - vm | |
113 | ||
114 | - path: /etc/dracut.conf.d/incus.conf | |
115 | generator: dump | |
116 | content: |- | |
117 | add_drivers+=" virtio_scsi virtio_pci sd_mod " | |
118 | types: | |
119 | - vm | |
120 | ||
121 | - path: /etc/fstab | |
122 | generator: dump | |
123 | content: "# empty fstab to silence cloud-init warnings" | |
124 | types: | |
125 | - container | |
126 | variants: | |
127 | - cloud | |
128 | ||
129 | packages: | |
130 | manager: zypper | |
131 | update: false | |
132 | cleanup: true | |
133 | sets: | |
134 | - packages: | |
135 | - jeos-firstboot | |
136 | - jeos-licenses | |
137 | action: remove | |
138 | ||
139 | - packages: | |
140 | - elfutils | |
141 | - file | |
142 | - glib2-tools | |
143 | - gzip | |
144 | - hostname | |
145 | - iproute2 | |
146 | - iputils | |
147 | - openssh-server | |
148 | - pigz | |
149 | - rsync | |
150 | - sudo | |
151 | - which | |
152 | - xz | |
153 | action: install | |
154 | ||
155 | - packages: | |
156 | - shim | |
157 | action: install | |
158 | types: | |
159 | - vm | |
160 | architectures: | |
161 | - amd64 | |
162 | ||
163 | - packages: | |
164 | - e2fsprogs | |
165 | action: install | |
166 | types: | |
167 | - vm | |
168 | ||
169 | actions: | |
170 | - trigger: post-unpack | |
171 | action: |- | |
172 | #!/bin/sh | |
173 | set -eux | |
174 | ||
175 | systemd-machine-id-setup | |
176 | mount -t tmpfs tmpfs /sys/firmware | |
177 | types: | |
178 | - vm | |
179 | ||
180 | - trigger: post-unpack | |
181 | action: |- | |
182 | #!/bin/sh | |
183 | set -eu | |
184 | set +x | |
185 | suseconnect -r $SLES_REGISTRATION_CODE | |
186 | set -x | |
187 | ||
188 | - trigger: post-packages | |
189 | action: |- | |
190 | #!/bin/sh | |
191 | set -eux | |
192 | # These services don't run properly in containers | |
193 | systemctl disable chronyd.service | |
194 | systemctl disable auditd.service | |
195 | systemctl disable klog.service | |
196 | types: | |
197 | - container | |
198 | ||
199 | - trigger: post-packages | |
200 | action: |- | |
201 | #!/bin/sh | |
202 | set -eux | |
203 | ||
204 | # Install cloud-init from various RPMs | |
205 | suseconnect --product sle-module-public-cloud/15.4/x86_64 | |
206 | zypper --non-interactive --gpg-auto-import-keys install cloud-init-config-suse cloud-init | |
207 | ||
208 | # Enable the cloud-init systemd service | |
209 | systemctl enable cloud-init.service cloud-config.service cloud-final.service | |
210 | variants: | |
211 | - cloud | |
212 | ||
213 | - trigger: post-files | |
214 | action: |- | |
215 | #!/bin/sh | |
216 | set -eux | |
217 | ||
218 | # This gets around the kernel-default installation failing | |
219 | dracut --regenerate-all --force | |
220 | mount -t tmpfs tmpfs /sys/firmware | |
221 | mkdir /sys/firmware/efi | |
222 | grub2-mkconfig -o /boot/grub2/grub.cfg | |
223 | ||
224 | if which shim-install; then | |
225 | shim-install --no-nvram --removable | |
226 | shim-install --no-nvram | |
227 | else | |
228 | grub2-install --no-nvram --removable | |
229 | grub2-install --no-nvram | |
230 | fi | |
231 | ||
232 | grub2-mkconfig -o /boot/grub2/grub.cfg | |
233 | sed -i "s#root=[^ ]*#root=/dev/sda2#g" /boot/grub2/grub.cfg | |
234 | zypper --non-interactive install kernel-default | |
235 | ||
236 | # If this isn't re-done, the VM won't boot | |
237 | grub2-mkconfig -o /boot/grub2/grub.cfg | |
238 | ||
239 | if which shim-install; then | |
240 | shim-install --no-nvram --removable | |
241 | shim-install --no-nvram | |
242 | else | |
243 | grub2-install --no-nvram --removable | |
244 | grub2-install --no-nvram | |
245 | fi | |
246 | ||
247 | grub2-mkconfig -o /boot/grub2/grub.cfg | |
248 | sed -i "s#root=[^ ]*#root=/dev/sda2#g" /boot/grub2/grub.cfg | |
249 | ||
250 | umount /sys/firmware | |
251 | types: | |
252 | - vm | |
253 | ||
254 | - trigger: post-files | |
255 | action: |- | |
256 | #!/bin/sh | |
257 | set -eux | |
258 | suseconnect -d | |
259 | umount -l /etc/resolv.conf || true | |
260 | rm /etc/resolv.conf | |
261 | ln -sf /var/run/netconfig/resolv.conf /etc/resolv.conf | |
262 | ||
263 | - trigger: post-files | |
264 | action: |- | |
265 | #!/bin/sh | |
266 | set -eux | |
267 | ||
268 | # Automatic disk resize | |
269 | cat << EOF > /etc/systemd/system/incus-growpart.service | |
270 | [Unit] | |
271 | Description=Incus - grow root partition | |
272 | ||
273 | [Service] | |
274 | Type=oneshot | |
275 | ExecStartPre=-/usr/sbin/growpart /dev/sda 2 | |
276 | ExecStart=/usr/sbin/resize2fs /dev/sda2 | |
277 | ||
278 | [Install] | |
279 | WantedBy=default.target | |
280 | EOF | |
281 | systemctl enable incus-growpart | |
282 | types: | |
283 | - vm | |
284 | ||
285 | - trigger: post-files | |
286 | action: |- | |
287 | #!/bin/sh | |
288 | set -eux | |
289 | ||
290 | # By default, sles systems don't check authorized_keys2, | |
291 | # renable it. | |
292 | sed -E -i 's/^AuthorizedKeysFile[\t ]+.ssh\/authorized_keys$/AuthorizedKeysFile .ssh\/authorized_keys .ssh\/authorized_keys2/g' /etc/ssh/sshd_config |