| 1 | --- |
| 2 | # based on https://github.com/lxc/lxc-ci/blob/main/images/opensuse.yaml |
| 3 | image: |
| 4 | distribution: 'sles' |
| 5 | release: '12.5' |
| 6 | architecture: 'x86_64' |
| 7 | variant: cloud |
| 8 | |
| 9 | environment: |
| 10 | variables: |
| 11 | - key: SLES_REGISTRATION_CODE |
| 12 | value: XXSLES_REGISTRATION_CODE_amd64XX |
| 13 | |
| 14 | # This rootfs requires some preparation |
| 15 | # 1. Download the SLES qemu-kvm minimal image |
| 16 | # 2. Use qemu-nbd to map the image to a device |
| 17 | # `qemu-nbd -c /dev/nbd0 /path/to/SLES-qemu-kvm.img` |
| 18 | # 3. Mount the principal btrfs partition on /mnt |
| 19 | # * Note: the SLES images make extensive use of btrfs subvols |
| 20 | # for /home, /opt, /root/, /srv, various direcotries inside /var, |
| 21 | # /boot/grub2/*, /usr/local/, and more. The mappings can be found |
| 22 | # in /etc/fstab. |
| 23 | # * For lxd/incus, the rootfs will be ext4; however, to prepare the |
| 24 | # initial archive many of the subvols will need to mounted. |
| 25 | # 4. Bind mount /dev/ to /mnt/dev |
| 26 | # `for i in dev proc sys ; do mount -o bind /$i /mnt/$i ; done` |
| 27 | # 5. ***Using chroot in /mnt*** mount the subvols |
| 28 | # `chroot /mnt mount -a` |
| 29 | # |
| 30 | # @TODO: Register and install more or the packages (eg., kernel) to avoid |
| 31 | # redoing the work each time an image is built from the rootfs. |
| 32 | # |
| 33 | # 6. Outside the chroot, prepare the archive file |
| 34 | # `tar -czf /path/to/rootfs.tgz -C /mnt --exclude './.snapshots/*' \ |
| 35 | # --exclude './dev/*' --exclude './proc/*' --exclude './sys/*' ./` |
| 36 | # 7. Unmount bind mounts |
| 37 | # `for i in $(findmnt -R -l -k -n -o TARGET /mnt) ; do umount $i; done; umount /mnt` |
| 38 | # 8. Disconnect the nbd device |
| 39 | # `qemu-nbd -d /dev/nbd0` |
| 40 | # |
| 41 | source: |
| 42 | downloader: rootfs-http |
| 43 | url: https://obj.internal.efficios.com/jenkins/rootfs_amd64_sles12sp5.tar.gz |
| 44 | |
| 45 | targets: |
| 46 | lxc: |
| 47 | create_message: | |
| 48 | You just created an {{ image.description }} container. |
| 49 | config: |
| 50 | - type: all |
| 51 | before: 5 |
| 52 | content: |- |
| 53 | lxc.include = LXC_TEMPLATE_CONFIG/opensuse.common.conf |
| 54 | |
| 55 | - type: user |
| 56 | before: 5 |
| 57 | content: |- |
| 58 | lxc.include = LXC_TEMPLATE_CONFIG/opensuse.userns.conf |
| 59 | |
| 60 | - type: all |
| 61 | after: 4 |
| 62 | content: |- |
| 63 | lxc.include = LXC_TEMPLATE_CONFIG/common.conf |
| 64 | |
| 65 | - type: user |
| 66 | after: 4 |
| 67 | content: |- |
| 68 | lxc.include = LXC_TEMPLATE_CONFIG/userns.conf |
| 69 | |
| 70 | - type: all |
| 71 | content: |- |
| 72 | lxc.arch = {{ image.architecture_kernel }} |
| 73 | |
| 74 | files: |
| 75 | - name: hostname |
| 76 | path: /etc/hostname |
| 77 | generator: hostname |
| 78 | |
| 79 | - name: hosts |
| 80 | path: /etc/hosts |
| 81 | generator: hosts |
| 82 | |
| 83 | - path: /etc/machine-id |
| 84 | generator: dump |
| 85 | |
| 86 | - path: /var/lib/dbus/machine-id |
| 87 | generator: remove |
| 88 | |
| 89 | - name: ifcfg-eth0 |
| 90 | path: /etc/sysconfig/network/ifcfg-eth0 |
| 91 | generator: dump |
| 92 | content: |- |
| 93 | STARTMODE='auto' |
| 94 | BOOTPROTO='dhcp' |
| 95 | |
| 96 | - name: user-data |
| 97 | generator: cloud-init |
| 98 | variants: |
| 99 | - cloud |
| 100 | |
| 101 | - name: vendor-data |
| 102 | generator: cloud-init |
| 103 | variants: |
| 104 | - cloud |
| 105 | |
| 106 | - generator: fstab |
| 107 | types: |
| 108 | - vm |
| 109 | |
| 110 | - generator: incus-agent |
| 111 | types: |
| 112 | - vm |
| 113 | |
| 114 | - path: /etc/dracut.conf.d/incus.conf |
| 115 | generator: dump |
| 116 | content: |- |
| 117 | add_drivers+=" virtio_scsi virtio_pci sd_mod " |
| 118 | types: |
| 119 | - vm |
| 120 | |
| 121 | - path: /etc/fstab |
| 122 | generator: dump |
| 123 | content: "# empty fstab to silence cloud-init warnings" |
| 124 | types: |
| 125 | - container |
| 126 | variants: |
| 127 | - cloud |
| 128 | |
| 129 | packages: |
| 130 | manager: zypper |
| 131 | update: false |
| 132 | cleanup: false |
| 133 | sets: |
| 134 | - packages: |
| 135 | - jeos-firstboot |
| 136 | - jeos-licenses |
| 137 | action: remove |
| 138 | |
| 139 | actions: |
| 140 | - trigger: post-unpack |
| 141 | action: |- |
| 142 | #!/bin/sh |
| 143 | set -eux |
| 144 | |
| 145 | systemd-machine-id-setup |
| 146 | mount -t tmpfs tmpfs /sys/firmware |
| 147 | types: |
| 148 | - vm |
| 149 | |
| 150 | - trigger: post-unpack |
| 151 | action: |- |
| 152 | #!/bin/sh |
| 153 | set -eu |
| 154 | set +x |
| 155 | SUSEConnect -r $SLES_REGISTRATION_CODE |
| 156 | set -x |
| 157 | |
| 158 | - trigger: post-packages |
| 159 | action: |- |
| 160 | #!/bin/sh |
| 161 | # Fails during the packages step due to not supporting `--allow-downgrades` |
| 162 | zypper --non-interactive --gpg-auto-import-keys install elfutils \ |
| 163 | glib2-tools gzip iproute2 iputils openssh pigz rsync sudo which xz |
| 164 | |
| 165 | - trigger: post-packages |
| 166 | action: |- |
| 167 | #!/bin/sh |
| 168 | # Fails during the packages step due to not supporting `--allow-downgrades` |
| 169 | zypper --non-interactive --gpg-auto-import-keys install shim |
| 170 | types: |
| 171 | - vm |
| 172 | architectures: |
| 173 | - amd64 |
| 174 | |
| 175 | - trigger: post-packages |
| 176 | action: |- |
| 177 | #!/bin/sh |
| 178 | # Fails during the packages step due to not supporting `--allow-downgrades` |
| 179 | zypper --non-interactive --gpg-auto-import-keys install e2fsprogs |
| 180 | types: |
| 181 | - vm |
| 182 | |
| 183 | - trigger: post-packages |
| 184 | action: |- |
| 185 | #!/bin/sh |
| 186 | set -eux |
| 187 | |
| 188 | # Install cloud-init from a separate product |
| 189 | SUSEConnect --product sle-module-public-cloud/12/x86_64 |
| 190 | zypper --non-interactive --gpg-auto-import-keys install cloud-init-config-suse cloud-init |
| 191 | |
| 192 | # Enable the cloud-init systemd service |
| 193 | systemctl enable cloud-init.service cloud-config.service cloud-final.service |
| 194 | variants: |
| 195 | - cloud |
| 196 | |
| 197 | - trigger: post-files |
| 198 | action: |- |
| 199 | #!/bin/sh |
| 200 | set -eux |
| 201 | |
| 202 | for mod in virtio_scsi virtio_pci sd_mod ; do |
| 203 | echo "install $mod /bin/true" >> /etc/modprobe.d/99-local.conf |
| 204 | done |
| 205 | |
| 206 | # This gets around the kernel-default installation failing |
| 207 | dracut --regenerate-all --force |
| 208 | mount -t tmpfs tmpfs /sys/firmware |
| 209 | mkdir /sys/firmware/efi |
| 210 | grub2-mkconfig -o /boot/grub2/grub.cfg |
| 211 | |
| 212 | if which shim-install; then |
| 213 | shim-install --no-nvram --removable |
| 214 | shim-install --no-nvram |
| 215 | else |
| 216 | grub2-install --no-nvram --removable |
| 217 | grub2-install --no-nvram |
| 218 | fi |
| 219 | |
| 220 | grub2-mkconfig -o /boot/grub2/grub.cfg |
| 221 | sed -i "s#root=[^ ]*#root=/dev/sda2#g" /boot/grub2/grub.cfg |
| 222 | zypper --non-interactive install kernel-default |
| 223 | |
| 224 | # If this isn't re-done, the VM won't boot |
| 225 | dracut --regenerate-all --force --add-drivers 'virtio_scsi virtio_pci sd_mod' |
| 226 | grub2-mkconfig -o /boot/grub2/grub.cfg |
| 227 | |
| 228 | if which shim-install; then |
| 229 | shim-install --no-nvram --removable |
| 230 | shim-install --no-nvram |
| 231 | else |
| 232 | grub2-install --no-nvram --removable |
| 233 | grub2-install --no-nvram |
| 234 | fi |
| 235 | |
| 236 | grub2-mkconfig -o /boot/grub2/grub.cfg |
| 237 | sed -i "s#root=[^ ]*#root=/dev/sda2#g" /boot/grub2/grub.cfg |
| 238 | |
| 239 | umount /sys/firmware |
| 240 | types: |
| 241 | - vm |
| 242 | |
| 243 | - trigger: post-files |
| 244 | action: |- |
| 245 | #!/bin/sh |
| 246 | set -eux |
| 247 | SUSEConnect -d |
| 248 | umount -l /etc/resolv.conf || true |
| 249 | rm /etc/resolv.conf |
| 250 | ln -sf /var/run/netconfig/resolv.conf /etc/resolv.conf |
| 251 | |
| 252 | - trigger: post-files |
| 253 | action: |- |
| 254 | #!/bin/sh |
| 255 | set -eux |
| 256 | |
| 257 | # Automatic disk resize |
| 258 | cat << EOF > /etc/systemd/system/incus-growpart.service |
| 259 | [Unit] |
| 260 | Description=Incus - grow root partition |
| 261 | |
| 262 | [Service] |
| 263 | Type=oneshot |
| 264 | ExecStartPre=-/usr/sbin/growpart /dev/sda 2 |
| 265 | ExecStart=/usr/sbin/resize2fs /dev/sda2 |
| 266 | |
| 267 | [Install] |
| 268 | WantedBy=default.target |
| 269 | EOF |
| 270 | systemctl enable incus-growpart |
| 271 | types: |
| 272 | - vm |
| 273 | |
| 274 | - trigger: post-files |
| 275 | action: |- |
| 276 | #!/bin/sh |
| 277 | set -eux |
| 278 | |
| 279 | # By default, sles systems don't check authorized_keys2, |
| 280 | # renable it. |
| 281 | sed -E -i 's/^AuthorizedKeysFile[\t ]+.ssh\/authorized_keys$/AuthorizedKeysFile .ssh\/authorized_keys .ssh\/authorized_keys2/g' /etc/ssh/sshd_config |