| 1 | --- |
| 2 | # based on https://github.com/lxc/lxc-ci/blob/main/images/opensuse.yaml |
| 3 | image: |
| 4 | distribution: 'sles' |
| 5 | release: '15.5' |
| 6 | architecture: 'amd64' |
| 7 | variant: cloud |
| 8 | |
| 9 | environment: |
| 10 | variables: |
| 11 | - key: SLES_REGISTRATION_CODE |
| 12 | value: XXSLES_REGISTRATION_CODE_amd64XX |
| 13 | |
| 14 | # This rootfs requires some preparation |
| 15 | # 1. Download the SLES qemu-kvm minimal image |
| 16 | # 2. Use qemu-nbd to map the image to a device |
| 17 | # `qemu-nbd -c /dev/nbd0 /path/to/SLES-qemu-kvm.img` |
| 18 | # 3. Mount the principal btrfs partition on /mnt: `mount /dev/nbd0p3 /mnt` |
| 19 | # * Note: the SLES images make extensive use of btrfs subvols |
| 20 | # for /home, /opt, /root/, /srv, various direcotries inside /var, |
| 21 | # /boot/grub2/*, /usr/local/, and more. The mappings can be found |
| 22 | # in /etc/fstab. |
| 23 | # * For lxd/incus, the rootfs will be ext4; however, to prepare the |
| 24 | # initial archive many of the subvols will need to mounted. |
| 25 | # 4. Bind mount /dev/ to /mnt/dev |
| 26 | # `for i in dev proc sys ; do mount -o bind /$i /mnt/$i ; done` |
| 27 | # 5. ***Using chroot in /mnt*** mount the subvols |
| 28 | # `chroot /mnt mount -a` |
| 29 | # |
| 30 | # @TODO: Register and install more or the packages (eg., kernel) to avoid |
| 31 | # redoing the work each time an image is built from the rootfs. |
| 32 | # |
| 33 | # 6. Outside the chroot, prepare the archive file |
| 34 | # `tar -czf /path/to/rootfs.tgz -C /mnt --exclude './.snapshots/*' \ |
| 35 | # --exclude './dev/*' --exclude './proc/*' --exclude './sys/*' ./` |
| 36 | # 7. Unmount bind mounts |
| 37 | # `for i in $(findmnt -R -l -k -n -o TARGET /mnt) ; do umount $i; done; umount /mnt` |
| 38 | # 8. Disconnect the nbd device |
| 39 | # `qemu-nbd -d /dev/nbd0` |
| 40 | # |
| 41 | source: |
| 42 | downloader: rootfs-http |
| 43 | url: https://obj.internal.efficios.com/jenkins/rootfs_amd64_sles15sp5.tar.gz |
| 44 | |
| 45 | targets: |
| 46 | lxc: |
| 47 | create_message: | |
| 48 | You just created an {{ image.description }} container. |
| 49 | config: |
| 50 | - type: all |
| 51 | before: 5 |
| 52 | content: |- |
| 53 | lxc.include = LXC_TEMPLATE_CONFIG/opensuse.common.conf |
| 54 | |
| 55 | - type: user |
| 56 | before: 5 |
| 57 | content: |- |
| 58 | lxc.include = LXC_TEMPLATE_CONFIG/opensuse.userns.conf |
| 59 | |
| 60 | - type: all |
| 61 | after: 4 |
| 62 | content: |- |
| 63 | lxc.include = LXC_TEMPLATE_CONFIG/common.conf |
| 64 | |
| 65 | - type: user |
| 66 | after: 4 |
| 67 | content: |- |
| 68 | lxc.include = LXC_TEMPLATE_CONFIG/userns.conf |
| 69 | |
| 70 | - type: all |
| 71 | content: |- |
| 72 | lxc.arch = {{ image.architecture_kernel }} |
| 73 | |
| 74 | files: |
| 75 | - name: hostname |
| 76 | path: /etc/hostname |
| 77 | generator: hostname |
| 78 | |
| 79 | - name: hosts |
| 80 | path: /etc/hosts |
| 81 | generator: hosts |
| 82 | |
| 83 | - path: /etc/machine-id |
| 84 | generator: dump |
| 85 | |
| 86 | - path: /var/lib/dbus/machine-id |
| 87 | generator: remove |
| 88 | |
| 89 | - name: ifcfg-eth0 |
| 90 | path: /etc/sysconfig/network/ifcfg-eth0 |
| 91 | generator: dump |
| 92 | content: |- |
| 93 | STARTMODE='auto' |
| 94 | BOOTPROTO='dhcp' |
| 95 | |
| 96 | - name: user-data |
| 97 | generator: cloud-init |
| 98 | variants: |
| 99 | - cloud |
| 100 | |
| 101 | - name: vendor-data |
| 102 | generator: cloud-init |
| 103 | variants: |
| 104 | - cloud |
| 105 | |
| 106 | - generator: fstab |
| 107 | types: |
| 108 | - vm |
| 109 | |
| 110 | - generator: incus-agent |
| 111 | types: |
| 112 | - vm |
| 113 | |
| 114 | - path: /etc/dracut.conf.d/incus.conf |
| 115 | generator: dump |
| 116 | content: |- |
| 117 | add_drivers+=" virtio_scsi virtio_pci sd_mod " |
| 118 | types: |
| 119 | - vm |
| 120 | |
| 121 | - path: /etc/fstab |
| 122 | generator: dump |
| 123 | content: "# empty fstab to silence cloud-init warnings" |
| 124 | types: |
| 125 | - container |
| 126 | variants: |
| 127 | - cloud |
| 128 | |
| 129 | packages: |
| 130 | manager: zypper |
| 131 | update: false |
| 132 | cleanup: true |
| 133 | sets: |
| 134 | - packages: |
| 135 | - jeos-firstboot |
| 136 | - jeos-licenses |
| 137 | action: remove |
| 138 | |
| 139 | - packages: |
| 140 | - elfutils |
| 141 | - file |
| 142 | - glib2-tools |
| 143 | - gzip |
| 144 | - hostname |
| 145 | - iproute2 |
| 146 | - iputils |
| 147 | - openssh-server |
| 148 | - pigz |
| 149 | - rsync |
| 150 | - sudo |
| 151 | - which |
| 152 | - xz |
| 153 | action: install |
| 154 | |
| 155 | - packages: |
| 156 | - shim |
| 157 | action: install |
| 158 | types: |
| 159 | - vm |
| 160 | architectures: |
| 161 | - amd64 |
| 162 | |
| 163 | - packages: |
| 164 | - e2fsprogs |
| 165 | action: install |
| 166 | types: |
| 167 | - vm |
| 168 | |
| 169 | actions: |
| 170 | - trigger: post-unpack |
| 171 | action: |- |
| 172 | #!/bin/sh |
| 173 | set -eux |
| 174 | |
| 175 | systemd-machine-id-setup |
| 176 | mount -t tmpfs tmpfs /sys/firmware |
| 177 | types: |
| 178 | - vm |
| 179 | |
| 180 | - trigger: post-unpack |
| 181 | action: |- |
| 182 | #!/bin/sh |
| 183 | set -eu |
| 184 | set +x |
| 185 | suseconnect -r $SLES_REGISTRATION_CODE |
| 186 | set -x |
| 187 | |
| 188 | - trigger: post-packages |
| 189 | action: |- |
| 190 | #!/bin/sh |
| 191 | set -eux |
| 192 | # These services don't run properly in containers |
| 193 | systemctl disable chronyd.service |
| 194 | systemctl disable auditd.service |
| 195 | systemctl disable klog.service |
| 196 | types: |
| 197 | - container |
| 198 | |
| 199 | - trigger: post-packages |
| 200 | action: |- |
| 201 | #!/bin/sh |
| 202 | set -eux |
| 203 | |
| 204 | # Install cloud-init from various RPMs |
| 205 | suseconnect --product sle-module-public-cloud/15.5/x86_64 |
| 206 | zypper --non-interactive --gpg-auto-import-keys install cloud-init-config-suse cloud-init |
| 207 | |
| 208 | # Enable the cloud-init systemd service |
| 209 | systemctl enable cloud-init.service cloud-config.service cloud-final.service |
| 210 | variants: |
| 211 | - cloud |
| 212 | |
| 213 | - trigger: post-files |
| 214 | action: |- |
| 215 | #!/bin/sh |
| 216 | set -eux |
| 217 | |
| 218 | # This gets around the kernel-default installation failing |
| 219 | dracut --regenerate-all --force |
| 220 | mount -t tmpfs tmpfs /sys/firmware |
| 221 | mkdir /sys/firmware/efi |
| 222 | grub2-mkconfig -o /boot/grub2/grub.cfg |
| 223 | |
| 224 | if which shim-install; then |
| 225 | shim-install --no-nvram --removable |
| 226 | shim-install --no-nvram |
| 227 | else |
| 228 | grub2-install --no-nvram --removable |
| 229 | grub2-install --no-nvram |
| 230 | fi |
| 231 | |
| 232 | grub2-mkconfig -o /boot/grub2/grub.cfg |
| 233 | sed -i "s#root=[^ ]*#root=/dev/sda2#g" /boot/grub2/grub.cfg |
| 234 | zypper --non-interactive install kernel-default |
| 235 | |
| 236 | # If this isn't re-done, the VM won't boot |
| 237 | grub2-mkconfig -o /boot/grub2/grub.cfg |
| 238 | |
| 239 | if which shim-install; then |
| 240 | shim-install --no-nvram --removable |
| 241 | shim-install --no-nvram |
| 242 | else |
| 243 | grub2-install --no-nvram --removable |
| 244 | grub2-install --no-nvram |
| 245 | fi |
| 246 | |
| 247 | grub2-mkconfig -o /boot/grub2/grub.cfg |
| 248 | sed -i "s#root=[^ ]*#root=/dev/sda2#g" /boot/grub2/grub.cfg |
| 249 | |
| 250 | umount /sys/firmware |
| 251 | types: |
| 252 | - vm |
| 253 | |
| 254 | - trigger: post-files |
| 255 | action: |- |
| 256 | #!/bin/sh |
| 257 | set -eux |
| 258 | suseconnect -d |
| 259 | umount -l /etc/resolv.conf || true |
| 260 | rm /etc/resolv.conf |
| 261 | ln -sf /var/run/netconfig/resolv.conf /etc/resolv.conf |
| 262 | |
| 263 | - trigger: post-files |
| 264 | action: |- |
| 265 | #!/bin/sh |
| 266 | set -eux |
| 267 | |
| 268 | # Automatic disk resize |
| 269 | cat << EOF > /etc/systemd/system/incus-growpart.service |
| 270 | [Unit] |
| 271 | Description=Incus - grow root partition |
| 272 | |
| 273 | [Service] |
| 274 | Type=oneshot |
| 275 | ExecStartPre=-/usr/sbin/growpart /dev/sda 2 |
| 276 | ExecStart=/usr/sbin/resize2fs /dev/sda2 |
| 277 | |
| 278 | [Install] |
| 279 | WantedBy=default.target |
| 280 | EOF |
| 281 | systemctl enable incus-growpart |
| 282 | types: |
| 283 | - vm |
| 284 | |
| 285 | - trigger: post-files |
| 286 | action: |- |
| 287 | #!/bin/sh |
| 288 | set -eux |
| 289 | |
| 290 | # By default, sles systems don't check authorized_keys2, |
| 291 | # renable it. |
| 292 | sed -E -i 's/^AuthorizedKeysFile[\t ]+.ssh\/authorized_keys$/AuthorizedKeysFile .ssh\/authorized_keys .ssh\/authorized_keys2/g' /etc/ssh/sshd_config |