2 # based on https://github.com/lxc/lxc-ci/blob/main/images/opensuse.yaml
11 - key: SLES_REGISTRATION_CODE
12 value: XXSLES_REGISTRATION_CODE_amd64XX
14 # This rootfs requires some preparation
15 # 1. Download the SLES qemu-kvm minimal image
16 # 2. Use qemu-nbd to map the image to a device
17 # `qemu-nbd -c /dev/nbd0 /path/to/SLES-qemu-kvm.img`
18 # 3. Mount the principal btrfs partition on /mnt
19 # * Note: the SLES images make extensive use of btrfs subvols
20 # for /home, /opt, /root/, /srv, various direcotries inside /var,
21 # /boot/grub2/*, /usr/local/, and more. The mappings can be found
23 # * For lxd/incus, the rootfs will be ext4; however, to prepare the
24 # initial archive many of the subvols will need to mounted.
25 # 4. Bind mount /dev/ to /mnt/dev
26 # `for i in dev proc sys ; do mount -o bind /$i /mnt/$i ; done`
27 # 5. ***Using chroot in /mnt*** mount the subvols
28 # `chroot /mnt mount -a`
30 # @TODO: Register and install more or the packages (eg., kernel) to avoid
31 # redoing the work each time an image is built from the rootfs.
33 # 6. Outside the chroot, prepare the archive file
34 # `tar -czf /path/to/rootfs.tgz -C /mnt --exclude './.snapshots/*' \
35 # --exclude './dev/*' --exclude './proc/*' --exclude './sys/*' ./`
36 # 7. Unmount bind mounts
37 # `for i in $(findmnt -R -l -k -n -o TARGET /mnt) ; do umount $i; done; umount /mnt`
38 # 8. Disconnect the nbd device
39 # `qemu-nbd -d /dev/nbd0`
42 downloader: rootfs-http
43 url: https://obj.internal.efficios.com/jenkins/rootfs_amd64_sles15sp4.tar.gz
48 You just created an {{ image.description }} container.
53 lxc.include = LXC_TEMPLATE_CONFIG/opensuse.common.conf
58 lxc.include = LXC_TEMPLATE_CONFIG/opensuse.userns.conf
63 lxc.include = LXC_TEMPLATE_CONFIG/common.conf
68 lxc.include = LXC_TEMPLATE_CONFIG/userns.conf
72 lxc.arch = {{ image.architecture_kernel }}
83 - path: /etc/machine-id
86 - path: /var/lib/dbus/machine-id
90 path: /etc/sysconfig/network/ifcfg-eth0
102 generator: cloud-init
110 - generator: incus-agent
114 - path: /etc/dracut.conf.d/incus.conf
117 add_drivers+=" virtio_scsi virtio_pci sd_mod "
123 content: "# empty fstab to silence cloud-init warnings"
170 - trigger: post-unpack
175 systemd-machine-id-setup
176 mount -t tmpfs tmpfs /sys/firmware
180 - trigger: post-unpack
185 suseconnect -r $SLES_REGISTRATION_CODE
188 - trigger: post-packages
192 # These services don't run properly in containers
193 systemctl disable chronyd.service
194 systemctl disable auditd.service
195 systemctl disable klog.service
199 - trigger: post-packages
204 # Install cloud-init from various RPMs
205 suseconnect --product sle-module-public-cloud/15.4/x86_64
206 zypper --non-interactive --gpg-auto-import-keys install cloud-init-config-suse cloud-init
208 # Enable the cloud-init systemd service
209 systemctl enable cloud-init.service cloud-config.service cloud-final.service
213 - trigger: post-files
218 # This gets around the kernel-default installation failing
219 dracut --regenerate-all --force
220 mount -t tmpfs tmpfs /sys/firmware
221 mkdir /sys/firmware/efi
222 grub2-mkconfig -o /boot/grub2/grub.cfg
224 if which shim-install; then
225 shim-install --no-nvram --removable
226 shim-install --no-nvram
228 grub2-install --no-nvram --removable
229 grub2-install --no-nvram
232 grub2-mkconfig -o /boot/grub2/grub.cfg
233 sed -i "s#root=[^ ]*#root=/dev/sda2#g" /boot/grub2/grub.cfg
234 zypper --non-interactive install kernel-default
236 # If this isn't re-done, the VM won't boot
237 grub2-mkconfig -o /boot/grub2/grub.cfg
239 if which shim-install; then
240 shim-install --no-nvram --removable
241 shim-install --no-nvram
243 grub2-install --no-nvram --removable
244 grub2-install --no-nvram
247 grub2-mkconfig -o /boot/grub2/grub.cfg
248 sed -i "s#root=[^ ]*#root=/dev/sda2#g" /boot/grub2/grub.cfg
254 - trigger: post-files
259 umount -l /etc/resolv.conf || true
261 ln -sf /var/run/netconfig/resolv.conf /etc/resolv.conf
263 - trigger: post-files
268 # Automatic disk resize
269 cat << EOF > /etc/systemd/system/incus-growpart.service
271 Description=Incus - grow root partition
275 ExecStartPre=-/usr/sbin/growpart /dev/sda 2
276 ExecStart=/usr/sbin/resize2fs /dev/sda2
279 WantedBy=default.target
281 systemctl enable incus-growpart
285 - trigger: post-files
290 # By default, sles systems don't check authorized_keys2,
292 sed -E -i 's/^AuthorizedKeysFile[\t ]+.ssh\/authorized_keys$/AuthorizedKeysFile .ssh\/authorized_keys .ssh\/authorized_keys2/g' /etc/ssh/sshd_config