airship/images
Code Issues Proposed changes

Merge "image-builder refactor"

Browse Source
This commit is contained in:
Zuul 2021-02-17 20:20:51 +00:00 committed by Gerrit Code Review
commit d2039c609c
36 changed files with 464 additions and 412 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.zuul.yaml
View File

@ -43,7 +43,8 @@
- job: - job:
name: airship-images-build name: airship-images-build
nodeset: airship-images-single-node nodeset: airship-images-single-node
timeout: 3600 timeout: 7200
post-timeout: 7200
pre-run: playbooks/airship-images-deploy-docker.yaml pre-run: playbooks/airship-images-deploy-docker.yaml
run: playbooks/airship-images-build.yaml run: playbooks/airship-images-build.yaml
post-run: playbooks/airship-collect-logs.yaml post-run: playbooks/airship-collect-logs.yaml
@ -74,7 +75,7 @@
name: airship-images-single-node name: airship-images-single-node
nodes: nodes:
- name: primary - name: primary
label: ubuntu-bionic label: ubuntu-bionic-32GB
- secret: - secret:
name: images_airshipit_github_secret name: images_airshipit_github_secret

108
image-builder/Dockerfile.ubuntu_focal
View File

@ -10,92 +10,21 @@ LABEL org.opencontainers.image.authors='airship-discuss@lists.airshipit.org, irc
SHELL ["bash", "-exc"] SHELL ["bash", "-exc"]
ENV DEBIAN_FRONTEND noninteractive ENV DEBIAN_FRONTEND noninteractive
# Update distro and install ansible
RUN apt-get update ;\
apt-get dist-upgrade -y ;\
apt-get install -y --no-install-recommends \
python3-minimal \
python3-pip \
python3-apt \
python3-setuptools ;\
pip3 install --upgrade wheel ;\
pip3 install --upgrade ansible ;\
rm -rf /var/lib/apt/lists/*
FROM base-image as rootfs-builder
# install requirements for building chroot
RUN apt-get update ;\ RUN apt-get update ;\
apt-get install -y --no-install-recommends \ apt-get install -y --no-install-recommends \
ca-certificates \
multistrap \ multistrap \
equivs \ equivs \
curl \
ca-certificates \
build-essential \ build-essential \
gnupg2 \ gnupg2 \
dosfstools;\
rm -rf /var/lib/apt/lists/*
COPY assets/playbooks/inventory.yaml /opt/assets/playbooks/inventory.yaml
COPY assets/playbooks/base-chroot.yaml /opt/assets/playbooks/base-chroot.yaml
COPY assets/playbooks/roles/multistrap /opt/assets/playbooks/roles/multistrap
RUN ansible-playbook -i /opt/assets/playbooks/inventory.yaml /opt/assets/playbooks/base-chroot.yaml
COPY assets/playbooks/base-osconfig.yaml /opt/assets/playbooks/base-osconfig.yaml
COPY assets/playbooks/roles/osconfig /opt/assets/playbooks/roles/osconfig
RUN ansible-playbook -i /opt/assets/playbooks/inventory.yaml /opt/assets/playbooks/base-osconfig.yaml --tags "pre_install"
FROM base-image as squashfs-builder
ENV root_chroot /mnt/rootfs
ENV root_image /mnt/image
ENV boot_src="/opt/grub"
RUN apt-get update ;\
apt-get install -y --no-install-recommends \
dosfstools \
mtools \
squashfs-tools \
grub-common \
grub2-common \
grub-pc-bin \
grub-efi-amd64-signed;\
rm -rf /var/lib/apt/lists/*
COPY --from=rootfs-builder ${root_chroot} ${root_chroot}
COPY assets/playbooks/inventory.yaml /opt/assets/playbooks/inventory.yaml
COPY assets/playbooks/base-livecdcontent.yaml /opt/assets/playbooks/base-livecdcontent.yaml
COPY assets/playbooks/roles/livecdcontent /opt/assets/playbooks/roles/livecdcontent
RUN ansible-playbook -i /opt/assets/playbooks/inventory.yaml /opt/assets/playbooks/base-livecdcontent.yaml
FROM base-image as image-builder
ENV boot_src="/opt/grub"
ENV root_image /mnt/image
RUN apt-get update ;\
apt-get install -y --no-install-recommends \
xorriso \ xorriso \
grub-pc-bin \
python3-minimal \ python3-minimal \
python3-yaml ;\ python3-yaml \
rm -rf /var/lib/apt/lists/* python3-pip \
python3-setuptools \
COPY --from=squashfs-builder ${root_image} ${root_image} python3-apt \
grub-pc-bin \
COPY assets/playbooks/inventory.yaml /opt/assets/playbooks/inventory.yaml
COPY assets/playbooks/iso.yaml /opt/assets/playbooks/iso.yaml
COPY assets/playbooks/roles/iso /opt/assets/playbooks/roles/iso
RUN apt-get update ;\
apt-get install -y --no-install-recommends \
coreutils \ coreutils \
curl \ curl \
qemu-utils \ qemu-utils \
@ -107,19 +36,30 @@ RUN apt-get update ;\
vim \ vim \
kmod \ kmod \
efivar \ efivar \
rsync \
dosfstools ;\ dosfstools ;\
pip3 install --upgrade pip ;\
pip3 install --upgrade wheel ;\
pip3 install --upgrade ansible ;\
rm -rf /var/lib/apt/lists/* rm -rf /var/lib/apt/lists/*
COPY assets/playbooks/base-osconfig.yaml /opt/assets/playbooks/base-osconfig.yaml
COPY assets/playbooks/roles/osconfig /opt/assets/playbooks/roles/osconfig
COPY assets/playbooks/qcow.yaml /opt/assets/playbooks/qcow.yaml
COPY assets/playbooks/roles/qcow /opt/assets/playbooks/roles/qcow
RUN curl -L https://github.com/mikefarah/yq/releases/download/2.4.0/yq_linux_amd64 -o /bin/yq \ RUN curl -L https://github.com/mikefarah/yq/releases/download/2.4.0/yq_linux_amd64 -o /bin/yq \
&& chmod +x /bin/yq && chmod +x /bin/yq
COPY assets/playbooks/inventory.yaml /opt/assets/playbooks/inventory.yaml
COPY assets/playbooks/base-chroot.yaml /opt/assets/playbooks/base-chroot.yaml
COPY assets/playbooks/roles/multistrap /opt/assets/playbooks/roles/multistrap
COPY assets/playbooks/base-osconfig.yaml /opt/assets/playbooks/base-osconfig.yaml
COPY assets/playbooks/roles/osconfig /opt/assets/playbooks/roles/osconfig
COPY assets/playbooks/base-livecdcontent.yaml /opt/assets/playbooks/base-livecdcontent.yaml
COPY assets/playbooks/roles/livecdcontent /opt/assets/playbooks/roles/livecdcontent
COPY assets/playbooks/iso.yaml /opt/assets/playbooks/iso.yaml
COPY assets/playbooks/roles/iso /opt/assets/playbooks/roles/iso
COPY assets/playbooks/qcow.yaml /opt/assets/playbooks/qcow.yaml
COPY assets/playbooks/roles/qcow /opt/assets/playbooks/roles/qcow
COPY assets/playbooks/build /build
COPY assets/*.sh /usr/bin/local/ COPY assets/*.sh /usr/bin/local/
COPY assets/*.json /usr/bin/local/ COPY assets/*.json /usr/bin/local/
CMD /usr/bin/local/entrypoint.sh CMD /usr/bin/local/entrypoint.sh

32
image-builder/Makefile
View File

@ -24,11 +24,10 @@ PUSH_IMAGE ?= false
DISTRO ?= ubuntu_focal DISTRO ?= ubuntu_focal
IMAGE ?= ${DOCKER_REGISTRY}/${IMAGE_PREFIX}/${IMAGE_NAME}:${IMAGE_TAG}-${DISTRO} IMAGE ?= ${DOCKER_REGISTRY}/${IMAGE_PREFIX}/${IMAGE_NAME}:${IMAGE_TAG}-${DISTRO}
IMAGE_ALIAS ?= $(DOCKER_REGISTRY)-$(IMAGE_NAME)-$(IMAGE_TAG)-${DISTRO}-${IMAGE_TYPE} IMAGE_ALIAS ?= $(DOCKER_REGISTRY)-$(IMAGE_NAME)-$(IMAGE_TAG)-${DISTRO}-${IMAGE_TYPE}
UEFI_BOOT ?= true
PROXY ?= PROXY ?=
NO_PROXY ?= localhost,127.0.0.1 NO_PROXY ?= localhost,127.0.0.1
.PHONY: help build images install_prereqs cut_image run .PHONY: help build images cut_image run clean
.ONESHELL: .ONESHELL:
@ -38,17 +37,6 @@ help: ## This help.
# Make target name that zuul expects for each project in this repo # Make target name that zuul expects for each project in this repo
images: build images: build
install_prereqs:
ifneq ($(PROXY), )
export http_proxy=$(PROXY)
export https_proxy=$(PROXY)
export no_proxy=$(NO_PROXY)
export HTTP_PROXY=$(PROXY)
export HTTPS_PROXY=$(PROXY)
export NO_PROXY=$(NO_PROXY)
endif
sudo -E tools/install_prereqs.$(DISTRO)
build: build:
ifneq ($(PROXY), ) ifneq ($(PROXY), )
sudo -E ./tools/docker_proxy.sh $(PROXY) $(NO_PROXY) sudo -E ./tools/docker_proxy.sh $(PROXY) $(NO_PROXY)
@ -58,7 +46,8 @@ ifneq ($(PROXY), )
export HTTP_PROXY=$(PROXY) export HTTP_PROXY=$(PROXY)
export HTTPS_PROXY=$(PROXY) export HTTPS_PROXY=$(PROXY)
export NO_PROXY=$(NO_PROXY) export NO_PROXY=$(NO_PROXY)
sudo -E docker build --tag $(IMAGE) -f Dockerfile.$(DISTRO) . \ sudo -E ./tools/multistrap.sh
sudo -E docker -D -l debug build --tag $(IMAGE) -f Dockerfile.$(DISTRO) . \
--label $(LABEL) \ --label $(LABEL) \
--label "org.opencontainers.image.revision=$(COMMIT)" \ --label "org.opencontainers.image.revision=$(COMMIT)" \
--label "org.opencontainers.image.created=\ --label "org.opencontainers.image.created=\
@ -69,22 +58,21 @@ ifneq ($(PROXY), )
--build-arg HTTP_PROXY=$(PROXY) \ --build-arg HTTP_PROXY=$(PROXY) \
--build-arg HTTPS_PROXY=$(PROXY) \ --build-arg HTTPS_PROXY=$(PROXY) \
--build-arg no_proxy=$(NO_PROXY) \ --build-arg no_proxy=$(NO_PROXY) \
--build-arg NO_PROXY=$(NO_PROXY) \ --build-arg NO_PROXY=$(NO_PROXY) || exit 1
--build-arg UEFI_BOOT=$(UEFI_BOOT) || exit 1
else else
sudo -E docker build --tag $(IMAGE) -f Dockerfile.$(DISTRO) . \ sudo -E ./tools/multistrap.sh
sudo -E docker -D -l debug build --tag $(IMAGE) -f Dockerfile.$(DISTRO) . \
--label $(LABEL) \ --label $(LABEL) \
--label "org.opencontainers.image.revision=$(COMMIT)" \ --label "org.opencontainers.image.revision=$(COMMIT)" \
--label "org.opencontainers.image.created=\ --label "org.opencontainers.image.created=\
$(shell date --rfc-3339=seconds --utc)" \ $(shell date --rfc-3339=seconds --utc)" \
--label "org.opencontainers.image.title=$(IMAGE_NAME)" \ --label "org.opencontainers.image.title=$(IMAGE_NAME)" || exit 1
--build-arg UEFI_BOOT=$(UEFI_BOOT) || exit 1
endif endif
ifeq ($(PUSH_IMAGE), true) ifeq ($(PUSH_IMAGE), true)
sudo -E docker push $(IMAGE) sudo -E docker push $(IMAGE)
endif endif
cut_image: install_prereqs cut_image:
ifneq ($(PROXY), ) ifneq ($(PROXY), )
sudo -E ./tools/docker_proxy.sh $(PROXY) $(NO_PROXY) sudo -E ./tools/docker_proxy.sh $(PROXY) $(NO_PROXY)
export http_proxy=$(PROXY) export http_proxy=$(PROXY)
@ -94,7 +82,7 @@ ifneq ($(PROXY), )
export HTTPS_PROXY=$(PROXY) export HTTPS_PROXY=$(PROXY)
export NO_PROXY=$(NO_PROXY) export NO_PROXY=$(NO_PROXY)
endif endif
sudo -E tools/cut_image.sh $(IMAGE_TYPE) ./examples $(IMAGE) $(IMAGE_ALIAS) "$(UEFI_BOOT)" "$(PROXY)" "$(NO_PROXY)" sudo -E tools/cut_image.sh $(IMAGE_TYPE) ./examples $(IMAGE) $(IMAGE_ALIAS) "$(PROXY)" "$(NO_PROXY)"
run: ## Run the iso in kvm for testing run: ## Run the iso in kvm for testing
virsh start $(IMAGE_ALIAS) virsh start $(IMAGE_ALIAS)
@ -102,3 +90,5 @@ run: ## Run the iso in kvm for testing
tests: tests:
true true
clean:
sudo -E tools/multistrap.sh clean

19
image-builder/assets/entrypoint.sh
View File

@ -13,12 +13,6 @@ cd "$BASEDIR"
BASEDIR="$(dirname "$(realpath "$0")")" BASEDIR="$(dirname "$(realpath "$0")")"
source "${BASEDIR}/functions.sh" source "${BASEDIR}/functions.sh"
: "${uefi_boot:=}"
if [[ -n $uefi_boot ]]; then
extra_vars="uefi=$uefi_boot"
fi
export http_proxy export http_proxy
export https_proxy export https_proxy
export HTTP_PROXY export HTTP_PROXY
@ -26,6 +20,10 @@ export HTTPS_PROXY
export no_proxy export no_proxy
export NO_PROXY export NO_PROXY
if [ ! -e build ]; then
ln -s /chroot build
fi
# Instruct ansible to output the image artifact to the container's host mount # Instruct ansible to output the image artifact to the container's host mount
extra_vars="$extra_vars img_output_dir=${VOLUME}" extra_vars="$extra_vars img_output_dir=${VOLUME}"
@ -37,7 +35,7 @@ if [[ "${IMAGE_TYPE}" == "iso" ]]; then
extra_vars="$extra_vars img_name=${IMG_NAME}" extra_vars="$extra_vars img_name=${IMG_NAME}"
echo "Executing Step 1" echo "Executing Step 1"
ansible-playbook -i /opt/assets/playbooks/inventory.yaml /opt/assets/playbooks/iso.yaml --extra-vars "$extra_vars" -vvvv ansible-playbook -i /opt/assets/playbooks/inventory.yaml /opt/assets/playbooks/iso.yaml --extra-vars "$extra_vars" -vv
elif [[ "${IMAGE_TYPE}" == "qcow" ]]; then elif [[ "${IMAGE_TYPE}" == "qcow" ]]; then
_process_input_data_set_vars_qcow _process_input_data_set_vars_qcow
_process_input_data_set_vars_osconfig _process_input_data_set_vars_osconfig
@ -46,13 +44,14 @@ elif [[ "${IMAGE_TYPE}" == "qcow" ]]; then
extra_vars="$extra_vars img_name=${IMG_NAME}" extra_vars="$extra_vars img_name=${IMG_NAME}"
echo "Executing Step 1: Create qcow2 partitions and filesystems" echo "Executing Step 1: Create qcow2 partitions and filesystems"
ansible-playbook -i /opt/assets/playbooks/inventory.yaml /opt/assets/playbooks/qcow.yaml --extra-vars "$extra_vars" --tags "prep_img" -vvvv ansible-playbook -i /opt/assets/playbooks/inventory.yaml /opt/assets/playbooks/qcow.yaml --extra-vars "$extra_vars" --tags "prep_img" -vv
echo "Executing Step 2: Applying changes from base-osconfig playbook" echo "Executing Step 2: Applying changes from base-osconfig playbook"
ansible-playbook -i /opt/assets/playbooks/inventory.yaml /opt/assets/playbooks/base-osconfig.yaml --extra-vars "$extra_vars" -vvvv ansible-playbook -i /opt/assets/playbooks/inventory.yaml /opt/assets/playbooks/base-osconfig.yaml --extra-vars "$extra_vars" --tags "runtime_and_buildtime" -vv
ansible-playbook -i /opt/assets/playbooks/inventory.yaml /opt/assets/playbooks/base-osconfig.yaml --extra-vars "$extra_vars" --tags "runtime_only" -vv
echo "Executing Step 3: Close image and write qcow2" echo "Executing Step 3: Close image and write qcow2"
ansible-playbook -i /opt/assets/playbooks/inventory.yaml /opt/assets/playbooks/qcow.yaml --extra-vars "$extra_vars" --tags "close_img" -vvvv ansible-playbook -i /opt/assets/playbooks/inventory.yaml /opt/assets/playbooks/qcow.yaml --extra-vars "$extra_vars" --tags "close_img" -vv
else else
echo "\${IMAGE_TYPE} value '${IMAGE_TYPE}' does not match an expected value: [ 'iso', 'qcow' ]" echo "\${IMAGE_TYPE} value '${IMAGE_TYPE}' does not match an expected value: [ 'iso', 'qcow' ]"
exit 1 exit 1

2
image-builder/assets/playbooks/base-osconfig.yaml
View File

@ -1,5 +1,5 @@
--- ---
- hosts: /mnt/rootfs - hosts: build
gather_facts: false gather_facts: false
roles: roles:
- osconfig - osconfig

2
image-builder/assets/playbooks/inventory.yaml
View File

@ -5,6 +5,6 @@ all:
ansible_python_interpreter: /usr/bin/python3 ansible_python_interpreter: /usr/bin/python3
chroots: chroots:
hosts: hosts:
/mnt/rootfs: build:
ansible_connection: chroot ansible_connection: chroot
ansible_python_interpreter: /usr/bin/python3 ansible_python_interpreter: /usr/bin/python3

2
image-builder/assets/playbooks/roles/iso/defaults/main.yaml
View File

@ -1,6 +1,6 @@
img_output_dir: /config img_output_dir: /config
img_name: ephemeral.iso img_name: ephemeral.iso
root_image: /mnt/image root_image: /build
meta_data_file: /config/meta_data.json meta_data_file: /config/meta_data.json
user_data_file: /config/user_data user_data_file: /config/user_data

25
image-builder/assets/playbooks/roles/iso/tasks/iso.yaml
View File

@ -1,3 +1,28 @@
- name: "ISO | Reduce image size"
file:
state: absent
path: "{{ root_image }}/lib"
- name: "ISO | Reduce image size"
file:
state: absent
path: "{{ root_image }}/usr"
- name: "ISO | Reduce image size"
file:
state: absent
path: "{{ root_image }}/bin"
- name: "ISO | Reduce image size"
file:
state: absent
path: "{{ root_image }}/sbin"
- name: "ISO | Reduce image size"
file:
state: absent
path: "{{ root_image }}/var"
- name: "ISO | Reduce image size"
file:
state: absent
path: "{{ root_image }}/opt"
- name: "ISO | Ensure any old iso image at target location is removed" - name: "ISO | Ensure any old iso image at target location is removed"
file: file:
state: absent state: absent

5
image-builder/assets/playbooks/roles/livecdcontent/defaults/main.yaml
View File

@ -1,3 +1,2 @@
root_chroot: /mnt/rootfs root_chroot: build
root_image: /mnt/image root_image: build
boot_src: /opt/grub

26
image-builder/assets/playbooks/roles/livecdcontent/tasks/livecd.yaml
View File

@ -1,29 +1,7 @@
- name: ansible copy file locally - vmlinuz.
copy:
src: "{{ item }}"
dest: "{{ root_image }}/vmlinuz"
remote_src: yes
with_fileglob: "{{ root_chroot }}/boot/vmlinuz-*"
- name: ansible copy file locally - initrd.
copy:
src: "{{ item }}"
dest: "{{ root_image }}/initrd"
remote_src: yes
with_fileglob: "{{ root_chroot }}/boot/initrd.img-*"
- name: ansible copy file locally - config.
copy:
src: "{{ item }}"
dest: "{{ root_image }}/config"
remote_src: yes
with_fileglob: "{{ root_chroot }}/boot/config-*"
- name: "Stamp out a marker file for grub to use when identifying the desired boot volume" - name: "Stamp out a marker file for grub to use when identifying the desired boot volume"
copy: copy:
#TODO: populate this with meaningful content
content: "{{ ansible_date_time.date }}" content: "{{ ansible_date_time.date }}"
dest: "{{ root_image }}/AIRSHIP_EPHEMERAL" dest: "{{ root_image }}/AIRSHIP"
- name: "create directory for boot image assembly" - name: "create directory for boot image assembly"
tempfile: tempfile:
@ -77,4 +55,4 @@
shell: shell:
cmd: | cmd: |
cat /usr/lib/grub/i386-pc/cdboot.img {{ bootimg_builddir.path }}/core.img > {{ root_image }}/boot/grub/bios.img cat /usr/lib/grub/i386-pc/cdboot.img {{ bootimg_builddir.path }}/core.img > {{ root_image }}/boot/grub/bios.img
cp {{ bootimg_builddir.path }}/efiboot.img {{ root_image }}/boot/grub/ cp {{ bootimg_builddir.path }}/efiboot.img {{ root_image }}/boot/grub/efiboot.img

5
image-builder/assets/playbooks/roles/livecdcontent/tasks/squashfs.yaml
View File

@ -4,6 +4,11 @@
state: directory state: directory
mode: '0755' mode: '0755'
- name: "ensure no previous squashfs file"
file:
path: "{{ root_image }}/live/filesystem.squashfs"
state: absent
- name: "Building squashfs" - name: "Building squashfs"
shell: shell:
cmd: | cmd: |

6
image-builder/assets/playbooks/roles/livecdcontent/templates/grub-livecd.cfg.j2
View File

@ -1,4 +1,4 @@
search --set=root --file /AIRSHIP_EPHEMERAL search --set=root --file /AIRSHIP
insmod all_video insmod all_video
@ -6,6 +6,6 @@ set default="0"
set timeout=1 set timeout=1
menuentry "Airship Ephemeral" { menuentry "Airship Ephemeral" {
linux /vmlinuz boot=live quiet nomodeset overlay-size=70% systemd.unified_cgroup_hierarchy=0 ds=ConfigDrive linux /boot/vmlinuz boot=live quiet nomodeset overlay-size=70% systemd.unified_cgroup_hierarchy=0 ds=ConfigDrive
initrd /initrd initrd /boot/initrd.img
} }

19
image-builder/assets/playbooks/roles/multistrap/defaults/main.yaml
View File

@ -1,7 +1,10 @@
rootfs_root: /mnt/rootfs rootfs_root: build
rootfs_arch: amd64 rootfs_arch: amd64
k8s_version: 1.18.6-00 k8s_version: 1.18.6-00
kernel_base_pkg: linux-image-generic
kernel_headers_pkg: linux-headers-generic
ubuntu_packages: ubuntu_packages:
- apparmor
- apt-file - apt-file
- apt-utils - apt-utils
- apt-transport-https - apt-transport-https
@ -13,15 +16,19 @@ ubuntu_packages:
- cloud-init - cloud-init
- conntrack - conntrack
- curl - curl
- dbus
- dnsutils - dnsutils
- dosfstools - dosfstools
- e2fsprogs - e2fsprogs
- ebtables - ebtables
- efivar
- ethtool - ethtool
- file - file
- gawk
- gettext-base - gettext-base
- gnupg2 - gnupg2
#- grub2 # cannot install until after boot partition is available - grub2
- grub-efi-amd64-signed
- ifenslave - ifenslave
- isc-dhcp-client - isc-dhcp-client
- iproute2 - iproute2
@ -30,14 +37,19 @@ ubuntu_packages:
- iputils-ping - iputils-ping
- iputils-tracepath - iputils-tracepath
- ipvsadm - ipvsadm
- kdump-tools
- "{{ kernel_base_pkg }}"
- "{{ kernel_headers_pkg }}"
- kmod
- less - less
- linux-image-generic # this will be reinstalled later when the boot partition is available
- live-boot - live-boot
- locales - locales
- locales-all - locales-all
- logrotate
- lsb-release - lsb-release
- lsof - lsof
- man-db - man-db
- mawk
- mbr - mbr
- netplan.io - netplan.io
- net-tools - net-tools
@ -46,6 +58,7 @@ ubuntu_packages:
- passwd - passwd
- python3 - python3
- python3-apt - python3-apt
- rsyslog
- socat - socat
- systemd - systemd
- systemd-sysv - systemd-sysv

42
image-builder/assets/playbooks/roles/multistrap/tasks/main.yaml
View File

@ -35,30 +35,36 @@
include_tasks: apt-key-install.yaml include_tasks: apt-key-install.yaml
loop: "{{ repos }}" loop: "{{ repos }}"
- name: "ensuring directory {{ rootfs_root }}/dev exists for chroot" # kdump-tools does not install properly in multistrap environment. This fix allows kdump-tools
file: # installation to succeed.
path: "{{ rootfs_root }}/dev" - name: "kdump-tools fix - create directory"
state: directory
mode: '0755'
- name: "Setting up devices for chroot"
shell: | shell: |
mknod "{{ rootfs_root }}/dev/random" c 1 8 set -e
chmod 640 "{{ rootfs_root }}/dev/random" mkdir -p "{{ rootfs_root }}/etc/kernel/postinst.d"
chown 0:0 "{{ rootfs_root }}/dev/random" - name: "kdump-tools fix - deploy build script"
mknod "{{ rootfs_root }}/dev/urandom" c 1 9 template:
chmod 640 "{{ rootfs_root }}/dev/urandom" src: kdump-tools.j2
chown 0:0 "{{ rootfs_root }}/dev/urandom" dest: "{{ rootfs_root }}/etc/kernel/postinst.d/kdump-tools"
mknod "{{ rootfs_root }}/dev/null" c 1 3 mode: '0755'
chmod 666 "{{ rootfs_root }}/dev/null" # kdump-tools deb package will overwrite script without write protection enabled
chown 0:0 "{{ rootfs_root }}/dev/null" - name: "kdump-tools fix - lock build script"
shell: |
set -e
chattr +i "{{ rootfs_root }}/etc/kernel/postinst.d/kdump-tools"
- name: "Running multistrap" - name: "Running multistrap"
shell: shell:
cmd: "multistrap -f {{ multistrap_tempdir.path }}/multistrap.conf" cmd: "multistrap -f {{ multistrap_tempdir.path }}/multistrap.conf"
#- name: "create grub.cfg"
# shell:
# cmd: |
# chroot {{ rootfs_root }} update-grub
- name: "Lock sources.list to prevent conflict and duplicates with multistrap repo list" - name: "Lock sources.list to prevent conflict and duplicates with multistrap repo list"
shell: | shell: |
set -e set -e
if [ -f {{ rootfs_root }}/etc/apt/sources.list ]; then rm {{ rootfs_root }}/etc/apt/sources.list; fi if [ -f {{ rootfs_root }}/etc/apt/sources.list ] && [ ! -h {{ rootfs_root }}/etc/apt/sources.list ]; then
ln -s /dev/null {{ rootfs_root }}/etc/apt/sources.list rm {{ rootfs_root }}/etc/apt/sources.list
ln -s /dev/null {{ rootfs_root }}/etc/apt/sources.list
fi

75
image-builder/assets/playbooks/roles/multistrap/templates/kdump-tools.j2 Executable file
View File

@ -0,0 +1,75 @@
#!/bin/sh -e
version="$1"
kdumpdir="/var/lib/kdump"
[ -x /usr/sbin/mkinitramfs ] || exit 0
# passing the kernel version is required
if [ -z "${version}" ]; then
echo >&2 "W: kdump-tools: ${DPKG_MAINTSCRIPT_PACKAGE:-kdump-tools package} did not pass a version number"
exit 2
fi
if ! linux-version list | grep "${version}" > /dev/null ; then
exit 0
fi
# exit if kernel does not need an initramfs
if [ "$INITRD" = 'No' ]; then
exit 0
fi
# avoid running multiple times
if [ -n "$DEB_MAINT_PARAMS" ]; then
eval set -- "$DEB_MAINT_PARAMS"
if [ -z "$1" ] || [ "$1" != "configure" ]; then
exit 0
fi
fi
# We need a modified copy of initramfs-tools directory
# with MODULES=dep in initramfs.conf
if [ ! -d "$kdumpdir" ];then
mkdir "$kdumpdir" || true
fi
# Force re-creation of $kdumpdir/initramfs-tools
# in case the source has changed since last time
# we ran
if [ -d "$kdumpdir/initramfs-tools" ];then
rm -Rf $kdumpdir/initramfs-tools || true
fi
cp -pr /etc/initramfs-tools "$kdumpdir" || true
initramfsdir="$kdumpdir/initramfs-tools"
# Add scsi_dh_* modules if in use otherwise
# kexec reboot on multipath will fail
# (LP: #1635597)
for I in $(lsmod | grep scsi_dh | cut -d" " -f1);do
echo "${I}" >> $initramfsdir/modules
done
# canderson: This line needs to be commented out for kdump-tools to install with multistrap
#sed -e 's/MODULES=.*/MODULES=dep/' /etc/initramfs-tools/initramfs.conf > "$initramfsdir/initramfs.conf" || true
if ! [ -e "$initramfsdir/initramfs.conf" ];then
echo >&2 "W: kdump-tools: Unable to create $initramfsdir/initramfs.conf"
exit 2
fi
# Cleaning up existing initramfs with same version
# as mkinitramfs do not have a force option
if [ -e "$kdumpdir/initrd.img-${version}" ];then
rm -f "$kdumpdir/initrd.img-${version}" || true
fi
# we're good - create initramfs.
echo "kdump-tools: Generating $kdumpdir/initrd.img-${version}"
if mkinitramfs -d "$initramfsdir" -o "$kdumpdir/initrd.img-${version}.new" "${version}";then
mv "$kdumpdir/initrd.img-${version}.new" "$kdumpdir/initrd.img-${version}"
else
mkinitramfs_return="$?"
rm -f "${initramfs}.new"
echo "update-initramfs: failed for ${initramfs} with $mkinitramfs_return." >&2
exit $mkinitramfs_return
fi

36
image-builder/assets/playbooks/roles/osconfig/defaults/main.yaml
View File

@ -1,11 +1,6 @@
rootfs_root: /mnt/rootfs rootfs_root: build
cni_version: v0.8.2
k8s_version: v1.18.6
kernel: kernel:
base_pkg: linux-image-generic
headers_pkg: linux-headers-generic
modules: modules:
load: load:
- name: 8021q - name: 8021q
@ -136,26 +131,19 @@ systemd:
# Use only if you are intenting to overwrite an existing systemd unit # Use only if you are intenting to overwrite an existing systemd unit
force: no force: no
# Note: You are encouraged to build your own image-builder container, where your desired # If any custom shell scripts are needed for qcow building for image building,
# package list can be supplied to multistrap during the container build. However, this # they can be added here.
# option will allow you to layer additional packages (installed during container runtime, buildtime_user_scripts:
# instead of during the container build) where a customized container build is not possible
# or not desired.
# This is also needed for a specific subset of packages that fail to install successfully
# with multistrap (e.g., kdump-tools).
post_install_package_list:
- kdump-tools
- apparmor
- dbus
- rsyslog
- logrotate
# If any other custom shell scripts are needed for bare-metal provisioning, they can be
# added here.
post_install_scripts:
- file_content: | - file_content: |
#!/bin/bash #!/bin/bash
echo "custom post-install script" echo "custom container buildtime script"
# Custom user shell scripts to be run during container execution, right before
# final QCOW image is created.
runtime_user_scripts:
- file_content: |
#!/bin/bash
echo "custom container buildtime script"
# Any other adjustments to file or directory permissions, for files that already exist. # Any other adjustments to file or directory permissions, for files that already exist.
file_permissions: file_permissions:

3
image-builder/assets/playbooks/roles/osconfig/tasks/buildtime-user-scripts.yaml Normal file
View File

@ -0,0 +1,3 @@
- name: "user-scripts | running user-defined scripts"
shell: "{{ item.file_content }}"
with_items: "{{ buildtime_user_scripts }}"

14
image-builder/assets/playbooks/roles/osconfig/tasks/main.yaml
View File

@ -34,8 +34,14 @@
include_tasks: file-permissions.yaml include_tasks: file-permissions.yaml
- name: "finalise rootfs" - name: "finalise rootfs"
include_tasks: finalise-rootfs.yaml include_tasks: finalise-rootfs.yaml
tags: pre_install tags: runtime_and_buildtime
- block: - block:
- name: "POST-INSTALL | Starting post-install" - name: "run user-defined scripts"
include_tasks: post-install.yaml include_tasks: buildtime-user-scripts.yaml
tags: post_install tags: buildtime_only
- block:
- name: "run system-defined scripts"
include_tasks: runtime-system-scripts.yaml
- name: "run user-defined scripts"
include_tasks: runtime-user-scripts.yaml
tags: runtime_only

108
image-builder/assets/playbooks/roles/osconfig/tasks/post-install.yaml
View File

@ -1,108 +0,0 @@
- name: "POST-INSTALL | Append any user-defined post-install pkgs to install list"
set_fact:
post_install_package_list: "{{ post_install_package_list + post_install_package_list_append }}"
when: post_install_package_list_append is defined
- name: "POST-INSTALL | DNS sanity check"
shell:
executable: /bin/bash
cmd: |
set -e
proxy="{{ lookup('env', 'HTTP_PROXY') }}"
# Ensure proxy address is resolvable, if supplied as a domain name
if [[ -n $proxy ]]; then
# Extract proxy server address from url
proxy_address="$(echo "$proxy" | awk -F/ '{print $3}' | awk -F: '{print $1}')"
# If first letter of proxy address is a letter, verify that a DNS lookup is possible
if [[ $proxy_address == [a-zA-z]* ]]; then
echo "proxy check for '$proxy_address' ..."
nslookup $proxy_address > /dev/null || (
echo "Failed to resolve proxy '$proxy_address' with dns server '$(cat /etc/resolv.conf)'."
echo "Reconfigure DNS setting provided in the 'qcow' playbook to a DNS server that can resolve '$proxy_address'."
exit 1
)
fi
fi
echo "archive.ubuntu.com DNS check ..."
nslookup archive.ubuntu.com || (
echo "DNS lookup failure for archive.ubuntu.com with '$(cat /etc/resolv.conf)'"
exit 1
)
- name: "POST-INSTALL | update source list"
apt:
update_cache: yes
- name: "POST-INSTALL | generate locales"
shell: |
set -e
locale-gen en_US.UTF-8
- name: "POST-INSTALL | Remove incomplete kernel install by multistrap"
shell: |
set -e
apt-get remove -y '^linux-image-.*'
apt-get remove -y '^linux-modules-.*'
- name: "POST-INSTALL | install grub2 and kernel"
apt:
pkg:
- grub2
- grub-efi-amd64-signed
- efivar
- "{{ kernel.base_pkg }}"
- "{{ kernel.headers_pkg }}"
- kmod
- name: "POST-INSTALL | grub-install LEGACY"
shell: |
set -e
grub-install --target=i386-pc --no-uefi-secure-boot --skip-fs-probe --force "{{ lookup('file', '/tmp/nbd') }}"
grub-install --target=i386-pc --no-uefi-secure-boot --skip-fs-probe --force --recheck "{{ lookup('file', '/tmp/nbd') }}"
when: uefi is not defined
- name: "POST-INSTALL | grub-install UEFI"
shell: |
set -e
grub-install --target=i386-pc --uefi-secure-boot --skip-fs-probe --force "{{ lookup('file', '/tmp/nbd') }}"
grub-install --target=i386-pc --uefi-secure-boot --skip-fs-probe --force --recheck "{{ lookup('file', '/tmp/nbd') }}"
grub-install --target=x86_64-efi --uefi-secure-boot --skip-fs-probe --force "{{ lookup('file', '/tmp/nbd') }}"
grub-install --target=x86_64-efi --uefi-secure-boot --skip-fs-probe --force --recheck "{{ lookup('file', '/tmp/nbd') }}"
when: uefi is defined
- name: "POST-INSTALL | generate grub cfg file"
shell: |
set -e
update-grub
- name: "POST-INSTALL | install other user-requested packages, and kernel-dependent pkgs and ones that fail to install with multistrap"
apt:
pkg: "{{ post_install_package_list }}"
- name: "POST-INSTALL | write root partition UUID to grub.cfg"
shell: |
set -e
cp -r /usr/lib/grub/* /boot/grub
blkid -s UUID -o value $(df -h | grep /$ | awk "{print \$1}") > /tmp/root_uuid
sed -i "s@root=/dev/nbd[0-9]p[0-9]@root=UUID=$(cat /tmp/root_uuid)@g" /boot/grub/grub.cfg
rm /tmp/root_uuid
- name: "POST-INSTALL | write boot partition UUID to UEFI grub.cfg"
shell: |
set -e
blkid -s UUID -o value $(df -h | grep /boot$ | awk "{print \$1}") > /tmp/boot_uuid
echo "search.fs_uuid $(cat /tmp/boot_uuid) root hd0,gpt2" > /boot/efi/EFI/ubuntu/grub.cfg
echo "set prefix=(\$root)'/grub'" >> /boot/efi/EFI/ubuntu/grub.cfg
echo "configfile \$prefix/grub.cfg" >> /boot/efi/EFI/ubuntu/grub.cfg
rm /tmp/boot_uuid
when: uefi is defined
- name: "POST-INSTALL | running user-defined post-scripts"
shell: "{{ item.file_content }}"
with_items: "{{ post_install_scripts }}"
- name: "POST-INSTALL | cleanup deb cache"
shell: |
set -e
rm /var/cache/apt/archives/*.deb

34
image-builder/assets/playbooks/roles/osconfig/tasks/runtime-system-scripts.yaml Normal file
View File

@ -0,0 +1,34 @@
- name: "POST-INSTALL | generate locales"
shell: |
set -e
locale-gen en_US.UTF-8
- name: "POST-INSTALL | grub-install"
shell: |
set -e
grub-install --target=i386-pc --skip-fs-probe --force "{{ lookup('file', '/tmp/nbd') }}"
grub-install --target=i386-pc --skip-fs-probe --force --recheck "{{ lookup('file', '/tmp/nbd') }}"
grub-install --target=x86_64-efi --skip-fs-probe --force "{{ lookup('file', '/tmp/nbd') }}"
grub-install --target=x86_64-efi --skip-fs-probe --force --recheck "{{ lookup('file', '/tmp/nbd') }}"
- name: "POST-INSTALL | generate grub cfg file"
shell: |
set -e
update-grub
- name: "POST-INSTALL | write root partition UUID to grub.cfg"
shell: |
set -e
cp -r /usr/lib/grub/* /boot/grub
blkid -s UUID -o value $(df -h | grep /$ | awk "{print \$1}") > /tmp/root_uuid
sed -i "s@root=/dev/nbd[0-9]p[0-9]@root=UUID=$(cat /tmp/root_uuid)@g" /boot/grub/grub.cfg
rm /tmp/root_uuid
- name: "POST-INSTALL | write boot partition UUID to UEFI grub.cfg"
shell: |
set -e
blkid -s UUID -o value $(df -h | grep /boot$ | awk "{print \$1}") > /tmp/boot_uuid
echo "search.fs_uuid $(cat /tmp/boot_uuid) root hd0,gpt2" > /boot/efi/EFI/ubuntu/grub.cfg
echo "set prefix=(\$root)'/grub'" >> /boot/efi/EFI/ubuntu/grub.cfg
echo "configfile \$prefix/grub.cfg" >> /boot/efi/EFI/ubuntu/grub.cfg
rm /tmp/boot_uuid

3
image-builder/assets/playbooks/roles/osconfig/tasks/runtime-user-scripts.yaml Normal file
View File

@ -0,0 +1,3 @@
- name: "user-scripts | running user-defined scripts"
shell: "{{ item.file_content }}"
with_items: "{{ runtime_user_scripts }}"

14
image-builder/assets/playbooks/roles/osconfig/vars/main.yaml
View File

@ -1,15 +1 @@
# NOTE: This file will be *overwritten* by the container entrypoint with user-provided vars, if any are defined. # NOTE: This file will be *overwritten* by the container entrypoint with user-provided vars, if any are defined.
#
# The following are examples that show you how to override variables.
#
# Example 1: The following usage will *overwrite* the list of packages
# defined under defaults/main.yaml with the list here:
#post_install_package_list:
# - package1
# - package2
#
# Example 2: The following usage will *append* to the list of default pkgs
# defined under defaults/main.yaml with the list here:
#post_install_package_list_append:
# - package1
# - package2

13
image-builder/assets/playbooks/roles/qcow/defaults/main.yaml
View File

@ -1,8 +1,8 @@
root_chroot: /mnt/rootfs src: /build
dst: /chroot
nbd_build_dir: /tmp/nbd_build_dir nbd_build_dir: /tmp/nbd_build_dir
img_output_dir: /config img_output_dir: /config
img_name: airship-ubuntu.qcow2 img_name: airship-ubuntu.qcow2
dns: 8.8.8.8
qcow_capacity: 5G qcow_capacity: 5G
partitions: partitions:
# Partition numbering is according to list ordering. # Partition numbering is according to list ordering.
@ -46,3 +46,12 @@ partitions:
options: "defaults,errors=remount-ro,noatime" options: "defaults,errors=remount-ro,noatime"
dump: 0 dump: 0
fsck: 2 fsck: 2
# If any custom post-install shell scripts are needed for qcow building,
# they can be added here. This should only be used if
# osconfig_container_buildtime_scripts does not work in osconfig playbook.
qcow_container_runtime_scripts:
- file_content: |
#!/bin/bash
echo "custom qcow post-install script"
# This is only needed if you want DNS working when running qcow scripts above
qcow_container_runtime_scripts_dns: 8.8.8.8

12
image-builder/assets/playbooks/roles/qcow/tasks/boot-syslinux.yaml
View File

@ -1,7 +1,7 @@
- name: "QCOW | Installing extlinux" - name: "QCOW | Installing extlinux"
shell: | shell: |
mkdir -p "{{ root_chroot }}"/boot/syslinux mkdir -p "{{ dst }}"/boot/syslinux
extlinux --install "{{ root_chroot }}"/boot/syslinux/ --device /dev/disk/by-partlabel/{{ ( partitions | selectattr('mount', 'equalto', '/boot') | list | first ).mount | hash('md5') }} extlinux --install "{{ dst }}"/boot/syslinux/ --device /dev/disk/by-partlabel/{{ ( partitions | selectattr('mount', 'equalto', '/boot') | list | first ).mount | hash('md5') }}
- name: "QCOW | Writing out syslinux config" - name: "QCOW | Writing out syslinux config"
copy: copy:
@ -11,12 +11,12 @@
LABEL linux LABEL linux
KERNEL /vmlinuz KERNEL /vmlinuz
APPEND root=/dev/disk/by-partlabel/{{ ( partitions | selectattr('mount', 'equalto', '/') | list | first ).mount | hash('md5') }} initrd=/initrd.img APPEND root=/dev/disk/by-partlabel/{{ ( partitions | selectattr('mount', 'equalto', '/') | list | first ).mount | hash('md5') }} initrd=/initrd.img
dest: ""{{ root_chroot }}/boot/syslinux/syslinux.cfg" dest: ""{{ dst }}/boot/syslinux/syslinux.cfg"
- name: "QCOW | Installing kernel and init ramdisk" - name: "QCOW | Installing kernel and init ramdisk"
shell: | shell: |
rm -rf "{{ root_chroot }}"/vmlinuz rm -rf "{{ dst }}"/vmlinuz
cp -f /mnt/image/vmlinuz "{{ root_chroot }}"/boot/ cp -f /mnt/image/vmlinuz "{{ dst }}"/boot/
rm -rf /tmp/mnt/initrd.img rm -rf /tmp/mnt/initrd.img
cp -f /mnt/image/initrd "{{ root_chroot }}"/boot/initrd.img cp -f /mnt/image/initrd "{{ dst }}"/boot/initrd.img

10
image-builder/assets/playbooks/roles/qcow/tasks/chroot-cleanup.yaml
View File

@ -1,16 +1,18 @@
- name: "QCOW | copy ansible playbooks to target image" - name: "QCOW | copy ansible playbooks to target image"
shell: | shell: |
set -e set -e
cp -r /opt/assets "{{ root_chroot }}"/opt cp -r /opt/assets "{{ dst }}"/opt
- name: "QCOW | unmount target" - name: "QCOW | unmount target"
shell: | shell: |
set -e set -e
# restore resolv.conf # restore resolv.conf
chroot "{{ root_chroot }}" /bin/bash -c 'rm /etc/resolv.conf; cd /etc; ln -s ../run/systemd/resolve/stub-resolv.conf resolv.conf' chroot "{{ dst }}" /bin/bash -c 'rm /etc/resolv.conf; cd /etc; ln -s ../run/systemd/resolve/stub-resolv.conf resolv.conf'
cd "{{ root_chroot }}" cd "{{ dst }}"
mountpoint dev/pts > /dev/null && umount dev/pts mountpoint dev/pts > /dev/null && umount dev/pts
mountpoint dev > /dev/null && umount dev mountpoint dev > /dev/null && umount dev
mountpoint sys/firmware/efi > /dev/null && umount sys/firmware/efi if [ -d /sys/firmware/efi ]; then
mountpoint sys/firmware/efi > /dev/null && umount sys/firmware/efi
fi
mountpoint sys > /dev/null && umount sys mountpoint sys > /dev/null && umount sys
mountpoint proc > /dev/null && umount proc mountpoint proc > /dev/null && umount proc

29
image-builder/assets/playbooks/roles/qcow/tasks/chroot-prep.yaml
View File

@ -1,30 +1,13 @@
- name: "QCOW | mount sys LEGACY"
shell: |
set -e
mkdir -p "{{ root_chroot }}"
cd "{{ root_chroot }}"
mountpoint sys > /dev/null || mount -t sysfs /sys sys
# mount an empty dir to efi directory, otherwise grub will try to configure EFI boot for the target image, **iff** the build node was booted with EFI.
if [ -d sys/firmware/efi ]; then mountpoint sys/firmware/efi > /dev/null || mkdir /dummy; mount -o bind /dummy sys/firmware/efi; fi
when: uefi is not defined
- name: "QCOW | mount sys UEFI"
shell: |
set -e
mkdir -p "{{ root_chroot }}"
cd "{{ root_chroot }}"
mountpoint sys > /dev/null || mount -t sysfs /sys sys
# Required for building UEFI targets
ls /sys/firmware/efi > /dev/null || (echo "efivars not present on build system. Build system must be booted into UEFI mode." && exit 1)
mountpoint sys/firmware/efi > /dev/null || mount -o bind /sys/firmware/efi sys/firmware/efi
when: uefi is defined
- name: "QCOW | Mount remaining targets" - name: "QCOW | Mount remaining targets"
shell: | shell: |
set -e set -e
cd "{{ root_chroot }}" cd "{{ dst }}"
mountpoint sys > /dev/null || mount -t sysfs /sys sys
if [ -d /sys/firmware/efi ]; then
mountpoint sys/firmware/efi > /dev/null || mount -o bind /sys/firmware/efi sys/firmware/efi
fi
mountpoint proc > /dev/null || mount -t proc /proc proc mountpoint proc > /dev/null || mount -t proc /proc proc
mountpoint dev > /dev/null || mount -o bind /dev dev mountpoint dev > /dev/null || mount -o bind /dev dev
mountpoint dev/pts > /dev/null || mount -t devpts /dev/pts dev/pts mountpoint dev/pts > /dev/null || mount -t devpts /dev/pts dev/pts
# temporarily override resolv.conf to working dns # temporarily override resolv.conf to working dns
chroot "{{ root_chroot }}" /bin/bash -c 'rm /etc/resolv.conf; echo "nameserver {{ dns }}" > /etc/resolv.conf' chroot "{{ dst }}" /bin/bash -c 'rm /etc/resolv.conf; echo "nameserver {{ qcow_container_runtime_scripts_dns }}" > /etc/resolv.conf'

5
image-builder/assets/playbooks/roles/qcow/tasks/copy-files.yaml Normal file
View File

@ -0,0 +1,5 @@
# Copy files onto partitioned disk
- name: "mount-helper | Copy files onto partition"
shell: |
set -e
rsync -ah {{ src }}/ {{ dst }}/ --exclude 'live'

8
image-builder/assets/playbooks/roles/qcow/tasks/main.yaml
View File

@ -19,10 +19,14 @@
file: mount-helper.yaml file: mount-helper.yaml
with_items: "{{ partitions | sort( case_sensitive=True, attribute='mount_order' ) }}" with_items: "{{ partitions | sort( case_sensitive=True, attribute='mount_order' ) }}"
vars: vars:
mount_offset: "{{ root_chroot }}" mount_offset: "{{ dst }}"
state: mounted state: mounted
fstab: /tmp/junkfstab fstab: /tmp/junkfstab
- name: "QCOW | Copy files to partition"
include_tasks:
file: copy-files.yaml
- name: "QCOW | Writing image content" - name: "QCOW | Writing image content"
include_tasks: include_tasks:
file: writing-image-content.yaml file: writing-image-content.yaml
@ -44,7 +48,7 @@
file: mount-helper.yaml file: mount-helper.yaml
with_items: "{{ partitions | sort( reverse=True, case_sensitive=True, attribute='mount' ) }}" with_items: "{{ partitions | sort( reverse=True, case_sensitive=True, attribute='mount' ) }}"
vars: vars:
mount_offset: "{{ root_chroot }}" mount_offset: "{{ dst }}"
state: unmounted state: unmounted
fstab: /tmp/junkfstab fstab: /tmp/junkfstab

9
image-builder/assets/playbooks/roles/qcow/tasks/writing-image-content.yaml
View File

@ -1,16 +1,11 @@
- name: "QCOW | Writing out rootfs from squashfs"
shell: |
unsquashfs -d "{{ root_chroot }}" -f /mnt/image/live/filesystem.squashfs
exit 0
- name: "QCOW | Writing out fstab" - name: "QCOW | Writing out fstab"
include_tasks: mount-helper.yaml include_tasks: mount-helper.yaml
with_items: "{{ partitions | sort( case_sensitive=True, attribute='mount' ) }}" with_items: "{{ partitions | sort( case_sensitive=True, attribute='mount' ) }}"
vars: vars:
mount_offset: null mount_offset: null
state: present state: present
fstab: "{{ root_chroot }}/etc/fstab" fstab: "{{ dst }}/etc/fstab"
- name: "QCOW | Setting debug password" - name: "QCOW | Setting debug password"
shell: | shell: |
chroot "{{ root_chroot }}" sh -c "echo \"root:password\" | chpasswd" chroot "{{ dst }}" sh -c "echo \"root:password\" | chpasswd"

1
image-builder/assets/playbooks/roles/qcow/templates/generic-file-writer.j2 Normal file
View File

@ -0,0 +1 @@
{{ item.file_content }}

18
image-builder/examples/osconfig-control-plane-vars.yaml
View File

@ -1,11 +1,4 @@
rootfs_root: /mnt/rootfs
cni_version: v0.8.2
k8s_version: v1.18.6
kernel: kernel:
base_pkg: linux-image-generic
headers_pkg: linux-headers-generic
modules: modules:
load: load:
- name: 8021q - name: 8021q
@ -155,17 +148,10 @@ systemd:
enabled: yes enabled: yes
force: no force: no
post_install_package_list: buildtime_user_scripts:
- kdump-tools
- apparmor
- dbus
- rsyslog
- logrotate
post_install_scripts:
- file_content: | - file_content: |
#!/bin/bash #!/bin/bash
echo "custom post-install script" echo "custom container buildtime script"
file_permissions: file_permissions:
# Full path to file to create # Full path to file to create

3
image-builder/examples/qcow-control-plane-vars-full-partitions.yaml
View File

@ -1,6 +1,3 @@
root_chroot: /mnt/rootfs
nbd_build_dir: /tmp/nbd_build_dir
dns: 8.8.8.8
qcow_capacity: 412G qcow_capacity: 412G
partitions: partitions:
# Partition numbering is according to list ordering. # Partition numbering is according to list ordering.

1
image-builder/examples/qcow-control-plane-vars.yaml
View File

@ -1,4 +1,3 @@
dns: 8.8.8.8
qcow_capacity: 5G qcow_capacity: 5G
partitions: partitions:
# Partition numbering is according to list ordering. # Partition numbering is according to list ordering.

31
image-builder/tools/cut_image.sh
View File

@ -18,14 +18,10 @@ image="${3:-port/image-builder:latest-ubuntu_focal}"
# Libvirt instance name to use for a new libvirt XML definition that # Libvirt instance name to use for a new libvirt XML definition that
# will be created to reference the newly created ISO or QCOW2 image. # will be created to reference the newly created ISO or QCOW2 image.
img_alias="${4:-port-image-builder-latest-ubuntu_focal-$build_type}" img_alias="${4:-port-image-builder-latest-ubuntu_focal-$build_type}"
# Whether or not to build the image with UEFI support.
# NOTE: Machines that are not booted with UEFI will be unable to create
# UEFI images.
uefi_boot="$5"
# proxy to use, if applicable # proxy to use, if applicable
proxy="$6" proxy="$5"
# noproxy to use, if applicable # noproxy to use, if applicable
noproxy="$7" noproxy="$6"
if [ -n "$proxy" ]; then if [ -n "$proxy" ]; then
export http_proxy=$proxy export http_proxy=$proxy
@ -39,8 +35,23 @@ if [ -n "$noproxy" ]; then
export NO_PROXY=$noproxy export NO_PROXY=$noproxy
fi fi
if [ -n "$uefi_boot" ]; then # Install pre-requisites
install_pkg(){
dpkg -l $1 2> /dev/null | grep ^ii > /dev/null || sudo -E apt-get -y install $1
}
sudo -E apt -y update
install_pkg qemu-kvm
install_pkg virtinst
install_pkg libvirt-bin
install_pkg cloud-image-utils
install_pkg ovmf
type docker >& /dev/null || install_pkg docker.io
if [ -d /sys/firmware/efi ]; then
uefi_mount='--volume /sys/firmware/efi:/sys/firmware/efi:rw' uefi_mount='--volume /sys/firmware/efi:/sys/firmware/efi:rw'
uefi_boot_arg='--boot uefi'
fi fi
workdir="$(realpath ${host_mount_directory})" workdir="$(realpath ${host_mount_directory})"
@ -58,9 +69,9 @@ if [[ $build_type = iso ]]; then
--env NO_PROXY=$noproxy \ --env NO_PROXY=$noproxy \
${image} ${image}
disk1="--disk path=${workdir}/ephemeral.iso,device=cdrom" disk1="--disk path=${workdir}/ephemeral.iso,device=cdrom"
uefi_boot_arg='--boot uefi'
elif [[ $build_type == qcow ]]; then elif [[ $build_type == qcow ]]; then
sudo -E modprobe nbd sudo -E modprobe nbd
echo "Note: This step can be slow if you don't have an SSD."
sudo -E docker run -t --rm \ sudo -E docker run -t --rm \
--privileged \ --privileged \
--volume /dev:/dev:rw \ --volume /dev:/dev:rw \
@ -78,15 +89,11 @@ elif [[ $build_type == qcow ]]; then
--env HTTPS_PROXY=$proxy \ --env HTTPS_PROXY=$proxy \
--env no_proxy=$noproxy \ --env no_proxy=$noproxy \
--env NO_PROXY=$noproxy \ --env NO_PROXY=$noproxy \
--env uefi_boot=$uefi_boot \
${image} ${image}
cloud_init_config_dir='assets/tests/qcow/cloud-init' cloud_init_config_dir='assets/tests/qcow/cloud-init'
sudo -E cloud-localds -v --network-config="${cloud_init_config_dir}/network-config" "${workdir}/airship-ubuntu_config.iso" "${cloud_init_config_dir}/user-data" "${cloud_init_config_dir}/meta-data" sudo -E cloud-localds -v --network-config="${cloud_init_config_dir}/network-config" "${workdir}/airship-ubuntu_config.iso" "${cloud_init_config_dir}/user-data" "${cloud_init_config_dir}/meta-data"
disk1="--disk path=${workdir}/control-plane.qcow2" disk1="--disk path=${workdir}/control-plane.qcow2"
disk2="--disk path=${workdir}/airship-ubuntu_config.iso,device=cdrom" disk2="--disk path=${workdir}/airship-ubuntu_config.iso,device=cdrom"
if [ -n "$uefi_boot" ]; then
uefi_boot_arg='--boot uefi'
fi
else else
echo Unknown build type: $build_type, exiting. echo Unknown build type: $build_type, exiting.
exit 1 exit 1

15
image-builder/tools/install_prereqs.ubuntu_focal
View File

@ -1,15 +0,0 @@
#!/bin/bash
install_pkg(){
dpkg -l $1 >& /dev/null || sudo -E apt-get -y install $1
}
install_pkg qemu-kvm
install_pkg virtinst
install_pkg libvirt-bin
install_pkg cloud-image-utils
install_pkg ovmf
install_pkg efivar
type docker >& /dev/null || install_pkg docker.io
# required for building UEFI image
sudo -E modprobe efivars

136
image-builder/tools/multistrap.sh Executable file
View File

@ -0,0 +1,136 @@
#!/bin/bash
set -e
build_dir=assets/playbooks/build
osconfig_build_dir=$(basename $build_dir)
install_pkg(){
dpkg -l $1 2> /dev/null | grep ^ii > /dev/null || sudo -E apt-get -y install $1
}
setup_chroot(){
# Idempotently setup chroot mounts
mkdir -p $build_dir
mkdir -p $build_dir/sys
mountpoint $build_dir/sys > /dev/null || sudo mount -t sysfs /sys $build_dir/sys
if [ -d /sys/firmware/efi ]; then
mountpoint $build_dir/sys/firmware/efi > /dev/null || sudo mount -o bind /sys/firmware/efi $build_dir/sys/firmware/efi
fi
mkdir -p $build_dir/proc
mountpoint $build_dir/proc > /dev/null || sudo mount -t proc /proc $build_dir/proc
mkdir -p $build_dir/dev
mountpoint $build_dir/dev > /dev/null || sudo mount -o bind /dev $build_dir/dev
mountpoint $build_dir/dev/pts > /dev/null || sudo mount -t devpts /dev/pts $build_dir/dev/pts
mkdir -p $osconfig_build_dir
mountpoint $osconfig_build_dir > /dev/null || sudo mount -o bind $build_dir $osconfig_build_dir
}
umount_helper(){
if [[ -d "$1" ]] && mountpoint "$1" > /devnull; then
sudo umount "$1"
fi
}
umount_chroot(){
# Idempotently teardown chroot mounts
umount_helper $build_dir/dev/pts
umount_helper $build_dir/dev
if [[ -d /sys/firmware/efi ]]; then
umount_helper $build_dir/sys/firmware/efi
fi
umount_helper $build_dir/sys
umount_helper $build_dir/proc
umount_helper $osconfig_build_dir
}
# Install pre-requisites
sudo -E apt -y update
install_pkg efivar
# required for building UEFI image
sudo -E modprobe efivars
type docker >& /dev/null || install_pkg docker.io
install_pkg equivs
install_pkg ca-certificates
install_pkg build-essential
install_pkg gnupg2
install_pkg multistrap
install_pkg curl
install_pkg grub-common
install_pkg grub2-common
install_pkg grub-pc-bin
install_pkg grub-efi-amd64-signed
install_pkg dosfstools
install_pkg mtools
install_pkg squashfs-tools
install_pkg python3-minimal
install_pkg python3-pip
install_pkg python3-apt
install_pkg python3-setuptools
sudo -E pip3 install --upgrade pip
pip3 show wheel >& /dev/null || sudo -E pip3 install --upgrade wheel
pip3 show ansible >& /dev/null || sudo -E pip3 install --upgrade ansible
if [[ $1 = clean ]]; then
umount_chroot
sudo chattr -i $build_dir/etc/kernel/postinst.d/kdump-tools
if [[ -d $build_dir ]]; then
sudo rm -rf $build_dir
fi
if [[ -d $osconfig_build_dir ]]; then
sudo rm -rf $osconfig_build_dir
fi
exit 0
elif [[ $1 = umount ]]; then
umount_chroot
exit 0
elif [[ $1 = mount ]]; then
setup_chroot
exit 0
fi
setup_chroot
# Archive a copy of the ansible used to generate the image in the image itself
mkdir -p $build_dir/opt/assets/playbooks/roles
cp assets/playbooks/inventory.yaml $build_dir/opt/assets/playbooks/inventory.yaml
cp assets/playbooks/base-chroot.yaml $build_dir/opt/assets/playbooks/base-chroot.yaml
cp -r assets/playbooks/roles/multistrap $build_dir/opt/assets/playbooks/roles
# Run multistrap
sudo -E ansible-playbook -i assets/playbooks/inventory.yaml assets/playbooks/base-chroot.yaml -vv
cp assets/playbooks/base-osconfig.yaml $build_dir/opt/assets/playbooks/base-osconfig.yaml
cp -r assets/playbooks/roles/osconfig $build_dir/opt/assets/playbooks/roles
sudo -E ansible-playbook -i assets/playbooks/inventory.yaml assets/playbooks/base-osconfig.yaml --tags "runtime_and_buildtime" -vv
sudo -E ansible-playbook -i assets/playbooks/inventory.yaml assets/playbooks/base-osconfig.yaml --tags "buildtime_only" -vv
umount_chroot
cp assets/playbooks/base-livecdcontent.yaml $build_dir/opt/assets/playbooks/base-livecdcontent.yaml
cp -r assets/playbooks/roles/livecdcontent $build_dir/opt/assets/playbooks/roles
sudo -E ansible-playbook -i assets/playbooks/inventory.yaml assets/playbooks/base-livecdcontent.yaml -vv
cp assets/playbooks/iso.yaml $build_dir/opt/assets/playbooks/iso.yaml
cp -r assets/playbooks/roles/iso $build_dir/opt/assets/playbooks/roles
cp assets/playbooks/qcow.yaml $build_dir/opt/assets/playbooks/qcow.yaml
cp -r assets/playbooks/roles/qcow $build_dir/opt/assets/playbooks/roles
if [ ! -e $build_dir/dev/random ]; then
sudo -E mknod $build_dir/dev/random c 1 8
sudo -E chmod 640 $build_dir/dev/random
sudo -E chown 0:0 $build_dir/dev/random
fi
if [ ! -e $build_dir/dev/urandom ]; then
sudo -E mknod $build_dir/dev/urandom c 1 9
sudo -E chmod 640 $build_Dir/dev/urandom
sudo -E chown 0:0 $build_Dir/dev/urandom
fi
if [ -f $build_dir/dev/null ]; then
sudo rm -f $build_dir/dev/null
fi
if [ ! -e $build_dir/dev/null ]; then
sudo -E mknod $build_dir/dev/null c 1 3
sudo -E chmod 666 $build_dir/dev/null
sudo -E chown 0:0 $build_dir/dev/null
fi