From c9ce644f161cf0051326fd072886c74efb0d422f Mon Sep 17 00:00:00 2001 From: Igor Malinovskiy Date: Tue, 2 Jun 2015 17:58:51 +0300 Subject: [PATCH] Init manila-service-image repo --- .gitignore | 4 + build.sh | 75 +++++++++++++++++++ elements/manila-cifs/install.d/50-manila-cifs | 5 ++ .../50-manila-samba-patch-config | 10 +++ elements/manila-nfs/install.d/50-manila-nfs | 10 +++ .../post-install.d/50-manila-nfs-patch-config | 10 +++ elements/manila-ssh/README.rst | 5 ++ .../install.d/50-fetch-public-ssh-keys | 18 +++++ .../install.d/fetch-public-ssh-keys.conf | 7 ++ .../install.d/fetch-public-ssh-keys.sh | 42 +++++++++++ .../post-install.d/80-update-sshd-conf | 10 +++ elements/manila-ubuntu-core/README.rst | 9 +++ elements/manila-ubuntu-core/element-deps | 3 + elements/manila-ubuntu-core/element-provides | 1 + .../environment.d/10-ubuntu-distro-name.bash | 2 + .../install.d/99-autoremove | 9 +++ .../manila-ubuntu-core/package-installs.yaml | 1 + .../00-install-required-packages | 13 ++++ .../pre-install.d/00-remove-apt-xapian-index | 11 +++ .../pre-install.d/00-remove-grub | 18 +++++ .../pre-install.d/01-set-ubuntu-mirror | 14 ++++ .../root.d/10-cache-ubuntu-tarball | 62 +++++++++++++++ requirements.txt | 1 + 23 files changed, 340 insertions(+) create mode 100644 .gitignore create mode 100755 build.sh create mode 100755 elements/manila-cifs/install.d/50-manila-cifs create mode 100755 elements/manila-cifs/post-install.d/50-manila-samba-patch-config create mode 100755 elements/manila-nfs/install.d/50-manila-nfs create mode 100755 elements/manila-nfs/post-install.d/50-manila-nfs-patch-config create mode 100644 elements/manila-ssh/README.rst create mode 100755 elements/manila-ssh/install.d/50-fetch-public-ssh-keys create mode 100755 elements/manila-ssh/install.d/fetch-public-ssh-keys.conf create mode 100755 elements/manila-ssh/install.d/fetch-public-ssh-keys.sh create mode 100755 elements/manila-ssh/post-install.d/80-update-sshd-conf create mode 100755 elements/manila-ubuntu-core/README.rst create mode 100755 elements/manila-ubuntu-core/element-deps create mode 100755 elements/manila-ubuntu-core/element-provides create mode 100755 elements/manila-ubuntu-core/environment.d/10-ubuntu-distro-name.bash create mode 100755 elements/manila-ubuntu-core/install.d/99-autoremove create mode 100755 elements/manila-ubuntu-core/package-installs.yaml create mode 100755 elements/manila-ubuntu-core/pre-install.d/00-install-required-packages create mode 100755 elements/manila-ubuntu-core/pre-install.d/00-remove-apt-xapian-index create mode 100755 elements/manila-ubuntu-core/pre-install.d/00-remove-grub create mode 100755 elements/manila-ubuntu-core/pre-install.d/01-set-ubuntu-mirror create mode 100755 elements/manila-ubuntu-core/root.d/10-cache-ubuntu-tarball create mode 100644 requirements.txt diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ca997ad --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +/*.d +*.qcow2 +debug.sh +.idea \ No newline at end of file diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..95fa8f2 --- /dev/null +++ b/build.sh @@ -0,0 +1,75 @@ +# Defaults: + +# Development options: +USE_OFFLINE_MODE=${USE_OFFLINE_MODE:-"yes"} +ENABLE_DEBUG_MODE=${ENABLE_DEBUG_MODE:-"no"} +DISABLE_IMG_COMPRESSION=${DISABLE_IMG_COMPRESSION:-"no"} + +# Manila user settings +MANILA_USER=${MANILA_USER:-"manila"} +MANILA_PASSWORD=${MANILA_PASSWORD:-"manila"} +MANILA_USER_AUTHORIZED_KEYS= + +# Manila image settings +MANILA_IMG_ARCH=${MANILA_IMG_ARCH:-"i386"} +MANILA_IMG_OS=${MANILA_IMG_OS:-"manila-ubuntu-core"} +MANILA_IMG_OS_VER=${MANILA_IMG_OS_VER:-"trusty"} +MANILA_IMG_NAME=${MANILA_IMG_NAME:-"ubuntu-manila-service-image.qcow2"} + +# Manila features +MANILA_ENABLE_NFS_SUPPORT=${MANILA_ENABLE_NFS_SUPPORT:-"yes"} +MANILA_ENABLE_CIFS_SUPPORT=${MANILA_ENABLE_CIFS_SUPPORT:-"yes"} + + +# Verify configuration +# -------------------- +REQUIRED_ELEMENTS="manila-ssh vm $MANILA_IMG_OS dhcp-all-interfaces devuser cleanup-kernel-initrd" +OPTIONAL_ELEMENTS= +OPTIONAL_DIB_ARGS= + +if [ "$MANILA_ENABLE_CIFS_SUPPORT" != "yes" && "$MANILA_ENABLE_CIFS_SUPPORT" = "yes" ]; then + echo "You should enable NFS or CIFS support for manila image." +fi + +if [ "$MANILA_ENABLE_NFS_SUPPORT" = "yes" ]; then + OPTIONAL_ELEMENTS="$OPTIONAL_ELEMENTS manila-nfs" +fi + +if [ "$MANILA_ENABLE_CIFS_SUPPORT" = "yes" ]; then + OPTIONAL_ELEMENTS="$OPTIONAL_ELEMENTS manila-cifs" +fi + +if [ "$USE_OFFLINE_MODE" = "yes" ]; then + OPTIONAL_DIB_ARGS="$OPTIONAL_DIB_ARGS -offline" +fi + +if [ "$ENABLE_DEBUG_MODE" = "yes" ]; then + OPTIONAL_DIB_ARGS="$OPTIONAL_DIB_ARGS -x" + MANILA_USER_AUTHORIZED_KEYS=${MANILA_USER_AUTHORIZED_KEYS:-"$HOME/.ssh/id_rsa.pub"} +fi + +if [ "$DISABLE_IMG_COMPRESSION" = "yes" ]; then + OPTIONAL_DIB_ARGS="$OPTIONAL_DIB_ARGS -u" +fi + +if [ "$MANILA_IMG_OS" = "manila-ubuntu-core" && "$MANILA_IMG_OS_VER" != "trusty" ]; then + echo "manila-ubuntu-core doesn't support '$MANILA_IMG_OS_VER' release." + echo "Change MANILA_IMG_OS to 'ubuntu' if you need another release." +fi + +# Export diskimage-builder settings +# --------------------------------- +export ELEMENTS_PATH=`pwd`/elements +export DIB_DEFAULT_INSTALLTYPE=package +export DIB_RELEASE=$MANILA_IMG_OS_VER + +# User settings +export DIB_DEV_USER_USERNAME=$MANILA_USER +export DIB_DEV_USER_PWDLESS_SUDO=yes +export DIB_DEV_USER_PASSWORD=$MANILA_PASSWORD +export DIB_DEV_USER_AUTHORIZED_KEYS=$MANILA_USER_AUTHORIZED_KEYS + +# Build image +# ----------- +disk-image-create -a $MANILA_IMG_ARCH $OPTIONAL_DIB_ARGS -o $MANILA_IMG_NAME\ + $OPTIONAL_ELEMENTS $REQUIRED_ELEMENTS \ No newline at end of file diff --git a/elements/manila-cifs/install.d/50-manila-cifs b/elements/manila-cifs/install.d/50-manila-cifs new file mode 100755 index 0000000..7e3b2b4 --- /dev/null +++ b/elements/manila-cifs/install.d/50-manila-cifs @@ -0,0 +1,5 @@ +#!/usr/bin/env bash + +set -eu + +install-packages samba samba-common samba-common-bin \ No newline at end of file diff --git a/elements/manila-cifs/post-install.d/50-manila-samba-patch-config b/elements/manila-cifs/post-install.d/50-manila-samba-patch-config new file mode 100755 index 0000000..fcadd90 --- /dev/null +++ b/elements/manila-cifs/post-install.d/50-manila-samba-patch-config @@ -0,0 +1,10 @@ +#!/bin/bash + +if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then + set -x +fi +set -eu +set -o pipefail + +# Enable registry in samba config +sed -i "s/\[global\]/\[global\]\\n\\n include = registry\\n/g" /etc/samba/smb.conf \ No newline at end of file diff --git a/elements/manila-nfs/install.d/50-manila-nfs b/elements/manila-nfs/install.d/50-manila-nfs new file mode 100755 index 0000000..bb404c8 --- /dev/null +++ b/elements/manila-nfs/install.d/50-manila-nfs @@ -0,0 +1,10 @@ +#!/bin/bash + +if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then + set -x +fi +set -eu +set -o pipefail + +# Install required packages +install-packages nfs-common nfs-kernel-server portmap \ No newline at end of file diff --git a/elements/manila-nfs/post-install.d/50-manila-nfs-patch-config b/elements/manila-nfs/post-install.d/50-manila-nfs-patch-config new file mode 100755 index 0000000..32d3869 --- /dev/null +++ b/elements/manila-nfs/post-install.d/50-manila-nfs-patch-config @@ -0,0 +1,10 @@ +#!/bin/bash + +if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then + set -x +fi +set -eu +set -o pipefail + +# Patch NFS init script to allow running nfs-kernel-server without exports: +sed -i 's/\s&&\sgrep\s-q\s.*\s\$export_files$//g' /etc/init.d/nfs-kernel-server \ No newline at end of file diff --git a/elements/manila-ssh/README.rst b/elements/manila-ssh/README.rst new file mode 100644 index 0000000..356f792 --- /dev/null +++ b/elements/manila-ssh/README.rst @@ -0,0 +1,5 @@ +========== +manila-ssh +========== + +Light-weight replacement for cloud-init. diff --git a/elements/manila-ssh/install.d/50-fetch-public-ssh-keys b/elements/manila-ssh/install.d/50-fetch-public-ssh-keys new file mode 100755 index 0000000..5d27a33 --- /dev/null +++ b/elements/manila-ssh/install.d/50-fetch-public-ssh-keys @@ -0,0 +1,18 @@ +#!/bin/bash + +if [ ${DIB_DEBUG_TRACE:-1} -gt 0 ]; then + set -x +fi +set -eu +set -o pipefail + +SCRIPTDIR=$(dirname $0) + +install -D -g root -o root -m 0755 ${SCRIPTDIR}/fetch-public-ssh-keys.sh /usr/local/sbin/fetch-public-ssh-keys.sh + +DIB_INIT_SYSTEM=$(dib-init-system) +if [ "$DIB_INIT_SYSTEM" == "upstart" ]; then + install -D -g root -o root -m 0755 ${SCRIPTDIR}/fetch-public-ssh-keys.conf /etc/init/fetch-public-ssh-keys.conf +else + echo "Not supported" +fi \ No newline at end of file diff --git a/elements/manila-ssh/install.d/fetch-public-ssh-keys.conf b/elements/manila-ssh/install.d/fetch-public-ssh-keys.conf new file mode 100755 index 0000000..b373d3d --- /dev/null +++ b/elements/manila-ssh/install.d/fetch-public-ssh-keys.conf @@ -0,0 +1,7 @@ +description "Fetch public ssh key from Nova metadata service" + +start on (started networking) + +task + +exec /usr/local/sbin/fetch-public-ssh-keys.sh \ No newline at end of file diff --git a/elements/manila-ssh/install.d/fetch-public-ssh-keys.sh b/elements/manila-ssh/install.d/fetch-public-ssh-keys.sh new file mode 100755 index 0000000..6f58175 --- /dev/null +++ b/elements/manila-ssh/install.d/fetch-public-ssh-keys.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +set -x +set -eu +set -o pipefail + +MANILA_USER="manila" +MANILA_USER_HOME="/home/$MANILA_USER" +MANILA_USER_SSH_DIR="$MANILA_USER_HOME/.ssh" + +if [ ! -d $MANILA_USER_SSH_DIR ]; then + mkdir -p $MANILA_USER_SSH_DIR + chmod 700 $MANILA_USER_SSH_DIR +fi + +# Fetch public key using HTTP +ATTEMPTS=10 +FAILED=0 +while [ ! -f $MANILA_USER_SSH_DIR/authorized_keys ]; do + curl -f http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key > /tmp/metadata-key 2>/dev/null + if [ $? -eq 0 ]; then + cat /tmp/metadata-key >> $MANILA_USER_SSH_DIR/authorized_keys + chmod 0600 $MANILA_USER_SSH_DIR/authorized_keys + rm -f /tmp/metadata-key + echo "Successfully retrieved public key from instance metadata" + echo "*****************" + echo "AUTHORIZED KEYS" + echo "*****************" + cat $MANILA_USER_SSH_DIR/authorized_keys + echo "*****************" + else + FAILED=`expr $FAILED + 1` + if [ $FAILED -ge $ATTEMPTS ]; then + echo "Failed to retrieve public key from instance metadata after $FAILED attempts, quitting" + break + fi + echo "Could not retrieve public key from instance metadata (attempt #$FAILED/$ATTEMPTS), retrying in 5 seconds..." + sleep 5 + fi +done + +chown -R $MANILA_USER $MANILA_USER_SSH_DIR \ No newline at end of file diff --git a/elements/manila-ssh/post-install.d/80-update-sshd-conf b/elements/manila-ssh/post-install.d/80-update-sshd-conf new file mode 100755 index 0000000..90b03fb --- /dev/null +++ b/elements/manila-ssh/post-install.d/80-update-sshd-conf @@ -0,0 +1,10 @@ +#!/bin/bash + +if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then + set -x +fi +set -eu +set -o pipefail + +# NOTE(u_glide): Security Warning! Use following option only for debugging purpouses +# sed -i 's/^#*PasswordAuthentication\sno/PasswordAuthentication yes/g' /etc/ssh/sshd_config diff --git a/elements/manila-ubuntu-core/README.rst b/elements/manila-ubuntu-core/README.rst new file mode 100755 index 0000000..9d213f2 --- /dev/null +++ b/elements/manila-ubuntu-core/README.rst @@ -0,0 +1,9 @@ +================== +manila-ubuntu-core +================== + +Provides minimalistic Ubuntu 14.04 LTS based on Ubuntu Core image. + +Overrides: + * To use different mirrors rather than the default of archive.ubuntu.com and + security.ubuntu.com, use the environment variable DIB\_DISTRIBUTION\_MIRROR diff --git a/elements/manila-ubuntu-core/element-deps b/elements/manila-ubuntu-core/element-deps new file mode 100755 index 0000000..0617448 --- /dev/null +++ b/elements/manila-ubuntu-core/element-deps @@ -0,0 +1,3 @@ +cache-url +dib-run-parts +dpkg diff --git a/elements/manila-ubuntu-core/element-provides b/elements/manila-ubuntu-core/element-provides new file mode 100755 index 0000000..a72e049 --- /dev/null +++ b/elements/manila-ubuntu-core/element-provides @@ -0,0 +1 @@ +operating-system diff --git a/elements/manila-ubuntu-core/environment.d/10-ubuntu-distro-name.bash b/elements/manila-ubuntu-core/environment.d/10-ubuntu-distro-name.bash new file mode 100755 index 0000000..2860427 --- /dev/null +++ b/elements/manila-ubuntu-core/environment.d/10-ubuntu-distro-name.bash @@ -0,0 +1,2 @@ +export DISTRO_NAME=ubuntu +export DIB_RELEASE=${DIB_RELEASE:-trusty} diff --git a/elements/manila-ubuntu-core/install.d/99-autoremove b/elements/manila-ubuntu-core/install.d/99-autoremove new file mode 100755 index 0000000..e04006d --- /dev/null +++ b/elements/manila-ubuntu-core/install.d/99-autoremove @@ -0,0 +1,9 @@ +#!/bin/bash + +if [ ${DIB_DEBUG_TRACE:-1} -gt 0 ]; then + set -x +fi +set -eu +set -o pipefail + +apt-get -y autoremove diff --git a/elements/manila-ubuntu-core/package-installs.yaml b/elements/manila-ubuntu-core/package-installs.yaml new file mode 100755 index 0000000..83f64fc --- /dev/null +++ b/elements/manila-ubuntu-core/package-installs.yaml @@ -0,0 +1 @@ +linux-image-generic: diff --git a/elements/manila-ubuntu-core/pre-install.d/00-install-required-packages b/elements/manila-ubuntu-core/pre-install.d/00-install-required-packages new file mode 100755 index 0000000..b5c2735 --- /dev/null +++ b/elements/manila-ubuntu-core/pre-install.d/00-install-required-packages @@ -0,0 +1,13 @@ +#!/bin/bash + +if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then + set -x +fi +set -eu +set -o pipefail + +sudo sed -i -E "s/#\s(deb.+universe)$/\1/g" /etc/apt/sources.list + +apt-get update +apt-get upgrade -y +apt-get install python sudo openssh-server rpcbind -y \ No newline at end of file diff --git a/elements/manila-ubuntu-core/pre-install.d/00-remove-apt-xapian-index b/elements/manila-ubuntu-core/pre-install.d/00-remove-apt-xapian-index new file mode 100755 index 0000000..9d04ccd --- /dev/null +++ b/elements/manila-ubuntu-core/pre-install.d/00-remove-apt-xapian-index @@ -0,0 +1,11 @@ +#!/bin/bash + +if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then + set -x +fi +set -eu +set -o pipefail + +# This package is broken and causes real issues on update: +# https://bugs.launchpad.net/ubuntu/+source/apt-xapian-index/+bug/1227420 +apt-get --yes remove apt-xapian-index || : diff --git a/elements/manila-ubuntu-core/pre-install.d/00-remove-grub b/elements/manila-ubuntu-core/pre-install.d/00-remove-grub new file mode 100755 index 0000000..094a3f7 --- /dev/null +++ b/elements/manila-ubuntu-core/pre-install.d/00-remove-grub @@ -0,0 +1,18 @@ +#!/bin/bash +# The grub post-kernel install hook will barf if the block device can't be +# found (as happens in a chroot). +# Temporarily remove grub, to avoid that confusion. + +if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then + set -x +fi +set -eu +set -o pipefail + +if dpkg-query -W grub-pc; then + apt-get -y remove grub-pc +fi + +if dpkg-query -W grub2-common; then + apt-get -y remove grub2-common +fi diff --git a/elements/manila-ubuntu-core/pre-install.d/01-set-ubuntu-mirror b/elements/manila-ubuntu-core/pre-install.d/01-set-ubuntu-mirror new file mode 100755 index 0000000..cc07297 --- /dev/null +++ b/elements/manila-ubuntu-core/pre-install.d/01-set-ubuntu-mirror @@ -0,0 +1,14 @@ +#!/bin/bash + +if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then + set -x +fi +set -eu +set -o pipefail + +DIB_DISTRIBUTION_MIRROR=${DIB_DISTRIBUTION_MIRROR:-} + +[ -n "$DIB_DISTRIBUTION_MIRROR" ] || exit 0 + +sudo sed -ie "s&http://\(archive\|security\).ubuntu.com/ubuntu&$DIB_DISTRIBUTION_MIRROR&" \ + /etc/apt/sources.list diff --git a/elements/manila-ubuntu-core/root.d/10-cache-ubuntu-tarball b/elements/manila-ubuntu-core/root.d/10-cache-ubuntu-tarball new file mode 100755 index 0000000..c438eb6 --- /dev/null +++ b/elements/manila-ubuntu-core/root.d/10-cache-ubuntu-tarball @@ -0,0 +1,62 @@ +#!/bin/bash +# These are useful, or at worst not harmful, for all images we build. + +if [ ${DIB_DEBUG_TRACE:-1} -gt 0 ]; then + set -x +fi +set -eu +set -o pipefail + +[ -n "$ARCH" ] +[ -n "$TARGET_ROOT" ] + +shopt -s extglob + +DIB_CLOUD_IMAGES=${DIB_CLOUD_IMAGES:-http://cdimage.ubuntu.com/ubuntu-core/releases/} +DIB_RELEASE="trusty" # Note(u_glide): another releases not supported/tested +DIB_RELEASE_NUM="14.04" +BASE_IMAGE_FILE=${BASE_IMAGE_FILE:-ubuntu-core-$DIB_RELEASE_NUM-core-$ARCH.tar.gz} +SHA256SUMS=${SHA256SUMS:-http://${DIB_CLOUD_IMAGES##http?(s)://}/$DIB_RELEASE/release/SHA256SUMS} +CACHED_FILE=$DIB_IMAGE_CACHE/$BASE_IMAGE_FILE +CACHED_FILE_LOCK=$DIB_IMAGE_CACHE/$BASE_IMAGE_FILE.lock +CACHED_SUMS=$DIB_IMAGE_CACHE/SHA256SUMS.ubuntu.$DIB_RELEASE.$ARCH + +function get_ubuntu_tarball() { + if [ -n "$DIB_OFFLINE" -a -f "$CACHED_FILE" ] ; then + echo "Not checking freshness of cached $CACHED_FILE." + else + echo "Fetching Base Image" + $TMP_HOOKS_PATH/bin/cache-url $SHA256SUMS $CACHED_SUMS + $TMP_HOOKS_PATH/bin/cache-url \ + $DIB_CLOUD_IMAGES/$DIB_RELEASE/release/$BASE_IMAGE_FILE $CACHED_FILE + pushd $DIB_IMAGE_CACHE + if ! grep "$BASE_IMAGE_FILE" $CACHED_SUMS | sha256sum --check - ; then + # It is likely that an upstream http(s) proxy has given us a skewed + # result - either a cached SHA file or a cached image. Use cache-busting + # to get (as long as caches are compliant...) fresh files. + # Try the sha256sum first, just in case that is the stale one (avoiding + # downloading the larger image), and then if the sums still fail retry + # the image. + $TMP_HOOKS_PATH/bin/cache-url -f $SHA256SUMS $CACHED_SUMS + if ! grep "$BASE_IMAGE_FILE" $CACHED_SUMS | sha256sum --check - ; then + $TMP_HOOKS_PATH/bin/cache-url -f \ + $DIB_CLOUD_IMAGES/$DIB_RELEASE/release/$BASE_IMAGE_FILE $CACHED_FILE + grep "$BASE_IMAGE_FILE" $CACHED_SUMS | sha256sum --check - + fi + fi + popd + fi + # Extract the base image (use --numeric-owner to avoid UID/GID mismatch between + # image tarball and host OS e.g. when building Ubuntu image on an openSUSE host) + sudo tar -C $TARGET_ROOT --numeric-owner -xzf $DIB_IMAGE_CACHE/$BASE_IMAGE_FILE +} + +( + echo "Getting $CACHED_FILE_LOCK: $(date)" + # Wait up to 20 minutes for another process to download + if ! flock -w 1200 9 ; then + echo "Did not get $CACHED_FILE_LOCK: $(date)" + exit 1 + fi + get_ubuntu_tarball +) 9> $CACHED_FILE_LOCK diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..27249a4 --- /dev/null +++ b/requirements.txt @@ -0,0 +1 @@ +diskimage-builder \ No newline at end of file