-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Showing
78 changed files
with
1,602 additions
and
41 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,5 @@ | ||
build/ | ||
Makefile.secrets | ||
context-windows/out/ | ||
context-windows/*.msi | ||
context-windows/rhsrvany.exe | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,13 +1,26 @@ | ||
DISTROS := alma8 alma9 alpine316 alpine317 debian11 debian12 rocky8 rocky9 | ||
DISTROS := alma8 alma9 \ | ||
alpine316 alpine317 \ | ||
debian10 debian11 debian12 \ | ||
fedora37 fedora38 \ | ||
ol8 ol9 \ | ||
rocky8 rocky9 \ | ||
ubuntu2004 ubuntu2004min ubuntu2204 ubuntu2204min | ||
|
||
# URLS | ||
URL_alma8 ?= https://repo.almalinux.org/almalinux/8/cloud/x86_64/images/AlmaLinux-8-OpenNebula-latest.x86_64.qcow2 | ||
URL_alma9 ?= https://repo.almalinux.org/almalinux/9/cloud/x86_64/images/AlmaLinux-9-OpenNebula-latest.x86_64.qcow2 | ||
URL_alpine316 ?= https://dl-cdn.alpinelinux.org/alpine/v3.16/releases/x86_64/alpine-virt-3.16.7-x86_64.iso | ||
URL_alpine317 ?= https://dl-cdn.alpinelinux.org/alpine/v3.17/releases/x86_64/alpine-virt-3.17.5-x86_64.iso | ||
URL_debian11 ?= https://cdimage.debian.org/cdimage/cloud/bullseye/latest/debian-11-generic-amd64.qcow2 | ||
URL_debian11 ?= https://cdimage.debian.org/cdimage/cloud/bullseye/latest/debian-11-generic-amd64.qcow2 | ||
URL_debian12 ?= https://cdimage.debian.org/cdimage/cloud/bookworm/latest/debian-12-generic-amd64.qcow2 | ||
URL_rocky8 ?= https://download.rockylinux.org/pub/rocky/8/isos/x86_64/Rocky-x86_64-boot.iso | ||
URL_rocky9 ?= https://download.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-x86_64-boot.iso | ||
|
||
URL_alma8 ?= https://repo.almalinux.org/almalinux/8/cloud/x86_64/images/AlmaLinux-8-OpenNebula-latest.x86_64.qcow2 | ||
URL_alma9 ?= https://repo.almalinux.org/almalinux/9/cloud/x86_64/images/AlmaLinux-9-OpenNebula-latest.x86_64.qcow2 | ||
URL_alpine316 ?= https://dl-cdn.alpinelinux.org/alpine/v3.16/releases/x86_64/alpine-virt-3.16.7-x86_64.iso | ||
URL_alpine317 ?= https://dl-cdn.alpinelinux.org/alpine/v3.17/releases/x86_64/alpine-virt-3.17.5-x86_64.iso | ||
URL_debian10 ?= https://cdimage.debian.org/cdimage/openstack/current-10/debian-10-openstack-arm64.qcow2 | ||
URL_debian11 ?= https://cdimage.debian.org/cdimage/cloud/bullseye/latest/debian-11-generic-amd64.qcow2 | ||
URL_debian12 ?= https://cdimage.debian.org/cdimage/cloud/bookworm/latest/debian-12-generic-amd64.qcow2 | ||
URL_fedora37 ?= https://download.fedoraproject.org/pub/fedora/linux/releases/37/Cloud/x86_64/images/Fedora-Cloud-Base-37-1.7.x86_64.qcow2 | ||
URL_fedora38 ?= https://download.fedoraproject.org/pub/fedora/linux/releases/38/Cloud/x86_64/images/Fedora-Cloud-Base-38-1.6.x86_64.qcow2 | ||
URL_ol8 ?= https://yum.oracle.com/templates/OracleLinux/OL8/u7/x86_64/OL8U7_x86_64-kvm-b148.qcow | ||
URL_ol9 ?= https://yum.oracle.com/templates/OracleLinux/OL9/u1/x86_64/OL9U1_x86_64-kvm-b158.qcow | ||
URL_rocky ?= https://download.rockylinux.org/pub/rocky/8/isos/x86_64/Rocky-x86_64-boot.iso | ||
URL_rocky ?= https://download.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-x86_64-boot.iso | ||
ONE_ubuntu2004 ?= https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img | ||
ONE_ubuntu2204 ?= https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img | ||
ONE_ubuntu2004min ?= https://cloud-images.ubuntu.com/minimal/releases/focal/release/ubuntu-20.04-minimal-cloudimg-amd64.img | ||
ONE_ubuntu2204min ?= https://cloud-images.ubuntu.com/minimal/releases/jammy/release/ubuntu-22.04-minimal-cloudimg-amd64.img |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
#ifeq (${NONFREE}, yes) | ||
-include | ||
DISTROS += rhel8 rhel9 | ||
URL_rhel8 := http://storage/images/base/rhel8.qcow2 | ||
URL_rhel9 := http://storage/images/base/rhel9.qcow2 | ||
#endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
../alma9/10-upgrade-distro.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
../alma9/11-update-grub.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Downloads and installs the latest one-context package. | ||
|
||
: "${CTX_SUFFIX:=.el8.noarch.rpm}" | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
if ! stat /context/one-context*$CTX_SUFFIX; then ( | ||
install -d /context/ && cd /context/ | ||
curl -fsSL https://api.github.com/repos/OpenNebula/addon-context-linux/releases \ | ||
| jq -r ".[0].assets[].browser_download_url | select(endswith(\"$CTX_SUFFIX\"))" \ | ||
| xargs -r -n1 curl -fsSLO | ||
) fi | ||
|
||
dnf install -y /context/one-context*$CTX_SUFFIX haveged open-vm-tools | ||
|
||
systemctl enable haveged | ||
|
||
# >>> Apply only on one-context >= 6.1 >>> | ||
if ! rpm -q --queryformat '%{VERSION}' one-context | grep -E '^([1-5]\.|6\.0\.)'; then | ||
dnf install -y --setopt=install_weak_deps=False NetworkManager systemd-networkd | ||
fi | ||
# <<< Apply only on one-context >= 6.1 <<< | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
../alma9/81-configure-ssh.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
../alma9/98-collect-garbage.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
#!/usr/bin/env bash | ||
|
||
# (Auto)Removes unneeded packages and upgrades | ||
# the distro. | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
dnf install -y epel-release | ||
|
||
dnf update -y --skip-broken | ||
|
||
# Ensure packages needed for post-processing scripts do exist. | ||
dnf install -y curl gawk grep jq sed | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Sets kernel command line (net.ifnames=0 is particularily important), | ||
# then updates initramfs/initrd and grub2. | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
rm -rf /etc/default/grub.d/ | ||
|
||
# Drop unwanted. | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<quiet\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<splash\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<console=ttyS[^ ]*\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<earlyprintk=ttyS[^ ]*\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<crashkernel=[^ ]*\>/, "crashkernel=no") } | ||
{ print } | ||
EOF | ||
|
||
# Ensure required. | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
/^GRUB_CMDLINE_LINUX=/ { found = 1 } | ||
/^GRUB_CMDLINE_LINUX=/ && !/net.ifnames=0/ { gsub(/"$/, " net.ifnames=0\"") } | ||
/^GRUB_CMDLINE_LINUX=/ && !/biosdevname=0/ { gsub(/"$/, " biosdevname=0\"") } | ||
{ print } | ||
END { if (!found) print "GRUB_CMDLINE_LINUX=\" net.ifnames=0 biosdevname=0\"" >> FILENAME } | ||
EOF | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
BEGIN { update = "GRUB_TIMEOUT=0" } | ||
/^GRUB_TIMEOUT=/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
# Cleanup. | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
{ gsub(/(" *| *")/, "\""); gsub(/ */, " ") } | ||
{ print } | ||
EOF | ||
|
||
dnf install -y dracut-config-generic dracut-network | ||
|
||
INITRAMFS_IMG=$(find /boot/ -maxdepth 1 -name 'initramfs-*.img' ! -name '*rescue*' ! -name '*kdump*' | sort -V | tail -1) | ||
INITRAMFS_VER=$(sed -e 's/^.*initramfs-//' -e 's/\.img$//' <<< "$INITRAMFS_IMG") | ||
dracut --force "$INITRAMFS_IMG" "$INITRAMFS_VER" | ||
|
||
grub2-mkconfig -o /boot/grub2/grub.cfg | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Downloads and installs the latest one-context package. | ||
|
||
: "${CTX_SUFFIX:=.el9.noarch.rpm}" | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
if ! stat /context/one-context*$CTX_SUFFIX; then ( | ||
install -d /context/ && cd /context/ | ||
curl -fsSL https://api.github.com/repos/OpenNebula/addon-context-linux/releases \ | ||
| jq -r ".[0].assets[].browser_download_url | select(endswith(\"$CTX_SUFFIX\"))" \ | ||
| xargs -r -n1 curl -fsSLO | ||
) fi | ||
|
||
dnf install -y /context/one-context*$CTX_SUFFIX haveged open-vm-tools | ||
|
||
systemctl enable haveged | ||
|
||
# >>> Apply only on one-context >= 6.1 >>> | ||
if ! rpm -q --queryformat '%{VERSION}' one-context | grep -E '^([1-5]\.|6\.0\.)'; then | ||
dnf install -y --setopt=install_weak_deps=False NetworkManager systemd-networkd | ||
fi | ||
# <<< Apply only on one-context >= 6.1 <<< | ||
|
||
sync |
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Cleans DNF caches, removes temporary files / logs, | ||
# removes leftover / temporary unneeded packages. | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
kdump="kdump.service" | ||
systemctl list-units --full -all | grep -Fq "$kdump" && systemctl disable "$kdump" | ||
|
||
# Remove old kernels. | ||
dnf remove -y $(dnf repoquery --installonly --latest-limit=-1 -q) | ||
|
||
dnf remove -y fwupd linux-firmware | ||
|
||
dnf clean -y all | ||
|
||
rm -rf /boot/*-rescue-* | ||
rm -rf /context/ | ||
|
||
sync |
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
alpine316 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
debian11/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
../debian12/10-upgrade-distro.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
../debian12/11-update-grub.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Downloads and installs the latest one-context package. | ||
|
||
: "${CTX_SUFFIX:=.deb}" | ||
|
||
policy_rc_d_disable() (echo "exit 101" >/usr/sbin/policy-rc.d && chmod a+x /usr/sbin/policy-rc.d) | ||
policy_rc_d_enable() (echo "exit 0" >/usr/sbin/policy-rc.d && chmod a+x /usr/sbin/policy-rc.d) | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
export DEBIAN_FRONTEND=noninteractive | ||
|
||
if ! stat /context/one-context*$CTX_SUFFIX; then ( | ||
install -d /context/ && cd /context/ | ||
apt-get install -y qemu-guest-agent open-vm-tools ruby virt-what parted | ||
curl -fsSL https://api.github.com/repos/OpenNebula/addon-context-linux/releases \ | ||
| jq -r ".[0].assets[].browser_download_url | select(endswith(\"$CTX_SUFFIX\"))" \ | ||
| xargs -r -n1 curl -fsSLO | ||
) fi | ||
|
||
policy_rc_d_disable | ||
|
||
dpkg -i /context/one-context*$CTX_SUFFIX || apt-get install -y -f | ||
dpkg -i /context/one-context*$CTX_SUFFIX | ||
|
||
apt-get install -y haveged open-vm-tools | ||
|
||
systemctl enable haveged | ||
|
||
# >>> Apply only on one-context >= 6.1 >>> | ||
if ! dpkg-query -W --showformat '${Version}' one-context | grep -E '^([1-5]\.|6\.0\.)'; then | ||
apt-get install -y --no-install-recommends --no-install-suggests netplan.io network-manager | ||
fi | ||
# <<< Apply only on one-context >= 6.1 <<< | ||
|
||
policy_rc_d_enable | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
../debian12/81-configure-ssh.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
../debian12/98-collect-garbage.sh |
This file was deleted.
Oops, something went wrong.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Downloads and installs the latest one-context package. | ||
|
||
: "${CTX_SUFFIX:=.deb}" | ||
|
||
policy_rc_d_disable() (echo "exit 101" >/usr/sbin/policy-rc.d && chmod a+x /usr/sbin/policy-rc.d) | ||
policy_rc_d_enable() (echo "exit 0" >/usr/sbin/policy-rc.d && chmod a+x /usr/sbin/policy-rc.d) | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
export DEBIAN_FRONTEND=noninteractive | ||
|
||
if ! stat /context/one-context*$CTX_SUFFIX; then ( | ||
install -d /context/ && cd /context/ | ||
curl -fsSL https://api.github.com/repos/OpenNebula/addon-context-linux/releases \ | ||
| jq -r ".[0].assets[].browser_download_url | select(endswith(\"$CTX_SUFFIX\"))" \ | ||
| xargs -r -n1 curl -fsSLO | ||
) fi | ||
|
||
policy_rc_d_disable | ||
|
||
dpkg -i /context/one-context*$CTX_SUFFIX || apt-get install -y -f | ||
dpkg -i /context/one-context*$CTX_SUFFIX | ||
|
||
apt-get install -y haveged open-vm-tools | ||
|
||
systemctl enable haveged | ||
|
||
# >>> Apply only on one-context >= 6.1 >>> | ||
if ! dpkg-query -W --showformat '${Version}' one-context | grep -E '^([1-5]\.|6\.0\.)'; then | ||
apt-get install -y --no-install-recommends --no-install-suggests netplan.io network-manager | ||
systemctl enable systemd-networkd | ||
fi | ||
# <<< Apply only on one-context >= 6.1 <<< | ||
|
||
policy_rc_d_enable | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Configures critical settings for OpenSSH server. | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF' | ||
BEGIN { update = "PasswordAuthentication no" } | ||
/^[#\s]*PasswordAuthentication\s*/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF' | ||
BEGIN { update = "PermitRootLogin without-password" } | ||
/^[#\s]*PermitRootLogin\s*/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF' | ||
BEGIN { update = "UseDNS no" } | ||
/^[#\s]*UseDNS\s*/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
sync |
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Downloads and installs the latest one-context package. | ||
|
||
: "${CTX_SUFFIX:=.el8.noarch.rpm}" | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
if ! stat /context/one-context*$CTX_SUFFIX; then ( | ||
install -d /context/ && cd /context/ | ||
curl -fsSL https://api.github.com/repos/OpenNebula/addon-context-linux/releases \ | ||
| jq -r ".[0].assets[].browser_download_url | select(endswith(\"$CTX_SUFFIX\"))" \ | ||
| xargs -r -n1 curl -fsSLO | ||
) fi | ||
|
||
dnf install -y /context/one-context*$CTX_SUFFIX haveged open-vm-tools | ||
|
||
systemctl enable haveged | ||
|
||
if ! rpm -q --queryformat '%{VERSION}' one-context | grep -E '^([1-5]\.|6\.0\.)'; then | ||
# >>> Apply only on one-context >= 6.1 >>> | ||
dnf install -y --setopt=install_weak_deps=False NetworkManager systemd-networkd | ||
|
||
systemctl enable systemd-networkd | ||
|
||
# This is a workaround for systemd-networkd-wait-online timeout when networkd not used. | ||
# Although this effectively breaks reaching network.target correctly, it is still better | ||
# not to slowdown the boot by (120s) timeout as networkd is rather marginal in RHEL. | ||
systemctl disable systemd-networkd-wait-online | ||
|
||
# <<< Apply only on one-context >= 6.1 <<< | ||
else | ||
systemctl enable network | ||
fi | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Configures critical settings for OpenSSH server. | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
gawk -i inplace -f- /etc/ssh/sshd_config /etc/ssh/sshd_config.d/50-redhat.conf <<'EOF' | ||
BEGIN { update = "PasswordAuthentication no" } | ||
/^[#\s]*PasswordAuthentication\s*/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF' | ||
BEGIN { update = "PermitRootLogin without-password" } | ||
/^[#\s]*PermitRootLogin\s*/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF' | ||
BEGIN { update = "UseDNS no" } | ||
/^[#\s]*UseDNS\s*/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
rm -rf /etc/ssh/sshd_config.d/50-cloud-init.conf | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Cleans DNF caches, removes temporary files / logs, | ||
# removes leftover / temporary unneeded packages. | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
# Remove old kernels. | ||
dnf remove -y $(dnf repoquery --installonly --latest-limit=-1 -q) | ||
|
||
dnf remove -y fwupd linux-firmware | ||
|
||
dnf clean -y all | ||
|
||
rm -rf /context/ | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
fedora37 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
#!/usr/bin/env bash | ||
|
||
# (Auto)Removes unneeded packages and upgrades | ||
# the distro. | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
dnf install -y oracle-epel-release-el8 | ||
|
||
dnf update -y --skip-broken | ||
|
||
# Ensure packages needed for post-processing scripts do exist. | ||
dnf install -y curl gawk grep jq sed | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Sets kernel command line (net.ifnames=0 is particularily important), | ||
# then updates initramfs/initrd and grub2. | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
rm -rf /etc/default/grub.d/ | ||
|
||
# Drop unwanted. | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<quiet\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<splash\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<console=ttyS[^ ]*\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<earlyprintk=ttyS[^ ]*\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<crashkernel=[^ ]*\>/, "crashkernel=no") } | ||
{ print } | ||
EOF | ||
|
||
# Ensure required. | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
/^GRUB_CMDLINE_LINUX=/ { found = 1 } | ||
/^GRUB_CMDLINE_LINUX=/ && !/net.ifnames=0/ { gsub(/"$/, " net.ifnames=0\"") } | ||
/^GRUB_CMDLINE_LINUX=/ && !/biosdevname=0/ { gsub(/"$/, " biosdevname=0\"") } | ||
{ print } | ||
END { if (!found) print "GRUB_CMDLINE_LINUX=\" net.ifnames=0 biosdevname=0\"" >> FILENAME } | ||
EOF | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
BEGIN { update = "GRUB_TIMEOUT=0" } | ||
/^GRUB_TIMEOUT=/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
# Cleanup. | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
{ gsub(/(" *| *")/, "\""); gsub(/ */, " ") } | ||
{ print } | ||
EOF | ||
|
||
dnf install -y dracut-config-generic dracut-network | ||
|
||
INITRAMFS_IMG=$(find /boot/ -maxdepth 1 -name 'initramfs-*.img' ! -name '*rescue*' ! -name '*kdump*' | sort -V | tail -1) | ||
INITRAMFS_VER=$(sed -e 's/^.*initramfs-//' -e 's/\.img$//' <<< "$INITRAMFS_IMG") | ||
dracut --force "$INITRAMFS_IMG" "$INITRAMFS_VER" | ||
|
||
grub2-mkconfig -o /boot/grub2/grub.cfg | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Downloads and installs the latest one-context package. | ||
|
||
: "${CTX_SUFFIX:=.el8.noarch.rpm}" | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
if ! stat /context/one-context*$CTX_SUFFIX; then ( | ||
install -d /context/ && cd /context/ | ||
curl -fsSL https://api.github.com/repos/OpenNebula/addon-context-linux/releases \ | ||
| jq -r ".[0].assets[].browser_download_url | select(endswith(\"$CTX_SUFFIX\"))" \ | ||
| xargs -r -n1 curl -fsSLO | ||
) fi | ||
|
||
dnf install -y /context/one-context*$CTX_SUFFIX haveged open-vm-tools | ||
|
||
systemctl enable haveged | ||
|
||
# >>> Apply only on one-context >= 6.1 >>> | ||
if ! rpm -q --queryformat '%{VERSION}' one-context | grep -E '^([1-5]\.|6\.0\.)'; then | ||
dnf install -y --setopt=install_weak_deps=False NetworkManager systemd-networkd | ||
fi | ||
# <<< Apply only on one-context >= 6.1 <<< | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Configures critical settings for OpenSSH server. | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF' | ||
BEGIN { update = "PasswordAuthentication no" } | ||
/^[#\s]*PasswordAuthentication\s*/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF' | ||
BEGIN { update = "PermitRootLogin without-password" } | ||
/^[#\s]*PermitRootLogin\s*/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF' | ||
BEGIN { update = "UseDNS no" } | ||
/^[#\s]*UseDNS\s*/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Cleans DNF caches, removes temporary files / logs, | ||
# removes leftover / temporary unneeded packages. | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
systemctl disable kdump.service | ||
|
||
# Remove old kernels. | ||
dnf remove -y $(dnf repoquery --installonly --latest-limit=-1 -q) | ||
|
||
dnf remove -y fwupd linux-firmware | ||
|
||
dnf clean -y all | ||
|
||
rm -rf /boot/*-rescue-* | ||
rm -rf /context/ | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
#!/usr/bin/env bash | ||
|
||
# (Auto)Removes unneeded packages and upgrades | ||
# the distro. | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
dnf install -y oracle-epel-release-el9 | ||
|
||
dnf update -y --skip-broken | ||
|
||
# Ensure packages needed for post-processing scripts do exist. | ||
dnf install -y curl gawk grep jq sed | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Sets kernel command line (net.ifnames=0 is particularily important), | ||
# then updates initramfs/initrd and grub2. | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
rm -rf /etc/default/grub.d/ | ||
|
||
# Drop unwanted. | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<quiet\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<splash\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<console=ttyS[^ ]*\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<earlyprintk=ttyS[^ ]*\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<crashkernel=[^ ]*\>/, "crashkernel=no") } | ||
{ print } | ||
EOF | ||
|
||
# Ensure required. | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
/^GRUB_CMDLINE_LINUX=/ { found = 1 } | ||
/^GRUB_CMDLINE_LINUX=/ && !/net.ifnames=0/ { gsub(/"$/, " net.ifnames=0\"") } | ||
/^GRUB_CMDLINE_LINUX=/ && !/biosdevname=0/ { gsub(/"$/, " biosdevname=0\"") } | ||
{ print } | ||
END { if (!found) print "GRUB_CMDLINE_LINUX=\" net.ifnames=0 biosdevname=0\"" >> FILENAME } | ||
EOF | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
BEGIN { update = "GRUB_TIMEOUT=0" } | ||
/^GRUB_TIMEOUT=/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
# Cleanup. | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
{ gsub(/(" *| *")/, "\""); gsub(/ */, " ") } | ||
{ print } | ||
EOF | ||
|
||
dnf install -y dracut-config-generic dracut-network | ||
|
||
INITRAMFS_IMG=$(find /boot/ -maxdepth 1 -name 'initramfs-*.img' ! -name '*rescue*' ! -name '*kdump*' | sort -V | tail -1) | ||
INITRAMFS_VER=$(sed -e 's/^.*initramfs-//' -e 's/\.img$//' <<< "$INITRAMFS_IMG") | ||
dracut --force "$INITRAMFS_IMG" "$INITRAMFS_VER" | ||
|
||
grub2-mkconfig -o /boot/grub2/grub.cfg | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Downloads and installs the latest one-context package. | ||
|
||
: "${CTX_SUFFIX:=.el9.noarch.rpm}" | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
if ! stat /context/one-context*$CTX_SUFFIX; then ( | ||
install -d /context/ && cd /context/ | ||
curl -fsSL https://api.github.com/repos/OpenNebula/addon-context-linux/releases \ | ||
| jq -r ".[0].assets[].browser_download_url | select(endswith(\"$CTX_SUFFIX\"))" \ | ||
| xargs -r -n1 curl -fsSLO | ||
) fi | ||
|
||
dnf install -y /context/one-context*$CTX_SUFFIX haveged open-vm-tools | ||
|
||
systemctl enable haveged | ||
|
||
# >>> Apply only on one-context >= 6.1 >>> | ||
if ! rpm -q --queryformat '%{VERSION}' one-context | grep -E '^([1-5]\.|6\.0\.)'; then | ||
dnf install -y --setopt=install_weak_deps=False NetworkManager systemd-networkd | ||
fi | ||
# <<< Apply only on one-context >= 6.1 <<< | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Configures critical settings for OpenSSH server. | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF' | ||
BEGIN { update = "PasswordAuthentication no" } | ||
/^[#\s]*PasswordAuthentication\s*/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF' | ||
BEGIN { update = "PermitRootLogin without-password" } | ||
/^[#\s]*PermitRootLogin\s*/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF' | ||
BEGIN { update = "UseDNS no" } | ||
/^[#\s]*UseDNS\s*/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Cleans DNF caches, removes temporary files / logs, | ||
# removes leftover / temporary unneeded packages. | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
systemctl disable kdump.service | ||
|
||
# Remove old kernels. | ||
dnf remove -y $(dnf repoquery --installonly --latest-limit=-1 -q) | ||
|
||
dnf remove -y fwupd linux-firmware | ||
|
||
dnf clean -y all | ||
|
||
rm -rf /boot/*-rescue-* | ||
rm -rf /context/ | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
#!/usr/bin/env bash | ||
|
||
# (Auto)Removes unneeded packages and upgrades | ||
# the distro. | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
dnf install -y epel-release | ||
|
||
dnf update -y --skip-broken | ||
|
||
# Ensure packages needed for post-processing scripts do exist. | ||
dnf install -y curl gawk grep jq sed | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Sets kernel command line (net.ifnames=0 is particularily important), | ||
# then updates initramfs/initrd and grub2. | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
rm -rf /etc/default/grub.d/ | ||
|
||
# Drop unwanted. | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<quiet\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<splash\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<console=ttyS[^ ]*\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<earlyprintk=ttyS[^ ]*\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<crashkernel=[^ ]*\>/, "crashkernel=no") } | ||
{ print } | ||
EOF | ||
|
||
# Ensure required. | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
/^GRUB_CMDLINE_LINUX=/ { found = 1 } | ||
/^GRUB_CMDLINE_LINUX=/ && !/net.ifnames=0/ { gsub(/"$/, " net.ifnames=0\"") } | ||
/^GRUB_CMDLINE_LINUX=/ && !/biosdevname=0/ { gsub(/"$/, " biosdevname=0\"") } | ||
{ print } | ||
END { if (!found) print "GRUB_CMDLINE_LINUX=\" net.ifnames=0 biosdevname=0\"" >> FILENAME } | ||
EOF | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
BEGIN { update = "GRUB_TIMEOUT=0" } | ||
/^GRUB_TIMEOUT=/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
# Cleanup. | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
{ gsub(/(" *| *")/, "\""); gsub(/ */, " ") } | ||
{ print } | ||
EOF | ||
|
||
dnf install -y dracut-config-generic dracut-network | ||
|
||
INITRAMFS_IMG=$(find /boot/ -maxdepth 1 -name 'initramfs-*.img' ! -name '*rescue*' ! -name '*kdump*' | sort -V | tail -1) | ||
INITRAMFS_VER=$(sed -e 's/^.*initramfs-//' -e 's/\.img$//' <<< "$INITRAMFS_IMG") | ||
dracut --force "$INITRAMFS_IMG" "$INITRAMFS_VER" | ||
|
||
grub2-mkconfig -o /boot/grub2/grub.cfg | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Downloads and installs the latest one-context package. | ||
|
||
: "${CTX_SUFFIX:=.el8.noarch.rpm}" | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
if ! stat /context/one-context*$CTX_SUFFIX; then ( | ||
install -d /context/ && cd /context/ | ||
curl -fsSL https://api.github.com/repos/OpenNebula/addon-context-linux/releases \ | ||
| jq -r ".[0].assets[].browser_download_url | select(endswith(\"$CTX_SUFFIX\"))" \ | ||
| xargs -r -n1 curl -fsSLO | ||
) fi | ||
|
||
dnf install -y /context/one-context*$CTX_SUFFIX haveged open-vm-tools | ||
|
||
systemctl enable haveged | ||
|
||
# >>> Apply only on one-context >= 6.1 >>> | ||
if ! rpm -q --queryformat '%{VERSION}' one-context | grep -E '^([1-5]\.|6\.0\.)'; then | ||
dnf install -y --setopt=install_weak_deps=False NetworkManager systemd-networkd | ||
fi | ||
# <<< Apply only on one-context >= 6.1 <<< | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Configures critical settings for OpenSSH server. | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF' | ||
BEGIN { update = "PasswordAuthentication no" } | ||
/^[#\s]*PasswordAuthentication\s*/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF' | ||
BEGIN { update = "PermitRootLogin without-password" } | ||
/^[#\s]*PermitRootLogin\s*/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF' | ||
BEGIN { update = "UseDNS no" } | ||
/^[#\s]*UseDNS\s*/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Cleans DNF caches, removes temporary files / logs, | ||
# removes leftover / temporary unneeded packages. | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
systemctl disable kdump.service | ||
|
||
# Remove old kernels. | ||
dnf remove -y $(dnf repoquery --installonly --latest-limit=-1 -q) | ||
|
||
dnf remove -y fwupd linux-firmware | ||
|
||
dnf clean -y all | ||
|
||
rm -rf /boot/*-rescue-* | ||
rm -rf /context/ | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
alma9 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
ubuntu2204/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
ubuntu2204min/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
#!/usr/bin/env bash | ||
|
||
# (Auto)Removes unneeded packages and upgrades | ||
# the distro. | ||
|
||
policy_rc_d_disable() (echo "exit 101" >/usr/sbin/policy-rc.d && chmod a+x /usr/sbin/policy-rc.d) | ||
policy_rc_d_enable() (echo "exit 0" >/usr/sbin/policy-rc.d && chmod a+x /usr/sbin/policy-rc.d) | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
export DEBIAN_FRONTEND=noninteractive | ||
|
||
apt-get update -y | ||
|
||
policy_rc_d_disable | ||
|
||
apt-get install -y --fix-broken | ||
|
||
apt-get upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" | ||
|
||
# Ensure packages needed for post-processing scripts do exist. | ||
apt-get install -y curl gawk grep jq | ||
|
||
policy_rc_d_enable | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Sets kernel command line (net.ifnames=0 is particularily important), | ||
# then updates initramfs/initrd and grub2. | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
rm -rf /etc/default/grub.d/ | ||
|
||
# Drop unwanted. | ||
|
||
# NOTE: console=ttyS*, earlyprintk=ttyS* may cause kernel panic during first boot. | ||
# The exact problem is identical to https://github.com/dmacvicar/terraform-provider-libvirt/issues/948. | ||
# A correct workaround is described here: https://bugs.launchpad.net/ubuntu/+source/cloud-initramfs-tools/+bug/1123220. | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<quiet\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<splash\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<console=ttyS[^ ]*\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<earlyprintk=ttyS[^ ]*\>/, "") } | ||
/^GRUB_TERMINAL=/ { gsub(/\<serial\>/, "") } | ||
{ print } | ||
EOF | ||
|
||
# Ensure required. | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
/^GRUB_CMDLINE_LINUX=/ { found = 1 } | ||
/^GRUB_CMDLINE_LINUX=/ && !/net.ifnames=0/ { gsub(/"$/, " net.ifnames=0\"") } | ||
/^GRUB_CMDLINE_LINUX=/ && !/biosdevname=0/ { gsub(/"$/, " biosdevname=0\"") } | ||
{ print } | ||
END { if (!found) print "GRUB_CMDLINE_LINUX=\" net.ifnames=0 biosdevname=0\"" >> FILENAME } | ||
EOF | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
BEGIN { update = "GRUB_TIMEOUT=0" } | ||
/^GRUB_TIMEOUT=/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
# Cleanup. | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
{ gsub(/(" *| *")/, "\""); gsub(/ */, " ") } | ||
{ print } | ||
EOF | ||
|
||
update-initramfs -vu | ||
update-grub2 | ||
|
||
sync |
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Configures critical settings for OpenSSH server. | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF' | ||
BEGIN { update = "PasswordAuthentication no" } | ||
/^[#\s]*PasswordAuthentication\s*/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF' | ||
BEGIN { update = "PermitRootLogin without-password" } | ||
/^[#\s]*PermitRootLogin\s*/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF' | ||
BEGIN { update = "UseDNS no" } | ||
/^[#\s]*UseDNS\s*/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Cleans APT caches, removes temporary files / logs, | ||
# removes leftover / temporary unneeded packages. | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
export DEBIAN_FRONTEND=noninteractive | ||
|
||
apt-get purge -y cloud-init snapd fwupd | ||
|
||
apt-get autoremove -y --purge | ||
|
||
apt-get clean -y && rm -rf /var/lib/apt/lists/* | ||
|
||
rm -f /etc/sysctl.d/99-cloudimg-ipv6.conf | ||
|
||
rm -rf /context/ | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
#!/usr/bin/env bash | ||
|
||
# (Auto)Removes unneeded packages and upgrades | ||
# the distro. | ||
|
||
policy_rc_d_disable() (echo "exit 101" >/usr/sbin/policy-rc.d && chmod a+x /usr/sbin/policy-rc.d) | ||
policy_rc_d_enable() (echo "exit 0" >/usr/sbin/policy-rc.d && chmod a+x /usr/sbin/policy-rc.d) | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
export DEBIAN_FRONTEND=noninteractive | ||
|
||
apt-get update -y | ||
|
||
policy_rc_d_disable | ||
|
||
apt-get install -y --fix-broken | ||
|
||
apt-get upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" | ||
|
||
# Ensure packages needed for post-processing scripts do exist. | ||
apt-get install -y curl gawk grep jq | ||
|
||
policy_rc_d_enable | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Sets kernel command line (net.ifnames=0 is particularily important), | ||
# then updates grub2. | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
cat /etc/default/grub.d/40-force-partuuid.cfg >>/etc/default/grub | ||
|
||
rm -rf /etc/default/grub.d/ | ||
|
||
# Drop unwanted. | ||
|
||
# NOTE: console=ttyS*, earlyprintk=ttyS* may cause kernel panic during first boot. | ||
# The exact problem is identical to https://github.com/dmacvicar/terraform-provider-libvirt/issues/948. | ||
# A correct workaround is described here: https://bugs.launchpad.net/ubuntu/+source/cloud-initramfs-tools/+bug/1123220. | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<quiet\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<splash\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<console=ttyS[^ ]*\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<earlyprintk=ttyS[^ ]*\>/, "") } | ||
/^GRUB_TERMINAL=/ { gsub(/\<serial\>/, "") } | ||
{ print } | ||
EOF | ||
|
||
# Ensure required. | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
/^GRUB_CMDLINE_LINUX=/ { found = 1 } | ||
/^GRUB_CMDLINE_LINUX=/ && !/console=tty1/ { gsub(/"$/, " console=tty1\"") } | ||
/^GRUB_CMDLINE_LINUX=/ && !/net.ifnames=0/ { gsub(/"$/, " net.ifnames=0\"") } | ||
/^GRUB_CMDLINE_LINUX=/ && !/biosdevname=0/ { gsub(/"$/, " biosdevname=0\"") } | ||
{ print } | ||
END { if (!found) print "GRUB_CMDLINE_LINUX=\" console=tty1 net.ifnames=0 biosdevname=0\"" >> FILENAME } | ||
EOF | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
BEGIN { update = "GRUB_TIMEOUT=0" } | ||
/^GRUB_TIMEOUT=/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
# Cleanup. | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
{ gsub(/(" *| *")/, "\""); gsub(/ */, " ") } | ||
{ print } | ||
EOF | ||
|
||
update-grub2 | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Downloads and installs the latest one-context package. | ||
|
||
policy_rc_d_disable() (echo "exit 101" >/usr/sbin/policy-rc.d && chmod a+x /usr/sbin/policy-rc.d) | ||
policy_rc_d_enable() (echo "exit 0" >/usr/sbin/policy-rc.d && chmod a+x /usr/sbin/policy-rc.d) | ||
|
||
: "${CTX_SUFFIX:=.deb}" | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
export DEBIAN_FRONTEND=noninteractive | ||
|
||
if ! stat /context/one-context*$CTX_SUFFIX; then ( | ||
install -d /context/ && cd /context/ | ||
curl -fsSL https://api.github.com/repos/OpenNebula/addon-context-linux/releases \ | ||
| jq -r ".[0].assets[].browser_download_url | select(endswith(\"$CTX_SUFFIX\"))" \ | ||
| xargs -r -n1 curl -fsSLO | ||
) fi | ||
|
||
policy_rc_d_disable | ||
|
||
dpkg -i /context/one-context*$CTX_SUFFIX || apt-get install -y -f | ||
dpkg -i /context/one-context*$CTX_SUFFIX | ||
|
||
apt-get install -y haveged open-vm-tools | ||
|
||
systemctl enable haveged | ||
|
||
# >>> Apply only on one-context >= 6.1 >>> | ||
if ! dpkg-query -W --showformat '${Version}' one-context | grep -E '^([1-5]\.|6\.0\.)'; then | ||
apt-get install -y --no-install-recommends --no-install-suggests netplan.io network-manager | ||
fi | ||
# <<< Apply only on one-context >= 6.1 <<< | ||
|
||
policy_rc_d_enable | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Configures critical settings for OpenSSH server. | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF' | ||
BEGIN { update = "PasswordAuthentication no" } | ||
/^[#\s]*PasswordAuthentication\s*/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF' | ||
BEGIN { update = "PermitRootLogin without-password" } | ||
/^[#\s]*PermitRootLogin\s*/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF' | ||
BEGIN { update = "UseDNS no" } | ||
/^[#\s]*UseDNS\s*/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Cleans APT caches, removes temporary files / logs, | ||
# removes leftover / temporary unneeded packages. | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
export DEBIAN_FRONTEND=noninteractive | ||
|
||
apt-get purge -y cloud-init snapd fwupd | ||
|
||
apt-get autoremove -y --purge | ||
|
||
apt-get clean -y && rm -rf /var/lib/apt/lists/* | ||
|
||
rm -f /etc/sysctl.d/99-cloudimg-ipv6.conf | ||
|
||
rm -rf /context/ | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
#!/usr/bin/env bash | ||
|
||
# (Auto)Removes unneeded packages and upgrades | ||
# the distro. | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
dnf update -y --skip-broken | ||
|
||
# Ensure packages needed for post-processing scripts do exist. | ||
dnf install -y curl gawk grep jq sed | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Sets kernel command line (net.ifnames=0 is particularily important), | ||
# then updates initramfs/initrd and grub2. | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
rm -rf /etc/default/grub.d/ | ||
|
||
# Drop unwanted. | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<quiet\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<splash\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<console=ttyS[^ ]*\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<earlyprintk=ttyS[^ ]*\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<crashkernel=[^ ]*\>/, "crashkernel=no") } | ||
{ print } | ||
EOF | ||
|
||
# Ensure required. | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
/^GRUB_CMDLINE_LINUX=/ { found = 1 } | ||
/^GRUB_CMDLINE_LINUX=/ && !/net.ifnames=0/ { gsub(/"$/, " net.ifnames=0\"") } | ||
/^GRUB_CMDLINE_LINUX=/ && !/biosdevname=0/ { gsub(/"$/, " biosdevname=0\"") } | ||
{ print } | ||
END { if (!found) print "GRUB_CMDLINE_LINUX=\" net.ifnames=0 biosdevname=0\"" >> FILENAME } | ||
EOF | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
BEGIN { update = "GRUB_TIMEOUT=0" } | ||
/^GRUB_TIMEOUT=/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
# Cleanup. | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
{ gsub(/(" *| *")/, "\""); gsub(/ */, " ") } | ||
{ print } | ||
EOF | ||
|
||
dnf install -y dracut-config-generic dracut-network | ||
|
||
INITRAMFS_IMG=$(find /boot/ -maxdepth 1 -name 'initramfs-*.img' ! -name '*rescue*' ! -name '*kdump*' | sort -V | tail -1) | ||
INITRAMFS_VER=$(sed -e 's/^.*initramfs-//' -e 's/\.img$//' <<< "$INITRAMFS_IMG") | ||
dracut --force "$INITRAMFS_IMG" "$INITRAMFS_VER" | ||
|
||
grub2-mkconfig -o /boot/grub2/grub.cfg | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
variable "base_image" { | ||
type = string | ||
} | ||
|
||
variable "cloud_init_iso" { | ||
type = string | ||
} | ||
|
||
variable "output_dir" { | ||
type = string | ||
} | ||
|
||
variable "appliance_name" { | ||
type = string | ||
} | ||
|
||
variable "serial" { | ||
type = string | ||
default = "stdio" | ||
} | ||
|
||
source "qemu" "fedora" { | ||
accelerator = "kvm" | ||
headless = false | ||
|
||
memory = 2048 | ||
|
||
iso_url = var.base_image | ||
iso_checksum = "none" | ||
|
||
disk_image = true | ||
disk_cache = "unsafe" | ||
disk_size = 20480 | ||
format = "qcow2" | ||
|
||
disk_interface = "virtio-scsi" | ||
net_device = "virtio-net" | ||
|
||
qemuargs = [ | ||
["-cdrom", var.cloud_init_iso], | ||
["-serial", var.serial], | ||
] | ||
|
||
ssh_username = "root" | ||
ssh_password = "v-YC470*/9i2CX+y3fP:D+%Z-1g-|p4P" | ||
|
||
shutdown_command = "poweroff" | ||
|
||
output_directory = var.output_dir | ||
vm_name = var.appliance_name | ||
} | ||
|
||
build { | ||
sources = ["source.qemu.fedora"] | ||
|
||
provisioner "shell" { | ||
execute_command = "sudo -iu root {{.Vars}} bash {{.Path}}" | ||
scripts = [ | ||
"packer/${var.appliance_name}/10-upgrade-distro.sh", | ||
"packer/${var.appliance_name}/11-update-grub.sh", | ||
] | ||
} | ||
|
||
provisioner "shell" { | ||
expect_disconnect = true | ||
inline = [ | ||
"sed -i -e 's:^SELINUX=.*:SELINUX=permissive:' /etc/selinux/config", | ||
"fixfiles -F onboot", | ||
"reboot", | ||
] | ||
} | ||
|
||
provisioner "shell" { | ||
inline = [ | ||
"sed -i -e 's:^SELINUX=.*:SELINUX=enforcing:' /etc/selinux/config", | ||
] | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
#cloud-config | ||
growpart: | ||
mode: auto | ||
devices: [/] | ||
|
||
disable_root: false | ||
|
||
users: | ||
- name: root | ||
lock_passwd: false | ||
hashed_passwd: $6$rounds=2000000$CZnmDr1iAnoCk$l5fEPfdtBpwfvOA1.Wn4Ipbh1Y.ahTPzNPZyXvaU2T4MtS907l8QqwMKLLa/8XMDpV2ZuXFUDX8aG2YqRX7mM1 | ||
|
||
ssh_pwauth: true | ||
|
||
runcmd: | ||
- | | ||
gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF' | ||
BEGIN { update = "PermitRootLogin yes" } | ||
/^#*PermitRootLogin/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >>FILENAME } | ||
EOF | ||
- systemctl reload sshd |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
#!/bin/bash | ||
# | ||
# QEMU_BINARY should be exported already | ||
|
||
DISTRO=$1 | ||
DST=$2 | ||
DIR_CURR=$(dirname "$0") | ||
BASE_IMAGE=$DIR_BASE/$DISTRO.img | ||
PACKER_WORKING_DIR=$DIR_BUILD/_packer/$DISTRO | ||
CLOUD_WORKING_DIR=$DIR_BUILD/_cloud-init/$DISTRO | ||
mkdir -p "$PACKER_WORKING_DIR" | ||
mkdir -p "$CLOUD_WORKING_DIR" | ||
|
||
# create cloud-init iso | ||
touch ${CLOUD_WORKING_DIR}/empty-meta-data | ||
cloud-localds \ | ||
${CLOUD_WORKING_DIR}/cloud-init.iso \ | ||
${DIR_CURR}/fedora.yml \ | ||
${CLOUD_WORKING_DIR}/empty-meta-data | ||
|
||
echo "DISTRO: [$DISTRO]" | ||
|
||
packer build -force \ | ||
-var "base_image=${BASE_IMAGE}" \ | ||
-var "cloud_init_iso=${CLOUD_WORKING_DIR}/cloud-init.iso" \ | ||
-var "output_dir=${PACKER_WORKING_DIR}" \ | ||
-var "appliance_name=${DISTRO}" \ | ||
"$DIR_CURR/fedora.pkr.hcl" | ||
|
||
|
||
mv "$PACKER_WORKING_DIR/$DISTRO" "$DST" | ||
rm -rf ${PACKER_WORKING_DIR} | ||
rm -rf ${CLOUD_WORKING_DIR} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
fedora37 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
#!/usr/bin/env bash | ||
|
||
# (Auto)Removes unneeded packages and upgrades | ||
# the distro. | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
# Make sure /etc/machine-id exists otherwise this can happen: | ||
# https://bugzilla.redhat.com/show_bug.cgi?id=1737355 | ||
systemd-machine-id-setup | ||
|
||
ln -sf ../usr/share/zoneinfo/UTC /etc/localtime | ||
|
||
subscription-manager register \ | ||
--username "${RHEL_USER}" \ | ||
--password "${RHEL_PASSWORD}" \ | ||
--auto-attach \ | ||
--force | ||
|
||
subscription-manager repos \ | ||
--enable codeready-builder-for-rhel-8-x86_64-rpms | ||
|
||
dnf install -y "https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm" | ||
|
||
dnf repolist enabled | ||
|
||
dnf update -y | ||
|
||
# Ensure packages needed for post-processing scripts do exist. | ||
dnf install -y curl gawk grep jq sed | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Sets kernel command line (net.ifnames=0 is particularily important), | ||
# then updates initramfs/initrd and grub2. | ||
|
||
exec 1>&2 | ||
set -o errexit -o nounset -o pipefail | ||
set -x | ||
|
||
rm -rf /etc/default/grub.d/ | ||
|
||
# Drop unwanted. | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<quiet\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<splash\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<console=ttyS[^ ]*\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<earlyprintk=ttyS[^ ]*\>/, "") } | ||
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<crashkernel=[^ ]*\>/, "crashkernel=no") } | ||
{ print } | ||
EOF | ||
|
||
# Ensure required. | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
/^GRUB_CMDLINE_LINUX=/ { found = 1 } | ||
/^GRUB_CMDLINE_LINUX=/ && !/net.ifnames=0/ { gsub(/"$/, " net.ifnames=0\"") } | ||
/^GRUB_CMDLINE_LINUX=/ && !/biosdevname=0/ { gsub(/"$/, " biosdevname=0\"") } | ||
{ print } | ||
END { if (!found) print "GRUB_CMDLINE_LINUX=\" net.ifnames=0 biosdevname=0\"" >> FILENAME } | ||
EOF | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
BEGIN { update = "GRUB_TIMEOUT=0" } | ||
/^GRUB_TIMEOUT=/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >> FILENAME } | ||
EOF | ||
|
||
# Cleanup. | ||
|
||
gawk -i inplace -f- /etc/default/grub <<'EOF' | ||
{ gsub(/(" *| *")/, "\""); gsub(/ */, " ") } | ||
{ print } | ||
EOF | ||
|
||
dnf install -y dracut-config-generic dracut-network | ||
|
||
INITRAMFS_IMG=$(find /boot/ -maxdepth 1 -name 'initramfs-*.img' ! -name '*rescue*' ! -name '*kdump*' | sort -V | tail -1) | ||
INITRAMFS_VER=$(sed -e 's/^.*initramfs-//' -e 's/\.img$//' <<< "$INITRAMFS_IMG") | ||
dracut --force "$INITRAMFS_IMG" "$INITRAMFS_VER" | ||
|
||
grub2-mkconfig -o /boot/grub2/grub.cfg | ||
|
||
sync |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
variable "base_image" { | ||
type = string | ||
} | ||
|
||
variable "cloud_init_iso" { | ||
type = string | ||
} | ||
|
||
variable "output_dir" { | ||
type = string | ||
} | ||
|
||
variable "appliance_name" { | ||
type = string | ||
} | ||
|
||
variable "serial" { | ||
type = string | ||
default = "stdio" | ||
} | ||
|
||
source "qemu" "rhel" { | ||
accelerator = "kvm" | ||
headless = true | ||
|
||
memory = 2048 | ||
|
||
iso_url = var.base_image | ||
iso_checksum = "none" | ||
|
||
disk_image = true | ||
disk_cache = "unsafe" | ||
disk_size = 20480 | ||
format = "qcow2" | ||
|
||
disk_interface = "virtio-scsi" | ||
net_device = "virtio-net" | ||
|
||
qemuargs = [ | ||
["-cpu", "host"], | ||
["-cdrom", var.cloud_init_iso], | ||
["-serial", var.serial], | ||
] | ||
|
||
ssh_username = "root" | ||
ssh_password = "v-YC470*/9i2CX+y3fP:D+%Z-1g-|p4P" | ||
|
||
shutdown_command = "poweroff" | ||
|
||
output_directory = var.output_dir | ||
vm_name = var.appliance_name | ||
} | ||
|
||
build { | ||
sources = ["source.qemu.rhel"] | ||
|
||
provisioner "shell" { | ||
execute_command = "sudo -iu root {{.Vars}} bash {{.Path}}" | ||
scripts = [ | ||
"packer/${var.appliance_name}/10-upgrade-distro.sh", | ||
"packer/${var.appliance_name}/11-update-grub.sh", | ||
] | ||
} | ||
|
||
provisioner "shell" { | ||
expect_disconnect = true | ||
inline = [ | ||
"sed -i -e 's:^SELINUX=.*:SELINUX=permissive:' /etc/selinux/config", | ||
"fixfiles -F onboot", | ||
"reboot", | ||
] | ||
} | ||
|
||
provisioner "shell" { | ||
inline = [ | ||
"sed -i -e 's:^SELINUX=.*:SELINUX=enforcing:' /etc/selinux/config", | ||
"rm -rf /context", | ||
] | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
#cloud-config | ||
growpart: | ||
mode: auto | ||
devices: [/] | ||
|
||
disable_root: false | ||
|
||
users: | ||
- name: root | ||
lock_passwd: false | ||
hashed_passwd: $6$rounds=2000000$CZnmDr1iAnoCk$l5fEPfdtBpwfvOA1.Wn4Ipbh1Y.ahTPzNPZyXvaU2T4MtS907l8QqwMKLLa/8XMDpV2ZuXFUDX8aG2YqRX7mM1 | ||
|
||
ssh_pwauth: true | ||
|
||
runcmd: | ||
- | | ||
gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF' | ||
BEGIN { update = "PermitRootLogin yes" } | ||
/^#*PermitRootLogin/ { $0 = update; found = 1 } | ||
{ print } | ||
END { if (!found) print update >>FILENAME } | ||
EOF | ||
- systemctl reload sshd |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
#!/bin/bash | ||
# | ||
# QEMU_BINARY should be exported already | ||
|
||
DISTRO=$1 | ||
DST=$2 | ||
DIR_CURR=$(dirname "$0") | ||
BASE_IMAGE=$DIR_BASE/$DISTRO.img | ||
PACKER_WORKING_DIR=$DIR_BUILD/_packer/$DISTRO | ||
CLOUD_WORKING_DIR=$DIR_BUILD/_cloud-init/$DISTRO | ||
mkdir -p "$PACKER_WORKING_DIR" | ||
mkdir -p "$CLOUD_WORKING_DIR" | ||
|
||
# create cloud-init iso | ||
touch ${CLOUD_WORKING_DIR}/empty-meta-data | ||
cloud-localds \ | ||
${CLOUD_WORKING_DIR}/cloud-init.iso \ | ||
${DIR_CURR}/rhel.yml \ | ||
${CLOUD_WORKING_DIR}/empty-meta-data | ||
|
||
echo "DISTRO: [$DISTRO]" | ||
|
||
packer build -force \ | ||
-var "base_image=${BASE_IMAGE}" \ | ||
-var "cloud_init_iso=${CLOUD_WORKING_DIR}/cloud-init.iso" \ | ||
-var "output_dir=${PACKER_WORKING_DIR}" \ | ||
-var "appliance_name=${DISTRO}" \ | ||
"$DIR_CURR/rhel.pkr.hcl" | ||
|
||
|
||
mv "$PACKER_WORKING_DIR/$DISTRO" "$DST" | ||
rm -rf ${PACKER_WORKING_DIR} | ||
rm -rf ${CLOUD_WORKING_DIR} | ||
|