Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
wip
Browse files Browse the repository at this point in the history
xorel committed Oct 20, 2023
1 parent f07e2b6 commit 73cfd78
Showing 78 changed files with 1,602 additions and 41 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
build/
Makefile.secrets
context-windows/out/
context-windows/*.msi
context-windows/rhsrvany.exe
19 changes: 7 additions & 12 deletions Makefile
Original file line number Diff line number Diff line change
@@ -1,8 +1,12 @@
# load targets config
-include Makefile.distros
include Makefile.distros

# load optional non-free images vars
-include Makefile.distros-nonfree

# load variables and makefile config
-include Makefile.config
include Makefile.config


#------------------------------------------------------------------------------
# All, alliases
@@ -28,7 +32,7 @@ download: $(patsubst %, download-%, $(DISTROS))
download-%: ${DIR_BASE}/%.img
@${INFO} "Download ${*} done"

${DIR_BASE}/%.img: validate-%
${DIR_BASE}/%.img:
@${INFO} "Starting $* download"
curl -sS -L -f -o "$@" "${URL_${*}}"

@@ -85,15 +89,6 @@ context-linux: $(patsubst %, context-linux/out/%, $(LINUX_CONTEXT_PACKAGES))
context-linux/out/%:
cd context-linux; ./generate-all.sh

#------------------------------------------------------------------------------
# validate before download
#------------------------------------------------------------------------------
validate-%:
@if [[ ! "$(DISTROS)" == *"${*}"* ]]; then \
echo "[ERROR] Unknown distro ${*}"; \
exit 1; \
fi

#------------------------------------------------------------------------------
# help
#------------------------------------------------------------------------------
35 changes: 24 additions & 11 deletions Makefile.distros
Original file line number Diff line number Diff line change
@@ -1,13 +1,26 @@
DISTROS := alma8 alma9 alpine316 alpine317 debian11 debian12 rocky8 rocky9
DISTROS := alma8 alma9 \
alpine316 alpine317 \
debian10 debian11 debian12 \
fedora37 fedora38 \
ol8 ol9 \
rocky8 rocky9 \
ubuntu2004 ubuntu2004min ubuntu2204 ubuntu2204min

# URLS
URL_alma8 ?= https://repo.almalinux.org/almalinux/8/cloud/x86_64/images/AlmaLinux-8-OpenNebula-latest.x86_64.qcow2
URL_alma9 ?= https://repo.almalinux.org/almalinux/9/cloud/x86_64/images/AlmaLinux-9-OpenNebula-latest.x86_64.qcow2
URL_alpine316 ?= https://dl-cdn.alpinelinux.org/alpine/v3.16/releases/x86_64/alpine-virt-3.16.7-x86_64.iso
URL_alpine317 ?= https://dl-cdn.alpinelinux.org/alpine/v3.17/releases/x86_64/alpine-virt-3.17.5-x86_64.iso
URL_debian11 ?= https://cdimage.debian.org/cdimage/cloud/bullseye/latest/debian-11-generic-amd64.qcow2
URL_debian11 ?= https://cdimage.debian.org/cdimage/cloud/bullseye/latest/debian-11-generic-amd64.qcow2
URL_debian12 ?= https://cdimage.debian.org/cdimage/cloud/bookworm/latest/debian-12-generic-amd64.qcow2
URL_rocky8 ?= https://download.rockylinux.org/pub/rocky/8/isos/x86_64/Rocky-x86_64-boot.iso
URL_rocky9 ?= https://download.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-x86_64-boot.iso

URL_alma8 ?= https://repo.almalinux.org/almalinux/8/cloud/x86_64/images/AlmaLinux-8-OpenNebula-latest.x86_64.qcow2
URL_alma9 ?= https://repo.almalinux.org/almalinux/9/cloud/x86_64/images/AlmaLinux-9-OpenNebula-latest.x86_64.qcow2
URL_alpine316 ?= https://dl-cdn.alpinelinux.org/alpine/v3.16/releases/x86_64/alpine-virt-3.16.7-x86_64.iso
URL_alpine317 ?= https://dl-cdn.alpinelinux.org/alpine/v3.17/releases/x86_64/alpine-virt-3.17.5-x86_64.iso
URL_debian10 ?= https://cdimage.debian.org/cdimage/openstack/current-10/debian-10-openstack-arm64.qcow2
URL_debian11 ?= https://cdimage.debian.org/cdimage/cloud/bullseye/latest/debian-11-generic-amd64.qcow2
URL_debian12 ?= https://cdimage.debian.org/cdimage/cloud/bookworm/latest/debian-12-generic-amd64.qcow2
URL_fedora37 ?= https://download.fedoraproject.org/pub/fedora/linux/releases/37/Cloud/x86_64/images/Fedora-Cloud-Base-37-1.7.x86_64.qcow2
URL_fedora38 ?= https://download.fedoraproject.org/pub/fedora/linux/releases/38/Cloud/x86_64/images/Fedora-Cloud-Base-38-1.6.x86_64.qcow2
URL_ol8 ?= https://yum.oracle.com/templates/OracleLinux/OL8/u7/x86_64/OL8U7_x86_64-kvm-b148.qcow
URL_ol9 ?= https://yum.oracle.com/templates/OracleLinux/OL9/u1/x86_64/OL9U1_x86_64-kvm-b158.qcow
URL_rocky ?= https://download.rockylinux.org/pub/rocky/8/isos/x86_64/Rocky-x86_64-boot.iso
URL_rocky ?= https://download.rockylinux.org/pub/rocky/9/isos/x86_64/Rocky-x86_64-boot.iso
ONE_ubuntu2004 ?= https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img
ONE_ubuntu2204 ?= https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img
ONE_ubuntu2004min ?= https://cloud-images.ubuntu.com/minimal/releases/focal/release/ubuntu-20.04-minimal-cloudimg-amd64.img
ONE_ubuntu2204min ?= https://cloud-images.ubuntu.com/minimal/releases/jammy/release/ubuntu-22.04-minimal-cloudimg-amd64.img
6 changes: 6 additions & 0 deletions Makefile.distros-nonfree
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
#ifeq (${NONFREE}, yes)
-include
DISTROS += rhel8 rhel9
URL_rhel8 := http://storage/images/base/rhel8.qcow2
URL_rhel9 := http://storage/images/base/rhel9.qcow2
#endif
1 change: 1 addition & 0 deletions guestfish/alma8/10-upgrade-distro.sh
1 change: 1 addition & 0 deletions guestfish/alma8/11-update-grub.sh
28 changes: 28 additions & 0 deletions guestfish/alma8/80-install-context.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
#!/usr/bin/env bash

# Downloads and installs the latest one-context package.

: "${CTX_SUFFIX:=.el8.noarch.rpm}"

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

if ! stat /context/one-context*$CTX_SUFFIX; then (
install -d /context/ && cd /context/
curl -fsSL https://api.github.com/repos/OpenNebula/addon-context-linux/releases \
| jq -r ".[0].assets[].browser_download_url | select(endswith(\"$CTX_SUFFIX\"))" \
| xargs -r -n1 curl -fsSLO
) fi

dnf install -y /context/one-context*$CTX_SUFFIX haveged open-vm-tools

systemctl enable haveged

# >>> Apply only on one-context >= 6.1 >>>
if ! rpm -q --queryformat '%{VERSION}' one-context | grep -E '^([1-5]\.|6\.0\.)'; then
dnf install -y --setopt=install_weak_deps=False NetworkManager systemd-networkd
fi
# <<< Apply only on one-context >= 6.1 <<<

sync
1 change: 1 addition & 0 deletions guestfish/alma8/81-configure-ssh.sh
1 change: 1 addition & 0 deletions guestfish/alma8/98-collect-garbage.sh
17 changes: 17 additions & 0 deletions guestfish/alma9/10-upgrade-distro.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
#!/usr/bin/env bash

# (Auto)Removes unneeded packages and upgrades
# the distro.

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

dnf install -y epel-release

dnf update -y --skip-broken

# Ensure packages needed for post-processing scripts do exist.
dnf install -y curl gawk grep jq sed

sync
55 changes: 55 additions & 0 deletions guestfish/alma9/11-update-grub.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
#!/usr/bin/env bash

# Sets kernel command line (net.ifnames=0 is particularily important),
# then updates initramfs/initrd and grub2.

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

rm -rf /etc/default/grub.d/

# Drop unwanted.

gawk -i inplace -f- /etc/default/grub <<'EOF'
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<quiet\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<splash\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<console=ttyS[^ ]*\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<earlyprintk=ttyS[^ ]*\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<crashkernel=[^ ]*\>/, "crashkernel=no") }
{ print }
EOF

# Ensure required.

gawk -i inplace -f- /etc/default/grub <<'EOF'
/^GRUB_CMDLINE_LINUX=/ { found = 1 }
/^GRUB_CMDLINE_LINUX=/ && !/net.ifnames=0/ { gsub(/"$/, " net.ifnames=0\"") }
/^GRUB_CMDLINE_LINUX=/ && !/biosdevname=0/ { gsub(/"$/, " biosdevname=0\"") }
{ print }
END { if (!found) print "GRUB_CMDLINE_LINUX=\" net.ifnames=0 biosdevname=0\"" >> FILENAME }
EOF

gawk -i inplace -f- /etc/default/grub <<'EOF'
BEGIN { update = "GRUB_TIMEOUT=0" }
/^GRUB_TIMEOUT=/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

# Cleanup.

gawk -i inplace -f- /etc/default/grub <<'EOF'
{ gsub(/(" *| *")/, "\""); gsub(/ */, " ") }
{ print }
EOF

dnf install -y dracut-config-generic dracut-network

INITRAMFS_IMG=$(find /boot/ -maxdepth 1 -name 'initramfs-*.img' ! -name '*rescue*' ! -name '*kdump*' | sort -V | tail -1)
INITRAMFS_VER=$(sed -e 's/^.*initramfs-//' -e 's/\.img$//' <<< "$INITRAMFS_IMG")
dracut --force "$INITRAMFS_IMG" "$INITRAMFS_VER"

grub2-mkconfig -o /boot/grub2/grub.cfg

sync
28 changes: 28 additions & 0 deletions guestfish/alma9/80-install-context.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
#!/usr/bin/env bash

# Downloads and installs the latest one-context package.

: "${CTX_SUFFIX:=.el9.noarch.rpm}"

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

if ! stat /context/one-context*$CTX_SUFFIX; then (
install -d /context/ && cd /context/
curl -fsSL https://api.github.com/repos/OpenNebula/addon-context-linux/releases \
| jq -r ".[0].assets[].browser_download_url | select(endswith(\"$CTX_SUFFIX\"))" \
| xargs -r -n1 curl -fsSLO
) fi

dnf install -y /context/one-context*$CTX_SUFFIX haveged open-vm-tools

systemctl enable haveged

# >>> Apply only on one-context >= 6.1 >>>
if ! rpm -q --queryformat '%{VERSION}' one-context | grep -E '^([1-5]\.|6\.0\.)'; then
dnf install -y --setopt=install_weak_deps=False NetworkManager systemd-networkd
fi
# <<< Apply only on one-context >= 6.1 <<<

sync
File renamed without changes.
23 changes: 23 additions & 0 deletions guestfish/alma9/98-collect-garbage.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
#!/usr/bin/env bash

# Cleans DNF caches, removes temporary files / logs,
# removes leftover / temporary unneeded packages.

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

kdump="kdump.service"
systemctl list-units --full -all | grep -Fq "$kdump" && systemctl disable "$kdump"

# Remove old kernels.
dnf remove -y $(dnf repoquery --installonly --latest-limit=-1 -q)

dnf remove -y fwupd linux-firmware

dnf clean -y all

rm -rf /boot/*-rescue-*
rm -rf /context/

sync
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
4 changes: 0 additions & 4 deletions guestfish/alpine316/scripts/test1.sh

This file was deleted.

1 change: 1 addition & 0 deletions guestfish/alpine317
1 change: 1 addition & 0 deletions guestfish/debian10
1 change: 1 addition & 0 deletions guestfish/debian11/10-upgrade-distro.sh
1 change: 1 addition & 0 deletions guestfish/debian11/11-update-grub.sh
41 changes: 41 additions & 0 deletions guestfish/debian11/80-install-context.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
#!/usr/bin/env bash

# Downloads and installs the latest one-context package.

: "${CTX_SUFFIX:=.deb}"

policy_rc_d_disable() (echo "exit 101" >/usr/sbin/policy-rc.d && chmod a+x /usr/sbin/policy-rc.d)
policy_rc_d_enable() (echo "exit 0" >/usr/sbin/policy-rc.d && chmod a+x /usr/sbin/policy-rc.d)

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

export DEBIAN_FRONTEND=noninteractive

if ! stat /context/one-context*$CTX_SUFFIX; then (
install -d /context/ && cd /context/
apt-get install -y qemu-guest-agent open-vm-tools ruby virt-what parted
curl -fsSL https://api.github.com/repos/OpenNebula/addon-context-linux/releases \
| jq -r ".[0].assets[].browser_download_url | select(endswith(\"$CTX_SUFFIX\"))" \
| xargs -r -n1 curl -fsSLO
) fi

policy_rc_d_disable

dpkg -i /context/one-context*$CTX_SUFFIX || apt-get install -y -f
dpkg -i /context/one-context*$CTX_SUFFIX

apt-get install -y haveged open-vm-tools

systemctl enable haveged

# >>> Apply only on one-context >= 6.1 >>>
if ! dpkg-query -W --showformat '${Version}' one-context | grep -E '^([1-5]\.|6\.0\.)'; then
apt-get install -y --no-install-recommends --no-install-suggests netplan.io network-manager
fi
# <<< Apply only on one-context >= 6.1 <<<

policy_rc_d_enable

sync
1 change: 1 addition & 0 deletions guestfish/debian11/81-configure-ssh.sh
1 change: 1 addition & 0 deletions guestfish/debian11/98-collect-garbage.sh
1 change: 0 additions & 1 deletion guestfish/debian12

This file was deleted.

File renamed without changes.
File renamed without changes.
41 changes: 41 additions & 0 deletions guestfish/debian12/80-install-context.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
#!/usr/bin/env bash

# Downloads and installs the latest one-context package.

: "${CTX_SUFFIX:=.deb}"

policy_rc_d_disable() (echo "exit 101" >/usr/sbin/policy-rc.d && chmod a+x /usr/sbin/policy-rc.d)
policy_rc_d_enable() (echo "exit 0" >/usr/sbin/policy-rc.d && chmod a+x /usr/sbin/policy-rc.d)

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

export DEBIAN_FRONTEND=noninteractive

if ! stat /context/one-context*$CTX_SUFFIX; then (
install -d /context/ && cd /context/
curl -fsSL https://api.github.com/repos/OpenNebula/addon-context-linux/releases \
| jq -r ".[0].assets[].browser_download_url | select(endswith(\"$CTX_SUFFIX\"))" \
| xargs -r -n1 curl -fsSLO
) fi

policy_rc_d_disable

dpkg -i /context/one-context*$CTX_SUFFIX || apt-get install -y -f
dpkg -i /context/one-context*$CTX_SUFFIX

apt-get install -y haveged open-vm-tools

systemctl enable haveged

# >>> Apply only on one-context >= 6.1 >>>
if ! dpkg-query -W --showformat '${Version}' one-context | grep -E '^([1-5]\.|6\.0\.)'; then
apt-get install -y --no-install-recommends --no-install-suggests netplan.io network-manager
systemctl enable systemd-networkd
fi
# <<< Apply only on one-context >= 6.1 <<<

policy_rc_d_enable

sync
30 changes: 30 additions & 0 deletions guestfish/debian12/81-configure-ssh.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
#!/usr/bin/env bash

# Configures critical settings for OpenSSH server.

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
BEGIN { update = "PasswordAuthentication no" }
/^[#\s]*PasswordAuthentication\s*/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
BEGIN { update = "PermitRootLogin without-password" }
/^[#\s]*PermitRootLogin\s*/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
BEGIN { update = "UseDNS no" }
/^[#\s]*UseDNS\s*/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

sync
File renamed without changes.
38 changes: 38 additions & 0 deletions guestfish/fedora37/80-install-context.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
#!/usr/bin/env bash

# Downloads and installs the latest one-context package.

: "${CTX_SUFFIX:=.el8.noarch.rpm}"

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

if ! stat /context/one-context*$CTX_SUFFIX; then (
install -d /context/ && cd /context/
curl -fsSL https://api.github.com/repos/OpenNebula/addon-context-linux/releases \
| jq -r ".[0].assets[].browser_download_url | select(endswith(\"$CTX_SUFFIX\"))" \
| xargs -r -n1 curl -fsSLO
) fi

dnf install -y /context/one-context*$CTX_SUFFIX haveged open-vm-tools

systemctl enable haveged

if ! rpm -q --queryformat '%{VERSION}' one-context | grep -E '^([1-5]\.|6\.0\.)'; then
# >>> Apply only on one-context >= 6.1 >>>
dnf install -y --setopt=install_weak_deps=False NetworkManager systemd-networkd

systemctl enable systemd-networkd

# This is a workaround for systemd-networkd-wait-online timeout when networkd not used.
# Although this effectively breaks reaching network.target correctly, it is still better
# not to slowdown the boot by (120s) timeout as networkd is rather marginal in RHEL.
systemctl disable systemd-networkd-wait-online

# <<< Apply only on one-context >= 6.1 <<<
else
systemctl enable network
fi

sync
32 changes: 32 additions & 0 deletions guestfish/fedora37/81-configure-ssh.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
#!/usr/bin/env bash

# Configures critical settings for OpenSSH server.

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

gawk -i inplace -f- /etc/ssh/sshd_config /etc/ssh/sshd_config.d/50-redhat.conf <<'EOF'
BEGIN { update = "PasswordAuthentication no" }
/^[#\s]*PasswordAuthentication\s*/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
BEGIN { update = "PermitRootLogin without-password" }
/^[#\s]*PermitRootLogin\s*/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
BEGIN { update = "UseDNS no" }
/^[#\s]*UseDNS\s*/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

rm -rf /etc/ssh/sshd_config.d/50-cloud-init.conf

sync
19 changes: 19 additions & 0 deletions guestfish/fedora37/98-collect-garbage.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
#!/usr/bin/env bash

# Cleans DNF caches, removes temporary files / logs,
# removes leftover / temporary unneeded packages.

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

# Remove old kernels.
dnf remove -y $(dnf repoquery --installonly --latest-limit=-1 -q)

dnf remove -y fwupd linux-firmware

dnf clean -y all

rm -rf /context/

sync
1 change: 1 addition & 0 deletions guestfish/fedora38
17 changes: 17 additions & 0 deletions guestfish/ol8/10-upgrade-distro.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
#!/usr/bin/env bash

# (Auto)Removes unneeded packages and upgrades
# the distro.

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

dnf install -y oracle-epel-release-el8

dnf update -y --skip-broken

# Ensure packages needed for post-processing scripts do exist.
dnf install -y curl gawk grep jq sed

sync
55 changes: 55 additions & 0 deletions guestfish/ol8/11-update-grub.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
#!/usr/bin/env bash

# Sets kernel command line (net.ifnames=0 is particularily important),
# then updates initramfs/initrd and grub2.

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

rm -rf /etc/default/grub.d/

# Drop unwanted.

gawk -i inplace -f- /etc/default/grub <<'EOF'
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<quiet\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<splash\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<console=ttyS[^ ]*\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<earlyprintk=ttyS[^ ]*\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<crashkernel=[^ ]*\>/, "crashkernel=no") }
{ print }
EOF

# Ensure required.

gawk -i inplace -f- /etc/default/grub <<'EOF'
/^GRUB_CMDLINE_LINUX=/ { found = 1 }
/^GRUB_CMDLINE_LINUX=/ && !/net.ifnames=0/ { gsub(/"$/, " net.ifnames=0\"") }
/^GRUB_CMDLINE_LINUX=/ && !/biosdevname=0/ { gsub(/"$/, " biosdevname=0\"") }
{ print }
END { if (!found) print "GRUB_CMDLINE_LINUX=\" net.ifnames=0 biosdevname=0\"" >> FILENAME }
EOF

gawk -i inplace -f- /etc/default/grub <<'EOF'
BEGIN { update = "GRUB_TIMEOUT=0" }
/^GRUB_TIMEOUT=/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

# Cleanup.

gawk -i inplace -f- /etc/default/grub <<'EOF'
{ gsub(/(" *| *")/, "\""); gsub(/ */, " ") }
{ print }
EOF

dnf install -y dracut-config-generic dracut-network

INITRAMFS_IMG=$(find /boot/ -maxdepth 1 -name 'initramfs-*.img' ! -name '*rescue*' ! -name '*kdump*' | sort -V | tail -1)
INITRAMFS_VER=$(sed -e 's/^.*initramfs-//' -e 's/\.img$//' <<< "$INITRAMFS_IMG")
dracut --force "$INITRAMFS_IMG" "$INITRAMFS_VER"

grub2-mkconfig -o /boot/grub2/grub.cfg

sync
28 changes: 28 additions & 0 deletions guestfish/ol8/80-install-context.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
#!/usr/bin/env bash

# Downloads and installs the latest one-context package.

: "${CTX_SUFFIX:=.el8.noarch.rpm}"

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

if ! stat /context/one-context*$CTX_SUFFIX; then (
install -d /context/ && cd /context/
curl -fsSL https://api.github.com/repos/OpenNebula/addon-context-linux/releases \
| jq -r ".[0].assets[].browser_download_url | select(endswith(\"$CTX_SUFFIX\"))" \
| xargs -r -n1 curl -fsSLO
) fi

dnf install -y /context/one-context*$CTX_SUFFIX haveged open-vm-tools

systemctl enable haveged

# >>> Apply only on one-context >= 6.1 >>>
if ! rpm -q --queryformat '%{VERSION}' one-context | grep -E '^([1-5]\.|6\.0\.)'; then
dnf install -y --setopt=install_weak_deps=False NetworkManager systemd-networkd
fi
# <<< Apply only on one-context >= 6.1 <<<

sync
30 changes: 30 additions & 0 deletions guestfish/ol8/81-configure-ssh.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
#!/usr/bin/env bash

# Configures critical settings for OpenSSH server.

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
BEGIN { update = "PasswordAuthentication no" }
/^[#\s]*PasswordAuthentication\s*/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
BEGIN { update = "PermitRootLogin without-password" }
/^[#\s]*PermitRootLogin\s*/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
BEGIN { update = "UseDNS no" }
/^[#\s]*UseDNS\s*/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

sync
22 changes: 22 additions & 0 deletions guestfish/ol8/98-collect-garbage.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
#!/usr/bin/env bash

# Cleans DNF caches, removes temporary files / logs,
# removes leftover / temporary unneeded packages.

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

systemctl disable kdump.service

# Remove old kernels.
dnf remove -y $(dnf repoquery --installonly --latest-limit=-1 -q)

dnf remove -y fwupd linux-firmware

dnf clean -y all

rm -rf /boot/*-rescue-*
rm -rf /context/

sync
17 changes: 17 additions & 0 deletions guestfish/ol9/10-upgrade-distro.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
#!/usr/bin/env bash

# (Auto)Removes unneeded packages and upgrades
# the distro.

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

dnf install -y oracle-epel-release-el9

dnf update -y --skip-broken

# Ensure packages needed for post-processing scripts do exist.
dnf install -y curl gawk grep jq sed

sync
55 changes: 55 additions & 0 deletions guestfish/ol9/11-update-grub.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
#!/usr/bin/env bash

# Sets kernel command line (net.ifnames=0 is particularily important),
# then updates initramfs/initrd and grub2.

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

rm -rf /etc/default/grub.d/

# Drop unwanted.

gawk -i inplace -f- /etc/default/grub <<'EOF'
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<quiet\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<splash\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<console=ttyS[^ ]*\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<earlyprintk=ttyS[^ ]*\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<crashkernel=[^ ]*\>/, "crashkernel=no") }
{ print }
EOF

# Ensure required.

gawk -i inplace -f- /etc/default/grub <<'EOF'
/^GRUB_CMDLINE_LINUX=/ { found = 1 }
/^GRUB_CMDLINE_LINUX=/ && !/net.ifnames=0/ { gsub(/"$/, " net.ifnames=0\"") }
/^GRUB_CMDLINE_LINUX=/ && !/biosdevname=0/ { gsub(/"$/, " biosdevname=0\"") }
{ print }
END { if (!found) print "GRUB_CMDLINE_LINUX=\" net.ifnames=0 biosdevname=0\"" >> FILENAME }
EOF

gawk -i inplace -f- /etc/default/grub <<'EOF'
BEGIN { update = "GRUB_TIMEOUT=0" }
/^GRUB_TIMEOUT=/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

# Cleanup.

gawk -i inplace -f- /etc/default/grub <<'EOF'
{ gsub(/(" *| *")/, "\""); gsub(/ */, " ") }
{ print }
EOF

dnf install -y dracut-config-generic dracut-network

INITRAMFS_IMG=$(find /boot/ -maxdepth 1 -name 'initramfs-*.img' ! -name '*rescue*' ! -name '*kdump*' | sort -V | tail -1)
INITRAMFS_VER=$(sed -e 's/^.*initramfs-//' -e 's/\.img$//' <<< "$INITRAMFS_IMG")
dracut --force "$INITRAMFS_IMG" "$INITRAMFS_VER"

grub2-mkconfig -o /boot/grub2/grub.cfg

sync
28 changes: 28 additions & 0 deletions guestfish/ol9/80-install-context.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
#!/usr/bin/env bash

# Downloads and installs the latest one-context package.

: "${CTX_SUFFIX:=.el9.noarch.rpm}"

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

if ! stat /context/one-context*$CTX_SUFFIX; then (
install -d /context/ && cd /context/
curl -fsSL https://api.github.com/repos/OpenNebula/addon-context-linux/releases \
| jq -r ".[0].assets[].browser_download_url | select(endswith(\"$CTX_SUFFIX\"))" \
| xargs -r -n1 curl -fsSLO
) fi

dnf install -y /context/one-context*$CTX_SUFFIX haveged open-vm-tools

systemctl enable haveged

# >>> Apply only on one-context >= 6.1 >>>
if ! rpm -q --queryformat '%{VERSION}' one-context | grep -E '^([1-5]\.|6\.0\.)'; then
dnf install -y --setopt=install_weak_deps=False NetworkManager systemd-networkd
fi
# <<< Apply only on one-context >= 6.1 <<<

sync
30 changes: 30 additions & 0 deletions guestfish/ol9/81-configure-ssh.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
#!/usr/bin/env bash

# Configures critical settings for OpenSSH server.

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
BEGIN { update = "PasswordAuthentication no" }
/^[#\s]*PasswordAuthentication\s*/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
BEGIN { update = "PermitRootLogin without-password" }
/^[#\s]*PermitRootLogin\s*/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
BEGIN { update = "UseDNS no" }
/^[#\s]*UseDNS\s*/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

sync
22 changes: 22 additions & 0 deletions guestfish/ol9/98-collect-garbage.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
#!/usr/bin/env bash

# Cleans DNF caches, removes temporary files / logs,
# removes leftover / temporary unneeded packages.

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

systemctl disable kdump.service

# Remove old kernels.
dnf remove -y $(dnf repoquery --installonly --latest-limit=-1 -q)

dnf remove -y fwupd linux-firmware

dnf clean -y all

rm -rf /boot/*-rescue-*
rm -rf /context/

sync
17 changes: 17 additions & 0 deletions guestfish/rocky8/10-upgrade-distro.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
#!/usr/bin/env bash

# (Auto)Removes unneeded packages and upgrades
# the distro.

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

dnf install -y epel-release

dnf update -y --skip-broken

# Ensure packages needed for post-processing scripts do exist.
dnf install -y curl gawk grep jq sed

sync
55 changes: 55 additions & 0 deletions guestfish/rocky8/11-update-grub.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
#!/usr/bin/env bash

# Sets kernel command line (net.ifnames=0 is particularily important),
# then updates initramfs/initrd and grub2.

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

rm -rf /etc/default/grub.d/

# Drop unwanted.

gawk -i inplace -f- /etc/default/grub <<'EOF'
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<quiet\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<splash\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<console=ttyS[^ ]*\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<earlyprintk=ttyS[^ ]*\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<crashkernel=[^ ]*\>/, "crashkernel=no") }
{ print }
EOF

# Ensure required.

gawk -i inplace -f- /etc/default/grub <<'EOF'
/^GRUB_CMDLINE_LINUX=/ { found = 1 }
/^GRUB_CMDLINE_LINUX=/ && !/net.ifnames=0/ { gsub(/"$/, " net.ifnames=0\"") }
/^GRUB_CMDLINE_LINUX=/ && !/biosdevname=0/ { gsub(/"$/, " biosdevname=0\"") }
{ print }
END { if (!found) print "GRUB_CMDLINE_LINUX=\" net.ifnames=0 biosdevname=0\"" >> FILENAME }
EOF

gawk -i inplace -f- /etc/default/grub <<'EOF'
BEGIN { update = "GRUB_TIMEOUT=0" }
/^GRUB_TIMEOUT=/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

# Cleanup.

gawk -i inplace -f- /etc/default/grub <<'EOF'
{ gsub(/(" *| *")/, "\""); gsub(/ */, " ") }
{ print }
EOF

dnf install -y dracut-config-generic dracut-network

INITRAMFS_IMG=$(find /boot/ -maxdepth 1 -name 'initramfs-*.img' ! -name '*rescue*' ! -name '*kdump*' | sort -V | tail -1)
INITRAMFS_VER=$(sed -e 's/^.*initramfs-//' -e 's/\.img$//' <<< "$INITRAMFS_IMG")
dracut --force "$INITRAMFS_IMG" "$INITRAMFS_VER"

grub2-mkconfig -o /boot/grub2/grub.cfg

sync
28 changes: 28 additions & 0 deletions guestfish/rocky8/80-install-context.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
#!/usr/bin/env bash

# Downloads and installs the latest one-context package.

: "${CTX_SUFFIX:=.el8.noarch.rpm}"

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

if ! stat /context/one-context*$CTX_SUFFIX; then (
install -d /context/ && cd /context/
curl -fsSL https://api.github.com/repos/OpenNebula/addon-context-linux/releases \
| jq -r ".[0].assets[].browser_download_url | select(endswith(\"$CTX_SUFFIX\"))" \
| xargs -r -n1 curl -fsSLO
) fi

dnf install -y /context/one-context*$CTX_SUFFIX haveged open-vm-tools

systemctl enable haveged

# >>> Apply only on one-context >= 6.1 >>>
if ! rpm -q --queryformat '%{VERSION}' one-context | grep -E '^([1-5]\.|6\.0\.)'; then
dnf install -y --setopt=install_weak_deps=False NetworkManager systemd-networkd
fi
# <<< Apply only on one-context >= 6.1 <<<

sync
30 changes: 30 additions & 0 deletions guestfish/rocky8/81-configure-ssh.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
#!/usr/bin/env bash

# Configures critical settings for OpenSSH server.

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
BEGIN { update = "PasswordAuthentication no" }
/^[#\s]*PasswordAuthentication\s*/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
BEGIN { update = "PermitRootLogin without-password" }
/^[#\s]*PermitRootLogin\s*/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
BEGIN { update = "UseDNS no" }
/^[#\s]*UseDNS\s*/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

sync
22 changes: 22 additions & 0 deletions guestfish/rocky8/98-collect-garbage.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
#!/usr/bin/env bash

# Cleans DNF caches, removes temporary files / logs,
# removes leftover / temporary unneeded packages.

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

systemctl disable kdump.service

# Remove old kernels.
dnf remove -y $(dnf repoquery --installonly --latest-limit=-1 -q)

dnf remove -y fwupd linux-firmware

dnf clean -y all

rm -rf /boot/*-rescue-*
rm -rf /context/

sync
1 change: 1 addition & 0 deletions guestfish/rocky9
12 changes: 1 addition & 11 deletions guestfish/run.sh
Original file line number Diff line number Diff line change
@@ -15,16 +15,8 @@ cp "$SRC_IMG" "$TMP_IMG"
#------------------------------------------------------------------------------
# Guestfish -- run custom scripts
#------------------------------------------------------------------------------
if [ -d "${DIR_CURR}/$DISTRO/scripts" ]; then
# distro specific scripts
SCRIPTS="$(echo ${DIR_CURR}/$DISTRO/scripts/*.sh)"
else
# scripts_defaults
SCRIPTS="$(echo ${DIR_CURR}/scripts_defaults/*.sh)"
fi

RUN_SCRIPTS_CMD=""
for S in $SCRIPTS; do
for S in $(echo ${DIR_CURR}/$DISTRO/*.sh); do
RUN_SCRIPTS_CMD+=" : command /guestfish/$(basename $S) "
done

@@ -42,7 +34,6 @@ $RUN_SCRIPTS_CMD \

$GUESTFISH_CMD


#------------------------------------------------------------------------------
# Sysprep the image
#------------------------------------------------------------------------------
@@ -53,7 +44,6 @@ virt-sysprep --add ${TMP_IMG} \
--run-command 'truncate -s0 -c /etc/machine-id' \
--delete /etc/resolv.conf


#------------------------------------------------------------------------------
# Sparsify and export to destination, cleanup
#------------------------------------------------------------------------------
2 changes: 0 additions & 2 deletions guestfish/scripts_defaults/10-test.sh

This file was deleted.

1 change: 1 addition & 0 deletions guestfish/ubuntu2004
1 change: 1 addition & 0 deletions guestfish/ubuntu2004min
28 changes: 28 additions & 0 deletions guestfish/ubuntu2204/10-upgrade-distro.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
#!/usr/bin/env bash

# (Auto)Removes unneeded packages and upgrades
# the distro.

policy_rc_d_disable() (echo "exit 101" >/usr/sbin/policy-rc.d && chmod a+x /usr/sbin/policy-rc.d)
policy_rc_d_enable() (echo "exit 0" >/usr/sbin/policy-rc.d && chmod a+x /usr/sbin/policy-rc.d)

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

export DEBIAN_FRONTEND=noninteractive

apt-get update -y

policy_rc_d_disable

apt-get install -y --fix-broken

apt-get upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"

# Ensure packages needed for post-processing scripts do exist.
apt-get install -y curl gawk grep jq

policy_rc_d_enable

sync
54 changes: 54 additions & 0 deletions guestfish/ubuntu2204/11-update-grub.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
#!/usr/bin/env bash

# Sets kernel command line (net.ifnames=0 is particularily important),
# then updates initramfs/initrd and grub2.

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

rm -rf /etc/default/grub.d/

# Drop unwanted.

# NOTE: console=ttyS*, earlyprintk=ttyS* may cause kernel panic during first boot.
# The exact problem is identical to https://github.com/dmacvicar/terraform-provider-libvirt/issues/948.
# A correct workaround is described here: https://bugs.launchpad.net/ubuntu/+source/cloud-initramfs-tools/+bug/1123220.

gawk -i inplace -f- /etc/default/grub <<'EOF'
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<quiet\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<splash\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<console=ttyS[^ ]*\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<earlyprintk=ttyS[^ ]*\>/, "") }
/^GRUB_TERMINAL=/ { gsub(/\<serial\>/, "") }
{ print }
EOF

# Ensure required.

gawk -i inplace -f- /etc/default/grub <<'EOF'
/^GRUB_CMDLINE_LINUX=/ { found = 1 }
/^GRUB_CMDLINE_LINUX=/ && !/net.ifnames=0/ { gsub(/"$/, " net.ifnames=0\"") }
/^GRUB_CMDLINE_LINUX=/ && !/biosdevname=0/ { gsub(/"$/, " biosdevname=0\"") }
{ print }
END { if (!found) print "GRUB_CMDLINE_LINUX=\" net.ifnames=0 biosdevname=0\"" >> FILENAME }
EOF

gawk -i inplace -f- /etc/default/grub <<'EOF'
BEGIN { update = "GRUB_TIMEOUT=0" }
/^GRUB_TIMEOUT=/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

# Cleanup.

gawk -i inplace -f- /etc/default/grub <<'EOF'
{ gsub(/(" *| *")/, "\""); gsub(/ */, " ") }
{ print }
EOF

update-initramfs -vu
update-grub2

sync
File renamed without changes.
30 changes: 30 additions & 0 deletions guestfish/ubuntu2204/81-configure-ssh.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
#!/usr/bin/env bash

# Configures critical settings for OpenSSH server.

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
BEGIN { update = "PasswordAuthentication no" }
/^[#\s]*PasswordAuthentication\s*/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
BEGIN { update = "PermitRootLogin without-password" }
/^[#\s]*PermitRootLogin\s*/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
BEGIN { update = "UseDNS no" }
/^[#\s]*UseDNS\s*/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

sync
22 changes: 22 additions & 0 deletions guestfish/ubuntu2204/98-collect-garbage.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
#!/usr/bin/env bash

# Cleans APT caches, removes temporary files / logs,
# removes leftover / temporary unneeded packages.

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

export DEBIAN_FRONTEND=noninteractive

apt-get purge -y cloud-init snapd fwupd

apt-get autoremove -y --purge

apt-get clean -y && rm -rf /var/lib/apt/lists/*

rm -f /etc/sysctl.d/99-cloudimg-ipv6.conf

rm -rf /context/

sync
28 changes: 28 additions & 0 deletions guestfish/ubuntu2204min/10-upgrade-distro.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
#!/usr/bin/env bash

# (Auto)Removes unneeded packages and upgrades
# the distro.

policy_rc_d_disable() (echo "exit 101" >/usr/sbin/policy-rc.d && chmod a+x /usr/sbin/policy-rc.d)
policy_rc_d_enable() (echo "exit 0" >/usr/sbin/policy-rc.d && chmod a+x /usr/sbin/policy-rc.d)

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

export DEBIAN_FRONTEND=noninteractive

apt-get update -y

policy_rc_d_disable

apt-get install -y --fix-broken

apt-get upgrade -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold"

# Ensure packages needed for post-processing scripts do exist.
apt-get install -y curl gawk grep jq

policy_rc_d_enable

sync
56 changes: 56 additions & 0 deletions guestfish/ubuntu2204min/11-update-grub.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
#!/usr/bin/env bash

# Sets kernel command line (net.ifnames=0 is particularily important),
# then updates grub2.

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

cat /etc/default/grub.d/40-force-partuuid.cfg >>/etc/default/grub

rm -rf /etc/default/grub.d/

# Drop unwanted.

# NOTE: console=ttyS*, earlyprintk=ttyS* may cause kernel panic during first boot.
# The exact problem is identical to https://github.com/dmacvicar/terraform-provider-libvirt/issues/948.
# A correct workaround is described here: https://bugs.launchpad.net/ubuntu/+source/cloud-initramfs-tools/+bug/1123220.

gawk -i inplace -f- /etc/default/grub <<'EOF'
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<quiet\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<splash\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<console=ttyS[^ ]*\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<earlyprintk=ttyS[^ ]*\>/, "") }
/^GRUB_TERMINAL=/ { gsub(/\<serial\>/, "") }
{ print }
EOF

# Ensure required.

gawk -i inplace -f- /etc/default/grub <<'EOF'
/^GRUB_CMDLINE_LINUX=/ { found = 1 }
/^GRUB_CMDLINE_LINUX=/ && !/console=tty1/ { gsub(/"$/, " console=tty1\"") }
/^GRUB_CMDLINE_LINUX=/ && !/net.ifnames=0/ { gsub(/"$/, " net.ifnames=0\"") }
/^GRUB_CMDLINE_LINUX=/ && !/biosdevname=0/ { gsub(/"$/, " biosdevname=0\"") }
{ print }
END { if (!found) print "GRUB_CMDLINE_LINUX=\" console=tty1 net.ifnames=0 biosdevname=0\"" >> FILENAME }
EOF

gawk -i inplace -f- /etc/default/grub <<'EOF'
BEGIN { update = "GRUB_TIMEOUT=0" }
/^GRUB_TIMEOUT=/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

# Cleanup.

gawk -i inplace -f- /etc/default/grub <<'EOF'
{ gsub(/(" *| *")/, "\""); gsub(/ */, " ") }
{ print }
EOF

update-grub2

sync
40 changes: 40 additions & 0 deletions guestfish/ubuntu2204min/80-install-context.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
#!/usr/bin/env bash

# Downloads and installs the latest one-context package.

policy_rc_d_disable() (echo "exit 101" >/usr/sbin/policy-rc.d && chmod a+x /usr/sbin/policy-rc.d)
policy_rc_d_enable() (echo "exit 0" >/usr/sbin/policy-rc.d && chmod a+x /usr/sbin/policy-rc.d)

: "${CTX_SUFFIX:=.deb}"

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

export DEBIAN_FRONTEND=noninteractive

if ! stat /context/one-context*$CTX_SUFFIX; then (
install -d /context/ && cd /context/
curl -fsSL https://api.github.com/repos/OpenNebula/addon-context-linux/releases \
| jq -r ".[0].assets[].browser_download_url | select(endswith(\"$CTX_SUFFIX\"))" \
| xargs -r -n1 curl -fsSLO
) fi

policy_rc_d_disable

dpkg -i /context/one-context*$CTX_SUFFIX || apt-get install -y -f
dpkg -i /context/one-context*$CTX_SUFFIX

apt-get install -y haveged open-vm-tools

systemctl enable haveged

# >>> Apply only on one-context >= 6.1 >>>
if ! dpkg-query -W --showformat '${Version}' one-context | grep -E '^([1-5]\.|6\.0\.)'; then
apt-get install -y --no-install-recommends --no-install-suggests netplan.io network-manager
fi
# <<< Apply only on one-context >= 6.1 <<<

policy_rc_d_enable

sync
30 changes: 30 additions & 0 deletions guestfish/ubuntu2204min/81-configure-ssh.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
#!/usr/bin/env bash

# Configures critical settings for OpenSSH server.

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
BEGIN { update = "PasswordAuthentication no" }
/^[#\s]*PasswordAuthentication\s*/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
BEGIN { update = "PermitRootLogin without-password" }
/^[#\s]*PermitRootLogin\s*/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
BEGIN { update = "UseDNS no" }
/^[#\s]*UseDNS\s*/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

sync
22 changes: 22 additions & 0 deletions guestfish/ubuntu2204min/98-collect-garbage.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
#!/usr/bin/env bash

# Cleans APT caches, removes temporary files / logs,
# removes leftover / temporary unneeded packages.

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

export DEBIAN_FRONTEND=noninteractive

apt-get purge -y cloud-init snapd fwupd

apt-get autoremove -y --purge

apt-get clean -y && rm -rf /var/lib/apt/lists/*

rm -f /etc/sysctl.d/99-cloudimg-ipv6.conf

rm -rf /context/

sync
15 changes: 15 additions & 0 deletions packer/fedora37/10-upgrade-distro.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
#!/usr/bin/env bash

# (Auto)Removes unneeded packages and upgrades
# the distro.

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

dnf update -y --skip-broken

# Ensure packages needed for post-processing scripts do exist.
dnf install -y curl gawk grep jq sed

sync
55 changes: 55 additions & 0 deletions packer/fedora37/11-update-grub.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
#!/usr/bin/env bash

# Sets kernel command line (net.ifnames=0 is particularily important),
# then updates initramfs/initrd and grub2.

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

rm -rf /etc/default/grub.d/

# Drop unwanted.

gawk -i inplace -f- /etc/default/grub <<'EOF'
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<quiet\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<splash\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<console=ttyS[^ ]*\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<earlyprintk=ttyS[^ ]*\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<crashkernel=[^ ]*\>/, "crashkernel=no") }
{ print }
EOF

# Ensure required.

gawk -i inplace -f- /etc/default/grub <<'EOF'
/^GRUB_CMDLINE_LINUX=/ { found = 1 }
/^GRUB_CMDLINE_LINUX=/ && !/net.ifnames=0/ { gsub(/"$/, " net.ifnames=0\"") }
/^GRUB_CMDLINE_LINUX=/ && !/biosdevname=0/ { gsub(/"$/, " biosdevname=0\"") }
{ print }
END { if (!found) print "GRUB_CMDLINE_LINUX=\" net.ifnames=0 biosdevname=0\"" >> FILENAME }
EOF

gawk -i inplace -f- /etc/default/grub <<'EOF'
BEGIN { update = "GRUB_TIMEOUT=0" }
/^GRUB_TIMEOUT=/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

# Cleanup.

gawk -i inplace -f- /etc/default/grub <<'EOF'
{ gsub(/(" *| *")/, "\""); gsub(/ */, " ") }
{ print }
EOF

dnf install -y dracut-config-generic dracut-network

INITRAMFS_IMG=$(find /boot/ -maxdepth 1 -name 'initramfs-*.img' ! -name '*rescue*' ! -name '*kdump*' | sort -V | tail -1)
INITRAMFS_VER=$(sed -e 's/^.*initramfs-//' -e 's/\.img$//' <<< "$INITRAMFS_IMG")
dracut --force "$INITRAMFS_IMG" "$INITRAMFS_VER"

grub2-mkconfig -o /boot/grub2/grub.cfg

sync
78 changes: 78 additions & 0 deletions packer/fedora37/fedora.pkr.hcl
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
variable "base_image" {
type = string
}

variable "cloud_init_iso" {
type = string
}

variable "output_dir" {
type = string
}

variable "appliance_name" {
type = string
}

variable "serial" {
type = string
default = "stdio"
}

source "qemu" "fedora" {
accelerator = "kvm"
headless = false

memory = 2048

iso_url = var.base_image
iso_checksum = "none"

disk_image = true
disk_cache = "unsafe"
disk_size = 20480
format = "qcow2"

disk_interface = "virtio-scsi"
net_device = "virtio-net"

qemuargs = [
["-cdrom", var.cloud_init_iso],
["-serial", var.serial],
]

ssh_username = "root"
ssh_password = "v-YC470*/9i2CX+y3fP:D+%Z-1g-|p4P"

shutdown_command = "poweroff"

output_directory = var.output_dir
vm_name = var.appliance_name
}

build {
sources = ["source.qemu.fedora"]

provisioner "shell" {
execute_command = "sudo -iu root {{.Vars}} bash {{.Path}}"
scripts = [
"packer/${var.appliance_name}/10-upgrade-distro.sh",
"packer/${var.appliance_name}/11-update-grub.sh",
]
}

provisioner "shell" {
expect_disconnect = true
inline = [
"sed -i -e 's:^SELINUX=.*:SELINUX=permissive:' /etc/selinux/config",
"fixfiles -F onboot",
"reboot",
]
}

provisioner "shell" {
inline = [
"sed -i -e 's:^SELINUX=.*:SELINUX=enforcing:' /etc/selinux/config",
]
}
}
23 changes: 23 additions & 0 deletions packer/fedora37/fedora.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
#cloud-config
growpart:
mode: auto
devices: [/]

disable_root: false

users:
- name: root
lock_passwd: false
hashed_passwd: $6$rounds=2000000$CZnmDr1iAnoCk$l5fEPfdtBpwfvOA1.Wn4Ipbh1Y.ahTPzNPZyXvaU2T4MtS907l8QqwMKLLa/8XMDpV2ZuXFUDX8aG2YqRX7mM1

ssh_pwauth: true

runcmd:
- |
gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
BEGIN { update = "PermitRootLogin yes" }
/^#*PermitRootLogin/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >>FILENAME }
EOF
- systemctl reload sshd
33 changes: 33 additions & 0 deletions packer/fedora37/run.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
#!/bin/bash
#
# QEMU_BINARY should be exported already

DISTRO=$1
DST=$2
DIR_CURR=$(dirname "$0")
BASE_IMAGE=$DIR_BASE/$DISTRO.img
PACKER_WORKING_DIR=$DIR_BUILD/_packer/$DISTRO
CLOUD_WORKING_DIR=$DIR_BUILD/_cloud-init/$DISTRO
mkdir -p "$PACKER_WORKING_DIR"
mkdir -p "$CLOUD_WORKING_DIR"

# create cloud-init iso
touch ${CLOUD_WORKING_DIR}/empty-meta-data
cloud-localds \
${CLOUD_WORKING_DIR}/cloud-init.iso \
${DIR_CURR}/fedora.yml \
${CLOUD_WORKING_DIR}/empty-meta-data

echo "DISTRO: [$DISTRO]"

packer build -force \
-var "base_image=${BASE_IMAGE}" \
-var "cloud_init_iso=${CLOUD_WORKING_DIR}/cloud-init.iso" \
-var "output_dir=${PACKER_WORKING_DIR}" \
-var "appliance_name=${DISTRO}" \
"$DIR_CURR/fedora.pkr.hcl"


mv "$PACKER_WORKING_DIR/$DISTRO" "$DST"
rm -rf ${PACKER_WORKING_DIR}
rm -rf ${CLOUD_WORKING_DIR}
1 change: 1 addition & 0 deletions packer/fedora38
34 changes: 34 additions & 0 deletions packer/rhel8/10-upgrade-distro.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
#!/usr/bin/env bash

# (Auto)Removes unneeded packages and upgrades
# the distro.

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

# Make sure /etc/machine-id exists otherwise this can happen:
# https://bugzilla.redhat.com/show_bug.cgi?id=1737355
systemd-machine-id-setup

ln -sf ../usr/share/zoneinfo/UTC /etc/localtime

subscription-manager register \
--username "${RHEL_USER}" \
--password "${RHEL_PASSWORD}" \
--auto-attach \
--force

subscription-manager repos \
--enable codeready-builder-for-rhel-8-x86_64-rpms

dnf install -y "https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm"

dnf repolist enabled

dnf update -y

# Ensure packages needed for post-processing scripts do exist.
dnf install -y curl gawk grep jq sed

sync
55 changes: 55 additions & 0 deletions packer/rhel8/11-update-grub.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
#!/usr/bin/env bash

# Sets kernel command line (net.ifnames=0 is particularily important),
# then updates initramfs/initrd and grub2.

exec 1>&2
set -o errexit -o nounset -o pipefail
set -x

rm -rf /etc/default/grub.d/

# Drop unwanted.

gawk -i inplace -f- /etc/default/grub <<'EOF'
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<quiet\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<splash\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<console=ttyS[^ ]*\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<earlyprintk=ttyS[^ ]*\>/, "") }
/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<crashkernel=[^ ]*\>/, "crashkernel=no") }
{ print }
EOF

# Ensure required.

gawk -i inplace -f- /etc/default/grub <<'EOF'
/^GRUB_CMDLINE_LINUX=/ { found = 1 }
/^GRUB_CMDLINE_LINUX=/ && !/net.ifnames=0/ { gsub(/"$/, " net.ifnames=0\"") }
/^GRUB_CMDLINE_LINUX=/ && !/biosdevname=0/ { gsub(/"$/, " biosdevname=0\"") }
{ print }
END { if (!found) print "GRUB_CMDLINE_LINUX=\" net.ifnames=0 biosdevname=0\"" >> FILENAME }
EOF

gawk -i inplace -f- /etc/default/grub <<'EOF'
BEGIN { update = "GRUB_TIMEOUT=0" }
/^GRUB_TIMEOUT=/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >> FILENAME }
EOF

# Cleanup.

gawk -i inplace -f- /etc/default/grub <<'EOF'
{ gsub(/(" *| *")/, "\""); gsub(/ */, " ") }
{ print }
EOF

dnf install -y dracut-config-generic dracut-network

INITRAMFS_IMG=$(find /boot/ -maxdepth 1 -name 'initramfs-*.img' ! -name '*rescue*' ! -name '*kdump*' | sort -V | tail -1)
INITRAMFS_VER=$(sed -e 's/^.*initramfs-//' -e 's/\.img$//' <<< "$INITRAMFS_IMG")
dracut --force "$INITRAMFS_IMG" "$INITRAMFS_VER"

grub2-mkconfig -o /boot/grub2/grub.cfg

sync
80 changes: 80 additions & 0 deletions packer/rhel8/rhel.pkr.hcl
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
variable "base_image" {
type = string
}

variable "cloud_init_iso" {
type = string
}

variable "output_dir" {
type = string
}

variable "appliance_name" {
type = string
}

variable "serial" {
type = string
default = "stdio"
}

source "qemu" "rhel" {
accelerator = "kvm"
headless = true

memory = 2048

iso_url = var.base_image
iso_checksum = "none"

disk_image = true
disk_cache = "unsafe"
disk_size = 20480
format = "qcow2"

disk_interface = "virtio-scsi"
net_device = "virtio-net"

qemuargs = [
["-cpu", "host"],
["-cdrom", var.cloud_init_iso],
["-serial", var.serial],
]

ssh_username = "root"
ssh_password = "v-YC470*/9i2CX+y3fP:D+%Z-1g-|p4P"

shutdown_command = "poweroff"

output_directory = var.output_dir
vm_name = var.appliance_name
}

build {
sources = ["source.qemu.rhel"]

provisioner "shell" {
execute_command = "sudo -iu root {{.Vars}} bash {{.Path}}"
scripts = [
"packer/${var.appliance_name}/10-upgrade-distro.sh",
"packer/${var.appliance_name}/11-update-grub.sh",
]
}

provisioner "shell" {
expect_disconnect = true
inline = [
"sed -i -e 's:^SELINUX=.*:SELINUX=permissive:' /etc/selinux/config",
"fixfiles -F onboot",
"reboot",
]
}

provisioner "shell" {
inline = [
"sed -i -e 's:^SELINUX=.*:SELINUX=enforcing:' /etc/selinux/config",
"rm -rf /context",
]
}
}
23 changes: 23 additions & 0 deletions packer/rhel8/rhel.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
#cloud-config
growpart:
mode: auto
devices: [/]

disable_root: false

users:
- name: root
lock_passwd: false
hashed_passwd: $6$rounds=2000000$CZnmDr1iAnoCk$l5fEPfdtBpwfvOA1.Wn4Ipbh1Y.ahTPzNPZyXvaU2T4MtS907l8QqwMKLLa/8XMDpV2ZuXFUDX8aG2YqRX7mM1

ssh_pwauth: true

runcmd:
- |
gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
BEGIN { update = "PermitRootLogin yes" }
/^#*PermitRootLogin/ { $0 = update; found = 1 }
{ print }
END { if (!found) print update >>FILENAME }
EOF
- systemctl reload sshd
34 changes: 34 additions & 0 deletions packer/rhel8/run.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
#!/bin/bash
#
# QEMU_BINARY should be exported already

DISTRO=$1
DST=$2
DIR_CURR=$(dirname "$0")
BASE_IMAGE=$DIR_BASE/$DISTRO.img
PACKER_WORKING_DIR=$DIR_BUILD/_packer/$DISTRO
CLOUD_WORKING_DIR=$DIR_BUILD/_cloud-init/$DISTRO
mkdir -p "$PACKER_WORKING_DIR"
mkdir -p "$CLOUD_WORKING_DIR"

# create cloud-init iso
touch ${CLOUD_WORKING_DIR}/empty-meta-data
cloud-localds \
${CLOUD_WORKING_DIR}/cloud-init.iso \
${DIR_CURR}/rhel.yml \
${CLOUD_WORKING_DIR}/empty-meta-data

echo "DISTRO: [$DISTRO]"

packer build -force \
-var "base_image=${BASE_IMAGE}" \
-var "cloud_init_iso=${CLOUD_WORKING_DIR}/cloud-init.iso" \
-var "output_dir=${PACKER_WORKING_DIR}" \
-var "appliance_name=${DISTRO}" \
"$DIR_CURR/rhel.pkr.hcl"


mv "$PACKER_WORKING_DIR/$DISTRO" "$DST"
rm -rf ${PACKER_WORKING_DIR}
rm -rf ${CLOUD_WORKING_DIR}

0 comments on commit 73cfd78

Please sign in to comment.