Skip to content

Commit

Permalink
feat: add alma8 and alma9 packer configs
Browse files Browse the repository at this point in the history
  • Loading branch information
lleyton committed Feb 12, 2024
1 parent 5b9b16b commit 849a709
Show file tree
Hide file tree
Showing 8 changed files with 577 additions and 0 deletions.
20 changes: 20 additions & 0 deletions alma8/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
#!/usr/bin/make -f

include ../scripts/check.mk

PACKER ?= packer
PACKER_LOG ?= 0

export PACKER_LOG

.PHONY: all clean

all: alma8.tar.gz

$(eval $(call check_packages_deps))

alma8.tar.gz: check-deps clean
${PACKER} init alma8.pkr.hcl && ${PACKER} build alma8.pkr.hcl

clean:
${RM} -rf output-alma8 alma8.tar.gz
77 changes: 77 additions & 0 deletions alma8/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
# Alma 8 Packer template for MAAS

## Introduction

The Packer template in this directory creates a Alma 8 AMD64 image for use with MAAS.

## Prerequisites to create the image

* A machine running Ubuntu 18.04+ with the ability to run KVM virtual machines.
* qemu-utils, libnbd-bin, nbdkit and fuse2fs
* [Packer.](https://www.packer.io/intro/getting-started/install.html), v1.7.0 or newer

## Requirements to deploy the image

* [MAAS](https://maas.io) 3.3 or later, as that version introduces support for Alma
* [Curtin](https://launchpad.net/curtin) 22.1. If you have a MAAS with an earlier Curtin version, you can [patch](https://code.launchpad.net/~xnox/curtin/+git/curtin/+merge/415604) distro.py to deploy Alma.

## Customizing the image

You can customize the deployment image by modifying http/alma.ks. See the [RHEL kickstart documentation](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user#part-or-partition_kickstart-commands-for-handling-storage) for more information.

## Building the image using a proxy

The Packer template downloads the Alma ISO image from the Internet. You can tell Packer to use a proxy by setting the HTTP_PROXY environment variable to point to your proxy server. You can also redefine alma_iso_url to a local file. If you want to skip the base image integrity check, set iso_checksum_type to none and remove iso_checksum.

To use a proxy during the installation define the `KS_PROXY` variable in the environment, as bellow:

```shell
export KS_PROXY="\"${HTTP_PROXY}\""
```

# Building the image using a kickstart mirror

To tell Packer to use a specific mirror set the `KS_MIRROR` environment variable
poiniting to the mirror URL.

```shell
export KS_MIRROR="https://repo.almalinux.org/almalinux/8"
```

## Building an image

You can build the image using the Makefile:

```shell
make
```

You can also manually run packer. Set your current working directory to packer-maas/alma8, where this file resides, and generate an image with:

```shell
packer init
PACKER_LOG=1 packer build .
```

The installation runs in a non-interactive mode.

Note: alma8.pkr.hcl runs Packer in headless mode, with the serial port output from qemu redirected to stdio to give feedback on image creation process. If you wish to see more, change the value of `headless` to `false` in alma8.pkr.hcl, remove `[ "-serial", "stdio" ]` from `qemuargs` section and select `View`, then `serial0` in the qemu window that appears during build. This lets you watch progress of the image build script. Press `ctrl-b 2` to switch to shell to explore more, and `ctrl-b 1` to go back to log view.

## Uploading an image to MAAS

```shell
maas $PROFILE boot-resources create name='custom/alma8' \
title='Alma 8 Custom' architecture='amd64/generic' \
base_image='rhel/8' filetype='tgz' \
content@=alma8.tar.gz
```

## Default username

MAAS uses cloud-init to create ```cloud-user``` account using the ssh keys configured for the MAAS admin user (e.g. imported from Launchpad). Log in to the machine:

```shell
ssh -i ~/.ssh/<your_identity_file> cloud-user@<machine-ip-address>
```

Next to that, the kickstart script creates an account with both username and password set to ```alma```. Note that the default sshd configuration in Alma 8 disallows password-based authentication when logging in via ssh, so trying `ssh alma@<machine-ip-address>` will fail. Password-based authentication can be enabled by having `PasswordAuthentication yes` in /etc/ssh/sshd_config after logging in with ```cloud-user```. Perhaps there is a way to make that change using kickstart script, but it is not obvious as ```anaconda```, the installer, makes its own changes to sshd_config file during installation. If you know how to do this, a PR is welcome.
101 changes: 101 additions & 0 deletions alma8/alma8.pkr.hcl
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
packer {
required_version = ">= 1.7.0"
required_plugins {
qemu = {
version = "~> 1.0"
source = "github.com/hashicorp/qemu"
}
}
}

variable "filename" {
type = string
default = "alma8.tar.gz"
description = "The filename of the tarball to produce"
}

variable "alma_iso_url" {
type = string
default = "https://repo.almalinux.org/almalinux/8/isos/x86_64/AlmaLinux-8-latest-x86_64-boot.iso"
}

variable "alma_sha256sum_url" {
type = string
default = "https://repo.almalinux.org/almalinux/8/isos/x86_64/CHECKSUM"
}

# use can use "--url" to specify the exact url for os repo
# for ex. "--url='https://repo.almalinux.org/almalinux/8/BaseOS/x86_64/os'"
variable "ks_os_repos" {
type = string
default = "--mirrorlist='https://mirrors.almalinux.org/mirrorlist/8/baseos'"
}

# Use --baseurl to specify the exact url for appstream repo
# for ex. "--baseurl='https://repo.almalinux.org/almalinux/8/AppStream/x86_64/os'"
variable "ks_appstream_repos" {
type = string
default = "--mirrorlist='https://mirrors.almalinux.org/mirrorlist/8/appstream'"
}

# Use --baseurl to specify the exact url for extras repo
# for ex. "--baseurl='https://repo.almalinux.org/almalinux/8/extras/x86_64/os'"
variable "ks_extras_repos" {
type = string
default = "--mirrorlist='https://mirrors.almalinux.org/mirrorlist/8/extras'"
}

variable ks_proxy {
type = string
default = "${env("KS_PROXY")}"
}

variable ks_mirror {
type = string
default = "${env("KS_MIRROR")}"
}

locals {
ks_proxy = var.ks_proxy != "" ? "--proxy=${var.ks_proxy}" : ""
ks_os_repos = var.ks_mirror != "" ? "--url=${var.ks_mirror}/BaseOS/x86_64/os" : var.ks_os_repos
ks_appstream_repos = var.ks_mirror != "" ? "--baseurl=${var.ks_mirror}/AppStream/x86_64/os" : var.ks_appstream_repos
ks_extras_repos = var.ks_mirror != "" ? "--baseurl=${var.ks_mirror}/extras/x86_64/os" : var.ks_extras_repos
}

source "qemu" "alma8" {
boot_command = ["<up><tab> ", "inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/alma8.ks ", "console=ttyS0 inst.cmdline", "<enter>"]
boot_wait = "3s"
communicator = "none"
disk_size = "4G"
headless = true
iso_checksum = "file:${var.alma_sha256sum_url}"
iso_url = var.alma_iso_url
memory = 2048
qemuargs = [["-serial", "stdio"]]
shutdown_timeout = "1h"
http_content = {
"/alma8.ks" = templatefile("${path.root}/http/alma8.ks.pkrtpl.hcl",
{
KS_PROXY = local.ks_proxy,
KS_OS_REPOS = local.ks_os_repos,
KS_APPSTREAM_REPOS = local.ks_appstream_repos,
KS_EXTRAS_REPOS = local.ks_extras_repos
}
)
}
}

build {
sources = ["source.qemu.alma8"]

post-processor "shell-local" {
inline = [
"SOURCE=${source.name}",
"OUTPUT=${var.filename}",
"source ../scripts/fuse-nbd",
"source ../scripts/fuse-tar-root",
"rm -rf output-${source.name}",
]
inline_shebang = "/bin/bash -e"
}
}
113 changes: 113 additions & 0 deletions alma8/http/alma8.ks.pkrtpl.hcl
Original file line number Diff line number Diff line change
@@ -0,0 +1,113 @@
url ${KS_OS_REPOS} ${KS_PROXY}
repo --name="AppStream" ${KS_APPSTREAM_REPOS} ${KS_PROXY}
repo --name="Extras" ${KS_EXTRAS_REPOS} ${KS_PROXY}

eula --agreed

# Turn off after installation
poweroff

# Do not start the Inital Setup app
firstboot --disable

# System language, keyboard and timezone
lang en_US.UTF-8
keyboard us
timezone UTC --isUtc

# Set the first NIC to acquire IPv4 address via DHCP
network --device eth0 --bootproto=dhcp
# Enable firewal, let SSH through
firewall --enabled --service=ssh
# Enable SELinux with default enforcing policy
selinux --enforcing

# Do not set up XX Window System
skipx

# Initial disk setup
# Use the first paravirtualized disk
ignoredisk --only-use=vda
# Place the bootloader on the Master Boot Record
bootloader --location=mbr --driveorder="vda" --timeout=1
# Wipe invalid partition tables
zerombr
# Erase all partitions and assign default labels
clearpart --all --initlabel
# Initialize the primary root partition with ext4 filesystem
part / --size=1 --grow --asprimary --fstype=ext4

# Set root password
rootpw --plaintext password

# Add a user named packer
user --groups=wheel --name=alma --password=alma --plaintext --gecos="alma"

%post --erroronfail
# workaround anaconda requirements and clear root password
passwd -d root
passwd -l root

# Clean up install config not applicable to deployed environments.
for f in resolv.conf fstab; do
rm -f /etc/$f
touch /etc/$f
chown root:root /etc/$f
chmod 644 /etc/$f
done

rm -f /etc/sysconfig/network-scripts/ifcfg-[^lo]*

# Kickstart copies install boot options. Serial is turned on for logging with
# Packer which disables console output. Disable it so console output is shown
# during deployments
sed -i 's/^GRUB_TERMINAL=.*/GRUB_TERMINAL_OUTPUT="console"/g' /etc/default/grub
sed -i '/GRUB_SERIAL_COMMAND="serial"/d' /etc/default/grub
sed -ri 's/(GRUB_CMDLINE_LINUX=".*)\s+console=ttyS0(.*")/\1\2/' /etc/default/grub
sed -i 's/"GRUB_ENABLE_BLSCFG=.*"/"GRUB_ENABLE_BLSCFG=false"/g' /etc/default/grub

yum clean all

# Passwordless sudo for the user 'alma'
echo "alma ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/alma
chmod 440 /etc/sudoers.d/alma

#---- Optional - Install your SSH key ----
# mkdir -m0700 /home/alma/.ssh/
#
# cat <<EOF >/home/alma/.ssh/authorized_keys
# ssh-rsa <your_public_key_here> [email protected]
# EOF
#
### set permissions
# chmod 0600 /home/alma/.ssh/authorized_keys
#
#### fix up selinux context
# restorecon -R /home/alma/.ssh/

%end

%packages
@Core
bash-completion
cloud-init
cloud-utils-growpart
rsync
tar
patch
yum-utils
grub2-efi-x64
shim-x64
grub2-efi-x64-modules
efibootmgr
dosfstools
lvm2
mdadm
device-mapper-multipath
iscsi-initiator-utils
-plymouth
# Remove ALSA firmware
-a*-firmware
# Remove Intel wireless firmware
-i*-firmware
%end
25 changes: 25 additions & 0 deletions alma9/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
#!/usr/bin/make -f

include ../scripts/check.mk

PACKER ?= packer
PACKER_LOG ?= 0

export PACKER_LOG KS_PROXY

.PHONY: all clean

all: alma9.tar.gz

$(eval $(call check_packages_deps))

alma9.tar.gz: check-deps clean http/alma.ks
${PACKER} init alma9.pkr.hcl && ${PACKER} build alma9.pkr.hcl

http/alma.ks: http/alma.ks.in
envsubst '$${KS_PROXY}' < $< | tee $@

clean:
${RM} -rf output-alma9 alma9.tar.gz http/alma.ks

.INTERMEDIATE: http/alma.ks
Loading

0 comments on commit 849a709

Please sign in to comment.