Merge "Add minimal ubuntu and centos base elements"

elements/centos-minimal/README.md

@@ -0,0 +1,8 @@
+Create a minimal image based on CentOS 7.
+
+Use of this element will also require the tool 'rinse' to be
+available on your system. It should be available on Ubuntu and Debian.
+
+The `DIB_OFFLINE` or more specific `DIB_CENTOS_USE_RINSE_CACHE`
+variables can be set to prefer the use of a pre-cached root filesystem
+tarball.

elements/centos-minimal/element-deps

@@ -0,0 +1,4 @@
+dib-run-parts
+redhat-common
+rpm-distro
+yum

elements/centos-minimal/element-provides

@@ -0,0 +1 @@
+operating-system

elements/centos-minimal/environment.d/10-centos-distro-name.bash

@@ -0,0 +1 @@
+export DISTRO_NAME=centos7

elements/centos-minimal/packages/centos-7.packages

@@ -0,0 +1,119 @@
+#
+#  packages which we will need to download for a minimal installation for
+#  CentOS 7.x
+#
+
+audit-libs
+basesystem
+bash
+binutils
+bzip2-libs
+chkconfig
+cracklib
+cracklib-dicts
+crontabs
+coreutils
+libdb
+device-mapper
+e2fsprogs
+e2fsprogs-libs
+elfutils-libelf
+ethtool
+expat
+file-libs
+filesystem
+findutils
+gawk
+gdbm
+glib2
+glibc
+glibc-common
+grep
+info
+initscripts
+iputils
+keyutils-libs
+krb5-libs
+libacl
+libattr
+libcap
+libcom_err
+libgcc
+libidn
+libselinux
+libsepol
+libstdc++
+libsysfs
+libgcrypt
+dbus-libs
+libcurl
+lua
+libutempter
+libxml2
+libxml2-python
+logrotate
+lsof
+man-pages
+m2crypto
+mcstrans
+mlocate
+ncurses
+ncurses-libs
+neon
+net-tools
+nss
+nss-sysinit
+nss-softokn
+nss-softokn-freebl
+openldap
+libssh2
+cyrus-sasl-lib
+nss-util
+nspr
+openssl-libs
+pam
+passwd
+libuser
+ustr
+pcre
+popt
+procps-ng
+psmisc
+pygpgme
+python
+python-libs
+python-pycurl
+python-iniparse
+python-urlgrabber
+readline
+rpm
+rpm-libs
+rpm-python
+sed
+setup
+shadow-utils
+sudo
+centos-release
+sqlite
+rsyslog
+tzdata
+util-linux
+xz
+xz-libs
+yum
+yum-plugin-fastestmirror
+yum-plugin-keys
+yum-plugin-protectbase
+yum-metadata-parser
+yum-utils
+zlib
+libffi
+libsemanage
+libblkid
+libmount
+device-mapper-libs
+libestr
+gmp
+json-c
+libss
+libuuid

elements/centos-minimal/pkg-map

@@ -0,0 +1,7 @@
+{
+  "family": {
+    "redhat": {
+      "lsb_release": "redhat-lsb",
+    }
+  }
+}

elements/centos-minimal/root.d/08-rinse

@@ -0,0 +1,106 @@
+#!/bin/bash
+#
+# Copyright 2014 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+set -eu
+set -o pipefail
+
+if [ -f ${TARGET_ROOT}/.extra_settings ] ; then
+    . ${TARGET_ROOT}/.extra_settings
+fi
+# Override global DISTRO_NAME, because centos7 does not work for rinse
+DISTRO_NAME=centos
+DIB_RELEASE=${DIB_RELEASE:-7}
+DIB_RINSE_EXTRA_ARGS=${DIB_RINSE_EXTRA_ARGS:-}
+RINSE_TARBALL=$DIB_IMAGE_CACHE/rinse-${DISTRO_NAME}-${DIB_RELEASE}-${ARCH}.tar.gz
+DIB_DISTRIBUTION_MIRROR=${DIB_DISTRIBUTION_MIRROR:-http://mirror.centos.org/centos/7/os/x86_64/Packages/}
+http_proxy=${http_proxy:-}
+
+set -x
+if [ -n "$DIB_OFFLINE" -o -n "${DIB_CENTOS_USE_RINSE_CACHE:-}" ] && [ -f $RINSE_TARBALL ] ; then
+    echo $RINSE_TARBALL found in cache. Using.
+    sudo tar -C $TARGET_ROOT --numeric-owner -xzf $RINSE_TARBALL
+else
+
+    sudo sh -c "http_proxy=$http_proxy rinse \
+        --mirror $DIB_DISTRIBUTION_MIRROR \
+        --pkgs-dir $TMP_HOOKS_PATH/packages \
+        --arch $ARCH \
+        --distribution $DISTRO_NAME-$DIB_RELEASE \
+        --directory $TARGET_ROOT \
+        $DIB_RINSE_EXTRA_ARGS"
+
+    echo "Customizing result for cloud use"
+    (
+        cd $TARGET_ROOT
+        # effectively: febootstrap-minimize --keep-zoneinfo --keep-rpmdb --keep-services "$target"
+        # locales
+        sudo rm -rf usr/{{lib,share}/locale,{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive}
+        # docs
+        sudo rm -rf usr/share/{man,doc,info,gnome/help}
+        # cracklib
+        sudo rm -rf usr/share/cracklib
+        # i18n
+        sudo rm -rf usr/share/i18n
+        # yum cache
+        sudo rm -rf var/cache/yum
+        sudo mkdir -p --mode=0755 var/cache/yum
+        # sln
+        sudo rm -rf sbin/sln
+        # ldconfig
+        sudo rm -rf etc/ld.so.cache var/cache/ldconfig
+        sudo mkdir -p --mode=0755 var/cache/ldconfig
+
+        # allow networking init scripts inside the container to work without extra steps
+        cat << EOF | sudo tee etc/sysconfig/network > /dev/null
+NETWORKING=yes
+NETWORKING_IPV6=yes
+NOZEROCONF=yes
+EOF
+
+        for interface in eth0 eth1; do
+        cat << EOF | sudo tee etc/sysconfig/network-scripts/ifcfg-$interface > /dev/null
+DEVICE=eth0
+BOOTPROTO=dhcp
+ONBOOT=on
+EOF
+        done
+    )
+
+    sudo rm -f $TARGET_ROOT/*rpm
+    sudo umount $TARGET_ROOT/proc
+    sudo umount $TARGET_ROOT/sys
+    cat << EOF | sudo tee ${TARGET_ROOT}/etc/fstab > /dev/null
+proc /proc proc nodev,noexec,nosuid 0 0
+LABEL=${DIB_ROOT_LABEL} / ext4 errors=remount-ro 0 1
+EOF
+
+    # The filesystem package as shipped is broken. For reasons I don't fully
+    # understand, rinse installs files into proper dirs, but subsequent RPM
+    # operations expect these locations to be symlinks. If this next block
+    # is not executed, yum installs or updates will fail with a cryptic cpio
+    # failure. Moving the files in /sbin and /lib64 to /usr/sbin and /usr/lib64
+    # and then making symlinks makes rpm happy.
+    for broken in lib64 sbin ; do
+        sudo cp -a $TARGET_ROOT/$broken/* $TARGET_ROOT/usr/$broken
+        sudo rm -rf $TARGET_ROOT/$broken
+        sudo ln -s usr/$broken $TARGET_ROOT/$broken
+    done
+
+    echo Caching rinse result in $RINSE_TARBALL
+    sudo tar --numeric-owner -C $TARGET_ROOT -zcf $RINSE_TARBALL --exclude='./tmp/*' .
+fi
+
+sudo rm -f ${TARGET_ROOT}/.extra_settings

elements/ubuntu-minimal/README.md

@@ -0,0 +1,20 @@
+Create a minimal image based on Ubuntu. We default to trusty but DIB_RELEASE
+is mapped to any series of Ubuntu.
+
+If necessary, a custom apt keyring and debootstrap script can be
+supplied to the `debootstrap` command via `DIB_DEBIAN_KEYRING` and
+`DIB_DEBIAN_DEBOOTSTRAP_SCRIPT` respectively. Both options require the
+use of absolute rather than relative paths.
+
+Use of this element will also require the tool 'debootstrap' to be
+available on your system. It should be available on Ubuntu, Debian,
+and Fedora.
+
+The `DIB_OFFLINE` or more specific `DIB_DEBIAN_USE_DEBOOTSTRAP_CACHE`
+variables can be set to prefer the use of a pre-cached root filesystem
+tarball.
+
+The `DIB_DEBOOTSTRAP_EXTRA_ARGS` environment variable may be used to
+pass extra arguments to the debootstrap command used to create the
+base filesystem image. If --keyring is is used in `DIB_DEBOOTSTRAP_EXTRA_ARGS`,
+it will override `DIB_DEBIAN_KEYRING` if that is used as well.

elements/ubuntu-minimal/element-deps

@@ -0,0 +1,2 @@
+dib-run-parts
+dpkg

elements/ubuntu-minimal/element-provides

@@ -0,0 +1 @@
+operating-system

elements/ubuntu-minimal/environment.d/10-ubuntu-distro-name.bash

@@ -0,0 +1,2 @@
+export DISTRO_NAME=ubuntu
+export DIB_RELEASE=${DIB_RELEASE:-trusty}

elements/ubuntu-minimal/package-installs.yaml

@@ -0,0 +1,6 @@
+adduser:
+locales:
+ca-certificates:
+cloud-initramfs-growroot:
+lsb-release:
+  phase: pre-install.d

elements/ubuntu-minimal/pre-install.d/05-apt-update

@@ -0,0 +1,35 @@
+#!/bin/bash
+# Copyright (c) 2014 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+#
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -eu
+set -o pipefail
+
+DIB_DISTRIBUTION_MIRROR=${DIB_DISTRIBUTION_MIRROR:-http://archive.ubuntu.com/ubuntu}
+
+# We should manage this in a betterer way
+cat << EOF >/etc/apt/sources.list
+deb $DIB_DISTRIBUTON_MIRROR $DIB_RELEASE main restricted universe
+deb $DIB_DISTRIBUTON_MIRROR $DIB_RELEASE-updates main restricted universe
+deb $DIB_DISTRIBUTON_MIRROR $DIB_RELEASE-backports main restricted universe
+deb $DIB_DISTRIBUTON_MIRROR $DIB_RELEASE-security main restricted universe
+EOF
+
+# Need to update to retrieve the signed Release file
+apt-get update
+
+apt-get clean
+apt-get dist-upgrade -y

elements/ubuntu-minimal/root.d/08-debootstrap-ubuntu

@@ -0,0 +1,82 @@
+#!/bin/bash
+#
+# Copyright 2014 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+set -eu
+set -o pipefail
+if [ -f ${TARGET_ROOT}/.extra_settings ] ; then
+    . ${TARGET_ROOT}/.extra_settings
+fi
+
+[ -n "$DISTRO_NAME" ]
+[ -n "$DIB_RELEASE" ]
+
+DIB_DEBOOTSTRAP_EXTRA_ARGS=${DIB_DEBOOTSTRAP_EXTRA_ARGS:-}
+DEBOOTSTRAP_TARBALL=$DIB_IMAGE_CACHE/debootstrap-${DISTRO_NAME}-${DIB_RELEASE}-${ARCH}.tar.gz
+DIB_DISTRIBUTION_MIRROR=${DIB_DISTRIBUTION_MIRROR:-http://archive.ubuntu.com/ubuntu}
+http_proxy=${http_proxy:-}
+
+set -x
+if [ -n "$DIB_OFFLINE" -o -n "${DIB_DEBIAN_USE_DEBOOTSTRAP_CACHE:-}" ] && [ -f $DEBOOTSTRAP_TARBALL ] ; then
+    echo $DEBOOTSTRAP_TARBALL found in cache. Using.
+    sudo tar -C $TARGET_ROOT --numeric-owner -xzf $DEBOOTSTRAP_TARBALL
+else
+
+    KEYRING_OPT=
+    if [ -n "${DIB_DEBIAN_KEYRING:-}" ] ; then
+        KEYRING_OPT="--keyring=${DIB_DEBIAN_KEYRING}"
+    fi
+
+    # Have to --include=python because of dib-run-parts
+    # Have to --include=sudo for pre-install.d use of sudoers files
+    sudo sh -c "http_proxy=$http_proxy debootstrap --verbose \
+        --variant=minbase \
+        --include=python,sudo \
+        --components=main,restricted,universe \
+        --arch=${ARCH} \
+        $KEYRING_OPT \
+        $DIB_DEBOOTSTRAP_EXTRA_ARGS \
+        $DIB_RELEASE \
+        $TARGET_ROOT \
+        $DIB_DISTRIBUTION_MIRROR \
+        ${DIB_DEBIAN_DEBOOTSTRAP_SCRIPT:-}"
+
+    echo "Customizing result for cloud use"
+
+    sudo install -d -m 0755 -o root -g root ${TARGET_ROOT}/etc/sudoers.d
+
+    cat << EOF | sudo tee ${TARGET_ROOT}/etc/fstab > /dev/null
+proc /proc proc nodev,noexec,nosuid 0 0
+LABEL=${DIB_ROOT_LABEL} / ext4 errors=remount-ro 0 1
+EOF
+    sudo sh -c "echo 'blacklist pcspkr' > ${TARGET_ROOT}/etc/modprobe.d/blacklist.conf"
+
+    # It would be eversogreat if we didn't need to do crap like this
+    sudo sh -c "echo 'ubuntu' > ${TARGET_ROOT}/etc/hostname"
+
+    # cloud images expect eth0 and eth1 to use dhcp.
+    sudo mkdir -p ${TARGET_ROOT}/etc/network/interfaces.d
+    for interface in eth0 eth1; do
+        cat << EOF | sudo tee ${TARGET_ROOT}/etc/network/interfaces.d/$interface
+auto $interface
+iface $interface inet dhcp
+EOF
+    done
+
+    echo Caching debootstrap result in $DEBOOTSTRAP_TARBALL
+    sudo tar --numeric-owner -C $TARGET_ROOT -zcf $DEBOOTSTRAP_TARBALL --exclude='./tmp/*' .
+fi
+
+sudo rm -f ${TARGET_ROOT}/.extra_settings