From af2862a2be1691bf99ae1dd27092eccfd3158547 Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Sat, 22 Nov 2014 18:46:33 -0500 Subject: [PATCH] Add minimal ubuntu and centos base elements There are times when a much more stripped down base image is desired over the distro cloud images. For instance, Infra would like some base images that do not have cloud-init or really much of anything else. This is easy to accomplish with debootstrap and rinse. Change-Id: I44ff22457165afb048fdaea469210ae47d83dd3f --- elements/centos-minimal/README.md | 8 ++ elements/centos-minimal/element-deps | 4 + elements/centos-minimal/element-provides | 1 + .../environment.d/10-centos-distro-name.bash | 1 + .../centos-minimal/packages/centos-7.packages | 119 ++++++++++++++++++ elements/centos-minimal/pkg-map | 7 ++ elements/centos-minimal/root.d/08-rinse | 106 ++++++++++++++++ elements/ubuntu-minimal/README.md | 20 +++ elements/ubuntu-minimal/element-deps | 2 + elements/ubuntu-minimal/element-provides | 1 + .../environment.d/10-ubuntu-distro-name.bash | 2 + elements/ubuntu-minimal/package-installs.yaml | 6 + .../pre-install.d/05-apt-update | 35 ++++++ .../root.d/08-debootstrap-ubuntu | 82 ++++++++++++ 14 files changed, 394 insertions(+) create mode 100644 elements/centos-minimal/README.md create mode 100644 elements/centos-minimal/element-deps create mode 100644 elements/centos-minimal/element-provides create mode 100644 elements/centos-minimal/environment.d/10-centos-distro-name.bash create mode 100644 elements/centos-minimal/packages/centos-7.packages create mode 100644 elements/centos-minimal/pkg-map create mode 100755 elements/centos-minimal/root.d/08-rinse create mode 100644 elements/ubuntu-minimal/README.md create mode 100644 elements/ubuntu-minimal/element-deps create mode 100644 elements/ubuntu-minimal/element-provides create mode 100644 elements/ubuntu-minimal/environment.d/10-ubuntu-distro-name.bash create mode 100644 elements/ubuntu-minimal/package-installs.yaml create mode 100755 elements/ubuntu-minimal/pre-install.d/05-apt-update create mode 100755 elements/ubuntu-minimal/root.d/08-debootstrap-ubuntu diff --git a/elements/centos-minimal/README.md b/elements/centos-minimal/README.md new file mode 100644 index 00000000..e8d0a33d --- /dev/null +++ b/elements/centos-minimal/README.md @@ -0,0 +1,8 @@ +Create a minimal image based on CentOS 7. + +Use of this element will also require the tool 'rinse' to be +available on your system. It should be available on Ubuntu and Debian. + +The `DIB_OFFLINE` or more specific `DIB_CENTOS_USE_RINSE_CACHE` +variables can be set to prefer the use of a pre-cached root filesystem +tarball. diff --git a/elements/centos-minimal/element-deps b/elements/centos-minimal/element-deps new file mode 100644 index 00000000..d26d0115 --- /dev/null +++ b/elements/centos-minimal/element-deps @@ -0,0 +1,4 @@ +dib-run-parts +redhat-common +rpm-distro +yum diff --git a/elements/centos-minimal/element-provides b/elements/centos-minimal/element-provides new file mode 100644 index 00000000..a72e0496 --- /dev/null +++ b/elements/centos-minimal/element-provides @@ -0,0 +1 @@ +operating-system diff --git a/elements/centos-minimal/environment.d/10-centos-distro-name.bash b/elements/centos-minimal/environment.d/10-centos-distro-name.bash new file mode 100644 index 00000000..16184a3f --- /dev/null +++ b/elements/centos-minimal/environment.d/10-centos-distro-name.bash @@ -0,0 +1 @@ +export DISTRO_NAME=centos7 diff --git a/elements/centos-minimal/packages/centos-7.packages b/elements/centos-minimal/packages/centos-7.packages new file mode 100644 index 00000000..72576227 --- /dev/null +++ b/elements/centos-minimal/packages/centos-7.packages @@ -0,0 +1,119 @@ +# +# packages which we will need to download for a minimal installation for +# CentOS 7.x +# + +audit-libs +basesystem +bash +binutils +bzip2-libs +chkconfig +cracklib +cracklib-dicts +crontabs +coreutils +libdb +device-mapper +e2fsprogs +e2fsprogs-libs +elfutils-libelf +ethtool +expat +file-libs +filesystem +findutils +gawk +gdbm +glib2 +glibc +glibc-common +grep +info +initscripts +iputils +keyutils-libs +krb5-libs +libacl +libattr +libcap +libcom_err +libgcc +libidn +libselinux +libsepol +libstdc++ +libsysfs +libgcrypt +dbus-libs +libcurl +lua +libutempter +libxml2 +libxml2-python +logrotate +lsof +man-pages +m2crypto +mcstrans +mlocate +ncurses +ncurses-libs +neon +net-tools +nss +nss-sysinit +nss-softokn +nss-softokn-freebl +openldap +libssh2 +cyrus-sasl-lib +nss-util +nspr +openssl-libs +pam +passwd +libuser +ustr +pcre +popt +procps-ng +psmisc +pygpgme +python +python-libs +python-pycurl +python-iniparse +python-urlgrabber +readline +rpm +rpm-libs +rpm-python +sed +setup +shadow-utils +sudo +centos-release +sqlite +rsyslog +tzdata +util-linux +xz +xz-libs +yum +yum-plugin-fastestmirror +yum-plugin-keys +yum-plugin-protectbase +yum-metadata-parser +yum-utils +zlib +libffi +libsemanage +libblkid +libmount +device-mapper-libs +libestr +gmp +json-c +libss +libuuid diff --git a/elements/centos-minimal/pkg-map b/elements/centos-minimal/pkg-map new file mode 100644 index 00000000..53ace560 --- /dev/null +++ b/elements/centos-minimal/pkg-map @@ -0,0 +1,7 @@ +{ + "family": { + "redhat": { + "lsb_release": "redhat-lsb", + } + } +} diff --git a/elements/centos-minimal/root.d/08-rinse b/elements/centos-minimal/root.d/08-rinse new file mode 100755 index 00000000..d2d59c90 --- /dev/null +++ b/elements/centos-minimal/root.d/08-rinse @@ -0,0 +1,106 @@ +#!/bin/bash +# +# Copyright 2014 Hewlett-Packard Development Company, L.P. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +set -eu +set -o pipefail + +if [ -f ${TARGET_ROOT}/.extra_settings ] ; then + . ${TARGET_ROOT}/.extra_settings +fi +# Override global DISTRO_NAME, because centos7 does not work for rinse +DISTRO_NAME=centos +DIB_RELEASE=${DIB_RELEASE:-7} +DIB_RINSE_EXTRA_ARGS=${DIB_RINSE_EXTRA_ARGS:-} +RINSE_TARBALL=$DIB_IMAGE_CACHE/rinse-${DISTRO_NAME}-${DIB_RELEASE}-${ARCH}.tar.gz +DIB_DISTRIBUTION_MIRROR=${DIB_DISTRIBUTION_MIRROR:-http://mirror.centos.org/centos/7/os/x86_64/Packages/} +http_proxy=${http_proxy:-} + +set -x +if [ -n "$DIB_OFFLINE" -o -n "${DIB_CENTOS_USE_RINSE_CACHE:-}" ] && [ -f $RINSE_TARBALL ] ; then + echo $RINSE_TARBALL found in cache. Using. + sudo tar -C $TARGET_ROOT --numeric-owner -xzf $RINSE_TARBALL +else + + sudo sh -c "http_proxy=$http_proxy rinse \ + --mirror $DIB_DISTRIBUTION_MIRROR \ + --pkgs-dir $TMP_HOOKS_PATH/packages \ + --arch $ARCH \ + --distribution $DISTRO_NAME-$DIB_RELEASE \ + --directory $TARGET_ROOT \ + $DIB_RINSE_EXTRA_ARGS" + + echo "Customizing result for cloud use" + ( + cd $TARGET_ROOT + # effectively: febootstrap-minimize --keep-zoneinfo --keep-rpmdb --keep-services "$target" + # locales + sudo rm -rf usr/{{lib,share}/locale,{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive} + # docs + sudo rm -rf usr/share/{man,doc,info,gnome/help} + # cracklib + sudo rm -rf usr/share/cracklib + # i18n + sudo rm -rf usr/share/i18n + # yum cache + sudo rm -rf var/cache/yum + sudo mkdir -p --mode=0755 var/cache/yum + # sln + sudo rm -rf sbin/sln + # ldconfig + sudo rm -rf etc/ld.so.cache var/cache/ldconfig + sudo mkdir -p --mode=0755 var/cache/ldconfig + + # allow networking init scripts inside the container to work without extra steps + cat << EOF | sudo tee etc/sysconfig/network > /dev/null +NETWORKING=yes +NETWORKING_IPV6=yes +NOZEROCONF=yes +EOF + + for interface in eth0 eth1; do + cat << EOF | sudo tee etc/sysconfig/network-scripts/ifcfg-$interface > /dev/null +DEVICE=eth0 +BOOTPROTO=dhcp +ONBOOT=on +EOF + done + ) + + sudo rm -f $TARGET_ROOT/*rpm + sudo umount $TARGET_ROOT/proc + sudo umount $TARGET_ROOT/sys + cat << EOF | sudo tee ${TARGET_ROOT}/etc/fstab > /dev/null +proc /proc proc nodev,noexec,nosuid 0 0 +LABEL=${DIB_ROOT_LABEL} / ext4 errors=remount-ro 0 1 +EOF + + # The filesystem package as shipped is broken. For reasons I don't fully + # understand, rinse installs files into proper dirs, but subsequent RPM + # operations expect these locations to be symlinks. If this next block + # is not executed, yum installs or updates will fail with a cryptic cpio + # failure. Moving the files in /sbin and /lib64 to /usr/sbin and /usr/lib64 + # and then making symlinks makes rpm happy. + for broken in lib64 sbin ; do + sudo cp -a $TARGET_ROOT/$broken/* $TARGET_ROOT/usr/$broken + sudo rm -rf $TARGET_ROOT/$broken + sudo ln -s usr/$broken $TARGET_ROOT/$broken + done + + echo Caching rinse result in $RINSE_TARBALL + sudo tar --numeric-owner -C $TARGET_ROOT -zcf $RINSE_TARBALL --exclude='./tmp/*' . +fi + +sudo rm -f ${TARGET_ROOT}/.extra_settings diff --git a/elements/ubuntu-minimal/README.md b/elements/ubuntu-minimal/README.md new file mode 100644 index 00000000..bb92224f --- /dev/null +++ b/elements/ubuntu-minimal/README.md @@ -0,0 +1,20 @@ +Create a minimal image based on Ubuntu. We default to trusty but DIB_RELEASE +is mapped to any series of Ubuntu. + +If necessary, a custom apt keyring and debootstrap script can be +supplied to the `debootstrap` command via `DIB_DEBIAN_KEYRING` and +`DIB_DEBIAN_DEBOOTSTRAP_SCRIPT` respectively. Both options require the +use of absolute rather than relative paths. + +Use of this element will also require the tool 'debootstrap' to be +available on your system. It should be available on Ubuntu, Debian, +and Fedora. + +The `DIB_OFFLINE` or more specific `DIB_DEBIAN_USE_DEBOOTSTRAP_CACHE` +variables can be set to prefer the use of a pre-cached root filesystem +tarball. + +The `DIB_DEBOOTSTRAP_EXTRA_ARGS` environment variable may be used to +pass extra arguments to the debootstrap command used to create the +base filesystem image. If --keyring is is used in `DIB_DEBOOTSTRAP_EXTRA_ARGS`, +it will override `DIB_DEBIAN_KEYRING` if that is used as well. diff --git a/elements/ubuntu-minimal/element-deps b/elements/ubuntu-minimal/element-deps new file mode 100644 index 00000000..6f4b1e0d --- /dev/null +++ b/elements/ubuntu-minimal/element-deps @@ -0,0 +1,2 @@ +dib-run-parts +dpkg diff --git a/elements/ubuntu-minimal/element-provides b/elements/ubuntu-minimal/element-provides new file mode 100644 index 00000000..a72e0496 --- /dev/null +++ b/elements/ubuntu-minimal/element-provides @@ -0,0 +1 @@ +operating-system diff --git a/elements/ubuntu-minimal/environment.d/10-ubuntu-distro-name.bash b/elements/ubuntu-minimal/environment.d/10-ubuntu-distro-name.bash new file mode 100644 index 00000000..2860427c --- /dev/null +++ b/elements/ubuntu-minimal/environment.d/10-ubuntu-distro-name.bash @@ -0,0 +1,2 @@ +export DISTRO_NAME=ubuntu +export DIB_RELEASE=${DIB_RELEASE:-trusty} diff --git a/elements/ubuntu-minimal/package-installs.yaml b/elements/ubuntu-minimal/package-installs.yaml new file mode 100644 index 00000000..3e434d5a --- /dev/null +++ b/elements/ubuntu-minimal/package-installs.yaml @@ -0,0 +1,6 @@ +adduser: +locales: +ca-certificates: +cloud-initramfs-growroot: +lsb-release: + phase: pre-install.d diff --git a/elements/ubuntu-minimal/pre-install.d/05-apt-update b/elements/ubuntu-minimal/pre-install.d/05-apt-update new file mode 100755 index 00000000..6511e233 --- /dev/null +++ b/elements/ubuntu-minimal/pre-install.d/05-apt-update @@ -0,0 +1,35 @@ +#!/bin/bash +# Copyright (c) 2014 Hewlett-Packard Development Company, L.P. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# +# See the License for the specific language governing permissions and +# limitations under the License. + +set -eu +set -o pipefail + +DIB_DISTRIBUTION_MIRROR=${DIB_DISTRIBUTION_MIRROR:-http://archive.ubuntu.com/ubuntu} + +# We should manage this in a betterer way +cat << EOF >/etc/apt/sources.list +deb $DIB_DISTRIBUTON_MIRROR $DIB_RELEASE main restricted universe +deb $DIB_DISTRIBUTON_MIRROR $DIB_RELEASE-updates main restricted universe +deb $DIB_DISTRIBUTON_MIRROR $DIB_RELEASE-backports main restricted universe +deb $DIB_DISTRIBUTON_MIRROR $DIB_RELEASE-security main restricted universe +EOF + +# Need to update to retrieve the signed Release file +apt-get update + +apt-get clean +apt-get dist-upgrade -y diff --git a/elements/ubuntu-minimal/root.d/08-debootstrap-ubuntu b/elements/ubuntu-minimal/root.d/08-debootstrap-ubuntu new file mode 100755 index 00000000..eb6552a1 --- /dev/null +++ b/elements/ubuntu-minimal/root.d/08-debootstrap-ubuntu @@ -0,0 +1,82 @@ +#!/bin/bash +# +# Copyright 2014 Hewlett-Packard Development Company, L.P. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +set -eu +set -o pipefail +if [ -f ${TARGET_ROOT}/.extra_settings ] ; then + . ${TARGET_ROOT}/.extra_settings +fi + +[ -n "$DISTRO_NAME" ] +[ -n "$DIB_RELEASE" ] + +DIB_DEBOOTSTRAP_EXTRA_ARGS=${DIB_DEBOOTSTRAP_EXTRA_ARGS:-} +DEBOOTSTRAP_TARBALL=$DIB_IMAGE_CACHE/debootstrap-${DISTRO_NAME}-${DIB_RELEASE}-${ARCH}.tar.gz +DIB_DISTRIBUTION_MIRROR=${DIB_DISTRIBUTION_MIRROR:-http://archive.ubuntu.com/ubuntu} +http_proxy=${http_proxy:-} + +set -x +if [ -n "$DIB_OFFLINE" -o -n "${DIB_DEBIAN_USE_DEBOOTSTRAP_CACHE:-}" ] && [ -f $DEBOOTSTRAP_TARBALL ] ; then + echo $DEBOOTSTRAP_TARBALL found in cache. Using. + sudo tar -C $TARGET_ROOT --numeric-owner -xzf $DEBOOTSTRAP_TARBALL +else + + KEYRING_OPT= + if [ -n "${DIB_DEBIAN_KEYRING:-}" ] ; then + KEYRING_OPT="--keyring=${DIB_DEBIAN_KEYRING}" + fi + + # Have to --include=python because of dib-run-parts + # Have to --include=sudo for pre-install.d use of sudoers files + sudo sh -c "http_proxy=$http_proxy debootstrap --verbose \ + --variant=minbase \ + --include=python,sudo \ + --components=main,restricted,universe \ + --arch=${ARCH} \ + $KEYRING_OPT \ + $DIB_DEBOOTSTRAP_EXTRA_ARGS \ + $DIB_RELEASE \ + $TARGET_ROOT \ + $DIB_DISTRIBUTION_MIRROR \ + ${DIB_DEBIAN_DEBOOTSTRAP_SCRIPT:-}" + + echo "Customizing result for cloud use" + + sudo install -d -m 0755 -o root -g root ${TARGET_ROOT}/etc/sudoers.d + + cat << EOF | sudo tee ${TARGET_ROOT}/etc/fstab > /dev/null +proc /proc proc nodev,noexec,nosuid 0 0 +LABEL=${DIB_ROOT_LABEL} / ext4 errors=remount-ro 0 1 +EOF + sudo sh -c "echo 'blacklist pcspkr' > ${TARGET_ROOT}/etc/modprobe.d/blacklist.conf" + + # It would be eversogreat if we didn't need to do crap like this + sudo sh -c "echo 'ubuntu' > ${TARGET_ROOT}/etc/hostname" + + # cloud images expect eth0 and eth1 to use dhcp. + sudo mkdir -p ${TARGET_ROOT}/etc/network/interfaces.d + for interface in eth0 eth1; do + cat << EOF | sudo tee ${TARGET_ROOT}/etc/network/interfaces.d/$interface +auto $interface +iface $interface inet dhcp +EOF + done + + echo Caching debootstrap result in $DEBOOTSTRAP_TARBALL + sudo tar --numeric-owner -C $TARGET_ROOT -zcf $DEBOOTSTRAP_TARBALL --exclude='./tmp/*' . +fi + +sudo rm -f ${TARGET_ROOT}/.extra_settings