Add minimal ubuntu and centos base elements
There are times when a much more stripped down base image is desired over the distro cloud images. For instance, Infra would like some base images that do not have cloud-init or really much of anything else. This is easy to accomplish with debootstrap and rinse. Change-Id: I44ff22457165afb048fdaea469210ae47d83dd3f
This commit is contained in:
parent
98d008c6af
commit
af2862a2be
14 changed files with 394 additions and 0 deletions
8
elements/centos-minimal/README.md
Normal file
8
elements/centos-minimal/README.md
Normal file
|
@ -0,0 +1,8 @@
|
|||
Create a minimal image based on CentOS 7.
|
||||
|
||||
Use of this element will also require the tool 'rinse' to be
|
||||
available on your system. It should be available on Ubuntu and Debian.
|
||||
|
||||
The `DIB_OFFLINE` or more specific `DIB_CENTOS_USE_RINSE_CACHE`
|
||||
variables can be set to prefer the use of a pre-cached root filesystem
|
||||
tarball.
|
4
elements/centos-minimal/element-deps
Normal file
4
elements/centos-minimal/element-deps
Normal file
|
@ -0,0 +1,4 @@
|
|||
dib-run-parts
|
||||
redhat-common
|
||||
rpm-distro
|
||||
yum
|
1
elements/centos-minimal/element-provides
Normal file
1
elements/centos-minimal/element-provides
Normal file
|
@ -0,0 +1 @@
|
|||
operating-system
|
|
@ -0,0 +1 @@
|
|||
export DISTRO_NAME=centos7
|
119
elements/centos-minimal/packages/centos-7.packages
Normal file
119
elements/centos-minimal/packages/centos-7.packages
Normal file
|
@ -0,0 +1,119 @@
|
|||
#
|
||||
# packages which we will need to download for a minimal installation for
|
||||
# CentOS 7.x
|
||||
#
|
||||
|
||||
audit-libs
|
||||
basesystem
|
||||
bash
|
||||
binutils
|
||||
bzip2-libs
|
||||
chkconfig
|
||||
cracklib
|
||||
cracklib-dicts
|
||||
crontabs
|
||||
coreutils
|
||||
libdb
|
||||
device-mapper
|
||||
e2fsprogs
|
||||
e2fsprogs-libs
|
||||
elfutils-libelf
|
||||
ethtool
|
||||
expat
|
||||
file-libs
|
||||
filesystem
|
||||
findutils
|
||||
gawk
|
||||
gdbm
|
||||
glib2
|
||||
glibc
|
||||
glibc-common
|
||||
grep
|
||||
info
|
||||
initscripts
|
||||
iputils
|
||||
keyutils-libs
|
||||
krb5-libs
|
||||
libacl
|
||||
libattr
|
||||
libcap
|
||||
libcom_err
|
||||
libgcc
|
||||
libidn
|
||||
libselinux
|
||||
libsepol
|
||||
libstdc++
|
||||
libsysfs
|
||||
libgcrypt
|
||||
dbus-libs
|
||||
libcurl
|
||||
lua
|
||||
libutempter
|
||||
libxml2
|
||||
libxml2-python
|
||||
logrotate
|
||||
lsof
|
||||
man-pages
|
||||
m2crypto
|
||||
mcstrans
|
||||
mlocate
|
||||
ncurses
|
||||
ncurses-libs
|
||||
neon
|
||||
net-tools
|
||||
nss
|
||||
nss-sysinit
|
||||
nss-softokn
|
||||
nss-softokn-freebl
|
||||
openldap
|
||||
libssh2
|
||||
cyrus-sasl-lib
|
||||
nss-util
|
||||
nspr
|
||||
openssl-libs
|
||||
pam
|
||||
passwd
|
||||
libuser
|
||||
ustr
|
||||
pcre
|
||||
popt
|
||||
procps-ng
|
||||
psmisc
|
||||
pygpgme
|
||||
python
|
||||
python-libs
|
||||
python-pycurl
|
||||
python-iniparse
|
||||
python-urlgrabber
|
||||
readline
|
||||
rpm
|
||||
rpm-libs
|
||||
rpm-python
|
||||
sed
|
||||
setup
|
||||
shadow-utils
|
||||
sudo
|
||||
centos-release
|
||||
sqlite
|
||||
rsyslog
|
||||
tzdata
|
||||
util-linux
|
||||
xz
|
||||
xz-libs
|
||||
yum
|
||||
yum-plugin-fastestmirror
|
||||
yum-plugin-keys
|
||||
yum-plugin-protectbase
|
||||
yum-metadata-parser
|
||||
yum-utils
|
||||
zlib
|
||||
libffi
|
||||
libsemanage
|
||||
libblkid
|
||||
libmount
|
||||
device-mapper-libs
|
||||
libestr
|
||||
gmp
|
||||
json-c
|
||||
libss
|
||||
libuuid
|
7
elements/centos-minimal/pkg-map
Normal file
7
elements/centos-minimal/pkg-map
Normal file
|
@ -0,0 +1,7 @@
|
|||
{
|
||||
"family": {
|
||||
"redhat": {
|
||||
"lsb_release": "redhat-lsb",
|
||||
}
|
||||
}
|
||||
}
|
106
elements/centos-minimal/root.d/08-rinse
Executable file
106
elements/centos-minimal/root.d/08-rinse
Executable file
|
@ -0,0 +1,106 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# Copyright 2014 Hewlett-Packard Development Company, L.P.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
if [ -f ${TARGET_ROOT}/.extra_settings ] ; then
|
||||
. ${TARGET_ROOT}/.extra_settings
|
||||
fi
|
||||
# Override global DISTRO_NAME, because centos7 does not work for rinse
|
||||
DISTRO_NAME=centos
|
||||
DIB_RELEASE=${DIB_RELEASE:-7}
|
||||
DIB_RINSE_EXTRA_ARGS=${DIB_RINSE_EXTRA_ARGS:-}
|
||||
RINSE_TARBALL=$DIB_IMAGE_CACHE/rinse-${DISTRO_NAME}-${DIB_RELEASE}-${ARCH}.tar.gz
|
||||
DIB_DISTRIBUTION_MIRROR=${DIB_DISTRIBUTION_MIRROR:-http://mirror.centos.org/centos/7/os/x86_64/Packages/}
|
||||
http_proxy=${http_proxy:-}
|
||||
|
||||
set -x
|
||||
if [ -n "$DIB_OFFLINE" -o -n "${DIB_CENTOS_USE_RINSE_CACHE:-}" ] && [ -f $RINSE_TARBALL ] ; then
|
||||
echo $RINSE_TARBALL found in cache. Using.
|
||||
sudo tar -C $TARGET_ROOT --numeric-owner -xzf $RINSE_TARBALL
|
||||
else
|
||||
|
||||
sudo sh -c "http_proxy=$http_proxy rinse \
|
||||
--mirror $DIB_DISTRIBUTION_MIRROR \
|
||||
--pkgs-dir $TMP_HOOKS_PATH/packages \
|
||||
--arch $ARCH \
|
||||
--distribution $DISTRO_NAME-$DIB_RELEASE \
|
||||
--directory $TARGET_ROOT \
|
||||
$DIB_RINSE_EXTRA_ARGS"
|
||||
|
||||
echo "Customizing result for cloud use"
|
||||
(
|
||||
cd $TARGET_ROOT
|
||||
# effectively: febootstrap-minimize --keep-zoneinfo --keep-rpmdb --keep-services "$target"
|
||||
# locales
|
||||
sudo rm -rf usr/{{lib,share}/locale,{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive}
|
||||
# docs
|
||||
sudo rm -rf usr/share/{man,doc,info,gnome/help}
|
||||
# cracklib
|
||||
sudo rm -rf usr/share/cracklib
|
||||
# i18n
|
||||
sudo rm -rf usr/share/i18n
|
||||
# yum cache
|
||||
sudo rm -rf var/cache/yum
|
||||
sudo mkdir -p --mode=0755 var/cache/yum
|
||||
# sln
|
||||
sudo rm -rf sbin/sln
|
||||
# ldconfig
|
||||
sudo rm -rf etc/ld.so.cache var/cache/ldconfig
|
||||
sudo mkdir -p --mode=0755 var/cache/ldconfig
|
||||
|
||||
# allow networking init scripts inside the container to work without extra steps
|
||||
cat << EOF | sudo tee etc/sysconfig/network > /dev/null
|
||||
NETWORKING=yes
|
||||
NETWORKING_IPV6=yes
|
||||
NOZEROCONF=yes
|
||||
EOF
|
||||
|
||||
for interface in eth0 eth1; do
|
||||
cat << EOF | sudo tee etc/sysconfig/network-scripts/ifcfg-$interface > /dev/null
|
||||
DEVICE=eth0
|
||||
BOOTPROTO=dhcp
|
||||
ONBOOT=on
|
||||
EOF
|
||||
done
|
||||
)
|
||||
|
||||
sudo rm -f $TARGET_ROOT/*rpm
|
||||
sudo umount $TARGET_ROOT/proc
|
||||
sudo umount $TARGET_ROOT/sys
|
||||
cat << EOF | sudo tee ${TARGET_ROOT}/etc/fstab > /dev/null
|
||||
proc /proc proc nodev,noexec,nosuid 0 0
|
||||
LABEL=${DIB_ROOT_LABEL} / ext4 errors=remount-ro 0 1
|
||||
EOF
|
||||
|
||||
# The filesystem package as shipped is broken. For reasons I don't fully
|
||||
# understand, rinse installs files into proper dirs, but subsequent RPM
|
||||
# operations expect these locations to be symlinks. If this next block
|
||||
# is not executed, yum installs or updates will fail with a cryptic cpio
|
||||
# failure. Moving the files in /sbin and /lib64 to /usr/sbin and /usr/lib64
|
||||
# and then making symlinks makes rpm happy.
|
||||
for broken in lib64 sbin ; do
|
||||
sudo cp -a $TARGET_ROOT/$broken/* $TARGET_ROOT/usr/$broken
|
||||
sudo rm -rf $TARGET_ROOT/$broken
|
||||
sudo ln -s usr/$broken $TARGET_ROOT/$broken
|
||||
done
|
||||
|
||||
echo Caching rinse result in $RINSE_TARBALL
|
||||
sudo tar --numeric-owner -C $TARGET_ROOT -zcf $RINSE_TARBALL --exclude='./tmp/*' .
|
||||
fi
|
||||
|
||||
sudo rm -f ${TARGET_ROOT}/.extra_settings
|
20
elements/ubuntu-minimal/README.md
Normal file
20
elements/ubuntu-minimal/README.md
Normal file
|
@ -0,0 +1,20 @@
|
|||
Create a minimal image based on Ubuntu. We default to trusty but DIB_RELEASE
|
||||
is mapped to any series of Ubuntu.
|
||||
|
||||
If necessary, a custom apt keyring and debootstrap script can be
|
||||
supplied to the `debootstrap` command via `DIB_DEBIAN_KEYRING` and
|
||||
`DIB_DEBIAN_DEBOOTSTRAP_SCRIPT` respectively. Both options require the
|
||||
use of absolute rather than relative paths.
|
||||
|
||||
Use of this element will also require the tool 'debootstrap' to be
|
||||
available on your system. It should be available on Ubuntu, Debian,
|
||||
and Fedora.
|
||||
|
||||
The `DIB_OFFLINE` or more specific `DIB_DEBIAN_USE_DEBOOTSTRAP_CACHE`
|
||||
variables can be set to prefer the use of a pre-cached root filesystem
|
||||
tarball.
|
||||
|
||||
The `DIB_DEBOOTSTRAP_EXTRA_ARGS` environment variable may be used to
|
||||
pass extra arguments to the debootstrap command used to create the
|
||||
base filesystem image. If --keyring is is used in `DIB_DEBOOTSTRAP_EXTRA_ARGS`,
|
||||
it will override `DIB_DEBIAN_KEYRING` if that is used as well.
|
2
elements/ubuntu-minimal/element-deps
Normal file
2
elements/ubuntu-minimal/element-deps
Normal file
|
@ -0,0 +1,2 @@
|
|||
dib-run-parts
|
||||
dpkg
|
1
elements/ubuntu-minimal/element-provides
Normal file
1
elements/ubuntu-minimal/element-provides
Normal file
|
@ -0,0 +1 @@
|
|||
operating-system
|
|
@ -0,0 +1,2 @@
|
|||
export DISTRO_NAME=ubuntu
|
||||
export DIB_RELEASE=${DIB_RELEASE:-trusty}
|
6
elements/ubuntu-minimal/package-installs.yaml
Normal file
6
elements/ubuntu-minimal/package-installs.yaml
Normal file
|
@ -0,0 +1,6 @@
|
|||
adduser:
|
||||
locales:
|
||||
ca-certificates:
|
||||
cloud-initramfs-growroot:
|
||||
lsb-release:
|
||||
phase: pre-install.d
|
35
elements/ubuntu-minimal/pre-install.d/05-apt-update
Executable file
35
elements/ubuntu-minimal/pre-install.d/05-apt-update
Executable file
|
@ -0,0 +1,35 @@
|
|||
#!/bin/bash
|
||||
# Copyright (c) 2014 Hewlett-Packard Development Company, L.P.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
# implied.
|
||||
#
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
||||
DIB_DISTRIBUTION_MIRROR=${DIB_DISTRIBUTION_MIRROR:-http://archive.ubuntu.com/ubuntu}
|
||||
|
||||
# We should manage this in a betterer way
|
||||
cat << EOF >/etc/apt/sources.list
|
||||
deb $DIB_DISTRIBUTON_MIRROR $DIB_RELEASE main restricted universe
|
||||
deb $DIB_DISTRIBUTON_MIRROR $DIB_RELEASE-updates main restricted universe
|
||||
deb $DIB_DISTRIBUTON_MIRROR $DIB_RELEASE-backports main restricted universe
|
||||
deb $DIB_DISTRIBUTON_MIRROR $DIB_RELEASE-security main restricted universe
|
||||
EOF
|
||||
|
||||
# Need to update to retrieve the signed Release file
|
||||
apt-get update
|
||||
|
||||
apt-get clean
|
||||
apt-get dist-upgrade -y
|
82
elements/ubuntu-minimal/root.d/08-debootstrap-ubuntu
Executable file
82
elements/ubuntu-minimal/root.d/08-debootstrap-ubuntu
Executable file
|
@ -0,0 +1,82 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# Copyright 2014 Hewlett-Packard Development Company, L.P.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
set -eu
|
||||
set -o pipefail
|
||||
if [ -f ${TARGET_ROOT}/.extra_settings ] ; then
|
||||
. ${TARGET_ROOT}/.extra_settings
|
||||
fi
|
||||
|
||||
[ -n "$DISTRO_NAME" ]
|
||||
[ -n "$DIB_RELEASE" ]
|
||||
|
||||
DIB_DEBOOTSTRAP_EXTRA_ARGS=${DIB_DEBOOTSTRAP_EXTRA_ARGS:-}
|
||||
DEBOOTSTRAP_TARBALL=$DIB_IMAGE_CACHE/debootstrap-${DISTRO_NAME}-${DIB_RELEASE}-${ARCH}.tar.gz
|
||||
DIB_DISTRIBUTION_MIRROR=${DIB_DISTRIBUTION_MIRROR:-http://archive.ubuntu.com/ubuntu}
|
||||
http_proxy=${http_proxy:-}
|
||||
|
||||
set -x
|
||||
if [ -n "$DIB_OFFLINE" -o -n "${DIB_DEBIAN_USE_DEBOOTSTRAP_CACHE:-}" ] && [ -f $DEBOOTSTRAP_TARBALL ] ; then
|
||||
echo $DEBOOTSTRAP_TARBALL found in cache. Using.
|
||||
sudo tar -C $TARGET_ROOT --numeric-owner -xzf $DEBOOTSTRAP_TARBALL
|
||||
else
|
||||
|
||||
KEYRING_OPT=
|
||||
if [ -n "${DIB_DEBIAN_KEYRING:-}" ] ; then
|
||||
KEYRING_OPT="--keyring=${DIB_DEBIAN_KEYRING}"
|
||||
fi
|
||||
|
||||
# Have to --include=python because of dib-run-parts
|
||||
# Have to --include=sudo for pre-install.d use of sudoers files
|
||||
sudo sh -c "http_proxy=$http_proxy debootstrap --verbose \
|
||||
--variant=minbase \
|
||||
--include=python,sudo \
|
||||
--components=main,restricted,universe \
|
||||
--arch=${ARCH} \
|
||||
$KEYRING_OPT \
|
||||
$DIB_DEBOOTSTRAP_EXTRA_ARGS \
|
||||
$DIB_RELEASE \
|
||||
$TARGET_ROOT \
|
||||
$DIB_DISTRIBUTION_MIRROR \
|
||||
${DIB_DEBIAN_DEBOOTSTRAP_SCRIPT:-}"
|
||||
|
||||
echo "Customizing result for cloud use"
|
||||
|
||||
sudo install -d -m 0755 -o root -g root ${TARGET_ROOT}/etc/sudoers.d
|
||||
|
||||
cat << EOF | sudo tee ${TARGET_ROOT}/etc/fstab > /dev/null
|
||||
proc /proc proc nodev,noexec,nosuid 0 0
|
||||
LABEL=${DIB_ROOT_LABEL} / ext4 errors=remount-ro 0 1
|
||||
EOF
|
||||
sudo sh -c "echo 'blacklist pcspkr' > ${TARGET_ROOT}/etc/modprobe.d/blacklist.conf"
|
||||
|
||||
# It would be eversogreat if we didn't need to do crap like this
|
||||
sudo sh -c "echo 'ubuntu' > ${TARGET_ROOT}/etc/hostname"
|
||||
|
||||
# cloud images expect eth0 and eth1 to use dhcp.
|
||||
sudo mkdir -p ${TARGET_ROOT}/etc/network/interfaces.d
|
||||
for interface in eth0 eth1; do
|
||||
cat << EOF | sudo tee ${TARGET_ROOT}/etc/network/interfaces.d/$interface
|
||||
auto $interface
|
||||
iface $interface inet dhcp
|
||||
EOF
|
||||
done
|
||||
|
||||
echo Caching debootstrap result in $DEBOOTSTRAP_TARBALL
|
||||
sudo tar --numeric-owner -C $TARGET_ROOT -zcf $DEBOOTSTRAP_TARBALL --exclude='./tmp/*' .
|
||||
fi
|
||||
|
||||
sudo rm -f ${TARGET_ROOT}/.extra_settings
|
Loading…
Reference in a new issue