Add minimal ubuntu and centos base elements

There are times when a much more stripped down base image is desired over the distro cloud images. For instance, Infra would like some base images that do not have cloud-init or really much of anything else. This is easy to accomplish with debootstrap and rinse. Change-Id: I44ff22457165afb048fdaea469210ae47d83dd3f
2014-11-22 18:46:33 -05:00 · 2014-11-22 18:46:33 -05:00 · af2862a2be
commit af2862a2be
parent 98d008c6af
14 changed files with 394 additions and 0 deletions
--- a/elements/centos-minimal/README.md
+++ b/elements/centos-minimal/README.md
@ -0,0 +1,8 @@
 Create a minimal image based on CentOS 7.
 Use of this element will also require the tool 'rinse' to be
 available on your system. It should be available on Ubuntu and Debian.
 The `DIB_OFFLINE` or more specific `DIB_CENTOS_USE_RINSE_CACHE`
 variables can be set to prefer the use of a pre-cached root filesystem
 tarball.
--- a/elements/centos-minimal/element-deps
+++ b/elements/centos-minimal/element-deps
@ -0,0 +1,4 @@
 dib-run-parts
 redhat-common
 rpm-distro
 yum
--- a/elements/centos-minimal/element-provides
+++ b/elements/centos-minimal/element-provides
@ -0,0 +1 @@
 operating-system
--- a/elements/centos-minimal/environment.d/10-centos-distro-name.bash
+++ b/elements/centos-minimal/environment.d/10-centos-distro-name.bash
@ -0,0 +1 @@
 export DISTRO_NAME=centos7
--- a/elements/centos-minimal/packages/centos-7.packages
+++ b/elements/centos-minimal/packages/centos-7.packages
@ -0,0 +1,119 @@
 #
 #  packages which we will need to download for a minimal installation for
 #  CentOS 7.x
 #
 audit-libs
 basesystem
 bash
 binutils
 bzip2-libs
 chkconfig
 cracklib
 cracklib-dicts
 crontabs
 coreutils
 libdb
 device-mapper
 e2fsprogs
 e2fsprogs-libs
 elfutils-libelf
 ethtool
 expat
 file-libs
 filesystem
 findutils
 gawk
 gdbm
 glib2
 glibc
 glibc-common
 grep
 info
 initscripts
 iputils
 keyutils-libs
 krb5-libs
 libacl
 libattr
 libcap
 libcom_err
 libgcc
 libidn
 libselinux
 libsepol
 libstdc++
 libsysfs
 libgcrypt
 dbus-libs
 libcurl
 lua
 libutempter
 libxml2
 libxml2-python
 logrotate
 lsof
 man-pages
 m2crypto
 mcstrans
 mlocate
 ncurses
 ncurses-libs
 neon
 net-tools
 nss
 nss-sysinit
 nss-softokn
 nss-softokn-freebl
 openldap
 libssh2
 cyrus-sasl-lib
 nss-util
 nspr
 openssl-libs
 pam
 passwd
 libuser
 ustr
 pcre
 popt
 procps-ng
 psmisc
 pygpgme
 python
 python-libs
 python-pycurl
 python-iniparse
 python-urlgrabber
 readline
 rpm
 rpm-libs
 rpm-python
 sed
 setup
 shadow-utils
 sudo
 centos-release
 sqlite
 rsyslog
 tzdata
 util-linux
 xz
 xz-libs
 yum
 yum-plugin-fastestmirror
 yum-plugin-keys
 yum-plugin-protectbase
 yum-metadata-parser
 yum-utils
 zlib
 libffi
 libsemanage
 libblkid
 libmount
 device-mapper-libs
 libestr
 gmp
 json-c
 libss
 libuuid
--- a/elements/centos-minimal/pkg-map
+++ b/elements/centos-minimal/pkg-map
@ -0,0 +1,7 @@
 {
  "family": {
    "redhat": {
      "lsb_release": "redhat-lsb",
    }
  }
 }
--- a/elements/centos-minimal/root.d/08-rinse
+++ b/elements/centos-minimal/root.d/08-rinse
@ -0,0 +1,106 @@
 #!/bin/bash
 #
 # Copyright 2014 Hewlett-Packard Development Company, L.P.
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
 # not use this file except in compliance with the License. You may obtain
 # a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.
 #
 set -eu
 set -o pipefail
 if [ -f ${TARGET_ROOT}/.extra_settings ] ; then
    . ${TARGET_ROOT}/.extra_settings
 fi
 # Override global DISTRO_NAME, because centos7 does not work for rinse
 DISTRO_NAME=centos
 DIB_RELEASE=${DIB_RELEASE:-7}
 DIB_RINSE_EXTRA_ARGS=${DIB_RINSE_EXTRA_ARGS:-}
 RINSE_TARBALL=$DIB_IMAGE_CACHE/rinse-${DISTRO_NAME}-${DIB_RELEASE}-${ARCH}.tar.gz
 DIB_DISTRIBUTION_MIRROR=${DIB_DISTRIBUTION_MIRROR:-http://mirror.centos.org/centos/7/os/x86_64/Packages/}
 http_proxy=${http_proxy:-}
 set -x
 if [ -n "$DIB_OFFLINE" -o -n "${DIB_CENTOS_USE_RINSE_CACHE:-}" ] && [ -f $RINSE_TARBALL ] ; then
    echo $RINSE_TARBALL found in cache. Using.
    sudo tar -C $TARGET_ROOT --numeric-owner -xzf $RINSE_TARBALL
 else
    sudo sh -c "http_proxy=$http_proxy rinse \
        --mirror $DIB_DISTRIBUTION_MIRROR \
        --pkgs-dir $TMP_HOOKS_PATH/packages \
        --arch $ARCH \
        --distribution $DISTRO_NAME-$DIB_RELEASE \
        --directory $TARGET_ROOT \
        $DIB_RINSE_EXTRA_ARGS"
    echo "Customizing result for cloud use"
    (
        cd $TARGET_ROOT
        # effectively: febootstrap-minimize --keep-zoneinfo --keep-rpmdb --keep-services "$target"
        # locales
        sudo rm -rf usr/{{lib,share}/locale,{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive}
        # docs
        sudo rm -rf usr/share/{man,doc,info,gnome/help}
        # cracklib
        sudo rm -rf usr/share/cracklib
        # i18n
        sudo rm -rf usr/share/i18n
        # yum cache
        sudo rm -rf var/cache/yum
        sudo mkdir -p --mode=0755 var/cache/yum
        # sln
        sudo rm -rf sbin/sln
        # ldconfig
        sudo rm -rf etc/ld.so.cache var/cache/ldconfig
        sudo mkdir -p --mode=0755 var/cache/ldconfig
        # allow networking init scripts inside the container to work without extra steps
        cat << EOF | sudo tee etc/sysconfig/network > /dev/null
 NETWORKING=yes
 NETWORKING_IPV6=yes
 NOZEROCONF=yes
 EOF
        for interface in eth0 eth1; do
        cat << EOF | sudo tee etc/sysconfig/network-scripts/ifcfg-$interface > /dev/null
 DEVICE=eth0
 BOOTPROTO=dhcp
 ONBOOT=on
 EOF
        done
    )
    sudo rm -f $TARGET_ROOT/*rpm
    sudo umount $TARGET_ROOT/proc
    sudo umount $TARGET_ROOT/sys
    cat << EOF | sudo tee ${TARGET_ROOT}/etc/fstab > /dev/null
 proc /proc proc nodev,noexec,nosuid 0 0
 LABEL=${DIB_ROOT_LABEL} / ext4 errors=remount-ro 0 1
 EOF
    # The filesystem package as shipped is broken. For reasons I don't fully
    # understand, rinse installs files into proper dirs, but subsequent RPM
    # operations expect these locations to be symlinks. If this next block
    # is not executed, yum installs or updates will fail with a cryptic cpio
    # failure. Moving the files in /sbin and /lib64 to /usr/sbin and /usr/lib64
    # and then making symlinks makes rpm happy.
    for broken in lib64 sbin ; do
        sudo cp -a $TARGET_ROOT/$broken/* $TARGET_ROOT/usr/$broken
        sudo rm -rf $TARGET_ROOT/$broken
        sudo ln -s usr/$broken $TARGET_ROOT/$broken
    done
    echo Caching rinse result in $RINSE_TARBALL
    sudo tar --numeric-owner -C $TARGET_ROOT -zcf $RINSE_TARBALL --exclude='./tmp/*' .
 fi
 sudo rm -f ${TARGET_ROOT}/.extra_settings
--- a/elements/ubuntu-minimal/README.md
+++ b/elements/ubuntu-minimal/README.md
@ -0,0 +1,20 @@
 Create a minimal image based on Ubuntu. We default to trusty but DIB_RELEASE
 is mapped to any series of Ubuntu.
 If necessary, a custom apt keyring and debootstrap script can be
 supplied to the `debootstrap` command via `DIB_DEBIAN_KEYRING` and
 `DIB_DEBIAN_DEBOOTSTRAP_SCRIPT` respectively. Both options require the
 use of absolute rather than relative paths.
 Use of this element will also require the tool 'debootstrap' to be
 available on your system. It should be available on Ubuntu, Debian,
 and Fedora.
 The `DIB_OFFLINE` or more specific `DIB_DEBIAN_USE_DEBOOTSTRAP_CACHE`
 variables can be set to prefer the use of a pre-cached root filesystem
 tarball.
 The `DIB_DEBOOTSTRAP_EXTRA_ARGS` environment variable may be used to
 pass extra arguments to the debootstrap command used to create the
 base filesystem image. If --keyring is is used in `DIB_DEBOOTSTRAP_EXTRA_ARGS`,
 it will override `DIB_DEBIAN_KEYRING` if that is used as well.
--- a/elements/ubuntu-minimal/element-deps
+++ b/elements/ubuntu-minimal/element-deps
@ -0,0 +1,2 @@
 dib-run-parts
 dpkg
--- a/elements/ubuntu-minimal/element-provides
+++ b/elements/ubuntu-minimal/element-provides
@ -0,0 +1 @@
 operating-system
--- a/elements/ubuntu-minimal/environment.d/10-ubuntu-distro-name.bash
+++ b/elements/ubuntu-minimal/environment.d/10-ubuntu-distro-name.bash
@ -0,0 +1,2 @@
 export DISTRO_NAME=ubuntu
 export DIB_RELEASE=${DIB_RELEASE:-trusty}
--- a/elements/ubuntu-minimal/package-installs.yaml
+++ b/elements/ubuntu-minimal/package-installs.yaml
@ -0,0 +1,6 @@
 adduser:
 locales:
 ca-certificates:
 cloud-initramfs-growroot:
 lsb-release:
  phase: pre-install.d
--- a/elements/ubuntu-minimal/pre-install.d/05-apt-update
+++ b/elements/ubuntu-minimal/pre-install.d/05-apt-update
@ -0,0 +1,35 @@
 #!/bin/bash
 # Copyright (c) 2014 Hewlett-Packard Development Company, L.P.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #    http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
 # implied.
 #
 # See the License for the specific language governing permissions and
 # limitations under the License.
 set -eu
 set -o pipefail
 DIB_DISTRIBUTION_MIRROR=${DIB_DISTRIBUTION_MIRROR:-http://archive.ubuntu.com/ubuntu}
 # We should manage this in a betterer way
 cat << EOF >/etc/apt/sources.list
 deb $DIB_DISTRIBUTON_MIRROR $DIB_RELEASE main restricted universe
 deb $DIB_DISTRIBUTON_MIRROR $DIB_RELEASE-updates main restricted universe
 deb $DIB_DISTRIBUTON_MIRROR $DIB_RELEASE-backports main restricted universe
 deb $DIB_DISTRIBUTON_MIRROR $DIB_RELEASE-security main restricted universe
 EOF
 # Need to update to retrieve the signed Release file
 apt-get update
 apt-get clean
 apt-get dist-upgrade -y
--- a/elements/ubuntu-minimal/root.d/08-debootstrap-ubuntu
+++ b/elements/ubuntu-minimal/root.d/08-debootstrap-ubuntu
@ -0,0 +1,82 @@
 #!/bin/bash
 #
 # Copyright 2014 Hewlett-Packard Development Company, L.P.
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
 # not use this file except in compliance with the License. You may obtain
 # a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 # License for the specific language governing permissions and limitations
 # under the License.
 #
 set -eu
 set -o pipefail
 if [ -f ${TARGET_ROOT}/.extra_settings ] ; then
    . ${TARGET_ROOT}/.extra_settings
 fi
 [ -n "$DISTRO_NAME" ]
 [ -n "$DIB_RELEASE" ]
 DIB_DEBOOTSTRAP_EXTRA_ARGS=${DIB_DEBOOTSTRAP_EXTRA_ARGS:-}
 DEBOOTSTRAP_TARBALL=$DIB_IMAGE_CACHE/debootstrap-${DISTRO_NAME}-${DIB_RELEASE}-${ARCH}.tar.gz
 DIB_DISTRIBUTION_MIRROR=${DIB_DISTRIBUTION_MIRROR:-http://archive.ubuntu.com/ubuntu}
 http_proxy=${http_proxy:-}
 set -x
 if [ -n "$DIB_OFFLINE" -o -n "${DIB_DEBIAN_USE_DEBOOTSTRAP_CACHE:-}" ] && [ -f $DEBOOTSTRAP_TARBALL ] ; then
    echo $DEBOOTSTRAP_TARBALL found in cache. Using.
    sudo tar -C $TARGET_ROOT --numeric-owner -xzf $DEBOOTSTRAP_TARBALL
 else
    KEYRING_OPT=
    if [ -n "${DIB_DEBIAN_KEYRING:-}" ] ; then
        KEYRING_OPT="--keyring=${DIB_DEBIAN_KEYRING}"
    fi
    # Have to --include=python because of dib-run-parts
    # Have to --include=sudo for pre-install.d use of sudoers files
    sudo sh -c "http_proxy=$http_proxy debootstrap --verbose \
        --variant=minbase \
        --include=python,sudo \
        --components=main,restricted,universe \
        --arch=${ARCH} \
        $KEYRING_OPT \
        $DIB_DEBOOTSTRAP_EXTRA_ARGS \
        $DIB_RELEASE \
        $TARGET_ROOT \
        $DIB_DISTRIBUTION_MIRROR \
        ${DIB_DEBIAN_DEBOOTSTRAP_SCRIPT:-}"
    echo "Customizing result for cloud use"
    sudo install -d -m 0755 -o root -g root ${TARGET_ROOT}/etc/sudoers.d
    cat << EOF | sudo tee ${TARGET_ROOT}/etc/fstab > /dev/null
 proc /proc proc nodev,noexec,nosuid 0 0
 LABEL=${DIB_ROOT_LABEL} / ext4 errors=remount-ro 0 1
 EOF
    sudo sh -c "echo 'blacklist pcspkr' > ${TARGET_ROOT}/etc/modprobe.d/blacklist.conf"
    # It would be eversogreat if we didn't need to do crap like this
    sudo sh -c "echo 'ubuntu' > ${TARGET_ROOT}/etc/hostname"
    # cloud images expect eth0 and eth1 to use dhcp.
    sudo mkdir -p ${TARGET_ROOT}/etc/network/interfaces.d
    for interface in eth0 eth1; do
        cat << EOF | sudo tee ${TARGET_ROOT}/etc/network/interfaces.d/$interface
 auto $interface
 iface $interface inet dhcp
 EOF
    done
    echo Caching debootstrap result in $DEBOOTSTRAP_TARBALL
    sudo tar --numeric-owner -C $TARGET_ROOT -zcf $DEBOOTSTRAP_TARBALL --exclude='./tmp/*' .
 fi
 sudo rm -f ${TARGET_ROOT}/.extra_settings
		`@ -0,0 +1,2 @@`
							`export DISTRO_NAME=ubuntu`
							`export DIB_RELEASE=${DIB_RELEASE:-trusty}`