Add minimal ubuntu and centos base elements

There are times when a much more stripped down base image is desired
over the distro cloud images. For instance, Infra would like some base
images that do not have cloud-init or really much of anything else. This
is easy to accomplish with debootstrap and rinse.

Change-Id: I44ff22457165afb048fdaea469210ae47d83dd3f
This commit is contained in:
Monty Taylor 2014-11-22 18:46:33 -05:00
parent 98d008c6af
commit af2862a2be
14 changed files with 394 additions and 0 deletions

View File

@ -0,0 +1,8 @@
Create a minimal image based on CentOS 7.
Use of this element will also require the tool 'rinse' to be
available on your system. It should be available on Ubuntu and Debian.
The `DIB_OFFLINE` or more specific `DIB_CENTOS_USE_RINSE_CACHE`
variables can be set to prefer the use of a pre-cached root filesystem
tarball.

View File

@ -0,0 +1,4 @@
dib-run-parts
redhat-common
rpm-distro
yum

View File

@ -0,0 +1 @@
operating-system

View File

@ -0,0 +1 @@
export DISTRO_NAME=centos7

View File

@ -0,0 +1,119 @@
#
# packages which we will need to download for a minimal installation for
# CentOS 7.x
#
audit-libs
basesystem
bash
binutils
bzip2-libs
chkconfig
cracklib
cracklib-dicts
crontabs
coreutils
libdb
device-mapper
e2fsprogs
e2fsprogs-libs
elfutils-libelf
ethtool
expat
file-libs
filesystem
findutils
gawk
gdbm
glib2
glibc
glibc-common
grep
info
initscripts
iputils
keyutils-libs
krb5-libs
libacl
libattr
libcap
libcom_err
libgcc
libidn
libselinux
libsepol
libstdc++
libsysfs
libgcrypt
dbus-libs
libcurl
lua
libutempter
libxml2
libxml2-python
logrotate
lsof
man-pages
m2crypto
mcstrans
mlocate
ncurses
ncurses-libs
neon
net-tools
nss
nss-sysinit
nss-softokn
nss-softokn-freebl
openldap
libssh2
cyrus-sasl-lib
nss-util
nspr
openssl-libs
pam
passwd
libuser
ustr
pcre
popt
procps-ng
psmisc
pygpgme
python
python-libs
python-pycurl
python-iniparse
python-urlgrabber
readline
rpm
rpm-libs
rpm-python
sed
setup
shadow-utils
sudo
centos-release
sqlite
rsyslog
tzdata
util-linux
xz
xz-libs
yum
yum-plugin-fastestmirror
yum-plugin-keys
yum-plugin-protectbase
yum-metadata-parser
yum-utils
zlib
libffi
libsemanage
libblkid
libmount
device-mapper-libs
libestr
gmp
json-c
libss
libuuid

View File

@ -0,0 +1,7 @@
{
"family": {
"redhat": {
"lsb_release": "redhat-lsb",
}
}
}

View File

@ -0,0 +1,106 @@
#!/bin/bash
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
set -eu
set -o pipefail
if [ -f ${TARGET_ROOT}/.extra_settings ] ; then
. ${TARGET_ROOT}/.extra_settings
fi
# Override global DISTRO_NAME, because centos7 does not work for rinse
DISTRO_NAME=centos
DIB_RELEASE=${DIB_RELEASE:-7}
DIB_RINSE_EXTRA_ARGS=${DIB_RINSE_EXTRA_ARGS:-}
RINSE_TARBALL=$DIB_IMAGE_CACHE/rinse-${DISTRO_NAME}-${DIB_RELEASE}-${ARCH}.tar.gz
DIB_DISTRIBUTION_MIRROR=${DIB_DISTRIBUTION_MIRROR:-http://mirror.centos.org/centos/7/os/x86_64/Packages/}
http_proxy=${http_proxy:-}
set -x
if [ -n "$DIB_OFFLINE" -o -n "${DIB_CENTOS_USE_RINSE_CACHE:-}" ] && [ -f $RINSE_TARBALL ] ; then
echo $RINSE_TARBALL found in cache. Using.
sudo tar -C $TARGET_ROOT --numeric-owner -xzf $RINSE_TARBALL
else
sudo sh -c "http_proxy=$http_proxy rinse \
--mirror $DIB_DISTRIBUTION_MIRROR \
--pkgs-dir $TMP_HOOKS_PATH/packages \
--arch $ARCH \
--distribution $DISTRO_NAME-$DIB_RELEASE \
--directory $TARGET_ROOT \
$DIB_RINSE_EXTRA_ARGS"
echo "Customizing result for cloud use"
(
cd $TARGET_ROOT
# effectively: febootstrap-minimize --keep-zoneinfo --keep-rpmdb --keep-services "$target"
# locales
sudo rm -rf usr/{{lib,share}/locale,{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive}
# docs
sudo rm -rf usr/share/{man,doc,info,gnome/help}
# cracklib
sudo rm -rf usr/share/cracklib
# i18n
sudo rm -rf usr/share/i18n
# yum cache
sudo rm -rf var/cache/yum
sudo mkdir -p --mode=0755 var/cache/yum
# sln
sudo rm -rf sbin/sln
# ldconfig
sudo rm -rf etc/ld.so.cache var/cache/ldconfig
sudo mkdir -p --mode=0755 var/cache/ldconfig
# allow networking init scripts inside the container to work without extra steps
cat << EOF | sudo tee etc/sysconfig/network > /dev/null
NETWORKING=yes
NETWORKING_IPV6=yes
NOZEROCONF=yes
EOF
for interface in eth0 eth1; do
cat << EOF | sudo tee etc/sysconfig/network-scripts/ifcfg-$interface > /dev/null
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=on
EOF
done
)
sudo rm -f $TARGET_ROOT/*rpm
sudo umount $TARGET_ROOT/proc
sudo umount $TARGET_ROOT/sys
cat << EOF | sudo tee ${TARGET_ROOT}/etc/fstab > /dev/null
proc /proc proc nodev,noexec,nosuid 0 0
LABEL=${DIB_ROOT_LABEL} / ext4 errors=remount-ro 0 1
EOF
# The filesystem package as shipped is broken. For reasons I don't fully
# understand, rinse installs files into proper dirs, but subsequent RPM
# operations expect these locations to be symlinks. If this next block
# is not executed, yum installs or updates will fail with a cryptic cpio
# failure. Moving the files in /sbin and /lib64 to /usr/sbin and /usr/lib64
# and then making symlinks makes rpm happy.
for broken in lib64 sbin ; do
sudo cp -a $TARGET_ROOT/$broken/* $TARGET_ROOT/usr/$broken
sudo rm -rf $TARGET_ROOT/$broken
sudo ln -s usr/$broken $TARGET_ROOT/$broken
done
echo Caching rinse result in $RINSE_TARBALL
sudo tar --numeric-owner -C $TARGET_ROOT -zcf $RINSE_TARBALL --exclude='./tmp/*' .
fi
sudo rm -f ${TARGET_ROOT}/.extra_settings

View File

@ -0,0 +1,20 @@
Create a minimal image based on Ubuntu. We default to trusty but DIB_RELEASE
is mapped to any series of Ubuntu.
If necessary, a custom apt keyring and debootstrap script can be
supplied to the `debootstrap` command via `DIB_DEBIAN_KEYRING` and
`DIB_DEBIAN_DEBOOTSTRAP_SCRIPT` respectively. Both options require the
use of absolute rather than relative paths.
Use of this element will also require the tool 'debootstrap' to be
available on your system. It should be available on Ubuntu, Debian,
and Fedora.
The `DIB_OFFLINE` or more specific `DIB_DEBIAN_USE_DEBOOTSTRAP_CACHE`
variables can be set to prefer the use of a pre-cached root filesystem
tarball.
The `DIB_DEBOOTSTRAP_EXTRA_ARGS` environment variable may be used to
pass extra arguments to the debootstrap command used to create the
base filesystem image. If --keyring is is used in `DIB_DEBOOTSTRAP_EXTRA_ARGS`,
it will override `DIB_DEBIAN_KEYRING` if that is used as well.

View File

@ -0,0 +1,2 @@
dib-run-parts
dpkg

View File

@ -0,0 +1 @@
operating-system

View File

@ -0,0 +1,2 @@
export DISTRO_NAME=ubuntu
export DIB_RELEASE=${DIB_RELEASE:-trusty}

View File

@ -0,0 +1,6 @@
adduser:
locales:
ca-certificates:
cloud-initramfs-growroot:
lsb-release:
phase: pre-install.d

View File

@ -0,0 +1,35 @@
#!/bin/bash
# Copyright (c) 2014 Hewlett-Packard Development Company, L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
#
# See the License for the specific language governing permissions and
# limitations under the License.
set -eu
set -o pipefail
DIB_DISTRIBUTION_MIRROR=${DIB_DISTRIBUTION_MIRROR:-http://archive.ubuntu.com/ubuntu}
# We should manage this in a betterer way
cat << EOF >/etc/apt/sources.list
deb $DIB_DISTRIBUTON_MIRROR $DIB_RELEASE main restricted universe
deb $DIB_DISTRIBUTON_MIRROR $DIB_RELEASE-updates main restricted universe
deb $DIB_DISTRIBUTON_MIRROR $DIB_RELEASE-backports main restricted universe
deb $DIB_DISTRIBUTON_MIRROR $DIB_RELEASE-security main restricted universe
EOF
# Need to update to retrieve the signed Release file
apt-get update
apt-get clean
apt-get dist-upgrade -y

View File

@ -0,0 +1,82 @@
#!/bin/bash
#
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
set -eu
set -o pipefail
if [ -f ${TARGET_ROOT}/.extra_settings ] ; then
. ${TARGET_ROOT}/.extra_settings
fi
[ -n "$DISTRO_NAME" ]
[ -n "$DIB_RELEASE" ]
DIB_DEBOOTSTRAP_EXTRA_ARGS=${DIB_DEBOOTSTRAP_EXTRA_ARGS:-}
DEBOOTSTRAP_TARBALL=$DIB_IMAGE_CACHE/debootstrap-${DISTRO_NAME}-${DIB_RELEASE}-${ARCH}.tar.gz
DIB_DISTRIBUTION_MIRROR=${DIB_DISTRIBUTION_MIRROR:-http://archive.ubuntu.com/ubuntu}
http_proxy=${http_proxy:-}
set -x
if [ -n "$DIB_OFFLINE" -o -n "${DIB_DEBIAN_USE_DEBOOTSTRAP_CACHE:-}" ] && [ -f $DEBOOTSTRAP_TARBALL ] ; then
echo $DEBOOTSTRAP_TARBALL found in cache. Using.
sudo tar -C $TARGET_ROOT --numeric-owner -xzf $DEBOOTSTRAP_TARBALL
else
KEYRING_OPT=
if [ -n "${DIB_DEBIAN_KEYRING:-}" ] ; then
KEYRING_OPT="--keyring=${DIB_DEBIAN_KEYRING}"
fi
# Have to --include=python because of dib-run-parts
# Have to --include=sudo for pre-install.d use of sudoers files
sudo sh -c "http_proxy=$http_proxy debootstrap --verbose \
--variant=minbase \
--include=python,sudo \
--components=main,restricted,universe \
--arch=${ARCH} \
$KEYRING_OPT \
$DIB_DEBOOTSTRAP_EXTRA_ARGS \
$DIB_RELEASE \
$TARGET_ROOT \
$DIB_DISTRIBUTION_MIRROR \
${DIB_DEBIAN_DEBOOTSTRAP_SCRIPT:-}"
echo "Customizing result for cloud use"
sudo install -d -m 0755 -o root -g root ${TARGET_ROOT}/etc/sudoers.d
cat << EOF | sudo tee ${TARGET_ROOT}/etc/fstab > /dev/null
proc /proc proc nodev,noexec,nosuid 0 0
LABEL=${DIB_ROOT_LABEL} / ext4 errors=remount-ro 0 1
EOF
sudo sh -c "echo 'blacklist pcspkr' > ${TARGET_ROOT}/etc/modprobe.d/blacklist.conf"
# It would be eversogreat if we didn't need to do crap like this
sudo sh -c "echo 'ubuntu' > ${TARGET_ROOT}/etc/hostname"
# cloud images expect eth0 and eth1 to use dhcp.
sudo mkdir -p ${TARGET_ROOT}/etc/network/interfaces.d
for interface in eth0 eth1; do
cat << EOF | sudo tee ${TARGET_ROOT}/etc/network/interfaces.d/$interface
auto $interface
iface $interface inet dhcp
EOF
done
echo Caching debootstrap result in $DEBOOTSTRAP_TARBALL
sudo tar --numeric-owner -C $TARGET_ROOT -zcf $DEBOOTSTRAP_TARBALL --exclude='./tmp/*' .
fi
sudo rm -f ${TARGET_ROOT}/.extra_settings