PoC: alma8 all in packer

Makefile

@@ -11,101 +11,24 @@ include Makefile.config
 #------------------------------------------------------------------------------
 # All, alliases
 #------------------------------------------------------------------------------
-all: $(patsubst %, distros-%, $(DISTROS)) $(patsubst %, services-%, $(SERVICES))
+all: $(patsubst %, packer-%, $(DISTROS)) $(patsubst %, services-%, $(SERVICES))
 	@:
 
 # allow individual distribution targets (e.g., "make debian11")
-$(DISTROS):  %: distros-% ;
+$(DISTROS):  %: packer-% ;
 $(SERVICES): %: services-% ;
 
-# pattern rule for dependencies
-distros-%: download-% installer-% customize-%
-	@${INFO} "All done for ${*}"
-
-services-%: svc-installer-% customize-%
-	@:
-
-#------------------------------------------------------------------------------
-# Download
-#  - validate target is in $DISTRO list + SHA256|512_$DISTRO is defined
-#  - download to build/01_base/$DISTRO use .img suffix (coudld be iso, qcow2)
-#  - verify sha256/sha512 checksum
-#------------------------------------------------------------------------------
-download: $(patsubst %, download-%, $(DISTROS))
-
-download-%: validate-% ${DIR_BASE}/%.img
-	@${INFO} "Download ${*} done"
-
-validate-%:
-	@if [[ ! "$(DISTROS)" == *"${*}"* ]]; then \
-		${ERROR} "Unknown distro ${*}"; \
-	fi
-	@if [[ -z "${SHA256_${*}}" ]] && [[ -z "${SHA512_${*}}"  ]]; then \
-		${ERROR} "Undefined checksum for ${*}, add SHA256_${*} or SHA512_${*} var to Makefile.distros"; \
-	fi
-
-${DIR_BASE}/%.img:
-	@${INFO} "Starting $* download"
-	curl -sS -L -f -o "$@" "${URL_${*}}"
-	@if [[ -n "${SHA256_${*}}" ]]; then \
-		echo "${SHA256_${*}}  ${DIR_BASE}/$*.img" > ${DIR_BASE}/$*.img.sha256; \
-		if ! sha256sum -c ${DIR_BASE}/$*.img.sha256; then \
-	        ${ERROR} "${*} sha256ssum WRONG, delete ${DIR_BASE}/$*.img or update the checksum"; \
-		fi \
-	elif [[ -n "${SHA512_${*}}" ]]; then \
-		echo "${SHA512_${*}}  ${DIR_BASE}/$*.img" > ${DIR_BASE}/$*.img.sha512; \
-		if ! sha512sum -c ${DIR_BASE}/$*.img.sha512; then \
-	        ${ERROR} "${*} sha512sum WRONG, delete ${DIR_BASE}/$*.img or update the checksum"; \
-		fi \
-	fi
-
-#------------------------------------------------------------------------------
-# Install (optional)
-# - run distro installer if cloud/virt image is not available
-# - execute packer/$DISTRO/run.sh which runs packet
-# - or packer/skip.sh to only create target symlink to base image
-#------------------------------------------------------------------------------
-installer: $(patsubst %, installer-%, $(DISTROS))
-
-installer-%: ${DIR_INSTALL}/%.qcow2
-	@${INFO} "Installer ${*} done"
-
-${DIR_INSTALL}/%.qcow2: ${DIR_BASE}/%.img
-	@${INFO} "Starting ${*} installer"
-	@if [ -f "packer/${*}/run.sh" ]; then \
-		packer/${*}/run.sh ${*} ${@}; \
-	else \
-		packer/skip.sh ${*}; \
-	fi
-
-#------------------------------------------------------------------------------
-# Customize
-# - execute customize/$DISTRO/run.sh which:
-#   - run guestfish customzation scripts
-#   - TODO: sysprep
-#   - TODO: sparsify
-#   - export final image
-#------------------------------------------------------------------------------
-customize: $(patsubst %, customize-%, $(DISTROS))
-
-customize-%: context-linux ${DIR_EXPORT}/%-${VERSION}-${RELEASE}.qcow2
-	@${INFO} "Customize $* done"
-
-${DIR_EXPORT}/%-${VERSION}-${RELEASE}.qcow2: ${DIR_INSTALL}/%.qcow2
-	@${INFO} "Starting $* customization"
-	@guestfish/run.sh ${*} ${@}
-
 #------------------------------------------------------------------------------
-# Services
+# Packer stage
+# - run packer template for given distro
 #------------------------------------------------------------------------------
-svc-installer-%: ${DIR_INSTALL}/%.qcow2
-	@${INFO} "Installer ${*} done"
+packer: $(patsubst %, packer-%, $(DISTROS))
 
-${DIR_INSTALL}/service_OneKE.qcow2: ${DIR_BASE}/ubuntu2204.img
-	packer/service_OneKE/run.sh ${@}
+packer-%: ${DIR_EXPORT}/%-${VERSION}-${RELEASE}.qcow2
+	@${INFO} "Packer ${*} done"
 
-${DIR_INSTALL}/service_wordpress.qcow2: ${DIR_BASE}/alma9.img
-	packer/service_wordpress/run.sh ${@}
+${DIR_EXPORT}/%-${VERSION}-${RELEASE}.qcow2:
+	packer/run.sh ${*} ${@}
 
 #------------------------------------------------------------------------------
 # clean
@@ -136,13 +59,8 @@ help:
 	@echo
 	@echo 'Usage examples:'
 	@echo '  make                    -- build all distros'
-	@echo '  make download           -- download all base images'
-	@echo '  make installer          -- run installer (unnecessary for some)'
-	@echo '  make customize          -- run customization (install context etc)'
 	@echo
 	@echo '  make <distro>           -- build just one distro'
-	@echo '  make download-<distro>  -- download just one'
-	@echo '  make installer-<distro> -- download just one'
-	@echo '  make customize-<distro> -- download just one'
 	@echo '  make context-linux      -- build context linux packages'
+	@echo '  make context-windows    -- TODO
 

Makefile.config

@@ -5,29 +5,25 @@ RELEASE ?= 1
 # log
 VERBOSE            ?= 1
 PACKER_LOG         ?= 1
+PACKER_HEADLESS    ?= false
 LIBGUESTFS_DEBUG   ?= 1
 LIBGUESTFS_TRACE   ?= 0
 LIBGUESTFS_MEMSIZE ?= 3072
 TTY                ?= $(shell tty)
 
 # default directories
-DIR_BUILD     ?= build
-DIR_BASE      ?= $(DIR_BUILD)/01_base
-DIR_INSTALL   ?= $(DIR_BUILD)/02_installer
-DIR_EXPORT    ?= $(DIR_BUILD)/03_export
-DIR_PACKER    ?= $(DIR_BUILD)/_packer
+DIR_BUILD          ?= build
+DIR_PACKER         ?= $(DIR_BUILD)/packer
+DIR_CLOUDINIT      ?= $(DIR_BUILD)/cloud-init
+DIR_EXPORT         ?= export
 
 # create them if not present
-$(shell mkdir -p ${DIR_BASE} ${DIR_INSTALL})
+$(shell mkdir -p ${DIR_BUILD} ${DIR_PACKER} ${DIR_CLOUDINIT} ${DIR_EXPORT})
 
-# # don't delete downloaded or installed images
-.SECONDARY: $(patsubst %, $(DIR_BASE)/%.img, $(DISTROS))
-.SECONDARY: $(patsubst %, $(DIR_INSTALL)/%.qcow2, $(DISTROS))
 .SECONDARY: $(patsubst %, $(DIR_EXPORT)/%-$(VERSION)-$(RELEASE).qcow2, $(DISTROS))
-.SECONDARY: $(patsubst %, $(DIR_INSTALL)/%.qcow2, $(SERVICES))
-.SECONDARY: $(patsubst %, $(DIR_EXPORT)/%-$(VERSION)-$(RELEASE).qcow2, $(SERVICES))
+.SECONDARY: $(patsubst %, $(DIR_EXPORT)/%.qcow2, $(DISTROS))
 
-.PHONY: context-linux download installer customize help
+.PHONY: context-linux packer help
 
 # this needs to match context-linux/generate-all.sh products
 LINUX_CONTEXT_PACKAGES := one-context_${VERSION}-${RELEASE}.deb \
@@ -61,4 +57,3 @@ ERROR=sh -c 'echo [ERROR] $$1; exit 1;' ERROR
 
 # export all variables
 export
-

packer/alma8/10-upgrade-distro.sh

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+
+# (Auto)Removes unneeded packages and upgrades
+# the distro.
+
+exec 1>&2
+set -o errexit -o nounset -o pipefail
+set -x
+
+dnf install -y epel-release
+
+dnf update -y --skip-broken
+
+# Ensure packages needed for post-processing scripts do exist.
+dnf install -y curl gawk grep jq sed
+
+sync

packer/alma8/11-update-grub.sh

@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+
+# Sets kernel command line (net.ifnames=0 is particularily important),
+# then updates initramfs/initrd and grub2.
+
+exec 1>&2
+set -o errexit -o nounset -o pipefail
+set -x
+
+rm -rf /etc/default/grub.d/
+
+# Drop unwanted.
+
+gawk -i inplace -f- /etc/default/grub <<'EOF'
+/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<quiet\>/, "") }
+/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<splash\>/, "") }
+/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<console=ttyS[^ ]*\>/, "") }
+/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<earlyprintk=ttyS[^ ]*\>/, "") }
+/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<crashkernel=[^ ]*\>/, "crashkernel=no") }
+{ print }
+EOF
+
+# Ensure required.
+
+gawk -i inplace -f- /etc/default/grub <<'EOF'
+/^GRUB_CMDLINE_LINUX=/ { found = 1 }
+/^GRUB_CMDLINE_LINUX=/ && !/net.ifnames=0/ { gsub(/"$/, " net.ifnames=0\"") }
+/^GRUB_CMDLINE_LINUX=/ && !/biosdevname=0/ { gsub(/"$/, " biosdevname=0\"") }
+{ print }
+END { if (!found) print "GRUB_CMDLINE_LINUX=\" net.ifnames=0 biosdevname=0\"" >> FILENAME }
+EOF
+
+gawk -i inplace -f- /etc/default/grub <<'EOF'
+BEGIN { update = "GRUB_TIMEOUT=0" }
+/^GRUB_TIMEOUT=/ { $0 = update; found = 1 }
+{ print }
+END { if (!found) print update >> FILENAME }
+EOF
+
+# Cleanup.
+
+gawk -i inplace -f- /etc/default/grub <<'EOF'
+{ gsub(/(" *| *")/, "\""); gsub(/  */, " ") }
+{ print }
+EOF
+
+dnf install -y dracut-config-generic dracut-network
+
+INITRAMFS_IMG=$(find /boot/ -maxdepth 1 -name 'initramfs-*.img' ! -name '*rescue*' ! -name '*kdump*' | sort -V | tail -1)
+INITRAMFS_VER=$(sed -e 's/^.*initramfs-//' -e 's/\.img$//' <<< "$INITRAMFS_IMG")
+dracut --force "$INITRAMFS_IMG" "$INITRAMFS_VER"
+
+grub2-mkconfig -o /boot/grub2/grub.cfg
+
+sync

packer/alma8/80-install-context.sh

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+# Downloads and installs the latest one-context package.
+
+: "${CTX_SUFFIX:=.el8.noarch.rpm}"
+
+exec 1>&2
+set -o errexit -o nounset -o pipefail
+set -x
+
+if ! stat /context/one-context*$CTX_SUFFIX; then (
+    install -d /context/ && cd /context/
+    curl -fsSL https://api.github.com/repos/OpenNebula/addon-context-linux/releases \
+    | jq -r ".[0].assets[].browser_download_url | select(endswith(\"$CTX_SUFFIX\"))" \
+    | xargs -r -n1 curl -fsSLO
+) fi
+
+dnf install -y /context/one-context*$CTX_SUFFIX haveged open-vm-tools
+
+systemctl enable haveged
+
+# >>> Apply only on one-context >= 6.1 >>>
+if ! rpm -q --queryformat '%{VERSION}' one-context | grep -E '^([1-5]\.|6\.0\.)'; then
+    dnf install -y --setopt=install_weak_deps=False NetworkManager systemd-networkd
+fi
+# <<< Apply only on one-context >= 6.1 <<<
+
+sync

packer/alma8/81-configure-ssh.sh

@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+
+# Configures critical settings for OpenSSH server.
+
+exec 1>&2
+set -o errexit -o nounset -o pipefail
+set -x
+
+gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
+BEGIN { update = "PasswordAuthentication no" }
+/^[#\s]*PasswordAuthentication\s*/ { $0 = update; found = 1 }
+{ print }
+END { if (!found) print update >> FILENAME }
+EOF
+
+gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
+BEGIN { update = "PermitRootLogin without-password" }
+/^[#\s]*PermitRootLogin\s*/ { $0 = update; found = 1 }
+{ print }
+END { if (!found) print update >> FILENAME }
+EOF
+
+gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
+BEGIN { update = "UseDNS no" }
+/^[#\s]*UseDNS\s*/ { $0 = update; found = 1 }
+{ print }
+END { if (!found) print update >> FILENAME }
+EOF
+
+sync

packer/alma8/98-collect-garbage.sh

@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+# Cleans DNF caches, removes temporary files / logs,
+# removes leftover / temporary unneeded packages.
+
+exec 1>&2
+set -o errexit -o nounset -o pipefail
+set -x
+
+kdump="kdump.service"
+systemctl list-units --full -all | grep -Fq "$kdump" && systemctl disable "$kdump"
+
+# Remove old kernels.
+dnf remove -y $(dnf repoquery --installonly --latest-limit=-1 -q)
+
+dnf remove -y fwupd linux-firmware
+
+dnf clean -y all
+
+rm -rf /boot/*-rescue-*
+rm -rf /context/
+
+sync