Overview

File config.sh of Package suse-AGL

#!/bin/bash

set -ex

declare kiwi_profiles=${kiwi_profiles}

arch=$(uname -m)

#======================================
# Setup default registry
#--------------------------------------
cat >/etc/containers/registries.conf <<- EOF
unqualified-search-registries=["registry.opensuse.org"]

[[registry]]
prefix = "registry.opensuse.org/ageda-apps"
location = "registry.opensuse.org/home/marcus.schaefer/ageda/containers_alp"
EOF

#======================================
# Import Build Time Containers (RO)
#--------------------------------------
for profile in ${kiwi_profiles//,/ }; do
    pushd /usr/share/suse-docker-images/native/
    podman load -i basesystem.*.tar.xz
    rm -f basesystem.*.tar.xz
    popd
    break
done

#======================================
# Create timesync subdirs
#--------------------------------------
mkdir -p /var/lib/systemd/timesync
mkdir -p /var/lib/private/systemd/timesync

#======================================
# Create container subdirs
#--------------------------------------
mkdir -p /var/lib/containers/storage
mkdir -p /var/cache/containers
mkdir -p /var/lib/cni
mkdir -p /etc/cni/net.d

#======================================
# Link flakes to a writable location
#--------------------------------------
mkdir -p /usr/share/flakes/bin
echo "export PATH=\$PATH:/usr/share/flakes/bin" >> /etc/profile

#======================================
# Move containers to read-only registry
#--------------------------------------
# move containers to additionalimagestores [read-only]
mv /var/lib/containers/storage /var/lib/containers/loaded

#======================================
# Move flakes to read-write registry
#--------------------------------------
mkdir -p /var/lib/containers/storage
mv /usr/share/flakes /var/lib/containers/storage/
ln -s /var/lib/containers/storage/flakes /usr/share/flakes

#======================================
# Move firecracker registry to rw
#--------------------------------------
mkdir -p /var/lib/containers/storage/firecracker
mv /var/lib/firecracker/ /var/lib/containers/storage/firecracker/
ln -s /var/lib/containers/storage/firecracker /var/lib/firecracker

chmod 750 /var/lib/containers

#======================================
# Import Build Time Containers (RW)
#--------------------------------------
for profile in ${kiwi_profiles//,/ }; do
    pushd /usr/share/suse-docker-images/native/
    for container in *.tar.xz ;do
        acceptable_name=$(echo "${container}" | cut -f1 -d.).tar.xz
        mv "${container}" "${acceptable_name}"
        podman load -i "${acceptable_name}"
        rm -f "${acceptable_name}"
    done
    popd
    break
done

#======================================
# Setup container policy
#--------------------------------------
cat >/etc/containers/policy.json <<- EOF
{
    "default": [
        {
            "type": "reject"
        }
    ],
    "transports": {
        "docker": {
            "registry.opensuse.org": [
                {
                    "type": "insecureAcceptAnything"
                }
            ]
        }
    }
}
EOF

#======================================
# Setup container storage config
#--------------------------------------
cat >/etc/containers/storage.conf <<- EOF
[storage]
driver = "overlay"
graphroot = "/var/lib/containers/storage"
runroot = "/var/run/containers/storage"
[storage.options]
additionalimagestores = ['/var/lib/containers/loaded']
EOF

#======================================
# Setup flakes.yml
#--------------------------------------
cat >/etc/flakes.yml <<- EOF
---
generic:
  flakes_dir: /usr/share/flakes
  podman_ids_dir: /var/lib/containers/storage/tmp/flakes
  firecracker_ids_dir: /var/lib/firecracker/storage/tmp/flakes
EOF

#======================================
# Setup update config
#--------------------------------------
cat >/etc/os-update.yml <<- EOF
---
update:
  pkey: /run/id_fleet
  server: ec2-user@ec2-3-124-29-196.eu-central-1.compute.amazonaws.com
  name: suse-AGL.${arch}-${kiwi_profiles}-ALP
EOF

#==================================
# Create ssh host keys
#----------------------------------
/usr/sbin/sshd-gen-keys-start

#======================================
# Configure firewall
#--------------------------------------
firewall-offline-cmd --add-service cockpit
# web-ui
firewall-offline-cmd --zone=public --add-port=5000/tcp
# kuksa
firewall-offline-cmd --zone=public --add-port=8090/tcp
firewall-offline-cmd --zone=public --add-port=50051/tcp

#==================================
# qxl graphics are used in qemu
#----------------------------------
# This requires allow_unsupported_modules for loading
# the qxl guest driver. Otherwise the app is not able
# to switch to the required resolution
cat >/etc/modprobe.d/10-unsupported-modules.conf <<-EOF
allow_unsupported_modules 1
EOF

#======================================
# User sharing for Compositor container
#--------------------------------------
cat >/usr/bin/agl-user <<-EOF
#!/bin/bash
mkdir -p /run/user/"\$(id -u agl-driver)"
chown "\$(id -u agl-driver):\$(id -g agl-driver)" /run/user/"\$(id -u agl-driver)"
EOF
chmod 755 /usr/bin/agl-user
cat >/usr/bin/agl-cluster-dashboard-ready-for-startup <<-EOF
#!/bin/bash
podman rm --force cluster_demo
while true;do
test -e /run/user/"\$(id -u agl-driver)"/wayland-0 && exit 0
echo "Waiting for wayland socket to appear..."
sleep 1
done
EOF
chmod 755 /usr/bin/agl-cluster-dashboard-ready-for-startup

#==================================
# Delete stuff we don't need
#----------------------------------
rm -f /etc/containers/registries.d/default.yaml
rm -f /etc/containers/mounts.conf
rm -f /usr/share/containers/mounts.conf
rm -f /boot/vmlinux*
rm -f /boot/config*
rm -rf /usr/share/misc/*
rm -rf /usr/share/licenses
rm -f /boot/System.map*
rm -f /boot/symvers*
rm -f /boot/sysctl.conf*
rm -rf /usr/src/packages
find /usr/lib64/gconv/* ! -path "*ISO8859-1.so" -delete

#==================================
# Turn grub-mkconfig into a noop
#----------------------------------
# We have to provide a static version of the grub config
# because at the time of the grub2-mkconfig call the
# system is read-only
cp /usr/bin/true /usr/sbin/grub2-mkconfig

#==================================
# Mask services due to RO system
#----------------------------------
for service in \
    systemd-rfkill.service \
    systemd-rfkill.socket \
    logrotate.service \
    logrotate.timer
do
    systemctl mask "${service}"
done

#======================================
# Register KUKSA start/stop
#--------------------------------------
cat >/usr/lib/systemd/system/kuksa-server.service <<-EOF
[Unit]
Description=KUKSA Server
After=network-online.target registry_resize.service
Requires=network-online.target registry_resize.service

[Service]
ExecStartPre=podman rm --force kuksa_server
ExecStart=/usr/share/flakes/bin/kuksa-server
ExecStop=podman rm --force kuksa_server
StandardOutput=journal
StandardError=journal
Restart=on-failure

[Install]
WantedBy=graphical.target
EOF

#======================================
# Register KUKSA Web App start/stop
#--------------------------------------
cat >/usr/lib/systemd/system/kuksa-feeder.service <<-EOF
[Unit]
Description=KUKSA Server
Requires=kuksa-server.service network-online.target registry_resize.service
After=kuksa-server.service network-online.target registry_resize.service

[Service]
ExecStartPre=podman rm --force kuksa_feeder
ExecStart=/usr/share/flakes/bin/kuksa-feeder
ExecStop=podman rm --force kuksa_feeder
StandardOutput=journal
StandardError=journal
Restart=on-failure

[Install]
WantedBy=graphical.target
EOF

#======================================
# Register Traffic Sign start/stop
#--------------------------------------
cat >/usr/lib/systemd/system/traffic-sign.service <<-EOF
[Unit]
Description=Traffic Sign Detection
After=network-online.target registry_resize.service
Requires=network-online.target registry_resize.service

[Service]
ExecStartPre=podman rm --force traffic_sign
ExecStart=/usr/share/flakes/bin/classify --speed-to-kuksa webcam
ExecStop=podman rm --force traffic_sign
StandardOutput=journal
StandardError=journal

[Install]
WantedBy=graphical.target
EOF

#======================================
# Register AGL user session start/stop
#--------------------------------------
cat >/usr/lib/systemd/system/agl-user-session.service <<-EOF
[Unit]
Description=Prepare AGL user session
Before=graphical.target
Requires=registry_resize.service
After=registry_resize.service

[Service]
ExecStart=/usr/bin/agl-user
StandardOutput=journal
StandardError=journal
RemainAfterExit=true
Type=oneshot

[Install]
WantedBy=graphical.target
EOF

#======================================
# Register AGL Compositor start/stop
#--------------------------------------
cat >/usr/lib/systemd/system/agl-user-compositor.service <<-EOF
[Unit]
Description=OCI Container Compositor
Requires=agl-user-session.service network-online.target registry_resize.service
After=registry_resize.service network-online.target agl-user-session.service

[Service]
ExecStartPre=podman rm --force compositor
ExecStart=/usr/share/flakes/bin/agl-user-compositor
ExecStop=podman rm --force compositor
StandardOutput=journal
StandardError=journal
Restart=on-failure

[Install]
WantedBy=graphical.target
EOF

#======================================
# Register AGL Dashboard start/stop
#--------------------------------------
cat >/usr/lib/systemd/system/agl-cluster-dashboard.service <<-EOF
[Unit]
Description=OCI Container Cluster-Dashboard
Requires=agl-user-compositor.service
After=kuksa-server.service agl-user-compositor.service

[Service]
ExecStartPre=/usr/bin/agl-cluster-dashboard-ready-for-startup
ExecStart=/usr/share/flakes/bin/agl-cluster-dashboard
ExecStop=podman rm --force cluster_demo
StandardOutput=journal
StandardError=journal
Restart=on-failure

[Install]
WantedBy=graphical.target
EOF

#======================================
# Setup services
#--------------------------------------
for service in \
    sshd \
    registry-rw \
    registry_resize \
    systemd-networkd \
    systemd-resolved \
    systemd-timesyncd \
    update_commit \
    firewalld \
    agl-user-session \
    agl-user-compositor \
    agl-cluster-dashboard \
    kuksa-server \
    kuksa-feeder \
    traffic-sign
do
    systemctl enable "${service}"
done

#======================================
# Setup Profile Specific
#--------------------------------------
for profile in ${kiwi_profiles//,/ }; do
    # RPI
    if [ "${profile}" = "RPI" ]; then
        # activate grub template
        mv "/boot/grub2/grub.cfg.RPI.${arch}" /boot/grub2/grub.cfg
        # reduce the kernel and save some space
        if [ "${profile}" = "RPI" ];then
            find /lib/modules/*/kernel/drivers/net/ethernet/* -type f ! -path "*broadcom*" -delete
        fi
    fi

    if [ "${profile}" = "Standard" ]; then
        # activate grub template
        mv "/boot/grub2/grub.cfg.AB.${arch}" /boot/grub2/grub.cfg
    fi
done

# delete unused grub templates
rm -f /boot/grub2/grub.cfg.*

# The following should not be needed...

# make sure to create systemd-network user
# For some reason the user was missing on the aarch64 ALP image build
# The call is taken from the systemd spec file and can be
# deleted once the packaging got fixed
/usr/bin/systemd-sysusers systemd-network.conf

# make sure to create systemd-resolve user
# For some reason the user was missing on the aarch64 ALP image build
# The call is taken from the systemd spec file and can be
# deleted once the packaging got fixed
/usr/bin/systemd-sysusers systemd-resolve.conf
openSUSE Build Service is sponsored by
Places