Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:marcus.schaefer:EOS
suse-eos-vendorbuild
_service:obs_scm:config.sh
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:obs_scm:config.sh of Package suse-eos-vendorbuild
#!/bin/bash set -ex declare kiwi_profiles=${kiwi_profiles} source /etc/os-release #====================================== # World writable flakes #-------------------------------------- # This needs a better solution for rootless use, similar to podman chmod 777 /usr/share/flakes chmod 777 /var/lib/firecracker/images chmod 777 /var/lib/firecracker/storage #====================================== # Import Build Time Containers (RO) #-------------------------------------- for profile in ${kiwi_profiles//,/ }; do if [ ! "${profile}" = "Static" ]; then pushd /usr/share/suse-docker-images/native/ podman load -i basesystem.*.tar.xz rm -f basesystem.*.tar.xz popd break fi done #====================================== # Create timesync subdirs #-------------------------------------- mkdir -p /var/lib/systemd/timesync mkdir -p /var/lib/private/systemd/timesync #====================================== # Create container subdirs #-------------------------------------- mkdir -p /var/lib/containers/storage mkdir -p /var/cache/containers mkdir -p /var/lib/cni mkdir -p /etc/cni/net.d #====================================== # Link flakes to a writable location #-------------------------------------- mkdir -p /usr/share/flakes/bin echo "export PATH=\$PATH:/usr/share/flakes/bin" >> /etc/profile #====================================== # Move containers to read-only registry #-------------------------------------- # move containers to additionalimagestores [read-only] mv /var/lib/containers/storage /var/lib/containers/loaded #====================================== # Move flakes to read-write registry #-------------------------------------- mkdir -p /var/lib/containers/storage mv /usr/share/flakes /var/lib/containers/storage/ ln -s /var/lib/containers/storage/flakes /usr/share/flakes #====================================== # Relink kiwi boxes to RW #-------------------------------------- mkdir -p /var/lib/containers/storage/kiwi_boxes ln -s /var/lib/containers/storage/kiwi_boxes /root/.kiwi_boxes #====================================== # Move firecracker registry to rw #-------------------------------------- mkdir -p /var/lib/containers/storage/firecracker mv /var/lib/firecracker/ /var/lib/containers/storage/firecracker/ ln -s /var/lib/containers/storage/firecracker /var/lib/firecracker chmod 750 /var/lib/containers #====================================== # Import Build Time Containers (RW) #-------------------------------------- for profile in ${kiwi_profiles//,/ }; do if [ ! "${profile}" = "Static" ]; then pushd /usr/share/suse-docker-images/native/ for container in *.tar.xz ;do acceptable_name=$(echo "${container}" | cut -f1 -d.).tar.xz mv "${container}" "${acceptable_name}" podman load -i "${acceptable_name}" done popd break fi done #====================================== # Setup container policy #-------------------------------------- # disabled for the moment, allow from anywhere # cat >/etc/containers/policy.json <<- EOF # { # "default": [ # { # "type": "reject" # } # ], # "transports": { # "docker": { # "registry.opensuse.org": [ # { # "type": "insecureAcceptAnything" # } # ] # } # } # } # EOF #====================================== # Setup container storage config #-------------------------------------- cat >/etc/containers/storage.conf <<- EOF [storage] driver = "overlay" graphroot = "/var/lib/containers/storage" runroot = "/var/run/containers/storage" [storage.options] additionalimagestores = ['/var/lib/containers/loaded'] EOF #====================================== # Setup flakes.yml #-------------------------------------- cat >/etc/flakes.yml <<- EOF --- generic: flakes_dir: /usr/share/flakes podman_ids_dir: /var/lib/containers/storage/tmp/flakes firecracker_ids_dir: /var/lib/firecracker/storage/tmp/flakes EOF #====================================== # Setup default registry #-------------------------------------- cat >/etc/containers/registries.conf <<- EOF unqualified-search-registries=["registry.opensuse.org"] [[registry]] prefix = "registry.opensuse.org/ubuntu-apps" location = "registry.opensuse.org/home/marcus.schaefer/delta_containers/containers_ubuntu" [[registry]] prefix = "registry.opensuse.org/tw-apps" location = "registry.opensuse.org/home/marcus.schaefer/delta_containers/containers_tw" EOF arch=$(uname -m) #====================================== # Setup update config #-------------------------------------- dist=unknown if [ "${ID}" = "opensuse-tumbleweed" ];then dist=TW fi if [ "${ID}" = "opensuse-alp" ];then dist=ALP fi cat >/etc/os-update.yml <<- EOF --- update: pkey: /run/id_fleet server: ec2-user@ec2-3-125-193-126.eu-central-1.compute.amazonaws.com name: EOS.${arch}-${kiwi_profiles}-${dist} EOF #================================== # Create ssh host keys #---------------------------------- /usr/sbin/sshd-gen-keys-start #================================== # Delete stuff we don't need #---------------------------------- rm -f /etc/containers/registries.d/default.yaml rm -f /etc/containers/mounts.conf rm -f /usr/share/containers/mounts.conf #================================== # Turn grub-mkconfig into a noop #---------------------------------- # We have to provide a static version of the grub config # because at the time of the grub2-mkconfig call the # system is read-only cp /usr/bin/true /usr/sbin/grub2-mkconfig #================================== # Mask services due to RO system #---------------------------------- for service in \ systemd-rfkill.service \ systemd-rfkill.socket \ logrotate.service \ logrotate.timer do systemctl mask "${service}" done #====================================== # Setup services #-------------------------------------- for service in \ sshd \ registry-rw \ registry_resize \ systemd-networkd \ systemd-resolved do systemctl enable "${service}" done #====================================== # Setup grub #-------------------------------------- mv "/boot/grub2/grub.cfg.${kiwi_profiles}.${arch}" /boot/grub2/grub.cfg # delete unused grub templates rm -f /boot/grub2/grub.cfg.* #====================================== # Setup Profile Specific #-------------------------------------- for profile in ${kiwi_profiles//,/ }; do # RPI if [ "${profile}" = "RPI" ] || [ "${profile}" = "RPI5" ]; then # RPI required services systemctl enable systemd-timesyncd systemctl enable update_commit fi # AB if [ "${profile}" = "AB" ]; then # AB required services systemctl enable systemd-timesyncd systemctl enable update_commit fi # Static if [ "${profile}" = "Static" ]; then # Static required services systemctl enable systemd-timesyncd fi # EC2 if [ "${profile}" = "EC2" ]; then # Cloud required services for service in \ chronyd \ cloud-init-local \ cloud-init \ cloud-config \ cloud-final \ amazon-ssm-agent \ update_commit do systemctl enable "${service}" done # Create flake-ctl alias to run via sudo echo "alias flake-ctl='sudo flake-ctl'" > /home/ec2-user/.alias # Disable password based login via ssh ssh_conf=/etc/ssh/sshd_config if [ ! -e "${ssh_conf}" ];then ssh_conf=/usr/etc/ssh/sshd_config fi sed -i 's/#ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' "${ssh_conf}" sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' "${ssh_conf}" # Remove the password for root sed -i 's/^root:[^:]*:/root:*:/' /etc/shadow # Allow root access on serial console grep -E -q '^ttyS0$' /etc/securetty || echo ttyS0 >> /etc/securetty # Set up time server echo "server 169.254.169.123 iburst" >> /etc/chrony.conf fi done # The following should not be needed... # make sure to create systemd-network user # For some reason the user was missing on the aarch64 ALP image build # The call is taken from the systemd spec file and can be # deleted once the packaging got fixed /usr/bin/systemd-sysusers systemd-network.conf # make sure to create systemd-resolve user # For some reason the user was missing on the aarch64 ALP image build # The call is taken from the systemd spec file and can be # deleted once the packaging got fixed /usr/bin/systemd-sysusers systemd-resolve.conf
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor