From 7e1bb7483189d078d7e4539c73f797b5f6c079ca Mon Sep 17 00:00:00 2001 From: Charalampos Kominos Date: Fri, 12 Jul 2024 15:08:32 +0200 Subject: [PATCH] feat: Add new autoupdates element This patch proposes a new element which creates a mechanism for the image to have automatic updates enabled from the first boot. A custom config file, is expected during build time, which is injected into the image. Change-Id: Ib4c7513db4e00d592447fda1b1d0ed2bc649e1cf Signed-off-by: Charalampos Kominos --- .../elements/autoupdates/README.rst | 23 +++++++++++ .../elements/autoupdates/element-deps | 2 + .../autoupdates/package-installs.yaml | 2 + .../elements/autoupdates/pkg-map | 18 +++++++++ .../post-install.d/82-enable-autoupdate | 35 +++++++++++++++++ .../root.d/61-create-update-config | 38 +++++++++++++++++++ ...-autoupdates-element-8225a5d8b19cec74.yaml | 11 ++++++ 7 files changed, 129 insertions(+) create mode 100644 diskimage_builder/elements/autoupdates/README.rst create mode 100644 diskimage_builder/elements/autoupdates/element-deps create mode 100644 diskimage_builder/elements/autoupdates/package-installs.yaml create mode 100644 diskimage_builder/elements/autoupdates/pkg-map create mode 100755 diskimage_builder/elements/autoupdates/post-install.d/82-enable-autoupdate create mode 100755 diskimage_builder/elements/autoupdates/root.d/61-create-update-config create mode 100644 releasenotes/notes/add-autoupdates-element-8225a5d8b19cec74.yaml diff --git a/diskimage_builder/elements/autoupdates/README.rst b/diskimage_builder/elements/autoupdates/README.rst new file mode 100644 index 000000000..5a2e98404 --- /dev/null +++ b/diskimage_builder/elements/autoupdates/README.rst @@ -0,0 +1,23 @@ +=========== +autoupdates +=========== + +This element will configure both debian family and redhat family images to have an automatic updates mechanism built into the image, for example to update automatically from the security repos. +For Debian based images it is based on unuattended-upgrades and for Redhat on dnf-automatic. + +Environment Variables +--------------------- + +DIB_DEB_UPDATES_CONF + :Required: Yes for the Debian Family + :Default: None + :Description: The location of a custom 50unattended-upgrades file on the builder which will be injected into the image. + :Example: ``DIB_DEB_UPDATES_CONF=/home/50unattended-upgrades`` + +DIB_YUM_UPDATES_CONF + :Required: Yes for the Redhat Family + :Default: None + :Description: The location of a custom automatic.conf file on the builder which will be injected into the image. + :Example: ``DIB_YUM_UPDATES_CONF=/home/automatic.conf`` + +.. element_deps:: diff --git a/diskimage_builder/elements/autoupdates/element-deps b/diskimage_builder/elements/autoupdates/element-deps new file mode 100644 index 000000000..73015c249 --- /dev/null +++ b/diskimage_builder/elements/autoupdates/element-deps @@ -0,0 +1,2 @@ +package-installs +pkg-map diff --git a/diskimage_builder/elements/autoupdates/package-installs.yaml b/diskimage_builder/elements/autoupdates/package-installs.yaml new file mode 100644 index 000000000..4f933de1d --- /dev/null +++ b/diskimage_builder/elements/autoupdates/package-installs.yaml @@ -0,0 +1,2 @@ +autoupdates: + phase: install.d diff --git a/diskimage_builder/elements/autoupdates/pkg-map b/diskimage_builder/elements/autoupdates/pkg-map new file mode 100644 index 000000000..662b3408e --- /dev/null +++ b/diskimage_builder/elements/autoupdates/pkg-map @@ -0,0 +1,18 @@ +{ + "family":{ + "redhat": { + "autoupdates": "dnf-automatic" + }, + "debian":{ + "autoupdates": "unattended-upgrades" + }, + "suse": { + "autoupdates": "" + }, + "gentoo": { + "autoupdates": "" + } + } +} + + diff --git a/diskimage_builder/elements/autoupdates/post-install.d/82-enable-autoupdate b/diskimage_builder/elements/autoupdates/post-install.d/82-enable-autoupdate new file mode 100755 index 000000000..41a394b88 --- /dev/null +++ b/diskimage_builder/elements/autoupdates/post-install.d/82-enable-autoupdate @@ -0,0 +1,35 @@ +#!/bin/bash +# Copyright (c) 2024 ECMWF +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# +# See the License for the specific language governing permissions and +# limitations under the License. + +if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then + set -x +fi +set -eu +set -o pipefail + +case "$DIB_INIT_SYSTEM" in + systemd) + if [[ $DISTRO_NAME =~ (ubuntu|debian)$ ]]; then + systemctl enable unattended-upgrades.service + elif [[ $DISTRO_NAME =~ (centos|rocky|rhel|openeuler)$ ]]; then + systemctl enable dnf-automatic.timer + else + echo "The 'autoupdates' element does not support this distribution." + echo "Exiting" + exit 1 + fi +esac diff --git a/diskimage_builder/elements/autoupdates/root.d/61-create-update-config b/diskimage_builder/elements/autoupdates/root.d/61-create-update-config new file mode 100755 index 000000000..3bf8d15bf --- /dev/null +++ b/diskimage_builder/elements/autoupdates/root.d/61-create-update-config @@ -0,0 +1,38 @@ +#!/bin/bash +# Copyright (c) 2024 ECMWF +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# +# See the License for the specific language governing permissions and +# limitations under the License. + +if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then + set -x +fi +set -eu +set -o pipefail + +# Check that only one of DIB_DEB_UPDATES_CONF or DIB_YUM_UPDATES_CONF is set + +if [[ -n ${DIB_DEB_UPDATES_CONF:-} && -n ${DIB_YUM_UPDATES_CONF:-} ]]; then + echo "Error: Both DIB_DEB_UPDATES_CONF and DIB_YUM_UPDATES_CONF are set. Please select only one based on the distro." >&2 + exit 1 +elif [[ -z ${DIB_DEB_UPDATES_CONF:-} && -z ${DIB_YUM_UPDATES_CONF:-} ]]; then + echo "Warning: Neither DIB_DEB_UPDATES_CONF nor DIB_YUM_UPDATES_CONF is set. Continuing without adding a config file." >&2 +fi + +# Copy the appropriate configuration file if one is set +if [[ -n ${DIB_DEB_UPDATES_CONF:-} ]]; then + sudo cp ${DIB_DEB_UPDATES_CONF} $TARGET_ROOT/etc/apt/apt.conf.d/50unattended-upgrades +elif [[ -n ${DIB_YUM_UPDATES_CONF:-} ]]; then + sudo cp ${DIB_YUM_UPDATES_CONF} $TARGET_ROOT/etc/dnf/automatic.conf +fi diff --git a/releasenotes/notes/add-autoupdates-element-8225a5d8b19cec74.yaml b/releasenotes/notes/add-autoupdates-element-8225a5d8b19cec74.yaml new file mode 100644 index 000000000..9d75840fb --- /dev/null +++ b/releasenotes/notes/add-autoupdates-element-8225a5d8b19cec74.yaml @@ -0,0 +1,11 @@ +--- +features: + - | + A new element ``autoupdates`` is added to DIB. This element, with proper + configuration, will enable and configure cloud images to have a system that + automatically updates the image, from the upstream binaries. To this end, + ``DIB_DEB_UPDATES_CONF`` or ``DIB_YUM_UPDATES_CONF`` must be set during build time. +other: + - | + The ``autoupdates`` element has only been tested in Rocky and Ubuntu images. + In addition, the element does not check the validity of the configuration files in any way.